I’ll admit it. I am old enough to be a privacy dinosaur. Having started my computer education back in the Pentagon, I still recall all of the times that I requested information and was told that I couldn’t have it because I didn’t have the requisite “need to know”. It’s hard for me to reconcile the trend nowadays that everyone on the planet has the need (if not the obligation) to know absolutely everything, no matter how trivial or minute, about everyone else. This trend is pretty unsettling for those of us older than twenty-five, but let’s get used to it.
You may remember when you were a kid that your mother may have told you “Sticks and stones may break your bones, but words can never hurt you.” The point being that mere words can’t do any real damage to you. I guess you were supposed to remember to “duck” for the more physical threats. (What was wrong with our parents telling us these maxims, anyway?) Well, the world has changed. A lot. Words can cause serious and lasting damage, worse than a bruise, which will heal relatively fast. Think no further than Mitt Romney’s “47%” off-the-record video recorded by Scott Prouty, how fast it went viral and was materially responsible for derailing Romney’s run for President.
Something that has not changed over the years is (1) the fact that there is, in this country, no constitutional right to privacy (although half the U.S. citizens, when polled, believe that it is so written, probably in the U.S. Constitution) and that (2) in the interest of self-preservation, our Congress tends not to pass laws that have a chilling effect on re-election fund raising, and this includes restrictions on those companies whose inventory is data about the comings and goings of the citizens.
A little philosophy: Mark Zukerberg’s statement about “privacy no longer being a social norm” and Scott McNealy’s comment that “citizens have zero privacy anyway” has turned out to be a self-fulfilling prophecy. Google readily admits that it’s 435 million users shouldn’t expect that their e-mail communications are confidential, as Google scans each e-mail sent from non-Google accounts for “marketing purposes”. One must have a reasonable expectation of privacy to bestow such protection, and the plethora of cell phones, social networking sites, text messaging, YouTube videos and cameras virtually everywhere dictate that there really is no right to privacy almost anywhere. In fact, with the exception of the development of citified environments (and therefore the anonymity bestowed by crowds) in the mid-twentieth century, there really hasn’t ever been much expectation of privacy in the world. As E.B. White famously observed in his 1949 essay “Here is New York,” privacy was born in the city. Consider that, much later, in the 1970s, Marshall McLuhan created the concept of the “global village” in which the lack of distinction between the public and the private were inseparable, creating continuous conflict and removing any expectation of privacy.
With that background in mind, consider what your general lack of privacy opens you up to in this day and age:
HOW LONG IS YOUR DATA RETAINED
You should be aware that your e-mails, texts, SMSs, tweets, blogs and RSSs do not disappear the minute you read and delete them. They have a residual life, just as those companies you send your e-mails to may be obligated under the law to keep them indefinitely. And we now know that ISPs like Google and Facebook “scan” the content of your e-mails for advertising purposes while the U.S. Government piggybacks on their data for criminal and national security surveillance. Your friends may re-post the messages as well as the photos (geotags and all), even before their disappearance via Snapchat or other similar apps, perpetuating their existence virtually forever (even if you remove the original post), and there is nothing you can do to permanently prevent their propagation virtually forever. (See, for example, the Dominos, Wendy’s and Taco Bell videos referenced at the very end of this page!)
The age of Internet communication has thus ushered in what’s been dubbed “digital permanency”:
1. Whether or not they are re-transmitted, text messages can normally remain on cell phones servers for several days at least. And, even if they are deleted, they can nevertheless be retrieved by law enforcement and possibly others. How the communications companies store them internally varies by telco. At the time of this writing (6/2012; you can update these figures, they’ll probably be similar) AT&T, for example, says it saves cell tower data indefinitely, text messages for 5-7 yrs (maybe not all content, though), ISP session info for 72 hrs (non-public ISPs only); Verizon, on the other hand, stores cell-site, ISP session data and text data for one “rolling year,” but browsing destination history for only 90 days, actual text content for 3-5 days; T-Mobile doesn’t retain message content, but hangs on to text details for either 2 yrs (prepaid or 5 yrs (post paid) and keeps no ISP browsing history information; Sprint/Nextel keeps cell-site data for 18-24 months and stores ISP addresses and browsing history for 60 days; and Virgin Mobile (now owned by Sprint), keeps no ISP browsing history information, and text detail for 60-90 days. Text messages now far outnumber voice messages three to one; monthly messages sent or received jumped to 584 per person in the quarter ending in September, 2009, a 60% increase from the previous year, according to the Neilsen Company. And hundreds of millions of cell phones have software from Carrier IQ installed, logging everything you browse to what you say on your text messages. Most traffic cam and license plate scans done by law enforcement are kept for two years, maybe longer (but they usually won’t let you see the records even if you request nicely.)
2. In a dangerous turnaround, your may find that your texts, e-mails, SMSs, MMSs and surfing history may come back to haunt you in legal proceedings and investigations. With the advent of “e-discovery” (discovery of electronic messages, see LAWS), companies, ISPs, employers and service providers have an obligation to archive electronic communications even after you think you have deleted them from your cell phone or computer. E-mails don’t carry only a subject line and text, but also packets of information called “metadata” or “headers” which contain information about its transmission. For Yahoo, Outlook and other e-mail programs, the IP address of the connection used to send the e-mail is also included, saving investigators the necessity of a subpoena to trace the origin. Even if you use an anonymous e-mail program or set up a joint e-mail account and leave “private” messages in the “draft” folder of that account, you’re still not going to erase every trace of your digital footprint, as investigators have already figured out these tricks.
3. Court discovery rules (see LAWS) routinely allow discovery of text, e-mail and other electronic messages and expect that companies properly maintain archives and backups of this data so that they may be discovered for civil and criminal litigation purposes. Divorce cases also use text and e-mail messaging for investigation and litigation, having a profound effect on how these types of cases are played out: Consider the cases of Tiger Woods (Jamie Grubbs and others came forward with text messages about his ”transgressions”); Kwane Kilpatric, (former) Mayor of Detroit (text messages on government-used mobile phones and pagers showing his affair with an aide) and Nevada’s Governor Jim Gibbons (whose wife produced over 800 text messages to his mistress in 2007). Even without investigators, a suspicious spouse might just decide to look for illicit text messages: Christie Brinkley divorced Peter Cook after simply reading his text messages to a girlfriend. The point: Once confronted with your own writings, it’s usually “game over”. Forced to archive electronic media on a strict schedule and be able to produce them on demand for litigation, companies like GM are issuing memos (like the one in 2008) to employees describing proscribed content for content, prohibiting words like “defect,” “failure,” “safety implication,” “disaster waiting to happen” and the like, instead using factual and non-inflammatory terms like “not performing to design,” or “issue, matter or condition”. Social media is the new court of public opinion. And the Internet can also be used for “shaming.” Take, for example, the case of Mary Bale, (see VIDEO) who in 2010 had been filmed picking up a cat by the skin of its neck and tossing it into a garbage bin. Within a day, she became the object of global derision, her name and address published on an internet forum, the subject of hate pages on Facebook and YouTube reenactments. She became the subject of virtual mob justice. Don’t know what it is about cats and the internet. Apparently, while everyone can’t get enough cat videos (tickle kitty, grumpy kitty), there’s also a flip side, those who hate cats on video. In 2014, Ohio eighteen year old Tre’vante Mitchell was arrested for punting a cat during on a video which he posted on his FaceBook page. Guess he didn’t know about Mary Bale. Similarly for companies: Consumers who once might have repeatedly called customer service with no result are instead publicly embarrassing companies on the Internet instead. The lesson: Social media on the Internet can be a double-edged sword. You should remember this!
YOU’RE BEING MONITORED
4. Software: Since state and federal privacy laws were largely created in the pre- and early Internet age, the present Internet is pretty much a privacy free-for-all, allowing the U.S.Government, and specifically law enforcement, the unfettered right to read the data on the Internet and act on what it finds. This doesn’t even begin to cover the Government’s rights to demand such things as phone records under the Patriot and other acts, as it did with Verizon’s records (in an ongoing daily basis) in 2013. For the status of rights between non-law enforcement personnel or corporations, click on various sections throughout this site, e.g. cell phone searches, cybersecurity, cyberstalking, hacking, reading others’ emails and discovery and stored communications. See LAWS. Also, Whistle Blowers and Hackers. Moreover, the U.S. is light years behind the European Union in the drafting and passage of privacy laws. Europe, for example, has one blanket data protection directive that lays out principles for how information may be collected and used, no matter what the industry. The U.S., on the other hand, has a patchwork quilt of federal, state and local laws, with serious gaps between them, and no comprehensive law for any industry at all.
As the direct result of 9/11, U.S. law enforcement operates within the U.S. Patriot Act, which has effectively (in my opinion and others) obliterated the 4th Amendment Bill of Rights in the U.S. Constitution. By the sheer utterance of the words “possible terrorist,” you can be detained without limit, without the right to confront your accuser, without the right to cross-examination, without any protection against unreasonable searches and seizures and without the right to a lawyer, all contrary to the Constitution. You can effectively be made to “disappear” or be detained forever without trial. Even if you are not detained, the Government has no need to obtain a subpoena to obtain your personal data. None of the “probable cause” that a crime is being committed is necessary, nor is submission to a judge in most cases. Instead, the principle vehicle is the FBI NSL (“National Security Letter”), a “gag order” which carries with it the even more onerous restriction that, if you receive one, you are barred from informing anyone, including the press, that you have received one. [As a result of a lawsuit by Calyx, a smaller ISP, an appeals court ruled in 2013 that NSL letters were unconstitutional, but that’s not stopping the FBI.] See LAWS for even more, including the Government’s secret wiretapping of phones and e-mail of all types. Click HERE for a list of the DHS very long list of social media watchwords. For information about the tools used by the NSA, click HERE. Every year, thousands of these NSLs are issued to U.S. citizens and companies without any judicial review or established probable cause. This procedure was first authorized by Pres. George W. Bush and is carried out with even more relish by Pres. Barak Obama. Moreover, law enforcement routinely and secretly searches social networks to glean evidence to help them solve crimes, including creating a database of facial recognition information, the next new wave of NSA collection. With the help of companies like X1Technologies which specialize in data discovery and chain of custody, they’re catching up rapidly. In this area, the online rules parrot the non-digital rules: Police can pose as young girls on line to capture sexual solicitation of minor girls and pose as drug buyers to collar drug crimes. The creating of fake profiles to befriend suspects violates the rules of most social networks, but once one is created, they usually cooperate with law enforcement. For example, the City of Cincinnati dismantled a local street gang and arrested 71 people in 2008 by using social media to identify key members, collaborating with the University of Cincinnati’s Institute of Crime Science to create databases of information scraped from social networks, existing police records and phone records, then using software to analyze the data and establish links between the suspects. And, with or without a warrant, law enforcement can obtain evidence from companies like Facebook and Twitter. In the case involving Melvin Colon, who faced charges for murder, weapons and narcotics, when the prosecution introduced Facebook photos showing him flashing gang signs and making incriminating posts and threats, the Federal judge decided that his legitimate expectation of privacy ended when he disseminated posts to his “friends” because those friends were then free to use the information however they wanted, including sharing it with the government. Private industry is largely unregulated in this regard as well, the Government treating corporate espionage and data tracking as a “corporate thing”. This can often be bad news for the “Tell-All” generation which is used to sharing each and every thought and action across the net with their friends, family and strangers. This is also good business for the ISPs and telcos: Companies like AT&T, Verizon, Sprint and T-Mobile charge anywhere up to $500 to activate each wiretap, another $150 to access e-mail and/or voicemail, a daily or monthly rate for continuing service and other charges for services like a “tower dump” which can reveal numbers of every user using a particular cell tower, or GPS locations and other services. It can run into thousands of dollars for each search. And they’re immune from prosecution, under FISA. And in 2014, the FBI rolled out its NGI (“Next Generation Identification”) facial recognition system which uses a feature called IPS (“Interstate Photo System”), which searches a database of over 52 million photos culled from not only criminal mug shots, but also civil sources such as employment records and background checks. Unfortunately, it still has only an 85% accuracy rate, so you can imagine what will happen if you’re on the list, but later cleared. Thanks to digital forensics, No longer can it be said, as it was in the beginning, that “No one knows you’re a dog on the Internet.” [See original New Yorker cartoon on the right>>]
JUST TO CLARIFY: There are literally thousands of law enforcement and civilian personnel who devote their lives every day to the protection of all U.S. citizens. It is an almost impossible job, thankless in its anonymity, underpaid in terms of compensation. They deserve our thanks and appreciation. My discussion, above, is directed at the erosion of the system which circumvents our personal, guaranteed rights under the U.S. Constitution, but not the persons who are bound to operate within that system. This isn’t television - I believe that there are very few people who manipulate the system for their own pleasure or gain. Most law enforcement officials have no choice but to do what the laws allow or require.
And don’t forget, again, about consensual monitoring...Those apps that you love, for example: Siri, Echo and Cortana, which are always listening to what you and others are saying, even when you’re not asking for their help. (See #15 below.) And apps, particularly those on your smart phone, like Draw Something Free, Words With Friends, GO Locker, Camera360 Ultimate and Angry Birds (yes, your beloved Angry Birds; which has the distinction of being one of the apps that NSA and British GCHQ have targeted to snag information from smartphones, thanks to its poor security measures [this is supposedly being corrected]). Or even Wal-Mart - where the phone app automatically talks to eBay every time you scan a barcode. You’d be surprised how much information, usually unnecessary, is compiled each time you use a smart phone app. And also Twitter, as the geographic location stamps transmitted (if “location sharing” is enabled), along with the clustering of posting locations and time of day, can reveal where a user lives, works, or spends time. In fact, you’ve got to watch out for apps like Twitter, which can give out your personal information when you’re not expecting it: Take the case of the woman (unnamed for now) that created a string of tweets advocating publicly for childhood vaccination. In 2016, when cyberstalkers lifted photos of her and her child from her Facebook account and posted them on Twitter, she didn’t have any luck getting the posted photos taken down by Twitter. So she followed a friend’s advice that the photos would come down faster if she reported a claim to Twitter for copyright infringement under the DCMA (see Laws). Unfortunately, the didn’t realize that Twitter had to forward information to the recipient, such as her name, phone number and e-mail address, which resulted in even more cyberstalking.
Surveillance You Agree To: Don’t forget about the EULA that you sign when starting a social networking account. Most of these are grossly in favor of the host, not the account holder. As discussed above about Google, and on the Facebook Privacy page, the default on most of these sites is public sharing, and you still have to opt out to protect yourself. This includes each and every photo and video you post or which is posted anywhere on your account. This is because in many cases the EULA has language granting them permission to share virtually everything you post. Facebook uses facial auto-recognition software which claims to be 97.35% accurate, even if you take precautions to disguise your face (glasses, hats, facial hair) or are not even the main subject in the photo. In 2015, Facebook began using PIPER (pose invariant person recognition) software, which identifies people by looking for such telltale details as body poses, mannerisms and the like, supposedly with 83% accuracy. The FBI’s NextGeneration database searches known tatoos for identification. The same thing for Linkedin, with its legalese EULA, which basically says that you give them permission to do whatever it wants with your data. Theoretically, you could post information about an invention you’re working on or some other professional you’ve been talking to. They could take this posted information and use it for their own benefit. (On Linkedin, you can’t even restrict this open-ended policy.) The point is that you have to read the up-front signup agreement or you may be out of luck later on.
Remember that there are no laws preventing your ISP from looking at the data from within its own services. Microsoft, Google, Yahoo all do this, as does FaceBook and the other social networking services. For example, Microsoft admitted in Federal court proceedings in 2014 that it has the right to make unilateral decisions to monitor it’s users e-mail and other accounts, as it did when it forced its way into a blogger’s Hotmail account to track down and stop a potentially catastrophic leak of sensitive (to Microsoft) software. And Facebook and the others spy on us, intercepting private messages, but they only claim it’s to provide them data for marketing purposes, according to a response to a class action lawsuit in federal court in California in 2013. The complaint cites third-party research to back its claim that Facebook is intercepting and scanning the content of private messages. Swiss firm High-Tech Bridge, for example, reported in August it used a dedicated Web server and generated a secret URL for each of the 50 largest social networks for data mining purposes. All of this is going to be an increasing security problem as the Internet of Things becomes more widespread. And that’s not even considering new devices like Google Glass, which has its own privacy issues.
A 2014 survey reported that: 30% of the top Android free apps, 14% of Android paid apps 26% of Apple free apps and 8% of Apple paid apps accessed users address books. No surprise that 80% of Android and 50% of Apple free apps track user location or that 88% of Android free apps (26% of Apple) access IMEI/UDISs (the unique serial number in your mobile phone identifiable to you, used to track you and identify your locations and habits).
5. What you search for matters: These days, simple surfing the Internet is no longer the benign, innocent pastime it was in the beginning. Your every move is being tracked for money and for decisional information. You don’t want to surf the net for anything that could come back to bite you. If you search, even on your smart phone, for information about diabetes or liver disease, car theft or home robbery, how to euthanize a pet or elderly parent, how to build a bomb or the like, even if it’s for someone else’s information or for a news report or school paper, that information may well be recorded without your permission and used against you at a later time.
Using something known as “filter bubbles,” search engines like Google study every online move you make in order to tailor your search results, reinforcing and shaping your thinking. While the algorithm selectively guesses what you’d like to see based on your past behavior, it also generally separates (filters) out information you might disagree with or deem irrelevant. That may not be good. While you might only prefer to see news articles about Republicans, because you are one, you might object to being profiled as a diabetic just because one of your kids researched the topic for school or you checked out the symptoms for a friend. So, based on past searches and results, a search about Tel Aviv might return travel information for one person while it may return political agendas for another. Want to opt out of this type of filtering. It’s difficult because your web browser controls this. But if you want to switch to an alternative search engine like DuckDuckGo, you can do it. It’s a great site with an excellent graphic explanation, check it out.
The NSA and Google have reportedly paired to create a program called AQUAINT (“Advanced Question Answering for Intelligence”) which mimics artificial intelligence while gathering millions upon millions of Tweets, Facebook entries, photos, E-Z Pass records, gas station, grocery, restaurant and bar receipts,cell phone data, GPS locations, search engine queries, Amazon and other purchases and other “digital bread crumbs,” all for the purpose of predicting shopping, criminal and other behavior. And, aside from Google browsers and apps that you download and therefore volunteer to participate in, the Windows 10 operating system itself is a giant surveillance system for virtually everything on the computer, so you have virtually no privacy. See HERE for more information.
The New York Times reports (12/13/09; 2/5/12) that the Government is increasingly monitoring FaceBook, Twitter, MySpace and other social networking sites for tax delinquents, copyright infringers, political protestors and deadbeat dads, often through deception about who they actually are. Material mined online has been used against people battling for child custody or defending themselves in criminal cases. LexisNexis has a product called Accurint for Law Enforcement, which gives government agents information about what people do on social networks. The Internal Revenue Service searches Facebook and MySpace for evidence of tax evaders’ income and whereabouts, and United States Citizenship and Immigration Services has been known to scrutinize photos and posts to confirm family relationships or weed out sham marriages. CNN reports that DHS issued an $11 million contract in 2012 to track information on the net. Employers sometimes decide whether to hire people based on their online profiles, with one study indicating that 70 percent of recruiters and human resource professionals in the United States have rejected candidates based on data found online. A company called Spokeo gathers online data for employers, the public and anyone else who wants it. The company even posts ads urging “HR Recruiters — Click Here Now!” and asking women to submit their boyfriends’ e-mail addresses for an analysis of their online photos and activities to learn “Is He Cheating on You?”.
YOUR WORDS AND PHOTOS MAY BE USED AGAINST YOU
6. Even though laws allow people to challenge false information in credit reports, there are no laws that require data aggregators to reveal what they know about you. If I’ve Googled “diabetes” for a friend or “date rape drugs” for a mystery I’m writing, data aggregators assume those searches reflect my own health and proclivities. Because no laws regulate what types of data these aggregators can collect, they make their own rules and assumptions. In short, you are whoever Google says you are. This is known in intelligence as “pattern of life”. What you’re interested in, who you talk to and where you go all create a profile of who you are and what you are likely to do in the future. Hence the new set of companies like reputation.com, reputationchanger.com and Elixer Interactive which claim to help business and individuals manage their online reputations. On the counterattack, Google claims all such companies are scams and that the Google data cannot be controlled.
In 2007 and 2008, the online advertising company NebuAd contracted with six Internet service providers to install hardware on their networks that monitored users’ Internet activities and transmitted that data to NebuAd’s servers for analysis and use in marketing. For an average of six months, NebuAd copied every e-mail, Web search or purchase that some 400,000 people sent over the Internet. Other companies, like Healthline Networks Inc., have in-house limits on which private information they will collect. Healthline does not use information about people’s searches related to H.I.V., impotence or eating disorders to target ads to people, but it will use information about bipolar disorder, overactive bladder and anxiety, which can be as stigmatizing as the topics on its privacy-protected list.
The bits and bytes about your life can easily be used against you. Whether you can obtain a job, credit or insurance can be based on your digital surfing patterns and you may never know why you’ve been turned down. This is because stereotyping and profiling are alive and well in the area of data aggregation. Your application for credit, school admission or job application could well be declined not on the basis of your own finances or credit history, but on the basis of “aggregate” data — what other people whose likes and dislikes are similar to yours have done. [See Quants, Big Data.] This includes seemingly innocuous things as your reading habits (available from your e-reader purchases). So, for example, if baseball players or lawyers are more likely to renege on their credit-card bills, then the fact that you’ve looked at the Yankees website or e-mailed a divorce lawyer might cause a data aggregator to classify you as less credit-worthy. In the 1970s, a professor of communication studies at Northwestern University named John McKnight popularized the term “redlining” to describe the refusal of banks, insurers and other institutions to offer their services to inner city neighborhoods. (The term came from the practice of bank officials who drew a red line on a map to indicate where they wouldn’t invest.) So you might be denied credit or employment, not because of your credit history or resume, but because of your race, sex or ZIP code or the types of Web sites you visit. Moreover, because financial companies such as Kreditech and Kabbage have found that social connections can be a good indicator of a person’s creditworthiness, some tech companies are using social data to determine the risk of lending, particularly to those people who don’t have credit scores, by who their friends are on Facebook and similar networks. The theory is that, if you’re friends with people who are late in paying, so you will be, too (and, presumably, vice versa). Other indicators: Your Twitter and PayPal accounts, online purchases and how you read instructions and fill out credit applications NYT reports that the CIA, through In-Q-Tel (its investment arm), has put money into Visible Technologies and Dataminr a software company that crawls across blogs, online forums and open networks like Twitter and YouTube, to monitor what is said (much like Echelon and Carnivore monitored telephones and faxes in the pre-Internet era). It’s most recent investment has been in Palantir, a big data technology company which can connect disparate threads of database information to detect terrorists, deadbeats, etc. Also, Placemeter in New York and various “DACs” (Domain Awareness Centers) across the U.S. As you drive down the road, for example, Palinter scans literally thousands of license plates, then correlates the registration information with cell phone, credit card, property registration and other information, as well as thousands of closed-circuit cameras both public (like bus stops) and private (schools, security cameras) and even gunshot monitors and painting a profile of who you are and where you have been, minute-by-minute to within mere inches. Since 1999, In-Q-Tel has invested more than $3.2 billion in venture funding in software startup companies. The Government is, of course, also capable of monitoring communications and locations through such devices as geotags, GPS, back-doors into encrypted chips and other public (read: Government) intrusions that would be absolutely illegal and subject to prosecution if done privately. When the spy in the movies removes his cell phone battery to disable the GPS tracking, he’s not kidding. And when he uses an “onion router” to gain untraceable access to the Internet, this is actual software (although in 2013 it was revealed that the NSA hacked Tor, the largest of the onion routers). Whether it’s used for good or evil may be in the mind of the user. Government investigators are routinely trained that “the end justifies the means” such that denial, entrapment and lies can be told so long as they get their information in the end. Remember that. [Much of the information in the three paragraphs above comes from Lori Andrews, a law professor at Chicago-Kent College of Law and the author of “I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy” as quoted in the NY Times, 2/5/12.]
Closely related is the use of Google Instant, the autocomplete feature on the Google Search engine which uses an algorithm to anticipate search topics which you might be looking for, based on millions of searches already entered (including yours, which can probably be separated by your IP), your location, current topics of interest and the like. (Although it’s enabled by default, it can be switched off, although few users do so.) It’s also an interesting indicator of current relevance as well as people’s actual feelings. Type, for example, “woman shouldn’t...” and suggestions for topics like “vote” or “work” or “be heard, only seen” appear. These results are often shocking because they are fact-based, impartial and clear indications of prejudice flying in the face of lip service by governments and individuals to the contrary. Possibly, the suggestions may even create their own life and influence future searches, a self-fulfilling prophecy
THE [EVER CHANGING] GOOGLE PRIVACY POLICIES
7. NOTE: This section changes so fast that I’ve stopped keeping it up - See Tip #65 for how to protect your surfing habits. I just left this in for historical context: Effective March 1, 2012, Google initiated new privacy policies, claiming that was “getting rid of over over 60 different privacy policies across Google and replacing them with one that's a lot shorter and easier to read”. That’s only part of the story. Actually, Google will now be able to pull together everything it knows from a number of its products, rather than individual isolated ones. For example, since YouTube, Gmail (be aware that Google “scans” all of your e-mails for possible advertising purposes, before the Government may scan it for criminal surveillance purposes), browser search histories, Google+ posts, photos and profile pages, on line purchase information and other less known Google products can trace information about you, they are now able to connect the dots in order to “profile” you and target advertising to you. That profile may be right, but it also may be incorrect. Because you may have checked out X-Box games to order (for your grandchild, it turns out), you may be profiled as a 20 year old. Or you may have researched certain health issues (from prostate cancer to HIV) for a relative or school and, along with data that places the IP address of your computer in Florida, determine that you are a 65+ year old with health issues, which might cause insurance or employment problems. Since Google analysis cannot (as yet) show motivation (i.e. why) people buy things, it is still somewhat flawed. And, while users can opt for Google not to track certain types of data, like search histories and instant messages, the only way to prevent Google from sharing the information it does collect across sites is by setting up different accounts to use with each Google service. And don’t forget that Google Streetview is watching you. Since it’s public, you never know when. But it’s been tested: Take the U.K. pranksters who faked a murder in the street in August, 2012, knowing that Streetview would capture it, and it did. Took close to a year, though, for the police to question them.
Good news: In May 2014, the Electronic Frontier Foundation’s report “Who Has Your Back” shows that Google, Microsoft and Apple got perfect scores for privacy. Good! Also, Google is introducing a new tool for those users who want to disappear from search results, as well as a service (Google Apps Message Encryption or “GAME”) to send and receive encrypted e-mail to users of non-Google mail systems like Yahoo and Microsoft Exchange. Most of this in response to a ruling by the Court of Justice of the European Union on May 13, 2014. For more, see LAWS.
8. Not only do companies profile you based on your web surfing habits, but you should not be surprised to discover that those coupons (printed from the Internet or sent to mobile phones) and “loyalty program” benefits are packed with information about the customer who uses it, such as their name, Internet address, their FaceBook page information, the search terms that the customer used to find the coupon, the sites used to search for the coupon, and perhaps a general dossier on the customer, complete with a shopper identification number. Corporate “Data Mining” is big business. For example, a retailer could know that Carol Jones printed a 15% off coupon after searching for appliance discounts at Ebates.com on Monday at 9:03am and then redeemed it on Friday at 7:30pm at the store. None of this tracking is visible to consumers; all of it is perfectly legal. Didn’t you ever wonder why, only three minutes after clicking on a weight-loss ad, you started getting gym membership pop-ups and banner ads? Coincidence? Not. In fact, many consumers, who use Blippy, Twitter or the like, actively encourage it. Much of it is handled by a company called RevTrax, which creates and tracks the coupons on retailers’ web sites and elsewhere. There’s a term coined for this: “Search Inversion”. This means that those Internet search tools which help users find products have been turned around by companies to create “profiles” or “identities” of consumers which are bought and sold in order to permit those companies to use the same Internet to target their wares to those consumers. In 2013 Facebook announced partnerships with four companies which collect lucrative behavioral data, from store loyalty card transactions and customer e-mail lists to divorce and web browsing records. These companies include Acxion, which aggregates data from financial services companies, court records and federal government documents; Datalogix, which tracks consumers’ spending habits for more than 100 million Americans; Epsilon, which also collects transaction data directly from retailers; and BluKai, which creates tracking cookies for brands to monitor customers who visit their web sites. Interestingly the first two companies are among the nine which the FTC is investigating to see their practices for collecting and using consumer data. In May, 2013, the FTC sent warning letters to 10 brokerage firms, asking them to cease and desist from gathering and selling consumer information. In April, the FTC similarly warned 6 companies that they might be violating the same FCRA by sharing tenants’ rental histories with landlords. You should also be aware that you probably have what’s known as an e-score, a/k/a consumer valuation or buying-power score (run by eBureau), which measures your potential value as a customer. This score, which is invisible to you and is unregulated by the Government, uses financial and socioeconomic data to determine the expected size of your purchases as well as which advertising should be pitched to you. [See also, Big Data, Quants for more discussion.] Want to see how much information FaceBook has collected on you, click HERE. And that only is the tip of the Facebook iceberg. Take it’s tool “Custom Managed Audiences,” which can be used to reach Facebook users who are registered voters or political supporters to send them targeted ads. And, to see which sites are using third-party cookies to track your movements across the web, see the Collusion add-on for Firefox and Chrome. Finally, log on to the aboutthedata.com website to see what kind of information has been collected about you to create your marketing profile. Or Truthfinder to search public and internet records about yourself or anyone else.
E-mail can have it’s own issues, due to “trackers,” like those offered by e-mail marketing services like GetResponse and MailChimp. Have you ever wondered how you received a call or text from an e-mail sender only moments after you only opened the message. It’s because the sender has attached a tracking mechanism into the message for this purpose which not only tells them when the mail has been opened and where they are located and which devices they are using. It may be only a single invisible pixel or a hidden hyper link embedded in the message, and it’s estimated that these trackers are hidden in as much as 60% of all e-mails and most marketing e-mails. This is why many browsers can be set to not display photos, pictures and logos. And why you also have the option to disable HTML, the standard web language that trackers use to ping external servers. (To track the trackers, try UglyEmail (a Gmail tracker) or Trackbuster. For more about how to fight web trackers, click HERE.
Add to this the increasing use of HTML5 which, by using a process which makes it possible to store large amounts of data on a user’s hard drive while online, also makes it possible for advertisers and others to see weeks and months of personal browsing data at the same time. Also the advent of the “supercookie” which stores information in about ten places on a user’s computer, not just one, making the cookie difficult to delete, even by experts. [The supercookie was created by Samy Kamkar, creator of the Samy Worm which took down MySpace in 2005. He calls it the “Evercookie” since it’s intended to stay on your computer, somewhere, virtually forever.] In 2014, it was revealed that AT&T and Verizon had installed such tracking cookies on their users’ accounts. AT&T backed down when this was revealed but, as yet, Verizon continues to do so.
Of course, just looking at a web site can start the “tracking” ball rolling. On August 13, 2010, the Wall Street Journal published a survey of the top 50 web sites in the U.S. by search firm Quantcast to see how many tracking tools they embedded in their visitors’ computers. The results showed that many used more than 100 such tools; only Wikipedia had none. These rather sophisticated monitoring tools can reveal a lot about those who browse the web. In March, 2013, the Massachusetts Supreme Judicial Court ruled (Tyler v. Michaels Stores) that collecting Zip codes violates that state’s consumer protection laws because, armed with a consumer’s name and Zip, a retailer can use the “personal identification” to reverse engineer the address and other information, in order to target consumers with mailings and other marketing data. California ruled similarly in 2011 (Pineda v. Williams-Sonoma), but other states haven’t followed uniformly in the same way. It may be that retailers collect the Zips to better identify where their customers are located, but that may not be all that they do with the info. You’re free to decline, but risk that the cashier may not know how to complete the transaction without it.
And the process of posting on Yelp! or other community networks may result in the revelation of personal information about you that you’d rather not have out there. In 2016, it was revealed that arguments between patients and medical types (doctors, therapists, chropractors and the like) may result in responses that may divulge details about patients’ diagnosis, treatments and idiosyncrasies, despite the HIPAA laws. When confronted with complaints on-line, doctors often respond in kind by revealing the other side of the story, much like any other business that is reviewed on-line, but sometimes cross the line by revealing personal health or treatment information. Comments that their patients didn’t listen to their advice, follow their post-operative regime, argued with them, etc. are brought to light.
CELL AND SMART PHONE SECURITY and WEARABLE COMPUTERS
10. And don’t think that, just because you use the programs on your cell phone, you’re exempt. A study released in August 2010 from the Lookout App Genome Project revealed that 33% of iPhone apps and 29% of Android apps can reveal the user’s exact location, and that 14% of the iPhone’s free apps and 8% of the Android apps can tap into the user’s phone contact information. This is primarily because 23% of iPhone apps and 47% of Android apps have embedded third-party code, such as code that enables ad-supported content, onto the devices. Another recent study by SMobile Systems found that as much a 20% of third party apps on the Android phones requested permissions that would compromise privacy if users are not careful. Don’t forget about GPS: Want to see what Google knows about your travels? If you have an Android phone, sign in to your Google account, then go to Google Locations, then click on the Calendar widget and Show 30 days on the drop down menu. The map on the right will show you everything. You can get similar information about what’s on the Apple or Garmin servers. The map on the right will show where you’ve been for thirty days. And, even if you’re not on your phone, companies like Euclid Analytics which use the Wi-Fi antennas inside stores like Nordstrom and Home Depot to track how many people come into a store, how long they stay and even which aisles they walk down, all identified by cell phone number or ID. Meridian and IndoorAtlas also use in-store location services to track shoppers’ paths and push coupons for nearby items. And in late 2012, social network site Reddit came under fire for it’s forum that encourages people to covertly photo women on the street and upload the images to the site for others to ogle and comment on, setting off further debate about privacy and free speech. Then there are the “stalker apps” like StealthGenie, that is a popular smartphone app used as a tool to catch cheating spouses, monitor kids and the elderly by evesdropping on their calls and surreptitiously tracking their locations, all without their consent. And even well-meaning apps like ClassDojo, a behavior tracking app that lets teachers award or subtact points for each student’s conduct, used by one in three U.S. schools by at least one teacher, has come under fire for the potential for misuse of such personal data (college applications, marketing, etc.) See ClassDojo whiteboard, at right. Finally, beware that wearable computer devices (including Google Glass; as well as wearable cameras like the Narrative Clip and Autographer, which allow users to document and share virtually every instant of their lives; embedded medical devices like insulin pumps, glucose monitors and pacemakers; smart watches, smart clothing for recreation or business, like athletes, elderly, and firefighters which monitor biometrics via Bluetooth; and fitness bands and activity monitors which track not only daily exercise levels and calorie intake, but even sleep time) collect and upload detailed information about a user’s life, including lifestyle choices, personal health, daily routines and location. If security controls aren’t enabled (if they’re even available), stalkers, identity thieves and other criminals could take advantage of this hole.
In short, there should be absolutely no expectation of privacy for anything you post on the net. Back in year 2000, Scott McNealy, head of Sun Microsystems famously said “You have zero privacy anyway. Get over it.” There could be legislation or case law on this subject soon. See LAWS. Concerns about FaceBook’s data collection and dissemination policies have become so intense that the U.S. Congress is planning to introduce legislation about what information can legally be shared on-line (See below). Moreover, on 12/14/09, the U.S. Supreme Court agreed to decide whether a police department violated the constitutional privacy rights of an employee when it inspected personal text messages (some of them sexually explicit) sent and received on a government pager. This decision may be a narrow ruling, or it may indicate the Court’s position on broader issues. O’Conner v. Ortega, 480 U.S. 709 (1987). (The lower court concluded that the employee had a reasonable expectation of privacy in his office.) NOTE: In July, 2010 the Supreme Court reversed the lower court’s ruling and held that government employees shouldn’t assume that their electronic communications are protected against unreasonable searches so long as their employers have a legitimate work-related reason for the search.
11. Talking about living forever...The U.S. Library of Congress, which bills itself as “the universal body of human knowledge,” has announced [NY Times, 4/14/10] that it will archive the collected works of Twitter, whose users currently send a daily flood of 55 to 65 million messages, as "an entirely new addition to the historical record, the second-by-second history of ordinary people.” This will be just one part of the “Web capture” project at the library, an effort to assemble Web pages, online news articles and documents, typically concerning significant events like presidential elections, terrorist attacks and the like. Privacy concerns? None. After all, the vast majority of Twitter messages are publicly published on the Web already. While the archive is to be available only for “scholarly and research purposes,” how long can it take for the Government, divorce lawyers and others to search this data mine for their own predictable purposes. Don’t think just because you erased a Tweet that it doesn’t live on forever!
12. If you are concerned, you should periodically check the privacy settings on your social networking sites to understand and possibly restrict the extent to which your content is shared. FaceBook, with its more than 500 million registered users, makes its information public by default. It is also the number one source for malware and clickjacking (see SECURITY for examples). Even one of its own software engineers, Mike Vernal, blogged (NYTimes, 10/18/10) that the company had recently learned that several apps (in fact, the top 10, including FarmVille and Mafia Wars) were passing the user ID to outside companies, such that outsiders could identify FaceBook users and possibly their friends names, for the use by advertisers and Internet tracking companies. Remember that Facebook made $3.2 billion in advertising revenue in 2012 alone, 85 percent of its total revenue. Facebook’s inventory consists of personal data and it makes money by selling ad space to companies that want to reach us. Advertisers choose key words or details — like relationship status, location, activities, favorite books and employment — and then runs the ads for the targeted subset of its 845 million users. In Europe, laws give people the right to know what data companies have about them, but that is not the case in the United States. Moreover, Facebook’s inventory of data and its revenue from advertising are minor compared to Google, which took in more than 10 times as much, with an estimated $36.5 billion in advertising revenue in 2011, by analyzing what people sent over Gmail and what they searched on the Web, and then using that data to sell ads.
13. I used to post how to customize the Facebook privacy settings at this point. However, over the past five years, Facebook has had so much bad press over its privacy policies and so many compromise agreements with the U.S. and other governments, that they seem to be changing them with dizzying speed. Click HERE for an expanded discussion of Facebook’s privacy settings as they have evolved over recent years.
Remember, it’s up to you to review your privacy settings. The default is usually public sharing; the choice is to opt-out manually. And EPIC has filed numerous complaints with the U.S. FTC about the lack of privacy for personal information posted on these types of sites.
And there are programs to help you with this: The latest widget-scrubbing tool was released in October, 2012 from PrivacyChoice, of Santa Cruz, Calif. It is a browser extension that monitors how tight your privacy settings are on Facebook and Google, including the option of disabling Facebook and Google Plus share buttons. Disconnect.Me, a Menlo Park, Calif. start-up, likewise offers a browser extension for Google Chrome and lets users see just how many companies are tracking them on every Web site they visit. Those trackers include analytics companies, advertising networks and social networks. Another company, called Ghostery, offers several browser extension to allow users to keep track of the trackers, including social network plug-ins. Click HERE for more about ad tracker blocking software. Then there is the now popular Snapshot and also Wickr that will let you program how long your message and attachments will be displayed on the recipient’s phone before disappearing (unless, of course, someone has already copied them).
Even if you’re part of the “tell-all” generation, do you really want the entire planet to know your birth date and other personal information, likes and dislikes, sexual preferences, religious views, political opinions and the like? And to see possibly compromising photos? As I said above, if you wouldn’t want your mother, priest, human resources director, boss, girlfriend, wife or the IRS to know these things, don’t share them with “everyone”! Things might be changing, though: A UCLA Berkley study in 2010 determined that about 88% of participants between ages 18 and 24 responded that there should be a law requiring websites and advertising companies to delete all stored information about an individual upon request. 94% of those aged 45 to 54 supported this same idea.
WATCH OUT FOR THESE THINGS
14. Watch where you engage in SN: For example, don’t engage in social networking at work or on your work computer. First of all, read your employee policies or rules, whether they are contained in an employment contract, employee manual or written memos. A majority of companies make it a firing offense to engage in social networking or personal web surfing on company time. Companies use a variety of desktop surveillance from companies like CryptaVault, Work Examiner & TimeDoctor to monitor your Internet use, either through desktop screenshots or proxy servers (which you have to go through in order to get to the Internet, and which keep a log of your activity). So don’t think that using Gmail or Hotmail guarantees you privacy, just as HTTPS or encryption may still not protect you from your employer’s keystroke loggers. If you’ve been notified that your employer may monitor your activity, you’re history. Don’t think your company is doing this? A 2007 American Management Association survey found that two-thirds of responding employers were monitoring their employees’ website visits, 43% were monitoring their e-mail and 28% had fired workers for e-mail misuse. Think again. And don’t use FaceBook when you’re on jury duty, like Jacob Jock, a 29-year-old graduate of Ringling College of Art and Design, who was dismissed from jury duty and sentenced to a three day jail sentence by Sarasota County Circuit Court Judge Nancy Donellan after the defendant, a young woman, disclosed that he had contacted her via the Facebook social media website as the trial began in December, 2011.
15. Watch out for cloud apps like Siri, Cortana and Echo. Companies like IBM won’t let you use Siri, which stores what you say, where you search, what jokes you listen to, your address book, e-mail messages and other user data in a big cloud data center in Maiden, North Carolina. Since Apple isn’t saying, no one knows what they’re doing or going to do with all this data. Turn ‘em off if you’re worried. Otherwise, they’re always listening.
16. And don’t forget to opt-out of the geotag feature on your mobile devices, otherwise you may be providing others with the exact location of yourself or your property without wishing to do so. See the discussion under Pictures (No. 6, above) for more detail.
17. You must even be careful about where you bring your computer in for service. The Best Buy Geek Squad has been in trouble repeatedly for copying nude photos from its customers computers and posting them online. Most recently, in August, 2013 a U. of Alabama art student filed charges against the Squad after she discovered her nude photos circulating on Pirate Bay and elsewhere on the web. In 2007, Geek William E. Giffels admitted to storing customers’ nude photos. And there are others. All this begs the threshold question: Why wouldn’t someone remove the photos before bringing the computer in for service, or even store them separately from the hard drive? Why, indeed... See LAWS for a discussion about what your local Geek Squad can scarf off your hard drive when you bring it in for service.
Other considerations: Don’t use readily identifiable information as password hints (Forget your password? Don’t name your dog, high school, mother’s name) [see Passwords]; Don’t let social networking sites helpfully “scan” your address book for “friends”; Don’t pay your bills while on a public Wi-Fi site and always make sure it shows an encrypted connection (shown by a little lock or colored address line); periodically Google yourself to see if any personal information is on-line. You get it... Finally - - keep your computer safe! Especially if it’s a laptop, treat it like your wallet, as it can be easily stolen.
16. Of course, there’s another (positive) side to Internet control: The recent actions of the Egyptian government restricting Twitter and Internet service during citizen protests have highlighted the interests of the government in restricting access in situations which might become exacerbated by such disclosure, whether right or wrong. Also, book and newspaper publishers have a legitimate interest in protecting their original content. The Wikileaks controversy points out the government’s interest in keeping classified materials from leaking to the Web. Also the NSA’s spying on Americans through the PRISM system. Parents seek to shield their children from cyberbullying or sexual predators (see LAWS). Corporate types and public figures struggle to keep rivals or enemies from slandering them or their businesses, products or offices or stealing their trade or other secrets. Not all internet control is, after all, bad. But, these days, it seems that virtually everyone is as terrified of being watched, filmed, photographed, uploaded, downloaded, re-tweeted and shared whatever they are doing (see below) as they enjoy doing the same to others.
Social networking sites are quite useful for many personal and business purposes. On the one hand, you can waste lots of time, possibly offend people, breach confidentiality and confuse your branding, be it personal or corporate. On the other hand, it’s an easy way to access business or personal contacts, link to publications, piggy-back onto events, provide status updates, establish conversations with like-minded people and convey your personal or brand image.
But you still have to exercise the same judgment on line that you would exercise in a personal setting, or you can expect serious consequences which cannot be undone. Remember, once posted on-line, even if it is removed, your words or pictures still may have been copied and repeated across the Internet (like the [prank]) Domino’s Pizza video on YouTube in 2009 showing workers picking their noses and sneezing on the food while preparing sandwiches) and may be around for eternity if it is. (Yes, they were found, fired and convicted, but even today the information is still out there on the Internet.) Also, the Taco Bell shell licker and the Wendy’s ice cream licker. And, as you can read from the discussion above, you must be constantly vigilant, because those who find it financially advantageous to invade your privacy, even if not strictly illegal, discover new ways to compromise your identity and data daily.
For more discussion about privacy see, Laws, Rant, Are You Being Watched.
See also definitions at Texting, Big Data, Quants, Cookies, Blogging, Twitter.