Tag Archives: Privacy

Privacy Minded Search Engine Passes 3 Million Searches 8 days after Hitting 2 Million

19 Jun
  • DuckDuckGo  tweeted this morning about its latest milestone: more than three million direct searches in a single day.

duckduckgo

Last week they had just cracked the 2 million mark.

Two other alternate search engines, StartPage.com and Ixquick.com, that also focus on  keeping searcher activity private, also just announced that they passed three million daily searches.

With the focus on the NSA and the PRISM eavesdropping and snooping scandal, a once cottage industry is starting to gain traction.

Prism: what it means for all of us

10 Jun

Terrifying in its implications for all Americans. Bill Schneier is a man who has devoted his adult life to security and privacy concerns. He has one of the most important sites on the Internet and it is a site I visit daily. Here is his take on Prism.  (image from reddit)

prism

Government Secrets and the Need for Whistle-blowers

By Bill Schneier https://www.schneier.com/blog/archives/2013/06/government_secr.html

 

Yesterday, we learned that the NSA received all calling records from Verizon customers for a three-month period starting in April. That’s everything except the voice content: who called who, where they were, how long the call lasted — for millions of people, both Americans and foreigners. This “metadata” allows the government to track the movements of everyone during that period, and a build a detailed picture of who talks to whom. It’s exactly the same data the Justice Department collected about AP journalists.

The Guardian delivered this revelation after receiving a copy of a secret memo about this — presumably from a whistle-blower. We don’t know if the other phone companies handed data to the NSA too. We don’t know if this was a one-off demand or a continuously renewed demand; the order started a few days after the Boston bombers were captured by police.

We don’t know a lot about how the government spies on us, but we know some things. We know the FBI has issued tens of thousands of ultra-secret National Security Letters to collect all sorts of data on people — we believe on millions of people — and has been abusing them to spy on cloud-computer users. We know it can collect a wide array of personal data from the Internet without a warrant. We also know that the FBI has been intercepting cell-phone data, all but voice content, for the past 20 years without a warrant, and can use the microphone on some powered-off cell phones as a room bug — presumably only with a warrant.

We know that the NSA has many domestic-surveillance and data-mining programs with codenames like TrailblazerStellar Windand Ragtime — deliberately using different codenames for similar programs to stymie oversight and conceal what’s really going on. We know that the NSA is building an enormous computer facility in Utah to store all this data, as well as faster computer networks to process it all. We know the U.S. Cyber Command employs 4,000 people.

We know that the DHS is also collecting a massive amount of data on people, and that local police departments are running “fusion centers” to collect and analyze this data, and covering up its failures. This is all part of the militarization of the police.

Remember in 2003, when Congress defunded the decidedly creepy Total Information Awarenessprogram? It didn’t die; it just changed names and split into many smaller programs. We know that corporations are doing an enormous amount of spying on behalf of the government: all parts.

We know all of this not because the government is honest and forthcoming, but mostly through three backchannels — inadvertent hints or outright admissions by government officials in hearings and court cases, information gleaned from government documents received under FOIA, and government whistle-blowers.

There’s much more we don’t know, and often what we know is obsolete. We know quite a bit about the NSA’s ECHELON program from a 2000 European investigation, and about the DHS’s plans for Total Information Awareness from 2002, but much less about how these programs have evolved. We can make inferences about the NSA’s Utah facility based on the theoretical amount of data from various sources, the cost of computation, and the power requirements from the facility, but those are rough guesses at best. For a lot of this, we’re completely in the dark.

And that’s wrong.

The U.S. government is on a secrecy binge. It overclassifies more information than ever. And we learn, again and again, that our government regularly classifies things not because they need to be secret, but because their release would be embarrassing.

Knowing how the government spies on us is important. Not only because so much of it is illegal — or, to be as charitable as possible, based on novel interpretations of the law — but because we have a right to know. Democracy requires an informed citizenry in order to function properly, andtransparency and accountability are essential parts of that. That means knowing what our government is doing to us, in our name. That means knowing that the government is operating within the constraints of the law. Otherwise, we’re living in a police state.

We need whistle-blowers.

Leaking information without getting caught is difficult. It’s almost impossible to maintain privacy in the Internet Age. The WikiLeaks platform seems to have been secure — Bradley Manning was caught not because of a technological flaw, but because someone he trusted betrayed him — but the U.S. government seems to have successfully destroyed it as a platform. None of the spin-offs have risen to become viable yet. The New Yorker recently unveiled its Strongbox platform forleaking material, which is still new but looks good. This link contains the best advice on how to leak information to the press via phone, email, or the post office. The National Whistleblowers Center has a page on national-security whistle-blowers and their rights.

Leaking information is also very dangerous. The Obama Administration has embarked on a war onwhistle-blowers, pursuing them — both legally and through intimidation — further than any previous administration has done. Mark Klein, Thomas Drake, and William Binney have all been persecuted for exposing technical details of our surveillance state. Bradley Manning has been treated cruelly and inhumanly — and possibly tortured — for his more-indiscriminate leaking of State Department secrets.

The Obama Administration’s actions against the Associated Press, its persecution of Julian Assange, and its unprecedented prosecution of Manning on charges of “aiding the enemy” demonstrate how far it’s willing to go to intimidate whistle-blowers — as well as the journalists who talk to them.

But whistle-blowing is vital, even more broadly than in government spying. It’s necessary for good government, and to protect us from abuse of power.

We need details on the full extent of the FBI’s spying capabilities. We don’t know what information it routinely collects on American citizens, what extra information it collects on those on various watch lists, and what legal justifications it invokes for its actions. We don’t know its plans for future data collection. We don’t know what scandals and illegal actions — either past or present — are currently being covered up.

We also need information about what data the NSA gathers, either domestically or internationally. We don’t know how much it collects surreptitiously, and how much it relies on arrangements with various companies. We don’t know how much it uses password cracking to get at encrypted data, and how much it exploits existing system vulnerabilities. We don’t know whether it deliberately inserts backdoors into systems it wants to monitor, either with or without the permission of the communications-system vendors.

And we need details about the sorts of analysis the organizations perform. We don’t know what they quickly cull at the point of collection, and what they store for later analysis — and how long they store it. We don’t know what sort of database profiling they do, how extensive their CCTV and surveillance-drone analysis is, how much they perform behavioral analysis, or how extensively they trace friends of people on their watch lists.

We don’t know how big the U.S. surveillance apparatus is today, either in terms of money and people or in terms of how many people are monitored or how much data is collected. Modern technology makes it possible to monitor vastly more people — yesterday’s NSA revelations demonstrate that they could easily surveil everyone — than could ever be done manually.

Whistle-blowing is the moral response to immoral activity by those in power. What’s important here are government programs and methods, not data about individuals. I understand I am asking for people to engage in illegal and dangerous behavior. Do it carefully and do it safely, but — and I am talking directly to you, person working on one of these secret and probably illegal programs — do it.

If you see something, say something. There are many people in the U.S. that will appreciate and admire you.

For the rest of us, we can help by protesting this war on whistle-blowers. We need to force our politicians not to punish them — to investigate the abuses and not the messengers — and to ensure that those unjustly persecuted can obtain redress.

Our government is putting its own self-interest ahead of the interests of the country. That needs to change.

This essay originally appeared on the Atlantic.

EDITED TO ADD (6/10): It’s not just phone records. Another secret program, PRISM, gave the NSA access to e-mails and private messages at Google, Facebook, Yahoo!, Skype, AOL, and others. And in a separate leak, we now know about the Boundless Informant NSA data mining system.

The leaker for at least some of this is Edward Snowden. I consider him an American hero.

EFF has a great timeline of NSA spying. And this and this contain some excellent speculation about what PRISM could be.

Someone needs to write an essay parsing all of the precisely worded denials. Apple has never heard the word “PRISM,” but could have known of the program under a different name. Google maintained that there is no government “back door,” but left open the possibility that the data could have been just handed over. Obama said that the government isn’t “listening to your telephone calls,” ignoring 1) the meta-data, 2) the fact that computers could be doing all of the listening, and 3) that text-to-speech results in phone calls being read and not listened to. And so on and on and on.

Here are people defending the programs. And here’s someone criticizing my essay.

Four more good essays.

I’m sure there are lots more things out there that should be read. Please include the links in comments. Not only essays I would agree with; intelligent opinions from the other sides are just as important.

Google Responds to Congress: we aren’t NebuAd

12 Aug

Recently Congress has been investigating the user’s privacy with the growingly pervasive ‘opt-out’ advertising programs such as those run by NebuAd. The Congressional Committee on Energy and Commerce sent a letter on August 1 to Microsoft, Google, AOL  and a number of other companies, asking for information on whether or not personal data had been collected, what restrictions were placed on the collection and how the information was used. The companies were given until August 8 to respond.

 

NebuAd’s deep packet inspection was the lightning rod that drew increased congressional scrutiny and Google recognized this and promised to place its answer online for open inspection.

Google has since posted its reply. Google  by categorically stating that it does not engage in deep packet inspection while serving advertising and posits that most other advertisers do not as well.  According to the company, Google’s privacy policy is founded on three principles: providing transparency, choice, and security.

Google goes on  to say that it has been an active participant in the FTC  initiative to develop privacy principles and hopes that these principles “will be adopted widely by the online advertising industry and will serve as a model for industry self-regulation in jurisdictions beyond the United States.” The letter concludes with a  pledge to work with to create a uniform federal privacy law.

 

Other Google points:

 

  • Google’s online search advertising serving while contextual, do not make use of web browser history, and that it maintains no such database. 

 

  • The  DoubleClick merger Google intends to integrate some of that company’s technology into its own products to tailor ads more effectively. Users can opt out of this via a single option which will control a person’s opt-out status for all of the websites within Google’s network. 

 

  • Data retention: Google does not require any personally identifiable information (PII) to be provided and retains only standard server log information and/or cookie ID. Google anonymizes all search log data after 18 months.

 

 

Do no evil? You decide.

EU States ” Right to a Private Life”

8 Apr

The Article 29 Working Group, an EU data protection and privacy issue working group, has issued a new major report (PDF). The EU started with the premise of a “right to a private life” . Their recommendations include allowing search engines to store European user data for maximum of six months, treat IP addresses as “personal information,” and must comply with the rules even if they are based outside the EU.

More Facebook Privacy Issues

23 Jan

The U.K.’s Information Commissioner’s Office (ICO) is investigating Facebook after a user complained that they were unable to fully delete their profile after terminating their account.While users’ information remains on Facebook’s server even if accounts are deactivated. This data is no longer accessible but can be reactivated later on.

Facebook says that this is in “full compliance with U.K. data protection law” says it does not use the information from deactivated accounts.

“We take the concerns of the ICO and our user’s privacy very seriously and are committed to working with the ICO to maintain a trusted environment for all Facebook users and ensure compliance with UK law,” said a statement from the site.

Senior data protection practice manager at the ICO explains,”If the onus is entirely on the individual to delete their data, they might not find themselves motivated enough to delete information that’s about them on their wall or other people’s sites,”

“We’ll be working with the site to achieve better quality information for users to make it absolutely clear to people what exactly will happen to their information once it’s posted,” said Evans.”

http://www.pcworld.com/article/id,141607-c,privacy/article.html

— Jeff Buechler

IP Addresses: Are they personal info?

22 Jan

From Ars technica:Could IP addresses soon be considered “personal information” in Europe? The question was discussed yesterday at a hearing before the European Parliament’s Civil Liberties Committee, where European data protection authorities and privacy advocates backed the idea. Google, not surprisingly, wasn’t as thrilled.

Giving legal protection to IP addresses poses a host of problems for companies like Google that log massive amounts of data and want to know which machines it comes from. IP address tracking can help the company crackdown on click fraud, for instance, and it can help Google identify the general geographical location of many of its visitors.

But IP addresses don’t match up with people, only machines, making them at best quasi-personal. As Google’s Global Privacy Counsel Peter Fleischer told the Committee (PDF), “There is no black or white answer: sometimes an IP address can be considered as personal data and sometimes not; it depends on the context, and which personal information it reveals.”  http://arstechnica.com/news.ars/post/20080122-ip-addresses-could-become-personal-information-in-europe.html

Act Like Neville Chamberlain and Get Fined $2,000,000

24 Oct

In previous posts I have been quite vocal about censorship and the appeasement of the search engines in response to governmental requests for limiting access and information. Now the Congress is contemplating fining companies if they cooperate with the technological surveillance of political dissidents or share technology and information used for “Internet-restricting” purposes.

From Forbes, “Companies under the congressional microscope included Cisco (nasdaq: CSCOnews people ), which Smith accused of helping China create a “police net” database used to track and imprison political dissidents around the country. He alluded to Yahoo!‘s (nasdaq: YHOOnews people ) cooperation with Chinese police, offering up email information that led to journalist Shi Tao receiving a 10-year prison term in 2005 for “revealing state secrets.” Smith also criticized Google (nasdaq: GOOGnews people ) for its decision to appease China by blocking politically controversial search results on its Mandarin site.”Google has joined hook, line and sinker with the propaganda regime of Beijing,” Smith said.

While I applaud Congress for trying to stay in front of this issue, it sends a dangerous message to companies doing business overseas that if you try and comply with the legal requirements of the jurisdiction you are in, then the US government will fine you if it disagrees with that foreign government’s policies. Countries like China, Burma, Belarus, Vietnam, Ethiopia, and Tunisia have very repressive policies and of course these policies should be repealed. Fining companies who, by their very nature will encourage greater openness, do business in these countries is sending the wrong message. And in this case, the wrong message is worse than no message at all.

%d bloggers like this: