Tag Archives: Digital Privacy

Reality Check

Reality Check: Is Your Personal Data Safe Online?

Video Leave a comment

The Facebook scandal involving personal data mishandled by Cambridge Analytica has raised concerns over the privacy of the information we share on our social media accounts.

Some countries have gone as far as to legislate Internet data privacy with laws granting the “right to be forgotten.”

Yet Facebook CEO Mark Zuckerberg says we don’t need such regulations here in the states. Is he right?

This is a Reality Check you won’t get anywhere else.

It’s an unsettling thought: your personal data, being manipulated on a global scale. Where you live, what kind of car you drive, how many children you have, what food you eat, how much you money you earn, what clothes you wear, how you exercise, the list goes on and on.

While other countries are tightening laws on Internet privacy and how corporations can use your data, such as the UK’s data protection law with its “right to be forgotten,” the United States seems to be stuck in the 1980s on the issue.

In California, privacy is a right in the state constitution. “Privacy” was added to the state’s “inalienable rights” by the legislature in 1972.

And though California has been a leader in privacy, the last meaningful update to the state’s privacy laws was in the 1980s, long before today’s technology.

For context, Census data shows that in 1989, 15 percent of American households owned a computer.

Today, according to Pew Research, 77 percent of Americans have a smartphone—a computer in their pocket or purse.

And in 2015, those smartphone owners used about 27 smartphone apps per month, according to Statista.

Just think about all of the information you give to the apps on your smartphone. Do you read their terms of use?

You know you don’t. And yet, a California-based group called the Californians for Consumer Privacy has raised concern about how our information is collected and sold.

From that group came the California Consumer Privacy Act. The act is intended to not only hold major corporations making $50 million per year or more responsible for their consumers’ data, but also giving Californians the right to know where and to whom their data is being disclosed or sold, and if their data is being properly protected.

There’s nothing in California today that allows users see what data has been collected on them. And data is being collected everywhere you go.

From the checkout at Target, to your Facebook account, browsing the Internet or even just walking on a city street—credit cards are being swiped, messages are being shared, and cameras are recording.

So are the rules of how businesses use your data fair and respectful of your privacy?

One of the key aspects of the California Consumer Privacy Act is a right of action against companies that store data but have not taken reasonable steps to secure that data. That means consumers can sue companies that didn’t protect their data.

What exactly “reasonable steps” means needs to be fleshed out in the courts, but there are plenty of examples of companies that didn’t take “reasonable steps” until after data was compromised.

From December 19, 2013, “Target says hackers breached its system and stole 40 million credit card numbers.”

From September 18, 2014, “Almost immediately after word broke that Home Depot had been hacked, security experts were noting that the breach was likely even worse than the massive Target that had preceded it.”

From October 2, 2014, “JP Morgan just revealing that an August data breach could affect 76 million households.”

From February 5, 2015, “One of America’s largest health insurers, Anthem, this morning confirmed a massive data breach. Reports say hackers may have stolen up to 80 million records. No credit card or medical information is in danger, but Social Security numbers, birthdays and addresses may have been compromised.”

What you need to know is that when we provide information to a corporation, we establish a relationship.

We believe the corporation will use our information for the purpose of their service. Once your information is outside of the intended use, it’s nearly impossible to control it.

And third party sharing of your data allows it is be used, shared and disseminated without any control on your part. Big data is powerful force in the United States. But should big data be allowed to do whatever it wants with your information. If not, how do we, as the public, get some control back?

Let’s talk about that, right now, on social media, while someone collects our data.

Government Accountability, Privacy, Technology

Apple’s Tim Cook Opposes More Federal Access To Customer Data

Leave a comment

WASHINGTON – Opposition to back door access to encrypted information by intelligence agencies was defended by Apple CEO Tim Cook.

In an interview for “60 Minutes” broadcast, Cook said “There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door’s for everybody, for good guys and bad guys.”

A renewed push by politicians and law enforcement has come in the wake of the November 13 terrorist attacks on Paris, when attackers were said to have used encrypted devices to coordinate and execute attacks outside the purview of government surveillance.

While the interview with Cook had been filmed prior to the Paris attack, the CEO has since emphasized his support for protecting encryption, saying the choice between privacy and national security was a false one.

“I don’t believe the tradeoff here is privacy versus national security,” he said, adding that’s an “overly simplistic view…We’re America. We should have both.”

The Cybersecurity Information Sharing Act of 2015 (CISA) has been a contentious issue in the tech community over the past year. The measure allows for direct sharing of consumer data and information with the surveillance community. Many provisions in previous versions of the bill which called for anonymity of that data were stripped out of the version of the bill which passed as a part of the omnibus budget.

“Organizations can now directly share raw data with several agencies with no protection or anonymity,” said engineer Joseph Pizzo with Norse Security. “There may have been a small cost associated with anonymizing the data, but now that this requirement has been removed and organizations may feel that they’re helping, I don’t foresee any work moving forward to protect consumer data.”

Candidates including Donald Trump and Sen. Marco Rubio (R-Fla.) have advocated for the ability for intelligence agencies to circumvent encryption during the 2016 presidential campaign.

FOLLOW MICHAEL LOTFI ON Facebook, Twitter & LinkedIn.

Featured, Politics, Privacy, States Rights, Technology

Calif. Gov. Jerry Brown Signs Digital Privacy Bill Blocking Warrantless Spying

Leave a comment

Democratic California Governor Jerry Brown signed two bills into law on Thursday that strengthen Californians’ digital privacy protections.

Senate Bill 178, the California Electronic Privacy Act (CalEPCA), prevents state-level investigators from obtaining a suspect’s digital communications without first securing a warrant. The law also mandates that California law enforcement agencies procure a warrant before compelling tech companies, many of which are headquartered in the state, to turn over metadata and other records.

The technology-focused publication Wired, which characterized the California Electronic Privacy Act as “the nation’s best digital privacy law,” quoted ACLU of California technology and civil liberties policy director Nicole Ozer as saying, “This is a landmark win for digital privacy and all Californians. We hope this is a model for the rest of the nation in protecting our digital privacy rights. This is really a comprehensive update for the modern digital age.

[RELATED: California Governor Signs Assisted Suicide Bill Into Law]

Electronic Frontier Foundation’s Dave Maass wrote, “CalECPA protects Californians by requiring a warrant for digital records, including emails and texts, as well as a user’s geographical location. These protections apply not only to your devices, but to online services that store your data. Only two other states have so far offered these protections: Maine and Utah.

According to the Tenth Amendment Center, “The law also stipulates that law enforcement gather no more information than is necessary to achieve the objective of the search, and imposes other conditions on the use of the search warrant or wiretap order and the information obtained, including retention and disclosure requirements. Information obtained in violation of these provisions would be inadmissible in criminal, civil, or administrative proceedings.

Gov. Brown also signed a second bill, Senate Bill 741, which prohibits local governments in the state from acquiring stingray technology unless a bill passes through the locality in question’s legislature and requires that members of the public be given an opportunity to comment in advance of the vote. Tenth Amendment Center communications director
Mike Maharrey explained, “Cell site simulators, known as ‘stingrays,’ spoof cell phone towers. Any device within range is essentially tricked into connecting to the stingray instead of the tower, allowing law enforcement to sweep up communications content, as well as locate and track the person in possession of a specific phone or other electronic device.” He added, “Since local police generally receive these devices directly from the FBI, or through grant money provided to them by the FBI, passage of SB741 allows local communities to interpose themselves in this process and block the FBI’s programs from coming to fruition.

Under Senate Bill 741, county sheriffs can purchase stingray technology without legislative approval, but must make a public announcement if they do. The bill requires that law enforcement “maintain a usage and privacy policy in order to ensure that the collection, use, maintenance, sharing, and dissemination of information and data gathered through the use of cellular communications interception technology is consistent with respect for an individual’s privacy and civil liberties.

Politics, Technology, US

New bill proposed to limit NSA phone data collection

5 Comments

Senator Patrick Leahy (D-VT) is set to introduce a new Senate bill which would curb the ability of the government and NSA to collect phone and internet data in bulk and increase transparency of such government programs.

“If enacted,” said Leahy according to Reuters, “this bill would represent the most significant reform of government surveillance authorities since Congress passed the USA Patriot Act 13 years ago.”

The bill is already being supported by the White House and is reportedly more aggressive than a similar bill passed in May.

The May bill was significantly altered before being heard on the Senate floor, and it has been argued the changes could allow government agents to search a broad scope of records, such as by ZIP code, to pull up data.  Sen. Leahy’s bill would prevent broad searches and require agents to use very specific terms in order to search records.

National Security Council spokesman Ned Price said in an email sent Monday, “Chairman Leahy has done remarkable work reflecting the equities of intelligence professionals while crafting privacy enhancements, and these efforts have yielded significant progress on issues vital to those stakeholders.”

The Hill also reports the bill would require the agencies to give “the number of people caught up in its searches, declare how many of them were Americans and provides more ways for tech companies to report the number of government requests for information they receive.”

Leahy’s bill would also create a panel of special civil liberties advocates and assign them to oversee secretive court intelligence operations, where the advocates would represent the public when the court makes a ruling.

While this is a big step in what many privacy advocates consider the right direction, Leahy said there was still a lot of work to do even if the bill passed.  “I’d like to get most of what we need,” said Leahy, “then work on the rest.”

Featured, Politics, US

Supreme Court Ruling: Police Cannot Search Cell Phones Without A Warrant

Video 10 Comments

In a colossal decision favoring digital privacy, the Supreme Court unanimously ruled 9-0 Wednesday that “police generally may not, without a warrant, search digital information on a cell phone seized from an individual who has been arrested” due to the immense amount of private information now commonly contained on cell phones.

In a ruling over two separate cases in California and Massachusetts, the Supreme Court ruled in favor of privacy rights over the necessity of investigating crime. Defendants David Riley of California and Brima Wurie of Massachusetts sought to overturn their convictions due to the fact that their convictions had stemmed from their phones being searched without a warrant. The Supreme Court ruled that both searches were unconstitutional.

While police are still allowed to examine a phone to specifically ensure it is not a weapon, the ruling states “digital data stored on a cell phone cannot itself be used as a weapon to harm an arresting officer or to effectuate the arrestee’s escape.”

“Modern cellphones are not just another technological convenience,” said Chief Justice John G. Roberts Jr. “The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the Founders fought. Our answer to the question of what police must do before searching a cell phone seized incident to an arrest is accordingly simple—get a warrant.”

ACLU national legal director Steven R. Shapiro responded to the ruling: “By recognizing that the digital revolution has transformed our expectations of privacy, today’s decision is itself revolutionary and will help to protect the privacy rights of all Americans. We have entered a new world but, as the court today recognized, our old values still apply and limit the government’s ability to rummage through the intimate details of our private lives.” 

Follow Annabelle on Facebook and Twitter.