Tag Archives: Online Privacy

Reality Check: Is Your Personal Data Safe Online?

The Facebook scandal involving personal data mishandled by Cambridge Analytica has raised concerns over the privacy of the information we share on our social media accounts.

Some countries have gone as far as to legislate Internet data privacy with laws granting the “right to be forgotten.”

Yet Facebook CEO Mark Zuckerberg says we don’t need such regulations here in the states. Is he right?

This is a Reality Check you won’t get anywhere else.

It’s an unsettling thought: your personal data, being manipulated on a global scale. Where you live, what kind of car you drive, how many children you have, what food you eat, how much you money you earn, what clothes you wear, how you exercise, the list goes on and on.

While other countries are tightening laws on Internet privacy and how corporations can use your data, such as the UK’s data protection law with its “right to be forgotten,” the United States seems to be stuck in the 1980s on the issue.

In California, privacy is a right in the state constitution. “Privacy” was added to the state’s “inalienable rights” by the legislature in 1972.

And though California has been a leader in privacy, the last meaningful update to the state’s privacy laws was in the 1980s, long before today’s technology.

For context, Census data shows that in 1989, 15 percent of American households owned a computer.

Today, according to Pew Research, 77 percent of Americans have a smartphone—a computer in their pocket or purse.

And in 2015, those smartphone owners used about 27 smartphone apps per month, according to Statista.

Just think about all of the information you give to the apps on your smartphone. Do you read their terms of use?

You know you don’t. And yet, a California-based group called the Californians for Consumer Privacy has raised concern about how our information is collected and sold.

From that group came the California Consumer Privacy Act. The act is intended to not only hold major corporations making $50 million per year or more responsible for their consumers’ data, but also giving Californians the right to know where and to whom their data is being disclosed or sold, and if their data is being properly protected.

There’s nothing in California today that allows users see what data has been collected on them. And data is being collected everywhere you go.

From the checkout at Target, to your Facebook account, browsing the Internet or even just walking on a city street—credit cards are being swiped, messages are being shared, and cameras are recording.

So are the rules of how businesses use your data fair and respectful of your privacy?

One of the key aspects of the California Consumer Privacy Act is a right of action against companies that store data but have not taken reasonable steps to secure that data. That means consumers can sue companies that didn’t protect their data.

What exactly “reasonable steps” means needs to be fleshed out in the courts, but there are plenty of examples of companies that didn’t take “reasonable steps” until after data was compromised.

From December 19, 2013, “Target says hackers breached its system and stole 40 million credit card numbers.”

From September 18, 2014, “Almost immediately after word broke that Home Depot had been hacked, security experts were noting that the breach was likely even worse than the massive Target that had preceded it.”

From October 2, 2014, “JP Morgan just revealing that an August data breach could affect 76 million households.”

From February 5, 2015, “One of America’s largest health insurers, Anthem, this morning confirmed a massive data breach. Reports say hackers may have stolen up to 80 million records. No credit card or medical information is in danger, but Social Security numbers, birthdays and addresses may have been compromised.”

What you need to know is that when we provide information to a corporation, we establish a relationship.

We believe the corporation will use our information for the purpose of their service. Once your information is outside of the intended use, it’s nearly impossible to control it.

And third party sharing of your data allows it is be used, shared and disseminated without any control on your part. Big data is powerful force in the United States. But should big data be allowed to do whatever it wants with your information. If not, how do we, as the public, get some control back?

Let’s talk about that, right now, on social media, while someone collects our data.

New Hampshire Library Victorious In Internet Privacy Debate

Lebanon, New Hampshire- The Lebanon Library Board of Trustees upheld their decision to continue running a Tor node at the Kilton Library at its meeting Tuesday night, and the node was turned back on shortly after the meeting. Controversy surrounding the node and the library’s support of Tor, stemming from an email sent by the Department of Homeland Security to local law enforcement, led to a temporary shutdown of the node.

The board’s decision to ultimately keep the node turned on was made after several area residents expressed their views on the importance of Tor and internet privacy and vocalized praise for the library’s Tor support.

During the board meeting, ACLU of New Hampshire executive director Devon Chaffee explained how Tor is used. The Tor browser “is a piece of software, free and open source, that helps people protect their privacy and anonymity online by obscuring personally identifiable information,” she said. Tor accomplishes this by bouncing traffic off of a network of relay nodes, which was what Kilton was asked to run.

In June, the trustees voted to allow Kilton Library to run one of these nodes. The nodes serve as an important function to allow Tor users to preserve their anonymity. The Kilton Library, with the help of the Library Freedom Project (LFP), became the first public library in the United States to offer a relay node.

Kilton’s running of the node was part of a larger initiative to encourage libraries nationwide to support Tor and relay nodes as a “powerful symbolic gesture demonstrating our commitment to a free internet, but also a practical way to help the Tor network, and an excellent opportunity to help educate our patrons, staff, boards of trustees, and other stakeholders about the importance of Tor.”

Kilton Library was chosen partly because of steps that the library had already made to protect patron privacy. According to LFP, Kilton IT librarian Chuck McAndrew runs the library computers on GNU/Linux distributions. “Most library environments run Microsoft Windows, and we know that Microsoft participated in the NSA’s PRISM surveillance program. By choosing GNU/Linux operating systems and installing some privacy-protecting browser extensions too, Chuck’s helping his staff and patrons opt-out of pervasive government and corporate surveillance.”

Just over a month passed before an agent at the Department of Homeland Security in Boston discovered Kilton Library’s support of Tor. DHS notified the Lebanon Police Department of the project, and a meeting between city officials, the board of library trustees and law enforcement was held to discuss the risks of running a node.

[RELATED: NH Library Suspends Tor Support Following Email From DHS]

Law enforcement and Lebanon Deputy City Manager Paula Maville made comments regarding the possibility of criminal exploitation of Tor. The library decided to pause the pilot project and hold another meeting to decide whether or not to turn it back on or keep it off.

Ahead of Tuesday’s meeting, a rally was held outside of Lebanon Public Library where activists held signs cheering Kilton’s support of Tor while rebuking DHS’s involvement. Lynette Johnson, a former librarian, told Truth In Media’s Annabelle Bamforth at the rally that “librarians really think about [protecting patron privacy] almost like a doctor-patient confidentiality.”

Public comment consisted almost entirely of support for Kilton Library’s relay node. The first person to speak, an elderly man named Lloyd, said that he worked for the government in the past and urged that DHS be kept as far away from Tor as possible.

Another man, a resident of Orange, New Hampshire who identified himself as an employee in the information technology field for several years, pointed out that U.S. intelligence agencies have more tools than ever before to gather information and opined that the debate should not be around whether or not the government has a harder time catching criminals, but around whether or not a relay node is a proper library function.

A woman born in Colombia spoke up passionately in support of privacy and freedom of speech, describing her previous job as a social worker in Colombia amidst violent conflict and explaining that she had seen many atrocities. “Freedom of speech isn’t part of their democracy there,” she said.

One after another, area residents shared their thoughts on the importance of internet privacy and why tools such as Tor should be embraced and not subjected to blind fear.

Following public comment, the board acknowledged that Tor could be exploited by criminal operations, but not any more than other online tools. The board made a decision to turn the node back on and maintain their original vote to support Tor by hosting the node.

Following the decision, Bamforth interviewed LFP’s Alison Macrina and Tor Project’s Nima Fatemi- who helped introduce the node to Kilton Library and have provided education about online privacy tools- about the library’s decision.

“We’re absolutely thrilled,” Macrina said following the meeting. “This is a public referendum about privacy and free speech, and I couldn’t think of a better place to have it happen. There was a reason why we chose Kilton as our pilot project. We knew that New Hampshire, the Live Free Or Die state, was the right place for this. This is the best thing that could have happened. The whole world came out in favor of Kilton doing the right thing, which they’ve just done, and it’s no better demonstrated than by the response of the community which was just overwhelming- I was crying, especially when the woman from Colombia spoke.”

“We actually made a joke, Libe Free or Die,” added Fatemi, a Tor Project member and partner in the LFP’s relay node project. “We’re definitely overwhelmed by the support of the community. It’s unbelievable, I was basically speechless.”

Fatemi noted that “what happened with the police department and DHS was a huge case of miseducation. Part of the reason we picked libraries because libraries are central to the communities. If we help give them enough resources, then they can teach, educate the communities around them- including law enforcement.”

This article has been updated to properly identify that a relay node is running at Kilton, not an exit relay.

Report: Obamacare Website Sharing Users’ Information with Third-Party Tech Firms

On Tuesday, a report was released that shed light on the vulnerability of HealthCare.gov users’ information to third-party tech firms.

Following an investigation, the Associated Press revealed that the HealthCare.gov website is “quietly sending consumers’ personal data to private companies that specialize in advertising and analyzing Internet data for performance and marketing.”

This personal data may include the user’s Internet address, age, ZIP code, income, and information on whether the user smokes, or is pregnant.

According to the Associated Press, while the Obama administration claims the website’s connections to data firms “were intended to help improve the consumer experience,” there were connections to “dozens of third-party tech firms,” and seven of the companies were “also collecting highly specific information.”

In a letter to the Obama administration, Republican Senators Orrin Hatch of Utah, and Charles Grassley of Iowa voiced their concerns:

“This new information is extremely concerning, not only because it violates the privacy of millions of Americans, but because it may potentially compromise their security.”

The Associated Press reported that although third-party sites embedded on HealthCare.gov can’t see a user’s “name, birth date or Social Security number,” they can correlate the fact that the computer accessed the government website with the user’s other Internet activities.

While Cybersecurity was one of the topics Obama discussed during his State of the Union address on Tuesday night, the emphasis was on keeping private information from falling into the hands of foreign nations, rather than keeping users’ private information from being shared by the U.S. government

No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” said Obama. “We are making sure our government integrates intelligence to combat cyber-threats, just as we have done to combat terrorism.”