Friday, February 7, 2014

Weekly Review of Privacy in the News - Week Ended 2/7/2014

New York Post publishes article titled the United States of Paranoia:
http://nypost.com/2014/02/01/welcome-to-the-united-states-of-paranoia/

The US forces New Zealand to override it's own privacy rules for Americans living in New Zealand:
http://www.stuff.co.nz/national/politics/9681670/Move-to-alter-privacy-laws-to-help-US

Feds to decide on standards for car to car communications:
http://hosted.ap.org/dynamic/stories/U/US_TALKING_CARS?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2014-02-03-10-48-29

Belarus government may have put malicious code in the Obamacare website, healthcare.gov, possibly comprising the personal information of millions of Americans:
http://freebeacon.com/the-belarusian-connection/

New app will allow Google Glass users to identify you just by looking at you:
http://www.eonline.com/news/507361/just-when-you-thought-google-glass-couldn-t-get-creepier-new-app-allows-strangers-to-id-you-just-by-looking-at-you  Senator has concerns: http://thehill.com/blogs/hillicon-valley/technology/197580-franken-questions-facial-recognition-app

Surveillance technology can track thousands of people for many hours at a time:
http://www.washingtonpost.com/business/technology/new-surveillance-technology-can-track-everyone-in-an-area-for-several-hours-at-a-time/2014/02/05/82f1556e-876f-11e3-a5bd-844629433ba3_print.html

States launch effort to rein in government surveillance:
http://www.breitbart.com/system/wire/ap_029168fec16a42078c76fa035d4a3e1d

4 in 10 government security breaches go undetected (or at least unreported):
http://freebeacon.com/report-4-in-10-government-security-breaches-go-undetected/

Twitter threatens to sue the Obama administration in an effort to release more information to the public about how much data the company is forced to turn over to the government:
http://thehill.com/blogs/hillicon-valley/technology/197646-twitter-considers-legal-fight-to-disclose-docs

Snowden leaks went beyond NSA disclosures to what angry senior officials called "very highly classified" information:
http://pjmedia.com/tatler/2014/02/05/lawmakers-disturbed-and-angered-after-classified-briefing-reveals-extent-of-snowden-defense-leaks/

NYPD testing Google Glass:
http://venturebeat.com/2014/02/05/nypd-google-glass/

Tech giants hire lobbyest for surveillance reform at the NSA:
http://www.politico.com/story/2014/02/techs-biggest-players-hire-first-nsa-lobbyist-103214.html

$20 electronic gadget can let a hacker or anyone else take complete control of your vehicle:
http://www.dailymail.co.uk/sciencetech/article-2553026/The-gadget-hack-CAR-Terrifying-12-tool-remotely-control-headlights-locks-steering-brakes.html

NSA claims to only collect a third of American telephone call metadata and has trouble with cellphone collection:
http://www.nytimes.com/2014/02/08/us/politics/nsa-program-gathers-data-on-a-third-of-nations-calls-officials-say.html


Tuesday, February 4, 2014

Police Departments Tracking Your Vehicle Movements Daily

A Ford executive recently reported that Ford Motor Company knows where all of its customers are and knows when they are breaking the law.  Well something you may not know is that the police officer who just passed you on the street in his cruiser has a camera that collected a photo of your vehicle, of the driver and occupants and your license plate.  Also, it recorded your location via GPS.  Before he was out of site, your information was uploaded to a police database that is used to track your movements.

Even if your car is parked at a friends house or in your own driveway, the police have a record of it anytime they drive by.

According to police departments, this information isn't just used to look for stolen cars or wanted suspects although few stolen cars are recovered this way:

An ACLU study, based on 26,000 pages of responses from 293 police departments and state agencies across the country, found that license plate scanners produced a small fraction of "hits," or alerts to police that a suspicious vehicle had been found.

This information is also used in cases where they want to go back in time and see where a suspect may go each day and what they do.  This information can be used to put together a case of circumstantial evidence against you years later.  Some departments keep this information indefinitely.

Nationwide, they have amassed hundreds of millions of digital records tracking the movements of all Americans.

The ACLU says the scanners are creating "a single, high-resolution image of our lives."
"There's just a fundamental question of whether we're going to live in a society where these dragnet surveillance systems become routine," said Catherine Crump, an attorney with the ACLU.

In fact, the ACLU claims that these systems aren't being used to recover stolen vehicles at all, but are instead being used to gather intelligence.  They cite a newspaper investigation where the plates of a stolen motorcycle were captured 60 times, yet the person was never stopped.

The group is asking that police departments nationwide delete all records of cars not linked to any crime, which has been summarily ignored.

Drivers beware.

Monday, February 3, 2014

Privacy Campaign: The Day We Fight Back, February 11, 2014



An organization called Access Now is planning an online protest against intrusive government surveillance. The protest is planned for February 11, and is called "The Day We Fight Back". From their website:

"Together we will push back against powers that seek to observe, collect, and analyze our every digital action. Together, we will make it clear that such behavior is not compatible with democratic governance. And if we persist, eventually win this fight, together."

On February 11, Americans will ask legislators to oppose the FISA Improvements Act, support the USA Freedom Act, and enact protections for non-Americans.  Thousands of website will place banner ads on their pages asking people to join in the effort.  Grassroots protests like this have worked in the past against censorship/surveillance oriented bills such as SOPA and PIPA.

Their website is located here. Please check it out, sign up and participate on February 11 to help protect your privacy.

Friday, January 31, 2014

Weekly Review of Privacy in the News - Week ended 1/31/2014

NSA watching phone users with google maps:
http://www.theguardian.com/world/2014/jan/27/nsa-gchq-smartphone-app-angry-birds-personal-data

Facebook app asks for permission to read your text messages:
http://www.fastcompany.com/3025589/fast-feed/why-is-facebooks-app-asking-to-read-your-text-messages

British government spying on Youtube and Facebook users worldwide.  Companies deny any knowledge of the surveillance:
http://investigations.nbcnews.com/_news/2014/01/27/22469304-snowden-docs-reveal-british-spies-snooped-on-youtube-and-facebook?lite

US government and privacy advocates reach compromise which will allow companies to publicly disclose some additional data about how much data they are forced to turn over to the government under the Foreign Intelligence Surveillance Act, pending approval by the FISA court:
http://hosted.ap.org/dynamic/stories/U/US_NSA_SURVEILLANCE_COMPANIES?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT

Rand Paul says Hillary is a big proponent of surveillance state:
http://www.nationaljournal.com/technology/rand-paul-hillary-clinton-is-a-big-proponent-of-the-surveillance-state-20140128

US looks for ways to prevent spying on its spying activities:
http://apnews.myway.com//article/20140128/DABJG0G80.html

Google+ and Candy Crush are among 'leakiest apps', leaking all sorts of personal information about you to anyone: http://www.bloomberg.com/news/2014-01-29/nsa-spying-on-apps-shows-perils-of-google-candy-crush-.html

Yahoo detected major hack attack and is asking users to reset passwords:
http://www.businessinsider.com/yahoo-hack-password-reset-2014-1



Wednesday, January 29, 2014

How Facebook Tracks You

Facebook is used by over a billion people around the world according to the company.  It contains people's most intimate secrets and has more personal information about more people than any other site in history.  It is a literal treasure trove (ie- money machine) for advertisers targeting certain segments of the population.  However, it is also used by people trying to find you for reasons other than friendship or advertising.  The only way to be truly private on Facebook is to not use it at all.

But if you insist on using it, there are some things you can do.  Before we get to that, let's talk a little bit about how Facebook works.  Facebook itself, or anyone who has access to your Facebook can determine a number of things about you just by your friend list.  Your friend list makes it almost impossible to maintain anonymity.  So if you think you are outsmarting everybody by not putting your hometown or your high school on your 'About Me' page, you are mistaken.

Here is an example of what is known as a social graph:

Thank you to mark-photo.com for allowing me to share this graph with my readers.

Facebook has one of these for all 1.1 billion of their users (in fact, there are apps out there, like Touchgraph, that will let you create one of your very own).  I know it looks sort of complicated, but it is very simple.  Each dot on the graph represents a person that the Facebook user knows.  Lines between two dots represent mutual friends.  Clusters of friends were labeled by the user.  The central figure in the middle is actually the Facebook user's spouse who are commonly centerpieces on these graphs as spouses often know many of the same people.  So this Facebook user is friends with a number of people from his old high school, many of whom are also friends with each other.  The three lines heading off to college represent someone from his high school that went to his college.  The line from high school to family represents someone from his family who went to his high school.  The elementary school cluster suggests that he moved to a different area or changed school systems (such as private or charter to public or vice-versa) at some point because not a single person from his elementary school knows anyone from his high school.  The six dots to the right of the high school cluster (that sort of look like a stingray) appear to be some sort of group or club from back before he was married because none of them know his wife or went to any of his schools.

So even if this Facebook user chooses not to share where he went to high school, the information is still quite obvious and is available to anyone who goes through and looks at the high school cluster profiles as undoubtedly, one or more of his friends have indicated where they went to high school on their profiles. This would reveal where he grew up.  The elementary school cluster would show where he used to live before he moved.  The same applies to his choice of college.

This is a lot of information gleaned from someone I don't even know and I don't have any access to their account.  And I'm not even an expert at this sort of thing.  Imagine the possibilities for an expert with the proper access credentials, which are quite easy to obtain by hackers or others wanting to know more about you.

Each one of us has a unique social fingerprint, and Facebook does an excellent job of bringing this information all together.  It is quite difficult to hide your fingerprint.  Perhaps you already know that Facebook collects too much information and you've tried to take measures to maintain some semblance of privacy in this part of the online world.  For example, maybe you have created a fake name on Facebook to maintain your anonymity.  This may help a tiny bit to keep casual users from identifying you, but like real life, changing your name won't change your social fingerprint and even casual users would be able to easily identify you by the people you have friended (for example Mom and Dad, brothers and sisters, aunts and uncles are all readily apparent on Facebook even if you haven't tagged them as relatives).

Perhaps you've thought REALLY hard about this and decided to friend a bunch of random people to confuse things.  Maybe you have had added many, many friends so those with access to your Facebook would have a harder time determining your personal information like where you went to high school.  But since all of your random friend requests probably do not know each other, you will still be left with the clusters seen above, along with single unconnected dots of the people you added in a futile attempt to gain some anonymity.  Here is the chart above after adding 48 random people who do not know each other or any of your other friends:


See the 48 individual dots at the bottom left?  Those are the 48 people you added to 'muddy the waters.'  As you can see, it didn't change your social fingerprint very much.  Also, Facebook monitors accounts for people friending people they don't know (ostensibly to stop spammers) and will slow your ability to make friend requests, turn off that ability for a period of time, or close your account (especially if the account is not seasoned/new).  They know that you don't know any of those 48 people and so do you, now that you know how to read a social graph.  Changing your name and adding random friends does nothing to change your social fingerprint.

The NSA's phone metadata collection program works much the same way as described above.  This is why they collect metadata information and don't really care about the content of your messages or phone calls (though they listen to calls, including calls of world leaders, and read messages regularly for no apparent reason).  They feed this information into supercomputers put it all together to build electronic dossiers on all of us.  The more datapoints they have on each of us (such as IP addresses, emails, credit card data, banking, travel, etc), the higher the quality dossier they have.  They can gather far more intelligence this way than actually listening in on your phone calls or reading your emails.

Stay tuned for Part 2 where I will discuss strategies for increasing your privacy on Facebook.


Tuesday, January 28, 2014

How to Remove Exif Data From Photos

Last week, I wrote about how to remove the exif information your digital camera or smartphone attaches to your photographs. Exif, which stands for exchangeable image file format, is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras. Exif data contains a number of metadata tags about the photo such as the date and time it was taken, make and model of the camera, various camera settings and other information including GPS information.  Exif data is a risk because by sharing photos over the internet, you may be revealing personal information such as where you live, where you work or where your children go to school.

 You have several options available.

Privacy Action Plan (PAP) - How to remove exif data from your photographs

One way to remove your exif information is to use the details tab within the properties dialog box in File Manager.  Simply find the file within File Manager, then right click on it and choose properties.  Click on the details tab, then click on the link at the bottom that says "Remove Properties and Personal Information"


The following dialogue box will appear:


Choose 'Create a copy with all possible properties removed'.  This will make a separate copy and leave all of your exif data intact in your existing photo.  Or you can leave some of the information there by choosing which attributes you would like removed, such as any GPS information.  This will actually remove the exif data in the existing file.

If you do not have this option available in the properties dialog box, you can remove this information for free online.  This method is less safe than removing it on your computer because you have to upload your photo with the exif information to the website so it can be removed.

There are a number of websites out there that will remove exif data for free, such as http://www.exifremove.com.  You upload the photo to the website and then download a new photo with the exif information removed.

There are various free downloadable tools for doing this as well, some of which can remove exif data from many photos all at once such as this program http://www.exiferaser.com/.  This option avoids the problem above of uploading images to a website.

Of course, you could always attempt to instruct your smartphone or camera to not record exif information to start with (at least the location data).  Some devices will let you do this, others will not.  Some helpful advice can be found here: http://www.icanstalku.com/how.php#disable


Friday, January 24, 2014

Weekly Review of Privacy in the News - Week ended January 24, 2014

Senator Patrick Leahy (D) VT, say the government needs to stop spying on the American people:

http://dailycaller.com/2014/01/19/sen-leahy-on-nsa-spying-we-need-to-stop-government-from-controlling-american-people-video/


Michael Morell, ex-deputy director of the CIA has admitted that there have been minor breeches of the NSA database that tracks the activities of all Americans:

Senator Diane Feinstein (D) CA, tells Americans to get used to NSA database as it is here to stay:

The Supreme Court has decided to review whether police can review the information in your cellphone after making an arrest:
http://www.reuters.com/article/2014/01/17/us-usa-court-cellphone-idUSBREA0G1H320140117

Romanian police claim to have caught Guccifer:
http://www.washingtonpost.com/blogs/style-blog/wp/2014/01/22/guccifer-the-hacker-who-leaked-george-w-bush-paintings-reportedly-arrested-in-romania/

Edward Snowden does a live Q&A chat session on January 23 regarding mass surveillance by the government:
http://freesnowden.is/asksnowden.html

Blimp-like surveillance aircraft to be installed for three year period over Maryland:
http://www.washingtonpost.com/business/technology/blimplike-surveillance-crafts-set-to-deploy-over-maryland-heighten-privacy-concerns/2014/01/22/71a48796-7ca1-11e3-95c6-0a7aa80874bc_print.html

Privacy board says bulk data collection of telephone calls is illegal:
http://www.cnn.com/2014/01/23/politics/nsa-telephone-records-privacy/

Republicans call for end to NSA spying:
http://swampland.time.com/2014/01/24/exclusive-republican-party-calls-for-investigation-into-nsa-snooping/

Facebook being sued for sharing private messages between users with third parties:
http://money.cnn.com/2014/01/03/technology/facebook-privacy-lawsuit/