datacollection
Latest
President Obama announces limitations on use of NSA-collected data, puts database in the hands of third party
The scandal surrounding the NSA's data collection and surveillance programs seems never ending. Almost every week there are new revelations as to the extent of the spying, which covers everything from social networks, to phone calls, text messages and location data. President Barack Obama has already sought to assuage the public's fears once by suggesting reforms to the programs, now it's time for round two. At a speech today, the commander in chief announced efforts to limit the use of bulk-collected data and a new process for reviewing data-collection policies. While the NSA won't stop sucking up information anytime soon, added oversight and periodic audits will work to ensure the private data of average citizens is protected not just against governmental abuse, but also external parties that would seek to steal that information. There will also be annual reviews of the priorities and policies used to collect and analyze the data that will involve the heads of multiple departments and agencies. And, to the extent possible, the presidential directive promises to declassify and release the details of those policies to the public. The increased transparency will go a long way toward fulfilling the promise the president made back in July, though many privacy advocates will surely find room for improvement. The biggest change comes in the form of an end to the bulk data-collection program under section 215 of the Patriot Act. A new system will be put in place, that places the collected metadata in the hands of an unspecified third party and requires a judicial finding before any query of the database, except in the event of a national emergency. There will also be a third-party privacy advocate present to argue before the FISA court at each request for data. The government will also use more stringent standards and "will only pursue phone numbers that are two steps removed from a terrorist organization." That change, from the current standard of three steps, is effective immediately. The government will have to demonstrate a clear national security purpose for each request, and the president guaranteed that this intelligence would not be used for any other purpose. That promise was delivered alongside jabs at foreign critics who have similar surveillance capabilities, but lack America's civil liberties protections.
LG Smart TVs could be collecting personal data, even if you tell them not to
Think you're safe from prying eyes when you turn off your computer or smartphone and flip on the TV? That might not be the case if you have a recent LG Smart TV, according to a UK blogger called DoctorBeet. He noticed that his new HD set was sending private data, regardless of whether a (rather hidden) toggle called "Collection of watching info" was turned on or off. In scanning through his router logs, DoctorBeet noticed that TV station metadata was transmitted (albeit to a server that appears inactive) each time he changed the channel. More insidiously, even the names of files on USB keys he inserted were being sent -- including one he changed to "Midget_Porn_2013.avi" to prove a point. That appears to go beyond what we saw with its Cognitive Networks hookup, which was supposed to supply more features to users, not advertisers. We contacted LG, who made the following statement: We're looking into this now. We take these claims very seriously and are currently investigating the situation at numerous local levels since our Smart TVs differ in features and functions from one market to another. We work hard to get privacy right and have made this our top priority. They said it could take another 48 hours to actually confirm or deny what's going on -- so, naturally, as soon as we know, you'll know. [Image Credit: DoctorBeet's Blog]
White House telecom advisor brings together privacy code of conduct for apps
The White House's main telecom adviser, the National Telecommunications and Information Administration (NTIA), has issued a first draft of a mobile apps code of contact, with the goal of giving consumers more control of their privacy. It facilitated its creation over several years by stakeholders like privacy advocates, app developers and gatekeepers like Apple, Google and Blackberry. If adopted, publishers will be required to provide "short form notices" telling consumers whether or not their data is being collected and how it's being used. Such data would include biometrics, browser history, phone or SMS logs, contact info, financial data, health, medical or therapy info, user files and location data. The document was backed by the American Civil Liberties Union, though it wasn't crazy about the amount of time the process took, saying that "comprehensive privacy legislation" was also needed. It's worth noting that major app store operators already agreed recently to put new privacy policy standards in place that conform with California's Online Privacy Protection Act. There's also the irony of the US government pushing for more consumer privacy, while perhaps being the largest abuser via PRISM. Dig into the source for the full read.
Court documents reveal secret rules allowing NSA to use US data without a warrant
NSA's information gathering practices have been further detailed in court papers revealed by The Guardian. While the agency has continued to reiterate that it doesn't collect its data indiscriminately, the leaked papers detail several loopholes that allow it to gather data from both American and foreign origins without the need for a warrant. If you use data encryption or other privacy tools, your communications are likely to receive extra attention, and the agency can indefinitely keep any information assembled for "crypto-analytic, traffic analysis or signal exploitation purposes" -- in short, if the NSA believes may be relevant in the future. One reason to hold onto said files could simply be the fact that the data is encrypted and NSA wants to be able to analyze its protection. The security agency can also give the FBI and other government organizations any data if it contains a significant amount of foreign intelligence, or information about a crime that has (or will be) committed. Any data that's "inadvertently acquired" through the NSA's methods -- and could potentially contain details of US citizens -- can be held for up to five years before it has to be deleted. The Guardian's uploaded the leaked papers in full -- hit the source links for more.
Tiny fraction of required 270 million Facebook users squeak 'no' to changes
Facebook users rebuked proposed privacy changes in a vote on Friday -- to the tune of 87 percent -- but a thousand times higher turnout was needed for it to matter. As such, the company will likely proceed with the additions, which it said were needed to clarify current policies for European and US regulators. However, the company was sufficiently chastened by the anemic turnout of 342,600 voters to state that it was "pretty disappointing," and spokeswoman Jame Schopflin said in the future, they will consider the vote "advisory" if numbers were too low. Still, groups like Our Policy who started the petition for this referendum might want to pick their battles better next time.
Facebook to experiment with access for under-13s
Facebook is exploring options to connect kids to its social network, while ensuring it obeys federal laws. According to the Wall Street Journal, the social network is pushing for a more formalized structure for under-13s in an effort to curb users registering under a false age. Consumer Reports currently pegs the number of under-age users at around 7.5 million. Despite other privacy concerns, Facebook is reportedly looking to add buffers and parental controls to any kid-friendly version that might result from its current experiments. It could also tie parents' accounts to their little tykes' pages, allowing game purchases to be made through their bank details. Well, that new HQ isn't going to pay for itself.
Facebook to put privacy changes to vote thanks to policy group, its own rules
A vote on Facebook privacy rules prompted by 45,000 comments plastered on its governance page is likely to trigger consequences -- maybe some not intended. With Max Schrems' Our Policy site easily egging the number past the 7,000 threshold, the now-public social company must wait to see if 30 percent of its user base will object to the seemingly modest revisions. With the flock now numbering nearly 800 million, it seems unlikely that 230 million of them will bother to even vote, let alone strike the changes down. Given that and Facebook's privacy Czar Erin Egan saying that it will now revisit the vote policy, it's possible the only result will be a change in terms which could stymie future privacy efforts. Want to have your say? Check the more coverage link to find out where to go.
Facebook proposes more transparent privacy policy, wants to know what you think of it
Facebook's had some privacy foibles in the not-so-distant past, and has been working to improve its policies to better inform Facebook users how their info is exploited. Last year, the Irish Data Protection Commissioner's Office did an audit of Facebook's data usage approach, and determined that, while Facebook's doing a decent job, further details should be provided to us all. Well, the social network's recently responded by creating a Terms and Policies Hub to make its myriad policies easy to find. Additionally, it's adding new examples and explanations to its Data Use Policy about how the 'book employs cookies on its site, while also shedding some light on how our info's used for advertising and improving site operations. There's also a detailed description of the Activity Log tool that lets you see every bit of info you've entrusted to Mr. Zuckerberg, so you can better manage your pictures and wall posts. These changes aren't yet set in stone, however, because Facebook wants to know what you think before doing so. Just head on over to Facebook's Site Governance page to peruse the changes and provide feedback at your leisure, or tune into a live Q&A session with Chief Privacy Officer Erin Egan next Monday (May 14th) at noon ET to tell her face-to-digital-face.
Facebook revealing the personal data it collects, won't spare your drunk-poking blushes
Facebook's massively expanding its Download Your Information service into an all-encompassing archive of the data Mr. Zuckerberg collects about your daily dose of people-stalking. DYL was introduced in 2010 and allowed you to pull down all the photos, posts, messages, friend lists and chat conversations in the archives -- but now will also offer stored IP addresses, previous names you've used, friend requests you've made, with further categories due in the future. It'll have to sate the concerns of privacy organizations worldwide, since it's rumored to collect 84 different categories of information about you (85 if you count all those Instagram photos it just bought). It'll be gradually rolled out to all 845 million users in the coming weeks and is available from your general account settings.
Google announces 'opt-out' feature for wireless network owners, aims to allay privacy concerns
Google, as promised, responded to concerns over its data collection policy this morning, by announcing a new "opt-out" feature for its location based services. Under the new policy, WiFi operators can remove their home networks from Google's geolocation database by simply adding "_nomap" to the end of their access point's SSID. A network named "Engadget," for example, would be renamed "Engadget_nomap," and dutifully removed from the Google Location Server. In a blog post announcing the change, the company explained that this solution offers "the right balance of simplicity as well as protection against abuse," since it "helps protect against others opting out your access point without your permission." For more details, hit up the source link below, or check out Google's Help Center for more detailed instructions on how to opt out.
OnStar abandons plans to keep tracking vehicles after service cancelation
OnStar found itself at the center of a firestorm after it sent out an e-mail notifying customers that it planned to collect data from vehicles even after service had expired or been terminated. That is, unless the (soon to be former) users specifically opted out. Well, in a statement today, President Linda Marshall changed course and announced the post-subscription data collection would be opt-in only. The company still hoped some departing customers would volunteer to maintain a connection so that it can "provide former customers with urgent information about natural disasters and recalls affecting their vehicles." (They're just looking out for you buddy.) Even if OnStar loses out on boatloads of valuable data, at least the company won't have to listen to Chuck Schumer's public chastising any more -- that man lays a better guilt trip than your mother and grandmother combined. Check out the full announcement after the break.
Google planning opt-out option for WiFi data gathering
Privacy concerns have caused Google to back down a bit on its information collection amongst residential wireless networks. Beginning in the fall, the company will allow owners of the WiFi networks to opt-out of the data gathering. Google has assured concerned parties that it doesn't collect personal details when nabbing the information for its databases, but such comments haven't done much to calm the nerves of privacy advocates.
Russia's RadioAstron telescope finally set to launch, blanket space with its radio eye
Considering all the space nostalgia we've been swimming in recently, it's somewhat appropriate that a Cold War-era telescope is gearing up to make its maiden voyage, after more than three decades of development (and delays). The Russian mission, known as RadioAstron, will finally become a reality on Monday, when a radio telescope launches from Kazakhstan's Baikonur cosmodrome before soaring into orbit some 350,000 kilometers away from the Earth. At just ten meters in width, the craft's antenna is small in comparison to other radio 'scopes, but its reach can be dramatically expanded when combined with signals from those on the ground. This technique, called interferometry, will effectively create the largest telescope ever built, covering an area nearly 30 times the Earth's diameter and allowing RadioAstron to capture interstellar images in 10,000 times the resolution of the Hubble Space Telescope. There remains, however, one major hurdle -- because the spacecraft collects data at about 144 megabits per second, it must constantly transfer information to antennas on the ground. Problem is, there's only one antenna capable of receiving RadioAstron's signals and, unless others are constructed soon, a healthy chunk of its observations could be lost. How do you say "buzz-kill" in Russian?
Device Analyzer Android study wants to track your every move, if you'll let it
And here we thought folks were concerned about protecting their personal data. As it turns out, however, a surprising chunk of Android users have volunteered to give a group of University of Cambridge researchers a look at exactly how they use their cellphones. By downloading the Device Analyzer app from the Android market, more than 1,000 participants have allowed the data collection program to harvest statistics in the background while they use their phones. Those statistics -- varying from when the power is switched on, to which apps are in use -- are then made available to users via the Device Analyzer website. Of course, this is Cambridge, a rather well respected institution of higher learning, and the researchers involved say the data collected is stripped of personal information "as best as possible," but we're not keen on anyone peeping our cell stats. If you're an Android exhibitionist, however, you can sign up for the study at the source link below.
CrowdOptic could raise the bar for augmented reality apps
Augmented reality may be taking the next giant step forward with CrowdOptic, an app that will provide a graphic data overlay for live events. If you are at a concert (with the system in place), point the app at the stage and you'll get details like those in the picture above. Point it at a player in a sporting event, and real-time statistics about the player and the play will be displayed. In fact, point it at anything at a live event and take a picture; the details and context will be saved and can be shared through social networking sites. Once the CrowdOptic system is installed at a concert or sports venue, the magic happens through triangulation. At least two people need to be pointing their iPhones at the same thing, at the same time, and the GPS location, compass direction and time of day will be used to figure out the most likely image being viewed and display information on exactly that. The accuracy is dependent upon how many people are looking at the same thing. CrowdOptic has raised US$1 million to build the business and negotiate deals with professional sports and premier event concerns. Apps similar to this that work by focusing on static objects are in development, but according to CEO Jon Fisher, as reported to vatornews, "No technology can affect the pictures of these moving objects until now." As noted by Fast Company, CrowdOptic is aiming at concert, sporting and other live event promoters and advertisers who will pay dearly to display real-time information. CrowdOptic has already made a deal with a major (but undisclosed) sports management agency to use its services. Another deal was struck with Moon Express, a privately funded lunar transportation company which used it to track and tag altitude information for the April 9th launch of the Eureka Airship, proving that any moving object can be tracked. CrowdOptic intends to beta test the app at the Women's Tennis Association Tournament this summer. The service is being targeted as providing profitable analytics to promoters and marketers. CrowdOptic boasts that through tagging and photo-sharing pictures with hidden metadata embedded in each shot, campaigns originating with fans can provide a "social graph" of live events and how they went viral. Venues can display ticket discounts, along with merchandise and concession promotions. Sponsors can also display offers, such as free trials and test drives. This seems like a win-win for everyone involved. It's reasonable to assume the CrowdOptic app will be free to users, with the venues or organizers footing the bill. This looks like it will offer a valuable service for the user while harvesting useful and profitable data to the paying concerns. Keep your eye on this one. [via IBM A Smarter Planet]
Apple responds to congressional inquiry, details location data collection in 13-page letter
When Apple's latest privacy policy revealed the company could track any iPhone's location in real time, it threw some for a loop... including a pair of gentlemen from the US House of Representatives, who asked what Cupertino was up to. In a thirteen page letter dated July 12, Apple's legal counsel explains the whole matter away, while giving us a fascinating look into how the company collects -- and justifies collecting -- all that GPS data. Legally the defense is simple, as Apple claims users grant express permission via pop-up messages for every single location-based service and app, and if you don't care to be tracked, you can simply shut down location services globally or (in iOS 4) on a per-app basis in the phone's settings panel. Where it gets more interesting is when Apple explains what it actually collects, and who they share it with -- namely, Google and Skyhook, who provided location services to earlier versions of the operating system. In iOS 3.2 and beyond, only Apple has the keys to the database, and what's inside are locations of cell towers, WiFi access points, and anonymous GPS coordinates. None of these are personally identifying, as the company doesn't collect SSIDs or any data, and in the case of device coordinates they're reportedly collected and sent in encrypted batches only once every 12 hours, using a random ID generated by the phone every 24 hours that apparently can't be linked back to the device. In the case of iAd, Apple says coordinates don't even make it to a database, as they're immediately converted (by remote server) to a advertising-friendly five-digit zip code. Concerning location data collection for services other than iAd, there's still the little question of why, but we'll just leave you with Apple legal's quote on that subject after the break, and let you hit up the full document yourself at Scribd if you want the deep dive.
Regarding the IMEI tracking brouhaha
Late last night, we got word that Dan over at Uneasy Silence had discovered a URL embedded into two iPhone programs. The URL, which is formatted to include your iPhone's equipment ID (IMEI), apparently contacts Apple when you use the weather and stocks programs. TUAW took a look at these programs and can confirm that the URL appears in both. When we tried connecting to Apple, the URLs did not return any data, further supporting Dan's concern that these were used for tracking purposes. We tried with both valid IMEI numbers and spoofed ones. So is Apple using this data for nefarious tracking purposes? That point remains less clear. It's possible that Apple added this URL for future use to restrict data access to those iPhones with valid AT&T accounts--your IMEI gets registered with your phone number. It's also possible that Apple uses this URL to track activity, i.e. how much use per account for internal auditing. One thing that is very clear, as Dan points out, is that active iPhone users have consented to data collection in the end user agreement. Beyond that, what data is collected, and how it is used remains fuzzy. Perhaps Apple will now issue a statement clarifying the situation and put user fears to rest.Update; Gizmodo reports that sniffers detect no actual IMEI data being sent at this time. If you'd like to personally confirm the two URLs we found, you can easily do so by copying the two executables to your computer and issuing the strings command.
