New Years Resolutions in Personal Data Security
December 22, 2015
The article on ITProPortal titled What Did We Learn in Records Management in 2016 and What Lies Ahead for 2016? delves into the unlearnt lessons in data security. The article begins with a look back over major data breaches, including Ashley Madison, JP Morgan et al, and Vtech and gathers from them the trend of personal information being targeted by hackers. The article reports,
“A Crown Records Management Survey earlier in 2015 revealed two-thirds of people interviewed – all of them IT decision makers at UK companies with more than 200 employees – admitted losing important data… human error is continuing to put that information at risk as businesses fail to protect it properly…but there is legislation on the horizon that could prompt change – and a greater public awareness of data protection issues could also drive the agenda.”
The article also makes a few predictions about the upcoming developments in our approach to data protection. Among them includes the passage of the European Union General Data Protection Regulation (EU GDPR) and the resulting affect on businesses. In terms of apps, the article suggests that more people might start asking questions about the information required to use certain apps (especially when the data they request is completely irrelevant to the functions of the app.) Generally optimistic, these developments will only occur of people and businesses and governments take data breaches and privacy more seriously.
Chelsea Kerwin, December 22, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Internet Sovereignty, Apathy, and the Cloud
December 21, 2015
The OS News post titled Dark Clouds Over the Internet presents an argument that boils down to a choice between international accord and data sharing agreement, or the risk of the Internet being broken up into national networks. Some very worked up commenters engaged in an interesting discussion that spanned government overreaching, democracy, data security, privacy, and for some reason, climate change. One person summarized their opinion thusly:
“Best policy: don’t store data with someone else. There is no cloud. It’s just someone else’s computer.”
In response, a user named Alfman replied that companies are to blame for the current lack of data security, or more precisely, people are generally to blame for allowing this state of affairs to exist,
The privacy issues we’re now seeing are a direct consequence of corporate business models pushing our data into their central silos. None of this is surprising except perhaps how willing users have been to forgo their own privacy. Collectively, it seems that we are very willing to give up our rights for very little in exchange… makes it difficult to achieve critical mass around technologies promoting data independence.”
It is hard to argue with the apathy factor, with data breaches occurring regularly and so little being done by individuals to protect themselves. Good thing these commenters have figured it all out. Next up, solving climate change.
Chelsea Kerwin, December 21, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Big Brother GPS
September 9, 2014
With rising living costs, people are trying to cut back on their expenses. One of the ways they are reducing costs is by allowing their auto insurance companies to monitor their driving habits for a discount. Science Daily highlights a Rutgers University study called “How Fast You Drive Might Reveal Exactly Where You Are Going.” What these drivers do not know is that they are revealing where they are driving. Cue the privacy concerns.
The study found that even without a GPS device, a driver reveals where they are going based off how fast they drive. When you put dollar signs in someone eyes, however, they will probably forego some of their privacy rights. Companies claim they are not compromising privacy, but the data they track can be extrapolated to show a driver’s destination.
“The technique, dubbed “elastic pathing,” predicts pathways by seeing how speed patterns match street layouts. Take for example, a person whose home is at the end of a cul-de-sac a quarter mile from an intersection. The driver’s speed data would show a minute of driving at up to 30 miles per hour to reach that intersection. Then if a left turn leads the driver to a boulevard or expressway but a right turn leads to a narrow road with frequent traffic lights or stop signs, you could deduce which way the driver turned if the next batch of speed data showed a long stretch of fast driving or a slow stretch of stop-and-go driving. By repeatedly matching speed patterns with the most likely road patterns, the route and destination can be approximated.”
The article argues that insurance companies are not doing anything wrong, but they should not advertise that the speed devices are not collecting private information. It is even suggested that insurance companies consider using alternative speedometer readings for better privacy protection. Just wait a few years for this to make more headlines or a court case could subpeona the information. It is only a matter of time.
Whitney Grace, September 09, 2014
Sponsored by ArnoldIT.com, developer of Augmentext
Hidden from Google: Interesting but Thin
July 15, 2014
I learned about the Web site Hidden from Google. You can check out the service and maybe submit some results that have disappeared. You may not know if the deletion or hiding of the document is a result of the European Right to Be Forgotten action, but if content disappears, this site could be a useful checkpoint.
Here’s what the service looks like as of 9 21 am Eastern on July 15, 2014.
According to the Web site:
The purpose of this site is to list all links which are being censored by search engines due to the recent ruling of “Right to be forgotten” in the EU. This list is a way of archiving the actions of censorship on the Internet. It is up to the reader to decide whether our liberties are being upheld or violated by the recent rulings by the EU.
I noticed that deal old BBC appeared in the list, a handful of media superstars, and some Web sites unknown to me. The “unknown” censored search term is intriguing, but I was not too keen on poking around when I was not sure what I was seeking. Perhaps one of the fancy predictive search engines can provide the missing information or not.
When I clicked on the “source” link sometimes I got a story that seemed germane; for example, http://bbc.in/1xhjKyK linked to one of those tiresome banker misdeed stories. Others pointed to stories that did not seem negative; for example, a guardian article that redirected to a story in Entrepreneur Magazine. http://bit.ly/1jukI7T. Teething pains I presume or my own search ineptness.
I did some clicking around and concluded that the service is interesting but lacks in depth content. I looked for references to the US health care Web sites. I am interested in tracking online access to RFPs, RFQs, and agreements with vendors. These contracts are fascinating because the contractors extend the investigative capabilities of certain US law enforcement entities. Since I first researched the RAC, MIC, and ZPIC contractors, among others, I have noticed that content has become increasingly difficult to find. Content I could pinpoint in 2009 and 2010 now eludes me. Of course, I may be the problem. There could be latency issues when spiders come crawling. There can be churn among the contractors maintaining Web sites. There can be many other issues, including a 21st century version of Adam Smith’s invisible hand. The paw might be connected to an outfit like Xerox or some other company providing services to these programs.
Several questions:
First, if the service depends on crowdsourcing, I am not sure how many of today’s expert searchers will know when a document has gone missing. Unless I had prior knowledge of a Medicare Integrity Contractor statement of work, how would I know I could not find it? Is this a flaw the site will be able to work around.
Second, I am not sure the folks who filled out Google’s form and sent proof of their wants an archive of information that was to go into the waste basket. Is there some action a forgotten person will take when he or she learns he or she is remembered?
Third, the idea is a good one. What happens when Google makes its uncomfortable to provide access to data that Google has removed? Maybe Mother Google is toothless and addled with its newfound interest in Hollywood and fashionable Google Glass gizmos. On the other hand, Google has lots of attorneys in trailers not too far from where the engineers work.
Stephen E Arnold, July 15, 2014
People Are Uncomfortable With Google Glass
May 1, 2014
Not only is Google Glass a fashion faux pas; it is also a privacy concern. In CNET’s article,” 72 Percent Say No To Google Glass Because of Privacy,” a poll from Toluna reported that 72 percent of people did not want to buy the Google accessory because of privacy concerns. People are worried about filming, photography, hacking, distraction, and also being mugged (the device has a hefty price tag).
There are many instances where Google Glass wearers have been asked to remove the device, refused, and were met with hostile actions. In response, Google released a guide to help wearers not be Glassholes (the new term for these trend setters). Others are more worried that Google Glass poses a threat to the ever-increasing distractions people are facing with their phones and tablets.
The article proposes this idea:
“Perhaps it’s just another instance of a tech company putting a product out there in the hope — or zealous insistence — that it will be well-received, rather than considering some of the real consequences when it comes up against the beliefs and habits of real people.”
So are people ready for a device like the Google Glass? Will it become one of those old technology devices you find at thrift stores and have to explain to your children what it was used for? Or is it the start of a new trend that people will come to accept within time? Oh Google Glass, all the problems you are causing!
Whitney Grace, May 01, 2014
Sponsored by ArnoldIT.com, developer of Augmentext
DuckDuckGo Swimming Pretty Following Privacy Revelations
February 10, 2014
A fellow online water-fowl has seen a huge jump in usage since last year’s revelations about NSA activity. At least someone is benefiting from the whole kerfuffle. The Independent reports, “DuckDuckGo Hits 1Bn Annual Searches: Non-Tracking Search Engine Boosted by Privacy Fears.” The emphasis the search service has always placed on anonymity almost seems presentient now. Did they know it was just a matter of time?
Writer James Vincent tells us that last year was, by far, DuckDuckGo‘s biggest year to date with over a billion searches performed. He shares a chart that tracks Ducky usage from July 2010 to January of this year. The leap from July ’13 to present is impressive; usage more than doubled in the months following Snowden’s famous efforts. The folks at the site are seizing the limelight, and say that this year they plan to incorporate user feedback into the site’s functionality. That’s a good thing; frankly, I only use the site when researching sensitive information, like health or financial issues. I find that, usually, Google and Bing are more likely to give me the info I’m looking for. Maybe it’s just me.
I think it is important to recognize that privacy is not the only reason to use an anonymous search service. The other reason (and the one I’m more concerned about) is the fight against the rapidly-multiplying, conformation-bias-promoting echo chambers that have infected our society’s discourse in recent years. The article explains:
“[DuckDuckGo CEO Gabriel] Weinberg notes that when a search engine tracks users’ queries, the information not only created profiles to sell to advertisers but also shapes results to fit their own natural bias. This effect is known as the ‘filter bubble’. For example, if a user searches for new stories regarding recent events they might consistently click on reports from sites with a particular political bias. A search engine would take note that these sites are more popular and stop offering other results. ‘That is being trapped in a filter bubble and seeing only points of view that one agrees with, and less and less opposing viewpoints,’ said Weinberg.”
Vincent observes that the search site has a long, long way to go before it is a direct threat to Google, which processes over a billion searches per day. Still, the growing concern over privacy should not be taken lightly.
Cynthia Murrell, February 10, 2014
Sponsored by ArnoldIT.com, developer of Augmentext
Users Seek Private Search Options After NSA Revelations
November 20, 2013
This is certainly no surprise. CSO reveals, “People Flock to Anonymizing Services After NSA Snooping Reports.” Writer Grant Gross highlights several anonymous search services that have seen usage soar since certain NSA practices have come to light. DuckDuckGo is on the list, as well as Tor and mobile solution Silent Circle. The brand new Disconnect Search saw over 400,000 searches within four days of its launch. Clearly, many people are beginning to cover their virtual tracks. But is it pointless, after all? The article points out:
“Disconnect Search’s FAQ includes information about possible government searches. ‘The reality is the U.S. government may force us to begin logging the search queries of a particular user or group of users,’ the FAQ said. ‘If served with a court order that includes a non-disclosure provision, we may not be able to tell our users about this change for some period of time, possibly forever. And the U.S. government may also have other methods of monitoring user searches which Disconnect Search cannot prevent.'”
Though we now know several prominent firms quietly complied with NSA demands to fork over their records, at least one search service has elected to fold rather than cave. Lavabit made the tough choice to shut down their decade-old organization rather than comply with. . . something. Owner Ladar Levison’s explanation, which is all that is left of the site, laments that he can’t tell us exactly what was demanded of him, but his frustration and ire are apparent in the strongly worded note. He writes:
“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise.”
So, there’s that. Not exactly encouraging for fans of privacy. Lavison seems to hold at least a sliver of hope for a favorable verdict as Lavabit takes their fight to court. Is even that too optimistic?
Cynthia Murrell, November 20, 2013
Sponsored by ArnoldIT.com, developer of Augmentext
LucidWorks and Search: Spying an Issue
November 3, 2013
If you are tracking the evolution of open source enterprise search vendors, you may want to read “Enterprise Search Technology: Leading the Battle against Internal Threats without Sacrificing Employee Privacy.” In my years of covering the intersection of enterprise search, I marvel at a fresh conflation. In my talk next week at the search conference in Washington, DC, I may ask the audience about this issue. Until then, consider the LucidWorks’ viewpoint. Fascinating. Fascinating indeed. search continues to move in new and surprising directions. For case studies of vendors who have pioneered new directions in search, check out the case studies at www.xenky.com/vendlor-profiles.
Stephen E Arnold, November 3, 2013
Disconnect for Privacy Online
October 22, 2013
Interesting. If this works as advertised, we may no longer need to keep track of which search engines track users and which don’t: Disconnect Search promises to decouple your information from all of your searches. This development is a new addition to the Disconnect site, which already offered a browser extension to protect privacy while surfing the web. The video on the homepage, just over a minute long, describes their services. Their About page tells us:
Why Disconnect
Your personal info should be your own. But today thousands of companies invisibly collect your data on the Internet, including the pages you go to and the searches you do. Often, this personal data is packaged and sold without your permission.
What we believe
Understanding online data collection and controlling access to your personal info should be easy. You should be free to move about the Internet without anyone looking over your shoulder and without fear that your online activity might be analyzed, your searches scrutinzed, or your security compromised.
You can use Disconnect by going through their site, or you can install their tool in your address bar. They also offer a Wi-Fi encryptor to protect data shared with other sites, like Facebook, LinkedIn, Yahoo, Twitter, and Google‘s ecosystem. Another tool is called Disconnect Kids, though its features seem like they would appeal to adults as well. This tool specifically prevents data about activities performed on iPhones and iPads from leaving those devices.
Check out the site for more details on how Disconnect works. The company was founded in 2011, and is headquartered in Palo Alto, California. They say their top priority is to facilitate change in the way personal information is handled online. Disconnect proudly sports their B Corp certification, and functions on contributions.
Cynthia Murrell, October 22, 2013
Sponsored by ArnoldIT.com, developer of Augmentext
DuckDuckGo Not Entirely Free Of Big Brother
August 18, 2013
Big Brother Google tracks your data and shares it with the National Security Agency (NSA). As citizens we value our privacy and many of those concerned have switched over to DuckDuckGo to keep their browsing data a secret. That does not mean, however, that the NSA is not still tracking you. Read over the Ether Rag’s blog post: “DuckDuckGo: Illusion Of Privacy” for how the alternate search engine is required to comply with certain laws.
Under the Communications Assistance for Law Enforcement Act (CALEA), DuckDuckGo can be forced to release your Internet history. Also DuckDuckGo only protects its users from third party, not NSA spy drones. Can they prevent the NSA? Yahoo tried and lost their case.
The NSA will try to stop what it does not like and will do what it needs to do according to the agency’s purpose.
“This is not an indictment of DuckDuckGo per se. Except in as far as they are taking advantage of the hysteria to their own ends. Every provider needs to be upfront with saying, ‘If it is indeed true that the NSA is monitoring our ingress/egress traffic, we can make no guarantee of privacy regardless of encryption or other efforts on our part.’ In the larger picture, this is the crux of the problem not just for DuckDuckGo, but the internet as a whole. Until and unless agencies like the NSA are forbidden from conducting dragnet collection and analysis of data, there can be no privacy. Privacy is merely an illusion at this point.”
Can anybody else say great sarcastically? What is there do to at this point? Use DuckDuckGo and do not do anything to incite the NSA’s wraith.
Whitney Grace, August 18, 2013
Sponsored by ArnoldIT.com, developer of Beyond Search
-
- Subscribe to Beyond Search
Feature archive
News archive
-
