Articles from December 2011

So, as you might imagine, the buzz around Carrier IQ hasn’t exactly died down over the last week or two, and indeed we have several stories for you about the current hot topic in digital privacy…

First, apparently there was some question around or assertion that Carrier IQ had provided data to the FBI at some point…well, according to the company, that’s not the case, and if the Bureau had even asked for data, Carrier IQ would “refer them to the network operators because the diagnostic data collected belongs to them and not Carrier IQ.” Furthermore, it pointed out that the information its program collects isn’t a type that would be helpful to law enforcement, as it only logs historical and not real time data … [Washington Post]

And of course, you likely remember that as has become customary, Congress (specifically, Al Franken) had requested response from Carrier IQ regarding a number of questions it had about the service related to privacy. Well, we’re not shocked to report that Franken and Co. were less than satisfied by the company’s response. In particular, Franken asserted that Carrier IQ was indeed collecting contents of peoples’ text messages (even though it claims it did not), and the contents of users smartphone “online searches”… [Bloomberg]

And while we’re mentioning Congressional questions on Carrier IQ, mobile phone provider T-Mobile and manufacturer Motorola were also responsible for providing responses to such questions, and according to T-Mobile, it started putting the software on its users phones last August, and is currently installed on about 450k Android and Blackberry devices (nine specific devices have the software installed, and all are listed at the following link)… [GigaOm]

Lastly on the Carrier IQ front – consumer privacy advocate group the Electronic Frontier Foundation has apparently (with the help of a volunteer) created a program for parsing Carrier IQ data (he also reverse engineered the software in order to do this…ninja style) called IQIQ, which basically reveals what data the software is collecting on your phone. So, naturally, EFF wants you to voluntarily install this program and send it a report of what information the software is indeed logging about you so that it can create a “comprehensive library of these Profiles, and to know which ones were pushed to which phones at what times”… [EFF Deeplinks]

Now, while we’re done with Carrier IQ for the day, we’re still not done with mobile device tracking news – apparently Amazon recently patented a system that tracks where individual users or groups have been, as well as determine where they might go next in the context of targeting them ads, coupons, etc. relevant to those places… [CBS News]

Moving on to social networking and privacy – you probably remember not long ago we highlighted how Google+ introduced a facial recognition feature for helping users tag their photos, similar to what Facebook rolled out this past summer. The only distinction between the two (at least the only one relevant for our purposes) being that the G+ version of the feature was strictly opt-in for users. And apparently this distinction means the difference between ok and not ok for German Privacy Agency, Der Hamburgishche Beauftragte für Datenschutz und Informationsfreiheit… [Investor's Business Daily]

Now, as for Facebook, you probably remember that a few months back, the Irish Data Protection Agency launched an audit of Facebook’s data collection and privacy practices, in order to determine whether the service was/is in compliance with Ireland and the EU’s data protection policies. Well, apparently the net result of that investigation is basically that Facebook’s practices are mostly cool, although the Agency did make several recommendations… [Washington Post]

Might as well start with something we highlighted pretty heavily in our last post, Carrier IQ…

First, despite what may have been reported, the program that operates in the background of your smartphone apparently is not, in fact, “logging” the content of your text messages and emails. But that doesn’t mean it’s harmless, and indeed, the software can collect some information like length and status of a text or email, or the URL of a site someone visits on his/her phone. However, according to this post, it seems the threat of collecting that information lies on the mobile providers’ side, and we should potentially be more concerned with how those parties use the information they get from the program… [Threat Post]

Of course, despite the potential innocuous-ness of the program, at least one class action suit has been filed against “Apple, AT&T, Carrier IQ, HTC, Motorola Mobility, Sprint Nextel, Samsung, and T-Mobile USA” over it, alleging that the program violates the Federal Wiretap Act, Stored Electronic Communications Act, and Computer Fraud and Abuse Act…  [Mashable]

However, that’s not the only legal scrutiny Carrier IQ is currently under. Apparently, the program is being examined for its potential privacy violations by “organizations and regulators” in Europe (specifically mentioned are Germany’s Bavarian State Office for Data Protection, and an independent non-government UK entity, the U.K. Information Commissioner’s Office)… [PC World]

Moving on, but still filed under the potential for people other than yourself to read your communications without your consent – apparently Georgia Tech is currently working on developing a system to do just that. Of course, that in and of itself does not indicate any ill will, but the potential to “spy” on Americans is obviously innate in it… [Discovery]

Elsewhere, apparently early last week, Congress updated a 20+ year old privacy law to allow Netflix and similar services to share their users’ viewing history, with those users consents. The update basically now allows the services to obtain their users consent to such sharing through the web, as opposed to in print, which is what it previously required (written for a particular situation in 1988 when people still rented movies from an actual brick and mortar location)… [Ars Technica]

However, one thing the bill that passed doesn’t consider is that it grants Netflix and like entities blanket license to share ALL of the movies and TV shows users watch, rather than requiring their consent for each one individually… [NY Times]

So, apparently Google recently paid for a study into different web browsers (including its own Chrome, naturally), and how secure those browsers are. The results? Allegedly, Firefox was the worst of the three browsers studied, with Chrome coming in at #1, and Internet Explorer not far behind… [Forbes]

And while we’re talking about Google and privacy – you may remember a few months back, Facebook rolled out facial recognition technology to help users tag their friends in their photos. But, as has been the Facebook way (though due to its settlement with the FTC, it won’t be like that anymore), it opted all users in, rather than requiring them to opt-in to use the feature. Google did the opposite, however, when it rolled out the same feature for Google+ users last week… [PC World]

And since we’re mentioning Facebook, it seems like the logical place to point out that according to this report, the social network has decided to pull a “major corporate reorganization,” structuring its teams “around key product areas such as privacy and communication”… [All Things D]

One more Facebook mention for you – apparently the company has declined Congress’ invitation to participate in a “Teen Privacy Briefing” happening in Washington this Wednesday, saying that the company “regularly communicates with lawmakers about these issues.” Apparently to be discussed is a piece of legislation called the “Do Not Track Kids Act of 2011,” which aims to update the Children’s Online Protection Act (of 1998)… [All Facebook]

Finally, we haven’t heard from Anonymous (/LulzSecurity) in maybe a month, but don’t interpret its lack of presence among the headlines as an indication that it has hung up its collective keyboard. In a “retrospective” video, apparently the group attempted to create the impression that it plans to continue to “police” corporations in 2012… [Mashable]

So, you probably don’t even need to be following the digital privacy debate in order to have heard about this story, but last week it was revealed that a number of mobile carriers have been using an application called Carrier IQ. The program is apparently hidden from users, but logs every keystroke on your phone as well as every incoming text message, without your permission, and then sends at least some of that data to your mobile provider, in order to help your provider to optimize its network. We have a few stories this morning regarding this beast, but the best place to start is probably this kind of overview post from Mashable… [Mashable]

But while at first blush (and much of the coverage hasn’t done a lot to help this) it may seem extremely unnecessarily intrusive, maybe in reality it’s not as “evil” as you think (just a gentle reminder – what I mostly do here is summarize the perspective of others’ articles, and these views aren’t necessarily my own). If you think about the operating system of your PC or laptop, it also knows every keystroke and all of the content you’re viewing, even if it doesn’t necessarily share all of that with a 3rd party you haven’t authorized it to share with (this type of action is also common in diagnostic/debugging programs, although most of the time you authorize or initiate those applications voluntarily)… [Mashable]

Elsewhere in Carrier IQ blowback, apparently Germany’s data regulator, the “Bavarian State Authority for Data Protection” has asked Apple to address the privacy concerns/implications raised by all of the press on the application so far… [Bloomberg]

Either way, Apple has already committed to removing Carrier IQ from all future iPhones’ software. The company said it had already started doing so starting with its OS5, but that it would also stop supporting it for current iPhones running anything less than OS5. But if you’re an iPhone owner and don’t trust/don’t want to wait for that to happen, and want to know how to block the software now, this post also has you covered… [Mashable]

And of course, just as with basically every new privacy outrage, Congress has asked Carrier IQ to address “a number” of concerns over certain data collected by the program that may not necessarily be relevant to helping mobile carriers improve their networks’ performances, and to do so by next Wednesday… [Senator Al Franken via Boy Genius Report, and Gizmodo]

In other news regarding Congress and digital privacy, even though Amazon (and several interested consumer advocate groups) addressed the general privacy concerns/implications around its Kindle Fire web browser (called “Silk”), our old friend Congressman (and privacy maven) Ed Markey is still concerned. Less than satisfied with the answers Amazon gave, Markey said, “Amazon’s responses to my inquiries do not provide enough detail about how the company intends to use customer information, beyond acknowledging that the company uses this valuable information” [Representative Markey via PC World]

You may remember that the FTC and Facebook recently announced that they had reached a settlement in the Commission’s investigation of how Facebook handles user privacy. Well, while that’s certainly a step in the right direction, in that it subjects Facebook to FTC oversight for (at least) the next 20 years, and for all future updates with privacy implications to be opt-in for users, it was otherwise pretty late to the party (in the sense that there have been numerous changes affecting privacy over the last few years that basically go unaddressed and unpunished)… [TechCrunch]

And finally, piggybacking on the concept of FTC regulation – here’s a discussion of five ways we have currently tried to control/protect privacy for users on the web and on mobile, and the good and bad aspects of each… [paidcontent.org]

So, we’ve got several pieces of news regarding Facebook this morning, but undoubtedly the biggest is that it has settled with the FTC over charges that it basically did what everyone thinks it has done – “allowing potentially sensitive details to be passed along to advertisers and software developers prowling for customers” without their explicit consent (among other things). Pursuant to the settlement, Facebook agreed to submit to FTC investigation every year for the next 20 years, as well as changing its service so that users must explicitly opt-in to any changes that effect their privacy in the future… [MSNBC]

And just in case you’re interested, here’s Facebook Founder and CEO Mark Zuckerberg’s blog post highlighting the agreement with the FTC and the related changes for Facebook users… [Facebook]

And if you’re also interested in what the FTC itself had to say, here’s its announcement of the agreement… [FTC]

Next, as you probably already know, if you’ve been following along at home, the European Commission, specifically the Commission’s VP, Viviane Redding, has been hot on Facebook’s tail for a while now. And the other day, apparently Redding/the Commission said that Facebook isn’t doing enough to protect users identities from advertisers (here’s the actual article in which they said it), although as this post points out, it doesn’t seem like they fully grasp how Facebook’s advertising (which doesn’t reveal users identities) works… [TechCrunch]

Nevertheless, (if you don’t feel like reading the actual article linked to in the description above) it appears the EU is actually set to impose a regulation on Facebook that will require it to reveal to users what data it is collecting on them and how Facebook is using it (I would hope the focus is more on the latter since any Facebook user should know what info he/she is volunteering about himself/herself)… [Mashable]

And the last link on the subject – apparently Redding also said (regarding the need for EU-wide regulatory authority on privacy) that “the authorities responsible for data protection must be provided with sufficient powers to enforce the law and they must have sufficient resources to exercise their powers”… [Bloomberg]

Now, for something that isn’t about Facebook, Europe, or some combination thereof – apparently the security company TRUSTe recently did a survey of digital privacy policies and revealed several interesting details. First, apparently only 2% of privacy policies are “optimized” for mobile (ie, they address the privacy implications of mobile data vs. just web data). But also, only 7% “explain how long they store your data for,” and only 32% tell you how to permanently delete your account and the corresponding data… [TechCrunch]

Finally, as you may know, the “online advertising industry” recently announced a “plan” or at least an idea regarding how to give people the power to control what information advertisers can gather on them, as well as how they might use that information, which is basically a site that shows the user all of the different advertisers/networks that are collecting data on them, and gives them options to control what those advertisers/networks can/can’t use to target relevant ads to them. However, as this article notes, this proposal may not be ideal in that the way users “opt out” is by having a cookie installed in their browser that indicates they have opted out, but this cookie gets deleted every time a user clears his/her browser’s cache. Also, it doesn’t stop the data collection itself, and most people may not even know they have the power to control what info advertisers collect on them, let alone actually take steps to do so. But perhaps more importantly, it “does not address more fundamental issues such as who owns data…or how I can even find out this information in the first place,” and also neglects to address how long advetisers might retain user data or impose any restrictions on the resale of data to other 3rd parties. Plus, it’s only voluntary for advertisers… [paidcontent.org]