Archive for the ‘Issues’ Category

FTC Investigates Data Brokers … What’s a Data Broker?

Posted: January 16, 2013 by IntentionalPrivacy in Privacy, Security or Privacy Initiatives
Tags: ,

A data broker is someone who collects information on people. Exactly where does a data broker get that information and what do they with the information once they have it? The easy answer is they get this information from a variety of sources— both public and nonpublic—and resell it to other companies.

The FTC is requiring nine data brokerage companies to explain how they get this information and what they do with it. The nine companies that the FTC is requiring answers from are:

  1.  Acxiom,
  2.  Corelogic,
  3.  Datalogix,
  4.  eBureau,
  5.  ID Analytics,
  6.  Intelius,
  7.  Peekyou,
  8.  Rapleaf, and
  9.  Recorded Future

In the US, information that is collected and used for credit, employment, insurance, or housing is protected by the Fair Credit Reporting Act (also known as FCRA). Medical information is protected by  the Health Information Portability and accountability Act (HIPAA). There are no laws that govern the privacy of other types of data that can be gleaned from public records and purchased from other companies. The FTC states that the collected information is used to benefit consumers in many ways, such as fraud protection, and that this collected information also enables companies to better market their products and services.

But what about privacy?

The FTC wants data brokers to give consumers more transparency, in other words:

  1. What information do data brokers collect?
  2. Where do data brokers collect it from?
  3. Who has access to the information collected? Where is the information stored and how is it protected?
  4. How can consumers see what information has been collected on themselves?
  5. If the information the data broker has collected is incorrect, how does a consumer fix it?
  6. Can consumers opt out of having their personal information sold by a data broker?
  7. What tools exist to help consumers?

You can find more information about this topic at the FTC website: http://ftc.gov/opa/2012/12/databrokers.shtm

In March, 2012, the FTC published a guide for businesses and policymakers entitled “Protecting Consumer Privacy in an Era of Rapid Change.” To access this guide, click this link: http://ftc.gov/os/2012/03/120326privacyreport.pdf

Don’t let Java run rampant in your browser!

Posted: January 14, 2013 by IntentionalPrivacy in Browser Vulnerabilities, Identity theft, Privacy, Uncategorized
Tags: , , , , ,

Oracle, maker of Java, does not have a good track record for fixing holes in Java. A new Java security hole that apparently targets Java 7 (however, some researchers think it also apparently targets  some versions of Java 6) was discovered recently. What options do you have for fixing the problem?

  1. The safest thing to do is to uninstall Java from your computer. If that’s too extreme, then uninstall Java plugins. KrebsOnSecurity has an article listing how to disable Java in Firefox, Internet Explorer, and Google Chrome, which you can access here https://krebsonsecurity.com/how-to-unplug-java-from-the-browser/
  2. If you need to use Java for some sites, then the safest thing to do is to use two browsers and disable the Java plugin for the browser you use most often. For example, disable Java in Firefox and use Internet Explorer for the sites that absolutely must use Java. If you decide on this solution, make sure you keep Java up to date.
  3. Another viable option is to use Firefox with the NoScript plugin, available at http://noscript.net/getit. NoScript allows you to choose when to allow JavaScript to run. NoScript can also block Flash Player, which is another problematic plugin.
  4. If you have a PC, make sure you run Secunia’s Personal Software Inspector available here http://secunia.com/products/consumer/psi/ at least weekly to keep up with any updates available for all of your programs.

This vulnerability affects Macs as well as PCs. Only visiting “safe” sites will not help you avoid this issue.

Oracle released an update to fix this issue last night.

Don’t wait! Save your computer, save your information.

Traveling with electronics

Posted: November 4, 2012 by IntentionalPrivacy in Issues, Traveling
Tags:

This article in the NY Times talks about why TSA treats laptops differently than smartphones, tablets, and netbooks when you’re going through airport security lines. http://travel.nytimes.com/2012/04/08/travel/the-mystery-of-the-flying-laptop.html?pagewanted=1&ref=travel

Seattle “Creepy Cameraman”

Posted: November 4, 2012 by IntentionalPrivacy in Issues, Privacy, Uncategorized
Tags:

Several online blogs have written about Seattle’s “Creepy Cameraman.” He takes videos of people in public places without asking their permission first. You can read about him and watch some of his videos here: http://www.geekwire.com/2012/seattles-creepy-cameraman-pushes-limits-public-surveillance/

The guy taking the videos reminds people who object that surveillance cameras are everywhere, as if that makes his videotaping without asking permission perfectly all right.

Would you allow someone to videotape you in public? What would you do to stop him or her? The people in the video who objected didn’t seem to make any difference to the cameraman. Should someone using a camera have to ask permission before filming a person going about their ordinary life in public–eating in restaurants, walking in malls, sitting in their cars?

What if the person is doing something–not illegal–but that they don’t want publicized? Possibilities include having an affair, getting medical treatment, going into a building of an employer’s competitor, gambling, drinking …

You might also want to check out these articles on Google’s Project Glass, also known as Google Goggles http://www.technologyreview.com/review/428212/you-will-want-google-goggles/ and http://venturebeat.com/2012/04/04/google-glass-augmented-reality/. The NY Times describes the project here http://bits.blogs.nytimes.com/2012/04/04/google-begins-testing-its-augmented-reality-glasses/. These glasses–as well as many other current electronic devices–would allow someone using them to photograph or videotape someone or something unobtrusively.

As technology changes so rapidly around us, the lines blur more around our personal privacy and security.

FTC Cellphone PROTECT Initiative

Posted: November 2, 2012 by IntentionalPrivacy in Cell phone, Identity theft
Tags: , ,

The FTC’s new program to help combat cellphone theft started on November 1, 2012. The major carriers–AT&T, Sprint, T-Mobile, and Verizon–have launched databases for stolen smart phones, so when a cellphone user reports that their cellphone has been stolen, that device will not be able to be used again. http://www.fcc.gov/document/announcement-new-initiatives-combat-smartphone-and-data-theft

The FTC advises cellphone users to lock their phones with a passcode to protect any information on their phone, use software to help locate lost devices and either install a remote-wipe application or enable the feature to remotely wipe a stolen device.

If your cellphone has been provided by your employer, look to them for guidance first.

For more information on how to better protect your cellphone, your provider should provide more information. Search their website using keywords such as “lock,” “locate device,” and “remote wipe.”

Here are a couple articles on what to do:

http://www.pcmag.com/article2/0,2817,2352755,00.asp

http://forums.att.com/t5/Apple-Community-Discussion/How-to-SECURE-YOUR-new-iPhone-4S-PLEASE-TAKE-THE-TIME-TO-READ-IT/td-p/3210869

I use Prey at https://preyproject.com/ to track my Mac and Windows laptops. Prey will also work for iOS, Linux, Ubuntu, and Android. While I don’t currently use a smart phone, when I had an Android (company supplied), I tried the Remote Wipe feature provided by our IT department and it worked perfectly. I also used the free version of Lookout for Android.

Barnes and Noble credit and debit card thefts

Posted: October 24, 2012 by IntentionalPrivacy in Identity theft
Tags: , ,

Thieves hacked into Barnes and Noble credit card swipe machines to steal credit and debit card data. According to http://abcnews.go.com/WNT/video/barnes-noble-customer-credit-card-info-stolen-17557470 B&N has removed all swipe machines from their stores nationwide.

This is not the first time such a theft has occurred. Last year, Michaels crafts stores were hit by a similar scam.

The FBI is investigating.

Facebook Like button snafu

Posted: October 24, 2012 by IntentionalPrivacy in Social media
Tags: , , ,

According to http://thenextweb.com/facebook/2012/10/04/facebook-confirms-it-is-scanning-your-private-messages-for-links-so-it-can-increase-like-counters/, if you send a message to someone and include a link to a website, Facebook will interpret that as a Like for that website, even though you might not like the website at all.

Privacy violations

Posted: October 24, 2012 by IntentionalPrivacy in Social media
Tags:

Be careful what you post on social media! This story in the Wall Street Journal shows how your privacy can be violated on Facebook, even if your privacy settings are properly set. http://online.wsj.com/article/SB10000872396390444165804578008740578200224.html#articleTabs_comments%3D%26articleTabs%3Darticle

Newer Entries