Privacy Erosion with CIQ & Smart City Wars! Jan 5/11
Are You Being Tracked?
8 Ways Your Privacy Is Being Eroded Online and Off
A series of ongoing battles delineate the boundary of what, in the digital age, is personal, private life and information.
December 28, 2011
In a recent hearing before the Senate Judiciary Committee, Sen. Al Franken reminded his fellow Americans, "People have a fundamental right to control their private information." At the hearing, Franken raised an alarm about Carrier IQ's software, CIQ.
Few people have ever heard about CIQ. Running under the app functions, CIQ doesn't require the user's consent (or knowledge) to operate. On Android phones, it can track a user's keystrokes, record telephone calls, store text messages, track location and more. Most troubling, it is difficult to impossible to disable.
Carrier IQ, located in Mountain View, CA, was founded in 2005 and is backed by a group of venture capitalists. Its software is installed on about 150 million wireless devices offered through AT&T, HTC, Nokia, RIM (BlackBerry), Samsung, Sprint and Verizon Wireless. It runs on a variety of operating systems, including the Apple OS and Google's Android (but not on Microsoft Windows).
At the hearing, Sen. Franken questioned FBI director Robert Muller about the FBI's use of CIQ software. Muller assured the senator that FBI agents "neither sought nor obtained any information" from Carrier IQ.
Following Muller's Senate testimony, Andrew Coward, Carrier IQ's VP of marketing, told the Associated Press that the FBI is the only law enforcement agency to contact them for data. The FBI has yet to issue a follow-up "clarification."
CIQ is emblematic of a growing number of ongoing battles that delineate the boundary of what, in the digital age, is personal, private life and information. In this era of 0s and 1s, of globalization and instantaneous communications, what it means to be a person seems to be both expanding and contracting. The battle over personal privacy is as old as the nation and as contemporary as the latest tech innovation. Eight fronts in this battle delineate personal privacy in the digital age.
The Carrier IQ controversy exposed the long-festering problem of the Unique Device Identifiers (UDID), 40-digit-long strings of letters and numbers that distinguish one device from another. Most troubling, it cannot be blocked or removed by a user. (A report by the Electronic Freedom Foundation details how CIQ works.)
Sen. Franken's hearing took place a few weeks after Trevor Eckhart, a security researcher, exposed the extent of information accessible by the CIQ software; Eckhart works for a firm that is a potential rival to Carrier IQ. Nevertheless, his findings are disturbing.
According to the company, its software is designed to improve mobile communications. CIQ is used to help businesses with GPS tracking of mobile devices and coordinate employee travel. The company initially denied there was anything suspicious about its software. Further analysis revealed a bug that allowed SMS messages to be captured.
Making matters worse, Carrier IQ attempted to silence Eckhart with a cease-and-desist letter, demanding he replace his analysis with a statement disavowing his research. Bowing to online pressure, the company withdrew the letter.
In the wake of the mounting scandal, most of the nation's leading wireless providers are modifying how they implement CIQ. (For an excellent recap of the controversy and a status report on which carriers and phones employ CIQ, check out Brad Molen's article in Engadget.)
Carrier IQ is not the only company being challenged over alleged tracking. Earlier this year, two suits were filed challenging Apple over how it collects and exploits data gathered from users of its mobile devices. (See #5 below.) In addition, comScore, the online analytics firm, is being sued for allegedly collecting Social Security numbers, credit card numbers, passwords, and other data from unsuspecting consumers. Its software allegedly "modifies a computer's firewall settings, redirects Internet traffic, and can be upgraded and controlled remotely."
2. Reading, Watching and Hearing
One of the oldest fronts in the battle over personal privacy involves the cultural and intellectual media. This includes the books, newspapers and magazines people read; the movies, TV shows and videos they watch; the radio shows and music they listen to; and the live events they attend. Traditionally, these have been battlegrounds over which the great "analog" content wars of previous centuries were fought. They continue to be fought today.
Historically, librarians, civil libertarians, commercial interests and ordinary consumes have fought these battles. They challenged obscenity laws, and with the Supreme Court's 1933 ruling on James Joyce's Ulysses, protected what adults could read. However, the Pacifica-Carlin decision of 1978 restricted over-the-air free speech with the imposition of family listening hours and the "seven dirty words" restriction.
Earlier this year, after seven years of litigation, the 3rd U.S. Circuit Court of Appeals in Philadelphia ended the FCC's thankless effort to censor CBS over showing Janet Jackson's exposed nipple during the 2004 Super Bowl. However, in 2009, the Supreme Court ruled it was permissible for the FCC to require over-the-air broadcasters to restrict "fleeting expletives" and to establish "safe haven" for family programming. The Court is expected to rule this term on FCC regulation of primetime TV indecency rules.
Against this traditional paradigm of U.S. media consumption, there has been a literal explosion in the availability of online digital content. Today, much of what is read, watched or heard comes from a zillion blogs and YouTube videos, untold online versions of newspapers, magazines, journals and e-books as well as videos in every imaginary form and flavor.
The explosion of online content has expanded the scope and scale of the battle over personal privacy. In 2009, the Supreme Court refused to hear an appeal of the federal District Court in Philadelphia rejection of the Child Online Protection Act (COPA), limiting the FCC's efforts to impose online censorship.
3. Records of Reading and Watching
Americans have long insisted that their personal library records and video rental records should be considered private, not be made public for either political or commercial purpose.
In the wake of the 9/11 attacks, traditional safeguards regarding library records were ended with the passage of the USA Patriot Act. In 2003, Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing Act (i.e., CAN-SPAM Act) requiring senders of unsolicited commercial e-mail messages to label them and provide an opt-out procedure.
Amidst the contentious 1987 battle over Robert Bork's nomination to the Supreme Court, a newspaper published his video rental records. Congress acted quickly, passing the Video Privacy Protection Act (VPPA) of 1988. Because of this act, the scandalous 1991 Senate Supreme Court confirmation hearing of Clarence Thomas was spared from considering the nominee's video rental records.
Efforts are now underway in the House to "revise" VPPA to meet the new marketing needs of Facebook and Netflix. The new legislation would enable a "video tape service provider may obtain a consumer's informed, written consent on an ongoing basis and that consent may be obtained through the Internet."
4. Children's Privacy
In the wake of challenges to COPA, Congress passed in 2000 the Children's Online Privacy Protection Act (COPPA) to prohibit the collection of children's online personal information without parental consent.
Over the last decade, the Federal Trade Commission has brought numerous claims against a variety of companies and Web sites for violating the Act. Four cases are illustrative:
Playdom, including some 20 social networking and virtual worlds sites like Pony Stars, 2 Moons, 9 Dragons, Age of Lore, and My DIva Doll – for collecting children's names, ages and e-mail addresses and for allowing children to post personal information online without getting parents' consent; Disney acquired the company and agreed to pay a $3 million settlement.
Skid-e-kids, a social networking site that allows children ages 7-14 to create profiles, upload pictures and videos, and become friends and to send messages to other members – for collecting personal information from approximately 5,600 children without obtaining prior parental consent.
Sony Music, relating to 196 of its online music sites -- for collecting personal information from at least 30,000 children under 13 years of age; it agreed to pay a $1 million fine.
W3 Innovations, relating to its Broken Thumbs App mobile games for children like Emily's Girl World, Emily's Dress Up, and Emily's Runway High Fashion -- for collecting user information without the consent of minors; settled a $50,000 fine.
This is one of the only fronts in which the federal government is moving aggressively to protect privacy.
5. Commercializing Private App Info
Growing concern over Unique Device Identifiers (UDID) was raised earlier this year in two separate suits against Apple for enabling applications on the iPhone and iPad to transmit personal information to advertisers without the user's consent.
One suit claims that Apple lets advertisers track what apps users download, how long the programs are used and how often used. The other suit argues that app owners sell user information to ad networks, including users' location, age, gender, income, ethnicity, sexual orientation and political views, without their consent. Among the co-defendants with Apple are Pandora, Paper Toss, the Weather Channel and Dictionary.com.
The FTC is also reported to be investigating whether mobile marketing firms violated computer fraud laws by collecting and/or transmitting user information without properly disclosing what they were doing.
6. Monitoring E-mail and Voice Communications
The original Electronic Communications Privacy Act (ECPA), enacted in 1986 and amended by the 1994 Communications Assistance to Law Enforcement Act (CALEA) and subsequently superseded by the Patriot Act, prohibited a third party from intercepting or disclosing communications without authorization. It also limited the protection of e-mail and other messages to 180 days.
When one subscribes to Google's Gmail services, one enables Google to undertake "content extraction" monitoring of key words and concepts on all incoming and outgoing e-mails. Google, which controls an estimated 70 percent of online advertising, monitors e-mail in order to target the advertising to the user.
However, according to the Electronic Privacy Information Center (EPIC), Gmail violates the privacy rights of nonsubscribers. Google neither warns nonsubscribers of the monitoring, nor seeks their consent. EPIC warns that Gmail may violate Fourth Amendment legitimate expectation of privacy.
Google Voice service is also subject to similar content extraction monitoring.
7. Social Connectivity
In 2009 and 2010, consumer and privacy organizations raised concerns to the FTC about Facebook's users privacy settings. These settings made a user's personal information, such as Friend lists and application usage data, more widely available to the public and to Facebook's business partners. In November, Facebook agreed to FTC terms to change its privacy settings without the affirmative consent of users. However, these changes do not meet the tougher recommendation of EPIC and other groups; for example, they do not restore users' privacy settings to pre-2009 levels.
According to the Los Angeles Times, "the ads basically turned LinkedIn users into cheerleaders for businesses. They used individuals' names and photos to promote products or services that the individuals had recommended or companies they followed."
Faced with significant protest, LinkedIn revised its privacy configurations to give users more control of their personal information.
In May, President Obama extended the Patriot Act for four more years, renewing the federal government's powers to search records and conduct roving wiretaps in pursuit of terrorists. "It's an important tool for us to continue dealing with an ongoing terrorist threat," Obama said.
Three aspects of the widening net of state security monitoring of Americans involve the use of drones, GPS tracking, "smart" drivers licenses and the increasing use of face recognition capabilities.
In December 2011, North Dakota law enforcement officials raided a remote farm seeking six missing cows. Using a military-like assault plan, local police got help from the state highway patrol, a regional SWAT team, a bomb squad, ambulances and deputy sheriffs from three other counties. They also employed a Predator B drone. The military-like campaign resulted in the arrests of Susan and Rodney Brossart and seven of their children. This is the first known arrest of U.S. citizens with help from a Predator drone.
Congress first authorized U.S. Customs and Border Protection (CBP), an arm of the Department of Homeland Security, to buy unarmed Predators in 2005 to provide "interior law enforcement support." Both the FBI and the U.S. Drug Enforcement Administration have used Predators for domestic investigations.
The Federal Aviation Association restricts the use of drones in domestic air space. However, it plans to revise this policy, likely leading to a significant increase in drone surveillance in 2013 or 2014.
In November, the Supreme Court heard a case involving the police warrantless placing of a GPS tracking device on a suspect's car. Many argued this act violated Fourth Amendment protections.
The U.S. and Canadian governments are inserting passive Radio Frequency ID chips into Compliant Enhanced Driver Licenses (EDL); they are standard in New York State. These licenses emit a random identifier whenever it comes into a reader device's range, including Canadian and American border-security databases and displaying the owner's personal information.
Senator John D. Rockefeller, D-West Virginia, has requested that the FTC assess how extensively facial recognition technology is being used. He is concerned that it violates personal privacy. The senator was alarmed by the use of the mobile app SceneTap which "tracks the male/female ratio and age mix of the crowd [in bars]" as well as by digital ads at the Venetian Resort in Las Vegas that are tailored to the person standing in front of the display. Both are based on recognition of that person's age and gender.
Each individual inhabits many identities, whether as a social being (e.g., a citizen), part of a commercial exchange (e.g., a worker and consumer) or as a private self (e.g., alone and/or in a relation). The lines separating these aspects of identity are eroding.
In the digital age, the lines between the social, the commercial and the private continually blur. An ever-growing universe of people, corporations and government entities know the most intimate digital detail of each person's life. Making matters worse, we live in a society that turns the most private aspect of personal life into a commodity, a profitable commercial product.
Personal privacy is an elusive notion, made especially so in the digital age. Privacy is not an enumerated right in the Constitution or the Bill of Rights, but rather an "implied" right extending from aspects of the First (the right of speech and assembly), Third (the prohibition of quartering soldiers), Fourth (the limit to search and seizure) and the Fifth (the prohibition against self-incrimination) Amendments.
Today's legal climate is shaped by a confusing mess of legislation and court decisions. Among these are the Freedom of Information Act (1966), the Privacy Act (1974) and the Electronic Communications Privacy Act (1986), amended by the Communications Assistance to Law Enforcement Act (1994). The Patriot Act (2001), reauthorized in 2006 and 2011, supersedes these earlier legislations.
There are two fronts in the privacy battles: One covers personal information collected by the government; the other involves personal data collected by private information brokers that might be used by corporate marketers or law enforcement agencies. The separation between these two fronts is eroding.
According to a Washington Post study, nearly 4,000 federal, state and local organizations, "each with its own counterterrorism responsibilities and jurisdictions," monitor Americans. Nearly a quarter of these entities was created since 9/11 or took up the counterterrorism campaign since then.
Americans surrender vast amounts of their individual data through everyday online interactions. Whether making a cell call, sending an email or tweet, networking via Facebook or making a credit card purchase at a retail store, a person's privacy is compromised at every turn. Private data brokers, such as Acxiom, ChoicePoint and Seisint (LexisNexis), aggregate online information and merge it with "public source" data from government records, including courthouse and criminal records. These companies have their roots in direct marketing and credit verification, but they are now used extensively by law enforcement and homeland security.
In the era of the Patriot Act and the inability of traditional protections to safeguard information collected by commercial data brokers, more and more people, including legislators, are worried about the future of personal privacy. The growing number of FTC cases and legal suits involving the misuse of personal data exemplify the seriousness of the situation. In response, a number of efforts are underway to check the combined corporate and government digital colonization of people's personal lives.
The ACLU has undertaken a large-scale effort, involving 35 affiliates in 32 states across the country, to determine from local law enforcement agencies when, why and how they are using cellphone GPS location data to track Americans.
A number of efforts have been underway in Congress to address the erosion of personal privacy. In 2010, it enacted the Restore Online Shoppers Confidence Act designed to protect consumers from "data passing." Data passing involves consumers unknowingly authorizing a merchant to transfer the consumer's payment information to another merchant for a separate online sale without otherwise requiring the consumer to reenter payment information.
In April 2011, and in an uncommon example of bi-partisanship, Senators John McCain (R-AZ) and John Kerry (D-MA) introduced the Commercial Privacy Bill of Rights Act designed to establish a framework to protect personal online information. It is intended to provide customers with security and accountability, with the right to know how third parties are using their information. Its passage is in doubt.
In June, and in another effort at bi-partisanship, Senators Ron Wyden (D-OR) and Mark Kirk (R-IL) drafted the Geolocation Privacy and Surveillance (GPS) Act. It would require government agencies to obtain a warrant before monitoring U.S. citizens.
One of the great paradoxes of the online experience is that the more online connectivity becomes social, becomes shared between select friends and global others, sometimes involving millions of people, the more people as individuals are robbed of their personal privacy. Obviously, technology enables this process, but it is corporate practice and lax regulation (and enforcement) that facilitate the commercialization that erodes personal privacy.
David Rosen is a regular contributor to CounterPunch, Filmmaker Magazine and the Brooklyn Rail. He can be reached at email@example.com .
Smart City Wars Agenda 21 Jan 3/11
Smart utility grids are only one portion of a larger, more complex Smart City grid.
A nation’s pulse can be felt through the real estate market. That is one reason I subscribe to Trulia. Trulia is an online service for people looking to buy and sell real estate. Properties are listed on the site for sale and updates are sent to subscribers whenever new properties are listed. This afternoon I received an email with the following trend forecast:
…when it comes to looking forward in the real estate realm, it’s most interesting to wonder: where will the market be bright in the coming year? We posed precisely this question to Trulia’s Chief Economist, Jed Kolko. His answer was concise and provocative: “Smart cities are hot.” (Trulia 2012 Predictions Newsletter)
The question begging to be answered is – just what is a Smart City?
Anatomy of a Smart City
The dramatic shift of the world’s population into urban areas is encouraging citizens, city planners, businesses and governments to start looking at visions of ‘smart’ cities. Below we look into what is driving the need to establish these networked environments, how smart city concepts and projects are different in the developing world, and what technologies and systems are needed to make them a reality. (Postscapes)
As we can see in a portion of The Anatomy of a Smart City Infographic from Postscapes, smart utility grids are only one portion of a larger, more complex Smart City grid, which includes:
Smart Environment: Monitoring and management of all environmental elements such as pollution levels, wildlife counts, and water runoff.
Smart Safety: Safety monitoring for buildings, bridges and dams.
Smart Transportation: Monitoring and management of all transportation systems, which includes the management of fuel consumption.
Smart Utilities: Smart Grid technology, which is currently being implemented in the form of Smart Meters to monitor and manage all electricity and water usage.
- Smart Buildings: Office buildings that monitor all energy consumption of every single employee.
Download Anatomy of a Smart City – FULL Infographic PDF
Can we spell AGENDA 21 Human Settlement Zones? And according to Trulia’s Chief Economist, investing in properties set up for the collection of people into sections designated as human habitats according to Agenda 21 protocols is a HOT ITEM for 2012!
A Smart City is an environment where literally everything you do and say can and will be monitored because everything and everyone will be attached to a complex grid of sensors and wireless networks, with your particular Smart City acting as the platform on which the grid is maintained.
Stack and pack is on its way, folks, and people will flock to these Smart Cities in droves. Why? Because they will be touted as ecologically sound – “green” if you will, when the only thing green about them is the amount of greenbacks it will take to live there. Contrary to the hype, these are not cool places to live. These are techno-traps loaded with all the gadgets one could possibly want right at your fingertips, put in place specifically to lure one into the trap. The only thing you won’t have is your freedom. But who needs that if you have the latest iPod, eh?.
So, what do we actually gain by paying for the privilege of allowing someone to monitor our every move and every bit of energy consumption and decide when we’ve simply had enough and are cut off? You tell me. I can’t think of one good thing.