Security, Your Privacy Rights, and Spyware
Facebook security, children's rights to privacy, tracking software, selling data
2012
The data strongly suggests that security becomes more of a
priority with age.
The report focuses
on differences between baby boomers (56- to 65-year olds) and
generation Y (18- to 25-year olds).
Modern young adults have grown up surrounded by amazing
technology, tech that they naturally take for granted. Does their
innate tech-expertise make them better at protecting privacy and
staying safe online? In a word, no.Young folks are more likely to
prioritize entertainment or community over security, while more
than half of the boomers placed security first. Perhaps not
surprisingly, boomers worry more about email attacks while Gen Y
expects trouble to come through social networks or P2P file
sharing.
2012
4 high-tech ways the federal government is spying on private
citizens
http://news.yahoo.com/blogs/technology-blog/4-high-tech-ways-federal-government-spying-private-153556125.html
One of the running jokes in the 1980s was how the former Soviet
Union spied on its private citizens. As comedian Yakov Smirnoff
used to joke: "In Soviet Russia, TV watches you!" But here in
America, we were all safe from the prying eyes of the government.
Fast forward to 2012, when the U.S. government actually has the
tools and capabilities to spy on all its citizens. These eyes go
well beyond red light cameras. Right now, the government is
tracking the movements of private citizens by GPS, reading private
citizens' emails, and possibly even reading what you're saying on
Facebook. It does so all in the name of law enforcement and
Homeland Security, of course — but whether or not that makes you
feel safer is up to you.
1. The NSA is building a massive data center in Utah to read every email you'll ever send.
Many of us are aware that little of what we say on social networks is really private. But you'd think your emails would be safe from prying eyes — especially those of your government. Not so, once the government completes work on a top-secret Utah data center reportedly built to spy on civilian communications. The $2 billion facility, slated to be complete by September 2013, is allegedly designed to be able to filter through yottabytes (10^24 bytes) of data . Put into perspective, that's greater than the estimated total of all human knowledge since the dawn of mankind. If leaked information about the complex is correct, nothing will be safe from the facility's reach, from cell phone communications to emails to what you just bought with your credit card. And encryption won't protect you — one of the facility's priorities is breaking even the most complex of codes.The good news (if there is any) is that the sheer volume of internet traffic and emails sent in a single day is far too much to be read by human eyes. Instead, the government will likely need to rely on complicated algorithms to assess each transmission and decide if they represent a security threat. So you're probably out of the government's earshot here... as long as you watch what you say.2. The FBI maintains detailed files on numerous public, semi-public, and private figures.
Have you ever thought of taking a job with the government? If you value your privacy, think twice — the government runs incredibly extensive background searches on its high-profile applicants.What kind of information does the government want from its applicants? Well, when former Apple CEO Steve Jobs was under consideration for a job with George H.W. Bush's administration in 1991, the FBI compiled a massive file on him. Included in that file: the fact that Jobs had a 2.65 GPA, his history of marijuana and LSD usage, and his tendencies to "distort reality" and to "twist the truth" in order to achieve his goals.Of course, Jobs is far from the only figure with an FBI file. Other public personalities profiled by the FBI include John Lennon, Marilyn Monroe, Jimi Hendrix, and even Anna Nicole Smith. If you're curious about what goods the FBI has on you, you can always submit a request to view your own personal file. It is worth noting, of course, that the government doesn't profile everyone - just certain people of interest.3. Homeland Security is reading your tweets and Facebook status messages.
Unless you play around with your Twitter and Facebook privacy settings, just about anything you say is public. So it might not come as a surprise that the Department of Homeland Security is seeking contractors to build software and hardware capable of reading through what it calls "publicly available social media." Essentially, the government wants to read through your tweets and status messages to see if there's any information that might help in detecting threats. There are some ground rules to the project. The government won't pose as a Twitter follower and won't accept or send any Facebook friend requests. Still, even with those restrictions, there's a lot of information floating out there for the feds to read, even if most of it is nonsense about Justin Bieber.4. Your ISP may soon be required to keep files on what sites you visit.
The idea sounds pretty far out there - a law that would require your internet service provider to keep constant tabs on you, along with detailed records of what websites you visited and when. But that's exactly what the Hawaii state legislature proposed this January with H.B. 2288 and companion bill S.B. 2530. The bill, sponsored by State Rep. John Mizuno (D), "requires internet service providers... keep consumer records for no less than two years." The bill then goes on to specify that these records must include "each subscriber's information and internet destination history information." Thankfully, the bills' sponsors withdrew the offending legislation from debate. But the reason wasn't just public outcry. Also a factor was the fact that the U.S. House of Representatives is considering a similar bill titled Protecting Children From Internet Pornographers Act. That bill, sponsored and written by Texas Republican Representative Lamar Smith, would mandate that commercial ISPs create logs of customers' names, bank information, and IP addresses. That information could later be used by attorneys seeking to prosecute in a criminal trial or even in civil cases and divorce trials.
Not much is private anymore Between private companies violating your privacy and now the government, is there any way to avoid prying eyes? Not really, unless you make significant changes in the way you use the web. So before you send that next tweet or post that next Facebook status message, think about whether or not you'd be okay with a complete stranger looking at it - because that's very well what may happen.
" A Guide to Facebook Security " (PDF) is a free, 20-page pamphlet geared primarily toward teens, their parents, and teachers. Co-written with fellow security expert Linda McCarthy and teacher/editor Denise Weldon-Siviy, it is available to view and download from Facebook.
What happens at Facebook should stay at Facebook.
What do Facebook, the CIA and your magazine subscription list
have in common? Maybe more than you think . . . Please see this
first.
[
more
]
See and learn more about web 2.0 and Social Networks
CHILDREN'S RIGHTS
Learn about children's right to privacy.
Find out who collects information about them and who sells that information. Learn what you can do to protect your child's privacy.
How to protect the social security number.
Who Sells Information about children?
PARENTS, TEACHERS, ADMINISTRATORS, SCHOOL BOARDS do you know WHO IS COLLECTING AND SELLING selling children's information? IT'S PERSONAL
selling data
online profiling
American ISPs are tracking you then selling your personal
information, sharing data with outside ad firms.
Find out which ones and how you can opt out. American ISP for
pimping user data to NebuAd, the Phorm-like behavioral ad
targeter."What Your Broadband Provider Knows About Your Web Use:
Deep Packet Inspection and Communications Laws and Policies."
Contact Congressman Ed Markey, John D. Dingell(chairman of the
House Committee on Energy and Commerce) and Joe Barton (ranking
member of the House Committee on Energy and Commerce).
Choicepoint sells your information to criminals ChoicePoint received the "Greatest Corporate Invader" award "for massive selling of records, accurate and inaccurate to cops, direct marketers and election officials."
FTC Issues Report on Online Profiling The report reviews the Network Advertiser Initiative's (NAI) self-regulatory guidelines. These guidelines will oversee the future practices of large profilers such as DoubleClick, Engage and 24/7 Media.
Six Tips to Protect Your Online Search Privacy
PDF
Google, MSN Search, Yahoo!, AOL, and most other search engines
collect and store records of your search queries. If these records
are revealed to others, they can be embarrassing or even cause
great harm. Would you want strangers to see searches that
reference your online reading habits, medical history, finances,
sexual orientation, or political affiliation?
Recent events highlight the danger that search logs pose. In
August 2006, AOL published 650,000 users' search histories on its
website.1 Though each user's logs were only associated with a
random ID number, several users' identities were readily
discovered based on their search queries. For instance, the New
York Times connected the logs of user No. 4417749 with 62 year-old
Thelma Arnold. These records exposed, as she put it, her "whole
personal life."
PRIVACY ON YOUR OWN COMPUTER
GET SMART EMAIL AND SURF ANNONYMOUSLY
Free Online Anonymity Services - maintain your privacy online. WHY??Since 2000, Google has recorded your search terms, the date-time of each search, the globally-unique ID in your cookie (it expires in 2038), and your IP address. This information is available to governments on request. Matt Cutts, a software engineer at Google since January 2000, used to work for the National Security Agency.
Keyhole, the satellite imaging company that Google acquired in October 2004, was funded by the CIA.
"We are moving to a Google that knows more about you." ~ Google CEO Eric Schmidt, February 9, 2005
Privacy Analysis of Your Internet Connection
"
phishing
,"
the practice of sending fraudulent e-mail messages en masse to
bait people into disclosing sensitive information. Newer scams
involve "malware," which can install itself on a computer through
e-mail or pop-up ads, detect when someone starts to use an online
banking program or make a credit card payment, and then record the
person's keystrokes and capture account details. The victims do
not even have to do something foolhardy like giving away account
numbers or passwords.
Learn about KEYLOGGERS - and how to keep it off your computer.
National Science Foundation's Cyber Trust program , which is intended to promote computer network security.
SPY WARE aka advertising-based networks with pop-up ads "The biggest, richest American companies are buying advertising through spyware. The biggest, richest venture capital firms are investing in those who make this kind of unwanted software. That's names like American Express, Sprint PCS, Disney, Expedia, Guy Kawasaki's firm." source
Rootkits - programs that are secretly installed on your computer without your knowledge or permission that hide themselves from you, compromize your ability to protect your computer from skank and won't let you protect your privacy. Digital Rights Management software - Palladium
Seth Schoen of the EFF has a good blog entry about Palladium and TCPA
PROTECT YOURSELF
Google Privacy Practices Rank Lowest
Leading Internet search engine Google has received the lowest
possible rating for privacy practices, according to a detailed
report released Friday by Privacy International, a global
organization working for the protection of privacy.
How to use Google.
10 security tips for protecting data while traveling
Buy technology that does not control you.
Richard Stallman is nothing if not determined. For over two decades this bristly MIT geek has championed an arcane cause: free computer programs. Stallman wants you to have the right to twiddle your software -- to be able to add features, rewrite it and, if you can figure out how, teach it get down and do the fandango.How ISP surveillance currently works in England.
Computer Professionals for Social Responsibility
Some Frequently Asked Questions About Data Privacy and P3P
Nathaniel Borenstein President of Computer Professionals for Social Responsibility 2004
About JOHN GILMORE -- Picture -- Coderpunks Mailing List
About Declan McCullagh -- mccullagh.org's privacy site
Netscape SmartDownload reports file information to AOL
The Register
tells that Netscape Communicator's SmartDownload component
records the files it downloads, the client IP, the server IP,
and the time, then forwards this information to AOL without
informing the user. In other words,
AOL receives a download-by-download report of each file
Communicator downloads, its file name, your IP, and the
server it came from.
This information is passed on to AOL without user interaction
or notification. Additionally, the information is recorded
locally in a cookie file. When combined with other exploits
which allow for remote transfer of cookie files, this
vulnerability could reveal detailed information on a user's
browsing habits.
Privacy Preferences Project
-
Take the Tour
AT&T Privacy Bird software is free. Tell the software your
privacy preferences, and it will tell you if websites will do what
you want or use your info against your wishes.
The Web Ad Blocking page
details a way to block specific URLs without software. In essence,
you map offending IP addresses to your own machine. HTTP requests
to offending addresses are sent back to your machine, where they
fail. Works on almost any machine (PC, Mac, Unix, Linux, etc).
The Anatomy of File Download Spyware - The Newsletter Forum
Privacilla.org , Your Source for Privacy Policy From a Free-market, Pro-technology Perspective
GNUPG
is the GNU implementation of the OpenPGP protocol stack, a near
and direct descendant of the original Pretty Good Privacy email
privacy system of Phil Zimmermann.
http://lists.w3.org/Archives/Public/www-patentpolicy-comment/2001Sep/0041.html
Privacy isn't public knowledge Online policies spread
confusion
5/3/00
with Legal Jargon - Do big Web sites want you to understand what
they tell you? Maybe not, suggests an analysis by an independent
expert for USA TODAY of the privacy policies of 10 major sites.
Cyber Treaty Goes Too Far?
by Declan McCullagh 5/3/00
Planned Global Net-treaty hands police more power, limits privacy.
Details of the "Draft Convention on Cybercrime"* Make it a crime
to create, download, or post on a website any computer program
that is "designed or adapted" primarily to gain access to a
computer system without permission. Also banned is software
designed to interfere with the "functioning of a computer system"
by deleting or altering data.
* Allow authorities to order someone to reveal his or her
passphrase for an encryption key. According to a recent
survey, only Singapore and Malaysia have enacted such a
requirement into law, and experts say that in the United
States it could run afoul of constitutional protections
against self-incrimination.
* Internationalize a U.S. law that makes it a crime to possess
even digital images that "appear" to represent children's
genitals or children engaged in sexual conduct. Linking to
such a site also would be a crime.
* Require websites and Internet providers to collect
information about their users, a rule that would potentially
limit anonymous remailers.
SLAPP
as Strategic Lawsuits Against Public Participation.
Anonymity on the net - A new form of lawsuit called a "CyberSLAPP"
suit is threatening to overturn the promise of anonymous online
speech and chill the freedom of expression that is central to the
online world. CyberSLAPP cases typically involve a person who has
posted anonymous criticisms of a corporation or public figure on
the Internet. The target of the criticism then files a frivolous
lawsuit just so they can issue a subpoena to the Web site or
Internet Service Provider (ISP) involved, discover the identity of
their anonymous critic, and intimidate or silence them.
PhoneBook project - Making your PC 'Police-Ready' providing you with an encrypted Linux filesystem (virtual disk) with unique 'plausible deniability' and 'disinformation' features.Protecting your On-Disk Privacy with *Deniable Encryption.
Internet Privacy Education Campaign
EFF - Electronic Frontier Foundation - is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member supported organization, now has a RADIO STATION. Programming includes interviews and panel discussions with the people who are on the front lines defending freedom of expression in cyberspace. EFF staff attorneys and activists regularly appear discussing ongoing litigation and legislation that will determine the future freedoms of the individual in the digital age.
Epic.orgGOVERNMENT
Carnivore - The Federal Bureau of Investigation released the first set of documents concerning its Carnivore Internet surveillance system.
Whistle-Blower Outs NSA Spy Room
AT&T provided National Security Agency eavesdroppers with full
access to its customers' phone calls, and shunted its customers'
internet traffic to data-mining equipment installed in a secret
room in its San Francisco switching center. According to a
statement released by Klein's attorney, an NSA agent showed up at
the San Francisco switching center in 2002 to interview a
management-level technician for a special job. In January 2003,
Klein observed a new room being built adjacent to the room housing
AT&T's #4ESS switching equipment, which is responsible for
routing long distance and international calls.
How well does Your State do? Rank Your States Privacy Protection
Submit your IRS Tax Return Online? Is your information secure?
NO.
Critical information security weaknesses at the Internal Revenue.
The report cites 47 specific instances where federal agencies announced their intent to exchange personal data and combine it into their own databases. According to the report entitled "Government Exchange and Merger of Citizens' Personal Information is Systematic and Routine," when an individual submits information to one federal agency, that agency will often share that information with other federal agencies. This sharing often takes place without the knowledge or consent of the individuals involved.
Find Individual Contributor by Zip Code Page for the 1980-2000
Election Cycle
"Type in a 5 digit zip code and find everyone from that geographic
area who has contributed to Federal campaign committees during the
election cycle...1980 -2000"
The Federal Communications Commission
creates a daily internal report called the
Daily Circulation Report,
which provides the review and voting status of materials
circulating among the Commissioners. Request daily reports from
the FCC:
Federal Communications Commission
Ms. Shoko Hair FOIA Officer [p] 202 418-0216 [f] 202 418-0521
445 12th Street, S.W., Room 1A827 - Washington, D.C. 20554
The Daily Circulation Report is an internal FCC record that is
exempt from disclosure under the deliberative process privilege of
FOIA Exemption 5, 5 U.S.C. § 552(b)(5). See Wolfe v. Department of
Health and Human Svcs., 839 F.2d 768 (D.C. Cir. 1988) (en banc)
(records indicating what actions had been completed by the Food
& Drug Administration but awaiting final decision or approval
by the Secretary or the Office of Management and Budget were
exempt from disclosure under the deliberative process privilege).
The Commission has previously withheld the Daily Circulation
Report pursuant to FOIA Exemption 5. In a letter to Bill
McConnell, Broadcasting & Cable, dated May 2, 2001, in FOIA
Control No. 21-095, Managing Director Andrew S. Fishel explained,
"Disclosing the list of pending proceedings and other details that
identify these pending proceedings could chill Commission
deliberations on important telecommuni-cations issues. Disclosure
of this list may lead to unnecessary speculation about individuals
responsible for any perceived decisional delays and this
speculation may lead to precipitous decision making." "David
Fiske" <DFISKE@fcc.gov>
The Center for Responsive Politics
[P] 202-857-0044; [F] 202-857-7809
Featuring campaign finance and lobbying information on the
president, Congress and special interests. Enter your state or zip
code in the "Get Local!" window for localized campaign finance
figures.
To file a complaint, visit:
http://www.ftc.gov/
and click on "File a Complaint Online",
call 1-877-FTC-HELP, or
write to:Federal Trade Commission
CRC-240
Washington, D.C. 20580
If your complaint is against a company in another country, please
file it at
http://www.econsumer.gov/
If you would like to forward unsolicited commercial e-mail (spam) to the Commission, please send it directly to UCE@FTC.GOV
PUBLIC LIBRARY IS BUGGED
STOP CENSORSHIP GET AROUND FILTERS
County of Los Angeles Public Library Forced to Filter Staff
1/17/00
The Los Angeles County Board of Supervisors
, spurred by concerns about the Internet, has required the
County of Los Angeles Public Library
(CoLAPL) to install "appropriate filtering software" on all
child-designated Internet workstations at all libraries that have
more than one workstation and give parents the opportunity to
designate whether they wish their children to have filtered or
unfiltered access. While a spokesman for a county commissioner
told the Los Angeles
Times
that a minor had built a bomb based on a web site found via a
public library, there's no evidence that the incident occurred in
Los Angeles, said CoLAPL Public Information Officer Nancy Mahr. A
library task force will test various filtering systems, including
the possibility of access regulated by card. The task force also
will determine what categories should be filtered. In addition,
children's terminals will have a default guidance screen that
links to youth-oriented sites.
Covert censorship in libraries : a discussion paper
(
2005
)
Covert censorship in libraries : a discussion paper
.
Australian Library Journal
54
(
2
):
pp. 138-147
.
Full text
PDF
Abstract
- Librarians, through their professional associations, have long
been committed to the social justice principle of free access to
information. External censorship challenges to library
collections threaten this principle overtly. However, censorship
can also occur in libraries in various covert and often
unconcious ways. This discussion paper raises concerns about
current librarian practices and library processes which can
effectively censor library collections from within. The paper
concludes by highlighting specific areas of practice in which
librarians need to be vigilant for such covert censorship.
The FBI Has Bugged Our Public Libraries
November 3, 2002
http://www.ctnow.com/features/lifestyle/hc-privacy1103.artnov03col.story
Some reports say the FBI is snooping in the libraries. Is that
really happening? Yes. I have uncovered information that persuades
me that the Federal Bureau of Investigation has bugged the
computers at the Hartford Public Library. And it's probable that
other libraries around the state have also been bugged. It's an
effort by the FBI to obtain leads that it believes may lead them
to terrorists.Many members of the public regularly use computers
in libraries to access the Internet for research purposes or to
locate information about particular interests. It's also not
uncommon for students and others to communicate with friends and
relatives through e-mail from there.
The FBI system apparently involves the installation of special
software on the computers that lets the FBI copy a person's use of
the Internet and their e-mail messages. (Don't ask me how I know
about this because I can't reveal how I was able to collect the
information.) Members of the public who use the library have not
been informed that the government is watching their activities.
It's not just the computers. Circulation lists that show which
books someone borrowed are also accessible to the government.
What are the Hartford librarians saying? "I can't disclose that we
were presented with anything," said Louise Blalock, Hartford's
head librarian.
I asked Mary W. Billings, the library's technical services
manager, if the FBI had given her a subpoena or a court order for
library information. Her response: "I cannot answer that
question."
<snip>
FBI's reading list worries librarians
By Martin Kasindorf, USA TODAY
http://www.usatoday.com/News/nation/2002-12-16-librarians-usat_x.htm
At New York City's Queens Borough Public Library, director Gary
Strong is anuneasy draftee on the front line of the war on
terrorism.
New surveillance laws that have made it easier for FBI agents to
obtain search warrants for library records have created a dilemma
for librarians such as Strong: Should they unquestioningly help
agents track what a patron has been reading, and perhaps help
prevent a terror attack? Or should they resist, and try to protect
individual liberties and the library's status as a haven of
intellectual inquiry?
Few librarians across the nation say they have been approached by
federal agents in the terrorism probe; Strong won't say whether
the feds have visited him in Queens. But the questions raised by
the FBI's increased authority have made political activists out of
some librarians, who are filing lawsuits against the Justice
Department and lobbying Congress in a growing debate over whether
American values are being trampled in the name of homeland
security.
At issue is the USA Patriot Act, the post-Sept. 11 legislation
approved by Congress that, among other things, gave federal agents
broad new powers to spy on people in this country. Under the
Patriot Act, the FBI no longer has to show a judge that it has
probable cause to believe that a person under surveillance has
committed a crime to get a search warrant for a library's
circulation records or computer hard drives, or a bookstore's
sales records. <snip>
Censorship - Public Librarys
Library May Not Have to Filter Source
Libraries Description:
City officials in Livermore, Calif. and civil rights groups
invoked a little-known section of the
Federal Communications Decency Act
and asserted in court papers filed Friday that "public libraries
have broad protection from suits seeking to force them to restrict
access to sexually explicit material on the Internet." Daniel G.
Sodergren, the assistance city attorney for Livermore, said that
"The law clearly applies to a public library that has computer
terminals that provide Internet access and bring up material that
originates with a third party." In the papers, supporters defended
the Livermore public library's policy of giving patrons full
access to the Internet. The documents were in response to a
lawsuit filed by a mother in late May who said her then
12-year-old son had used library computers to obtain sexually
graphic images from the Internet. The part of the Decency Act that
the city and library supporters pointed to was Section 230 of the
statute. It states that no provider of "an interactive computer
service shall be treated as a publisher or speaker of any
information provided by another information content provider."
Gagged librarians break silence on Patriot Act
Connecticut librarians spoke about their fight to stop the FBI
from gaining access to patrons' library records at a news
conference yesterday organized by the American Civil Liberties
Union (ACLU), and in a subsequent interview with RAW STORY. The
Librarians, members of Library Connection, a not-for profit
cooperative organization for resource sharing across 26
Connecticut library branches sharing a centralized computer, were
served with a National Security Letter (NSL) in August of last
year as part of the FBI's attempt to attain access to patron's
records. The NSL is a little known statute in the Patriot Act that
permits law enforcement to obtain records of people not suspected
of any wrongdoing and without a court order. As part of the NSL,
those served with the document are gagged and prohibited from
disclosing that they have even been served. The foursome of
Barbara Bailey, Peter Chase, George Christian, and Jan Nocek were
automatically gagged from disclosing that they had received the
letter, the contents of the letter, and even from discussions
surrounding the Patriot Act. The librarians, via the national and
Connecticut branches of the ACLU, filed suit challenging the
Patriot Act on first amendment grounds."People ask about private
and confidential things in the library setting like about their
health, their family issues and related books they take out these
are confidential and we did this to protect our patrons from
authorized snooping," said Peter Chase, Vice President of Library
Connection."On September 9 of last year, a federal judge lifted
the gag order and rejected the government's argument that
identifying the plaintiff would pose a threat to national
security.Yet the government continued to appeal the case
throughout the reauthorization debate, passionately arguing that
not a single incident of civil liberties violations by the Patriot
Act had occurred. By continuing the appeal, the government
effectively silenced any evidence to counter their claims."This
all happened during the reauthorization debate and the government
was saying no one's rights were being violated," said George
Christian, staff liaison for Library Connection and one of the
plaintiffs in the case.As the debate over the reauthorization of
the Patriot Act heated up, the librarians and others gagged by the
NSL had to watch in silence, intimately aware of dangers they
believed were not being exposed."We could not speak to Congress
until after the renewal of the Patriot Act," Said Barbara Bailey,
President of Library Connection and one of four plaintiffs in the
case.Although the ACLU, representing the librarians, filed the
case on August 9 of last year, US Attorney General Alberto
Gonzales decried any civil liberties violations in a Washington
Post op-ed in December, stating that "There have been no verified
civil liberties abuses in the four years of the [Patriot] act's
existence."
Five Technically Legal Signs for Your Library
|
|---|
|
|
[on the assumption that it's only illegal to say they've been there if it's true...] courtesy of Library Net. |
|
U.S. Ends a Yearlong Effort to Obtain Library Records Amid
Secrecy in Connecticut
After fighting for nearly a year to keep details of a
counterterrorism investigation secret, the federal government has
abandoned efforts to obtain library records in Connecticut,
concluding that the implied threat
had no merit. The decision was hailed yesterday as a victory by
the four Connecticut librarians who mounted one of the few known
challenges to the nation's
strengthened antiterrorism law when they filed a lawsuit last
summer objecting to the government's request for patron records
and its insistence on absolute secrecy.
Government officials, in seeking to explain why something that was
once a matter of national security was no longer worth the fight,
explained in interviews that they were ultimately able to discount
the threat using
other means and pronounce their investigation complete. They also
warned that the highly publicized standoff should not be a cause
of celebration for anyone.
"They're celebrating the fact they don't have to comply, and I
don't think that's something that should be celebrated," said
Kevin O'Connor, the United States attorney for Connecticut,
referring to the librarians. "What
are you celebrating? You're celebrating the fact that you
prevented the government from investigating a potential terrorist
threat."
Here are 6 resolutions for businesses and organizations that want to be responsible about privacy : From: "Prof. Jonathan Ezor"
1. Prioritize privacy.
Even if your organization is not in a field covered by explicit privacy laws (at least here in the US), such as healthcare (HIPAA) or financial services (Gramm-Leach-Bliley), being responsible with customer and employee information should matter to you. It certainly does to regulators and the people whose information you have. Just ask Mrs. Fields Cookies ($100,000 fine in 2003 for violating Children's Online Privacy Protection Act by launching Web-based birthday clubs for kids without getting verifiable parental consent) or Tower Records (FTC settlement in 2004 for violating its own privacy policy).
2. Make it someone's responsibility.
Appoint a Chief Privacy Officer or at least add oversight of privacy issues to the duties of someone within your organization. Make sure the person given that duty also has the time, training and resources to do the job right.
3. Draw yourself a map.
Do an organization-wide survey to identify each way that personally-identifiable information comes in, is moved within and may move out again, and what information you are actually collecting. Consider not only your Web site but e-mail, snail mail, faxes, 3rd party databases and research, telephone calls, business partners, service providers, etc. Be expansive in your investigation. Repeat every few weeks or months as your business processes may change.
4. Fact-check your privacy policy (if you have one).
Saying "we won't share your information with third parties" may be comforting to customers, but it's generally incorrect. Everyone from your Web host to UPS and FedEx may get customer information from you in the ordinary course, which isn't necessarily bad, except that it could violate your own public statements on privacy. That's where you can get into trouble.
5. Don't trust your own data about how you use others' data.
Ask a privacy professional or knowledgeable attorney to do a privacy audit of your organization. An outsider, particularly an experienced one, will likely find something you miss.
6. See the world.
Remember that, in the Internet age, most organizations are international even without intending to be. Read up on privacy laws of other nations (if you're in the U.S., pay particular attention to the EU Data Protection Directive and the related Safe Harbor at http://www.export.gov/safeharbor. Consider how you or your employees might be held liable in some other country for something you do (or don't do) where you are (see the recent eBay India employee case for a parallel example).