Tuesday, September 11, 2007

2020: The future of surveillance

Imagine a world where …

- every single one of your activities outside your home was monitored on closed-circuit cameras

- your computer’s ip address was fixed, allowing anyone to track your activity and making your computer a hot property for thieves wanting to hide their identity

- all monetary currency has disappeared and your electronic transactions are all tracked, unless you pay extra to "scrub" your transaction

- you will be required by law to wear an identity transponder at all times so that you can be readily identified

- your insurance company is able to monitor the groceries you buy and what you consume in a restaurant in order to charge higher rates to subscribers who eat junk foods

These are just some of the predictions forecast in DM News by Robert Gellman, a Washington-based privacy and information policy consultant and former chief counsel to the U.S. House subcommittee on information, justice, transportation and agriculture.

2020 is just 13 years away – how close are we to living in the world that Gellman predicts?

Photo by: Gavin Stewart, Creative Commons Attribution 2.0

Thursday, September 6, 2007

Facebook uses negative opt-out to make profiles public

Facebook users received notifications this week that the company is planning to make user profiles available to non-users and eventually make them searchable on the Internet, as reported today by the BBC:

The function will initially allow anyone who is not registered with the site to search for a specific person. More controversially, in a month's time, the feature will also allow people to track down Facebook members via search engines such as Google.

The firm said that the information being revealed is minimal.

… The public search listing will show the thumbnail picture of a Facebook member from their profile page as well as links allowing people to interact with them. But, in order to add someone as a friend or send them a message, the person will have to be registered with Facebook.

Users who want to restrict what information is available to the public or
opt out of the feature altogether can change their privacy settings. They have a
month to do so.

Facebook originated as a “closed” space, targeting university and college students whose e-mail addresses had to originate from their academic institution’s domain. Last year, Facebook opened its service to anyone, but part of the appeal to users is the ability to restrict access to your profile within the Facebook environment.

Now, Facebook is pulling down the walls of their environment and allowing anyone, anywhere to see its users’ profiles – unless users choose to opt out. The negative opt-out technique means that if users do not respond, Facebook will assume they have granted permission for their profiles to be made public.

Roger’s Cable in Canada tried the negative option technique in the mid-90’s, delivering a package of new speciality services with automatic increased costs to customers’ bills. Customers were outraged, the company backed away from their plan and by 1999, Canadian parliament outlawed the practice.

The negative opt-out is at best unfair and at worst a huge violation of trust:

It presumes that everyone will read the opt-out notification within the month – there are purportedly 39 million Facebook accounts, a large percentage of which have likely become inactive or are used infrequently, so those users’ information will probably go public without their knowledge or consent.

It takes advantage of a low response rate. Studies have shown that only about 15% of users will respond to a negative opt-out. Facebook stands to make a greater profit using this method than requiring users to opt in.

It takes advantage of the relationship developed between service provider and customer. Facebook is presuming that it can use its customers’ information in whichever way it deems fit, with a minimum of input from users.

It puts users – including minors – at risk by exposing their profile information to the wider world. Many Facebook users are not well-informed about the myriad of privacy settings required to lock down one’s profile. Many users leave their entire profile, including date of birth, workplace, residential neighbourhood and status (e.g. “I’m vacationing in Aruba all week!”) open to entire networks of thousands of members to view. While users’ entire profiles will not be available to search on the Web - not yet, anyway – it opens the door for greater abuse.

In using the negative opt-out technique, Facebook is violating the trust and the privacy of millions of loyal users. If users and regulators allow Facebook to proceed with this tactic - what's next? What other web services do you use that may decide to share your personal information or web history with a third party, assuming that your silence to a negative option grants them your "permission"?

Saturday, September 1, 2007

Lessons from the massive privacy breach at Monster.com

Last week’s massive security breach affecting Monster.com is a reminder of what is at stake as we all come to rely on web-based services for everything from shopping to dating to job searching. For those unfamiliar with the service, Monster.com is an international job search site, where employers can post job ads and employees can post their resumes and apply for positions. According to CRN Business:

The stolen data, which was found on a remote server and shut down by Monster.com this week, included users' names, addresses, phone numbers and e-mail addresses. Symantec security researchers first reported the incident last week, although it's still not clear when the breach first occurred.

The data was collected by the Trojan Infostealer.Monstres, which likely used stolen login credentials of legitimate employment recruiters to gain access to the site's resume database, according to a posting by Symantec researcher Amado Hidalgo on Symantec's Web site. The unsuspecting job seekers whose information was stolen then became the victims of various phishing e-mail scams attempting to empty their bank accounts.
Last week’s reports indicated that a staggering 1.3 million individuals’ data had been stolen, but Monster.com’s CEO Sal Iannuzzi is now saying that the breach is likely even larger:
To be safe, he said, all Monster.com users should assume that their contact information has been taken.
While Monster is assuring users that it is working to improve security on their site and contacting users about ways they can ensure their privacy, this is too little too late given that millions of users’ confidential data, including names, residential addresses, e-mail addresses, home telephone numbers, cell phone numbers and employment history have been stolen by individuals who have not been identified or arrested for purposes yet unknown. It is not yet known if any financial transaction data has been stolen.

Ianuzzi offers little comfort to Monster’s customers:
"I want to be clear and I want to be frank: There is no guaranteed fix," Iannuzzi said. "I wish I could say . . . there will be absolutely no way that the Monster site can be compromised. I cannot ever make that promise, and no Internet company can." (emphasis is mine).
This is a sobering reality check to all of us who share information and make transactions on the Web – that there are no iron-clad guarantees for the security of your data, financial or otherwise. It is up to individuals to stop and think before providing any personally identifiable information to access a service or conduct a transaction over the Internet.

Some ways you can reduce your risk:

1. When signing up for a Web service – anything from Facebook to Ticketmaster alerts to a blogging utility – how much personally identifiable information are you required to provide? How important is the service to you when weighed against the risk of your personal data being stolen or unlawfully accessed?

2. Could you access this service in another way? For example, is it possible to apply for a job by e-mailing the employer directly, rather than uploading all of your application data to a Web service?

3. When you are making an on-line purchase, be sure the vendor is providing a secure means of making the transaction – look for the https:// prefix in the URL (e.g. https:// www.abc.com). You should see a lock box on your screen if the site is secure.

4. Make sure you run anti-virus software regularly to ensure that key sniffers are not at work on your computer. Because you cannot be assured that this is happening in libraries and internet cafes, don’t access your on-line banking service or make financial transactions on public Internet computers.

5. If you are using a wireless Internet connection, secure it to ensure that no one can access your computer.

6. When making a transaction online, always decline the option for the service to retain your credit card information. The inconvenience of re-keying this information is not worth the risk of a data breach.

7. Vote with your feet and with your money. Don't support companies or services that aren't taking data security seriously. If you have a concern about the amount of personal data you are required to provide in order to access a service, don't go ahead with the transaction. Write the companies and let them know your concerns. Read their privacy policy thoroughly.

Unfortunately, even using these precautions will not eliminate your risk. A few months ago, I wrote about how in-person shoppers at TJ Maxx stores had their credit card information stolen because the company’s databases were breached and they retained the data far longer than required to support the transaction. Regulations to protect consumers are lagging and differ from country to country and within state and provincial jurisdictions. Many companies are lax in protecting consumers and do not provide the level of I.T. support required to secure data.

Most of us wouldn’t leave our houses without locking the doors, but we can so easily become complacent about the amount and type of personal information we share in our day-to-day activities.
Always ask yourself: is the convenience worth the potential risk?