For too long in the U.S., Congress has attempted to legislate the Internet in favor of big corporations and heavy-handed law enforcement at the expense of its users’ basic Constitutional rights. The Electronic Frontier Foundationwrites that Netizens’ strong desire to keep the Internet open and free has been brushed aside as naïve and inconsequential, in favor of lobbyists and special interest groups. Well, no longer.
The EFF and a broad coalition of civil society groups called on elected officials to sign the new Declaration of Internet Freedom and uphold basic rights in the digital world. The Declaration is simple; it offers five core principles that should guide any policy relating to the Internet: stand up for online free expression, openness, access, innovation, and privacy. Sign it here.
Early Signers of Declaration of Internet Freedom
American Civil Liberties Union
Cheezburger, Inc.
Free Press
reddit
Amnesty International
Center for Democracy & Technology
MacUser magazine
Techdirt
Boxee
Electronic Frontier Foundation
Mozilla
Tucows
Related articles
Amnesty International, Harvard professors sign Declaration of Internet Freedom (nextlevelofnews.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
The Electronic Freedom Frontier (EFF) has updated its HTTPS Everywhere security tool to enhance protection for Firefox browser users against webpage security flaws. The new version of HTTPS Everywhere is a response to growing concerns about website vulnerability in the aftermath of the October 2010 release of Firesheep.
Firesheep is an attack tool that could enable an eavesdropper on a network to take over another user’s web accounts on social networking sites like Facebook or webmail systems such as HotMail if the browser’s connection to the web application either does not use cryptography or does not use it thoroughly enough.
Since the first release of HTTPS Everywhere the Firefox plugin has been downloaded more than half a million times.
Other sites targeted by Firesheep that now receive protection from HTTPS Everywhere include
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
The Electronic Frontier Foundation (EFF) is reporting that Apple, Inc., (AAPL) has filed a patent application for a “Systems and Methods for Identifying Unauthorized Users of an Electronic Device. ” The patent is for a device to investigate a user’s identity to decide if that user is “unauthorized.”
Information Apple plans to collect
The system can take a picture of the user’s face, “without a flash, any noise, or any indication that a picture is being taken to prevent the current user from knowing he is being photographed“;
The system can record the user’s voice, whether or not a phone call is even being made;
The system can determine the user’s unique individual heartbeat “signature”;
To decide if the device has been hacked, the device can watch for “a sudden increase in memory usage of the electronic device“;
The user’s “Internet activity can be monitored or any communication packets that are served to the electronic device can be recorded“; and
The device can take a photograph of the surrounding location to find where it is being used.
Who is the responsible party
The EFF believes that as a result of this new technology, Apple will know who you are, where you are, and what you are doing and saying, and even how fast your heart is beating. In some embodiments of Apple’s “invention,” this information “can be gathered every time the electronic device is turned on, unlocked, or used.” When an “unauthorized use” is detected, Apple can contact a “responsible party.” A “responsible party” may be the device’s owner or as the EFF points out the “responsible party may also be “proper authorities or the police.” Once an unauthorized user is identified, Apple could wipe the device and remotely store the user’s “sensitive data.” Apple’s patent application suggests it may use the technology not just to limit “unauthorized” uses of its phones but also to shut down a stolen phone.
However, the EFF says Apple’s new technology would do much more. The EFF believes that this patented device enables Apple to secretly collect, store, and potentially use sensitive biometric information about the user. This is dangerous in two ways according to the EFF:
It is far more than what is needed just to protect you against a lost or stolen phone. It’s extremely privacy-invasive and it puts you at great risk if Apple’s data on you are compromised. But it’s not only the biometric data that are a concern.
Apple does not explain what it will do with all of this collected information on its users, how long it will keep this information, how it will use this information, or if it will share this information with other third parties. We know based on long experience that if Apple collects this information, law enforcement will come for it, and may even order Apple to turn it on for reasons other than simply returning a lost phone to its owner.
Apple’s technology includes various types of usage monitoring — also very privacy-invasive. This patented process could be used to retaliate against users who jailbreak or tinker with their device in ways that Apple views as “unauthorized” even if it is perfectly legal under copyright law.
rb-
The EFF says this is a new business opportunity: spyware and what they are calling “traitorware.” The patent would allow Apple to find and punish users who tinker with their devices. The EFF says it’s not just spyware, it’s “traitorware,” since it is designed to allow Apple to retaliate against customers who do something Apple doesn’t like.
This patent is downright creepy and invasive — certainly far more than would be needed to respond to the possible loss of a phone. Spyware, and its new cousin traitorware, will hurt customers and companies alike — Apple should shelve this idea before it backfires on both it and its customers.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Data Privacy Day is January 28, 2010. Data Privacy Day is an international celebration of the dignity of the individual expressed through personal information according to its sponsors. In this networked world, in which we are thoroughly digitized, with our identities, locations, actions, purchases, associations, movements, and histories stored as so many bits and bytes, we have to ask – who is collecting all of this – what are they doing with it – with whom are they sharing it?
For its part, Google (GOOG) has released a video highlighting the ways it uses some of that personal data it collects about you to make your life easier and then explains that you can opt-out of some of Google’s data collection policies.
Microsoft (MSFT) has released the results of a study on data privacy. According to the Microsoft survey, the results illustrate how we, as a society, are still grappling with the intersection of privacy and online life. For example, 63 percent of consumers surveyed are concerned that online reputation might affect their personal and/or professional life, yet, less than half even consider their reputations when they post online content.
Finally, Fewer than 15% of consumers in any of the countries surveyed believe that information found online would have an impact on their getting a job. The Microsoft study found 70% of surveyed HR professionals in the U.S. have rejected a candidate based on online reputation information. Reputation can also have a positive effect as in the United States, 86% of HR professionals stated that a positive online reputation influences the candidate’s application to some extent; almost half stated that it does so to a great extent.
For its part, the Electronic Frontier Foundation (EFF) has published, “The E-Book Buyer’s Guide to Privacy ” which outlines six elements of Ebook readers’ privacy policies:
The EFF surveyed the policies and found that Google Books and Amazon Kindle will monitor what you’re reading. The EFF also found that all the E-book readers will keep track of book searches and book purchases. The Kindle, Nook, and Reader shared information collected on your book selections, searches, and purchases is shared outside the company without your consent. The good news is that the a free, open-source FBReader (for Windows/Linux) does not collect data on your book selections or searches.
These privacy issues are important for citizens and businesses. Firms have to consider whether they are complying with laws and regulations requiring consumer privacy protections. They know that customers have to trust their technologies and services before they will use and pay for them.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Senator Jay Rockefeller (D-WV) has released a revised version of his bill that would federalize the Internet(I covered this topic earlier here). The current draft would allow the president to “declare a cybersecurity emergency” on “non-governmental” computer networks and do what’s necessary to respond to the threat.
Section 3 (2) (B) Defines “Cyber” as any matter relating to, or involving the use of, computers or computer networks. Section 201 (2) (B), permits the president to “direct the national response to the cyber threat” if necessary for “the national defense and security.”
“I think the redraft, while improved, remains troubling due to its vagueness,” Larry Clinton told CNET “It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill,” said Clinton, president of the Internet Security Alliance, which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board.
A Senate source familiar with the bill told CNET that the president’s power to take control of portions of the Internet is comparable to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection.
Section 201 (5) the bill requires the White House to engage in “periodic mapping” of private networks deemed to be critical, and those companies “shall share” requested information with the federal government. The privacy implications of sweeping changes implemented before the legal review is finished worry Lee Tien, a senior staff attorney with the Electronic Frontier Foundation in San Francisco told CNET. “As soon as you’re saying that the federal government is going to be exercising this kind of power over private networks, it’s going to be a really big issue,” he says.
“The language has changed but it doesn’t contain any real additional limits,” EFF’s Tien says. “It simply switches the more direct and obvious language they had originally to the more ambiguous (version)…The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There’s no provision for any administrative process or review. That’s where the problems seem to start. And then you have the amorphous powers that go along with it.”
Rb-
If your network is determined to be “critical” by the Feds, there is likely a new set of regulations coming from the same people who are giving themselves failing grades for their own cyber-security.
These new rules could impact staffing decisions, disclosure policies and open the door to a government can take over your IT systems. This bill requires watching by anybody that uses or manages computers, a private network, or the Internet. It is likely they will sweep it in as pork on another unrelated bill, to limit public discussion.
Contact your representatives in DC.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
For too long in the U.S., Congress has attempted to legislate the Internet in favor of big corporations and heavy-handed law enforcement at the expense of its users’ basic Constitutional rights. The Electronic Frontier Foundation writes that Netizens’ strong desire to keep the Internet open and free has been brushed aside as naïve and inconsequential, in favor of lobbyists and special interest groups. Well, no longer.
The EFF and a broad coalition of civil society groups called on elected officials to sign the new Declaration of Internet Freedom and uphold basic rights in the digital world. The Declaration is simple; it offers five core principles that should guide any policy relating to the Internet: stand up for online free expression, openness, access, innovation, and privacy. Sign it here.
