Why the U.S. needs better privacy laws, now!

Topic

New Reply

	TOP STORY Why the U.S. needs better privacy laws, now!
	By Woody Leonhard Microsoft recently published an open letter to President Obama, condemning government surveillance and calling for federal data-privacy legislation. While some industry heavyweights such as Amazon, Twitter, and Google would probably prefer fewer privacy rules, Microsoft weighs in on the side of consumers.

---

The full text of this column is posted at windowssecrets.com/top-story/why-the-u-s-needs-better-privacy-laws-now (paid content, opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

I just checked the Google location site you mentioned. Good to know: GPS does *not* need to be on to be tracked… The map showed my recent trip to China in all its details, even how I wandered around Cheremetyevo in Moscow while waiting on the connecting flight!

Reply | Quote

Well, I hope the Google location map (fascinating though it is) would never be relied on in a court of law. It’s got me going hundreds of miles away in the last few days to places I’ve never visited!

Reply | Quote

Some common ways to estimate browser/device location:

1 GPS

2 WiFi location(s) (from Street View type data collections or #4 below) (did you have WiFi enabled, Luke?)

3 Cellphone/GPRS etc. tower location/triangulation (turn off your Handy, Luke?)

4 ISP IP block registration (<- that's you I reckon, timsinc :), it's a pretty vague when compared to the above methods, can be much worse if you don't have a fixed IP – previous locations listed for the same IP might be from different users).

Reply | Quote

Remember the uproar when Windows 98 integrated IE? MS was going to run the world! The sky is falling! The EU forced MS to segregate the functions or offer up other browsers during installation. A sci-fi novel I read set way in the future setting had one corporation in the universe, Microsoft-Disney.

I am now Google-less, although they manage to keep making themselves my default search engine in Opera 21 and IE. I went Windows Phone a year ago, and Hotmail/live.com/Outlook.com/Skydrive/Onedrive along the way. I do wish they would stop changing names! And all the latest incarnations still uses live.com URL’s! I have to say, I love the bold look of Windows 8, and Windows Phone 8 and 8.1 and the online services. Far easier to use that Android or iPhone.

I read online (It must be true!) some time ago that per the EULA, when you put a photo or document up on Google servers, you give them permission to do with it as they wish. So, your lifelong project of translating Moby Dick into Hindi is no longer yours, but Google’s. MS does not do this.

“Do no evil,” what a joke!

Thank you, MS, for standing up for consumers!

Reply | Quote

Simply Turn OFF Google’s Location Tracking. It takes one second. [ ] Enable Location Sharing

The OP Woody discussed Google Location a lot in the article but didn’t bother to mention how easy it is to turn off. All gloom and doom. Boo. Not.

Reply | Quote

Simply Turn OFF Google’s Location Tracking. It takes one second. [ ] Enable Location Sharing

The OP Woody discussed Google Location a lot in the article but didn’t bother to mention how easy it is to turn off. All gloom and doom. Boo. Not.

Woody’s story is relevant but also reeks of fear mongering. Google makes it very easy to view and change Location Reporting and Location History. Google also provides a means to delete previously collected history (I generally trust they will delete info as requested but obviously it could be retained potentially resurrected in another form). Yes, both are enabled by default which I wish wasn’t the case but Google is a business and location based services have proven both popular and profitable. I’m no Google fanboy but do understand the business model.

I expected more from an experienced tech journalist. Woody should know about Google’s location based services on Android or at least should have done a bit more research before publishing this article. The point he is trying to drive (improved privacy legislation) is muted by unnecessary scare tactics.

Reply | Quote

Simply Turn OFF Google’s Location Tracking. It takes one second. [ ] Enable Location Sharing

The OP Woody discussed Google Location a lot in the article but didn’t bother to mention how easy it is to turn off. All gloom and doom. Boo. Not.

Nice idea, but some security features require it and as Satrow notes above, its not the only way you’re tracked. Wifi, Cell towers, and IP too.

Reply | Quote

I just now logged in to Google Location History. Some of the information is accurate, but some is just plain wrong!

For example, it shows I am, right now, about 4 miles North of my current location! It also shows travel to nearby towns on days I was not there. If the authorities tried to use this, they could ‘prove‘ I was some place when I was not there!

How will someone be able to determine which data is accurate, and which is not?

Reply | Quote

I just now logged in to Google Location History. Some of the information is accurate, but some is just plain wrong!

For example, it shows I am, right now, about 4 miles North of my current location! It also shows travel to nearby towns on days I was not there. If the authorities tried to use this, they could ‘prove‘ I was some place when I was not there!

How will someone be able to determine which data is accurate, and which is not?

Good point, especially as in the US it seems that you are considered guilty until you prove yourself to be innocent!

Reply | Quote

Enacting privacy legislation would be fine, but who would think it would eliminate all the data collection it would be aimed at? Afterall, how is the “Do-Not-Call” law working?

Reply | Quote

Some common ways to estimate browser/device location:

4 ISP IP block registration (<- that's you I reckon, timsinc :), it's a pretty vague when compared to the above methods, can be much worse if you don't have a fixed IP – previous locations listed for the same IP might be from different users).

I think you're right. I was looking on my Android tablet (which I'm using now) tethered to my Android smartphone. On the latter I have been using TomTom satnav, so gps is certainly on. So it's obviously device specific.

Reply | Quote

Woody, your mention of the “transparency” of credit reporting left out one extremely important fact. Although the three agencies – Experian, TransUnion, and Equifax – make you pay for your score it’s at least partially a waste of money. Their scores MAY give you an idea of your real credit score, but otherwise they’re nearly worthless, and all three are likely to be different. They’re not the ones lenders use, either. Lenders use the Fair Isaac Company’s score (FICO). Try getting that one without applying for a loan and asking the lender what FICO told them. You won’t get it; FICO doesn’t tell borrowers what their own scores are, although a very few credit card companies and banks include the FICO score with their monthly statements.

So much for usable transparency, even for a fee.

Reply | Quote

For non-US people they are increasingly going to choose non-US solutions. Just a few days ago a US judge ruled that MS must provide emails stored on Irish servers. MS say (rightly) that can only happen if a request is made by the US court to the Irish authorities who must then approve it, but the US judge deems that Irish approval is not required since MS is a US company.

The implications are huge for US companies providing cloud services, email, even potentially antivirus and any other software company. Not only is it morally and legally dubious to say the least, but it’s commercially suicidal for the US IT sector.

Good news for EU, Swiss, Norwegian and other providers.

Reply | Quote

Woody wrote in “Why the U.S. needs better privacy laws, now!” Windows Secrets Newsletter • Issue 447:

For most users, “off” really means the phone is in standby mode — the screen is dark but the phone is still ready to receive calls, messages, and data. Possibly more frightening are reports that a phone could be secretly modified to look like it’s fully powered down when in fact it isn’t. For the truly paranoid, the best solution is to fully remove the battery (which rules out using iPhones.)

This is not the only way, and for iPhones not quite correct.

All you have to do is put your cell phone (ANY mobile phone and/or GPS) in a Faraday cage and the phone will be fully inert to the outside world. (read the Wikipedia article)

You can test it for yourself. It’s trivial!

1. I wrapped my cell phone (on stand by) in kitchen paper, to make sure it was electrically isolated. (though there’s probably no need)
2. I put the phone in an old plain iron sigar box and tried to call it from my land line phone. I was switched to voicemail.

3. Same as 1.
4. I wrapped the phone in 2 layers of plain aluminium foil. Again I got voicemail. The cell phone simply did not respond.

When inside a Faraday cage your phone can NOT be tracked. Unfortunately your phone is also useless.

Reply | Quote

Yep – I have clients who do NOT want their customer data stored on US servers due to Homeland Security. They seek web hosting elsewhere.

Reply | Quote

The entire model of privacy is backwards. The “Notify and Consent” doesn’t do anything to keep my data out of the hands of Google or Microsoft. Currently, Google and others, allow me to access my data. They store it on their systems. My data should be stored on my devices or better, in my private cloud with encryption of my choosing. I would allow Google access to my data if I wanted to take advantage of their services. Of course this will never happen because Google isn’t collecting my data in order to be able to offer me services; they’re collecting my data to sell it.

Reply | Quote

I’ve adopted StartPage to use Google Search without user tracking.
I considered going back to using personal domain email to avoid that one but then I realized the majority of people I correspond with have migrated to Gmail, Yahoo or Microsoft. So even if I don’t use them, my email will end up there. Thats an arena that needs diversification but email is becoming an old folks medium.

One of the larger keys is staying logged out of some of these services and diversifying what you use. Putting all your eggs in the Google or the Microsoft basket is a mistake. But even these measures are no cure-all. They still get your IP address so they can send you the information and can match that to when you are logged in.

The bigger issue is also that the longer they do this, the more uses they find for user data. And the more they market those uses and popularize them, thus normalizing it.

Reply | Quote

Well the Google tracking obviously has flaws. It showed that while I was taking a nap today, with my cell phone on the bed stand beside my bed, I took a trip to another state! Although I have not been to that location in many months, it showed me taking trips there 5 days in the last week.

Reply | Quote

Does anyone honestly believe that the NSA will stop doing what it does in response to the passage of a mere law ?

These are the people that already break numerous laws, and have no compunctions about breaking one or two or 100 more unless there are consequences.

When the build is razed, the equipment and databases are publicly destroyed, and most importantly, NSA executives start going to prison, then and only then would any rational person have any faith that these criminals have been stopped.

Don’t hold your breath waiting for any of this to happen.

Reply | Quote

IMHO, what we really need fair and just enforcement of the existing private laws.

Reply | Quote

There is not going to be any privacy rule reform because there is too much money being made without it.

The shareholders of these companies all lobby Congress to alter or remake the laws in the way that they want and call the consumer a politically foul name for protesting. If you can remember back in the days when there was more than one ISP in a neighborhood, they almost had competition. The cable companies successfully lobbied Congress to give them regional monopolies under the fallacy that prices were going to be lowered and services were going to be improved (go back and check your handouts) and what we have is none of that.

Consumer anger means absolutely nothing to a big corporation unless it impacts the share price or the consumers are so enraged that sales drop off. This is true in government as well as the private sector. Look at what happened with the rollout of healthcare.gov and the impact it had on government leadership ratings. Look at what happened to Target and how its sales are dropping and how that is driving reforms (?), Look at the drop in Apple share prices because of Apple’s arrogance despite the proclamations of its apologists. It takes events of this size and magnitude to make a difference. Uncle and Auntie in Cheyenne Wyoming simply want to click the button and do something without all of this hassle. They may not even have antivirus or malware software installed. Think about all the celebrities who were hacked and the fact that they, like our relatives in Cheyenne Wyoming, they simply wanted to click the button.

Think about the horrible software that we endure regardless of the operating system that we use and things do not improve unless there is some sort of marketplace event. The days of publishing software because it was good have all long since gone and are not going to come back as long as you have a large number of IT companies whose customer service attitude is “we got your money, now go away we have a party to attend”.

New privacy laws and not going to happen unless there is a voting advantage in doing so; we can rail and scream all we want but unless it shows up in the voting booth, we are just wasting our breath. Look at what happened with do not track at all those other initiatives for privacy that gave great press coverage, but not much else.

Reply | Quote