The New York Times gives tips on how to make it more difficult to track your Internet activities. Here’s the context of why you’d want to cloak your Internet trail:

There are no secrets online. That emotional e-mail you sent to your ex, the illness you searched for in a fit of hypochondria, those hours spent watching kitten videos (you can take that as a euphemism if the kitten fits) — can all be gathered to create a defining profile of you.

Your information can then be stored, analyzed, indexed and sold as a commodity to data brokers who in turn might sell it to advertisers, employers, health insurers or credit rating agencies.

And while it’s probably impossible to cloak your online activities fully, you can take steps to do the technological equivalent of throwing on a pair of boxers and a T-shirt. Some of these measures are quite easy and many are free. Of course, the more effort and money you expend, the more concealed you are. The trick is to find the right balance between cost, convenience and privacy. Read more »

CNet reports that, unsurprisingly, the FBI is pushing for companies that offer Internet services (such as social-working and e-mail) to allow government surveillance of their users’ activities:

The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.

In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.

The FBI general counsel’s office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly. [...] Read more »

Rep. Ed Markey (D-Mass), co-chairman of the House caucus on privacy, has sent letters (Markey page; archive pdf) to nine major wireless communications companies  – U.S. Cellular, Sprint Nextel, T-Mobile USA, Leap Wireless Inc./Cricket Communications, MetroPCS, Verizon Communications, AT&T, C Spire Wireless and TracFone Wireless — and asked “each about its policies and practices for sharing their customers’ mobile phone information with law enforcement agencies. Markey said in a news release that “disclosure of this personal information raises important legal and privacy concerns, particularly in the absence of consumer knowledge or consent or judicial oversight. We need more information about current wireless carrier practices in this area, including how firms may be profiting from consumers’ personal data, and I look forward to the responses from the wireless carriers.”

In the letters, Markey references a March 31 New York Times article that reported: “Law enforcement tracking of cellphones, once the province mainly of federal agents, has become a powerful and widely used surveillance tool for local police officials, with hundreds of departments, large and small, often using it aggressively with little or no court oversight, documents show.” Read more »

On Thursday, U.S. Department of Homeland Security Secretary Janet Napolitano visited Canberra, Australia, to celebrate the 70th Anniversary Commemoration of the Battle of the Coral Sea (related to World War II). She also came to sign agreements, including one to “improve information sharing between the United States and Australia.” During her trip, she spoke at the Australian National University and her speech (DHS html; archive pdf) focused on “Achieving Security and Privacy.” She focused on highlighting similar goals between the two countries while skimming past the differences in the countries’ privacy-protective laws and programs. Here’s an excerpt from her prepared remarks:

So today, I would like to talk about some of these security challenges, and specifically, to express my belief that we can, and we will, meet them … while simultaneously protecting civil rights and privacy.

As we work to meet evolving threats, we must protect our values, including the rights, liberties, and privacy of our peoples.

After all, everything we do to combat terrorism and violent extremism is rooted in the fundamental objective to secure for future generations the values and way of life that our countries share.

Privacy has long been one of these core values. [...]

Read more »

In March, the Federal Trade Commission started a new technology blog and Twitter account for FTC Chief Technologist Ed Felten. Recently, Felten wrote two posts concerning the issues of anonymity and privacy. In the first, he discusses “hashing” as a poor technique for “anonymization.” (We’ve discussed problems with anonymization and de-anonymization before.) Felten writes:

What is hashing anyway? What we’re talking about is technically called a “cryptographic hash function” (or, to super hardcore theory nerds, a randomly chosen member of a pseudorandom function family–but I digress). I’ll just call it a “hash” for short. A hash is a mathematical function: you give it an input value and the function thinks for a while and then emits an output value; and the same input always yields the same output. What makes a hash special is that it is as unpredictable as a mathematical function can be–it is designed so that there is no rhyme or reason to its behavior, except for the iron rule that the same input always yields the same output.

He goes on to give an example of how a hash can be a poor anonymization technique, but he also notes: “Does this means that hashing always fails, and is never a good way to scrub data? Almost, but not quite. There are more advanced uses of hashing that can offer some protection in some settings. But the casual assumption that hashing is sufficient to anonymize data is risky at best, and usually wrong.” Read more »

To recap: In 2010, Google came under fire for its Street View product, where the online services giant photographed homes and other buildings in numerous countries as part of its online mapping service, as individuals said the photos invaded their privacy. Then, in 2010, Google announced that, for more than three years — in more than 30 countries — it had been “mistakenly collecting” personal data from open WiFi networks as its vehicles roamed the streets taking photos for its Street View mapping service. Later, the company admitted the data collected — without individuals’ knowledge or consent — included entire e-mails and passwords. And it was revealed that “Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data available through Google.com.” The online services giant faced questions from states, and Google reached a settlement with Connecticut over the data collection. In October 2010, the Federal Trade Commission announced that (pdf) it had closed an investigation into possible privacy breaches by Google’s Street View after the company pledged to stop gathering consumers’ e-mail, passwords and other personal data.

A few weeks ago, the Federal Communications Commission decided (redacted pdf) that it would not take enforcement action against the company over this data collection and retention, but it would fine Google for impeding the agency’s investigation into the private data collected and retained via its Street View product. The FCC noted that it still had “significant factual questions” about the Street View data collection and that it could not interview “Engineer Doe,” the Google engineer “who developed the software code that Google used to collect and store payload data,” because Doe had invoked his Fifth Amendment right against self-incrimination. (“Payload data” is a technical term for sensitive, private data such as e-mail messages, passwords, Internet search or browsing history.)

The New York Times spoke with a former state investigator (several states investigated the data collection by Google through its Street View project) and he identified Engineer Doe as “Marius Milner, a programmer with a background in telecommunications who is highly regarded in the field of Wi-Fi networking, essential to the project.” Milner directed reporters to his lawyer. Read more »