Online privacy

Court: Warrantless requests to track cellphones, Internet use grew sevenfold in D.C. in three years

Sealed law enforcement requests to track Americans without a warrant through cellphone location records or Internet activity grew sevenfold in the past three years in the District, new information released by a federal judge shows. Details about the growth come as the US Supreme Court weighs whether to rein in such rapidly expanding demands. Legal experts said the disclosure appears to mark a first, and that neither the Justice Department nor private companies have previously made public such specific data about how often law enforcement agencies seek those court orders. The summary data gave counts of requests by year from 2008 through 2016 made in criminal cases handled by the Justice Department or US attorney’s office for the District. Details about each individual case, such as the name of a suspect or what records were sought, were not disclosed.

The requests were made under a 1986 statute that enables law enforcement agencies to obtain court orders requiring ­communication service providers to turn over records about individual customers. The orders do not apply to information about telephone calls, such as the time, date, duration and numbers dialed, which can be obtained in other ways. Instead, the requests seek individuals’ Internet connection records or cellphone tower records. Those records exclude the content of communications but can be highly valuable to investigators seeking to establish a history or pattern of movement, conduct or relationships. The information requests can include Internet browsing logs and activity; the time, date, size, sender and recipient of email, instant or social media messages, or other transaction records; as well as computer identification numbers and information about websites that a user accessed.

Silicon Valley mostly quiet in internet surveillance debate in Congress

Apparently, Facebook, Alphabet's Google, Apple, and other major technology firms are largely absent from a debate over the renewal of a broad US internet surveillance law, weakening prospects for privacy reforms that would further protect customer data. While tech companies often lobby Washington on privacy issues, the major firms have been hesitant to enter a fray over a controversial portion of the Foreign Intelligence Surveillance Act (FISA), industry lobbyists, congressional aides and civil liberties advocates said. Among their concerns is that doing so could jeopardize a trans-Atlantic data transfer pact underpinning billions of dollars in trade in digital services, apparently.

Technology companies and privacy groups have for years complained about the part of FISA known as Section 702 that allows the US National Security Agency (NSA) to collect and analyze e-mails and other digital communications of foreigners living overseas. Though targeted at foreigners, the surveillance also collects data on an unknown number of Americans - some privacy advocates have suggested it could be millions - without a search warrant. Section 702 will expire at the end of 2017 unless the Republican-controlled Congress votes to reauthorize it. The White House, U.S. intelligence agencies and many Republican senators want to renew the law, which they consider vital to national security, without changes and make it permanent. A coalition of Democrats and libertarian-leaning conservatives prefer, however, to amend the law with more privacy safeguards.

Why tech firms are fighting California's privacy push

States across the country are trying to figure how out to regulate consumer privacy in the digital ad space, but the battlefield to watch is Sacramento (CA). There, lawmakers are vetting a bill today that would require internet service providers like Verizon and Comcast to get permission from customers before sharing their data with marketers.

As the lines between media, tech and telecom companies blur, Internet providers and the web companies that use their pipes have a rare alliance in opposing the bill. They all have a stake in the fight as telecommunications companies buy media companies (think Verizon buying Yahoo and AOL) and web companies are, in some cases, working on their own connectivity initiatives (think Google Fiber). A new privacy law in California would be a threat to ISPs trying to break into the digital advertising market and the start of a slippery slope for the Facebook-Google duopoly.

California legislation to ‘protect’ privacy won’t solve privacy problems

[Commentary] Despite its name, the California Broadband Internet Privacy Act, awaiting votes in the state Senate, won’t do anything meaningful to protect consumer privacy on line. Instead, it will curb innovation and reduce competition, hurting consumers whose interests it purports to protect.

The measure, AB 375 by Assemblyman Ed Chau (D-Monterey Park), is intended to crack down on internet service providers that are allegedly selling sensitive personal web browsing information without consumers’ consent. Its backers argue that it will fill a supposed “privacy gap” left when Congress repealed Federal Communications Commission draft rules adopted during Barack Obama’s administration. Here’s why they’re wrong. First, the proposal attacks a nonexistent problem. Internet service providers have committed that they will seek permission from consumers before using sensitive personal information, such as health and financial data. Customers will have to affirmatively “opt in” before any such transaction could take place. So no one’s personal data is being sold. Second, even if a problem exists, there are legal tools to combat it. In short, there is no legislative privacy gap. Third, the state bill is based on a flawed proposal by the FCC. Don’t take my word for it. Ask America’s top privacy cop, the FTC.

[Jon Leibowitz, a partner at Davis Polk & Wardwell, was Federal Trade Commission chair from 2009-2013. He is co-chair of the 21st Century Privacy Coalition, a trade group of broadband providers.]

The Dark Side of That Personality Quiz You Just Took

Personality quizzes have some sort of perennial appeal. Facebook newsfeeds are filled with BuzzFeed quizzes and other oddball questionnaires that tell you which city you should actually live in, which ousted Arab Spring ruler you are, and which Hogwarts house you belong in. But these new online quizzes have a dark edge that their analog predecessors didn’t.

In the wake of the US election, a secretive data firm hired by Donald Trump’s campaign boasted that it has been using quizzes for years to gather personal information about millions of voters. Its goal: the creation of digital profiles that can predict—and possibly exploit—Americans’ values, anxieties, and political leanings. Whether this firm, Cambridge Analytica, has actually used predictive profiles to influence people isn’t certain; reports suggest it hasn’t, at least not directly. But the company’s methods nonetheless expose the growing scale of personality analysis online—and the dangers that come with it. On the internet, anything you do is like taking a personality quiz: Everywhere you click reveals something about you. And you’re not the only one who sees the results.

Why it took more than a week to resolve the Verizon data leak

A communication breakdown and a vacationing employee were the reasons it took more than a week to close a leak that contained data belonging to 6 million Verizon customers, according to Chris Vickery, the cybersecurity researcher who discovered the breach. Verizon said recently that an employee at one of its vendors, NICE Systems, had accidentally made the data available to anyone who had the public link to the cloud.

It’s our last chance to choose information independence over special interests

[Commentary] Americans’ information independence is under attack, whether it’s the repeal of network neutrality or the repeal of broadband privacy protections. The Federal Communications Commission needs to listen and serve the American people, not special interests. I am committed to protecting both your privacy and the internet as we know it. A free and open internet is essential to our democracy, economy and modern way of life.

The Scary Reason Companies Like Verizon Keep Blowing Your Digital Privacy

The Verizon debacle joins a lengthy list of incidents where companies and government agencies have accidentally published people’s confidential information, a problem that experts say may be getting harder to fix as more companies their storage to the cloud. Chris Vickery, director of cyber-risk research at UpGuard, found the Verizon data trove sitting in a critical data repository managed by a third vendor based in Israel. The repository had been misconfigured—a human error—leaving it unprotected. Thanks to a chronic shortage of skilled tech workers, it’s hard to find employees with the necessary skills and training to consistently avoid such mistakes, Vickery says. Tech workers setting up cloud systems or in-house servers can misunderstand the settings on the software they’re setting up, or cut corners to make data more easily accessible within the organization.

The net neutrality fight is also about protecting your privacy online

[Commentary] If there's anything lawmakers should have learned from activists over the past few years it's this: Do not make the internet angry.

In March, congressional Republicans once again felt the wrath of the internet community when they reversed the Federal Communications Commission’s broadband privacy rules. The blowback from the vote was massive, prompting members of Congress to hide from angry constituents. Now President Donald Trump and FCC Chairman Ajit Pai are digging even deeper and looking to overturn the historic 2015 Net Neutrality win. If they think the internet is going to take that sitting down, they have another think coming. The internet community and allied companies come together to remind President Trump, Chairman Pai and Congress that millions of people in America have made their support for net neutrality known. They know that the repeal of net neutrality means the end of real privacy protections, means paying more for worse service — and enables companies like AT&T, Comcast and Verizon to decide how you use the internet.

[Sandra Fulton is the government relations manager for Free Press Action Fund]

Could consumer internet privacy legislation show potent populist appeal?

[Commentary] Could a consumer revolt against cable television rates before the 1992 election replay with digital data in the upcoming election cycle?

Rep Marsha Blackburn (R-TN), chair of the of the House Commerce Committee’s Subcommittee on Communications and Technology, introduced a bill that requires internet service providers to get opt-in consent from consumers before sharing sensitive personal information, and allow opt-out of sharing other information. Her abrupt and unconventional turn on internet privacy came after widespread public reaction to the congressional repeal of the Federal Communications Commission’s privacy rules.

Those who believe that the bill is not likely to pick up any legislative momentum might argue that general anxiety about digital trails left across the internet does not pack the political punch of rising cable rates that consumers could feel when they balanced their checkbooks each month. Blackburn’s bill also may be seen as a response to some of the edge providers that were most vocal in their objections to the repeal of the privacy rules.