HazDat
23Nov/11

Malls track shoppers’ cell phones on Black Friday

He knows when you are sleeping...

NEW YORK (CNNMoney) -- Attention holiday shoppers: your cell phone may be tracked this year.
Starting on Black Friday and running through New Year's Day, two U.S. malls -- Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. -- will track guests' movements by monitoring the signals from their cell phones.

While the data that's collected is anonymous, it can follow shoppers' paths from store to store.
The goal is for stores to answer questions like: How many Nordstrom shoppers also stop at Starbucks? How long do most customers linger in Victoria's Secret? Are there unpopular spots in the mall that aren't being visited?

While U.S. malls have long tracked how crowds move throughout their stores, this is the first time they've used cell phones.

But obtaining that information comes with privacy concerns.

The management company of both malls, Forest City Commercial Management, says personal data is not being tracked.

"We won't be looking at singular shoppers," said Stephanie Shriver-Engdahl, vice president of digital strategy for Forest City. "The system monitors patterns of movement. We can see, like migrating birds, where people are going to."

Still, the company is preemptively notifying customers by hanging small signs around the shopping centers. Consumers can opt out by turning off their phones.

Via http://money.cnn.com/2011/11/22/technology/malls_track_cell_phones_black_friday/

Share
8Feb/11

I Know What You Did Last Winter (Snow Job)

For those who believe revenge is a dish best served cold...

Like so many around the country, David Welles has had to endure a long cold Winter this year -- only made worse by the volume of snow in front of his Chicago home, and the untimely disappearance of his snow shovel. While Welles is no better equipped to dig his way out of a snowstorm than anyone else without a shovel, he was perfectly equipped to identify the perpetrator -- or, at least her car. That's because Welles works for a security company by the name of Tunnel Vision Technology, and it appears as though he's been visiting the supply closet.

While we'll presume that David's "eagle eye" came with a receipt, the snow shovel he caught his neighbor stealing on digital video didn't. Under ordinary circumstances, one might turn the evidence over to the police. Then again, under ordinary circumstances, it's not likely there would have been any evidence. But, these are no ordinary circumstances, and these are no ordinary times.

David's shovel was probably worth less than $25, maybe ten on the street. The trail was cold before it was laid. And the "perp" wore gloves, so no fingerprints. This wasn't about money. This was about the age's-old relationship between a man and his tools. Besides, Welles had another idea. He entered an arms race, added a dose of PsyOps... and then he turned to YouTube. The result? What Welles calls, "The Quadrilogy of My Favorite Snow Shovel". See the results for yourself.

(NOTE: If you are ONLY connaisseur of revenge, skip to the mid-point.)

Share
27Jan/11

Mixed Messages: US Govt. Tells Companies to Collect User Data, But Not To Use It

Last month the US Federal Trade Commission testified before Congress in order to establish "Do Not Track" legislation, challenging companies to either self-regulate, or face potentially stiff laws prohibiting the tracking of Internet users. This week the US Department of Justice testified before congress to establish regulations requiring data retention for the purposes of investigation and prosecution.

"Data retention is fundamental to the department's work in investigating and prosecuting almost every type of crime," US deputy assistant attorney general Jason Weinstein told a congressional subcommittee on Tuesday. "In some ways, the problem of investigations being stymied by a lack of data retention is growing worse." Weinstein acknowledged that greater data retention requirements raise legitimate privacy concerns but "any privacy concerns about data retention should be balanced against the needs of law enforcement to keep the public safe."

Emphasizing the vast disparity between the testimony of  these two Federal organizations is the following statement from the FTC's own prepared statement to Congress expressing a principal of "reasonable security and limited retention for consumer data" among companies collecting sensitive data.

"A key to protecting privacy is to minimize the amount of data collected and held by ISPs and online companies in the first place," according to John Morris, general counsel at the non-profit Center for Democracy & Technology. "Mandatory data retention laws would require companies to maintain large databases of subscribers' personal information, which would be vulnerable to hackers, accidental disclosure, and government or other third party access."

The DOJ's request would require "an entire industry to retain billions of discrete electronic records due to the possibility that a tiny percentage of them might contain evidence related to a crime," says Kate Dean, executive director of the Internet Service Provider Association. "We think that it is important to weigh that potential value against the impact on the millions of innocent Internet users' privacy."

Share
13Jan/11

Privacy Law’s Gone Ex Parte Like it’s 1986…or 1984

A byproduct of life in the 21st Century is that many of the perks of a post-centennial lifestyle require the abdication of a fair bit of privacy to cyberspace. That means that the paper records that once required a search warrant to read (and maybe the forceful extraction from your cold-dead-hands), are now in the possession of companies who don't. Of course there's Facebook and Twitter. Those didn't exist in the 20th. Century. But, what about your phone records and email? While your phone company has long been subject to a warrant or subpoena, in the 21st. Century new "self-service" tools have been developed to help telcos manage the onslaught of requests made particularly attractive by the fact that most of us carry what amounts to a homing-beacon in our pockets. Similarly, while email has always been an attractive source of discovery, until recently most of it resided on each correspondent's physical, and virtual, desktop waiting to get written-over by something more current. Today, it's more likely been put out to pasture in a seemingly-endless "server farm", waiting to be picked by a custodian of records.

Even our personal computers, which have always required a search warrant, and often require a cascading series of search warrants covering various regions of storage space and categories of searches, are rapidly being replaced by windows to the web -- sleek sheets of glass and sculpted-aluminum that act as a portal to your virtual existence. Like a supermodel, these tablets are thin and beautiful, but two-dimensional, with very little substance inside. What makes these devices a reality today is a combination of near-ubiquitous Internet connectivity and access to your personal online data once it's established. Even the notion of "backing up" is becoming a thing of the past, because the data you see, isn't really here. It's somewhere else, presumably safe from destruction, but not necessarily from dissemination. Like many things in life, it's a trade-off.

But, not when it comes to fighting crime. The shift of discovery from physical space to cyberspace is a decided advantage for law enforcement. In fact, Google reports that it responded to more than 4200 discovery requests in the first-half of 2010 alone. One of the reasons these requests have become so popular is that online data is easier seize than a laptop, and often much more useful. Much of what can be had requires no search warrant at all, and thanks to online tools, can be had without even so much as contacting the service provider. Why? Because, unlike the data on your hard drive, you don't necessarily own your data when it's stored in cyberspace.

The Electronic Communications Privacy Act was enacted by Congress in 1986 -- long before most people had access to the Internet, email, or a cellphone. When Mark Zuckerberg's only friends were his stuffed animals. Mind you, it was revolutionary for it's time -- enacted to extend government restrictions on wire taps from telephone calls to also include transmissions of electronic data by computer. But, it doesn't address current evolution. Today, far more can be gleaned from a historical records search than any telephone wiretap. Perhaps that's why last year the Department of Justice argued in favor of warantless email searches. Or why in the same year the DOJ argued that cellphone users had abdicated any expectation of privacy by using a service that stores location data.

Read more at http://www.nytimes.com/2011/01/10/technology/10privacy.html?_r=2&pagewanted=2&ref=technology

Share
10Jan/11

Filed Under “Things You Thought You Could Take for Granted”: Court Holds there is a Reasonable Expectation of Privacy in the Contents of Emails

Show of hands: How many people have a reasonable expectation of privacy when you send an email? It turns out, as late as December 2010, you may have had no reasonable expectation of privacy when it came to your email correspondence -- at least that was the opinion of the United States Department of Justice (DOJ). And, between your Internet Service Provider's (ISP) Terms of Service (TOS), and the 1986 Stored Communications Act (18 U.S.C. §§ 2701-2712), you may not have under various circumstances.

M. Scott Koller, of McKennon | Schindler in Newport Beach, CA has written a very comprehensive overview of the decision, why it was ever in doubt, and the 1986 act that got us here in the first place.

Read more at http://www.reasonableexpectation.com/2011/01/09/stored-email-protected-by-the-4th-amendment/

Share
8Jan/11

When it comes to last year’s holiday gifts, Uncle Sam wants to know if you’ve been bad or good. So be good for goodness sake!

Via EFF:

What do an online donation to the International Red Cross, a bank transfer to family members living in Vietnam, and a payment sent through PayPal for an expensive rug in Turkey have in common? The government wants to know about them. And, if new rules proposed by the Financial Crimes Enforcement Network, or FinCEN, go into effect, the government will — along with your name, address, bank account number, and other sensitive financial information.

In September, FinCEN, an agency component of the Department of the Treasury, proposed a set of rules (pdf) that would require banks and money transmitters to report to the government any cross-border electronic funds transfer. Yesterday, we submitted a comment (pdf) opposing the agency’s proposal.

Essentially, under the proposed rules, anytime you electronically transfer money into or out of the country, the government wants to know. The proposed rules require banks and money transmitters, like PayPal or Western Union, to submit reports documenting the amount of money sent or received, where that money came from, and where it is going. Depending on the type of transfer, a variety of information would be included in the reports, including the name, address, bank account number, and taxpayer ID number of the sender; the amount and currency of the funds transfer; and the name and address of the recipient. Passport numbers or alien ID numbers could also be required for some transfers.

The government wants reports on all electronic bank-to-bank transfers, regardless of whether the transfer is $1 or $1,000,000. For money transmitters, reports would be filed for transfers at or above $1,000. FinCEN estimates it will receive 750 million reports every year, and the agency wants to keep the data for ten years. Once the reports are filed with FinCEN, other federal law enforcement agencies — the FBI, IRS, ICE, and the DEA — would all have access to the data.

Shortly after FinCEN announced the rules in September, EFF filed a FOIA request seeking documentation that would justify the agency’s law enforcement need for the regulations. We also sought information demonstrating that FinCEN had taken adequate data-security precautions for handling such a massive amount of sensitive information. The agency produced some records, but the documents provided no evidence that the proposed rules are necessary to deter money laundering and terrorism financing, or that the agency had adequately assessed the privacy implications of the proposed rules.

In our comment, we opposed the rules for three reasons:

1. The new reports are unlikely to be effective in preventing terrorism financing — the primary impetus behind the regulations in the first place.

2. While the agency sought the advice of financial institutions, other law enforcement agencies, and even foreign governments when developing the rule, FinCEN never solicited the opinions of privacy advocates during the drafting process.

3. The agency has not provided any evidence that the technological systems are in place to safely receive, transmit, and store the vast quantities of highly-sensitive information the rules would require.

We strongly oppose the government’s attempt to pry into the sensitive financial dealings of citizens, especially when there is no demonstrated need and no evidence that the agency is equipped to handle that much sensitive information. Comments on the proposed rules are due December 29th, and can be submitted here. We urge you to join us in opposing these intrusive new regulations.

Read full article at http://www.eff.org/deeplinks/2010/12/sending-money-overseas-holidays-government-wants

Share
4Jan/11

Can you hear me NOW?

Your Cellphone Is Subject to Warrantless Searches in California [Privacy] http://bit.ly/fTsSnb

Share
14Mar/10

FTC Queues-in on Netflix Member Privacy

Attn. MPAA: There are much worse ways to copy movies than with a computer.

In 2007 prosecutors in Anchorage Alaska accused 34 year old stripper Mechele Linehan of plotting a murder based on the 1994 movie "The Last Seduction". Life so closely imitated art, said prosecutors, that they even tried to have the movie played for the jury.

Rockstar Games Grand Theft Auto

In 2008 a teenager confessed that he was trying to imitate scenes from the video game "Grand Theft Auto" when he robbed a murdered a taxicab driver in Bangkok Thailand. Movies like "The Deer Hunter" (1978) are even believed to have inspired several "copycat" suicides in the late 1970's and early 80's.

All of this may seem like fodder for censorship advocates, but that debate has largely come and gone in favor preserving the First Amendment's right to free speech. Wise as the framers of the U.S. Constitution may have been, few would accuse them of being clairvoyant. After all, who could have predicted the impact the Internet would some day have on both the precept of free speech and the concept of privacy?

Though many speak of the "right to privacy", it is not, at least as far as the U.S. Constitution is concerned, a right at all. It is, nonetheless, an ethos that has long been coveted by Americans, and is implicit in the Fourth Amendment's:

...right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures...

Of course, mention the term "search" to most people today, and it's far more likely to conjure thoughts of friends lists", home pages and e-books, than actual people, houses and papers. And while, in just the past few years, popular culture has come to embrace the sharing of intimate, private and personal details with virtual strangers, the desire to remain "secure" seems to be very much alive in the 21st Century. In fact, more than any other, the Fourth Amendment has played a central, albeit contested, role in the litigation of hi-tech criminal evidence.

I know what you watched last summer...

So, what does all this have to do with your Netflix queue? Though Americans, and many other people around the world, may be willing to voluntarily divulge personal information, either in trade for modern conveniences and services, or increasingly, for a sense of online significance, we're not quite as enthusiastic when it's taken from us and shared without any tangible return. It's no longer a secret that the monetary value of data has been pre-calculated into the return on investment (ROI) of so many of today's business models, but consumers still tend to expect a certain level of security. In recent years the bar has been set pretty low. Still, it may surprise many to learn that "anonymous" usage data can be deciphered into personally-identifiable intelligence, as proven by a pair of researchers at the University of Texas using what was thought to be anonymous user data provided to contestants in the three-year $1 million "Netflix Prize" to improve the site's recommendation results.

The UT's results brought both unwanted attention from the Federal Trade Commission and a lawsuit from a private firm, resulting in Netflix's decision last week to cancel a planned sequel to the prize awarded last year.

It's not hard to imagine how this sort of data could be exploited to peddle shoes to people who have rented all six seasons of "Sex in the City", or BestBuy ads targeted at fans of NBC's "Chuck".

Dreamworks Minority Report (2002)

It's no longer extraordinary to see similar data exploited in the process of investigating crimes either. Certainly the viewing interests and habits of the individuals mentioned above have been considered relevant discovery by law enforcement. In these cases, there's little, if anything, to decipher.  Anything that Netflix knows about you, your account, and your viewing habits, is subject to a warrant, and, with or without much imagination, could be incriminating. How many of us haven't seen a good fictional car case, a well-written murder plot, a scripted street-fight, or a perfectly executed crime? The consumption of such fiction could be hazardous to your defense, if it proceeds similar accusations.

Now, imagine the same evidence available to anyone, without a warrant, subpoena, or probable cause. Perhaps someone at the FTC had the movie "Minority Report" in their queue.

Share
12Nov/09

Infidelity — There’s a map for that.

How Google might know what you did last summer -- even if you forgot.

google-latitude-781430Google Latitude is a service that allows users to see and share their location on a Google map live and in real-time. The service runs on most smart-phones, regardless of service provider, including Apple's iPhone, Windows Mobile, the Palm Pre, and, of course, Google's Android. Latitude relies on a combination of GPS, cellular tower triangulation, and wi-fi triangulation. Having brushed-up on the service for a recent National Public Radio (NPR) Interview, I have since considered Latitude one-part creepy, and two-parts cool. However, the creepy / cool ratio may be shifting.

This week Google introduced a new and improved Google Latitude -- with enhanced features like "Location History".  With Location History Latitude users can go back in time retrace their footsteps, and even see where they stayed-put, and for how long. Kind of cool...yet, very creepy. But practical?

Imagine, for example, you're the owner of a Palm Pre on Sprint's 3G Now Network , having trouble remembering where your were when you told your spouse you were somewhere else? Now, there's a map for that!

But wait -- there's more! How about "Location Alerts"? Certainly, a application that would alert you when a particular individual, say a family member, has left work or school, would be very practical. After a while of being alerted every time someone is, or has arrived, exactly where you would expect them to be, however, could get old. So, Google's geniuses stepped it up a notch. According to Google, Latitude will learn user's patterns and behavior so that alerts can be issued when a person has strayed from their routine -- left at a different time, or arrived at a different place.

For example, if you decide to staycation with your mistress, you can receive a handy alert when your spouse leaves the office earlier than usual. Or, if traffic is particularly light, Latitude will let you know when it's time for a quick window-exit.

Best of all, when the jig is up, no one has to know, because -- for now -- Google is making all these free services available to you, and no one else... at least, without subpoena powers.

This is deception... on the Now Network.

Share
28Oct/09

Location, Location, Location.

Recently, I had a wonderful opportunity to play a game of hi-tech "phone tag" on the streets of San Francisco with Reporter Martin Kaste from NPR's "All Things Considered". Late last Summer I was  asked if I would be willing to sit down for an interview for a story he was researching about location privacy. But, instead of agreeing to meet Kaste, I told him he had to find me.

With the aid of his GPS-equipped smart-phone, some software, a little patience, and a good pair of walking shoes, he was able to "tag" me sipping a latte outside a coffee shop on Market St. Of course, with my own GPS, and software-equipped smart-phone, I was able to see him coming. What follows are the fruits of that encounter:

Digital Bread Crumbs: Following Your Cell Phone Trail

Jeff Fischbach is a little bit like those guys in The Matrix — when he puts on his shades and looks at the world, he sees data.

Walking down the street in San Francisco, he points out all the devices that record people's comings and goings: digital parking meters, apartment intercom systems, digital security cameras...

Listen to NPR's Digital Bread Crumbs: Following Your Cell Phone Trail

Audio and transcript: http://www.npr.org/templates/story/story.php?storyId=114241860&ft=1&f=1019

Share

Log In


Join the conversation...

Join the conversation on Twitter

Join the conversation on Facebook

disquslogo_180 Subscribe to RSS feed

Join the Google conversaton…

Geo Visitors Map