In purported efforts to help the public “understand the privacy risks of carrying a mobile phone,” the ACLU and the EFF are suing the Justice Dept. for “documents, memos, and guides” about procedures used to track individuals through cell phones.

The American Civil Liberties Union and the Electronic Frontier Foundation aren’t looking for money — except to cover their own costs — in their most recent lawsuit against the US Department of Justice. Instead, the two civil liberty advocacy groups want information about whether and how the government might be using the location capabilities in cell phones to find out where people are.

“The overwhelming majority of Americans — over 200 million people — carry mobile phones. This large number is steadily increasing. The information the ACLU seeks therefore bears on the privacy of a vast segment of the United States population,” according to the complaint, which was submitted this week under the Freedom of Information Act.

“Recent court decisions and media reports reveal that US Attorneys Offices (USAOs) are assisting law enforcement officers in obtaining information from mobile carriers that enables officers to track the location of individuals’ mobile phones,” the document says.

“Court decisions indicate that USAOs claim not to need probable cause to obtain real-time tracking information. News reports further suggest that some field offices are violating a Department of Justice ‘internal recomendation’ that ‘federal procecutors seek warrants based on probable cause to obtain precise location data in private areas.’”

Filed in federal court in Washington, D.C., the lawsuit asks the DOJ to search several specific federal offices within the agency — including US Attorneys’ Offices in six states and the District of Columbia — for records related to cell phone tracking.

The types of records sought in the suit pertain to policies, procedures, and practices used for obtaining mobile phone location information; the DOJ’s “internal recommendation” and any violations of that recommendation; and the number of times the government has applied for a court order, based on less than probable cause, using that court order as authority to obtain mobile phone location information, “and whether such applications were successful.”

In an appendix to the court document, the plaintiffs have attached a news article that mentions a couple of location-based services already offered by mobile providers for tracking people outside the realm of criminal justice. The two examples include Verizon Wireless’ Chaperone service, aimed at helping parents to track their kids, and Sprint Nextel’s “loopt” service, for “sending an alert when a friend is near.”

It’s important to note, though, that if carriers are enabling cellular tracking — whether for parents, friends or law enforcement officials — any location data they’re obtaining really refers to the phone itself, as opposed to the mobile subscriber.

Many cell phone owners don’t carry their phones with them at all times. People also lose and temporarily misplace their phones, and loan them to family members and even casual acquaintances. Consequently, a cell phone’s location isn’t exactly a solid indicator of the actual current location of the owner of that phone. So beyond any privacy risks, there could be risks, too, of mistaken identity.

Posted in Cell Phones, Privacy, eLaw | Leave a Comment | No Comments »

Last month Ask.com added a direct link to its privacy policy via a “Privacy” linkconveniently placed on its homepage.

It was observed that even Google didn’t have the ‘Privacy Link’ and that this move might compel the search giant to do the same to their homepage too.

Well, now according to Official Google Blog, Google has finally introduced the ‘Privacy’ link on their home page.
According to Marissa Mayer at the Google Blog , “Larry and Sergey told me we could only add this to the homepage if we took a word away - keeping the “weight” of the homepage unchanged at 28. Given that the new Privacy link fit best with legal disclaimers on the page, I looked to the copyright line. There, we dropped the word “Google” (realizing it was implied, obviously) and added the new privacy link alongside it.”

With privacy advocates and organization breathing down Google’s neck, with this move, Google has finally found some room to breathe. The display of the privacy link would surely ease the concerns of these organizations.

Posted in Google, Privacy | Leave a Comment | No Comments »

All the engineering acumen in the world, or at least in the Googleplex, can’t prevent an old-fashioned burglary of unencrypted employee data held by an outside firm.

A failing company also failed to adequately keep its assets protected from theft. Colt Express Outsourcing Services lost some data to a Memorial Day burglary, and it’s now come to light that the dominant search engine formerly used that company’s services.

Unfortunately for Google, and for CNET employees also affected by the theft, a report at CNET noted employees from both firms were in the same boat. “No credit card numbers were in the stolen data; just names, addresses, SSNs–all the information needed for a thief to open a credit card account under another’s name,” the report said.

An ex-Google staffer, Danny Thorpe, blew the whistle on the Google data loss. Employees hired before the end of December 2005 at Google may now have their personally identifiable information skating around places like the forums favored by identity thieves and traders.

Colt doesn’t appear to be the best managed firm in the world, either. CNET said the company is in financial trouble, with the company’s founder washing his hands of any potential assistance Colt might give affected individuals.

We’re betting Colt will be on the receiving end of more attention from Google, specifically the legal department. “We take the security of our employees very seriously and require outside vendors to meet appropriate security standards,” a Google rep told CNET.

Posted in Google, Privacy | Leave a Comment | No Comments »

Sweden has adopted contentious legislation that will give officials sweeping powers to eavesdrop on all email and telephone traffic that crosses the nation’s borders.

After heated debate and last-minute changes, MPs approved the bill that has outraged some many politicians and prompted protesters to hand out copies of George Orwell’s novel 1984 outside the Stockholm parliament.

The bill was passed on a 143-138 vote on Wednesday and will become law in January.

Google and the Swedish telecoms company TeliaSonera have called it the most far-reaching eavesdropping plan in Europe, comparable to a US government surveillance programme.

“By introducing these new measures, the Swedish government is following the examples set by governments ranging from China and Saudi Arabia to the US government’s widely criticised eavesdropping programme,” said Peter Fleischer, Google’s global privacy counsel.

Since the law was first proposed in 2005 - in a country known and praised for its democratic principles - critics have slammed it, saying it would encroach on privacy and jeopardise civil liberties. On Wednesday, hundreds of protesters gathered outside parliament in a last attempt to stop the law.

Supporters say the legislation is needed to ensure safety against terrorist attacks in a high-tech society where advanced technology can also be used by would-be attackers.

The new powers will give Sweden’s National Defense Radio Establishment the right to scan all international phone calls, emails and faxes for sensitive keywords, without needing a court order.

Posted in Privacy | Leave a Comment | No Comments »

The Government Accountability Office (GAO) says that new laws are needed to safeguard people’s personal information. Decades-old laws no longer cover the “increasingly sophisticated ways” that the government collects information, such as through biometric scans of fingerprints, the report said.

“In today’s highly interconnected environment, information can be gathered from many different sources, analyzed and redistributed in very dynamic, unstructured ways,” the GAO’s Linda Koontz says in testimony prepared for a hearing today by the Senate Homeland Security Committee.

Much of the way personal information is handled today, including being sifted through data-mining systems that search for patterns, is not covered by the Privacy Act of 1974, she says.

As states begin collecting information in coming years to produce new secure drivers’ licenses, government databases will get even larger. “The government has no business collecting our personal information if it cannot ensure the American public it will be protected from identity thieves and other prying eyes,” says Caroline Fredrickson of the American Civil Liberties Union.

Committee Chairman Joe Lieberman, I-Conn., says citizens can be left vulnerable to identity theft, stalking, discrimination, unwarranted surveillance or loss of employment if their personal information isn’t properly secured. “It is essential for the government to collect and use personal information,” he says. But the government must “properly balance our many policy goals against potential incursions on privacy.”

The GAO report suggests that Congress update the Privacy Act to reflect the changing times and technologies.

Sen. Susan Collins, R-Maine, agrees: “In the digital age … we must be even more vigilant to ensure that rapid technological change does not undermine the privacy rights that Americans treasure.”

Bruce Schneier, chief security technology officer at the British telecommunications company BT, says it will be difficult for Congress to pass a law that could really protect the vast amounts of information the government holds.

The underlying problem, he says, is that “massive, massive data collections” are kept by private industry and the government, a proliferation of data he calls the “pollution problem of the information age.” He says that it’s difficult to safeguard it all.

Posted in Privacy | Leave a Comment | No Comments »

The Swedish parliament has delayed a vote on a bill that would allow local authorities to monitor e-mail and fax messages and telephone calls.

The bill, due to be voted Wednesday morning, now goes back to the Committee on Defense to be slightly reworked in order to appease critics within the majority coalition. The changes are meant to beef up protection of personal privacy.

Four members of the majority coalition would have to vote against the bill for it to fail, which seemed likely during a long debate in the parliament on Tuesday.

A new vote is expected later Wednesday, the last day for floor debate in the current parliamentary session, or on Thursday. Parliament looks likely to then approve the bill.

The bill, if passed, will allow the Swedish Defense Radio Establishment, a civilian organization that falls under the Ministry of Defense, to listen in on wired traffic that crosses Swedish borders, to protect against what has been dubbed “external threats.”

56 percent of Swedes think the parliament should just say no the bill, 34 percent think it should approve it, and 10 percent has no opinion, according to a survey by Novus Opinion, done at the behest of TV channel TV4.

Only 21 percent are nervous about being bugged themselves, the survey found.

Posted in Privacy | Leave a Comment | No Comments »

Sweden’s “Big Brother” law, allowing the government to snoop on all outgoing cross-border emails, could be blocked tomorrow by a handful of rebel parliamentarians ready to defy their party whips.

If the dissenters derail the law - dubbed Lex Orwell by the Swedes - it will be a major blow to the centre-right government, which claims that it needs the restrictions, the tightest in Europe, to guard itself against terrorist plotting. But critics say it makes a nonsense of Sweden’s long modern tradition of respecting privacy and citizens rights and is part of a more disturbing trend across Europe to scratch away at civil liberties.

The latest example, which stirred concern in Sweden, was British efforts to extend the period of detention for terror suspects: the rebels are consciously drawing on the example of David Davis, the Conservative who resigned to fight more independently against the state encroaching on individual rights.

Karl Sigfrid, a member of the ruling Moderate party, said today that he was determined to vote against the law.

“Preventing the cable-based surveillance system is more important than my political future,” he said.

“Mass surveillance of Swedish citizens is a measure that is not proportionate to the problems Swedish authorities are expected to solve.”

The centre-right coalition of prime minister Frederik Reinfeldt has only a four seat majority. Yet so far at least four deputies from the coalition ranks, including Mr Sigfrid, have indicated that they will defy the whips. The parties met until the early hours of this morning to see what could be done to persuade the mavericks - Annie Johansson of the Centre Party, Cecilia Wikstroem and Birgitta Ohlsson of the Liberals were all deeply sceptical about the law - to toe the line. The talks resumed a few hours later before the beginning of the debate in parliament. Yet it is still unclear whether the government would scrape the vote.

Although the established printed press opposes the law, the liberal Dagens Nyheter said the government was about to take on Stasi-like powers, the driving force of the protest has been the blogging community.

A Facebook protest group has over five thousand members and they in turn have been influencing the youth wings of the government parties, sewing the seeds of a parliamentary rebellion. They are up in arms about the restrictions which seem to change fundamentally the terms by which Scandinavians use the internet. The new bill gives extended interception powers to the National Defence Radio Establishment (FRA) which, despite its title is a civilian agency. Operators will have to help the authorities by channelling information about their users to the FRA through so-called collection nodes. The FRA argues that it is not focussed on individual email traffic and phone conversations; the agency would pick up on key word searches and would use pattern analysis.

But as a former head of the Swedish security service, Anders Eriksson complains the government will be given a free hand to fish for information. He says too much reliance is being put on the good will of the state authorities.

“Instead of having a single representative of a government authority make that decision we should, as in other countries, subject this activity to democratic and parliamentary monitoring,” said Mr Eriksson.

The bill was also too vague in authorising intercepts in case of “external threat”, said the former security head.

The implications for internet service providers are huge. Those in neighbouring countries will have to route around Sweden because if they expose their customers to surveillance, they could open themselves up to legal action. Finnish providers are already taking steps. Peter Fleischer, Google’s Global Privacy Counsel, has also made it plain that it will not place Google servers in Sweden if the bill is passed.

“Apart from the stringent surveillance measures,” says Mr Fleicscher, “the Minister of Justice also want to introduce a monitoring duty for internet access providers.” This, he said, (see peterfleischer.blogspot.com), would fly in the face of European eCommerce legislation.

Other countries are extending their powers: in Britain, Home office officials have been discussing a giant database holding details of every phone call and e-mail for at least 12 months. In Germany, the nation most sensitive to data privacy abuse, the main telecommunications group has had to admit that it actively trawled through confidential phone records to track down a mole in the Deutsche Telekom boardroom.

But Sweden is proud of its tradition of guarding the rights of the individual. It was the first society to introduce the principle of the government ombudsman. And by law, journalists are not allowed to reveal their sources unless the sources give them explicit permission. Now reporters fear that this unusual professional protection will also disappear.

“The declared intention of this law is to protect Sweden from outside threats,” said the Sydsvenskan newspaper,” but it risks being transformed into a domestic threat.”

Posted in Privacy | Leave a Comment | No Comments »

Posted in Privacy, Security | Leave a Comment | No Comments »

A security feature which gave punters total privacy has been dumped from the final version of Firefox 3.

Private Browsing would have disabled all caching, cookie downloads, history records, and form data during the session.

If it worked it would have meant you could surf the Web and leave nothing sticky on your computer.

Mozzarella Fountain’s big cheese in security Johnathan Nightingale, said that Private Browsing was, in principle, pretty cool. It would mean that what you were about to do would not be logged anywhere.

You hit a button and everything past that point isn’t logged. Then you hit the button again and you were visible again.

It would be handy while you were borrowing a computer and didn’t want your mates to see you had been checking out porn, violence, or Apple’s product pages.

Nightingale said, however, that the main problem with the button is that it touched a lot of code. It was likely to interact with Web sites and mashups and things like that and was just a crash waiting to happen

Posted in Privacy, Software | Leave a Comment | No Comments »

Verizon has announced that they will be stopping access to tens of thousands of Usenet discussion areas including the very popular alt.* groups that have been around since the late 1980s.

Verizon spokesman Eric Rabe said only a select few newsgroups/discussion groups would be offered to customers going into the future. It appears the decision is in response to political “strong-arming” from New York State Attorney General Andrew Cuomo who wants strong restrictions on all newsgroups.

Cuomo added that his office had found child porn on at least 88 newsgroups, although that percentage is tiny compared to the over 90,000 newsgroups that exist. “We are attacking this problem by working with Internet service providers…I commend the companies that have stepped up today to embrace a new standard of responsibility, which should serve as a model for the entire industry,” read a press statement from Cuomo’s office.

Newsgroups are a pre-Web technology that has relied on ISPs and Universities to operate servers in which users can exchange messages and files.

With the decision however, comes the shut down of many useful newsgroups such as symantec.customerservice.general, us.military, microsoft.public.excel, and fr.soc.economie. which have longed helped users.

One user of the alt.hierarchy was very upset over the decision. “This is ridiculous. I actually met my wife on alt.personals, 14 years ago… I still use usenet - there are a lot good discussions and a person can get answers to questions on specific topics pretty quickly. It’s nice to have a decentralized place to hold discussions, one that is not beholden to a sysadmin to correctly run a forum, one that’s free of blinking gifs and flash ads.”

Posted in Privacy | Leave a Comment | No Comments »