Posts

Privacy Expert: NSA Intercepting Your Address Books, Buddy Lists

Snowden_Leak_Tip_of_the_Iceberg_of_NSA_Surveillance_Program__141492What makes a privacy expert nervous? Glimpsing the size of the iceberg under the surface. When National Security Agency contractor Edward Snowden became a whistle blower earlier this year, I think we all knew we were really just seeing the tip of the iceberg about exactly how much information the NSA was gathering on the average American citizen.  And it was a pretty large tip to start with.

Here’s a reminder of what started the whole thing.  Snowden provided reporters at The Guardian and The Washington Post with top-secret documents detailing two NSA surveillance programs being carried out by the U.S. Government, all without the average voter’s knowledge. One gathers hundreds of millions of U.S. phone records and the second allows the government to access nine U.S. Internet companies to gather all domestic Internet usage (so they are tapping pieces of your phone calls and emails, in other words). The intent of each program respectively is to use meta-data (information about the numbers being called, length of call, etc., but not the conversation itself, as far as we know) to detect links to known terrorist targets abroad and to detect suspicious behavior (by monitoring emails, texts, social media posts, instant messaging, chat rooms, etc.) that begins overseas. As a privacy expert, I understand the need to detect connections among terrorists; the troubling part is the scope of the information being gathered. Read more

Digital Footprint: Exposing Your Secrets, Eroding Your Privacy

Does your digital footprint expose your secrets to the wrong people? 

National Public Radio and the Center for Investigative Reporting recently presented a four part series about privacy (online and off) called, Your Digital Trail. To get the gist of how little privacy you have as a result of the social media, credit cards and mobile technology you use, watch this accurate and eye-opening explanation of how you are constantly being tracked. 
Marketers, data aggregators, advertisers, the government and even criminals have access to a vivid picture of who you are. NPR calls it your digital trail; for years, I’ve referred to it as your digital footprint. Let’s take quick look of what makes up your digital footprint.

What is your digital footprint? 

Just like a car leaving exhaust as it runs, you leave digital traces of who you are without even knowing it. Here is a partial list of the ways that you are tracked daily: cookies on your computer, apps on your smartphone or tablet, your IP address, internet-enabled devices, search engine terms, mobile phone geo-location, license-plate scanners, email and phone record sniffing, facial recognition systems, online dating profiles, social networking profiles, posts, likes, and shares, mass-transit smart cards, credit card usage, loyalty cards, medical records, music preferences and talk shows you listen to on smartphone apps, ATM withdrawals, wire transfers and the ever-present, always rolling surveillance cameras that tell what subway you rode, what store you shopped in, what street you crossed and at what time. Is there anything, you might ask, that others don’t know about you? Not much.

What happens to your data that is tracked? 

According to NPR, a remarkable amount of your digital trail is available to local law enforcement officers, IRS investigators, the FBI and private attorneys. And in some cases, it can be used against you.

For example, many people don’t know their medical records are available to investigators and private attorneys. According to the NPR story, “Many Americans are under the impression that their medical records are protected by privacy laws, but investigators and private attorneys enjoy special access there.”  In some cases, they don’t even need a search warrant, just a subpoena. In fact, some states consider private attorneys to be officers of the court, so lawyers can issue subpoenas for your phone texts, credit card records, even your digital medical files, despite the HIPAA law.

Kevin Bankston, senior attorney with the nonpartisan Center for Democracy and Technology, explains that the laws that regulate the government regarding privacy were written back in the analog age, so the government often doesn’t have many legal restraints. When the Fourth Amendment guaranteeing our rights to certain privacies was written, our Founding Fathers weren’t thinking about computers and smartphones!

Specifically, the Fourth Amendment states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.”  In the “old days” police would have had to obtain a search warrant (showing probable cause) and search your home for evidence of criminal activity.

But since the 1960’s and 1970’s, the Supreme Court and other courts have consistently ruled that if you have already shared some piece of information with somebody else, a warrant is no longer needed.  So now when you buy something with a credit card (letting your credit card company know what you’ve purchased), or drive through an intersection with license plate scanners (telling law enforcement where you’ve been) or Like something on Facebook (letting the social network and everyone else know your preferences), you have, in essence, given the government (as well as corporations and criminals) the right to gather information about you, whether you are guilty of anything or not.  So much for probable cause.

In this age of cloud computing, the issue becomes even more, well, clouded.  Take the case of a protester arrested during an Occupy Wall Street Demonstration in New York City.  The New York DA subpoenaed all of his tweets over a three and a half month period.  Of course, his lawyer objected, but the judge in the case ruled that the proprietary interests of the tweets belonged to Twitter, Inc., not the defendant!

How can we defend our digital footprint against privacy violations? 

My takeaway from the NPR piece? We are so overwhelmed by the tsunami of privacy erosion going on, by the collection, use and abuse of our digital footprints, that the surveillance economy we have created will only be resolved by broad-stroke, legislative action. Until that happens, corporations, criminals and even our government will consume all of the data we allow them to. And so will we.

John Sileo is an expert on digital footprint and a highly engaging speaker on internet privacy, identity theft and technology. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Screen Shot 2013-10-11 at 2.11.21 PM

Online Privacy and Teens: Help Them Care if They Don't

,

facebook teenBefore you read this article, stop and picture yourself as a 16 year old.  Now that you’ve recovered from the trauma of that, think about this question: what thoughts consumed your time – your favorite band, your first car, your first love, your first job, your first password?  Certainly not the latter, and you most likely weren’t thinking about online privacy issues.

It’s no surprise then that today’s teens don’t think about them much either, although they do more than most of us ever had to.  The Pew Research Center recently conducted a survey entitled Teens, Social Media, and Privacy and found a variety of interesting statistics.

Teens share more about themselves on social media sites than they did according to the previous survey from 2006.  A few of the more significant ones:

  • 91% post a photo of themselves (up from 79%)
  • 71% post their school name (up from 49%)
  • 53% post their email address (up from 29%)
  • 20% post their cell phone number (up from 2%)

Some new questions revealed that teens also post other potentially risky information:

  • 92% post their real name
  • 82% post their birth date
  • 24% post videos of themselves
  • 16% have set their profile to automatically include their location in posts

The good news is that while teens are sharing more, they are also becoming more aware of privacy concerns; 60% of teen Facebook users set their profiles to private.  In addition, 89% of those users indicated it’s “not difficult at all” or “not too difficult” to set privacy controls.

Teens also manage their profiles in other ways to help control their reputation:

  • 59% have deleted or edited a previous post
  • 53% have deleted comments from others
  • 74% have deleted people from their network or friends list
  • 26% have posted false information to help protect their privacy

While some of these statistics would seem to indicate that teens are becoming more aware of protecting their privacy and reputation, there are still far too many that are just not concerned.  In fact, just 9% responded that they were “very concerned” and 31% were “somewhat concerned that some of the information they share on social networking sites might be accessed by third parties like advertisers or businesses without their knowledge.”  Undoubtedly, some of this lack of concern comes from simple, blissful teenage ignorance.  One teen that participated in a focus group discussion said, “Anyone who isn’t friends with me cannot see anything about my profile except my name and gender.  I don’t believe that [Facebook] would do anything with my info.”

In contrast to this, 81% of parents are “somewhat” or “very” concerned about what advertisers can learn about their children’s online behavior.  Too bad it’s not 100%, but if you’re reading this, I’m guessing you’re one of the 81%.  Because you care, and because your children quite likely do not, it may fall to you to help them be safe online.  We’ve addressed this many times in the past (in articles referenced below), but it’s so important that we wanted to revisit it.  The most basic steps:

  • Have a frank discussion about what concerns you. Discuss how advertisers use the information they can easily garner when we use social media, and warn them (AGAIN AND AGAIN!) about how strangers can access it, too.  Our Summer School for Parents article addresses the specifics in case you missed it.
  • Teach your child how to play it smart on Facebook.  We addressed this in our Facebook Privacy article with some detailed action items.
  • Check out our Smartphone Survival Guide and Facebook Safety Survival Guide if you want more specifics.

It may be hard to pull your teens off their social media sites long enough to have these discussions, but it will be worth the effort to protect their online privacy.

John Sileo is an online privacy expert and professional speaker on social media privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

 

 

 

 

 

 

 

 

Summer School for Parents: Protecting Your Kids' Social Media Privacy

, ,

girls phones summerSchool is out for the summer and the tasks that often fall upon the shoulders of your local schools are now sitting squarely on yours.   In addition to making sure your kids practice their math facts, read regularly and get plenty of exercise, you’ll want to watch out for how they spend their free time when it comes to using Facebook, Tumblr, Instagram, Twitter, YouTube and other sites that can expose their social media privacy.

Social Media refers to web-based and mobile applications that allow individuals and organizations to create, engage, and share new user-generated or existing content in digital environments through multi-way communication.  Okay, that’s too technical. Social media is the use of Internet tools to communicate with a broader group. Some of the most common examples are listed above.  If you have elementary aged children, they may use more secure, school-controlled forms such as Schoology, Edmodo or Club Penguin, but if your kids are older, I can almost guarantee they’re into Social Media sites whether you know if or not.

Statistics show that 73% of online adolescents visit social networking sites daily and two billion video clips are watched daily on YouTube.  The American Academy of Pediatrics recently conducted a study that found that 22 percent of teenagers log onto their favorite social media sites more than 10 times a day, and that 75 percent own cell phones.

So, how do you battle such a time-consuming, captivating influence over your children?  You don’t, because you won’t win!  Instead you look at social media privacy best practices that schools implement and do the same at home.

  • Expect the Internet to be used appropriately and responsibly and set agreements and consequences with your children if it is not.  The Family Online Safety Institute can guide your discussion and even provide a contract.
  • Expand your typical discussions about strangers to include social media
    • Don’t accept unknown friend requests
    • Don’t give out personal info – specifically: last name, phone number, address, birthdate, pictures, password, location
  • Warn kids about the dangers of clicking on pop-up ads or links with tempting offers, fun contests, or interesting questionnaires, even if they’re sent from a friend.  They may really want that free iPad being offered, but chances are it’s just a way for someone to glean their personal information.
  • Monitor the information your kids give out and their use of sites; let your children know they should have no expectation of privacy.  (Make that part of your contract.)  You can also install filtering software to monitor their social media use and even their cell phones.  A few popular ones are Net Nanny and PureSight PC to help keep your child safe online and My Mobile Watchdog to help with monitoring their cell phones.
  • Check your privacy settings for all Internet sites and make sure they are set to the strictest levels.
  • Remind your child that once it’s published, social media is public, permanent, and exploitable forever- even when “deleted”
  • If your children are not 13, keep them off of Facebook since that is their stated age limit. There are plenty of reasons, not the least of which involves the emotional repercussions of being “unfriended” or cyber bullied.  When they are ready, have your children read and study the actual Facebook user agreement and privacy policy and discuss it with them.
  • Set limits on social networking time and cell phone time, just as you would for TV hours. Many families limit total screen time, which includes everything from computers, iPads, smartphones, and video games to our old fashioned notion of television.
  • Be a good example yourself.  Monitor your own amount of time spent online and seek to find a balance of activities. When you are on you iPhone at dinner, you are letting your kids know that this is acceptable behavior.
  • Monitor your child’s activities and try to stay educated about the latest platforms!

Social Media can be a positive way for kids to continue to develop friendships while they’re home for the summer and to feel like they’re connected to a community that matters more to them than anything.  But there are risks that come with it and it’s your job as a parent to protect them from those risks just as surely as you keep them from taking candy from a stranger

Social networking has an addictive component because dopamine (a natural feel-good drug produced by the body) is released anytime we talk about ourselves. And what is social networking if not a constant exposé of what is happening in our lives? Just make sure you know what is happening in your child’s life, even in the more relaxed months of summer.

John Sileo is an online privacy expert and professional speaker on social media privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

Your Online Data Security may be in Danger if you use Skype

Skype is often praised for being free to use, but your online data security may be the real price you pay.

A recent experiment conducted by Ars Technica, with the help of independent security researcher Ashkan Soltani, proved that Skype operator, Microsoft, just can’t keep its nose out of private messages.  Soltani and Ars Technica sent through four test links and discovered that two of them were clicked on.  Even though snooping is technically within its right due to the terms of use customers agree to, the Skype encryption assurance states:

“All Skype-to-Skype voice, video, and instant message conversations are encrypted.  This protects you from potential eavesdropping by malicious users.”

I guess they consider themselves exempt. Of course, Skype reserves the right to see personal details in order to delete viruses and protect against fraud. In other words, they intend to use this ability for your own good.

What makes this particular case tricky is Skype’s popularity in the business world as a platform for meetings and video conferences. Though this test only focused on private messages, it’s not a stretch to think that important business calls are also monitored, or could be.

Everyone should always consider the possible consequences of sending information over the Internet, and realize that even giants like Microsoft are not protecting your online data security.  There’s only one foolproof way to ensure your information is protected, and that’s to do it yourself, or seek out an expert to show you how. 

John Sileo is a social online data security expert and professional speaker on building digital trust. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Why the boss should also be the privacy expert

If you’re the head of a company, it’s your duty to be no less than a privacy expert. Cyber criminals are betting on the fact that you aren’t one, and your whole company could suffer if you don’t take action to become one.

We’ve discussed before the necessity of keeping employees well-trained against cyber attacker’s tricks, such as spear-phishing. Well, it turns out that the big bosses are actually even more likely to fall for social engineering attacks according to a recent article in the Wall Street Journal.

The article quoted a study by Verizon that indicates these executives are often exempt from company-wide security rules and are more likely to open email or click on links that expose their company’s secure information.  Especially at a time when so many are hit with phony emails, no one can afford to be lax on cyber security. CEOs and other high-level bosses are usually highly visible, public-facing, have access to proprietary information, and are often disengaged from the online security process: in other words, they are the perfect target. 

It might stem from a sense of superiority comma or simple ignorance, but whatever the cause, bad behavior is bad behavior, no matter who’s doing it. So what can a boss do to be more of an space here online privacy expert? Try these tips:

  • Encryption: Take special care to encrypt and password-protect data on your devices. All of them.
  • Attend training: Acting high and mighty can have real consequences if you don’t attend, or worse, don’t provide training for your employees. Instead, seek out and gain knowledge from a privacy expert.
  • Physically secure sensitive information: You wouldn’t leave your filing cabinet open for anyone to access. Why do the same with your data? Don’t demand special privileges because you’re the boss.  Keep your firewalls enabled and guard your personal information, especially when on social networking sites.

The sort of attacks that can take down giants won’t spare your company either. The higher up you are, the more responsible you need to be, because it’s not just your name on the line: it’s the security of everything in your organization.

John Sileo is a digital privacy expert and professional speaker on building digital trust. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Scorecard grades tech companies’ online privacy protection efforts

We trust our information with companies every day, but online privacy protection may not be their highest priority.

Some of the most widely-used tech companies in the world do a miserable job of protecting users’ online privacy. The Electronic Frontier Foundation has gathered data on the privacy protection efforts practiced by organizations like WordPress, Apple, Comcast and others (many of whom have also been victims of data security breaches recently) for its annual “report card.” Then it awarded stars to the companies as if they were hotels.

The results are abysmal for anyone who still thinks that corporate behemoths have their users’ best interests at heart.

Stars were given based on how well a company performed in various categories. Out of 18 companies measured, only two passed with flying colors in all six categories: Twitter and internet service provider Sonic.net. The rest scored poorly. Facebook earned 3 out of 6 starsApple and AT&T scored one star and Verizon struck out with zeroes across the board. If this were a real report card, most of these companies would have been expelled.

One category assesses whether these businesses enforce transparencyor the ease with which you can access and understand the data that they are collecting on you. Another category judges how much of your information they share, when requested, with the government. Although LinkedIn and—surprisingly—Google performed well in this area, social networks like FourSquare, Facebook, and MySpace came up short

Yahoo recently agreed to purchase Tumblr for the very purpose of aggregating more of Tumblr-users’ data. According to the report card, Yahoo makes little effort to protect your privacy, and Tumblr isn’t much better.

Paying attention to online privacy protection is like weeding your garden. If you don’t take some time to do it early in the Spring, you’ll spend the rest of the year unsuccessfully trying to undo the consequences.

John Sileo is an online privacy protection expert and professional speaker on building digital trust. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Social Media Privacy Laws Provide Protection for Employers and Employees

Do you know your social media privacy rights as they pertain to your workplace?

They will be different depending on where you live because the laws vary from state to state. Utah recently became the fifth state to put into effect such a law that governs the rights of both employees and employers. Legislation has also been introduced or is pending at the Federal level and in 35 states.

This has become a hot topic because more than 90 percent of employers use social media sites to help screen applicants. Since applicants have the ability to determine their online privacy settings to decide what is out there for public viewing, some employers have asked for access to their private social media content to get the real picture.

In addition, employers contend that having access to social media accounts of employees allows them to protect sensitive company information such as trade secrets and financial figures. Employees argue that the information may be used to discriminate against them and inherently invades their privacy. In reality, most of the current legislation actually seeks to protect both sides.

Utah’s Internet Employment Privacy Act enforces protection of employees’ online identities, dictating that an “employer may not request disclosure of information related to [a] personal Internet account.” Also known as House Bill 100, this law, which applies to both employees and applicants, includes asking for usernames and passwords. If employers are found guilty of this, they may face up to a $500 fine. Additionally, the law states that employers may not “take adverse action, fail to hire, or otherwise penalize” anyone who will not disclose their information.

There are exceptions built in to protect the employer. They may legally require such information if the employer has provided the device and/or service or if the information is needed to carry out a disciplinary investigation, particularly if the employee’s actions in some way compromise the company – i.e. sharing of proprietary/confidential information or financial data. In addition, the employer can still view publicly available information in order to conduct due diligence.

In the ever-changing world of social media privacy legislation, one thing is clear; it will keep changing! Both employees and employers should check the current status in their state. The National Conference of State Legislatures provides a good listing to help you do this. As always, know your rights and act on your responsibilities.

John Sileo is a social media privacy expert and professional speaker on building digital trust. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Online reputation site must defend itself after losing customer data

Online reputation services have a special responsibility to keep clients safe. How can you protect yourself when the very company you rely on is breached?

Would you trust a site with your personal information after it suffered a breach? What if that site’s sole purpose is to protect your reputation?

Reputation.com helps its members maintain a reputable online profile, but the site’s own profile was damaged by a recent data breach that led to the exposure of customer information. Although no Social Security numbers or financial information was lost, names, email addresses, and physical addresses were exposed. It’s been reported that some dates of birth, phone numbers, and occupational information were also lost. A “small minority” of customer accounts had hashed and salted passwords stolen. 
 
Hashing’ passwords is the process of using algorithms to change customers’ passwords to a unique data string. The ‘salt’ adds more characters to produce a unique data fingerprint. The company has notified all customers of the breach and reset passwords to protect them. But Reputation.com is not alone in being hacked recently. LivingSocial, a daily-deal website, was breached, affecting 50 million customers.
Maintaining our online reputation is important to us and the internet, social media and mobile technology are great tools that give us a competitive advantage. However, we cannot ever take our online privacy for granted. Three tips to keep you ahead of identity theft are:
  • Use a password protection program that makes it easy to use highly-encrypted passwords
  • Change passwords on sensitive accounts monthly
  • Maintain strict privacy and security settings in your browser preferences

John Sileo is an online reputation expert and in-demand speaker on data security, social media safety and identity theft. His clients have included the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.