Security, Your Privacy Rights, and Spyware
Facebook security, children's rights to privacy, tracking software, selling data
2012 The data strongly suggests that security becomes more of a priority with
age. The report
focuses on differences between baby boomers (56- to 65-year olds) and generation Y (18- to 25-year
olds).
Modern young adults have grown up surrounded by amazing technology, tech that they naturally take for
granted. Does their innate tech-expertise make them better at protecting privacy and staying safe online?
In
a word, no.Young folks are more likely to prioritize entertainment or community over security, while more
than half of the boomers placed security first. Perhaps not surprisingly, boomers worry more about email
attacks while Gen Y expects trouble to come through social networks or P2P file sharing.
2012 4 high-tech ways the federal government is spying on private citizens
http://news.yahoo.com/blogs/technology-blog/4-high-tech-ways-federal-government-spying-private-153556125.html
One of the running jokes in the 1980s was how the former Soviet Union spied on its private citizens. As
comedian Yakov Smirnoff used to joke: "In Soviet Russia, TV watches you!" But here in America,
we
were all safe from the prying eyes of the government.
Fast forward to 2012, when the U.S. government actually has the tools and capabilities to spy on all its
citizens. These eyes go well beyond red light cameras. Right now, the government is tracking the movements
of private citizens by GPS, reading private citizens' emails, and possibly even reading what
you're
saying on Facebook. It does so all in the name of law enforcement and Homeland Security, of course — but
whether or not that makes you feel safer is up to you.
1. The NSA is building a massive data center in Utah to read every email you'll ever send.
Many of us are aware that little of what we say on social networks is really private. But you'd think your emails would be safe from prying eyes — especially those of your government. Not so, once the government completes work on a top-secret Utah data center reportedly built to spy on civilian communications. The $2 billion facility, slated to be complete by September 2013, is allegedly designed to be able to filter through yottabytes (10^24 bytes) of data. Put into perspective, that's greater than the estimated total of all human knowledge since the dawn of mankind. If leaked information about the complex is correct, nothing will be safe from the facility's reach, from cell phone communications to emails to what you just bought with your credit card. And encryption won't protect you — one of the facility's priorities is breaking even the most complex of codes.The good news (if there is any) is that the sheer volume of internet traffic and emails sent in a single day is far too much to be read by human eyes. Instead, the government will likely need to rely on complicated algorithms to assess each transmission and decide if they represent a security threat. So you're probably out of the government's earshot here... as long as you watch what you say.2. The FBI maintains detailed files on numerous public, semi-public, and private figures.
Have you ever thought of taking a job with the government? If you value your privacy, think twice — the government runs incredibly extensive background searches on its high-profile applicants.What kind of information does the government want from its applicants? Well, when former Apple CEO Steve Jobs was under consideration for a job with George H.W. Bush's administration in 1991, the FBI compiled a massive file on him. Included in that file: the fact that Jobs had a 2.65 GPA, his history of marijuana and LSD usage, and his tendencies to "distort reality" and to "twist the truth" in order to achieve his goals.Of course, Jobs is far from the only figure with an FBI file. Other public personalities profiled by the FBI include John Lennon, Marilyn Monroe, Jimi Hendrix, and even Anna Nicole Smith. If you're curious about what goods the FBI has on you, you can always submit a request to view your own personal file. It is worth noting, of course, that the government doesn't profile everyone - just certain people of interest.3. Homeland Security is reading your tweets and Facebook status messages.
Unless you play around with your Twitter and Facebook privacy settings, just about anything you say is public. So it might not come as a surprise that the Department of Homeland Security is seeking contractors to build software and hardware capable of reading through what it calls "publicly available social media." Essentially, the government wants to read through your tweets and status messages to see if there's any information that might help in detecting threats. There are some ground rules to the project. The government won't pose as a Twitter follower and won't accept or send any Facebook friend requests. Still, even with those restrictions, there's a lot of information floating out there for the feds to read, even if most of it is nonsense about Justin Bieber.4. Your ISP may soon be required to keep files on what sites you visit.
The idea sounds pretty far out there - a law that would require your internet service provider to keep constant tabs on you, along with detailed records of what websites you visited and when. But that's exactly what the Hawaii state legislature proposed this January with H.B. 2288 and companion bill S.B. 2530. The bill, sponsored by State Rep. John Mizuno (D), "requires internet service providers... keep consumer records for no less than two years." The bill then goes on to specify that these records must include "each subscriber's information and internet destination history information." Thankfully, the bills' sponsors withdrew the offending legislation from debate. But the reason wasn't just public outcry. Also a factor was the fact that the U.S. House of Representatives is considering a similar bill titled Protecting Children From Internet Pornographers Act. That bill, sponsored and written by Texas Republican Representative Lamar Smith, would mandate that commercial ISPs create logs of customers' names, bank information, and IP addresses. That information could later be used by attorneys seeking to prosecute in a criminal trial or even in civil cases and divorce trials.
Not much is private anymore Between private companies violating your privacy and now the government, is there any way to avoid prying eyes? Not really, unless you make significant changes in the way you use the web. So before you send that next tweet or post that next Facebook status message, think about whether or not you'd be okay with a complete stranger looking at it - because that's very well what may happen.
"A Guide to Facebook Security" (PDF) is a free, 20-page pamphlet geared primarily toward teens, their parents, and teachers. Co-written with fellow security expert Linda McCarthy and teacher/editor Denise Weldon-Siviy, it is available to view and download from Facebook.
What happens at
Facebook should stay at Facebook.
What do
Facebook, the CIA and your magazine subscription list have in common? Maybe more than you think . . .
Please see this first. [more]
See and learn more about web 2.0 and Social Networks
CHILDREN'S RIGHTS
Learn about children's right to privacy.
Find out who collects information about them and who sells that information. Learn what you can do to protect your child's privacy.
How to protect the social security number.
Who Sells Information about children?
PARENTS, TEACHERS, ADMINISTRATORS, SCHOOL BOARDS do you know WHO IS COLLECTING AND SELLING selling children's information? IT'S PERSONAL
selling data
online profiling
American ISPs are tracking you then selling
your personal information, sharing data with outside ad firms.
Find out which ones and how you can opt out. American ISP
for
pimping user data to NebuAd, the Phorm-like behavioral ad targeter."What Your Broadband Provider
Knows
About Your Web Use: Deep Packet Inspection and Communications Laws and Policies." Contact Congressman
Ed Markey, John D. Dingell(chairman of the House Committee on Energy and Commerce) and Joe Barton (ranking
member of the House Committee on Energy and Commerce).
Choicepoint sells your information to criminalsChoicePoint received the "Greatest Corporate Invader" award "for massive selling of records, accurate and inaccurate to cops, direct marketers and election officials."
FTC Issues Report on Online Profiling The report reviews the Network Advertiser Initiative's (NAI) self-regulatory guidelines. These guidelines will oversee the future practices of large profilers such as DoubleClick, Engage and 24/7 Media.
Six Tips to Protect Your Online Search
Privacy PDF
Google, MSN Search, Yahoo!, AOL, and most other search engines collect and store records of your search
queries. If these records are revealed to others, they can be embarrassing or even cause great harm. Would
you want strangers to see searches that reference your online reading habits, medical history, finances,
sexual orientation, or political affiliation?
Recent events highlight the danger that search logs pose. In August 2006, AOL published 650,000 users'
search histories on its website.1 Though each user's logs were only associated with a random ID
number,
several users' identities were readily discovered based on their search queries. For instance, the New
York Times connected the logs of user No. 4417749 with 62 year-old Thelma Arnold. These records exposed,
as
she put it, her "whole personal life."
PRIVACY ON YOUR OWN COMPUTER
GET SMART EMAIL AND SURF ANNONYMOUSLY
Free Online Anonymity Services - maintain your privacy online. WHY??Since 2000, Google has recorded your search terms, the date-time of each search, the globally-unique ID in your cookie (it expires in 2038), and your IP address. This information is available to governments on request. Matt Cutts, a software engineer at Google since January 2000, used to work for the National Security Agency.
Keyhole, the satellite imaging company that Google acquired in October 2004, was funded by the CIA.
"We are moving to a Google that knows more about you." ~ Google CEO Eric Schmidt, February 9, 2005
Privacy Analysis of Your Internet
Connection
"phishing," the practice of
sending
fraudulent e-mail messages en masse to bait people into disclosing sensitive information. Newer scams
involve "malware," which can install itself on a computer through e-mail or pop-up ads, detect
when someone starts to use an online banking program or make a credit card payment, and then record the
person's keystrokes and capture account details. The victims do not even have to do something
foolhardy
like giving away account numbers or passwords.
Learn about KEYLOGGERS - and how to keep it off your computer.
National Science Foundation's Cyber Trust program, which is intended to promote computer network security.
SPY WARE aka advertising-based networks with pop-up ads "The biggest, richest American companies are buying advertising through spyware. The biggest, richest venture capital firms are investing in those who make this kind of unwanted software. That's names like American Express, Sprint PCS, Disney, Expedia, Guy Kawasaki's firm." source
Rootkits - programs that are secretly installed on your computer without your knowledge or permission that hide themselves from you, compromize your ability to protect your computer from skank and won't let you protect your privacy.Digital Rights Management software - Palladium
Seth Schoen of the EFF has a good blog entry about Palladium and TCPA
PROTECT YOURSELF
Google Privacy Practices Rank
Lowest
Leading Internet search engine Google has received the lowest possible rating for privacy practices,
according to a detailed report released Friday by Privacy International, a global organization working for
the protection of privacy. How to use Google.
10 security tips for protecting data while traveling
Buy technology that does not control you.
Richard Stallman is nothing if not determined. For over two decades this bristly MIT geek has championed an arcane cause: free computer programs. Stallman wants you to have the right to twiddle your software -- to be able to add features, rewrite it and, if you can figure out how, teach it get down and do the fandango.How ISP surveillance currently works in England.
Computer Professionals for Social Responsibility
Some Frequently
Asked Questions About Data Privacy and P3P
Nathaniel Borenstein President of Computer Professionals for Social Responsibility 2004
About JOHN GILMORE -- Picture -- Coderpunks Mailing List
About Declan McCullagh -- mccullagh.org's privacy site
Netscape SmartDownload reports file information to AOL
The Register tells that Netscape
Communicator's SmartDownload component records the files it downloads, the client IP, the server
IP,
and the time, then forwards this information to AOL without informing the user. In other words, AOL receives a download-by-download report of each file Communicator downloads, its
file name, your IP, and the server it came from. This information is passed on to AOL without
user interaction or notification. Additionally, the information is recorded locally in a cookie file.
When combined with other exploits which allow for remote transfer of cookie files, this vulnerability
could reveal detailed information on a user's browsing habits.
Privacy Preferences Project - Take the Tour
AT&T Privacy Bird software is free. Tell the software your privacy preferences, and it will tell you
if
websites will do what you want or use your info against your wishes.
The Web Ad
Blocking page
details a way to block specific URLs without software. In essence,
you
map offending IP addresses to your own machine. HTTP requests to offending addresses are sent back to your
machine, where they fail. Works on almost any machine (PC, Mac, Unix, Linux, etc).
The Anatomy of File Download Spyware - The Newsletter Forum
Privacilla.org, Your Source for Privacy Policy From a Free-market, Pro-technology Perspective
GNUPG is the GNU implementation of the OpenPGP
protocol stack, a near and direct descendant of the original Pretty Good Privacy email privacy system of
Phil Zimmermann. http://lists.w3.org/Archives/Public/www-patentpolicy-comment/2001Sep/0041.html
Privacy isn't public knowledge Online policies spread confusion 5/3/00
with Legal Jargon - Do big Web sites want you to understand what they tell you? Maybe not, suggests an
analysis by an independent expert for USA TODAY of the privacy policies of 10 major sites.
Cyber Treaty Goes Too
Far? by Declan McCullagh 5/3/00
Planned Global Net-treaty hands police more power, limits privacy. Details of the "Draft Convention
on
Cybercrime"* Make it a crime to create, download, or post on a website any computer program that is
"designed or adapted" primarily to gain access to a computer system without permission. Also
banned is software designed to interfere with the "functioning of a computer system" by deleting
or altering data.
* Allow authorities to order someone to reveal his or her passphrase for an
encryption key. According to a recent survey, only Singapore and Malaysia have enacted such a
requirement into law, and experts say that in the United States it could run afoul of constitutional
protections against self-incrimination.
* Internationalize a U.S. law that makes it a crime to possess even digital images that
"appear" to represent children's genitals or children engaged in sexual conduct. Linking
to such a site also would be a crime.
* Require websites and Internet providers to collect information about their users, a rule that would
potentially limit anonymous remailers.
SLAPP as Strategic Lawsuits Against
Public Participation.
Anonymity on the net - A new form of lawsuit called a "CyberSLAPP" suit is threatening to
overturn
the promise of anonymous online speech and chill the freedom of expression that is central to the online
world. CyberSLAPP cases typically involve a person who has posted anonymous criticisms of a corporation or
public figure on the Internet. The target of the criticism then files a frivolous lawsuit just so they can
issue a subpoena to the Web site or Internet Service Provider (ISP) involved, discover the identity of
their
anonymous critic, and intimidate or silence them.
PhoneBook project - Making your PC 'Police-Ready' providing you with an encrypted Linux filesystem (virtual disk) with unique 'plausible deniability' and 'disinformation' features.Protecting your On-Disk Privacy with *Deniable Encryption.
Internet Privacy Education Campaign
EFF - Electronic Frontier Foundation - is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member supported organization, now has a RADIO STATION. Programming includes interviews and panel discussions with the people who are on the front lines defending freedom of expression in cyberspace. EFF staff attorneys and activists regularly appear discussing ongoing litigation and legislation that will determine the future freedoms of the individual in the digital age.
Epic.orgGOVERNMENT
Carnivore - The Federal Bureau of Investigation released the first set of documents concerning its Carnivore Internet surveillance system.
Whistle-Blower Outs
NSA Spy Room
AT&T provided National Security Agency eavesdroppers with full access to its customers' phone
calls,
and shunted its customers' internet traffic to data-mining equipment installed in a secret room in its
San Francisco switching center. According to a statement released by Klein's attorney, an NSA agent
showed up at the San Francisco switching center in 2002 to interview a management-level technician for a
special job. In January 2003, Klein observed a new room being built adjacent to the room housing
AT&T's #4ESS switching equipment, which is responsible for routing long distance and international
calls.
How well does Your State do? Rank Your States Privacy Protection
Submit your IRS Tax Return Online? Is your information
secure? NO.
Critical information security weaknesses at the Internal
Revenue.
The report cites 47 specific instances where federal agencies announced their intent to exchange personal data and combine it into their own databases. According to the report entitled "Government Exchange and Merger of Citizens' Personal Information is Systematic and Routine," when an individual submits information to one federal agency, that agency will often share that information with other federal agencies. This sharing often takes place without the knowledge or consent of the individuals involved.
Find Individual Contributor by Zip Code Page for the
1980-2000 Election Cycle
"Type in a 5 digit zip code and find everyone from that geographic area who has contributed to
Federal
campaign committees during the election cycle...1980 -2000"
The Federal Communications Commission
creates a daily internal report called the Daily Circulation Report, which provides the
review and voting status of materials circulating among the Commissioners. Request daily reports from the
FCC:
Federal Communications Commission
Ms. Shoko Hair FOIA Officer [p] 202 418-0216 [f] 202 418-0521
445 12th Street, S.W., Room 1A827 - Washington, D.C. 20554
The Daily Circulation Report is an internal FCC record that is exempt from disclosure under the
deliberative
process privilege of FOIA Exemption 5, 5 U.S.C. § 552(b)(5). See Wolfe v. Department of Health and Human
Svcs., 839 F.2d 768 (D.C. Cir. 1988) (en banc) (records indicating what actions had been completed by the
Food & Drug Administration but awaiting final decision or approval by the Secretary or the Office of
Management and Budget were exempt from disclosure under the deliberative process privilege). The
Commission
has previously withheld the Daily Circulation Report pursuant to FOIA Exemption 5. In a letter to Bill
McConnell, Broadcasting & Cable, dated May 2, 2001, in FOIA Control No. 21-095, Managing Director
Andrew
S. Fishel explained, "Disclosing the list of pending proceedings and other details that identify
these
pending proceedings could chill Commission deliberations on important telecommuni-cations issues.
Disclosure
of this list may lead to unnecessary speculation about individuals responsible for any perceived
decisional
delays and this speculation may lead to precipitous decision making." "David Fiske"
<DFISKE@fcc.gov>
The Center for Responsive
Politics
[P] 202-857-0044; [F] 202-857-7809
Featuring campaign finance and lobbying information on the president, Congress and special interests.
Enter
your state or zip code in the "Get Local!" window for localized campaign finance figures.
To file a complaint, visit: http://www.ftc.gov/ and click on
"File a Complaint Online",
call 1-877-FTC-HELP, or
write to:Federal Trade Commission
CRC-240
Washington, D.C. 20580
If your complaint is against a company in another country, please file it at http://www.econsumer.gov/
If you would like to forward unsolicited commercial e-mail (spam) to the Commission, please send it directly to UCE@FTC.GOV
PUBLIC LIBRARY IS BUGGED
STOP CENSORSHIP GET AROUND FILTERS
County of Los Angeles Public Library Forced to Filter Staff 1/17/00
The Los Angeles County Board of Supervisors, spurred by concerns about the Internet, has required
the
County of Los Angeles Public Library (CoLAPL) to install
"appropriate filtering software" on all child-designated Internet workstations at all libraries
that have more than one workstation and give parents the opportunity to designate whether they wish their
children to have filtered or unfiltered access. While a spokesman for a county commissioner told the Los
Angeles Times that a minor had built a bomb based on a web site found via a public library,
there's no evidence that the incident occurred in Los Angeles, said CoLAPL Public Information Officer
Nancy Mahr. A library task force will test various filtering systems, including the possibility of access
regulated by card. The task force also will determine what categories should be filtered. In addition,
children's terminals will have a default guidance screen that links to youth-oriented sites.
Covert censorship in libraries : a discussion
paper
2005) Covert censorship in libraries : a discussion paper. Australian Library Journal 54(2):pp.
138-147. Full text PDF
Abstract - Librarians, through their
professional associations, have long been committed to the social justice principle of free access to
information. External censorship challenges to library collections threaten this principle overtly.
However, censorship can also occur in libraries in various covert and often unconcious ways. This
discussion paper raises concerns about current librarian practices and library processes which can
effectively censor library collections from within. The paper concludes by highlighting specific areas
of
practice in which librarians need to be vigilant for such covert censorship. (
The FBI Has Bugged Our Public Libraries
November 3, 2002
http://www.ctnow.com/features/lifestyle/hc-privacy1103.artnov03col.story
Some reports say the FBI is snooping in the libraries. Is that really happening? Yes. I have uncovered
information that persuades me that the Federal Bureau of Investigation has bugged the computers at the
Hartford Public Library. And it's probable that other libraries around the state have also been
bugged.
It's an effort by the FBI to obtain leads that it believes may lead them to terrorists.Many members of
the public regularly use computers in libraries to access the Internet for research purposes or to locate
information about particular interests. It's also not uncommon for students and others to communicate
with friends and relatives through e-mail from there.
The FBI system apparently involves the installation of special software on the computers that lets the FBI
copy a person's use of the Internet and their e-mail messages. (Don't ask me how I know about this
because I can't reveal how I was able to collect the information.) Members of the public who use the
library have not been informed that the government is watching their activities. It's not just the
computers. Circulation lists that show which books someone borrowed are also accessible to the
government.
What are the Hartford librarians saying? "I can't disclose that we were presented with
anything," said Louise Blalock, Hartford's head librarian.
I asked Mary W. Billings, the library's technical services manager, if the FBI had given her a
subpoena
or a court order for library information. Her response: "I cannot answer that question."
<snip>
FBI's reading list worries librarians
By Martin Kasindorf, USA TODAY
http://www.usatoday.com/News/nation/2002-12-16-librarians-usat_x.htm
At New York City's Queens Borough Public Library, director Gary Strong is anuneasy draftee on the
front
line of the war on terrorism.
New surveillance laws that have made it easier for FBI agents to obtain search warrants for library
records
have created a dilemma for librarians such as Strong: Should they unquestioningly help agents track what a
patron has been reading, and perhaps help prevent a terror attack? Or should they resist, and try to
protect
individual liberties and the library's status as a haven of intellectual inquiry?
Few librarians across the nation say they have been approached by federal agents in the terrorism probe;
Strong won't say whether the feds have visited him in Queens. But the questions raised by the
FBI's
increased authority have made political activists out of some librarians, who are filing lawsuits against
the Justice Department and lobbying Congress in a growing debate over whether American values are being
trampled in the name of homeland security.
At issue is the USA Patriot Act, the post-Sept. 11 legislation approved by Congress that, among other
things, gave federal agents broad new powers to spy on people in this country. Under the Patriot Act, the
FBI no longer has to show a judge that it has probable cause to believe that a person under surveillance
has
committed a crime to get a search warrant for a library's circulation records or computer hard drives,
or a bookstore's sales records. <snip>
Censorship - Public Librarys
Library May Not Have to Filter Source
Libraries Description:
City officials in Livermore, Calif. and civil rights groups invoked a little-known section of the Federal Communications Decency Act and asserted in court papers filed Friday
that
"public libraries have broad protection from suits seeking to force them to restrict access to
sexually
explicit material on the Internet." Daniel G. Sodergren, the assistance city attorney for Livermore,
said that "The law clearly applies to a public library that has computer terminals that provide
Internet access and bring up material that originates with a third party." In the papers, supporters
defended the Livermore public library's policy of giving patrons full access to the Internet. The
documents were in response to a lawsuit filed by a mother in late May who said her then 12-year-old son
had
used library computers to obtain sexually graphic images from the Internet. The part of the Decency Act
that
the city and library supporters pointed to was Section 230 of the statute. It states that no provider of
"an interactive computer service shall be treated as a publisher or speaker of any information
provided
by another information content provider."
Gagged librarians break silence on Patriot Act
Connecticut librarians spoke about their fight to stop the FBI from gaining access to patrons' library
records at a news conference yesterday organized by the American Civil Liberties Union (ACLU), and in a
subsequent interview with RAW STORY. The Librarians, members of Library Connection, a not-for profit
cooperative organization for resource sharing across 26 Connecticut library branches sharing a
centralized
computer, were served with a National Security Letter (NSL) in August of last year as part of the
FBI's
attempt to attain access to patron's records. The NSL is a little known statute in the Patriot Act
that
permits law enforcement to obtain records of people not suspected of any wrongdoing and without a court
order. As part of the NSL, those served with the document are gagged and prohibited from disclosing that
they have even been served. The foursome of Barbara Bailey, Peter Chase, George Christian, and Jan Nocek
were automatically gagged from disclosing that they had received the letter, the contents of the letter,
and even from discussions surrounding the Patriot Act. The librarians, via the national and Connecticut
branches of the ACLU, filed suit challenging the Patriot Act on first amendment grounds."People ask
about private and confidential things in the library setting like about their health, their family issues
and related books they take out these are confidential and we did this to protect our patrons from
authorized snooping," said Peter Chase, Vice President of Library Connection."On September 9 of
last year, a federal judge lifted the gag order and rejected the government's argument that
identifying
the plaintiff would pose a threat to national security.Yet the government continued to appeal the case
throughout the reauthorization debate, passionately arguing that not a single incident of civil liberties
violations by the Patriot Act had occurred. By continuing the appeal, the government effectively silenced
any evidence to counter their claims."This all happened during the reauthorization debate and the
government was saying no one's rights were being violated," said George Christian, staff liaison
for Library Connection and one of the plaintiffs in the case.As the debate over the reauthorization of the
Patriot Act heated up, the librarians and others gagged by the NSL had to watch in silence, intimately
aware
of dangers they believed were not being exposed."We could not speak to Congress until after the
renewal
of the Patriot Act," Said Barbara Bailey, President of Library Connection and one of four plaintiffs
in the case.Although the ACLU, representing the librarians, filed the case on August 9 of last year, US
Attorney General Alberto Gonzales decried any civil liberties violations in a Washington Post op-ed in
December, stating that "There have been no verified civil liberties abuses in the four years of the
[Patriot] act's existence."
Five Technically Legal Signs for Your Library
[on the assumption that it's only illegal to say they've been there if it's true...] courtesy of Library Net. |
---|
U.S. Ends a Yearlong
Effort to Obtain Library Records Amid Secrecy in Connecticut
After fighting for nearly a year to keep details of a counterterrorism investigation secret, the federal
government has abandoned efforts to obtain library records in Connecticut, concluding that the implied
threat
had no merit. The decision was hailed yesterday as a victory by the four Connecticut librarians who
mounted
one of the few known challenges to the nation's
strengthened antiterrorism law when they filed a lawsuit last summer objecting to the government's
request for patron records and its insistence on absolute secrecy.
Government officials, in seeking to explain why something that was once a matter of national security was
no
longer worth the fight, explained in interviews that they were ultimately able to discount the threat
using
other means and pronounce their investigation complete. They also warned that the highly publicized
standoff
should not be a cause of celebration for anyone.
"They're celebrating the fact they don't have to comply, and I don't think that's
something that should be celebrated," said Kevin O'Connor, the United States attorney for
Connecticut, referring to the librarians. "What
are you celebrating? You're celebrating the fact that you prevented the government from investigating
a
potential terrorist threat."
Here are 6 resolutions for businesses and organizations that want to be responsible about privacy: From: "Prof. Jonathan Ezor"
1. Prioritize privacy.
Even if your organization is not in a field covered by explicit privacy laws (at least here in the US), such as healthcare (HIPAA) or financial services (Gramm-Leach-Bliley), being responsible with customer and employee information should matter to you. It certainly does to regulators and the people whose information you have. Just ask Mrs. Fields Cookies ($100,000 fine in 2003 for violating Children's Online Privacy Protection Act by launching Web-based birthday clubs for kids without getting verifiable parental consent) or Tower Records (FTC settlement in 2004 for violating its own privacy policy).
2. Make it someone's responsibility.
Appoint a Chief Privacy Officer or at least add oversight of privacy issues to the duties of someone within your organization. Make sure the person given that duty also has the time, training and resources to do the job right.
3. Draw yourself a map.
Do an organization-wide survey to identify each way that personally-identifiable information comes in, is moved within and may move out again, and what information you are actually collecting. Consider not only your Web site but e-mail, snail mail, faxes, 3rd party databases and research, telephone calls, business partners, service providers, etc. Be expansive in your investigation. Repeat every few weeks or months as your business processes may change.
4. Fact-check your privacy policy (if you have one).
Saying "we won't share your information with third parties" may be comforting to customers, but it's generally incorrect. Everyone from your Web host to UPS and FedEx may get customer information from you in the ordinary course, which isn't necessarily bad, except that it could violate your own public statements on privacy. That's where you can get into trouble.
5. Don't trust your own data about how you use others' data.
Ask a privacy professional or knowledgeable attorney to do a privacy audit of your organization. An outsider, particularly an experienced one, will likely find something you miss.
6. See the world.
Remember that, in the Internet age, most organizations are international even without intending to be. Read up on privacy laws of other nations (if you're in the U.S., pay particular attention to the EU Data Protection Directive and the related Safe Harbor at http://www.export.gov/safeharbor. Consider how you or your employees might be held liable in some other country for something you do (or don't do) where you are (see the recent eBay India employee case for a parallel example).