Social Media & Cloud Computing Threats to Privacy, Security and Liberty

Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.

Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.

We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.

We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.

Here’s a fascinating article from Phys.org on how the US DOJ is getting cellular location data from cell carriers (neatly bypassing the 4th amendment protections) and how technology has increased the reach of the government into our daily lives.

Is using cell-phone data for tracking purposes a violation of privacy? Does it violate any constitutional requirements?

The short answer is: We don’t know. The Supreme Court hasn’t decided yet, though police are clearly doing it all the time. The basic test of what violates the Fourth Amendment is whether the government action is “unreasonable” search and seizure. The Supreme Court has just decided, in the United States v. Jones case, that it’s unreasonable for police to attach a GPS tracker to someone’s car in order to remotely monitor that car’s movements full time for a month, without first getting a warrant.

…

The biggest threats to our privacy nowadays are probably those we create for ourselves, by giving out information to make our lives easier. Through the use of credit cards, email and mobile devices, we allow many private entities to collect all kinds of information about us, and, where it isn’t protected by some statute, those entities can sell that information to anyone willing to pay for it. The Constitution can’t protect us very well against giving our information away.

What obligation do service providers have to give tracking data to law-enforcement agencies, particularly when no warrant has been obtained?

[the cellphone carrier] may be willing to sell that information, if the price is right, and if it thinks that its customers won’t care, or won’t notice.

…

How has the pervasiveness of digital content and growing digital footprints influenced law-enforcement practices? In general, does it complicate or aid criminal investigations?

in addition to GPS tracking (which can be performed by police with a warrant), the government is likely to collect all the electronic information it can get in order to help prove its case: cell-phone data, hard drives, emails, credit card, bank transactions, etc. Digital-evidence collection has vastly increased the amount of data that must be processed, and it requires entirely new kinds of expertise. The courts are still sorting out just how far police can go in looking through someone’s hard drive if they have probable cause to believe that they’ll find incriminating information.

via 3Qs: Mobile tracking in criminal investigations.

All of us have experienced Patch-Tuesdays, when we come into work and find our desktops & laptops rebooted due to mandatory Microsoft patches.

Imagine starting your car and finding out the dashboard changed…and your radio stations are gone.  Or worse, the car won’t start.

Yes, automakers have a lousy track record in software development and security.

See http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/

http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm – Malaysia car thieves steal finger

But I’m sure MB has THIS system locked down…and if believe that, I’ve got a bridge to sell you.

Yes Virginia, the ultimate expression of physical ownership and transportation is just another droplet in the cloud…

From the TXNOLOGIST:

This new system upgrades on the fly, he said, the first such in-car application to do so. “It’s seamless to the customer,” Link said. “I have a friend who was excited about his system upgrade, which required him to plug in his stick and leave his car running for 45 minutes. Who wants to do that? In a process called ‘reflashing,’ the Mercedes system can turn on the car operating system (CU), download the new application, then cut itself off. It doesn’t require you to do anything at all.”

The implications of this go far beyond transparent upgrade of your streaming music system. Consider that the average car has 70 to 100 electronic control units (ECUs) and even econoboxes have lines of code in the tens of millions — the Mercedes S-Class has more than 20 million. According to Link, software-related recalls are a big problem for carmakers, costing $75 to $95 per car. Not only is it expensive, but it’s a hassle for drivers—nobody likes bringing their car to the shop.

via New York Auto Show: Upgrading Auto Software In A Flash | Txchnologist.

WOW!  Even the Wall Street Journal thinks Facebook’s data collection, data profiling and app-sharing is out of control.

From the 4/9/12 WSJ column:

A Wall Street Journal examination of 100 of the most popular Facebook apps found that some seek the email addresses, current location and sexual preference, among other details, not only of app users but also of their Facebook friends. One Yahoo service powered by Facebook requests access to a person’s religious and political leanings as a condition for using it. The popular Skype service for making online phone calls seeks the Facebook photos and birthdays of its users and their friends.

Interactive: How Grabby Are Your Facebook Apps?

View Interactive

Yahoo and Skype say that they seek the information to customize their services for users and that they are committed to protecting privacy. “Data that is shared with Yahoo is managed carefully,” a Yahoo spokeswoman said.

The Journal also tested its own app, “WSJ Social,” which seeks data about users’ basic profile information and email and requests the ability to post an update when a user reads an article. A Journal spokeswoman says that the company asks only for information required to make the app work.

This appetite for personal data reflects a fundamental truth about Facebook and, by extension, the Internet economy as a whole: Facebook provides a free service that users pay for, in effect, by providing details about their lives, friendships, interests and activities. Facebook, in turn, uses that trove of information to attract advertisers, app makers and other business opportunities.

…

The unconstrained collection of digital data is stirring feelings of distrust among some users. “Consumers are being pinned like insects to a pinboard, the way we’re being studied,” said Jill Levenson, a creative project manager at Boys & Girls Clubs of America in Atlanta. She recently deleted nearly 100 apps on Facebook and Twitter, she said, because she was uncomfortable with the way details about her life might be used.

Not only are apps obtaining data directly from people’s Facebook accounts, some apps are also letting unapproved advertising companies track users, according to data collected from PrivacyChoice, a start-up that offers privacy services. This could be a violation of Facebook’s advertising policies.

…

In July 2009, the Office of the Privacy Commissioner of Canada investigated Facebook and discovered that it was sharing too much of users’ personal data with app makers without informing users. “This is no trivial issue: There are close to a million developers out there, scattered across some 180 countries,” said Elizabeth Denham, who was then Canada’s assistant privacy commissioner.

via Selling You on Facebook – WSJ.com.

It’s not just kids anymore – adults with quirky humor, facebooking on their own time, with their own equipment are also being harassed.

From Time.com:

A teacher’s aide in Michigan was let go from her job after a school administrator demanded that she turn over her Facebook password and she refused. The aide, Kimberly Hester, is preparing for a legal showdown with the school system. The incident that prompted administrators to ask Hester for her password occurred last spring. According to local news station WSBT, “She jokingly posted a picture of a co-worker’s pants around her ankles and a pair of shoes, with the caption ‘Thinking of you.’” Hester wasn’t using Facebook during school hours or at a school computer, but her brand of humor got her in hot water at work anyway.

via Facebook: Employer Fires Aide Over Refusal to Give Up Facebook Password | Moneyland | TIME.com.

“Dictation” is one of the features of the new iPad, and it can be used to dictate notes, emails, text messages. But new iPad owners may want to use it sparingly if they’re worried about privacy: the feature sends what you say to Apple’s servers to process the information.

“What I’ve come to learn about Dictation is that it requires more from me to use than I’m comfortable with Apple requesting,” writes Stephen Chapman on ZDNet.

via iPad’s ‘Dictation’ sends info to Apple servers – Technolog on msnbc.com.

The IP address of a computer used to view a motorbike sales ad posted by an early victim of the Toulouse gunman played a vital role in narrowing down Mohamed Merah as the main suspect in a series of attacks that have horrified France, it has emerged.

French soldier Imad Ibn-Ziaten posted a video of the motorbike he wanted to sell online. The paratrooper was killed on 11 March after he invited someone who posed as a prospective buyer to his house.

Le Monde reports (Google translation here) that the ad was viewed by about 500 people. Cyber police narrowed down the list of likely suspects to those who lived in and around Toulouse in south-west France. This search was intensified after Ibn-Ziaten’s assassination was linked to the slaughter of three children and a rabbi at a Jewish school in Toulouse on Monday, 19 March.

In addition, Le Monde added, a motorcycle dealer had reported a suspicious conversation with someone who wanted to know whether it was possible to remove an anti-theft tracking device from a Yamaha scooter just days before the vehicle was stolen on 6 March and before the first attacks against French soldiers. The twin strands of evidence allowed police to compile a shortlist of suspects.

Merah was already under surveillance by French authorities and the use of an IP address, which was linked to his brother’s house, to view Ibn-Ziaten’s motorcycle video made him a prime suspect in the case.

via Cybercops traced Toulouse massacre suspect through IP address • The Register.

Could governments and private corporations recognise ANYONE instantly via CCTV?  Remember that

• London is the most densely surveilled city in the world
• The Occupy Wallstreet protesters were heavily surveillanced – audio, video, cell phone towers, photos, police checks – everything
• NYC is aiming to be as camera-surveillance dense as London

A new camera technology from Hitachi Hokusai Electric can scan days of camera footage instantly, and find any face which has EVER walked past it.

Its makers boast that it can scan 36 million faces per second.

The technology raises the spectre of governments – or other organisations – being able to ‘find’ anyone instantly simply using a passport photo or a Facebook profile.

The software from Hitachi Hokusai electric can scan through 36 million faces a second looking for its ‘target’. The software can scan through days of CCTV footage almost instantly

The software from Hitachi Hokusai electric can scan through 36 million faces a second looking for its ‘target’. The software can scan through days of CCTV footage almost instantly

The ‘trick’ is that the camera ‘processes’ faces as it records, so that all faces which pass in front of it are recorded and stored instantly.

via Could governments recognise ANYONE instantly via CCTV? Japanese camera can scan 36 million faces per second | Mail Online.

What can we learn from the Dharun Ravi case?

1) All the evidence was digital / social media

2) Dharun’s computers & phones self-incriminated him

They relied primarily on statements that Ravi made through conversations and text messages with friends as well as actions that he took using technology and social media without Clementi’s initial knowledge, to establish his bias and intent to intimidate. It was questionable whether this unorthodox approach toward establishing Dharun Ravi’s mental state would hold water with the jury.
http://www.huffingtonpost.com/matt-semino/dharun-ravi-trial_b_1365027.html

3) Because of a teenager’s stupid mistakes, 2 families are destroyed. Tyler Clemente’s lost a son. Dharun Ravi’s lost a future.

4) Social media bullying is a new field of evidence capture and prosecution

5) Do YOU understand that a computer or smartphone is a loaded handgun or a live grenade? It can hurt others, and blow your hand off?

Can you teach your kids the important lessons from this trial?

Continue Reading