Sep 11, 2012 – ASIS 58

Social Media & Cloud Computing Threats to Privacy, Security and Liberty, Session 3183
http://www.asis2012.org/Pages/Seminar-Home-Page.aspx

Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.

Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.

We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.

We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.

Social Media & Cloud Computing Threats to Privacy, Security and Liberty

Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.

Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.

We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.

We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.

ANSI (the American National Standards Institute ) has produced a phenomenal, and free, report on the financial impact of losing healthcare data.

Highly recommended that you download it from http://webstore.ansi.org/phi/

Who’s more invasive than State Governments & employers? Colleges.

Yes, the bastions of higher learning and organized sports are also erasing any concept of privacy.  To protect the multi-billion dollar college sports rackets, er, business model, colleges are demanding that “student-athletes” hand over their facebook & twitter logins, friend coaches, etc.

Apparently, The US Constitution and The Bill Of Rights doesn’t exist inside a football stadium or the locker room.

From MSNBC:

Student-athletes in colleges around the country also are finding out they can no longer maintain privacy in Facebook communications because schools are requiring them to “friend” a coach or compliance officer, giving that person access to their “friends-only” posts. Schools are also turning to social media monitoring companies with names like UDilligence and Varsity Monitor for software packages that automate the task. The programs offer a “reputation scoreboard” to coaches and send “threat level” warnings about individual athletes to compliance officers.

via Red Tape – Govt. agencies, colleges demand applicants’ Facebook passwords.

In the US, UK and several other countries, employers are requiring that employees hand over their Facebook / Linkedin / etc accounts during the hiring process.

Some are requiring applicants to login to their social media accounts, with the interviewer looking over their shoulders, so that the employers can claim that they did not demand usernames & passwords…just a peek at the data.

From The Register:

The Facebook job test: Now interviewers want your logins

Need work? Better hand over that password

By Dan Olds, Gabriel Consulting • Get more from this author

Posted in HPC Blog, 21st March 2012 13:42 GMT

HPC blog When I wrote this blog about how a recent research study correlated social network behavior with employee success, I speculated that we’d soon see employers trying to circumvent Facebook’s privacy policies in order to get a good look at your Facebook pages.

Well, it turns out that some employers aren’t happy with just seeing the public part of applicant profiles; they’re actually asking prospective employees to turn over their Facebook login and password. Wait, did I get that right? (Looks again.) Yeah, I did. They’re outright asking applicants to give them their Facebook login details as part of the interview screening process.

Other companies are requesting that prospective (and presumably current) employees “friend” HR reps or background-checkers on Facebook. Others are requiring applicants to log in to their Facebook accounts from a company-owned computer – I guess they take screen scrapes of the page for later study, or maybe capture the login keystrokes.

If a company requires you to give them an intimate view of your social networking pages during the interview process, might there be something in the employment agreements that gives them the “right” to take a second, third, or fourth look – whenever they want to – after you’re hired?

via The Facebook job test: Now interviewers want your logins • The Register.

The FTC has notified Apple & Google that they actually need to read, abide by and enforce their own privacy policies.  Specifically, these two operators can’t turn a blind-eye to what data the cell-phone application developers collect, and what they do with that data.

From The Register:

FTC tears into Apple, Google over kids’ privacy – or lack of

‘Impossible’ to know data collected by apps, watchdog fumes

By Brid-Aine Parnell

US regulators have told smartphone software makers to do more to protect the privacy of kids using their apps – or face the watchdogs’ wrath.

In a report that acknowledged the “tremendous” growth of mobile software, the Federal Trade Commission said app developers are not making “simple and short” declarations of their privacy policies. As a result, young users – picked out for their vulnerability – could be giving up their mobile phone numbers, contacts, location and other data without knowing about it.

It also warned that app stores run by Apple and Google needed to do more.

“Although the app store developer agreements require developers to disclose the information their apps collect, the app stores do not appear to enforce these requirements. This lack of enforcement provides little incentive to app developers to provide such disclosures and leaves parents without the information they need,” notes the report.

“As gatekeepers of the app marketplace, the app stores should do more.”

via FTC tears into Apple, Google over kids’ privacy – or lack of • The Register.

In US vs Warshak, the DOJ argued in court that since email accounts are hacked into, people die, and people forget their passwords, email should have no 4th amendment protections.

By this logic, NO HOUSE or APARTMENT in the US is safe.  Houses get broken into, people lose house keys, and some people die alone. (no wills, no heirs)

The FBI applied similar logic when attaching GPS trackers, without warrants, to college student’s vehicles in the US.

Now, if you buy a phone with a fake name, or rent an apartment under a fake name, they argue you’ve forfeited your 4th Amemdment rights.

From Gizmodi & Wall Street Journal:

Feds Want to Warrantlessly Track Phones Bought with Fake Names

If the DOJ gets its way, it won’t need a warrant to monitor people who buy cell phones and other electronic services using a fake name, according to a story in today’s Wall Street Journal.

The DOJ is arguing that because a California man used a fake name when he bought a broadband card, service and a computer (and rented his apartment) he’s not entitled to protection under the fourth amendment.

The government used a device called a Stingray to locate the broadband card being used by Daniel David Rigmaiden. The Stingray mimics a cell phone tower, and pings the target device. It measures the signal strength, and then moves to another location and measures it again. It uses that data to triangulate the phone’s position. They are increasingly being used by law enforcement.

The FBI didn’t get a warrant when it used a Stingray to locate Rigmaiden’s location. At his apartment complex, it found he had used a fake ID on his rental application. It used that to get a search warrant, where it found the broadband card.

The government’s argument is that it didn’t need a warrant to locate Rigmaiden because he gave up his fourth ammendment rights and had no reasonable expectation of privacy when he used a fake name to rent and purchase his broadband card, service and computer.

It’s in the courts, but if the DOJ wins this one, it could mean that even if you use a fake name to buy something in a non-fraudulent matter—say a burner phone—it can track you down, and perhaps even listen in. Beware, Stringer Bell.

via Feds Want to Warrantlessly Track Phones Bought with Fake Names.

The Long Island Chapter of the Association of Certified Fraud Examiners has invited me to educate their members on the following topics:

ID Fraud tsunami: Social media, cloud computing & national ids
Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.
Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.
We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.
We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.

Continue Reading

“How To Increase Your Social Capital” – practical tips on growing your influence, your reputation and your business in 2012.

The fact is, we ALL go to networking meetings, and wonder what we’re doing there.
In most networks, 20% of the members conduct 80% of the business.

Have you wondered how some people always seem to be at the networking events, in the newspaper or on TV?

Have you wondered how they can manage to run their businesses (or do ANY work at all) when they’re schmoozing all the time?

These connectors have converted networking from a chore to a rewarding activity – emotionally, psychologically and financially.

Raj Goel shared practical tips on how you too can increase your Social Capital in 2012.

Continue Reading

I’ve waited a few days to post this, because with all things Google, there’s more obscured behind the clouds.

The US congress has a few questions for Google

Some old Congressional privacy watchdogs are nipping at Google’s heels

Whether any of this will improve the internet, privacy or cyber liberties is an open question.

What isn’t debatable is that Google is finally living up to Larry & Sergey’s grad school yearnings – they want to know you better than your mother, or your therapist does.

And as usual, The Register has the best take on the whole show.

Google finally admits it wants to OWN YOU

Big changes to Terms of Service due in March

Posted in Platform, 25th January 2012 10:14 GMT

Mountain View’s Chocolate Factory is putting its vast userbase on notice of major changes to its privacy policies.

Come 1 March the 350 million people worldwide who have Gmail accounts, for example, will no longer be able to use that service in isolation of other Google products they browse to online.

That’s because the company’s Terms of Service are changing.

Some will argue that Google is merely doing some neat housekeeping by cutting and shutting the majority of its 70 privacy policies into one clean explanation of what will happen with the information users input into the company’s array of products.

Others might note that these privacy tweaks are coming ahead of any public antitrust battle Google potentially faces on both sides of the Atlantic where formal regulatory probes of the world’s largest ad broker are already well underway.

…

Google is reasserting that ALL of its products relate back to its search estate. In other words, Page’s crew are insisting that the company only really offers one service online.

via Google finally admits it wants to OWN YOU • The Register.