Sep 11, 2012 – ASIS 58

Social Media & Cloud Computing Threats to Privacy, Security and Liberty, Session 3183
http://www.asis2012.org/Pages/Seminar-Home-Page.aspx

Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.

Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.

We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.

We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.

Social Media & Cloud Computing Threats to Privacy, Security and Liberty

Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.

Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.

We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.

We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.

In a rare show of honesty, Sergey Brin admitted that

 their data that was now in the reach of US authorities because it sits on Google’s servers. He said the company was periodically forced to hand over data and sometimes prevented by legal restrictions from even notifying users that it had done so.

Of course, he conveniently points the finger at his rivals – Facebook, Apple, Hollywood (RIAA/MPAA).

Yes Sergey, your competition is evil.  So’s your company.  If you don’t want the US government demanding access to all the data that Google collects, then STOP COLLECTING so much data.  START telling your users about the threats to THEIR privacy that you’ve created.  A Google Good-To-Know about ECPA and PATRIOT ACT would be so much nicer than your current ads.

The threat to the freedom of the internet comes, he claims, from a combination of governments increasingly trying to control access and communication by their citizens, the entertainment industry’s attempts to crack down on piracy,

From the attempts made by Hollywood to push through legislation allowing pirate websites to be shut down, to the British government’s plans to monitor social media and web use, the ethos of openness championed by the pioneers of the internet and worldwide web is being challenged on a number of fronts.

In China, which now has more internet users than any other country, the government recently introduced new “real identity” rules in a bid to tame the boisterous microblogging scene. In Russia, there are powerful calls to rein in a blogosphere blamed for fomenting a wave of anti-Vladimir Putin protests. It has been reported that Iran is planning to introduce a sealed “national internet” from this summer.

via Web freedom faces greatest threat ever, warns Google’s Sergey Brin | Technology | The Guardian.

All of us have experienced Patch-Tuesdays, when we come into work and find our desktops & laptops rebooted due to mandatory Microsoft patches.

Imagine starting your car and finding out the dashboard changed…and your radio stations are gone.  Or worse, the car won’t start.

Yes, automakers have a lousy track record in software development and security.

See http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/

http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm – Malaysia car thieves steal finger

But I’m sure MB has THIS system locked down…and if believe that, I’ve got a bridge to sell you.

Yes Virginia, the ultimate expression of physical ownership and transportation is just another droplet in the cloud…

From the TXNOLOGIST:

This new system upgrades on the fly, he said, the first such in-car application to do so. “It’s seamless to the customer,” Link said. “I have a friend who was excited about his system upgrade, which required him to plug in his stick and leave his car running for 45 minutes. Who wants to do that? In a process called ‘reflashing,’ the Mercedes system can turn on the car operating system (CU), download the new application, then cut itself off. It doesn’t require you to do anything at all.”

The implications of this go far beyond transparent upgrade of your streaming music system. Consider that the average car has 70 to 100 electronic control units (ECUs) and even econoboxes have lines of code in the tens of millions — the Mercedes S-Class has more than 20 million. According to Link, software-related recalls are a big problem for carmakers, costing $75 to $95 per car. Not only is it expensive, but it’s a hassle for drivers—nobody likes bringing their car to the shop.

via New York Auto Show: Upgrading Auto Software In A Flash | Txchnologist.

WOW!  Even the Wall Street Journal thinks Facebook’s data collection, data profiling and app-sharing is out of control.

From the 4/9/12 WSJ column:

A Wall Street Journal examination of 100 of the most popular Facebook apps found that some seek the email addresses, current location and sexual preference, among other details, not only of app users but also of their Facebook friends. One Yahoo service powered by Facebook requests access to a person’s religious and political leanings as a condition for using it. The popular Skype service for making online phone calls seeks the Facebook photos and birthdays of its users and their friends.

Interactive: How Grabby Are Your Facebook Apps?

View Interactive

Yahoo and Skype say that they seek the information to customize their services for users and that they are committed to protecting privacy. “Data that is shared with Yahoo is managed carefully,” a Yahoo spokeswoman said.

The Journal also tested its own app, “WSJ Social,” which seeks data about users’ basic profile information and email and requests the ability to post an update when a user reads an article. A Journal spokeswoman says that the company asks only for information required to make the app work.

This appetite for personal data reflects a fundamental truth about Facebook and, by extension, the Internet economy as a whole: Facebook provides a free service that users pay for, in effect, by providing details about their lives, friendships, interests and activities. Facebook, in turn, uses that trove of information to attract advertisers, app makers and other business opportunities.

…

The unconstrained collection of digital data is stirring feelings of distrust among some users. “Consumers are being pinned like insects to a pinboard, the way we’re being studied,” said Jill Levenson, a creative project manager at Boys & Girls Clubs of America in Atlanta. She recently deleted nearly 100 apps on Facebook and Twitter, she said, because she was uncomfortable with the way details about her life might be used.

Not only are apps obtaining data directly from people’s Facebook accounts, some apps are also letting unapproved advertising companies track users, according to data collected from PrivacyChoice, a start-up that offers privacy services. This could be a violation of Facebook’s advertising policies.

…

In July 2009, the Office of the Privacy Commissioner of Canada investigated Facebook and discovered that it was sharing too much of users’ personal data with app makers without informing users. “This is no trivial issue: There are close to a million developers out there, scattered across some 180 countries,” said Elizabeth Denham, who was then Canada’s assistant privacy commissioner.

via Selling You on Facebook – WSJ.com.

It’s not just kids anymore – adults with quirky humor, facebooking on their own time, with their own equipment are also being harassed.

From Time.com:

A teacher’s aide in Michigan was let go from her job after a school administrator demanded that she turn over her Facebook password and she refused. The aide, Kimberly Hester, is preparing for a legal showdown with the school system. The incident that prompted administrators to ask Hester for her password occurred last spring. According to local news station WSBT, “She jokingly posted a picture of a co-worker’s pants around her ankles and a pair of shoes, with the caption ‘Thinking of you.’” Hester wasn’t using Facebook during school hours or at a school computer, but her brand of humor got her in hot water at work anyway.

via Facebook: Employer Fires Aide Over Refusal to Give Up Facebook Password | Moneyland | TIME.com.

Samsung UN65ES8000; group photo ©iStockphoto.com/Jennifer Byron

Samsung’s 2012 top-of-the-line plasmas and LED HDTVs offer new features never before available within a television including a built-in, internally wired HD camera, twin microphones, face tracking and speech recognition. While these features give you unprecedented control over an HDTV, the devices themselves, more similar than ever to a personal computer, may allow hackers or even Samsung to see and hear you and your family, and collect extremely personal data.

While Web cameras and Internet connectivity are not new to HDTVs, their complete integration is, and it’s the always connected camera and microphones, combined with the option of third-party apps (not to mention Samsung’s own software) gives us cause for concern regarding the privacy of TV buyers and their friends and families.

Samsung has not released a privacy policy clarifying what data it is collecting and sharing with regard to the new TV sets. And while there is no current evidence of any particular security hole or untoward behavior by Samsung’s app partners, Samsung has only stated that it “assumes no responsibility, and shall not be liable” in the event that a product or service is not “appropriate.”

Samsung demoed these features to the press earlier this month. The camera and microphones are built into the top if the screen bezel in the 2012 8000-series plasmas and are permanently attached to the top of the 7500- and 8000ES-series LED TVs.

via Is Your New HDTV Watching You? | HD Guru.

Several years ago, I was working as a trainer in a Citibank call center. At least that was my job on paper. In reality, the employees were far too busy to attend training, so I just hung around and killed time.

The building was locked down. No phones, no email, no paper coming in or out of the building, no ports on the computers, and (most unfortunately for a guy stuck with nothing to do) no Internet.

It made sense, since every computer in the building had access to the complete financial history of every single person who’d ever done business with Citibank. Social security numbers. Passwords. The works.

But then one day, I saw one of the employees goofing off in some random chatroom. He explained that he had found it in the history tab after moving to a new computer. It was the site for a random radio station called Cities FM. I went to my own computer, and found many other sites I could access. The Center for Information Technology Integration. Cities Restaurant. The Cape IT Initiative. Random websites that had one thing in common. They started with the letters CITI.

See, the employees needed to access the sites for the company they worked at. CitiBank, CitiMortgage, CitiFinancial… but since the company was constantly expanding, their IT department had decided that rather than keep updating the firewall, they would simply allow any site that started with the letters CITI, assuming that they would probably own it.

That night, I registered citi.MyName.com.

I of course, not being a criminal mastermind, used it pretty much like I use Google Plus. I made it so my coworkers could read my comics while they were bored. After I left the company, I added an e-mail form so that I could post pictures of the places I traveled and they could e-mail me back.

Of course if I had been criminal mastermind, at any point any of them could have hit copy/paste and I would have had enough information to steal the identities of a large percentage of the American public.

I didn’t. But that my friends, is the illusion of security.

via Buzzblog: Firewall fail: A tale both funny and sad.

The RIAA and MPAA own politicians…that’s no secret.

And to protect their dying business models, the music labels and Hollywood have launched a war against privacy, freedom and security.

ACTA, SOPA, PIPA, etc are all laws written by, and paid for, by the recording & moving industry.

Rob Reid explains how the RIAA determines that a $ 0.99 track on iTunes or a $ 16.95 CD is actually worth $ 150,000 per song.

Behold, the $ 8,000,000 iPod.

via Rob Reid: The $8 billion iPod | Video on TED.com.