We always assumed that secret services in our todays world could access our online communication if they wanted. ECHELON monitors phone calls for over half a century now, most of our emails are not encrypted and sent through any number of servers worldwide and several reports in recent years suggested that the NSA has significant powers to spy on us. However, the revelation in recent days of a vast data collection program by the NSA, that gives them unlimited access to basically all communication online, without any court order, is shocking nonetheless. Under the program called PRISM, major internet companies grant the NSA a direct interface to all user data, including emails, calls, chats, file transfers and video (and rumoured: credit card data). Companies in the program include Microsoft, Google, Yahoo, Facebook, YouTube, Skype and Apple. No court order or special request is required. And this is heavily used: Over 2.000 PRISM-based reports are generated every month.
In a first reaction after the publication of the programs existence, the White House stressed that this program is “just” targeted against non-US citizens and that no US citizens are surveilled. This is certainly not reassuring for all of us living outside the US since most of todays internet companies are based in the US. By the way, Dropbox is supposed to be added soon. So you might want to reassess your cloud storage strategy and at least add encryption to Dropbox or use providers such as SpiderOak.
In combination with major NSA efforts to operate and build data centers to automatically analyze data, this development is troublesome and should change everyones lax attitude towards online communication.
It seems like the NSAs UK counterpart GCHQ has access too!
TechCrunch has an interesting article suggesting that PRISM might not be as big as everybody feared.
According to a report by Bloomberg published today (in German on n24), Facebook is working on a new version of its mobile app, which will incorporate many more location-based features than before. Specifically, it will notify you if any of your friends are close-by. This is not a new concept, which for example has been out there in the form of the Highlight app or Google Latitude. However, these location-tracking apps do not have a wide user base due to privacy concerns and their battery-draining performance. Facebook adding such a feature is a big deal, considering their user base of one Billion people. Similar to Highlight and Latitude, the app would track the location of users in the background, even if the app is closed. Fortunately, Apple’s design guidelines require developers to get the explicit OK from users to track their location. However, many users might not be aware that once they turn tracking on, they are tracked all the time. For me as a user, this will be a great feature and I will use it. Often I think that it is absurd how many people we know in our city and how few we meet by chance. This could be a great social tool and with a large user base it could actually work. It is just important to be aware what is happening in the background and to turn it off if you really do not want to be tracked.
A recent Reuters story about an interview with Facebook’s Chief Security Officer Joe Sullivan revealed that Facebook is scanning user profiles for criminal behavior, focusing on sexual predators. By comparing several parameters like friend status, age, mutual friends and relationship between users, a monitoring software determines how likely it is that a Facebook user is a sexual predator. If there is a positive match, a Facebook employee gets a warning and checks the information manually. If the monitoring result seems likely, the police is informed. This actually led to the arrest of a thirty-something man who talked with a 13 year old girl on Facebook about sex and planned to meet her the next day. Because of the fast reaction of Facebook this man was arrested before anything else could happen.
This raises the obvious question if it is ok for Facebook to scan our data. No one knows if the age of a Facebook user is correct. Maybe the girl was actually a 60 year old, fat man … On the other hand finding criminals before they do any (more) harm cannot be a bad thing either.
I, for one, do not want to think if what I write might look criminally relevant to somebody before I post something on Facebook! I hope as much is done to educate 13 year olds on not doing something stupid as to monitor if they do.
Twitter recently released their first transparency report, outlining how often in the first half of 2012 government or copyright holders requested Twitter account information and how often this information was produced. The majority of information requests (679) came from the United States but also a significant number came from Japan (98). US requests were followed in 75% of the cases while in Japans case only 20% of the requests were fulfilled. Interestingly, only 3 requests to remove a Twitter account by court orders were received (Greece and Turkey) but none of them was followed!
In total, Twitter received in the first half of 2012 as many requests as in all of 2011, which is a much bigger increase than overall Twitter growth (which was at about 20% in the US).
All in all, these numbers do not surprise me that much, taking all of the 140 million active users into account. And it is reassuring that Twitter does not seem eager to give out user data (Twitter already took a stand for an Occupy Wall Street protester at the beginning of this year).
Twitters transparency report is a perfect example on how to build users trust: by making the companies actions transparent. They should be a glowing example for other web companies who basically store all the information of our lives online.
If you are interested in what Facebook sends if they get a subpoena for a user, you can see an example online (it’s 62 pages of Facebook data …).
This story reminds us that we should think before we post something on Facebook. An Australian 17 year old posted a picture of a pile of cash to Facebook after helping her grandmother to count her money. Just hours afterwards, two robbers with masks, a knife and a club turned up at the house of the girl. Luckily, neither the girl nor the cash was there anymore and nobody got hurt. They just took a “small amount of cash” and left. This incident caused the local police to issue a warning about being cautious when posting something to social media.
The only real possibility how this could have happened is that this girl has some really shady people in her friends list. Not only is it your responsibility to choose what to post online but also whom you be-friend. This shows that not only criminals can be caught by the fotos they post online but criminals can get a good idea of whom to rob next.
Yes, there are still some people out there who refuse to join Facebook. And they refuse for good reasons, such as their personal privacy. However, it seems like Facebook has grown so big already, that staying off of it won’t protect your privacy as much as you think. According to a recent publication at the University of Heidelberg / Germany, it is possible to determine with an accuracy of at least 85% (!) if two people know each other, even if both are not on Facebook! Using machine learning methods, which analyze common friends of members as well as email contacts, scientists could deduct common friends of non-members and guess if two non-members know each other. And this does not even factor in such questionable practices as uploading cellphone contacts to social networks!
This is a quite significant finding, which shows that social networks like Facebook have become so ubiquitous that they have significant information about us, even if we never agreed to that. In many cases we cannot decide anymore what happens with our data, our “friends” or social networks decide for us!
Last October an Occupy Wall Street protester was arrested for “disorderly conduct” in New York City. As part of his prosecution Twitter received a court order, requiring it to hand over 3 months of Twitter data to the court. The prosecutors obviously hoped that he sent some infringing direct messages since usual Twitter messages are public anyway. It wouldn’t have surprised anyone if Twitter would have handed over the data without complaining. However, recently the company refused! And not only that, the amazing part is that they did this because they state that the data belongs to their users! Thus, the court has to ask the user to hand over the data (who is not very willing either). This is an astounding development, given that generally Internet companies make their privacy policies stricter so they can do whatever they want with their users data.
Facebook recently publicly threatened employers who ask (potential) employees for their Facebook password to perform a “background check”. Facebook stresses that legal action against these employers is possible. And rightly so.
This increasing practice is simply outrageous. Private social media accounts should be off limits for anyone. Do employees get the password to their employers accounting software? No.
Some things just should be kept private. And access to a social media account should be among them.
Just a recommendation about an excellent Guardian article about the Obama data election. It describes how his 2008 social network campaign was nothing compared to 2012.
Back then, only 40 million US citizens were in Facebook, now this number has grown to 160 million. And this Facebook information is the basis for a vast, unified campaign database, allowing the campaign to target each voter individually. They already gathered information on millions of supporters during the last campaign and are expanding this database now by asking supporters on the web and all Obama-related platforms to register using Facebook Connect. This way, they get all public information, such as names, birth dates and interestes.
It looks like Obama will raise up to one billion (this is a first!) USD through online donations (up from 500 million USD in 2008); and over 98% of these donations are under $250. This is a very good example how power (and money!) through data collection using social networks can be leveraged. Of course, each person agreed to this by logging in using Facebook Connect.