Archive
No privacy concerns over Estonia’s eGovernment
![Estonian_Flag[1]](https://digitalpr1vacy.files.wordpress.com/2013/08/estonian_flag1.jpg)
Estonia, probably one of the states with the best developed IT infrastructure, went further with digitalizing their citizens data than any other European country dared. With their personal ID cards, citizens can access virtually any data the government, insurances and banks have on them online: social security status, bank loans, land register and even doctors prescriptions. It is even possible to register a new born child online. Of course elections are online as well, just like votes in the parliament. All of this is no problem from a data protection and privacy perspective, says President Toomas Hendrik Ilves. Every personal ID card features a certificate, which can be used for secure communication and encryption of data. More importantly, every time data of a person is accessed, the person gets notified and this event is flagged. This way, abuse is minimised because everyone knows at every point who accessed which information. This wouldn’t be possible with data being available only on papers. The state provides the secure infrastructure for communication and for access to the data. But authentication is independent and thus should ensure that everyone’s data is safe.
Recently, Estonia published the source code of the sever-side software of their e-voting system and asked the public to review it for flaws. The developers themselves say it is secure, however there are still many critical voices against this technology (English translation).
Still, the country could be a role model for many countries world-wide and a good example how the power of new technology can be used while minimising possibilities of abuse. Austria, a country where digitising health data to make the health system more efficient, still causes a huge public, ridiculous debate (English translation), should certainly take a look at this small country in northern Europe.
How to protect yourself against government spying
Last month, I attended an event by quintessenz, a Viennese association dedicated to data protection and privacy. The event “Yes we scan” was about ways how to protect yourself from NSA (and their friends) spying on you. In a quite technical talk, Dr. Matzinger, computer science lecturer at FH Burgenland, talked about tracking cookies, VPN tunnels, proxies, encryption and of course TOR. He talked about using three different browsers for work related surfing, private surfing and especially sensible content. He talked about routing all your Internet traffic through a proxy at home so your location cannot be tracked. And of course you should not use social network sites. At all.
Basically, I drew one conclusion from the talk: There is no practical way to protect yourself. All of these measures are fun if you have time and the technical knowledge to deal with it. They are interesting to explore if you are into information security or if it is your job to know all about it. But for the average user, it is just unrealistic to do all that. It is unrealistic until there are tools easy enough for dummy users, who do not want to spend hours figuring out how it works. Similar to the TOR browser bundle, but fast enough for everyday use. This probably is a market gap that someone hopefully fills soon.
Until then, the best way to protect yourself is to think about what you post online, what you put in your dropbox and maybe to spend the time figuring out how to encrypt your email. Or you could just do it like Russia’s federal guard service and just revert to paper communication.
MyNSA: The new cloud service, which knows all about you
Just a quick note, that Phil Wolff had a nice idea, following the recent NSA scandal.If the NSA has all the info already, why not offer this knowledge as a service? He calls it MyNSA.
Losing control: Why governments are spying on the Internet
I was just reading in Wolfgang Ernst’ book “Das Gesetz des Gedächtnisses” (“The law of memory”), published in the year 2000. It is basically about media and media theory in our digital age. But I found one passage that made me think about the current situation, with revelations that NSA and other governments spying on us. It stated, as one of the consequences of our digital age, that governments are afraid of losing control. And that made me think that maybe the fact that our governments want to spy on us is not just a bad sign. It is not just a sign that we all become more transparent and predictable and that everybody knows much more about each one of us than ever before. It is also a sign that we are becoming freer than before. Never before in the history of the world was it harder for governments to control how information is distributed. Never before was it harder for governments to control who is communicating with whom. No wonder they want to store and analyse everything we say. Because they are losing control! I believe this is also a good sign! We should defend this freedom and fight against any attempts to limit it!
If you failed to get enough information about all the NSA and Snowden stuff, I recommend the following sources:
- Any article by the Guardian
- Whistleblower.org
- Wikileaks Twitter account
- A nice summary by the Young Turks
- Even though implementation is mostly unrealistic, here are some measures you can take against government spying
NSA can read, see and hear everything you do online
Watch a YouTube video? NSA knows.
Write a Facebook private message? NSA can read it.
Skype with a friend? NSA can hear you.
We always assumed that secret services in our todays world could access our online communication if they wanted. ECHELON monitors phone calls for over half a century now, most of our emails are not encrypted and sent through any number of servers worldwide and several reports in recent years suggested that the NSA has significant powers to spy on us. However, the revelation in recent days of a vast data collection program by the NSA, that gives them unlimited access to basically all communication online, without any court order, is shocking nonetheless. Under the program called PRISM, major internet companies grant the NSA a direct interface to all user data, including emails, calls, chats, file transfers and video (and rumoured: credit card data). Companies in the program include Microsoft, Google, Yahoo, Facebook, YouTube, Skype and Apple. No court order or special request is required. And this is heavily used: Over 2.000 PRISM-based reports are generated every month.
In a first reaction after the publication of the programs existence, the White House stressed that this program is “just” targeted against non-US citizens and that no US citizens are surveilled. This is certainly not reassuring for all of us living outside the US since most of todays internet companies are based in the US. By the way, Dropbox is supposed to be added soon. So you might want to reassess your cloud storage strategy and at least add encryption to Dropbox or use providers such as SpiderOak.
In combination with major NSA efforts to operate and build data centers to automatically analyze data, this development is troublesome and should change everyones lax attitude towards online communication.
Update:
It seems like the NSAs UK counterpart GCHQ has access too!
Update 2:
TechCrunch has an interesting article suggesting that PRISM might not be as big as everybody feared.
Starting from March, Facebook might track all mobile users
According to a report by Bloomberg published today (in German on n24), Facebook is working on a new version of its mobile app, which will incorporate many more location-based features than before. Specifically, it will notify you if any of your friends are close-by. This is not a new concept, which for example has been out there in the form of the Highlight app or Google Latitude. However, these location-tracking apps do not have a wide user base due to privacy concerns and their battery-draining performance. Facebook adding such a feature is a big deal, considering their user base of one Billion people. Similar to Highlight and Latitude, the app would track the location of users in the background, even if the app is closed. Fortunately, Apple’s design guidelines require developers to get the explicit OK from users to track their location. However, many users might not be aware that once they turn tracking on, they are tracked all the time. For me as a user, this will be a great feature and I will use it. Often I think that it is absurd how many people we know in our city and how few we meet by chance. This could be a great social tool and with a large user base it could actually work. It is just important to be aware what is happening in the background and to turn it off if you really do not want to be tracked.
Related articles
Are You a Sex Predator? Think Before Your Write!
(c) Corner Stock Baby Gifts.
You can get the t-shirt from here.
A recent Reuters story about an interview with Facebook’s Chief Security Officer Joe Sullivan revealed that Facebook is scanning user profiles for criminal behavior, focusing on sexual predators. By comparing several parameters like friend status, age, mutual friends and relationship between users, a monitoring software determines how likely it is that a Facebook user is a sexual predator. If there is a positive match, a Facebook employee gets a warning and checks the information manually. If the monitoring result seems likely, the police is informed. This actually led to the arrest of a thirty-something man who talked with a 13 year old girl on Facebook about sex and planned to meet her the next day. Because of the fast reaction of Facebook this man was arrested before anything else could happen.
This raises the obvious question if it is ok for Facebook to scan our data. No one knows if the age of a Facebook user is correct. Maybe the girl was actually a 60 year old, fat man … On the other hand finding criminals before they do any (more) harm cannot be a bad thing either.
I, for one, do not want to think if what I write might look criminally relevant to somebody before I post something on Facebook! I hope as much is done to educate 13 year olds on not doing something stupid as to monitor if they do.
Twitter Gov Requests Doubled in 2012
Twitter recently released their first transparency report, outlining how often in the first half of 2012 government or copyright holders requested Twitter account information and how often this information was produced. The majority of information requests (679) came from the United States but also a significant number came from Japan (98). US requests were followed in 75% of the cases while in Japans case only 20% of the requests were fulfilled. Interestingly, only 3 requests to remove a Twitter account by court orders were received (Greece and Turkey) but none of them was followed!
In total, Twitter received in the first half of 2012 as many requests as in all of 2011, which is a much bigger increase than overall Twitter growth (which was at about 20% in the US).
All in all, these numbers do not surprise me that much, taking all of the 140 million active users into account. And it is reassuring that Twitter does not seem eager to give out user data (Twitter already took a stand for an Occupy Wall Street protester at the beginning of this year).
Twitters transparency report is a perfect example on how to build users trust: by making the companies actions transparent. They should be a glowing example for other web companies who basically store all the information of our lives online.
If you are interested in what Facebook sends if they get a subpoena for a user, you can see an example online (it’s 62 pages of Facebook data …).
“Do Not Track” Not So Good After All?
Source: Slashgear
The “Do Not Track” header in websites is a feature that states if a user wishes to be tracked by websites (mainly for advertising purposes through cookies) or not. However, it is optional for the websites if they respect the user’s decision or not. Today, most browsers support this feature (the Chrome browser will support it by the end of 2012), Microsoft recently even announced that it will be turned on by default in IE10. From a privacy perspective this is a very welcome development, which gives power back to the users. However, two recent articles focused on the economical implications of restricting technology that funds big parts of our (free) Internet as we know it. Without ads, websites such as Google or Facebook would have a hard time financing themselves. In Technology Review, Antonio Regalado asks if this feature will kill off innovation in online advertisement, with serious implications for the $40B online ad industry and as such for us as users as well.
Another reason I find the article quite interesting is that it points out the positive sides of tracking the user to deliver highly targeted ads. You might even get relevant information out of ads instead of useless spam.
In order to better understand online tracking I highly recommend the guide from the Guardian. Also check out their nice graph about the biggest advertising companies and websites that use them.
Posting Pics of Cash on Facebook: Not a Good Idea!
This is just a symbol photo, not actually the girl (it is Tamara Ecclestone), (c) Petra Ecclestone
This story reminds us that we should think before we post something on Facebook. An Australian 17 year old posted a picture of a pile of cash to Facebook after helping her grandmother to count her money. Just hours afterwards, two robbers with masks, a knife and a club turned up at the house of the girl. Luckily, neither the girl nor the cash was there anymore and nobody got hurt. They just took a “small amount of cash” and left. This incident caused the local police to issue a warning about being cautious when posting something to social media.
The only real possibility how this could have happened is that this girl has some really shady people in her friends list. Not only is it your responsibility to choose what to post online but also whom you be-friend. This shows that not only criminals can be caught by the fotos they post online but criminals can get a good idea of whom to rob next.
Digital Privacy 