That’s Not In The Terms of Service

With the stories this week about the James-Bondish sounding PRISM program, the general public is beginning to learn just how commonly those little bits of their data were being aggregated by the US government into one huge pile for analysis. In the name of “national security”, it appears that many big communications and media companies were only too willing to pass along information generated by their customers to the NSA.

However, as explained by David Sirota, there is a big difference between a corporation collecting our data and when it’s done by a government.

He argued not only that a program sweeping in data from millions of Americans is modest, but also that it is no different than companies analyzing consumer data. Like so many carefully sculpted political talking points, it sounds logical, except when you remember the key facts being omitted — in this case, the fact that the government is using its law enforcement power to obtain the data without the public’s permission. Yes, that’s right: unlike a company with which you personally do business — and with which you sign an agreement about your personal information — the Obama administration is using the government’s unilateral power to simply grab your information across multiple platforms.

For better or worse, if we choose to use Google, Amazon, iTunes, Facebook, and the rest, we generally expect them to analyze and use the data on our activities, usually to sell us more stuff and improve their next quarter results. The fact most of us don’t read their terms of service before clicking Agree is no excuse.

What we don’t expect, and what is not in any TOS I’ve read, if for them to help the government spy on it’s citizens.

Beware of the Clouds

This week Google opened it’s new, highly anticipated cloud storage service called Drive, a direct competitor with Dropbox, Microsoft’s SkyDrive and others.

With all recent the stories about Google’s privacy policies (or their lack privacy concerns?), more than a few observers have pointed out this little piece of their newly unified terms of service agreement that seems to apply to material you store in their cloud.

Screen Shot 2012 04 26 at 12 58 10 PM

I’m not sure I want to give Google the rights to “create derivative works” or “publicly perform” my stuff, even if I cancel my account. Do you?

I imagine the Google lawyers are mulling over all the criticisms and will probably make some changes to the TOS for Drive. In the meantime, I’ll stay with Dropbox which seems to have a better grasp of this whole private storage concept.

By using our Services you provide us with information, files, and folders that you submit to Dropbox (together, “your stuff”). You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below.*

Of course, all of this is null and void if the feds come knocking on their door demanding to peek in my little corner of the cloud.

As they could, without a warrant or my knowledge, under the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA) now being considered in the US House. Go visit the Electronic Frontier Foundation to see why and how to voice your opposition to this latest attempt to violate your privacy in the name of “security” (to keep you Cyber-Snuggly).

And, as always, understand the terms of service before relying on any web service.

Let’s be careful out there.

*And the fact that they also call my intellectual property “stuff” is attractive. :-)

Who Owns Your Digital Identity?

In a recent article for the Guardian (mercifully one British newspaper not owned by Rupert Murdock), Dan Gilmore makes some interesting points about who controls the information you post using social networking tools like Twitter, Facebook, and the current buzz champ of the digerati, Google+.

He says we need to consider not only what we get from these free services but also what we’re giving away in the bargain.

Control, ownership and value are inextricably linked, but having one does not necessarily boost another. Exposure on a site you don’t control may be worth more to you than lack of attention on a site you do. And you may find the social and professional connections you make and enjoy on third-party sites so useful that they’re worth what you are giving up. But it’s worth weighing the tradeoffs.

If you make G+ (or Facebook or Twitter or LinkedIn or Tumblr any other service that hosts your conversations and other “content”) your primary online presence, you are in effect giving away something enormously valuable. You are giving your contributions to the emergent global conversation to a company that values you largely as a contributor of data it can then turn into money.

I’ve never been under the illusion that the content on this site has large amounts of value to anyone but me (certainly not in monetary terms), but since I started doing this many years back, I’ve had the feeling that I would be better off in the long run if my primary online presence was on a site that I owned and was under my control (or as much ownership and control as the public web allows).

It’s not that I fear what Google or Twitter or Tumblr might decide to do with what I post (Facebook can be a little creepy in their decisions around privacy but still not something to fear), I just like to make my own decisions about those little bits of information.

On a related branch of this discussion, we also need to incorporate some of the ideas about which Gilmore is writing* into what we teach kids, and adults for that matter, about creating and maintaining their online image.

Helping them avoid giving away control of their thoughts and ideas to someone else.

*And no, I didn’t miss the irony related to Gilmore posting his ideas on the topic of control to the online edition of a newspaper, although I assumed he was paid for the work.

Facebook Requires Congressional Oversight?

In the past few weeks I’ve read that some congress critters, along with a smattering of states Attorneys General, are calling for public hearings/investigations concerning privacy issues at Facebook.


In many ways this is just another in a long line of don’t-they-have-better-things-to-do, high profile, faux public outrages.

While I haven’t made much use of Facebook for much of anything, I do have an account and have some degree of concern about their seeming lack of concern for user security.

But do the screw-ups of a privately-owned company, whose product is largely recreational and which has little or no impact on America’s economic security, really merit the attention of our national legislature?


Isn’t this more an educational issue? One where people learn, sometimes the hard way, to take responsibility for their own digital imprint.

And about the larger community educating each other and banding together to pressure Facebook into making the changes they want? Or leaving and using other tools for socializing online.

Because no one with a Facebook account signed up for life and, although they don’t make it especially easy, it is still possible to quit.

Let’s face it, this isn’t the first time that a popular internet company has done something to upset a very noisy web minority and it won’t be the last.

However, that doesn’t mean they need to make a federal case out of it.


Recording Your Online Life

Tell me, what ever happened to the concept of keeping the government out of peoples’ lives?  Once upon a time it was a cornerstone of the Republican philosophy.

Not any more.

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.

Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on–but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.)

I wonder how many people in those “tens of millions of homes” even know that their router keeps records much less how to access them?

However, I’m sure the supporters of this concept will assure us that all these records will be kept secure and will never be abused by anyone, ever.

That’s sarcasm, in case you weren’t sure. :-)

Scanning For Your Identity

In their attempts to create absolutely secure ID cards for us to carry, the US government may actually be opening people up to even more identity theft.

RFID (radio frequency identification) tags containing personal information are part of the new PASSCards, “mini passports” being issued for non-airline travel to places like Canada.

Some states are also embedding the chips in driver’s licenses, the goal being to allow officials to quickly scan the digital information and to make it difficult for the bad guys to forge the document.

However, it turns out they are not the only ones who can read it.

A security researcher in San Francisco recently demonstrated that he could cruise around town and pick up the signals from PASSCards containing RFID tags using a home-made system costing $250.

His work verifies a study from the University of Washington which showed that “RFID tags in PASScards and EDLs [enhanced driver’s license] were vulnerable to remote capture using widely available tools”.

This is technology that is becoming relatively common for tagging goods as they travel from factory to store.

It’s now growing in being used to tag and track human beings, obviously with not enough concern for privacy.

Crafting a Good Impression

A post at the Using Google Earth blog addresses the evidently frequently asked question Can I Take My House Out of Google Earth?.

The simple answer is… maybe.

The more accurate response is that doing so will take a lot of work and you should be prepared to be disappointed.

Of course a concern about the images of your personal property in Google Earth is just one relatively small part of the larger issue of privacy on the web. Or the lack of privacy on the web.

Most days we celebrate the vast amount of information that can easily be obtained on the internet.

But the other side of that coin is that large chunks of our personal data have also been swept into that stream.

The entry reminded me of a discussion at WordCampEd DC on the topic of student privacy and all the efforts educators go through to preserve it.

We basically came to the conclusion that there’s really no such thing as privacy anymore, at least not in the way we understood the concept in the pre-network age.

In our overly-large school district, we do a lot of worrying about topics like if we should display student pictures on school web sites or whether we can allow students to put their work out in public. Other systems probably do the same.

But expending large amounts of time, effort, and money trying to isolate kids from the world is something of a hopeless cause.

Certainly we need some basic gates and gatekeepers.

However, a better approach than relying entirely on those lock would be teaching our students about the persistent nature of the information they post and helping them craft an identity for the web they can be proud of.

A public impression that won’t embarrass them when someone in HR digs it up years later for a job interview or derail their run for political office when a blogger does a Google search.

Smile for the Cameras

Over the past decade, the UK has spent billions of pounds to install and monitor closed-circuit television (CCTV) cameras on tens of thousand of street corners around the country.

It’s a system that many homeland security fanatics hold up as an example of what should be done here in the US to reduce crime and fight terrorism.

Except that the technology has not been especially effective since “only 3% of street robberies in London were solved using CCTV images” and it’s not seen as much of a deterrent.

Use of CCTV images for court evidence has so far been very poor, according to Detective Chief Inspector Mick Neville, the officer in charge of the Metropolitan police unit. “CCTV was originally seen as a preventative measure,” Neville told the Security Document World Conference in London. “Billions of pounds has been spent on kit, but no thought has gone into how the police are going to use the images and how they will be used in court. It’s been an utter fiasco: only 3% of crimes were solved by CCTV. There’s no fear of CCTV. Why don’t people fear it? [They think] the cameras are not working.”

However, the police want to press on and put even more money into the system. They want to build a database of images caught on camera and use software that can automatically scan the pictures for details.

That’s fine for the bad guys, of course, but what about the rest of us caught on camera who are not guilty of anything.

Asked about the development of a CCTV database, the office of the UK’s information commissioner, Richard Thomas, said: “CCTV can play an important role in helping to prevent and detect crime. However we would expect adequate safeguards to be put in place to ensure the images are only used for crime detection purposes, stored securely and that access to images is restricted to authorised individuals. We would have concerns if CCTV images of individuals going about their daily lives were retained as part of the initiative.”

And we know that would never happen, right?

I’m going to be in London for a week this summer. Considering their campaign asking people to report “odd looking photographers”, I wonder how many pictures of CCTV cameras I can take before I get picked up. :-)