Defending The Kingdom

A federal judge ruled yesterday that the National Security Agency’s program to wiretap the international communications of some Americans without a court warrant violated the Constitution, and she ordered it shut down.

According to the New York Times, the United States government filed an appeal to prevent the ruling from being enforced immediately and was successful in doing so.

More on this to come.

Wired News has an excellent article called FAQ: AOL’s Search Gaffe and You.

In it, questions such as “Why did AOL release the records?” and “AOL says it anonymized the data by replacing the AOL user ID with a randomized number. Is it possible for someone to figure out who I am just from my searches?” are posed and answered in a straightforward way.

The following question is probably the most pertinent for those who would like to avoid search engine privacy infringements:

Has the government ever requested such records before?

Yes. One attempt was made public last fall when Google fought a subpoena from the Justice Department which asked for similar records from AOL, MSN, Yahoo and Google. The feds wanted the records to help defend an ongoing court challenge to the Child Online Protection Act. Google largely won that battle, but Yahoo, MSN and AOL all turned over records to the government. The government may have also asked for large quantities of search records as part of antiterrorism efforts, but those subpoenas and warrants typically come with gag orders that would prevent the search engines from publicly discussing them.

As far as I know, MSN, Yahoo, and AOL didn’t put up the slightest resistance. Google is not beyond reproach on all things privacy related, but the company is certainly a big step ahead of its competition in this instance.

Forbes says some security firms are over-hyping threats to boost sales:

Verisign, the intrepid Web security giant, issued an ominous warning in December. It predicted an imminent invasion by a worm called Sober, which would infect networks worldwide and clog up the Internet. It would be timed to coincide with the 87th anniversary of the founding of the Nazi party. Other firms joined in a chorus of worry, offering an abundance of soundbites for news outlets. Then in January dozens more reports, similarly circulated by security firms, warned that an e-mailed virus called Kama Sutra would ruin PCs from Seattle to Sri Lanka.

Neither outbreak ever occurred. Two small security software outfits claimed credit for blocking Kama Sutra, but Microsoft said later the threat was overblown. Vincent Weafer, who runs the security response division at Symantec, the world’s largest seller of antivirus software, concedes both threats were duds and that his rivals overhyped them. “To get attention, you pick something new and say the sky’s falling down,” he says.

Protecting yourself isn’t as easy as you would like, but it’s not hard either. Keep a level head, use common sense, and you’ll be fine.

Two days ago, I linked to a New York Times article that was about AOL’s badly conceived breach of its users’ privacy. As far as I know, availability to that page was not limited just to subscribers or just those who have registered with the New York Times.

However, if you click on the link in about a week’s time, you will likely have to sign in with a username and password to access the article. If you have yet to register with the Times, you will need to provide your email address, gender, date of birth, ZIP code, country of residence, household income, job title, and industry of employment to do so. That’s a lot of information, much of it quite personal.

It is clear why the newspaper would want this information: it helps them understand their readership, resulting in articles that are better-targeted to them.

Because I understand where the Times is coming from, I almost hate to make a fuss about registering with them. It’s a fine newspaper and I love reading their articles. The problem I have, and you can probably empathize, is that I need to register for just about all online newspapers I want to read. It’s a burden and, at times, a privacy risk. (continue reading…)

This website is all about keeping your privacy. But I should make a qualification: it’s about keeping your information as private as possible. The miserable reality remains that you will not always have control over your data and your privacy.

That’s not to say that you should give up on keeping your information secure – you shouldn’t. But try to be prepared when the worst happens, as it did on August 4, 2006.

Last Friday, AOL posted on one of its websites a compressed text file holding 20 million search terms and phrases for about 650,000 users. The data was collected between March and May of 2006.

AOL has since removed the text file and issued an apology, but the damage is done (especially since the file is still available through other sources – once something is on the internet, it doesn’t disappear easily). This was taken from TechCrunch, which has been following the story closely:

AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the abilitiy [sic] to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box.

The most serious problem is the fact that many people often search on their own name, or those of their friends and family, to see what information is available about them on the net. Combine these ego searches with porn queries and you have a serious embarrassment. Combine them with “buy ecstasy” and you have evidence of a crime. Combine it with an address, social security number, etc., and you have an identity theft waiting to happen. The possibilities are endless. (continue reading…)