Google Cars grabbed Locations of Phones, PCs

by Declan McCullagh
July 26, 2011

Google’s Street View cars collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world, a practice that raises novel privacy concerns, CNET has confirmed.

The cars were supposed to collect the locations of Wi-Fi access points. But Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data publicly available through until a few weeks ago.

The French data protection authority, known as the Commission Nationale de l’Informatique et des Libertés (CNIL) recently contacted CNET and said its investigation confirmed that Street View cars collected these unique hardware IDs. In March, CNIL’s probe resulted in a fine of 100,000 euros, about $143,000.

The confirmation comes as concerns about location privacy appear to be growing. Apple came under fire in April for recording logs of approximate location data on iPhones, and eventually released a fix. That controversy sparked a series of disclosures about other companies’ location privacy practices, questions and complaints from congressmen, a pair of U.S. Senate hearings, and the now-inevitable lawsuits seeking class action status.

A previous CNET article, published June 15 and triggered by the research of security consultant Ashkan Soltani, was the first to report that Google made these unique hardware IDs–called MAC addresses–publicly available through a Web interface. Google curbed the practice about a week later.

But it was unclear at the time whether Google’s location database included the hardware IDs of only access points and wireless routers or client devices, such as computers and mobile phones, as well.

Anecdotal evidence suggested they had been swept up. Alissa Cooper, chief computer scientist at the Center for Democracy and Technology and co-chair of an Internet Engineering Task Force on geolocation, said her 2009 home address was listed in Google’s location database. Nick Doty, a lecturer at the University of California at Berkeley who co-teaches the Technology and Policy Lab, found that Google listed his former home in the Capitol Hill neighborhood in Seattle.

Read Full Article…

A Healthy Disease: Facebook Fatigue

Hundreds of thousands in Europe and Canada close their Facebook accounts. What will Americans do?

by Luis R. Miranda
The Real Agenda
June 14, 2011

Privacy scares, invasion of privacy and boredom prompted hundreds of thousands of Facebookers to close their accounts in Europe, Canada and it is estimatedthat thousands of Americans will follow them. Although social networking became an everyday practice, a part of people’s life, there is only so much users can get from a social network before it turns boring, annoying and unsafe.

Is the world experiencing Facebook fatigue?

Recent estimates show that so far, at least 100,000 people dropped from Facebook in Britain. In Canada some 1.5 million users decided to say goodbye to their “blue home”. Meanwhile, in the U.S. preliminary accounting reveals that 6 million people have logged off. But is this a surprise? Hardly. Privacy advocates complained about Facebook’s use of technology to gather more than the necessary information for people to become users.

According to the Mail Online, membership growth on Facebook has slowed around the world. Still, the social network is bullish about getting to the magic number of 1 billion members. Although Facebook membership continues to decrease in the developed world, in third world countries the number of people who sign up continues to increase. A reason for this is the fact that third world nations suffer from lack of access to technology such as internet, satellite and cable television, and so on. This makes it harder for people in those parts of the world to learn about social networks and consequently to use them.

According to the Mail, there is a possible “natural membership saturation” that may help Facebook and other social networks memberships to become stagnant. “In the U.S, user numbers dropped from 155.2million to 149.4 million throughout May. In Canada there was also a fall, of about 1.5million users, while in Russia and Norway numbers also fell by more than 100,000 use,” says the Mail.

When interviewed, Inside Facebook’s Eric Eldon says that once Facebook reaches half of a country’s population, the trend is for growth numbers to stop. Facebook users become bored just as any man or woman tries the next new thing, says psychologist Graham Jones.  “People get terribly excited about something new and after a while the novelty wears off. ‘Even if it is a new TV series everybody thinks it is fantastic at the beginning and things tail off.”

But how much of the decline stems on security concerns? Facebook just as Google and Apple have been caught lately using technology to gather information that many privacy advocates and users labeled as unnecessary and a violation of privacy. Facebook activated a feature that traces people in photos posted on the social network using face recognition software. The problem is, they did not warn users about it. Apple on the other hand, recorded iPhone users’ movements without warning users about it. And Google? Well, it is just one invasion of privacy after another.

Amazingly, most if not all of the data gathering occurring on Facebook Apple and Google was mandated by the United States Telecommunications Act of 1996. That means corporations are obligated to gather and record such data because the United States government demands it. Information gleaned from the Internet raises constitutional and evidentiary issues that must be considered, including privacy and the right against unreasonable searches and seizures, said Chief U.S. District Judge Gerald E. Rosen, who also is an evidence professor at Wayne State University. Evidence obtained from the Internet and social media sites also raises issues about whether the information can be authenticated, he said. To the Telecommunications Act of 1996 one needs to add the Cybersecurity Act of 2010, which greatly expanded the powers of government and its agencies to snoop around.

Facebook has continuously rejected accusations of invasion of privacy and through its spokespeople has always claimed that although they receive “significant volume of third-party data requests” all of those requests are individually and carefully analyzed for “legal sufficiency.”

But perhaps a more serious problem that Facebook alone gathering user data, is the fact that the government itself uses social networks such as Facebook, Twitter, Orkut and others to influence people. As reported by Russia Today in April, government intelligence officials make their rounds in Facebook and other social networks with the specific intent to gather information. According to former intelligence analyst, Wayne Madsen, government agencies use software such as Carnivore not only to spy on what people do, but to tell people how to do it.

The trend raises privacy and evidentiary concerns in a rapidly evolving digital age and illustrates the potential law-enforcement value of social media, experts said. “The FBI and other government agencies are facing a potentially widening gap between our legal authority to intercept electronic communications pursuant to court order and our practical ability to actually intercept those communications,” FBI General Counsel Valerie Caproni testified.

Invasive technology issues is not limited to the United States. In the United Kingdom, the government pledged to spy on every e-mail, call and web click under the excuse of national security and the war on terrorism. According to Tom Burghardt, state agencies ranging from the CIA to the National Security Agency are pouring millions of dollars into data-mining firms which claim they have a handle on who you are or what you might do in the future.

In July, security journalist Noah Shachtman revealed in Wired that “the investment arms of the CIA and Google are both backing a company that monitors the web in real time–and says it uses that information to predict the future.”

Shachtman reported that the CIA’s semi-private investment company, In-Q-Tel, and Google Ventures, the search giant’s business division had partnered-up with a dodgy outfit called Recorded Future pouring, according to some estimates, $20 million dollars into the fledgling firm.

A blurb on In-Q-Tel’s web site informs us that “Recorded Future extracts time and event information from the web. The company offers users new ways to analyze the past, present, and the predicted future.”

A report concerning the current trend on Facebook fatigue published on says that if the slowing trend continues for a couple of months, executives at Facebook may need to think about the company’s future. Could it be they have not done that yet? And if the reports about government involvement in data mining are as serious as described by Madsen, Burghardt and others -it wouldn’t be a surprise- then that fact alone may be the trigger for a massive migration of users to alternative communication technology. For example, people worried about Google keeping tabs on what they look at online, have the option to use, which is a search engine that does not record users’ data, although it has the benefit of providing Google search results.

If the boredom and monotony of Facebook and the rest of the social networks is not enough to make people shut down their accounts, maybe the explicit invasion of privacy carried out by the social networks on behalf of the government or through government intelligence agencies themselves will be a reason to consider disconnecting themselves from them. It is likely that the real impact of the so called “fatigue” shows its real effects once third world countries’ users -who lag behind- realize how dull and unsafe Facebook is.

The People vs The Full Body Scanners

By Declan McCullagh

Two months ago, Homeland Security Secretary Janet Napolitano announced that the federal stimulus legislation would pay for the purchase of hundreds of controversial full-body scanners.

“Through the Recovery Act, we are able to continue our accelerated deployment of enhanced technology as part of our layered approach to security at airports nationwide,” Napolitano said at the time.

Since then, the number of scanners has roughly doubled since Napolitano’s announcement and are now found in 68 U.S. airports, and the Transportation Security Administration says the controversial devices have proven to be a success.

“We have received minimal complaints,” a TSA spokeswoman told CNET yesterday. She said that the agency, part of DHS, keeps track of air traveler complaints and has not seen a significant rise.

A growing number of airline passengers, labor unions, and advocacy groups, however, say the new procedures–a choice of full-body scans or what the TSA delicately calls “enhanced patdowns”–go too far. (They were implemented without much fanfare in late October, amid lingering questions (PDF) about whether travelers are always offered a choice of manual screening.)

Unions representing U.S. Airways pilots, American Airlines pilots, and some flight attendants are advising their members to skip the full-body scans, even if it means that their genitals are touched. Air travelers are speaking out online, with a woman saying in a YouTube video her breasts were “twisted,” and ExpressJet pilot Michael Roberts emerging as an instant hero after he rejected both the body scanning and “enhanced patdowns” options and was unceremoniously ejected from the security line from Memphis International Airport.

One lawsuit has been filed and at least two more are being contemplated. There are snarky suggestions for what TSA actually stands for, attempts at grope-induced erotic fiction, and now even a movie.

These privacy concerns, and in a few cases even outright rebellion, come as an estimated 24 million travelers are expected to fly during the 2010 Thanksgiving holiday season. One Web site,, is recommending what might be called strict civil obedience: it suggests that all air travelers on November 24, the day before Thanksgiving, choose “to opt-out of the naked body scanner machines” that amount to “virtual strip searches.”

Normally, that kind of public outcry might be enough to spur TSA to back down–after all, in 2004 it relaxed its metal detector procedures to allow passengers a second try, and a year later it relaxed its rules to allow scissors in carry-on bags. Plus, the U.S. House of Representatives (but not the Senate) approved a bill saying that “whole-body imaging technology may not be used as the sole or primary method of screening a passenger.”

But with a lame duck Congress not even in session until next week, no hearings on full-body scanners currently scheduled, and renewed concerns about explosives in printer cartridges, an immediate reversal seems unlikely.

Instead, TSA is defending its practice. “TSA constantly evaluates and updates screening procedures to stay ahead of evolving threats, and we have done so several times already this year,” a spokeswoman said. “As such, TSA has implemented an enhanced pat down at security checkpoints as one of our many layers of security to keep the traveling public safe.”

“Administrator John Pistole is committed to intelligence-driven security measures, including advanced imaging technology and the pat down procedure and ordered a review of certain policies shortly after taking office to reinforce TSA’s risk-based approach to security,” TSA said. “We look forward to further discussion with pilots on these important issues.”

TSA’s official blogger, who uses the apparent pseudonym Blogger Bob, went so far as to say this week that: “There is no fondling, squeezing, groping, or any sort of sexual assault taking place at airports. You have a professional workforce carrying out procedures they were trained to perform to keep aviation security safe.”

Another possible catalyst for an eventual change in screening procedures is a lawsuit that the Electronic Privacy Information Center, a non-profit advocacy group, filed against the TSA and Homeland Security last week.

“The agency went off the rails in the spring of 2009 when it decided on its own authority to make body scanners the primary screening technique in the United States,” says Marc Rotenberg, EPIC’s executive director. “We think there had to be a public rulemaking. We think the conduct implicates freedom of religion. We think it implicates the Privacy Act.”

EPIC’s lawsuit is ambitious. It says that TSA should have conducted a formal, 90-day public rulemaking to “fully evaluate all privacy, security, and health risks” and wants the DC Circuit to require the agency to conduct one. In addition, making full-body scanners the primary method of screening violates the Fourth Amendment, the suit says, because the scans are “far more invasive than necessary.”

In September, the DC Circuit shot down EPIC’s initial request for an emergency halt, saying the standards for a preliminary injunction against TSA were not met. Rotenberg remains optimistic, saying “these are obligations that are written into federal law” that TSA must follow. (This time, EPIC is not asking for an emergency injunction.)

The ACLU says it’s also weighing a lawsuit but has not filed one so far.

TSA has “always done pat-downs,” but until recently they haven’t been so aggressive, says Chris Calabrese, legislative counsel at the ACLU in Washington, D.C. “The pat-downs never used to go up a woman’s skirt.”

“It’s become troubling,” Calabrese says. “You’ve got these controversial naked strip search machines that they’re rolling out at airports across America. And if you choose not to go through the naked strip search machine, you’re subject to this (level of intrusive physical contact). It seems punitive. It seems designed to drive you to the naked strip search machine.”

Body scanners penetrate clothing to provide a highly detailed image that TSA says is viewed by a remote technician. Technologies vary, with millimeter wave systems capturing fuzzier images with non-ionizing radio waves and backscatter X-ray machines able to show precise anatomical detail.

TSA says it does not store scans, and there is no evidence indicating the agency does at routine airport checkpoints.

But documents that EPIC obtained show the agency’s procurement specifications require that the machines be capable of storing the images on USB drives. A 70-page document (PDF), classified as “sensitive security information,” says that in a test mode the scanner must “allow exporting of image data in real time” and provide a mechanism for “high-speed transfer of image data” over the network.

Another federal agency, the Marshals Service, has acknowledged (PDF) that tens of thousands of images from a Brijot Gen2 machine were stored from just one courthouse checkpoint.

The Gen 2 machine, manufactured by Brijot of Lake Mary, Fla., uses a millimeter wave radiometer and accompanying video camera to store up to 40,000 images and records. Brijot boasts that it can be operated remotely: “The Gen 2 detection engine capability eliminates the need for constant user observation and local operation for effective monitoring. Using our APIs, instantly connect to your units from a remote location via the Brijot Client interface.”

Meanwhile, the backlash among air travelers will likely continue as more full-body scanners pop up in airports and more travelers are faced with the choice of intrusive scanning or an intrusive pat-down done with someone’s fingers instead of the back of a hand. Body scanners in the Orlando airport were turned on yesterday, for instance, and they’ve appeared at Dulles airport this week as well.

A flotilla of Web sites, including,, and is hoping to translate that dissatisfaction into political action. The Council on American-Islamic Relations sent out a travel advisory yesterday with special recommendations for Muslim women.

Another line of attack is health concerns: biochemistry faculty members at the University of California at San Francisco have written the White House saying the X-ray “dose to the skin may be dangerously high.” (A response co-authored by FDA and TSA officials dismissed any health risks as “miniscule.”)

“For some reason TSA is rushing these things out,” says Charlie Leocha of the Consumer Travel Alliance. “They haven’t fully studied them. They haven’t tested them. They don’t know if it’ll detect the explosives you’re looking for…We’re at a perfect storm, but will TSA listen to anyone? I don’t know.”

Related Links:









Partner Links