Archive for category Privacy
Facebookers trigger vote to choke Zuck’s data suck
Facebook may be forced to make changes to its data use policy after campaigners helped drive enough complaints about the company’s own proposed amendments to trigger a user vote on the matter.
Under Facebook’s ‘Statement of Rights and Responsibilities‘ the company is obliged to allow its users to vote on alternatives the company draws up if “more than 7,000 users comment” on its own proposals seeking to change those terms.
Earlier this month the social networking business, headed by billionaire Mark Zuckerberg, announced that it wanted to update its data use policy because the Irish data protection watchdog had asked it to “enhance” it in order “to be even more detailed about how [Facebook] uses information”.
The Office of the Irish Data Protection Commissioner (ODPC) audited Facebook Ireland’s privacy policies and practices late last year after it received complaints about the company’s use of personal data from privacy group Europe-v-Facebook. Facebook Ireland has responsibility for all Facebook users outside of the USA and Canada.
The watchdog told Facebook to make a number of changes to the way it uses and stores its users’ personal data and the way it explains its data use policy. It is due to commence another audit of Facebook in July in order to assess the company’s efforts in meeting these recommendations.
Facebook’s proposed changes to its data use policy include new explanations of its data deletion practices as well as the controls that users have over the sharing of information with third-party applications. However, 47,824 users commented on the plans with many posting opposition to the planned new terms and instead calling for the chance to vote on the “demands” outlined by Europe-v-Facebook.
The campaigners have said the planned changes would not address the concerns they have with Facebook’s privacy practices and have instead outlined their own alternatives. These include requiring Facebook to “implement an ‘Opt-In’ instead of an ‘Opt-Out’ system for all data use and all features (eg, face recognition, applications or tags).”
“Right now, we are going through to see if there are things that make sense to change or that we want to respond to,” Barry Schnitt, director of corporate communications and public policy at Facebook, has said, according to a report by CNET.
More than 30 per cent of “all active registered users as of the date of the notice” would have to vote on the terms of that notice in order for the vote to be “binding” on Facebook, according to the company’s terms.
According to Facebook, the site – which floated on the stock market this month – had 901 million monthly active users at the end of March 2012.
- Facebookers trigger vote to halt Zuck’s data suck (go.theregister.com)
- Coming Your Way… Less Intrusive Facebook Data Policies? (yro.slashdot.org)
- Facebook Users Campaign For Vote On Amended Privacy Rules (fastcompany.com)
Teacher’s aide fired for refusing to hand over Facebook password
By Emil Protalinski | April 1, 2012
Summary: Kimberly Hester, a teacher’s aide at an elementary school, was fired last year for refusing to give her Facebook password to her supervisors. She is now fighting a legal battle with the school district.
You can add this one to the short but growing list of employers demanding access to Facebook accounts. After refusing to give her Facebook password to her supervisors, Kimberly Hester was fired by Lewis Cass Intermediate School District from her job as an aide to Frank Squires Elementary in Cassopolis, Michigan. She is now fighting a legal battle with the school district.
This all started in April 2011, when Hester was using Facebook on her own time (when she wasn’t working at the school). She jokingly posted a picture of a co-worker’s pants around her ankles and a pair of shoes, with the caption “Thinking of you.”
A parent and Facebook friend of Hester’s saw the photo and complained to the school. A few days later, Lewis Cass ISD superintendent Robert Colby asked her three times for access to her Facebook account. Hester refused each of the district superintendent’s requests.
Soon after, Colby wrote Hester a letter, a part of which said the following, according to WSBT: “…in the absence of you voluntarily granting Lewis Cass ISD administration access to you[r] Facebook page, we will assume the worst and act accordingly.” Hester says he put her on paid administrative leave and eventually suspended her. She chose unpaid leave, to collect workman’s compensation, and vowed to put up a fight.
“I stand by it,” Hester said in a statement. “I did nothing wrong. And I would not, still to this day, let them in my Facebook. And I don’t think it’s OK for an employer to ask you.”
Hester plans to use the letter she received from Lewis in her legal case against the school district. The two parties are scheduled for arbitration in May. She will have a tough time given that there is currently no law barring her employer from asking for access to her Facebook account, although the issue has been put under a spotlight recently (see links below).
Michigan State Representatives Matt Lori and Aric Nesbitt have contacted Hester to let her know they are including her story in House Bill 5523, which aims to make it illegal for employers to ask employees and prospective employees for their Facebook password. Michigan is one of several states currently pushing for legislation that would make such practice illegal.
- Premier Season-Opening Prep Football Event Moves to Downtown Detroit; Games Include 2011 Champs Match-Up – Brother Rice vs. Cass Tech (prweb.com)
- School Makes 12-Year-Old Surrender Facebook Password (allfacebook.com)
- 12-year-old sues school district over Facebook profile search (news.cnet.com)
- Senators Want Employers’ Facebook Password Requests Reviewed – NYTimes.com (mbcalyn.com)
- School district demands Facebook password, 12-year-old girl sues (zdnet.com)
- That doesn’t mean your employer can use your Facebook password (erratasec.blogspot.com)
- Facebook: You Should Never Have to Share Your Password with Employers (techland.time.com)
- People Power Matters! (notnumber.wordpress.com)
TSA bars security guru from perv scanner testimony
Last minute excuse blocks Bruce Schneier
Security expert Bruce Schneier was been banned at the last minute from testifying in front of congress on the efficacy – or otherwise – of the US Transportation Security Administration’s (TSA) much-maligned perv scanners.
Schneier is a long-time critic of the TSA’s policies for screening travelers, and was formally invited to appear before the House Committee on Oversight and Government Reform and the Committee on Transportation and Infrastructure hearings. However, the TSA objected to his presence because he is currently involved in a legal case over the use of said scanners in US airports.
“I was looking forward to sitting next to a TSA person and challenging some of their statements. That would have been interesting,” Schneier toldThe Register. “The request to appear came from the committee itself, because they’d been reading my stuff on this and thought it would be interesting.”
Schneier, who is currently involved in an Economist debate on just this issue, has criticized the TSA’s procedures as “security theater“, designed to give the appearance of security without actually being effective. He has pointed out that the scanners are easily defeated, and that since people who do have items are merely forced to give them up and sent on their way, terrorists simply need to send enough people through the systems until one of them succeeds.
This isn’t the first time the TSA has been less than willing to have itself subject to anything like the same scrutiny that aircraft passengers are routinely put through. Last year they ducked out of similar hearings at the last minute, apparently because they didn’t want to sit next to representatives from the Electronic Privacy Information Center (EPIC).
The use of the perv scanners is highly controversial. The TSA has spent millions of dollars to buy them, and the industry hired ex–Homeland Security supremo Michael Chertoff as a lobbyist to push the technology. However, there have been numerous examples of people claiming to be able to beat the scanners, concerns about the health implications of scanning, and the so-called “homosexual” pat-downs introduced to encourage people to use them caused a national day of protest.
There are currently several ongoing legal cases against the scanners, including one recent case in which, it is claimed, attractive female subjects were being repeatedly ordered to use the devices. Personal airport searches have to be performed by a member of the same sex as the target, but no such rules are in place for operators of the scanners.
“I think the TSA has really painted themselves into a corner over this,” Schneier told us. “They’ve said the scanners were absolutely necessary for security, and made the pat downs you can have as an alternatives so unpleasant. It’s going to be really hard for them to back down, if indeed they can.”
- Bruce Schneier and the TSA (q-ontech.blogspot.com)
- TSA bars security guru from perv scanner testimony (go.theregister.com)
- Committee On Oversight & Government Reform (mbcalyn.com)
- TSA Oversight: Tell Us Your TSA Story (oversight.house.gov)
- Congress Wants Your TSA Stories (yro.slashdot.org)
- Congressional Testimony on the TSA (schneier.com)
- Vanity Fair On the TSA and Security Theater (news.slashdot.org)
- TSA Oversight Hearing Today at 130 PM EST: Effective Security or Security Theater? UPDATE: Video Added (nicedeb.wordpress.com)
- Recipe for Awesome: One Part Bruce Schneier + One Part Trope + One Part Geekery (crimedime.com)
- Bruce Schneier on The Internet, Scale and Trust (q-ontech.blogspot.com)
MARCH 26, 2012
Your privacy is a sci-fi fantasy
What if our personal information wasn’t digital and the collectors weren’t machines?
The assault on personal privacy has ramped up significantly in the past few years. Fromwarrantless GPS tracking to ISP packet inspection, it seems that everyone wants to get in on the booming business of clandestine snooping — even blatant prying, if you consider reports ofemployers demanding Facebook passwords prior to making hiring decisions.
What happened? Did the rules change? What is it about digital information that’s convinced some people this is OK? Maybe the right to privacy we were told so much about has simply become old-fashioned, a barrier to progress. In search of an answer, I tried a little thought experiment. Follow me, if you will, on a journey to a place in the space-time continuum I call the Land Before the Internet…
Through the looking glass
One bright sunny morning in the Land Before the Internet, you go on a job interview. You’re smart, skilled, motivated, and clearly destined to be an asset to any company that hires you. During the interview process, however, just as the HR manager begins to discuss the benefits package and salary, basically communicating that you have the job, he pauses.
“Oh, and we have a few procedural things to take care of,” he says. “We’ll need to assign a goon to follow you around with a parabolic microphone to listen to all of your conversations with friends, and we’ll have a few more follow your friends and family around to see what they’re saying.”
He continues: “Also, we’ll need full access to your diary, your personal records, and your photo albums. In fact, we’ll need the keys to your house, so we can rifle through your stuff to see what you have tucked away in the attic and whatnot. We will also need to do the same to all your friends. I assume that won’t be a problem?”
Just across town in the Land Before the Internet, a few officers in the local police station are bored, so they assign a few cruisers to shadow people at random, for an indefinite period of time. They pick names out of the phone book — selecting citizens who’ve otherwise raised no cause for suspicion — and follow them, simply because they can.
The cops meticulously document the citizens’ comings and goings, creating a very detailed report on their daily lives, complete with where they go, how long they stay, and when they return to their homes. They note when they go to the doctor, where they pick up their kids, everything. They maintain the tail for months or longer, then keep these reports forever.
It turns out that the police in the Land Before the Internet aren’t half as busy as the employees at the post office, who’ve been opening and reading every single letter you’ve sent and received — or the people at the phone company, who are assigned to listen to every phone call you make and transcribe the contents for easy search and recall at a later date. You could avoid their prying ears by speaking in code, but this would be documented as an attempt to evade eavesdropping, which is clearly an indicator that you’re engaging in some sort of nefarious activity. For instance, you might infringe on a copyright down the line, perhaps by singing a few bars of “In the Year 2525” to a friend over the phone.
Welcome to the twilight zone
Of course, these upside-down horrors are unimaginable in real life. The idea that the post office or phone company would snoop is just crazy — except it’s pretty much what the major ISPs are now volunteering to do. Police stalking innocent citizens could never happen in the United States, at least not without a judge’s approval — unless it means sticking GPS devices on their cars. And under no circumstances would we allow the prospect of gainful employment to be contingent on the abrogation of someone’s personal privacy — but we might need to examine your Facebook page.
These invasions of personal privacy are occurring now because they’re suddenly very easy to accomplish. The rapid advancements in processing power and storage have opened the door to the wholesale collection and storage of vast amounts of data that can be indexed and tied (however loosely) to individuals. There’s no way that any of these entities would have the means or personnel to do this Big Brother nonsense physically, but once those communications occur over the network, they think they’re fair game.
There are many instances where digital surveillance is a good idea and essentially required because of the medium: people working on highly secure defense projects, those working with sensitive information for corporations that could be a target of corporate espionage, and obviously those in positions that require interaction with information on private individuals that should not be disseminated. The use of digital monitoring and data collection is very important in these places.
Further, if you’re employed by a company, using corporate resources, you relinquish some right to privacy in order to protect the company from internal sabotage or damages that might ensue from vital internal planning, innovations, or intellectual property falling into the hands of the competition. In short, if you’re at the office running your mouth on Facebook and IM about sensitive internal information and get fired for it, it’s your fault. You’re unlikely to get fired for bitching about your ex-husband to a friend in an IM from your work PC, but don’t be surprised to know that your conversations are being monitored and recorded in an effort to crack down on the former.
However, that should not extend beyond the office or into your personal time and space. Invasive digital eavesdropping and coerced access to private social networking applications is an absurd example of throwing the baby out with the bathwater. In an effort to find the needle, we’re burning down the haystack.
- FTC Shifts Privacy Spotlight From Advertisers To Data Brokers (paidcontent.org)
- Google says it will cooperate with Safari privacy investigations (infoworld.com)
- FTC wants new privacy framework: asks for simple controls, transparent policies (engadget.com)
- Google launches privacy plan amid protests (infoworld.com)
- Clojure inventor Hickey now aims for Android (infoworld.com)
- Everything Is Spying On You (newsworldwide.wordpress.com)
- FTC Worried About Big Online Platforms, Only Sort Of Means Facebook and Google (techcrunch.com)
- EPIC sues FTC over Google’s planned privacy changes (infoworld.com)
- ☆ Writing For InfoWorld (webmink.com)
Senators Question Employer Requests for Facebook Passwords
By THE ASSOCIATED PRESS
Published: March 25, 2012
Two Democratic senators are asking Attorney General Eric H. Holder Jr. to investigate whether employers asking for Facebook passwords during job interviews are violating federal law, their offices announced Sunday.
Troubled by reports of the practice, Senators Charles E. Schumer of New York and Richard Blumenthal of Connecticut said they were calling on the Justice Department and the Equal Employment Opportunity Commission to begin investigations. The senators are sending letters to the heads of the agencies.
The Associated Press reported last week that some private and public agencies around the country were asking job seekers for their social media credentials. The practice has alarmed privacy advocates, but its legality remained murky.
On Friday, Facebook warned employers not to ask job applicants for their passwords, presumably so they could view applicant profiles on the site. The company threatened legal action against applications that violated its longstanding policy against sharing passwords.
A Facebook executive cautioned that if an employer discovered that a job applicant is a member of a protected group, the employer might be vulnerable to claims of discrimination if it did not hire that person.
Personal information such as gender, race, religion and age are often displayed on a Facebook profile — all details that are protected by federal employment law.
Not sharing passwords is a basic tenet of online conduct. Aside from the privacy concerns, Facebook considers the practice a security risk.
“In an age where more and more of our personal information — and our private social interactions — are online, it is vital that all individuals be allowed to determine for themselves what personal information they want to make public and protect personal information from their would-be employers. This is especially important during the job-seeking process, when all the power is on one side of the fence,” Mr. Schumer said in a statement.
Specifically, the senators want to know if the practice violates the Stored Communications Act or the Computer Fraud and Abuse Act. Those two acts, respectively, prohibit intentional access to electronic information without authorization and intentional access to a computer without authorization to obtain information.
The senators also want to know whether two court cases relating to supervisors asking current employees for social media credentials could be applied to job applicants.
The senators said they were writing a bill to fill in any gaps not covered by current laws.
- Demanding Facebook passwords may be illegal, senators warn (technolog.msnbc.msn.com)
- Senators Ask Feds to Probe Requests for Facebook Passwords During Job Interviews (techland.time.com)
- Employers Asking for Facebook Passwords Breaking the Law (unaskedadvice.wordpress.com)
- Sen Schumer Calls On Justice Department To Launch Facebook Probe (newyork.cbslocal.com)
- Senators want ruling on whether Facebook password requests are illegal (arstechnica.com)
- Two US senators ask the Attorney General to investigate employers asking for Facebook logins (theverge.com)
- Senators chime in on employers’ Facebook snooping (go.theregister.com)
- US senators: Investigate employers asking for Facebook passwords (zdnet.com)
- Senators ask feds to probe requests for passwords (news.yahoo.com)
- DOJ to log into Facebook password controversy? (foxnews.com)
Should Employers Be Allowed to Ask for Your Facebook Login? – Alexis Madrigal – Technology – The Atlantic
Should Employers Be Allowed to Ask for Your Facebook Login?
FEB 19 2011
Update 2/22, 5:11pm: The Maryland Department of Public Safety and Correctional Services has suspended the practice of asking for Facebook login information for 45 days, according to an email they sent to The Atlantic. See our full story on the development.
The American Civil Liberties Union has taken up the cause of a Maryland man who was forced to cough up his Facebook password during a job interview with the Department of Corrections in that state.
According to an ACLU letter sent to the Maryland Department of Corrections, the organization requires that new applicants and those applying for recertifications give the government “their social media account usernames and personal passwords for use in employee background checks.”
The ACLU calls this policy “a frightening and illegal invasion of privacy” and I can’t say that I disagree. Keep in mind that this isn’t looking at what you’ve posted to a public Twitter account; the government agency here could look through private Facebook messages, which seems a lot like reading through your mail, paper or digital.
While it’s not surprising that some employers might want to snoop in your social media life, it strikes me as a remarkable misapprehension of what Facebook is to think that it should be wholly open for background investigations. Legally, things are probably more complex, but it seems commonsensical that carte blanche access to your communications should be off-limits.
The case also shows a downside to Facebook’s scale. It stands to reason that the bigger they get, the more that employers and others concerned with the age-old enterprise of covering their asses will feel the need to know what their employees are up to on the service. That alone isn’t going to derail the Facebook juggernaut, but it might slow down people’s engagement on the site as they realize maybe a private, unknown e-mail account is a better way of sending sensitive messages.
Here’s the Maryland man, Officer Robert Collins, describing what happened in his specific case:
<embed src=’http://www.aclu.org/swfobject/mediaplayer.swf’ height=’493′ width=’600′ allowscriptaccess=’always’ allowfullscreen=’true’ flashvars=”&bandwidth=5000&dock=false&file=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DbDaX5DTmbfY&image=http%3A%2F%2Fi.ytimg.com%2Fvi%2FbDaX5DTmbfY%2F0.jpg&level=0&plugins=viral-2d”/>Should Employers Be Allowed to Ask for Your Facebook Login? – Alexis Madrigal – Technology – The Atlantic.
- Alexis Madrigal: What is Pinterest and why should I care? – Some say the Next Big Thing (nextlevelofnews.com)
- Here’s Your Job Application. Now Give Us Your Facebook Password | Common Dreams (2012indyinfo.com)
- You No Longer Have a Right to Privacy (bigthink.com)
- How frictionless sharing could undermine your legal right to privacy (nextlevelofnews.com)
- The Fastest Adopted Gadget Isn’t What You Think [Gadgets] (gizmodo.com)
- Drudge is like a 1995 Ford Escort with a 500-horsepower advertising engine (nextlevelofnews.com)
- → Here’s the Number That Matters in Facebook’s IPO Filing (theatlantic.com)
- Would You Buy A Drone To Walk Your Child To School? (forbes.com)
- Senators Ask Feds to Investigate Facebook Employment Snooping Problem [Facebook] (gizmodo.com)
- Senators want ruling on whether Facebook password requests are illegal (arstechnica.com)