The protest yesterday included both physical and online events. The online activity included both the #Stopthe NSA and #TheDayWeFightBack hashtags. Consumers placed 86,454 phone calls and sent 178,903 e-mail messages to their elected officials in government worldwide. All within 24 hours.
Visit The Day We Fight Back site to learn more about activity in the United States and worldwide. Notable tweets yesterday by elected officials in the United States:
Meanwhile yesterday, House Speaker John Boehner tweeted about the ACA and the death of Shirley Temple, but did not tweet anything about NSA reform and surveillance. Senate Leader Harry Reid did not tweet anything about NSA reform and privacy, either.
I hope that you will join me in today's protest to demand that the USA government reform the National Security Agency (NSA) programs that spy on everyone. Why take action? The Center For Internet And Society (CIS) at Stanford law School explained the situation well:
"With unfettered information about everyone, we can be singled out, targeted, marginalized, investigated, discredited, or jailed for pushing for peaceful change... So we join The Day We Fight Back to help end mass surveillance, and we hope you will join us, too... Last summer, the world learned that the United States’ intelligence agencies are conducting mass surveillance of millions of innocent people--Americans and citizens of other nations. We don’t know the whole story. Surveillance practices are secret, targets are secret, and even some of the laws under which the agencies operate are secret. The government has many techniques for masking the full scope of its information collection. Nevertheless, newspapers report that the National Security Agency obtained 70 million French telephone calls and 60 million Spanish ones in a single 30-day period. In a single day, the agency sucked in 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers. The NSA also collects daily contacts from an estimated 500,000 buddy lists on live-chat services as well as from the inbox displays of Web-based e-mail accounts. It collects approximately 250 million communications and “communications transactions” a year from inside the United States, a collection that includes Americans’ messages and calls with people overseas, as well as improperly collected purely domestic communications the NSA nevertheless keeps. The agency also obtains hundreds of thousands of peoples’ calling records under a law whose primary sponsor says was never conceived of for bulk collection purposes. Perhaps worse, the United States government actively undermines Internet security by subverting the process for adopting encryption standards and forcing companies to install surveillance back doors."
Action by Congress is long overdue. Unfamiliar with the issues? Read the Surveillance section of this blog, and follow any of the above links. Then, take action. You can contact your elected officials using the banner that overlays all posts on this blog, here, or here.
Last month, Google applied for two U.S. patents containing technologies to automatically identify, catalog, and track videos you upload about any trending event. The first patent application, "Inferring Events Based Upon Mob Sourced Video," included the following description:
"Methods and systems are disclosed for inferring that an event of interest (e.g., a public gathering, a performance, an accident, etc.) has likely occurred. In particular, when there are at least a given number of video clips with similar timestamps and geolocation stamps uploaded to a repository, it is inferred that an event of interest has likely occurred, and a notification signal is transmitted (e.g., to a law enforcement agency, to a news organization, to a publisher of a periodical, to a public blog, etc.)."
Note that "a law enforcement agency" is specifically mentioned. That could include local police for your city, or one of the federal agencies (e.g., FBI, NSA, DEA, ATF, etc.). The "mob" reference does not mean organized crime, but instead means videos uploaded by several consumers... regular, innocent people like you and I that probably aren't doing anything illegal except attending a public event. The "repository" could be any single or multiple social networking sites (e.g., Facebook, Instagram, Snapchat, etc.).
The patent collects and monitors videos based upon metadata in the videos that meet the search criteria set by the organization doing the tracking:
"In one embodiment, a computer system pre-processes existing video clips in a video clip repository by defining groups of "related" video clips, based on the timestamps and geolocation stamps of the video clips. When there is a group whose size (i.e., the number of video clips in the group) meets or exceeds a size threshold, the computer system transmits a notification to one or more recipients (e.g., a news organization, etc.) that an event of interest likely occurred at the indicated time and geolocation. In one such embodiment, the computer system also determines the particular recipient(s) of the notification based on the geolocation of the event (e.g., an event in Manhattan might be transmitted to NYC Police and Channel 7 New York, etc.), the time of the event (e.g., an event at 3:00 am might go to the police but not a television station)... In one embodiment, after the repository has been processed, the computer system monitors video clips that are newly-uploaded to the repository and, based on their timestamps and geolocation stamps, adds the newly-uploaded video clips to existing groups, or creates new groups. When a video clip is added to a group and the size of the group has reached, for the first time, the size threshold, the computer system transmits one or more notifications, as described above."
The second patent application, "Mob Source Video Collaboration," includes this description:
"In an embodiment of the present invention, a computer system determines that a set of two or more video clips are of the same event (e.g., a wedding, a sports event, an everyday scene, etc.) when the timestamps and geolocation stamps match, within suitable thresholds. For example, if two video clips have respective timestamps of 2:03-3:05 pm and 2:01-2:56 pm and their geo-location stamps are within 20 meters of each other, then the computer system might identify the two video clips as being of the same event... In one embodiment, a computer system pre-processes the existing video clips in a video clip repository by identifying, based on timestamps and geolocation stamps, video clips that are "related" to one another (i.e., that are of the same event). The computer system then sends a message to each author of a video clip in the repository, inquiring whether the author grants permission to: notify the authors of related video clips of the existence of the video clip, and notify followers of these authors of the existence of the video clip. For example, if Mary Jones has uploaded a video clip of his brother John's wedding to a video clip repository, Mary will receive a message that inquires whether she gives permission to notify the authors of other video clips of John Jones' wedding (e.g., Mary's cousin Betty, etc.) of the existence of her video clip, as well as whether she gives permission for followers of these other authors to also be notified of the existence of the video clip."
So, the technologies in the patents would allow organization to follow videos about breaking events as they happen, as you follow people today within social networking sites. The technologies would also notify you of others who recorded video of the same event, and facilitate connecting with them. Phandroid reported:
"The exact details of this system – if put into practice – would likely be buried deep in a Terms of Service document. We’re guessing the most effective solution (for Google) would be collect aggregate and anonymous data to which you opted-in (time and location data of multimedia), extrapolating that data to identify “mob source” events, and then sharing related, publicly available multimedia to 3rd parties. This could be used in any of the typical “nothing attracts a crowd like a crowd” scenario, from bar fights and car accidents to flash mobs..."
If you aren't aware, your mobile devices automatically attach geolocation data (e.g., GPS coordinates) to every photo and video you take; unless you turn off the GPS feature. Most people don't turn off the GPS feature with their smartphone's camera because other apps (e.g., maps, travel directions, shopping, etc.) use the GPS feature. The geolocation and timestamps data are part of the metadata attached to your photos and videos; data that social networking sites are eager to use.
The technologies in these patent could be helpful to collect videos about a specific event. Many people create event pages on social networking sites. The patents could make it easier for event organizers to collect video about their event. That's the positive. The negative: the technologies could also be used to invade consumers' privacy.
After reading these patent applications, several things came to mind. First, while the patents mentioned harmless applications (e.g., weddings, performances, auto accidents, etc.), this is anything but. It is all about law enforcement. During and after the Marathon bombings in April 2013, law enforcement had difficulty collecting, and then sorting through, the mountain of consumer-produced videos and photographs. The technologies in these two patents would solve those problems. Plus, Google operating system software already contains NSA code. Google seems quite content to pursue technologies to facilitate surveillance.
Second, I found the "mob" description troubling. It implies something negative, when the terms "group-sourced" or "crowd-sourced" could have been easily used instead. I guess that in the surveillance state, everyone is a potential threat whether you have done something illegal or not.
Third, the patents don't really solve a consumer problem. Unless you are new to the Internet and social networking sites, you are already connected to the people you want to follow; and the content your connections produce. For a wedding, the couple has already invited the people they want to attend via registrations at gift or event sites.
Fourth, the technologies in these patents probably represent the next step of the tracking technology. We consumers have already experienced facial recognition in social networking websites. The goal has been to identify people and locations in photographs. Now, the goal is to identify people and places in videos. Fifth, neither patent mentions minors and how the video targeting and cataloging technologies won't run afoul of FTC rules about the collection of data about minor children.
Think about this the next time you record videos at a public event: concert, sports game, group activity (e.g., bicycling, swim or track meet, etc.), vacation, school outing to a museum, dinner in a restaurant with friends or classmates, and/or a public demonstration or protest. You are at the event enjoying it and minding your own business. yet, the videos you upload are potentially considered part of some "mob" action.
Does that sound right to you? Not to me.
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."
Nobody wants a new technology to intimidate or hinder the rights of citizens to assemble peaceably.
Want some privacy online? It's getting more and more difficult. Turn off the GPS feature for the camera in your mobile device when taking photographs and videos. Be careful about what video you upload to social networking Web sites. Make your privacy settings "friends only" for videos you post on social networking sites.
What are your opinions of the two patents?
Now is the time to take action. If you believe that it is wrong for the NSA to perform bulk collection of telephone metadata of citizens not suspected of any crimes. insert NSA code into software products without notice to consumers, and undermine Internet encryption standards, then now is the time to take action. Unacceptable privacy violations have happened, and too many questions are still unanswered.
If you believe that the proposed surveillance reforms by the Obama Administration are insufficient, then now is the time to take action.
On Tuesday, February 11, Internet users across the United States and several organization (including Demand Progress, the Electronic Frontier Foundation, Fight for the Future, Free Press, BoingBoing, Reddit, Mozilla, and others) will join together to pressure lawmakers to end mass surveillance.
Click on the "Fight Back" image to learn more. At the "Fight Back" site, you can read more, sign up for e-mail alerts, and find events near you.
ABC News published a news story recently that helps make the loss of Net Neutrality real for consumers... especially those that stream video content. A Federal appeals court recently ruled in favor of Verizon in its lawsuit against the Federal Communications Commission.
How consumers could (probably will) be affected:
Of course, Verizona nd others claim the loss of Net Neutraility will spur innovation. Yep... inovative ways to charge consumers more. And, your Internet bill will look more like your cable TV bill: complicated and more expensive.
I sincerely hope that this bothers you, because it is time to act to save the Internet. Contact your elected officials today and demand action. There are several online petitions you can sign, including the ACLU, Bold Progressives, and Daily Kos.
The Giving Voice To Values initiative (GVV) announced recently a joint venture with Business Expert Press (BEP) to produce a series of books on Business Ethics and Corporate Social Responsibility. According to the The announcement (Adobe PDF), the goal of the book collection is to provide:
"... practical, solutions-oriented, skill-building approach to the salient questions of values-driven leadership... [and] emphasize research-based practical examples and guidance on how to positively enact values-driven leadership positions, rather than to focus solely or primarily upon ethical debate."
GVV includes both research and a curriculum taught worldwide in higher-education schools worldwide. GVV is:
"... designed to transform the foundational assumptions upon which the teaching of business ethics is based, and importantly, to equip future business leaders to not only know what is right — but how to make it happen."
The joint venture seeks concise business education books of about 150 pages that target undergraduate, MBA, and executive education students:
"Books may be focused upon a functional area (e.g., Accounting Ethics); an industry (e.g., Ethics in the Financial Sector); a regional area (e.g., Practical Ethics in India); or some combination of the above. Although it is fully expected that some manuscripts may well include a focus upon the theory and analysis of ethical questions, or the history and benchmarks of Corporate Social Responsibility as it has evolved..."
I look forward to hearing more about the GVV/BEP joint venture and the books it publishes. Improved ethics by executives are sorely needed. One doesn't have to look far to find examples of unethical executive behavior, fines, and wrongdoing: JPMorgan Bank, Johnson & Johnson, Moneygram, CVS, government contractors, companies with data breaches, employers that commit wage theft, companies that produce leaky mobile apps, and companies that publish fake online reviews. A 2013 study found that junior banking executives consider wrongdoing an accepted way to advance in their careers.
BEP is a leading resource in business education. The company publishes collections of concise, academically sound, and applied books for undergraduate, MBA and executive business education. Books are available in both print and e-book formats.
The Neiman Marcus Group disclosed some detail about its recent data breach. In a letter to its customers, Karen Kay the President and CEO, stated that malware had been secretly installed in its systems, and stole shoppers' payment information from July 16, 2013 to October 30, 2013. As many as 1.1 million shoppers were affected. The letter also said:
"... Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently."
The retailer notified thiese 2,400 breach victims on January 10. So far, only shopper's debit/credit card payment information has been stolen: card numbers, expiraton dates, and cardholders' names:
"Social security numbers and birth dates were not compromised. Our Neiman Marcus and Bergdorf Goodman cards have not seen any fraudulent activity. Customers that shopped online do not appear to have been impacted. PINs were never at risk because we do not use PIN pads in our stores."
Several state governments require companies to notify them about data breaches affecting their residents. In a breach notification letter (Adobe PDF) to the New Hampshire Department of Justice, the retailer provided more details about the breach:
"As a result of the investigation we initiated, using two of the leading computer forensice investigative firms, we learned for the first time on January 1, 2014 (preliminarily), and then more concretely on January 2 and 3, that sophisticated, self-concealing malware that can "scrape" (copy from temporary memory during execution of payment) payment card information ("the scraping malware") had been clandestinely inserted into our system. We later learned that this malware had been inserted in our system as early as July 2013... it appears that the scraping malware was active between July 16, 2013 and October 30, 2013... it appears that the scraping malware was not operating at all Neiman Marcus Group stores..."
So, the malware affected shoppers in several of the retailer's store chains. The usage of the term "system" seems to suggest that the retailer's network was infected with malware, not just point-of-sale (PoS) computers. It seems that multiple types of malware were involved in the breach:
"Separate, related malware that allows this scraping malware to function appears to have been clandestinely inserted earlier in 2013. Neiman Marcus was not aware of any of this hidden malware until it was discovered this month by our investigative experts..."
The retailer said it has postal (street) address information for only 31% of the 1.1 million shoppers, and it has identified 822 New Hampshire residents (with street addresses) affected by the breach. The Neiman Marcus Web site contains the breach letter and frequently-asked-questions; basic content for shoppers that have never experienced a data breach before.
Global security firm RSA announced the discovery of "ChewBacca" malware attacks which targeted point-of-sale (PoS) systems in retail stores. The malware attacked and stole shoppers' credit card payment information in 11 countries, including the United States, Australia, Canada, and Russia:
"While the malware used in the operation is not new, RSA researchers discovered that, beginning October 25th, it had logged track 1 and 2 data of payment cards it had scraped from infected PoS systems."
Tracks 1 and 2, developed by the banking industry, on the magnetic stripe on your credit cards typically include the following payment information:
Track 3 of the magnetic stripe is used to store PIN, currency, authorized amounts, and other payment data for debit card transactions. It appears that a different malware version targetd both credit and debit cards via infected PoS terminals during the Target data breach. Neiman Marcus has disclosed a few details about its data breach, while Michaels Stores hase not -- so far.
The malware copied payment information from the PoS terminal's memory when the shopper's payment data was unencrypted. The malware then sent the stolen payment information to a hidden Internet-connected server.
The Trojan was named "ChewBacca" because the sign-in page for malware users features an image of the popular character from the Star Wars films. To protect shoppers' payment data against malware like ChewBacca, RSA suggested:
"Retailers have a few choices against these attackers. They can increase staffing levels and develop leading-edge capabilities to detect and stop attackers (comprehensive monitoring and incident response), or they can encrypt or tokenize data at the point of capture and ensure that it is not in plaintext view on their networks, thereby shifting the risk and burden of protection to the card issuers and their payment processors."
So, doing nothing is not an option. Business-as-usual is not an option.
I receive a lot of spam comments on my I've Been Mugged blog, and I wanted to alert readers to a small change.
Most of the comments spam seems to be from offshore people trying to promote products for their clients. You'd be shocked by the advertising garbage people try to slip into comments. The spam advertises products, services, and topics (e.g., handbags, face creams, athletic shoes, power tools, child care, etc.)in a variety of languages that are totally unrelated to this blog. You never see this spam because all comments are moderated. I reject spam comments and post valid comments for blog posts.
TRUSTe, a global data privacy firm, released this week the results of its 2014 U.S. Consumer Confidence Index. Key findings:
Harris Interactive conducted the online survey of 2,019 adults for TRUSTe during December 2013. was Chris Babel, CEO of TRUSTe said:
"Even with all the media coverage of government surveillance programs such as the NSA’s PRISM, more consumers remain concerned about businesses collecting their information with only 55 percent regularly willing to share their personal data online. These findings send a clear signal that business data collection, not government activity, is the main driver for increased privacy concerns... While some businesses are taking steps today to address privacy concerns, many are not, and the bar is rising."
Good. A raised bar is a good thing.
In its press release, TRUSTe announced:
"74 percent of U.S. internet users are more concerned about privacy than a year ago and more users cite business data collection, than government surveillance programs, as the reason for the increase in their concerns."
So, consumers are afraid for their privacy with both, and more afraid for their privacy with companies. Both company and government executives would be wise to heed this advice about collecting consumers' sensitive personal information:
If you collect it, tell consumers and protect it. If you can't (or won't) tell consumers nor protect it, then don't collect it.
If you use Facebook, then you probably use the apps the social networking service offers. If you don't use Facebook apps, then your friends probably do. Those apps collect your sensitive personal information, and track your online usage across the Internet. Yes, both at the Facebook site and elsewhere. So, it's important to know which apps... the companies that are tracking you.
You can control how much of your sensitive personal information is shared with Facebook apps, and disable the Facebook software that allows apps to work with your profile and personal data.
Visit the Facebook page about Web site and mobile ad cookies that track your online usage. There is a button on this page to opt out of the tracking. However, Facebook made the opt-out needlessly difficult. Why? First, it is not a global opt-out. You have to opt-out in every different Web browser you use Facebook with. Second, you can undo this opt-out if you regularly delete your Web browser cookies. Facebook's approach is Facebook being Facebook: doing whatever it can to keep its users sharing as much personal information as possible. That's in Facebook's best interests, and not necessarily yours.
There are several software products and browser add-ons to help consumer delete Web browser and other types of files (often called Locally Shared Objects, Super Cookies, Flash Cookies, or "Zombie Cookies") web sites will store on your computer, smart phone, or tablet. Many people delete these files daily to maintain as much privacy as possible on the Internet.
Read this article and this blog post to learn about how Facebook tracks your online usage across the Internet and away from the Facebook site. This extensive tracking is one reason why I didn't enable the Facebook Comments Plugin for comments on this blog.
You probably love your smart phones. Spy agencies do, too. Yesterday, the Guardian UK reported about surveillance programs targeting mobile video games, including "Angry Birds." Both the National Security Agency (NSA) and Britain's Government Communications Headquarters (GCHQ) spy agencies operate such programs. The New York Times reported the two spy agencies:
"... were working together on how to collect and store data from dozens of smartphone apps by 2007, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, phone logs and the geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other services... The efforts were part of an initiative called “the mobile surge,” according to a 2011 British document, an analogy to the troop surges in Iraq and Afghanistan..."
Read this blog post to learn about the metadata with your photographs. So, it's not just people who play Angry Birds. In this extensive government spying, we are all targets.
You are probably thinking to yourself, "That's no big deal. I'm only playing a video game on my smart phone (or tablet). No way would mobile game playing interest a spy agency." Well, they are interested. Big time.
The Guardian UK explained why spy agencies have targeted mobile device usage for data collection:
"Exploiting phone information and location is a high-priority effort for the intelligence agencies, as terrorists and other intelligence targets make substantial use of phones in planning and carrying out their activities, for example by using phones as triggering devices in conflict zones. The NSA has cumulatively spent more than $1bn in its phone targeting efforts."
The two spy agencies have targeted "leaky apps" that collect plenty of your personal information. Why? It's an efficient way to collect a lot of information about a lot of people, without having to target specific individuals' mobile devices. Plus, most consumers are blissfully unaware that their mobile devices collect and report back to the app developers sensitive data about them. And, some apps are more leaky than others. The spy agencies collect users' sensitve personal data as the mobile game apps transmit the information via the wireless telecommunications networks.
The sensitive data your mobile game collects and reports can cover your geolocation (e.g., where you are physically), the time, and descriptive information about your mobile device (e.g., brand, model, screen size, operating system, etc.). If the mobile game accesses your address book, then it collects and transmits information about your contacts (e.g., the people you communicate with regularly) and friends you play the game with. Think of this as metadata about your mobile game playing.
Your mobile device is a goldmine of information which spy agencies are happy to collect from leaky mobile apps:
"The data pouring onto communication networks from the new generation of iPhone and Android apps ranges from phone model and screen size to personal details such as age, gender and location. Some apps, the documents state, can share users' most sensitive information such as sexual orientation –and one app recorded in the material even sends specific sexual preferences such as whether or not the user may be& a swinger.
The spy agencies have targeted mobile devices because the data consumers have entered into phone and app profiles is very valuable:
"Depending on what profile information a user had supplied, the documents suggested, the agency would be able to collect almost every key detail of a user's life: including home country, current location (through geolocation), age, gender, zip code, martial status – options included "single", "married", "divorced", "swinger" and more – income, ethnicity, sexual orientation, education level, and number of children."
One government document emphasized the success of such data collection:
"... i]t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system."
Should spy agencies collect data from mobile game apps and developers? Is this where you want your government spending your hard-earned taxes?
It is a debate that needs to happen, as it threatens mobile gaming business revenues by US firms. Experts have already estimated that the massive NSA government spying program could cost U.S.-based cloud-services vendors $35 billion in lost revenues. In simpler terms:
Lost revenues by U.S. high-tech companies = lost American jobs = lost tax revenues to U.S. federal, state, and local governments
Would you use mobile games knowing that spy agencies secretly collect this information? Can you trust these agencies to keep such sensitive personal information private, and not share it with other government agencies? Can you trust these agencies when they've been secretive so far? Other agencies (e.g., CIA, DHS, FBI, IRS) already want access to the data collected, and some have gotten it. The potential for abuse is massive.
Freedom includes the choice about what personal information to share, with whom, and when. It is a huge loss of freedoms for consumers to not have control over what personal information is shared, with whom, and when.
Many people would say no to mobile game data collection. If you are not a suspected in a crime and the agency doesn't have a search warrant, then it's a privacy violation. What do you think. If this troubles you, contact your elected officials.
On Saturday, Chuck Rubin the CEO of Michaels Stores released a statement to its customers that the retailer probably experienced a data breach:
"... We recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting we may have experienced a data security attack. We are working closely with federal law enforcement and are conducting an investigation with the help of third -party data security experts to establish the facts. Although the investigation is ongoing, based on the information we have received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, we believe it is appropriate to notify our customers that a potential issue may have occurred..."
The "recently learned" portion of the statement probably refers to a Krebs On Security blog post. Sources from four different banks reported frauluent charges affecting hundreds of customers, that traced back to Michaels stores.
Similar to the massive Target stores data breach, the U.S. Secret Service is also involved. Michaels is the third retailer to have experienced a data breach during the past two months or so. While Neiman Marcus confirmed earlier this month that it had experienced a data breach, the retailer announced few details.
In May 2011, criminals hacked the point-of-sale registers at Michaels stores in Chicago. A subsequent investigaton found hacked terminals in stores in at least 20 states. In 2011, the retailer replaced 7,200 PIN pads in its stores. In March 2013, this blog reported about a questionable and restrictive return policy by Michaels stores.
Michaels customers should read the full January 25 statement (Adobe PDF). It advises shoppers to be vigilant (e.g., check your bank accounts and credit/debit-card bills for fraudulent charges). Michaels will provide updates at its Web site. Shoppers with questions about the data breach can also call the retailer toll-free at 1-877-412-7145 from Monday through Saturday from 8:00 am to 11:00 pm CST, and Sundays from 8:00 am to 8:00 pm CST.
Obviously, there will be a lot more news coming about this data breach.
On January 14, a District of Columbia U.S. Appeals Court ruled (Adobe PDF) in favor of Verizon in its lawsuit against the Federal Communications Commission (FCC) about "Net neutrality." After a lower court ruled that the FCC has the right to regulate the Internet (e.g., issue rules about net neutrality within the United States), Verizon appealed the decision. The appeals court combined the Verizon suit with other related suits (e.g., MetroPCS Communications), and ruled in favor of Verizon that the FCC does not have the right to regulate Internet Service Providers (defined as information services and not as utilities).
You're probably wonder what the fuss is about, what "Net neutrality" is, and what the impact of the recent court ruling might be.
"Net neutrality" is the concept that when you, consumers, pay for access to the Internet you get access to the entire Internet. No filters. Not portions of the Internet. No blocked sites. No payment tiers. You choose where you want to go online, which search engine to use, and visit the Web sites you want to visit. Nobody chooses or decides for you. You are in control. You are free to roam about the Internet as you choose.
This eCommerce Times article described the "Net neutrality" concept and how it protects consumers:
"... is short for "network neutrality" or "Internet neutrality." The concept addresses user access to the Internet, and the debate around Net neutrality centers on whether ISPs (Internet service providers) can limit, tier, block or otherwise affect Internet performance. Without Net neutrality, ISPs can even charge higher fees for more bandwidth and higher-speed access to one vendor and not others, thus establishing tiers of service... Or, if an ISP preferred (e.g. had a financial interest in) one search engine over another, that ISP could force its customers to the preferred search engine by charging customers more each time they used any other search engine..."
The FCC set up some initial rules in 2011 which Verizon challenged. The eCommerce Times article described the FCC's rules, which are based upon transparency, prohibits blocking, distinguishes mobile access, and prohibits "unreasonable discrimination." CNet provides good explanations of the net neutrality issues and history.
Of course, the ISPs want to make more money. They see how important the Internet has become. Their first forays were with behavioral targeting; to track your online usage and serve up custom ads based upon your Internet usage. Privacy advocates fought this early battle and largely won, but ISPs have not given up.
As I see it, ISPs have already proven with their actions that they cannot be trusted. They will abuse consumers if left unchecked. During the past seven years, the following blog posts documented instances where ISPs worked with advertising networks and technology companies to spy on consumers without notice and with failed opt-out mechanisms:
The Electronic Frontier Foundation (EFF) said this years ago about the FCC:
"... how far can the FCC be trusted? Historically the FCC has sometimes shown more concern for the demands of corporate lobbyists and "public decency" advocates than it has for individual civil liberties..."
"Though the FCC could try to rewrite its rule or appeal the decision, in the meantime ISPs like Comcast, Verizon, AT&T and Time Warner Cable are free to make deals with companies promising quicker content delivery in exchange for payment -- essentially creating Internet "fast lanes" for wealthy companies and making their websites easier to access than those of nonprofits, activist groups and smaller competitors."
What might the impact be without net neutrality? I look at cable television as a preview.
If you pay for cable TV, then you know what I mean about cable TV pricing schemes. It's expensive and you can't choose the cable stations you want. You pay a monthly fee for "basic" service and pay extra for each extra package of cable stations. For example, Comcast's cable TV packages: Basic, Expanded Basic, Family, Digital Economy, Digital Starter, Digital Preferred, Digital Premium, Sports Entertainment, Music Choice, Pay-Per-View, Sports Pay-Per-View, International, and MultiLatino. The cable TV provider chooses which stations are in each package. You can only choose packages and not individual stations. Highly profitable for the cable TV provider; expensive for consumers. Plus, the customer service is often horrendous.
The United States, where the Internet was invented, ranks 35th of 148 countries on Internet bandwidth. We pay a lot and don't get the speed nor value citizens get in higher ranked countries. Verizon happily filmed a commercial in Boston about FiOS, its fiber broadband service, even though the service isn't available in Boston.
So much for innovation and competition.
Consumers have little real choice and few freedoms while the companies make huge profits. And, it hurts the coutry since consumers don't get the value we deserve. The United States
Do you want your Internet service set up the same way as cable TV service? I don't and I bet you feel the same way as I. I don't want my Internet access mucked up like cable TV service.
What is at stake? To me, the first thing at stake is our democracy. A healthy democracy is based upon citizens having access to information; unfiltered by corporations that have their own interests. the second thing at stake is your freedoms; to access the whole internet and not pieces somebody else decides. If "Net Neutrality" is lost, then we consumers will likely pay a lot more.
Ideally, the FCC should classify ISPs as utilities, but lobbying in Congress may prevent that. The Congress has failed to act on this several times before. The New York Times reported:
"... Tom Wheeler, the agency’s new chairman, said the agency might appeal the decision, but had previously voiced support for allowing Internet companies to experiment with new delivery methods and products... In a statement, Mr. Wheeler said he was “committed to maintaining our networks as engines for economic growth, test beds for innovative services and products, and channels for all forms of speech protected by the First Amendment.”
So, the FCC will likely not act. Corporate cash has infected both political parties under the cloak of free speech for companies and vague promises of innovation. There was trickle-down economics. Now we have trickle-down Internet innovation. Maybe the benefits and cost savings flow to consumers.
Maybe... but I highly doubt it.
Contact your elected officials today and demand action.
In an attempt to predict the changing popularity of existing social networking websites, researchers from the Department of Mechanical and Aerospace Engineering at Princeton University predicted that Facebook will undergo a massive decline during the next few years. The researchers, John Cannarella and Joshua Spochler, analyzed the popularity of specific "online social networks" (OSNs) by using mathematical models of the spread of infectious diseases:
"The application of disease-like dynamics to OSN adoption follows intuitively, since users typically join OSNs because their friends have already joined. The precedent for applying epidemiological models to non-disease applications has previously been set by research focused on modeling the spread of less-tangible applications such as ideas..."
With about 1.19 billion users worldwide, Facebook definitely qualifies as a large social networking website. Anyone active on Internet knows that social networking websites (Who remembers Friendster?) come and go:
"Despite the recent success of Facebook and Twitter, the last decade also provides numerous examples of OSNs that have risen and fallen in popularity, most notably MySpace. MySpace, founded in 2003, reached its peak in 2008 with 75.9 million unique monthly visits in the US before subsequently decaying to obscurity by 2011."
Accurately predictions of changes in the popularity of specific social networking websites can help investors with financial decisions. the researchers used Google search data to specific social networking websites:
"The epidemiological models presented in this study are used to analyze publicly available Google search query data for different OSNs, which can be obtained from Google’s "Google Trends” service. Google search query data has been used in a range of studies, including the monitoring of disease outbreak, economic forecasting, and the prediction of financial trading behavior..."
The researchers adapted and validated their mathematical model using the adoption and decline data from the Myspace OSN. The researchers concluded:
"Extrapolating the best fit model into the future suggests that Facebook will undergo a rapid decline in the coming years, losing 80% of its peak user base between 2015 and 2017."
"... Myspace is not the best social network with which to compare Facebook. At its peak, Myspace had 75.9 million monthly active users. Facebook, meanwhile, said it had 1.19 billion active members in September. Facebook has reached levels Myspace never hit... Although search queries -- not active users -- for Facebook did decline in 2013, the company has only seen its monthly active user base grow since it launched in 2004. Seeing a drop as big as the one the researchers predict would be more than surprising -- it'd be the first time Facebook sees a decline in users."
The Motley Fool reported that teens are leaving Facebook in substantial numbers, but it may not matter:
"... Facebook's teen base had fallen 25% in the past three years. Facebook CFO David Ebersman confirmed that the issue is real during a recent earnings call... the iStrategy Labs study draws from Facebook's Social Advertising platform... Facebook has 4,292,080 fewer high-school aged users and 6,948,848 college-aged users than it did in 2011... it definitely shows that Facebook is not as hot with teens as it once was... According to the same iStrategy Labs Study, the number of users 55+ has exploded with 80.4% growth in the past three years. These older users may not be as desirable as teenagers, but they are more stable and less likely to leave..."
While the researchers analyzed search data, there are more metrics that describe social networking website popularity. Some metrics that come to mind include:
Then, you would want to see which of those metrics most accurately precede subscription terminations.
The OSN study has not been peer reviewed. Download the Princeton study: "Epidemiological Modeling of Online Social Network Dynamic" report (Adobe PDF). It is also available here (Adobe PDF, 436.3K bytes).
Slowly, details emerge about the sophisticated teniques hackers used in the massive Target data breach, where debit- and credit card payment information about 70 million shoppers was stolen. The hackers used a sophisticated tactic.
NBC News reported that the hackers infected the retailer's point-of-sales (PoS) computers and cash registers with a specific type of computer virus software designed to steal shoppers' payment information at a specific point during the purchase process when that data is most vulnerable:
"The data breach was caused by a type of malware, similar to a computer virus, placed in a store's point-of-sale systems... The insidious file triggers a "hook" and starts to suck up information on transactions in the memory of the cash register system or the server that controls it. Since the data on credit cards is encrypted, the system works by getting it in the authorization stage while it is in the memory of the PoS system, unencrypted."
According to ComputerWorld, the specific malware is Trojan POSRAM:
"... the POSRAM Trojan as a customized version of BlackPOS, a piece of malware that has been available in the cyber underground since at least last February. Like BlackPOS, the POSRAM Trojan is designed to steal a card's magnetic stripe data while it is stored momentarily in a POS system's memory... the malware monitors the memory address spaces on the device for specific information. When it finds something of interest, the software saves the data to a local file and then transfers it to the attackers at preset times. It then is coded to delete the local file to cover its tracks.."
The hacking tactic was mentioned in a report by the computer firm iSight Partners, which was submitted to the U.S. Secret Service.
InfoWorld reported that the stolen debit/credit card information was sent to a server in Russia. And, the hackers have more stolen data than they can use; which means they are reselling it to other criinals.
It seems that this hacking tactic poses little risk to criminals and a big risk to PoS systems used by many retailers in the United States.
The Employee Benefits Security Administration (EBSA), a division of the U.S. Department of Labor (DOL), announced the results of several court cases involving employer-operated 401(K) retirement plans. Unfortunately, company executives decide not to deposit contributions into employees' retirerment accounts more often than you might think.
The EBSA announced last week in a news release that a judge in U.S. District Court in Northern Illinois ruled on a lawsuit the agency filed in February 2013 against the Hico Flex Brass Company. The EBSA complaint sought $79,104.11 for employees participating in the company's 401(K) retirement plan. The EBSA lawsuit alleged:
"... the company, Hico Flex Brass Co. Inc., as well as former vice presidents and Plan trustees Mark Isaacs and Neil Isaacs, violated the Employee Retirement Income Security Act by withdrawing $702,153.99 in Plan assets and thereafter failing to distribute the full amount of Plan assets to participants."
The judge ruled on the case and issued a Consent Order:
"Pursuant to the Consent Order and Judgment, Mark Isaacs and Neil Isaacs agreed to restore $79,104.11 in undistributed Plan assets to the Plan and are permanently enjoined from serving as fiduciaries or service providers to any employee benefit plan subject to the Employee Retirement Income Security Act."
A prior Consent Order dated June 4, 2013 by the Court:
"... held Hico Flex Brass Co., Inc. liable for failing to distribute plan assets to participants and enjoined Hico Flex Brass Co., Inc. from serving as a fiduciary or service provider to any employee benefit plan subject to the Employee Retirement Income Security Act."
Also last week, the EBSA announced the recovery of money for employees of a failed Rhode Island day care service. The Rumford Day Nursery Inc. (RDN) of Rumford, Rhode Island operated a Simple IRA plan for its employees.The business stopped operations in December 2009. According to the EBSA news release, the business:
"... operated day care centers in Barrington, Coventry, East Providence, North Kingston and Westerly, R.I. and in Seekonk, Mass... RDN was the plan's administrator and Deborah Very-King, the company's owner and chief operating officer, was the sole decision maker for the plan."
The EBSA filed a lawsuit alleging:
"Beginning in 2007, the defendants failed to forward about $23,506.98, plus lost opportunity costs, in withheld employee contributions to the plan and failed to collect about $20,947.14 in employer contributions, plus lost opportunity costs, due to the plan."
The ruling included:
"... a consent judgment orders the defendants to pay $52,945.96 in principal and pre-judgment opportunity costs to the plan in monthly installments... The judgment also permanently prohibits Very-King from serving as a fiduciary to any ERISA-covered benefit plan."
Opportunity cost is the lost interest by retirement plan participants. When employers fail to deposit contributions into employees' retirement plan accounts, the employees lose interest.
Within the U.S. Department of Labor (DOL) federal agency, its Employee Benefits Security Division (EBSA) oversees employee benefits programs, including about 684,000 retirement plans, 2.4 million health plans, and related employer-sponsored benefits plans (e.g., stock plans, IRA plans). All of these plans cover about 141 million individuals (e.g., employees and their dependents), with assets of about $7.6 billion.
During January 2014 and December 2013, the EBSA announced the filing of several lawsuits against employers and executives to recover benefits for employees in retirement, stock plan, profit sharing, and health plans. The companies named in these lawsuits:
I congratulate the DOL for these actions. It is important to recognize both their hard work and the benefits recovered for employees. When employers and executives fail to follow wage laws and fail to deposit contributions into employees' retirement accounts, there has to be substantial consequences.
If you haven't read it, there is an excellent article at Finextra Research about the Target breach; specifically the value of stolen shoppers' information. The article explains how your location information makes consumers' stolen payment information more valuable to thieves:
"... Target hackers have undertaken to selling location usage data alongside the card data, and can charge a premium for such data. Value added service to the fraudsters and clearly a strategy that is paying off. Fraudsters are paying anything between $20 and $100+ for a skimmed Target payment card – location data has added a premium to what the fraudsters charge. That’s puts the “value” on the 40million+ payment cards stolen from Target at between $800million and $4billion! If we assume that their ROI is a minimum of 10 times their “investment” then we are looking at a fraud value of between $8bn and $40bn."
Plus, the numbers are much worse. Why? First, Target increased the size of its data breach to 70 million from 40 million. Second, this math is based upon what we know so far. The breach news is far from over. Third, news reports have mentioned three other retailers impacted besides the Target and Neiman Marcus breaches.
This math is important because any risk-analysis systems used by retailers (and banks) use data elements (e.g., location data) that thieves have stolen... and will continue to steal. The thieves are upping their game, and industry needs to respond. It is long past time for the U.S. retail and banking industries to upgrade from obsolete credit/debit card technology to smart payment cards.
The math is important to consumers. Why? You now know how valuable your location information is for thieves. Don't be so quick to give up your location data to social networking websites, banks, and retailers without getting something substantial in return.
During the weekend, several news sources reported a data breach that affected shoppers at Neiman Marcus stores. Fraudulent credit and debit card charges have occurred for consumers who shopped at the retailer's stores.
The retailer confirmed the data breach, but didn't say whether other retail stores (e.g., Bergdorf Goodman, Horchow) the company owns were affected. The Washington Post reported:
"... Neiman Marcus said it was informed of the breach in mid-December by its credit card processor and subsequently informed law enforcement officials, including the Secret Service. The company is taking steps to contain the breach... The company apologized to its customers for the breach through messages on its Twitter feed and said that it is working to notify those whose cards were used fraudulently after visits to Neiman Marcus stores."
A TechCrunch article explored reports that the Target and Neiman Marcus data breaches were part of a larger, coordinated holiday attack that included data breaches at three other unnamed U.S. retailers.
Obviously, this breach story is just beginning.