Previous month:
May 2013
Next month:
July 2013

18 posts from June 2013

FTC Reminds The Search Engine Inudstry To Continue To Distinguish Between Paid Ads and Natural Search Results

U.S. Federal Trade Commission logo Earlier this week, the U.S. Federal Trade Commission (FTC) announced that it had sent letters to all search engine operators reminding them to continue to distinguish between paid advertisements and natural search results. The letters reinforce guidance and rules established in 2002. The letters said, in part:

"...After the 2002 Search Engine Letter was issued, search engines embraced the letter’s guidance and distinguished any paid search results or other advertising on their websites. Since then, however, we have observed a decline in compliance with the letter’s guidance. Although the ways in which search engines retrieve and present results, and the devices on which consumers view these results, are constantly evolving, the principles underlying the 2002 Search Engine letter remain the same: consumers ordinarily expect that natural search results are included and ranked based on relevance to a search query, not based on payment from a third party. Including or ranking a search result in whole or in part based on payment is a form of advertising. To avoid the potential for deception, consumers should be able to easily distinguish a natural search result from advertising that a search engine delivers..."

The letters cited results from a 2005 Pew Research Center survey about search engine users:

"Some 45% of searchers said they would stop using a search engine if they didn’t make it clear that some results were paid or sponsored."

There are many more interesting results from that same 2005 survey:

"... some 38% of those who have used a search engine are aware that there are two different kinds of search results, some that are paid or sponsored and some that are not. The remaining 62% are not aware of this practice. Data from this survey show identical numbers from those collected two and a half years earlier; that is, there has been no overall change in users’ understanding of how search systems work."

And, perhaps more importantly -- the users that are aware can't always tell the differences between paid and natural search results:

"... Among the 38% of internet users who are aware of the practice, some 47% of searchers say they can always tell which results are paid or sponsored and which are not. This represents about one in six of all internet searchers. An almost equal number, 45%, say they are not always able to tell."

The letters also discuss ways, such as labels and visual design, the search engines can distinguish between paid and natural search results.

Kudos to the FTC for looking out for the interests of consumers. It is sad that the search engine industry chooses to operate in a manner where such a warning is needed. It says a lot about the desire to bend or ignore the rules during its rush for profits.

The 2012 Pew Internet survey about search engine users found interesting results about privacy:

"73% of search users supported a statement that they would not be okay with a search engine keeping track of their searches and using that information to personalize future search results because they feel it is an invasion of privacy... 65% of search users supported a statement that it’s a bad thing if a search engine collected information about their searches and then used it to rank future search results... 68% of internet users agree with a statement that they are not okay with targeted advertising because they don’t like having their online behavior tracked and analyzed... 66% of search engine users say search engines are a fair and unbiased source of information..."

If you don't like being tracked or your searches collected by search engines, there is an alternative.

A Rapid Increase In The USA In Utility Smart Meter Installations

U.S. Department of Energy logo We've all heard phrases such as "the smart grid" and "smart meters." What are they about? What's going on?

It's wise for consumers to familiarize yourself with the above phrases and new terminology. Change is coming to many homes and businesses. According to the U.S. Department of Energy, which defines the "smart grid" is:

"... a developing network of new technologies, equipment, and controls working together together to respond immediately to our 21st century demand for electricity."

That sounds beneficial and harmless enough. The new technologies and equipment include utility smart meters, or "advanced metering infrastructure" (AMI), as the industry calls them. The industry is replacing the old technology (e.g., analog utility meters) in both homes and businesses with new technology: smart meters.

Smart meter by Baltimore Gas and Electric. What makes these new meters smart? These devices do several things:

  1. Communicate two-ways via radio frequencies (e.g., wireless connections) between the customer and the service provider
  2. Have sufficient memory to store a customer's usage, as much as a year
  3. Store and transmit customers' energy consumption in digital format
  4. Transmit energy consumption to the service provider at regular intervals, as often as every 15 minutes

The service provider is the utility or private company that provides you with power; the company that sends you your monthly energy bill. The customer's energy consumption can include electricity, gas, or both. The "two way" connection is important because the device transmits usage, and staff at the service provider can query meters to retrieve data.

By August 2012, about 36 million smart meters had been installed in the USA. States with the highest number of smart meter installations -- the industry calls it "penetration" -- have penetration rates greater than 50% across all customer types: residential and businesses. In 2011, the states with penetration rates equal or greater than 50% included Alabama, Arizona, Delaware, Georgia, Idaho, Maine, and Texas. Another half-dozen states had penetration rates of 30% or more.

Penetration rates across all business sector since 2007:

Smart meter deployment in the USA from 2007 to 2011 by the U.S. Department of Energy

So, in 2011 about 23% of residential energy customers used smart meters. That's up from about 2% in 2007. That seems to be pretty fast growth. Experts expect this growth to continue.

There are several reasons for the growth. The frequently mentioned benefits for service providers are lower operating and maintenance costs. The service providers no longer have to send technicians monthly to your home or office to record the usage on your meter. Now, workers remotely at the service provider can collect customers' energy consumption real-time.

The benefits for consumers: you can better understand your energy usage, and (in theory) make changes accordingly to lower your consumption and costs. For example, a promotional video by Baltimore Gas and Electric (BGE) presents four benefits for consumers:

"1. Energy management tools
2. New rebate programs
3. Fewer estimated bills
4. Enhanced service restoration after an outage"

Previously, a service provider sometimes estimated your monthly bill based on past usage, when it didn't send a technician to read the usage on your meter. Given all of these benefits, everything sounds peachy with no problems. Well, not necessarily. An upcoming blog post will explore some of the issues associated with smart meters.

The City Of Boston And The Consumer Financial Protection Bureau Join Forces To Help Consumers

CFPB logo Last week, the Consumer Financial Protection Bureau (CFPB) announced a partnership with the City of Boston. The partnership is designed to help consumers who have questions or who need to submit complaints about financial products and services. Boston consumers can now dial the Mayor’s 24-Hour Constituent Service hotline at (617) 635-4500 to be connected with the CFPB.

Boston Mayor Thomas Menino said:

“Constituent service has always been at the forefront of our administration. This partnership gives us one more way to assist residents and gives us the tools to address important and often complex financial questions they may have.”

Of course, Boston consumers can still submit complaints about financial products and services directly at the CFPB website. The CFPB helps consumers about and accepts complaints about the following types of financial products and services: credit cards, bank accounts (e.g., checking/savings, CDs) and services (e.g., check cashing), private student loans, credit reporting, and money transfers. Consumers can expect this level of service the CFPB:

"The CFPB screens complaints to make sure they are complete, are not duplicates of existing complaints, and are about something the Bureau covers. The CFPB then sends complaints that meet these criteria to the company — bank or nonbank — for review and response. Companies are given 15 days to respond and are expected to close all but the most complicated complaints within 60 days."

Banks and financial institutions have created a wide variety of products and services; some simple and others complex. In most cases, it is important for consumers to know their rights.

This blog has reported about some of the complexities with credit cards, prepaid cards, and credit reporting services, It's important for consumers to understand the differences between credit-, debit-, and prepaid cards. Some employers now pay their employees via payroll cards, a version of prepaid cards, instead of paychecks.

Some employers also administer their healthcare/flexible spending accounts with prepaid cards. A clear trend is that some employers, with the help of online banks and newer technologies, now provide their employees with more financial products services.

Owner Of Three Boston Area Restaurants To Pay More Than $200K For Unpaid Wages And Damages

U.S. Department of Labor logo The Boston Globe newspaper reported recently that the owner of three Boston area restaurants has agreed to pay $205,380 for unpaid wages owed to 13 employees. An investigation by the U.S. Department of Labor (DOL) found:

"... kitchen workers were paid a weekly salary and not compensated for overtime between 2010 and 2012 at Pomodoro of Brookline, North End Pomodoro of Boston and Matt Murphy’s Pub of Brookline. The agency said Siobhan Carew, the owner of the restaurants, also didn’t combine hours the employees worked in the different locations each week and violated record-keeping regulations."

Thanks to the DOL for a job well-done. Unfortunately, this was not an isolated event. Last month, there was a hearing about wage theft in Somerville, a Boston suburb. As reported by Wicked Local:

"Wage theft is the practice of employers cheating workers out of overtime wages or even whole paychecks. In Somerville, this problem made headlines in October 2012, when seven former workers accused One World Cuisine, a company that owns Somerville restaurant Diva Indian Bistro, of wage theft. The workers filed a suit in federal court for $183,500 in unpaid wages..."

According to the Corporate Counsel publication:

"For the fifth year in a row, U.S. employers have seen an increase in the number of wage-and-hour lawsuits filed against them in federal court... Plaintiffs brought 7,764 suits between April 1, 2012, and March 31, 2013, about a 10 percent jump since 2012..."

According to experts, there are three types of wage theft cases have usually been filed based on the Fair Labor Standards Act:

"... 1) salaried employees who believe they are owed overtime pay; 2) hourly workers who contend they weren’t paid for all hours worked; and 3) restaurant workers who claim they are owed additional pay under the FLSA’s 'tip credit' provision."

To learn more, follow any of the above links. I believe it is important for employees to fight for unpaid wages for three reasons:

  1. When you don't fight, it is effectively giving the company a free loan the company is neither entitled to nor deserving of
  2. When you fight, it demonstrates that you both understand and value your rights; and understand the laws (federal and state)
  3. When you do fight, it is a clear signal to ethically-challenged executives that wage theft is unacceptable, and that there will be consequences
  4. You learn about the legal system, as you may need to use it again during your career
  5. You can win and get the money you are owed

I have had direct experience with unpaid wages. None of the above cases, but direct experience. In my opinion, ethically-challenged executives seem to calculate that most employees, especially younger employees, won't fight for unpaid wages. Instead, they'll take the easy path simply flee to a new job at another company. These executives also seem to calculate that if some employees fight for their unpaid wages, they can likely settle out of court for cents on the dollar -- avoiding full payment, damages, and a negative court decision on their resume. These executives will use every wrinkle in the laws to duck, dodge, deflect, avoid, and minimize any consequences. Employees must learn to use the laws just as passionately.

What are your opinions about wage theft? If you have experienced it, what action did you take?

Year Long Breach At Facebook Affects About 6 Million Members

Facebook logo, the world's largest social networking website, has stumbled again with the privacy of its users. Facebook confirmed on Friday that a year-long data breach had allowed unauthorized persons to access the emails and telephone numbers of about 6 million members.

Facebook announced in a data security note:

"... a bug that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them...When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations... Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts..."

Let me get this straight. A company that was founded upon the idea of connecting people had a bug in a core piece of software designed to help people accurately connect with others. And, that bug allowed persons to see and access the personal information of others that they should not have had access to. The announcement also said:

"We've concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals..."

The "other" reference tells me that the Facebook breach also disclosed information about non-members. How many were affected? Is the company also notifying those non-members?

Frictionless sharing? Definitely. You might say a frictionless breach, too.

[Update: ZDNet reported on June 26 that non-member information was leaked, too.]

3 Former NSA Employees Interviewed By USA Today: "We Told You So"

If you haven't seen this USA Today interview with three former NSA employees, then I strongly suggest you watch it:

Still skeptical? Read this blog post about a March of 2008 news story in the Wall Street Journal, which printed:

"Largely missing from the public discussion is the role of the highly secretive NSA in analyzing that data, collected through little-known arrangements that can blur the lines between domestic and foreign intelligence gathering... the spy agency now monitors huge volumes of records of domestic emails and Internet searches..."

And, I really want to call your attention to the following from the same news story:

"A number of NSA employees have expressed concerns that the agency may be overstepping its authority by veering into domestic surveillance. And the constitutional question of whether the government can examine such a large array of information without violating an individual's reasonable expectation of privacy..."

Massachusetts Legislature Considers Labels For Genetically Modified Foods

I have rarely written about food. I do so today because it involves both corporate responsibility and the accurate notification of consumers. Without notification, consumers lose the freedom to make informed choices about the products they buy.

Last week, the Massacusetts legislature held hearings about food labels for genetically modified (GMO) foods. Three bills are under consideration: H1936 authored by Rep. Stephen DiNatale (D-Fitchburg), H2037 by Rep. Michael Moran (D-Brighton), and H2093 by Ellen Story (D-Amherst).

At the hearings last week, about 150 protesters attended with a rally before the hearings. Going forward, the three bills ideally will be combined into a single bill.Some findings from a June 2012 ABC News poll:

  • 52% of Americans considered GMO foods unsafe. 13% were not sure
  • 93% believed the federal government should require GMO food labels
  • 57% said they'd be less likely to buy foods labeled GMO

A March 2013 poll by the Huffington Post and YouGov (Adobe PDF document) found:

  • 35% considered GMO foods unsafe. 44% were not sure
  • 35% considered GMO crops bad for the environment. 39% were not sure
  • 82% said GMO foods should be labeled

Woe to politicians who ignore these findings.

For me, it is all about safety and freedom of choice for consumers. With GMO food labels, consumers can make informed choices about what to buy and what goes in their bodies. Without GMO food labels, consumers lose the freedom of choice as companies then dictate what consumers eat. Legislative represents arguing against GMO food labels are implicitly saying freedom of choice for consumers is irrelevant, and companies' needs are more important.

Without GMO food labels, this sets a bad precedent to exclude other items from food labels. There should be no exceptions. If it's in the product, it should be on the labels. As a nutritionist advised me, the food label is about the only place on products where consumers get (reasonably) accurate information about what is in the product.

Contact your Massachusetts State representative today. To learn more, visit:

Survey: The Public's Views Of The NSA Spying Leak, The Whistle Blower, and a Wikileaks Comparison

Pew Research released the results of a survey conducted June 12 - 16, 2013. The survey, conducted by Pew Research and USA Today, asked 1,512 adults their opinions about the whistle blower and the impact of the leak about the NSA spying programs. Key results:

  1. The public seems split over whether or not the whistle blower's leak served the public interest. 49% believe it served the public interest. 44% believe it harmed the public interest.
  2. Most, 54%, believe the whistle blower should be criminally prosecuted.

Pew Research also found:

"Young people, by 60% to 34%, think that the NSA leak serves the public interest. Americans 30 and older are divided (46% serves vs. 47% harms)... the public has a more positive opinion about the impact of the revelations of NSA communications surveillance on the public interest than it did about the release of a massive trove of classified material about U.S. diplomatic relations by the Wikileaks website two-and-half years ago."

Pennsylvania Woman Files Class Action Lawsuit Against Employers For Mandatory Prepaid Card Use

Regular readers of this blog know that I have warned consumers in several blog posts about the dangers of prepaid cards. Sadly, one of my concerns is becoming all too real for employees. reported that a Pennsylvania woman has filed a class-action lawsuit against her former employer for forcing her to receive her pay on a prepaid card:

"Gunshannon, 27, of Dallas Township, worked at McDonald's Restaurant on the Dallas Highway from April 24 to May 15. When she received her first paycheck, enclosed was a Chase Bank debit card with instructions on how to use it and the fees attached... Gunshannon never signed the card and when she returned to work she asked her supervisor if she could be paid by check or by direct deposit. She was told the card was the only option."

The complaint alleges that this and other employers' prepaid-card-only payroll method violates state law. At the Pennsylvania Department of Labor and Industry, you can download the full text of the Wage Payment And Collection Law. According to the lawyer representing Gunshannon and the other plaintiffs:

"... many more people are coming forward and telling the same stories. Pennsylvania law states employees are entitled to have a choice to be paid by check or cash, he said."

It's infuriating to read a story like this, because this problem is entirely avoidable. When employers force employees to prepaid payroll cards, it is a loss of both money and freedom for employees. First, the monetary losses are immediate and direct. The employees immediately incur fees associated with the payroll prepaid card, regardless of whether the employees use the card or withdraws all money from the card to deposit it into a traditional checking/savings bank account.

Second, the employer has lost the freedom of choice. The employee cannot cancel the prepaid payroll card. And, the employer is deciding and choosing the banking choice, not the employee. With a traditional paper check, the employee had the choice of which bank to do business with. Not so with a payroll prepaid card, because the cards are tied to ATM networks with higher fees at banks that are not part of the network.

Third, you know your banking needs best, not your employer. Sadly, in this instance the employer is deciding regardless of the employees' needs. A responsible employer would provide a choice of payment methods; especially direct deposit for employees that already have traditional checking. They have these traditional bank accounts for a reason, often configured to avoid large monthly banking fees.

Employers should not force employees to use costly prepaid cards. I use the term "costly" because for employees making minimum wage, fees of $1.00 to $5.00 are enormous:

"According to the complaint filed, the JP Morgan Chase payroll card lists several fees, including a $1.50 charge for ATM withdrawals, $5 for over-the-counter cash withdrawals, $1 per balance inquiry, 75 cents per online bill payment and $15 for lost/stolen card."

Now, I am sure that the employer means well. What is undeniable is that in an instance like this, the employer has shifted some of their payroll costs to the employees. Consider: with traditional paper checks, the employer paid fees to a printer to print the checks, administrative costs to distribute those paper checks, and fees to the bank the checks were drawn on. Prepaid payroll cards enable employers to eliminate paper printing costs and check distribution costs; and probably lower their banking fees because the employees now incur prepaid payroll card fees they didn't incur previously. Of course, the online bank administering the prepaid payroll card loves the new revenue stream by charging fees to the larger number of employees.

While it's great that Gunshannon is standing up for herself and similar employees, it shouldn't be this way. It doesn't have to be this way. To learn more, read the articles below:

2.4 Million Customers Leave The Five Biggest Banks In The UK

The Move Your Money campaign in the United Kingdom announced on June 12 that about 2.4 million customers have moved their accounts from the five largest banks to smaller and local banks:

"The figures, based on quarterly market polling publically available, show a mass movement away from the big banking groups, Lloyds, RBS, Barclays, HSBC and Santander. This represents a 5% point loss of the market share of current accounts, and demonstrates a massive response from ordinary people to a year of scandal by voting with their feet and switching who they bank with."

The data, drawn from industry studies, presents an increase in the migration of accounts from the big banks. Experts predict the trend to continue throughout 2013. Laura Willoughby MBE, Chief Executive of campaigning website, said:

“The constant slew of scandals last year has opened the floodgates, and people are beginning to realise that they don’t have to put up with the arrogance of the big banks... People are switching because they are angry about the lack of reform in Britain’s broken banking system, and have decided to take matters into their own hands."

Many people are frustrated with the huge bonuses bankers paid themselves, and with the Libor rate-fixing scandal.

This is proof positive that consumers have power in the marketplace, and can have an impact. Consumers in the United Kingdom are using that power. Visit the Move Your Money website for the USA. Woe to the banks and companies that do not respect that power.

Q And A With NSA Surveillance Whistleblower

If you haven't read it, this morning the Guardian UK newspaper website featured a question-and-answer session with the NSA surveillance whistleblower, Edward Snowden. Some highlights are below. I found the whole exchange highly informative.

About rumored charges of treason reported in some media outlets, Snowden replied in the Q&A session:

"... I did not reveal any US operations against legitimate military targets. I pointed out where the NSA has hacked civilian infrastructure such as universities, hospitals, and private businesses because it is dangerous. These nakedly, aggressively criminal acts are wrong no matter the target. Not only that, when NSA makes a technical mistake during an exploitation operation, critical systems crash..."

About why he released the information when he did:

"Obama's campaign promises and election gave me faith that he would lead us toward fixing the problems he outlined in his quest for votes. Many Americans felt similarly. Unfortunately, shortly after assuming power, he closed the door on investigating systemic violations of law, deepened and expanded several abusive programs, and refused to spend the political capital to end the kind of human rights violations like we see in Guantanamo, where men still sit without charge."

About the responses by Google and Facebook:

"Their denials went through several revisions as it become more and more clear they were misleading and included identical, specific language across companies. As a result of these disclosures and the clout of these companies, we're finally beginning to see more transparency and better details about these programs for the first time since their inception. They are legally compelled to comply and maintain their silence in regard to specifics of the [PRISM] program..."

About the news media and replies by U.S. officials:

"... US officials also provide misleading or directly false assertions about the value of these programs, as they did just recently with the Zazi case, which court documents clearly show was not unveiled by PRISM. Journalists should ask a specific question: since these programs began operation shortly after September 11th, how many terrorist attacks were prevented SOLELY by information derived from this suspicion-less surveillance that could not be gained via any other source?"

About whistleblowers and the U.S. government's responses:

"... Binney, Drake, Kiriakou, and Manning are all examples of how overly-harsh responses to public-interest whistle-blowing only escalate the scale, scope, and skill involved in future disclosures. Citizens with a conscience are not going to ignore wrong-doing simply because they'll be destroyed for it: the conscience forbids it. Instead, these draconian responses simply build better whistleblowers. If the Obama administration responds with an even harsher hand against me, they can be assured that they'll soon find themselves facing an equally harsh public response."

If you want to learn more, search Twitter with the hashtag #AskSnowden.

Blogger Claims Toddlers Killed More People Than Terrorists In The USA This Year

This is not humor. At the Opposing Views website, blogger Stacie Borrello has started an interesting analysis. Borrello claimed:

""You you might be shocked to know that preschoolers with guns have taken more lives so far this year than the single U.S. terrorist attack, which claimed four lives in Boston."

Borello searched through news reports and found the instances where children ages 3 through 6 gained access to guns and killed people (e.g., others, parents, and/or themselves). She found 11 deaths in 5 months where the shooter was ages 3 to 6. Borello concluded:

"... most if not all of the above deaths and injuries can be attributed to careless adult gun owners... we still must reach a compromise to address gun violence. I do not have all the answers, but I know as responsible citizens we have to do something... People who worship the Second Amendment should recognize the “well-regulated” aspect of gun ownership that the forefathers intended..."

I hope that others build upon this analysis, to help us understand the impacts and reach of gun violence.

Research And Survey Results About Civil Liberties And Protection Against Terrorism

Disclosures last week about secret programs by the U.S. government that spy on both citizens' telephones and Internet usage, have raise the question: is it necessary to give up civil liberties for protection against terrorism. Several pundits and politicians (from both parties) have been quick to defend the current administration's programs.

I wanted some context with a reliable poll about what American believe and think about the issues. The Pew Research center provides some solid statistics with a historical perspective and context:

"...Since shortly after 9/11, Pew Research has asked whether people’s greater concern is that anti-terror policies will go too far in restricting civil liberties, or that they won’t go far enough in adequately protecting the country. The balance of opinion has consistently favored protection..."

Ten years after 9/11, things have changed. First:

"... fewer Americans think it will be necessary to sacrifice civil liberties to combat terrorism than did so shortly after the 9/11 attacks. In a poll conducted in 2011, shortly before the 10th anniversary of 9/11, 40% said that “in order to curb terrorism in this country it will be necessary for the average person to give up some civil liberties,” while 54% said it would not. A decade earlier, in the aftermath of 9/11 and before the passage of the Patriot Act, opinion was nearly the reverse (55% necessary, 35% not necessary)."

The table below highlights the flip in public opinion:

  % of Americans Surveyed Who Agree That It Is:
  Necessary to give up civil liberties for protection Not necessary to give up civil liberties for protection
2001 55% 35%
2013 40% 54%

One of those civil liberties is privacy. The second shift is the opinion that government should track terror suspects, but not everyone. Spying on all Americans has historically gotten low support; even lower than other methods (e.g., ID cards, credit cards, airport checks):

  % of Americans Surveyed Who Support:
  Government monitoring personal phone calls and emails Extra airport checks on passengers who appear to be of Middle Eastern descent
Aug., 2002 33% 59%
Dec. 2006 34% 57%
Aug. 2011 29% 53%

And, all of this was before the NSA spying disclosures.

In a recent poll by Pew Research and the Washington Post, people wereo asked whether they find it acceptable for:

"NSA getting secret court orders to track calls of millions of Americans to investigate terrorism..."

56% of respondents said this is acceptable while 41% don't. So, just over half of people support the FISA secret court program. Pew also asked:

"Should the government be able to monitor everyone's email to prevent possible terrorism?"

45% said yes while 52% said no. So, less than half of respondents support this. That is not a majority, nor what I would call a ringing endorsement. And, neither question really addressed Internet usage, since email is only part of a person's Internet usage. Plus, the questions didn't include any time parameters (e.g., sometimes).

There are a lot of polls circulating. How one frames or asks the questions greatly influences the results. For example, if you ask the question this way (E.g., Should the government monitor terror suspects? Do you think that it is sometimes necessary to sacrifice civil rights to fight terrorism? To prevent terrorism?), you will get very different results than if you ask it this way (e.g., Should the government monitor all citizens? Do you think that it is necessary to sacrifice civil rights to fight terrorism? To prevent terrorism?). One poll after the NSA spy disclosures cited support for government spying by British citizens. Polls of Americans generated conflicting results in 2006.

The Associated Press conducted a poll in 2011 (Adobe PDF document) and also asked the question straightaway:

"Q11. Do you think that it is sometimes necessary for the government to sacrifice some rights and freedoms to fight terrorism, or is it never necessary to sacrifice rights and freedoms to prevent against terrorism?"

The results: 64% of respondents said it was sometimes necessary. 33% said that it was never necessary. 2% said they didn't know. And 1% didn't answer the question. Note: nobody is agreeing to give up civil liberties perpetually or forever.

Since the NSA and PRISM spying programs have run consistently for about seven years, one can argue whether or not this meets the definition of "sometimes." To me, it doesn't meet the definition. Not even close.

ProPublica documented the history of changes in surveillance laws that have led to today. It's important to understand the changes also during the President George W. Bush administration.

So, is it necessary to give up civil liberties for protection against terrorism? This is a discussion we must have. And, our politicians must listen.

Americans get it. they don't want to trade civil liberties for protection. And, the balance between civil liberties and protection is out of balance. Woe to politicians who ignore the above facts.

CBS News Explains More About Prism, the Secret NSA Data Collection Program

The Guardian UK newspaper revealed on Wednesday some details about a secret spying operation by the NDA which collects Verizon user phone information. Thursday evening, CBS News discussed this and provided some additional details:

"It culls metadata from Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple and will soon include Dropbox."

The program, called PRISM, also collects Internet usage. Also, you can read a PowerPoint document about PRISM at the Guardian UK site. Reportedly, the program started while George W. Bush was President.

What I found interesting. John Miler, former Deputy Director of National Intelligence and a commentator on CBS News, explained how "this is the spying business." Miller emphasized that the data collection allows autorities to determine patterns of communication. To investigate further and listen to entire phone conversations, authorities must get additional court approvals to access details about specific individuals.

Miller also briefly discussed metadata -- not the phone call's contents or conversations, but the descriptive data about the phone calls. Miller also explained briefly the terrorist plot that supposedly had been stopped by this data collection program. Watch the video here.

To understand things, consumers must know what "metadata" is and isn't. There is a good Reuters article describing metadata and the privacy risks:

"... this is data about the data – the identities of the sender and recipient, and the time, date, duration and location of a communication. This information can be extraordinarily sensitive. A Massachusetts Institute of Technology study a few years back found that reviewing people’s social networking contacts alone was sufficient to determine their sexual orientation. Consider, metadata from email communications was sufficient to identify the mistress of then-CIA Director David Petraeus and then drive him out of office."

Knowledgeable readers understand that it is not just the government that collects and uses metadata. Companies do it, too. The use (abuse) of metadata is also a privacy concern with social networking websites. The use of metadata was a key factor in the class-action lawsuit against Instagram. Social networking sites love to capture and edit the metadata they collect; especially the descriptive information about photographs and videos uploaded to social networking websites. That's one reason why the EFF mentioned metadata in its Bill of Rights for mobile users.

So, when you hear a pundit, politician, or supposed expert on television claim (or imply) that there are no privacy risks with metadata and it is harmless, you now know better.

Guardian UK Reveals Court Order Allowing NSA To Spy On US Citizens

Thanks to an I've Been Mugged reader for passing along this information.

Yesterday, the Guardian UK newspaper reported about a secret order allowing the National Security Agency (NSA) to collect the telephone records of all Verizon customers in the USA, including calls both inside the USA and calls to locations outside. This broad, daily data collection doesn't target specific people suspect of wrongdoing, but broadly collects data about all U.S. customers of Verizon.

Verizon is one of the largest telecommunications providers in the USA, offering wireline, wireless, Internet access, and many other phone services -- for both consumers and businesses. You can read the full Verizon court order at the Guardian UK website. The data items collected:

  • The telelphone numbers of both parties in the phone call
  • The duration of the phone call
  • The time, date the call was made
  • The location of the call (think wireless)
  • Any unique identifiers (think IP address, mobile device UDID)

Reportedly, the content of the conversation are supposedly not collected. It is unknown if there are similar court orders for other U.S. telecommunications companies (e.g., AT&T, Sprint, etc.). Sadly, the Obama Administration is defending this data collection. Contact your elected officials today and tell them how you feel about this.

[Update - June 7: the Guarrdian UK reported that the data collection by the NSA also includes direct access to the computer systems of other vendors, notably Faceboo, Google, and Apple.]

Drupal CMS Data Breach

In my consulting business, I work with a variety of content management software (CMS) brands to help companies improve the usability of their websites. So, this news item definitely caught my attention.

Late last month, announced a data breach that may have exposed many users' names, email addresses, and passwords. The Drupal CMS software is popular and used by hundreds of thousands of blogs and websites. The Drupal breach notice read, in part:

"Unauthorized access was made via third-party software installed on the server infrastructure, and was not the result of a vulnerability within Drupal itself. We have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. We are still investigating and will share more detail when it is appropriate. Upon discovering the files during a security audit, we shut down the website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability."

The Drupla notice was skimpy. It did not disclose the number of users or passwords affected, nor did it disclose any dates. The notice advised users what to do to keep secure information in their websites using the Drupal CMS, and it described what Drupal has done so that this type of breach does not happen again. CRN summarized very well the situation:

"The Drupal breach is another in a long line of exposed user account data at social networks and other websites. In April, e-commerce startup Living Social revealed a data security breach. The firm reset the passwords of at least 50 million of its users after it found malware on its internal servers. Twitter, Tumblr and Pinterest users were impacted by a data security breach at third-party customer service provider Zendesk."

Schnucks Files Paperwork To Move Class Action Lawsuit To Federal Court

The Madison-St. Clair Record newspaper reported recently that Schunucks had filed legal paperwork to have a class action lawsuit filed in Illinois moved to a Federal court:

"Schnucks late last week filed a notice to remove the suit that Laverne Rippy brought April 25 in St. Clair County Circuit Court to the U.S. District Court for the Southern District of Illinois... The suit, which seeks damages under the Illinois Consumer Fraud and Deceptive Business Practices Act, alleges that Schnucks failed to timely disclose the security breach to its customers, a violation of the Illinois Personal Information Protection Act."

The March 2013 data breach had affected about 2.4 million debit- and credit cardholders in several states. The Illinois Personal Information Protection Act states, in part:

"Sec. 10. Notice of Breach. (a) Any data collector that owns or licenses personal information concerning an Illinois resident shall notify the resident at no charge that there has been a breach of the security of the system data following discovery or notification of the breach. The disclosure notification shall be made in the most expedient time possible and without unreasonable delay, consistent with any measures necessary to determine the scope of the breach and restore the reasonable integrity, security, and confidentiality of the data system... (b) Any data collector that maintains or stores, but does not own or license, computerized data that includes personal information that the data collector does not own or license shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. In addition to providing such notification to the owner or licensee, the data collector shall cooperate with the owner or licensee in matters relating to the breach... (b-5) The notification to an Illinois resident required by subsection (a) of this Section may be delayed if an appropriate law enforcement agency determines that notification will interfere with a criminal investigation... A violation of this Act constitutes an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act."

Google Glass And Wearable Mobile Devices. Several Privacy Issues Emerge

You have probably heard about Google Glass. It is the first of several wearable mobile devices expected. These devices are integrated into consumer's clothing. In the case of Google Glass, the mobile computing device is integrated, today, into a simple pair of eyeglasses. (in the future, perhaps sunglasses and prescription eyeglasses.) This makes browsing the Web and other tasks truly hands-free, as Google Glass users can blink or wink to control certain product features.

One privacy concern is the right to take videos and photos. Another privacy concern is the right to be notified when you are being recorded. When most people converse with each other, they look directly in each other's eyes. Combined with its hands-free feature, this makes it very easy for Google Glass users to stealthy record others without their knowing it... and without alerting the other person, nor asking for permission. Unlike your smart phone which users must remove from their pocket or purse before taking video/photos, the Google Glass user can begin recording immediately, since the device is already in a position to record video/photos. Unlike traditional cameras, there is no familiar click of the shutter. This pits the rights of people to take photos/video versus the rights of people to control their own image.

People feel strongly on both sides. Some people refer to Google Glass users as "Glassholes." And, technology experts expect many apps will be developed that use the Google Glass device, and other wearable devices. (There's already one porn app for the Google Glass device.) Recognizing the passionate views, Google's position has been to prohibit the facial recognition feature with apps using its Google Glass device. Manufacturers of other devices may not take the same position.

As the New York Times describe in a recent blog post:

"... wearable computing fans, who are starting to sport devices that can record everything going on around them with a wink or subtle click, and the people who promise to confront violently anyone wearing one of these devices...I was startled by how much Glass invades people’s privacy, leaving them two choices: stare at a camera that is constantly staring back at them, or leave the room. This is not just a Google issue. Other gadgets have plenty of privacy-invading potential. Memoto, a tiny, automatic camera that looks like a pin you can wear on a shirt, can snap two photos a minute and later upload it to an online service."

Of course, Apple is developing wearable devices, too. As a recent Forbes Magazie article stated:

"The thing that makes Google Glass one notch weirder and the digital noose one notch tighter for all of us is the loss of the ability to opt in. If you’re in the field of fire, you’re in. There have already been a number of reports of parties where people were asked to remove their Google Glass piece or leave the premises. The Seattle bar 5 Point has banned Google Glass and warned on its Web page, '... ass-kickings will be encouraged for violators.' ”

Hopefully, people and companies will sort through and come to reasonable positions on etiquette. Consider this: is it appropriate to use wearable devices in bathrooms or restrooms? What about doctor's offices? What about at doctor's waiting rooms? Your yoga or pilates class? Or your favorite clothing-optional beach?

Employers will need to adjust, too, especially workplaces where employees access records with confidential or proprietary information. Otherwise, data breaches via wearable devices will result. Places that come to my mind include banks, financial institutions, and cedit-reporting companies where employees view and process the sensitive information of other consumers. (Consider people standing behind you in line at an ATM machine, who try to shoulder-surf with wearable devices.) Then, there are locations such as factories and company offices with proprietary company information. Military and contractor ocations with sensitive information are obvious concerns. Many court buildings already ban visitors from using smart phones and digital recording devices.

Today, respectful people ask their friends, family, classmates, and/or coworkers if it's okay to take and post a photo on a social networking site before doing so. Some people are savvy about this; and give permission for the photo to be uploaded, and ask that the person not "tag" the photo posted on Facebook. And, companies will need to adjust their mobile device policies for what employees (and contractors) can or cannot bring into the workplace.

Between consumers -- friends, family, and classmates -- etiquette and rules will need to be quickly established and clarified. Otherwise, distrust and conflict will result quickly.

What's your opinion about Google Glass and other wearable mobile devices?