Previous month:
December 2015
Next month:
February 2016

15 posts from January 2016

10 Things You Probably Don't Know About The Water Debacle In Flint, Michigan

Everyone knows that in order to save money, several government officials in Michigan decided to switch the city's water supply from a fresh source to a local river with polluted water. MichaelMoore.com reported the basic facts of what happened:

"... the Republican governor, Rick Snyder, nullified the free elections in Flint, deposed the mayor and city council, then appointed his own man to run the city. To save money, they decided to unhook the people of Flint from their fresh water drinking source, Lake Huron, and instead, make the public drink from the toxic Flint River. When the governor’s office discovered just how toxic the water was, they decided to keep quiet about it and covered up the extent of the damage being done to Flint’s residents, most notably the lead affecting the children, causing irreversible and permanent brain damage. Citizen activists uncovered these actions..."

The site also listed 10 items you probably don't know:

"1. While the Children in Flint Were Given Poisoned Water to Drink, General Motors Was Given a Special Hookup to the Clean Water. A few months after Governor Snyder removed Flint from the clean fresh water we had been drinking for decades, the brass from General Motors went to him and complained..."

"3. There’s More Than the Lead in Flint’s Water. In addition to exposing every child in the city of Flint to lead poisoning on a daily basis, there appears to be a number of other diseases we may be hearing about in the months ahead. The number of cases in Flint of Legionnaires Disease has increased tenfold since the switch to the river water. Eighty-seven people have come down with it, and at least ten have died. In the five years before the river water, not a single person in Flint had died of Legionnaires Disease..."

"5. While They Were Being Poisoned, They Were Also Being Bombed. Here’s a story which has received little or no coverage outside of Flint. During these two years of water contamination, residents in Flint have had to contend with a decision made by the Pentagon to use Flint for target practice. Literally. Actual unannounced military exercises – complete with live ammo and explosives..."

Read the complete list of 10 items. I would add an eleventh item. The Atlantic reported:

"According to documents obtained by Progress Michigan on Thursday, state employees in Flint were provided coolers filled with bottled water in January of 2015 as concerns continued grew about the quality of the water there. The notice was issued months before the state officials first demonstrated awareness of the problem. Six months later, in July, Dennis Muchmore, Michigan Governor Rick Snyder’s former chief of staff, wrote an email to a health official in which he expressed frustration that Flint residents “are basically getting blown off by us” over their concerns about the water. That was still two months before a lead advisory was issued in Flint when researchers found high lead levels in the residents’ bloodstreams..."

This is a sign that austerity programs fail. This is a mugging of a city and its residents. How many people must be poisoned or dead before the government officials are held accountable, arrested, and jailed?

When will the U.S. Congress take action? So far it hasn't. Many citizens around the United States are angry and want action. You can find this meme circulating online:

Benghazi Flint meme


FCC Proposes To Unlock Cable TV Set-Top Boxes To Encourage Competition And Better Services For Consumers

Federal communications Commission logo On Wednesday, the Federal Communications Commission (FCC) proposed changes to unlock set-top cable television boxes to encourage competition and more choices for consumers. The change involves unlocking set-top boxes. Currently, most cable TV subscribers lease set-top boxes. The system is highly profitable for cable providers and very costly for consumers. How bad is it? According the FCC:

"... U.S. consumers spend $20 billion a year to lease these devices. Since 1994, according to a recent analysis, the cost of cable set-top boxes has risen 185 percent while the cost of computers, televisions and mobile phones has dropped by 90 percent."

Besides spending about $231.00 every year in leasing costs, consumers are often stuck in long-term, burdensome contracts. The cost of these set-top devices should have decreased along with other computer technology. To encourage competition and consumer choice:

"... FCC Chairman Wheeler is circulating for a vote a Notice of Proposed Rulemaking (NPRM) that would tear down anti-competitive barriers and pave the way for software, devices and other innovative solutions to compete with the set-top boxes that a majority of consumers must lease today. The proposal will be voted by the full Commission on February 18, 2016... The Chairman’s proposal will let innovators create and then let consumers choose."

What are the details? The FCC proposal would:

"... create a framework for providing innovators, device manufacturers and app developers the information they need to develop new technologies. Consumers should be able to choose how they access the Multichannel Video Programming Distributor’s (MVPDs) – cable, satellite or telco companies – video services to which they subscribe. For example, consumers should be able to have the choice of accessing programming through the MVPD-provided interface on a pay-TV set-top box or app, or through devices such as a tablet or smart TV using a competitive app or software.... as required by the Telecommunications Act of 1996, the proposal identifies three core information streams that must pass from MVPDs to the creators of competitive devices or apps: 1) Service discovery: Information about what programming is available to the consumer, such as the channel listing and video-on-demand lineup, and what is on those channels; 2) Entitlements: Information about what a device is allowed to do with content, such as recording; and 3) Content delivery: The video programming itself. "

To ensure that innovators can innovate and consumers receive the benefits promised, the FCC proposal also addressed the issue of standards:

"Standards: Promoting interoperability and removing barriers to innovation. Instead of mandating a government-specific standard for these three information flows, which might impede innovation, the Chairman’s proposal recommends that they be made available to the creators of competitive devices and navigation solutions using any published, transparent format that conforms to specifications set by an independent, open standards body. The proposal identifies five characteristics that must be met by an independent standards body: 1) openness in membership, 2) a balance of interests, 3) due process, 4) an appeals process, and 5) consensus."

Sounds good to me. This solution is long, long overdue. Decades ago, phone deregulation freed consumers from having to lease expensive landline telephones. The New York Times reported:

"Last year, Senators Edward Markey of Massachusetts and Richard Blumenthal of Connecticut, both Democrats, investigated the cable set-top box market. They estimated that the cable industry, with its hidden fees and long-term contracts, generated $20 billion in annual revenue from the box rentals."

Naturally, media companies have already voiced their concerns:

"... the change could undermine the foundation of their businesses. The concern is that the new arrangement could negate contracts between cable companies and entertainment companies, in which the cable companies pay television groups billions of dollars a year for the rights to distribute programming. Those contracts stipulate how the programming can be distributed,... how it is branded, certain copyright protections and the treatment of advertising... Opponents of the proposal also said that the industry was already providing more streaming options and the F.C.C. did not need to intervene to spur innovation. In November, Time Warner Cable, for instance, began a trial offering its cable television lineup through devices made by Roku..."

Hello? Consumers want a better experience with lower costs --now -- and not at the glacial pace of change by cable TV providers. The television business is already changing quickly. Either catch up and be a leading part of the change or continue to get run over by it.

Kudos to the FCC and Chairman Wheeler, who are showing that they clearly listen to consumers. Competitors should be able to provide both lower-cost solutions with a better user experience, and consumers should have the freedom and choice to buy them. Give innovators the freedom to innovate and let the marketplace decide, not self-interested cable TV executives. The new solutions may be cheaper set-top boxes, mobile apps, smart TVs with the set-top box functionality integrated, or a mix. That would be great. The smart TV solution would provide consumers with simplicity and fewer devices, making today's smart TVs truly smart(er).

Download the FCC proposal (Adobe PDF). What are your opinions of the FCC proposal?


Political Campaigns In The USA: Privacy And Security Issues

The Los Angeles Times provided a good primer about the privacy issues in the political system in the United States:

"... data for politics is not a new phenomenon. Presidential candidates began pioneering the approach more than a decade ago, and it was a key part of Barack Obama’s winning strategy in 2008 and 2012. But technological advancements, plunging storage costs and a proliferation of data firms have substantially increased the ability of campaigns to inhale troves of strikingly personal information about voters... as presidential campaigns push into a new frontier of voter targeting, scouring social media accounts, online browsing habits and retail purchasing records of millions of Americans, they have brought a privacy imposition unprecedented in politics. By some estimates, political candidates are collecting more personal information on Americans than even the most aggressive retailers... The campaigns and the data companies are cagey about what particular personal voter details they are trafficking in..."

Reportedly, one firm collected 500 data elements about each voter. That means, they know a lot about you.

What might those data elements be? Let's use Facebook.com as an example, since many consumers use the social networking services. If you are a member, you can see for yourself. Sign into your account with a web browser, select SETTINGS and then ADS. You'll see a page that looks similar to this:

Image of Facebook Ad Settings page. Click to view larger image

Chances are, your account settings were preset to automatically display targeted advertisements based upon your interests (e.g., what you "Liked," posted about, friends' posts you commented upon, even when you don't click "Like" buttons, music and fitness apps linked to your account, edited and unpublished posts, etc.). I'd already modified my account settings to suppress targeted ads, but that doesn't stop the data collection. Now, select the EDIT link next to "Ads based upon my preferences." When prompted, select the "View Ad Preferences" button. You will see a page that looks similar to this:

Image of Facebook Ad Preferences Categories page. Click to view larger image

Facebook has neatly arranged your preferences into several categories: Education, People, News and Entertainment, Travel, and more. Click on any category to view the items for that category. After selecting the "Lifestyle and Culture" category, I saw this:

Image of Facebook Lifestyle and Culture Ad Preferences view. Click to view larger image

You can click on each item to see details about that item. You can also mouseover an item to display a button to toggle on or off each item. That tells Facebook to either display or suppress targeted advertisements to you about that item. (I turned 95 percent of mine off.) If you "Like" the Facebook page for a specific brand, product, service, newspaper, organization, event, or person then the site is happy to catalog that and serve targeted ads from that entity, or other companies in that category.

This provides a huge clue as to the data elements Facebook has collected and shared with data brokers and its partners. Chances are, some of this information has already made its way via data brokers into the databases of political campaigns. You can read in this blog about data brokers and tech companies that have assisted social networking sites.

I've used Facebook.com as an example to highlight for consumers the data elements. The above images make it real. Data collected by social networking sites is so valuable, at least one credit reporting agency wanted it. As The Los Angeles reported:

"The data companies are required by law to keep the names of individuals separate from the pile of data accumulated about them. Instead, each voter is assigned an online identification number, and when a campaign wants to target a particular group – say, drivers of hybrid vehicles or gun owners – the computers coordinate a robocall, or a volunteer’s canvassing list, or a digital advertisement with relevant accounts. Since campaigns are ultimately in the business of finding particular people and getting them to show up to vote, some scholars are dubious their digital targeting efforts offer the same level of anonymity as those of corporations."

So, campaigns will re-assign names to information the data brokers have supposedly anonymized. Are you happy with that? Are you happy with political campaigns knowing this much about you? Are you confident that political campaigns adequately protect your personal information? Do you believe that you should have some say in what political campaigns collect and archive about you? Do you want control over your personal information?

Again, from the Los Angeles Times article:

"There is a tremendous amount of data out there and the question is what types of controls are in place and how secure is it,” said Craig Spiezle, executive director of the nonprofit Online Trust Alliance. The group’s recent audit of campaign websites for privacy, security and consumer protection gave three-quarters of the candidates failing grades... An exhaustive paper [New York University School of Law researcher] Rubenstein recently published on voter privacy found that “political dossiers may be the largest unregulated assemblage of personal data in contemporary American life.” Basic privacy guidelines that apply to other industries don’t appear to apply to candidates. Some do not even have clear privacy policies posted on their websites..."

Now you have an idea of what data is out there about you. If you want to turn off targeted ads displayed by Facebook, you can. You can't stop the data collection though. The data collection, archiving, and resale is part of most social networking sites' business models.

Are political campaigns reselling data to make money? Are you interested in what political campaigns have collected about you? Do you think it's accurate?


The Internet of Things: Reliability And Trust Issues

Image of Nest Thermostat What happens when Internet-connected devices in your home don't work as they should? Unfortunately, this happens. The Motley Fool reported:

"... you wake up in your bed to a freezing cold house. You know you set the thermostat to the right temperature the night before...  You stumble out of bed and into the hallway to look at the thermostat. It's off -- and it won't turn back on. That was the scenario for some Nest thermostat owners (the company owned by Alphabet's Google) after a software update inadvertently added a bug to thermostat's system, causing the batteries to drain and the device to turn off."

In this instance, it was an inconvenience. Nest identified the problem and provided customers with a fix. In cold-weather climates during winter, it could have been far worse -- damage and costly repairs from frozen, burst water pipes. And this wasn't the first problem:

"Back in 2014, the Nest smoke and carbon monoxide alarm, Protect, had to have a software update because of over-sensitive sensors that made turning the device off (through hand gestures) too easy. The company pulled devices off of the shelves and reintroduced the product after the fix."

The incidents highlight the need for the Internet-of-Things (IoT) devices to operate reliably. Consumers need to be able to trust that their smart devices operate reliably:

"While Nest may be able to get away with a few problems with its devices, it's not helping to build consumer trust for home automation or the Internet of Things. A recent survey by Accenture of 28,000 people across 28 countries found that half of respondents said they'd stay away from the Internet of Things because of privacy and security issues."

In another survey, 63 percent of consumers identified smart thermostats and fans as key components in smart homes. These blog posts discussed the challenges and privacy risks smart devices create for consumers. In a 2014 survey by Fortinet, 69 percent of respondents said that privacy is their biggest concern with devices for smart homes, 66 percent said they want complete control over their personal information, and 48 percent would hold the manufacturer responsible for vulnerabilities found in home appliances.

A U.S. Federal Trade Commission (FTC)report recommended a "security by design" approach for manufacturers of smart devices, with best practices that, a) conduct privacy or security risk assessments, b) minimize the data collected and archived, c) test security measures before introducing products, and d) monitor products (and services) throughout the life-cycle and patch known vulnerabilities. One wonders if Nest performs all four of these best practices.

Informed consumers know that they trade away plenty of sensitive personal information for convenience. Smart devices have sensors that collect data 24/7/365 and transmit it to the device's manufacturer, who then shares that information with other companies, business partners, and affiliates. Some information may also be sold to data brokers. Informed consumers understand that this is the business model of many companies. So, their devices had better work reliably for this trade to make sense. I agree with The Motley Fool's position:

"With the IoT market expected to reach $7 trillion by 2020, there's too much at stake for companies not to focus on how users will perceive small software glitches. If Google wants to eventually have us hand over our trust to them to drive us around town without us touching the steering wheel, it'll need to first learn how to make a thermostat that can consistently keep the heat on in our homes."

If devices don't operate reliably, then you can't trust them... and shouldn't buy them. Obviously, driver-less cars should operate reliably. That means more than simply lower accident rates compared to human drivers. It means transparency by releasing all accident reports so consumers can make informed decisions, working reliably without bugs or hacks, and not being a hazard by driving too slowly. Reliability means consumers can trust that their smart home devices receive all operating system updates in a timely fashion, and not some or none.

It's not only manufacturers that need to act responsibly. Consumers need to act responsibly, too. Consumers have to shop wisely for reliable and secure smart devices. Ars Technica described the problem after using the Shodan search engine to find vulnerable baby cams online:

"Most consumers fail to appreciate the consequences of purchasing insecure IoT devices. Worse, such a quantity of insecure devices makes the Internet less secure for everyone. What botnet will use vulnerable webcams to launch DDoS attacks? What malware will use insecure webcams to infect smart homes? When 2008-era malware like Conficker.B affects police body cams in 2015, it threatens not just the reliability of recorded police activity but also serves as a transmission vector to attack other devices."

What are your opinions about the reliability of smart devices for homes?


Vulnerability Affects Linux Computers And Android Phones

Android wordmark If your computer runs the Linux operating system (OS), or you use Android phone, then today's blog post is for you. On Tuesday, ZD Net reported about a vulnerability that affects devices running either group of OS software:

"A new, previously undiscovered flaw that allows an attacker to escalate local user privileges to the highest "root" level is said to hit "tens of millions" of Linux PCs and servers. Because some of the code is shared, the zero-day flaw also affects more than two-thirds of all Android devices."

This is important because many consumers use Android phones:

"A patch is expected to be released on January 19 for most Linux machines... It is not known if Google was aware of the bug before Perception Point published its findings. The Android maker will likely fix the bug as part of its scheduled monthly security updates in February. A Google spokesperson did not comment."

This raises several questions. Why wait until February? Will all Android phone users receive the OS software updates that fix the vulnerability? And when? What role does your mobile service provider have in the OS update process?

You Probably paid $200 or $300 when you bought your phone and committed to a two-year contract with your mobile service provider. So, it's reasonable to expect OS software updates. Sadly, not all Android phone users get software updates. Why? How? This is not new. Android Central explained the software update process way back in 2012:

"This vicious cycle is a product of Google’s approach to its OS, combined with a mess of other factors including carriers, manufacturers and users’ own expectations. It’s one of the platform’s most significant issues, and one that’s all but impossible to solve..."

Some of the messy, ugly details in the software update process:

"But when the [updated] code is pushed out, it's not necessarily ready for every device out there. Getting a new version of Android up and running on any device with different hardware requires a significant amount of additional work, and even more effort is needed to bring across proprietary code from chip-makers... The task isn’t limited to code, though. There are often design changes to be considered... Updating an Android device isn't easy, and there's much more to it than dropping in the new code from Google and hoping for the best. It’s a hell of a lot of work... If radio changes have been made, the new code must be certified by regional authorities, as well bodies like the Bluetooth SIG and Wifi Alliance. That all takes precious time... mobile operators have great influence into what goes out on their networks, especially in markets like the U.S. and Japan. That power includes the requirement that manufacturers submit updates for approval before they’re pushed out. The carrier certification process can be lightning-fast or arduously long-winded... Carriers are generally slow moving, and they’ll always err on the side of caution. They also have limited resources when it comes to certifying smartphone software, and the priority, naturally, will always be given to approving new devices ready to go on sale... If a phone hasn’t sold well, or it's a budget model, it might just not be worth the time and money to develop and certify an update..."

What are your opinions of the Android software update process? Let us know if you received the latest OS software update that fixed this vulnerability.


EU Antitrust Chief: Vast Digital Data Collection By A Few Threatens Competition

On Sunday, the New York Times reported comments by the European Union's antitrust chief:

"Margrethe Vestager, the European Union’s antitrust chief, warned on Sunday that the collection of a vast amount of users’ data by a small number of tech companies like Google and Facebook could be in violation of the region’s tough competition rules."

The European Union (EU) and the United States are negotiating a new data-sharing arrangement by the January 31, 2016 deadline after the European Court of Justice ruled in October 2015 that Europeans’ sensitive personal information was not adequately protected when transmitted to the United States under the safe harbor agreement. The court ruled the agreement invalid because of access by U.S. government (spy) agencies.

The EU developed its Privacy Directive during the late 1990s to, a) standardize privacy laws across its member countries, b) protect their residents' sensitive personal and financial information as the Internet industry blossomed, and c) define the protections as information is transmitted across country borders. The protections cover online activities such as posting to social networking sites, buying products online, and performing searches at search engine websites. To learn more, read the "US/EU Safe Harbor Agreement: What It Is and What It Says About the Future of Cross Border Data Protection" (Adobe PDF) document by the U.S. Federal Trade Commission (FTC) from 2003. (The 2003 report is also available here.) To sell their products and services within the EU, companies based in the United States must comply with these privacy regulations.

Reportedly, Vestager said:

"If a few companies control the data you need to cut costs, then you give them the power to drive others out of the market...”

She is not the only one concerned:

"A number of European executives echoed Ms. Vestager’s fears about how a small number of American tech companies could use their large-scale data collection to favor their own services over those of rivals. Among them was Oliver Samwer, the German entrepreneur who co-founded Rocket Internet, one of the region’s most high-profile tech companies."

The EU has several antitrust investigations underway:

"... for example, investigations into Apple’s tax practices in Ireland and has started a wide-ranging inquiry into e-commerce that analysts say could encompass the likes of Amazon, among others. Ms. Vestager also brought antitrust charges against Google last April, saying the search giant had unfairly favored some of its digital services over those of rivals. An announcement in that case is expected in late spring... while a separate European investigation continues into whether Google used Android, its popular mobile software, to unfairly restrict rivals..."

It seems wise for consumers in the United States to pay attention to events and negotiations in Europe to ensure as much competition and privacy as possible.


Ad Blocking Software: What It Is, The Benefits, And How To Use It

Nobody wants their online experience cluttered with irrelevant advertisements. Recently, TechCrunch published a beginner's guide to ad blocking software. If you are unfamiliar with what the software is, does, and its benefits, then this primer is for you.

Basically, ad blocking software prevents your web browser from downloading and displaying unwanted advertisements. Consumers use it for several reasons, including performance, privacy, and security for a better online experience:

"Performance. The average page has dozens of ad tags, and ad providers are typically built with no regard to performance (loading hundreds of tags, images, megabytes of video, etc.), so preventing all of this from loading drastically speeds up the website."

"Privacy. Most ad networks and tracking systems (like Google Analytics) collect information about user behavior and pages visited, which can lead to privacy issues. Ad blockers stop all of this and make it easy to browse privately."

Security is a concern because some advertising networks (e.g., AOL, Yahoo, Huffington Post) have been compromised with computer viruses, or malware, onto unsuspecting consumers' devices. Some malware targeted mobile devices. It has occurred often enough that the term malvertising is now used. Malvertising is very bad because you don't have to click on annything in order for your computer to get infected.

During the last 7+ years, this blog covered a variety of technologies (e.g., cookies, “zombie cookies,” Flash cookies, “zombie e-tags,” super cookies, “zombie databases” on mobile devices, canvas fingerprinting, etc.) companies use to persistently track consumers online without their knowledge nor consent; and to circumvent consumers' efforts to maintain privacy online. So, you want to do what you can to avoid or minimize the tracking.

Consumers have plenty of choices for which ad-blocking software to use. As TechCrunch reported:

"Apple’s iOS has recently allowed for content blocking extensions in its Safari browser, so now it’s possible to block ads on mobile websites, as well. Both iOS and Android also allow for third-party browsers that can come with ad-blocking abilities built in."

You can't block ads that appear within a mobile (or desktop) app, so that maybe another reason to use your web browser instead of a mobile app (which is usually a piece of a website). I happen to use, with the Firefox web browser, the Privacy Badger tool from the Electronic Frontier Foundation. I am delighted with it. Yes, some websites won't display content when you block their ads, but most do.

For private online searches, I use the DuckDuckGo search engine instead of Google, Bing, and Yahoo. What ad-blocking software do you use? If not, do you plan to start using it?


Hello Barbie Doll Cited As A Threat At Security Conference

Image of the upcoming Hello Barbie doll. Click to view larger image At a recent cyber-security conference at New York University, a MasterCard executive raised concerns about the WiFi-enabled Barbie doll. The New York Post newspaper reported:

"The chief executive of MasterCard on Friday singled out the $75 Mattel doll as a security threat — the second time the tech-smart Barbie has run into trouble. Ajay Banga said hackers can gain control of Barbie’s voice and then “talk” to a child. The hackers can then win the confidence of the kid and, under certain circumstance, attempt to gain access to your home..."

Regular readers of this blog are familiar with the security issues from Internet-connected toys, such as this doll, which also contain a voice-recognition interfaces. As Banga accurately emphasized, a criminal can hack the toy and ask the child what valuables the family owns, plus when the home will be vacant. Adolescents and toddlers are too young to understand security concepts, what not to disclose to strangers, and when a toy asks inappropriate questions.

Think of it this way, criminals regularly use phone spam to trick adults into revealing sensitive personal and financial information. It would probably be easier to trick young children. With Internet-connected devices in homes, criminals can easily bypass do-not-call registries.

Banga also mentioned that MasterCard is a favorite target of hackers, with 15,000 attempted hacks daily. That reinforces the observation that criminals go where the money is. The newspaper also reported:

"Several of the most prominent names in cybersecurity said during the conference that most people aren’t aware of the growing number of cybersecurity threats that they’re exposed to as manufacturers keep making products that hook up to the Internet. One of the biggest vulnerabilities is the so-called “Internet of things” — everything from TVs to refrigerators to vending machines that automatically connect to the Internet, and then transmit data to another source."


The Most Discussed Topics On Facebook During 2015

Facebook logo What did Facebook members discuss the most during 2015? It wasn't all lolcats, music, selfies, and humor. The social networking giant published its list of most discussed global topics:

  1. U.S. Presidential Election
  2. November 13 Attacks in Paris
  3. Syrian Civil War & Refugee Crisis
  4. Nepal Earthquakes
  5. Greek Debt Crisis
  6. Marriage Equality
  7. Fight Against ISIS
  8. Charlie Hebdo Attack
  9. Baltimore Protests
  10. Charleston Shooting & Flag Debate

Smart Devices Create Challenges And Privacy Threats For Consumers, Part 2

Part one discussed the challenges and privacy threats smart devices for the home create for consumers. Today's blog post discusses data ownership, and how to shop wisely.

You've probably heard the terms: Internet of Things. Smart Home. Connected home. All refer to the myriad of devices in your home that are connected to the Internet, outfitted with sensors, collect information about your usage (e.g., who, what, when, where, why, and how long), and transmit that digital information collected to the device manufacturer and others.

The collected information is often shared with corporate partners or affiliates, such as the device's operating system software developer and mobile payments provider. (See this chart for partners by payment type.) Data may also be shared with the Internet Service Provider and/or the wireless service provider (for mobile apps).

The types of devices vary far beyond smart phones and tablets. Some include security, lighting, temperature controls, and safety devices (e.g., smoke alarms, carbon monoxide detectors). Some may be toys used by very young children. Some may be fitness devices that collect your health information and transmit it to entities not bound by HIPAA and HITECH laws.

This data collection isn't new. It's been happening long before the Internet and smart phones. You might say that digitization and mobilization made the data collection far easier and far more extensive.

A wise consumer is bound to ask: who owns the data these collect (and transmit) about me and my family? Great question. ZD Net explored the answer:

"According to law firm Taylor Wessing, end users don't really have ownership rights to the data gathered by off-the-shelf systems they've installed. If you've rolled out a smart home set-up, you can't legitimately claim that all the details about when you switched on your lights or opened your garage belong to you and you alone."

The term "end users" refers to consumers... you. So, consumers in the United States have few property rights. That means you have little control over the data collection and sharing with others. Not good.

And, it's worse because devices don't always indicate when they are recording your activity, what you do and say:

"... One recent high profile misstep case in point: the privacy policy for Samsung smart TVs told customers that if they had discussed personal or sensitive information in front of the TV, "that information will be among the data captured and transmitted to a third party through your use of Voice Recognition", causing consternation among users. The company subsequently published a blog to explain to users exactly how and when their TVs were listening in."

Whatever smart home devices you purchase, shop wisely:

  1. Read both the terms of conditions and privacy policies before purchase. If you don't like the terms, don't buy it and keep shopping for alternatives.
  2. Buy devices that include regular software updates, just like your computer. This helps protect you (and the data collected about you and your family) against malware, hacks, and computer viruses by unauthorized persons.
  3. Buy devices that are truly smart. Avoid devices that are simply outfitted with a touch-screen and Internet connection. You're probably paying (a lot) more, so make sure you get more. And,
  4. Buy devices with robust privacy settings, so you can control what information you share, when, and how.

What do you consider when shopping for smart devices for your home?


Survey: Smart Home Technology. What It Is And Who Has It

Coldwell Banker released the results of a 2015 survey of 4,000 adults in the United States about smart home technology. Survey participants consider a home a "smart home" if it contains the new security, temperature, lighting, and safety devices:

"When asked about what needs to be in a home for it to be considered "smart," the top choices were security (e.g., locks and alarm systems - 63 percent), temperature (e.g., thermostats and fans - 63 percent), lighting (e.g., light bulbs and lighting systems - 58 percent) and safety (e.g., fire / carbon monoxide detectors and nightlights - 56 percent)."

Additionally, 76 percent of survey participants said that having only one of the four above categories of smart technology in a home isn't enough for it to be considered a "smart home." And, 60 percent said that a smart home should have have at least three of the four above categories of smart products.

Key findings about smart technology adoption: 45 percent of survey participants said they either own smart home technology or plan to buy it during 2016. Of people who do not currently have smart home technology in their home, 27 percent said they plan to acquire it during 2016. And, 70 percent of people who already have smart home technology said buying their first smart home device made them more likely to buy another.

The gateway device into a smart home is entertainment. 44 percent of people with smart home technology already have smart entertainment devices: smart televisions, smart speakers.

Obviously, Caldwell banker, a real estate firm, is not a disinterested party. A key goal of the survey was to determine if smart devices help people sell their homes, and if so which types of devices sellers should install in their home:

"More than half of homeowners (54 percent) would purchase or install smart home products if they were selling their home and knew that doing so would make it sell faster. Of homeowners who said they'd purchase or install smart home products, 65 percent would pay $1,500 or more and 40 percent would pay $3,000 or more to make their home smart. Of Millennial homeowners (ages 18 to 34) who would purchase or install smart home products, 72 percent would pay $1,500 or more and 44 percent would pay $3,000 or more to make their home smart."

Adoption of the technology occurs across both age and income groups:

"... 40 percent of those over 65 who own smart home products currently have smart temperature products, compared to only 25 percent of Millennials (ages 18 to 34). Americans with a household income of $50k to $75k and those with a household income of $75k to $100k are adopting smart home technology at nearly identical paces..."

I found it very interesting that home buyers said the least popular smart home devices are smart appliances (e.g., smart refrigerators, wireless ovens, washers, clothes dryers) and entertainment.The survey did not seem to address smart home privacy. Privacy and security experts have advised consumers to shop wisely for devices with operating system software that is updated frequently, just like your home computers and tablets. Back in 2014, the Ars Technica blog cautioned:

"Your smart TV is not really a TV so much as an all-in-one computer that runs Android, WebOS, or some custom operating system of the manufacturer's invention. And where once it was purely a device for receiving data over a coax cable, it's now equipped with bidirectional networking interfaces, exposing the Internet to the TV and the TV to the Internet... Herein lies the problem, because if there's one thing that companies like Samsung have demonstrated in the past, it's a total unwillingness to provide a lifetime of software fixes and updates. Even smartphones, which are generally assumed to have a two-year lifecycle (with replacements driven by cheap or "free" contract-subsidized pricing), rarely receive updates for the full two years (Apple's iPhone being the one notable exception)."

So, shop wisely for smart home devices that include regular software updates. And look for devices that are truly smart, and not simply outfitted with a touch-screen and Internet connection. You are going to pay (a lot) more, so make sure you get more. Otherwise, you are inviting problems into your not-so-smart home.

View more information about Caldwell Banker's Smart Home Marketplace Survey.


White Oregon Domestic Terrorists Mocked: Y'all Qaeda, Yee Hawdists. Their Real Agenda

"A group of armed men took over a building on federal land in remote western Oregon. They’ve been there for a few days without any police intervention. Meanwhile, Twitter is finding clever ways to call out some double standards in the media.”

Are the men "armed protesters" as some news sources reported, or are they domestic terrorists? Read the definition of domestic terrorism used by the Federal Bureau of Investigation (FBI), and decide for yourself. Then, read more on Twitter.

On January 5, Robert Reich described what's really happening:

"Last Saturday, armed men took over the offices of the Malheur National Wildlife Refuge, in Harney County, Oregon. Ammon Bundy, leader of this group, and his father, the Nevada rancher Cliven Bundy, style themselves as part of a Western movement to take land back for the people from the federal government. But that’s not what’s really going on. (After all, most of these lands once belonged to Native Americans.) The real fight is over how much the rest of us will continue to subsidize the Bundys and other privateers -- private logging contractors who are allowed to cut vast tracts of federal forest at subsidized rates, ranchers who pay grazing fees on some 300 acres of public lands at rates far below the market rate, private mining companies that now extract about a billion dollars a year of minerals from public lands without paying royalties, and farmers who benefit from the federal Bureau of Reclamation’s irrigation systems that make arid land capable of producing crops. The Bundys and their allies oppose efforts to protect the environment because they want even more of these subsidized benefits..."

So, Bundy and his cohorts are welfare queens, too. Now, the video:


Are You A Lab Rat, Social Addict, And Crash Test Dummy? Facebook Acted Like You Are

Facebook logo After unannounced tests in 2014 when Facebook manipulated its customers' news feeds without notice nor consent, users complained bitterly. Well, Facebook has done it again. Either executives at the social networking giant haven't learned from their 2014 experience, or don't care.

This time, the unannounced test included Android app users where Facebook intentionally crashed their apps. Forbes magazine reported:

"Facebook conducted secret tests to determine the magnitude of its Android users’ Facebook addiction, according to a new report published yesterday. Like a bunch of crash test dummies, users of the Facebook app for Android were (several years ago) subject to intentional Facebook for Android app crashes without being informed of the tests. These tests were reportedly conducted so Facebook could determine user resilience to app deprivation–that is, whether users would find ways to use Facebook on their Android devices without the Google Play store app..."

Similarly, the dating service OKCupid irritated its users in 2014 after secret tests. People don't like being treated like lab rats. Ethically-challenged executives don't seem to understand this.

Supposedly, Facebook wanted to know if those Android app users would get replacement apps from other sources, or use the browser interface. Reportedly, Facebook has one billion Android app users. The news article didn't say whether Facebook performed similar tests on Apple iPhone app users. It seems wise to assume so.

The news report didn't mention whether Facebook slowed or manipulated the browser interface to see if users would switch to one of its mobile apps. It seems wise to assume so.

What are your opinions of the secret tests? Is this an acceptable "cost" for a service that promises to remain free?


Smart Devices Create Challenges And Privacy Threats For Consumers

There are plenty of smart devices you can buy online or in retail stores for your smart home: smart televisions, home audio speakers, fitness bands, smart watches, light switches, talking dolls and toys, smart home thermometers, cars with GPS and sensors, drones, and much more. And, your utility company probably uses smart meters to transmit via wireless your usage, instead of paying technicians to visit your home.

Many or most of these devices have hands-free voice controls. That feature provides a huge convenience, but along with it comes the privacy threat that it can (or does) record everything you say... whether you intend it for the device or not.

The Times Union highlighted several problems smart devices create for consumers. The first is the hope that the device manufacturer adequately protects your information from data breaches and thieves:

"You may never know for sure. At best, you can hope the company keeps its promises on privacy. More important, you have to trust that its computer systems are really secure, or those promises are suddenly worthless. That part is increasingly difficult to guarantee — or believe — as hacking becomes routine."

At least one fitness maker already had a substantial data breach. People want to try the new devices to see if and how they might benefit. There's nothing wrong with that. The second problem:

"Every technological benefit comes with a cost in the form of a threat to privacy. Yet not paying that price has its own cost: an inability to participate in some of technology's greater achievements."

There has to be a better way. Consumers should not have a to choose between giving up privacy in order to use smart devices versus living under a rock without smart devices to maintain privacy. What are your opinions?


Lifelock to Pay $100 Million To Settle Charges By FTC That Company Violated A 2010 Court Order

Lifelock logo During the run-up to the holiday season, the U.S. Federal Trade Commission (FTC) announced a settlement agreement where Lifelock will pay $100 million to settle charges that it violated a 2010 federal court order to properly secure customers' sensitive personal information, and stop performing deceptive advertising. The identity protection service has featured notable spokespersons, including radio talk-show host Rush Limbaugh, television personality Montel Williams, and former New York City Mayor Rudy Guliani.

The company's stock price plunged in July 2015 when news of the FTC investigation broke. The FTC's charges against Lifelock included four components. The FTC alleged that:

  1. From at least October 2012 through March 2014, LifeLock failed to establish and maintain a comprehensive data security program to protect users’ sensitive personal information (e.g., Social Security numbers, credit card payment information, bank account information, etc.).
  2. LifeLock falsely advertised that it protected consumers’ sensitive information with the same high-level protections used by banks.
  3. From January 2012 through December 2014 LifeLock falsely advertised  that it would send alerts “as soon as” it received any indication that a consumer may be a victim of identity theft.
  4. Lifelock failed to comply with the recordkeeping requirements in the 2010 court order.

In 2010, about 950 thousand consumers received refunds from Lifelock results from deceptive advertising claims. In a 2014 review of the service, Consumer Reports advised consumers to ignore the hype and consider whether you are like to lose or have stolen as much money as Lifelock's annual service fees: $99 to almost $250 a year. Consumer Reports said:

"LifeLock’s latest commercial shows folks happily sharing personal information on smart phones, laptops, and tablets, oblivious to LifeLock’s claim that “identity theft is one of the fastest-growing crimes in America.” That’s why you need LifeLock.. True, existing debit- and credit-card fraud, aka card theft, makes up the largest part of what is trumped up as identity fraud, and it jumped 46 percent last year. But consumer-protection laws and zero-liability policies limit the actual cost of that crime for most consumers to zero. Those who had out-of-pocket costs in 2013 lost only $108, on average. The incidence of new-account fraud... has fallen to historic lows. Your chance of getting hit last year was only one-half of 1 percent. Again, you’re generally not liable if a creditor lends money to a crook posing as you, but costs for consumers who were liable somehow averaged $449. LifeLock’s terms-and-conditions agreement requires that you also work to protect your personal information “at all times.” Why pay someone for DIY defense?"

Regular readers of this blog know that after my personal information was disclosed during a prior employer's data breach, I placed Fraud Alerts for free on my credit reports on my own. Later, I upgraded to Security Freezes for greater protection. The only cost I incurred for the Security Freezes was the $5 fee (which varies by state) each credit reporting agency charged. I monitor my credit card and bank statements monthly (for free) for fraudulent charges, and when they occur get them removed without incurring any costs. For me, DIY protection works.

Terms of its settlement agreement with the FTC require Lifelock to:

"... deposit $100 million into the registry of the U.S. District Court for the District of Arizona. Of that $100 million, $68 million may be used to redress fees paid to LifeLock by class action consumers who were allegedly injured by the same behavior alleged by the FTC. These funds, however, must be paid directly to and received by consumers, and may not be used for any administrative or legal costs associated with the class action. Any money not received by consumers in the class action settlement or through settlements between LifeLock and state attorneys general will be provided to the FTC for use in further consumer redress. In addition to the settlement’s monetary provisions, record-keeping provisions similar to those in the 2010 order have been extended to 13 years from the date of the original order."

Consumers who did not participate in the class action can still sue the company. Congratulations to the FTC for the enforcement and holding Lifelock accountable.