Previous month:
January 2016
Next month:
March 2016

13 posts from February 2016

Updated Laws And Protections Needed Regarding Drone Privacy

Image of a drone or unmanned aircraft Consumer Reports explored the issues with drone privacy: what privacy protections consumers have, if any, and who enforces them. A 70-year-old lawsuit involving a farmer in North Carolina has now taken on new importance:

"The case made it all the way to the Supreme Court in 1946. And one result of United States v. Causby was that the Court set the limits of private airspace: If you own a house, your property rights extend 83 feet up into the air... the 70-year-old ruling has new importance in the age of drones. It remains the only clear federal statement of law on how far above the ground your property ends..."

Basically, the Federal Aviation Administration (FAA) is responsible for setting rules and enforcement. Drones (also referred to as unmanned aircraft) have many valid uses, including faster, easier safety inspections of infrastructure, such as bridges, residential roofs, towers, and stacks; plus commercial package delivery. Thankfully, drone pilots have been required to register with the FAA since December.

To improve things, the Electronic Privacy Information Center (EPIC) filed a federal lawsuit, to try to force the FAA to set rules protecting citizens from privacy intrusions by drones:

"... EPIC wants the FAA to make it easy for citizens to find out whether drones flying overhead have surveillance capabilities. The group also wants to protect the privacy rights of drone pilots..."

While some states have "paparazzi" laws that apply when photos or video are taken, improvements are needed to help consumers distinguish between drones flying overhead versus drones performing unauthorized recording:

"... existing nuisance and invasion-of-privacy statutes would apply to drone owners. If you could prove you were being harassed by a drone flying over your house, or even that one was spying on you from afar, you might have a case against the drone operator. But proof is difficult to obtain... and not everyone agrees on how to define harassment."

Other legislative efforts:

"A law proposed by Massachusetts Senator Ed Markey, the Drone Aircraft Privacy and Transparency Act, would require the agency to ensure baseline privacy and transparency safeguards, which would apply to both private drone operators and law enforcement. The ACLU, which supports the Markey bill, argued as far back as 2011 that a lack of oversight could lead to excessive surveillance by law enforcement using drones."

Related blog posts:


FCC Proposes New Rule To Unlock Set-Top Cable Boxes To Encourage Innovation, Competition, Choice And Lower Prices

Federal communications Commission logo During an open Commission meeting on Thursday February 18, 2016, the U.S. Federal Communications Commission (FCC) discussed and approved several agenda items including a proposal to encourage competition with the cable television set-top boxes that many consumers lease from their cable-TV providers:

"The Notice of Proposed Rulemaking (NPRM) will create a framework for providing innovators, device manufacturers, and app developers the information they need to develop new technologies, reflecting the many ways consumers access their subscription video programming today. Ninety-nine percent of pay-TV subscribers have limited choices today and lease set-top boxes from their cable and satellite operators. Lack of competition has meant few choices and high prices for consumers – on average, $231 in rental fees annually for the average American household. Altogether, U.S. consumers spend $20 billion a year to lease these devices. Since 1994, according to a recent analysis, the cost of cable set-top boxes has risen 185 percent while the cost of computers, televisions, and mobile phones has dropped by 90 percent. Congress recognized the importance of a competitive marketplace and directed the Commission to adopt rules that will ensure consumers will be able to use the device they prefer for accessing programming they’ve paid for."

The NPRM recommends that Multi-channel Video Programming Distributors (MVPD), including legacy cable-TV providers, TV networks, and others that provide programming via cable and/or the Internet, be required to deliver three core information streams:

"1. Service discovery: Information about what programming is available to the consumer, such as the channel listing and video-on-demand lineup, and what is on those channels.
2. Entitlements: Information about what a device is allowed to do with content, such as recording,
3. Content delivery: The video programming itself."

Consumers can keep their current cable set-top boxes, or switch to newer solutions when available. The FCC did not dictate standards for the solutions. Instead the FCC recommended that:

"... these three streams be available to the creators of competitive solutions using any published, transparent format that conforms to specifications set by an independent, open standards body... The Notice of Proposed Rulemaking also recommends content protection rules... The proposed rules do not mandate a single security system but simply require MVPDs to offer at least one content protection system that is openly licensed on reasonable and non-discriminatory terms. This gives MVPDs the ability to create their own content protection system to prevent theft and misuse, while ensuring that manufacturers will be able to build devices that can access protected content from a variety of MVPDs."

The proposed rules also include the following requirements for MVPDs:

"Ensure that children’s programming advertising limits and emergency alerts apply regardless of whether the consumer leases the MVPD’s set-top box or uses a competitive solution to access video programming;

Include a billing transparency rule to ensure that consumers understand their monthly charges for both programming services and equipment lease fees in accordance with section 629; and

Retain the Commission’s rules adopted in a 2010 Report and Order to improve support for consumer-owned CableCARD devices."

Much needs to happen before competitive set-top box solutions are available in the marketplace. The next step includes a comment period where interested parties (e.g., companies, consumers) -- supporters and opponents -- submit feedback about the proposed rules. Then, the FCC reviews the feedback and may adjust its rules based upon that feedback. After finalized rules, companies will then develop set-top box solutions. The proposed rules document lists several topics the FCC seeks feedback about. Some of those topics:

"... ways to address any licensing and consumer protection issues... how best to align our rules on device billing and subsidies... whether the rules the Commission adopted in a 2010 Report and Order to improve support for consumer-owned CableCARD devices have continued relevance and should remain valid and enforceable... statistics show, however, that almost all consumers have one source for access to the multichannel video programming to which they subscribe: the leased set-top box, or the MVPD-provided application. Therefore, we tentatively conclude that the market for navigation devices is not competitive, and that we should adopt new regulations to further Section 629. We invite comment on this tentative conclusion... the process that an MVPD uses to decide whether to allow such a device to access its services... it appears that consumers have downloaded proprietary MVPD applications many times; we seek comment on whether consumers actually use those applications to access multichannel video programming..."

Regardless, the proposed set-top box rules will disrupt the revenue streams cable-TV operators have enjoyed for decades. So, you can expect them, and their allies, to put up a fight. Wired magazine reported:

"Each consumer has invested thousands of dollars into the box without having any ownership,” says Chip Pickering, CEO of Incompas, a trade association for “competitive networks” backed by Google, Amazon, Netflix, and others. “That’s a monopoly business model.” The distribution of set-top boxes, then, is essentially a monopoly within an already monopolistic industry..."

One argument opponents have used is to blame Google:

"Google has become a popular bogeyman for entrenched cable interests for good reason. The company has actively supported set-top box disruption, both through its involvement with Incompas and through direct contact with the FCC. AT&T went so far as to call it “Google’s Set-Top Box Proposal” in a corporate blog post opposing the rules..."

Despite the hype and spin that has been presented (and will be presented), it's important for consumers to remember that:

“Nothing in the [FCC] proposal changes linear TV or traditional TV’s advertising. Their programming, their advertising, nothing that they do today will be changed,” says Pickering. What could change is that the traditional programming would be served up alongside Internet programming..."

View the FCC "Unlock the Box" press release (Adobe PDF) or here. View the FCC "Unlock the Box" NPRM (Adobe PDF) or here.

The FCC set-top proposal is is good news for consumers. It starts to break the monopolistic strangle-hold. Cable-TV providers have had decades to recoup their infrastructure investments. It's time to move forward with solutions more friendly for consumers. Kudos to the FCC for encouraging competition to lower cable prices for consumers.


Researcher Claims SimpliSafe Home Security System Is Simply Vulnerable

SimpliSafe logo Maybe you've seen the advertisements on late-night television and cable. SimpliSafe offers a wireless, do-it-yourself home security system that is cheaper than traditional wired systems. IOActive Labs examined the SimpliSafe system and found it was pretty easy to hack and record the alarm disable code, making the system not very secure. Plus the hacker could return in the future at any time and easily disable the system:

"This attack is very inexpensive to implement – it requires a one-time investment of about $250 for a commodity microcontroller board, SimpliSafe keypad, and SimpliSafe base station to build the attack device. The attacker can hide the device anywhere within about a hundred feet of the target’s keypad until the alarm is disarmed once and the code recorded. Then the attacker retrieves the device. The code can then be played back at any time to disable the alarm and enable an undetected burglary, or worse..."

Unfortunately, the bad news gets worse because:

"... there is no easy workaround for the issue since the keypad happily sends unencrypted PINs out to anyone listening. Normally, the vendor would fix the vulnerability in a new firmware version by adding cryptography to the protocol. However, this is not an option for the affected SimpliSafe products because the microcontrollers in currently shipped hardware are one-time programmable. This means that field upgrades of existing systems are not possible; all existing keypads and base stations will need to be replaced."

Unencrypted PINs sent? Wow! Not good.

IOActive first discovered this vulnerability in August, 2015. The IOActive Labs Security Advisory (Adobe PDF) reported a timeline with the number of instances IOActive labs attempted to contact the vendor without an response. SimpliSafe is not alone. InfoSecurity reported:

"SimpliSafe is not the only home security system in the spotlight of late. Earlier in the year, a vulnerability was discovered in Comcast XFINITY’s Home Security System that could open the door—literally—to intruders."

How did this happen? TrendMicro UK probably said it best last year:

"The Internet of Things has the potential to transform the way we live and work. A network not just of mobile phones, PCs and laptops but billions of connected smart devices – from fridge-freezers to kettles, cars and medical devices. But this potential will never be realized unless manufacturers are able to respond to consumer privacy and security concerns... it’s perhaps no surprise that everyone wants to rush their products out before their competitors. But fail to understand and respect the significant privacy and security concerns of consumers in your region and you’re in danger of falling at the first hurdle."

Manufacturers: don't fall at the first hurdle. Get security right.

After reading published news reports, some SimpliSafe customers expressed their security concerns on the company's customer service forums online. Consumers: if you bought a SimpliSafe home security system, what communications have you received about fixes?

[Editor's note: in the last paragraph, the text link to the company's online customer service forum was added on February 19 at 1:45 EST.]


Government Uses 227-Year-Old Law To Force Apple To Unlock Terrorist's iPhone

Federal Bureau of Investigation logo The U.S. Department government has used a law created in the 1700's to force Apple Computer to break into an iPhone used by a terrorist last year. The New York Times reported that on Tuesday:

"... Magistrate Judge Sheri Pym of the Federal District Court for the District of Central California ordered Apple to bypass security functions on an iPhone 5c used by Syed Rizwan Farook, who was killed by the police along with his wife, Tashfeen Malik, after they attacked Mr. Farook’s co-workers at a holiday gathering. Judge Pym ordered Apple to build special software that would essentially act as a skeleton key capable of unlocking the phone... The Justice Department had secured a search warrant for the phone, owned by Mr. Farook’s former employer, the San Bernardino County Department of Public Health, which consented to the search... the F.B.I., instead of asking Congress to pass legislation resolving the encryption fight, has proposed what appears to be a novel reading of the All Writs Act of 1789... The government says the law gives broad latitude to judges to require “third parties” to execute court orders. It has cited, among other cases, a 1977 ruling requiring phone companies to help set up a pen register, a device that records all numbers called from a particular phone line..."

Apple Inc. logo So far, Apple has refused to comply. Excerpts from a statement by Apple:

"The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand. This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake... Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us. For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe... But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone. Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession. The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control... The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe. We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data."

This is not the first use of the All Writs Act against Apple. NPR reported:

"Last fall, the Justice Department, using the All Writs Act, tried to force Apple to unlock an iPhone running iOS 7 in a case involving a suspected methamphetamine dealer. Apple responded that it might be technically capable of unlocking that phone (since iOS 7 has fewer security features than later operating systems) but said the cost to the company's reputation — and resulting harm to its business — would pose an "undue burden." That case is still pending.."

The NPR news story also mentioned:

"In 2014, at the Justice Department's request, a federal court in New York used the law to order a phone-maker to unlock a password-protected device. The Justice Department says various other companies have been ordered under the All Writs Act to provide otherwise inaccessible information to investigators."

This is huge news. It highlights several privacy issues:

  1. Has the government over-reached by using a 1789 law?
  2. How can the government force a company to build something -- software, malware -- that doesn't exist? This Atlantic article describes the coercion slippery slope.
  3. Can Apple successfully build a back door for a single iPhone?
  4. If #3 is not technically impossible, does the back door place all iPhones at risk?
  5. Are back doors the best way to fight terrorism? Like you, terrorists read the news and will simply switch to other products without built-in back doors.
  6. Are back doors really needed? The law enforcement community is split over this.
  7. Are back doors a benefit or a risk?
  8. How does the government ensure that criminals, terrorists, and other governments' hackers don't use the same "back doors" it uses? After all, the Federal government has had massive data breaches.
  9. Do "back doors" prevent businesses from adequately protecting their proprietary trade secrets, processes, and private information?
  10. Why haven't other technology companies resisted the government's demands for back doors, as Apple has? This Wired article discusses why Apple's position (including encryption and strong privacy protections) is good for business.
  11. What does this mean for consumers' privacy? Some iPhone users have already built a website for protests.

Regarding item #1, the American Civil Liberties Union (ACLU) wrote in December 2015:

"The All Writs Act permits a court to issue an order to give effect to a prior lawful order or an existing grant of authority, and has been used for such things as ordering a prisoner be brought before a court. The Act does not allow a court to invest law enforcement with investigative tools that Congress has not authorized — like the extraordinary and unconstitutional conscription of a third party into obtaining information the third party does not possess or control... it’s even more troubling to consider that the government, by its own admission, has invoked it successfully in at least 70 cases."

The ACLU, the ACLU of Northern California, and the Center for Internet and Society (CIS) at Stanford Law Scvhool, filed a Freedom of Information Act (FOIA) request in December to understand the government’s use of the All Writs Act to force device manufacturers to unlock devices. It is important to known the full scope of the government’s use of a 227-year-old law. The Electronic Frontier Foundation (EFF) announced that it will file an amicus brief supporting Apple.

Center for Internet and Society at Stanford law School logo The CIS responded to the recent court decision:

"The text of the court order is here. Although it does not direct Apple to break the encryption per se, it asks the company to disable features that make it more difficult to brute force the device security capabilities -- such as the function that disables (er, self-destricts) the device after multiple attempts to enter a PIN number. While that sounds innocuous enough, it is likely such access cannot be granted on a device-by-device basis upon demand by law enforcement, although some technologists believe it possible. Rather, unless Apple demonstrates the technical, economical, or temporal infeasability of complying with the judge's order or gets the order lifted, the consequence may well be an update/patch to IOS that would implement that proverbial "backdoor" feature that certain law enforcement officials -- specifically, FBI Director James Comey -- allege is needed to protect the country, citizens, and (think of the) children from Any Number of Evil-Sounding Things That May or May Not Be True(tm). By contrast, NSA Director Admiral Mike Rogers has already stated publicly there is no need for such back doors or law enforcement access, and that strong Internet security features are more of a benefit than risk to society -- despite that perennial and selectively sensational hand-wringing by prominent law enforcement and/or intelligence officials..."

The privacy-friendly DuckDuckGo.com search engine posted this tweet on Wednesday:

Tweet by DuckDuckGo.com search engine about Apple iPhone privacy and government back door demand

And former N.S.A. contractor Ed Snowden posted:

Tweet by former NSA contractor ed Snowden about the FBI demand for Apple to unlock an iPhone


FCC Seeks $29.6 Million Fine Against Phone Carriers For Alleged Cramming And Slamming

Federal communications Commission logo The U.S. Federal Communications Commission (FCC) seeks $29.6 million in fines against three phone providers for allegedly switching (a/k/a "slamming") consumers' long distance service without their consent, applying (a/k/a "cramming") unauthorized charges on their monthly bills, and obstructing the FCC investigation. The FCC press release stated:

"... the Commission asserts that OneLink Communications, Inc., TeleDias Communications, Inc., TeleUno, Inc., and Cytel, Inc., “slammed” consumers by switching their long distance carriers without authorization and “crammed” unauthorized charges onto consumers’ bills. In addition, it is alleged the companies, which operate as a single enterprise, fabricated audio recordings that they then submitted to the FCC as “proof” the consumers authorized these changes and charges... The FCC found that the companies’ apparent unauthorized charges and deceptive marketing calls constituted “unjust and unreasonable” practices under the Communications Act. The FCC also determined that the companies apparently violated federal law by submitting fake consumer authorizations and providing false and misleading information to the FCC during its investigation..."

OneLink Communications logo The FCC action included a Notice of Apparent Liability for Forfeiture. More than 140 consumers filed complaints with the FCC. There was an FCC order in August 2009 against TeleDias Communications for slamming. The OnelInk website lists an office in Tamarac, Florida. The Cytel, Inc. website lists an office in Pompano Beach. Florida. A check of both the Cytel or OneLink sites couldn't find lists of their executives or corporate officers.

How the companies allegedly performed deceptive marketing:

"Some consumers alleged that the companies’ telemarketers pretended to be from the post office calling about a nonexistent package delivery to obtain information to create fake consumer authorization recordings. In other cases, it appears the companies impersonated individuals in the authorization recordings. The companies then allegedly provided the fake authorizations to the FCC in response to its investigation into the consumer complaints. Even after consumers repeatedly contacted the companies about the alleged unauthorized charges and carrier switches, the companies purportedly refused to provide refunds until consumers filed complaints with the FCC, Better Business Bureau, or state regulators."

Kudos to the FCC for investigating the complaints. Kudos to consumers for filing complaints with the FCC, BBB, and state regulators when a company fails to do the right thing.


Voter Tracking, Data Collection, Analysis, And Privacy

While the New Hampshire primary and Iowa caucuses have passed, there are many more upcoming primaries this year before the general election in November. These primaries represent data collection opportunities for companies to learn more about voters. Marketplace reported:

"One company is tracking voter characteristics through some likely sources — their phones. Dstillery is a big data intelligence company that sells targeted advertising information about consumers to big companies like Microsoft and Comcast. But in the Iowa primary, the company tried its hand at compiling voter traits... people who loved to grill or work on their lawns overwhelmingly voted for Trump in Iowa... people who watched and supported NASCAR also happened to support Donald Trump and Hillary Clinton..."

Dstillery's has an impressive list of clients: AT&T, Cablevision, Comcast, DirecTV, Hulu, Sprint, T-Mobile, Verizon, Vonage, and many more. If you remember your college statistics classes, then you know that a correlation does not man causation. Things may happen together but it doesn't mean one causes the other. Being a NASCAR fan doesn't mean a voter will vote for certain candidates. Voting for certain candidates does not mean you will be a NASCAR fan.

This "big data" collection is also a reminder of how much we consumers share on social networking sites. All a consumer has to do is "Like" a brand (e.g., NASCAR, one of these top-10 barbeque grills, a particular politician, etc.) on Facebook.com, or "Follow" that brand (or politician) on Twitter and it is pretty easy for a big data intelligence company to collect, analyze, and compare voters preferences. (Facebook knows far more about you than you realize.) Even if you didn't "Like" or "Follow" a brand, the data collection is still pretty easy. All a big data intelligence firm has to do is troll through the metadata attached to photos you took with your phone and posted online: racetracks on Instagram, NASCAR cakes on Pinterest, or whatever else. You get the idea. The metadata attached to your photos recorded where and when you were (e.g., geo-location of the racetrack), the background scene (e.g., stands, pits, etc.), and the people (e.g., emblems on their clothes). This blog post explains what happens when you stop "Liking" posts and comments on Facebook.

The data analysis is also pretty easy because many most of you gave your mobile phone numbers to social networking sites so you could use their mobile apps. Both social networking sites and data brokers have two crucial data elements (e.g., your birth date, your phone number) to match, merge, and purge data about you. So, political campaigns (via data brokers and big data intelligence firms they hire) can understand pretty easily who actually voted, and for whom, at a particular voting location.

Is this a good thing? I guess your answer to that depends upon how much privacy you want associated with your voting activity. What you do within the voting booth may be private, but there are many players performing surveillance outside the booth to reveal what you did in the booth. And, if you aren't careful what you say in front of Internet-of-Things devices installed in your home (e.g., toys, smart televisions, smart speakers or search robots, etc.), then the data collection is probably even more extensive.

Is this a good thing?


New York Civil Liberties Union Reports 'Stingray' Usage By New York City Police

After several freedom-of-information requests, the New York Civil Liberties Union (NYCLU) announced yesterday:

"In response to an NYCLU FOIL request, the NYPD disclosed it used Stingrays nearly 1,016 times between 2008 and May of 2015 without a written policy and following a practice of obtaining only lower-level court orders rather than warrants. This is the first time the extent of the use of Stingrays by the NYPD has been made public... Authorities are able to conduct this surveillance without the involvement of cell phone companies... The NYPD also disclosed that it has no written policy for the use of Stingrays but that, except in emergencies..."

Stingrays are devices that simulate real cellular phone towers in order to track and collect data about phone users. Your phone cannot distinguish between a real and simulated cellular tower. The data collection affects many people besides the persons being tracked:

"... in some configurations, [stingrays] collect the phone numbers that a person has been texting and calling and intercept the contents of communications. Stingrays also sweep up information from nearby bystander cell phones even when used to target specific phones..."

So, you can be completely innocent, and still be tracked. Not good. The U.S. Justice department implemented a new policy in September 2015 requiring probable-cause warrants for some usage. Stingrays are used by federal, state, and local law enforcement in at least 18 states. Stingrays are used far beyond New York City:

"Last April, the NYCLU released records showing the Erie County Sheriff’s Office had used Stingrays 47 times in the last four years and only once indicated obtaining a pen register order before doing so... In May, NYCLU FOIL requests also revealed that the New York State Police spent hundreds of thousands of taxpayer dollars on Stingrays and related equipment."

The NYCLU is an affiliate of the American Civil Liberties Union (ACLU). Read this to learn more about stingray usage by law enforcement.


Many Apps on Apple Devices At Risk To Hijacking During Updates

Sparkle logo If you use Apple-brand mobile devices, then pay attention. This applies to you. Ars Technica reported:

"Camtasia, uTorrent, and a large number of other Mac apps are susceptible to man-in-the-middle attacks that install malicious code, thanks to a vulnerability in Sparkle, the third-party software framework the apps use to receive updates. The vulnerability is the result of apps that use a vulnerable version of Sparkle along with an unencrypted HTTP channel to receive data from update servers..."

Developers should read the blog post for details, and why the fix is difficult. Non-technical consumers can check this partial list to see if you use any apps that rely on Sparkle. If you do, then you might delete those apps until fixes are available. Ars Technica also advised:

"People who aren't sure if an app on their Mac is safe should consider avoiding unsecured Wi-Fi networks or using a virtual private network when doing so. Even then, it will still be possible to exploit vulnerable apps, but the attackers would have to be government spies or rogue telecom employees with access to a phone network or Internet backbone."

All of this is another reminder for consumers who mistakenly believe the myth that Apple products don't get malware. They do, and can be hacked like any computer. Yes, that phone in your hand is really a computer. This is also a reminder to shop wisely for both devices and apps that provide updates... securely. Don't know what a Virtual Private Network (VPN) is? Learn about the benefits a VPN offers.


Safer Internet Day: Do Your Part

Safer Internet Day 2016 logo Today is Safer Internet Day (SID) #SID2016. This event occurs every year in February to promote safer and more responsible use of online technology and mobile phones, especially among children. This year's theme is:

"Play your part for a better Internet"

There are events in 100 countries worldwide. The European Commission’s Safer Internet Programme started the event, which has continued under the Connecting Europe Facility (CEF). This is the 13th annual event. According to its press release:

"Last year’s celebrations saw more than 19,000 schools and 28 million people involved in SID actions across Europe, while over 60 million people were reached worldwide..."

Hans Martens, Digital Citizenship Programme Manager at European Schoolnet and Coordinator of the Insafe Network said:

“The theme of ‘Play your part for a better internet’ truly reflects how stakeholders from across the world can and should work together to build a trusted digital environment for all. This approach is at the core of the Better Internet for Kids agenda, and we look forward to seeing many exciting onitiatives and collaborations, both on the day of SID itself and beyond."

Sophos, a security firm, described six safety tips for families. That includes learning to spot phishing scams to avoid password-stealing computer viruses and ransomware. Children need to learn how to create strong passwords, and never use these weak passwords. Read about several SID events in California, including teens brainstorming ways to fight online bullying and teens helping adults.

To learn more, watch the video below and then visit SaferInternetDay.org for events in your country.

Or, watch the video on Youtube.


Membership On Social Networking Sites Requires Diligence

Facebook logo Recently, a friend posted this message on Facebook:

"I need advice. I looked in my Facebook notifications and received a notification that someone I don't even know shared my post. I looked at the post on this person's timeline and it has a picture of my female cousin and it has me tagged with her and a caption that she is my wifey with a little wedding ring icon. What??!! What's going on?"

My response with advice:

  1. Review your list of friends and delete people you don't know,
  2. Review the privacy settings on your account. You can set them to provide notice when anyone tags you in a photo. Along with that notice you can approve or decline each photo-tag request,
  3. Go to the existing, offending photos and remove that tag with your name,
  4. Contact offline the person that tagged you in the photo to verify that it was indeed that person. Sometimes, spammers or criminals create bogus accounts pretending to be a friend so they can access your account and steal personal information.
  5. When you contact that person offline, you can ask them not to tag you in any future photos. You have that right. It's your image. If he/she complies, fine. If not, delete them from your friends list,
  6. Make sure all of your posts have the "Friends Only" setting. Facebook will often inherit the "Public" setting on re-posts, which opens you to spammers, criminals, and trolls,
  7. Understand the issues associated with facial-recognition software on Facebook. Zuckerberg and the executives at Facebook have implemented a strategy of "friction-less sharing." That's great for Facebook and not necessarily good for you,
  8. Don't accept new Friend Requests from people you don't know. Finally,
  9. Realize that your information on Facebook is only secure as your friend with the weakest security settings in his/her profile, or none. Those persons probably violate #6.

So, maintaining a presence with privacy on social networking sites requires diligence. If you're not up to the task or don't want to do it, then don't join that social networking site (or delete your account on an existing site). What would you recommend?


Digital Economy Workers Fight For Their Rights And Fair Treatment

The digital economy includes a variety of industries, ranging from e-commerce and auction sites (e.g., eBay, Etsy) to ride-sharing services (e.g., Uber, Lyft), and more. A lot of people love them, and participate as consumers, sellers, or workers. A recent article New York Times article about workers in the digital economy caught my attention:

"... many workers have felt squeezed and at times dehumanized by a business structure that promises independence but often leaves them at the mercy of increasingly powerful companies. Some are beginning to band together in search of leverage and to secure what they see as fairer treatment from the platforms that make the work possible."

Uber logo The article described a growing awareness among workers:

“We started realizing we’re not contractors, we’re more like employees,” said Berhane Alemayoh, one of the UberBlack drivers in Dallas. “They tell us what kind of car to drive. They kick you out if a customer accused you of not having a clean car. They started to tighten the rope. Gradually, we can’t breathe any more.”

In June, the California Labor Commission ruled that Uber drivers are employees, not contractors. In December, the Seattle City Council approved an ordinance allowing ride-sharing drivers to unionize. That was a first.

Uber drivers in New York City have protested. Clearly, rates for drivers must exceed the costs of auto payments, insurance, government fees, maintenance, repairs, gasoline, and commissions due the ride-sharing company. Otherwise, it's pointless. Learn more about UberBlack and how it differs from Uber X. Learn about UberSelect, UberBlack, and UberXL in Los Angeles.

Postmates logo The article cited more examples, including compensation and workers' safety issues:

"A group of couriers who find work on the platform Postmates is waging a campaign to create an “I’m done after this delivery” button because they worry that turning down jobs will affect how many future assignments they receive... The National Domestic Workers Alliance, which organizes nannies and housekeepers, recently produced what it calls the Good Work Code, which it has urged gig economy companies to adopt. “They would be dispatched to a home that didn’t feel safe, but would be hesitant to exit themselves from that situation because it might affect their ratings...”

National Domestic Workers Alliance logo Historically, independent contractors negotiate rates with businesses. Employees don't. Independent contractors, often called freelance workers, typically set their own hours and work approach. Employees don't. Employers typically tell employees when to work, where to work, how to do the job, specify the materials they must use, and dictate the pay rate. Perhaps, most importantly:

"... to the extent that the Dallas drivers have been successful, one crucial advantage is that they were able to organize in person rather than depend exclusively on the Internet and social media. That also helps explain the success of the campaign in Seattle, where Uber had previously reversed a rate cut after facing pressure from drivers..."

Experts have observed:

" "There’s a sense of workplace identity and group consciousness despite the insistence from many of these platforms that they are simply open ‘marketplaces’ or ‘malls’ for digital labor," said Mary L. Gray, a researcher at Microsoft Research and professor in the Media School at Indiana University who studies gig economy workers."

Who are these freelance workers? Forbes Magazine explained:

"... 53 million Americans, or 34% of the population, qualify as freelancers. Not all of them make their living exclusively as freelancers. The number includes 14.3 million workers who would be called “moonlighters”—people who have a primary, traditional job that pays benefits, and supplement their income with extra work, like a full-time tech support worker... Of the remaining 38.7 million, 21.1 million are what the survey calls “traditional” freelancers who do temporary work on a project basis. Some 9.3 million have multiple sources of income which can include a part-time job like working 20 hours a week at a dentist’s office. Another 5.5 million are temporary staffers who work for a single employer but not on a permanent basis that comes with benefits, like a business strategy consultant working for a startup on a contract that can include months of employment. Then there are the 2.8 million business owners who have between one and five employees..."

The issues aren't going away, as companies continue to outsource work globally, not only in the United States. So, you probably know people who work as freelancers. I know many in graphic design, website and mobile app development, and copy writing. Maybe you're a freelancer. I am.

Like any other business, companies in the digital economy merit watching by both freelancers and by customers. Nobody wants to support a business that mistreats its workers.

The examples cited in the newspaper highlight the fact that there's strength in numbers. Companies organize into trade associations, or industry trade groups, to promote their interests and influence government policies through federal, state, and local politicians. Workers should have the same freedoms to organize, if they choose. Both are natural (and necessary) components of a free-market capitalist system.

Don't like organizing? You don't have to join any group. However, when bad things happen in the workplace and you're unable to solve it alone, you may regret having rejected the support of a group. What are your opinions?


New Federal Agency For Stronger Protections Of Background Investigations

Office of Personnel Management logo Fallout continues from the massive data breach at the Office of Personnel Management (OPM) in 2015. The U.S. Federal government announced a reorganization to provide stronger protections of sensitive information collected during background investigations for federal employees and contractors. The reorganization features several changes including a new agency, the National Background Investigations Bureau (NBIB). The WhiteHouse.gov site announced:

"... the establishment of the National Background Investigations Bureau (NBIB), which will absorb the U.S. Office of Personnel Management’s (OPM) existing Federal Investigative Services (FIS), and be headquartered in Washington, D.C.  This new government-wide service provider for background investigations will be housed within the OPM. Its mission will be to provide effective, efficient, and secure background investigations for the Federal Government. Unlike the previous structure, the Department of Defense will assume the responsibility for the design, development, security, and operation of the background investigations IT systems for the NBIB."

After the massive data breach at OPM, several federal agencies conducted a joint 90-Day Suitability and Security review. The agencies involved included the Performance Accountability Council (PAC), the Office of Management and Budget (OMB), the Director of National Intelligence (DNI), the Director of the U.S. OPM, the Departments of Defense (DOD), the Treasury, Homeland Security, State, Justice, Energy, the Federal Bureau of Investigation, and others.

According to its Fact Sheet, the OPM’s Federal Investigative Services (FIS) unit currently conducts investigations for more than 100 Federal agencies. The FIS conducts more than 600,000 security clearance investigations and 400,000 suitability investigations annually. An NBIB Transition Team will oversee the migration to the new information technology systems and procedures. Transition project goals include:

  1. Establish a five-year re-investigation requirement for all personnel with security clearances, regardless of the level of access,
  2. Reduce the number of personnel with active security clearances by 17 percent
  3. Introduce programs to continuously evaluate personnel with security clearances to determine whether ongoing security clearances are necessary, and
  4. Develop recommendations to enhance information sharing between State, local, and Federal Law Enforcement agencies regarding background investigations.

The changes were announced jointly on January 22, 2016 by James R. Clapper (the Director of National Intelligence), Beth Cobert (Acting Director of the OPM), Marcel Lettre (Under Secretary of Defense for Intelligence, Department of Defense), Tony Scott (U.S. Chief Information Officer), and J. Michael Daniel (Special Assistant to the President and Cybersecurity Coordinator, National Security Council, The White House).


Gartner: 4 Implications About The Internet of Things You May Not Realize

Information Age reported about four unexpected implications about the Internet of Things (ioT) according to Gartner, a firm that specializes in research for businesses and vendors globally that use technology. While the article focused upon the interests of businesses, the issues also apply to consumers. You may find these issues unexpected or surprising, too:

"2. By 2020, a black market exceeding $5 billion will exist to sell fake sensor and video data for enabling criminal activity and protecting personal privacy. The nature of IoT solutions, how they are deployed, and the types of data they generate and consume are giving rise to new security and privacy implications that organizations must begin to address. This is a rapidly escalating risk to the organization, bringing complexity unfamiliar to most IT and business leaders..."

For those unfamiliar with the Internet of Things, it includes autonomous devices outfitted with sensors that collect and transmit information about a wide range of activities. At least one employer installed (and later removed) ioT heat-sensitive and motion-sensor devices under its employees' desks. Several years ago, shipping companies started using ioT devices to track the physical movement of packages. Some law enforcement agencies use ioT devices for several applications, including gunshot monitoring, smart guns, body cameras, and wearables.

The Information Age article also reported:

"Uses of the ioT that were previously impractical will increasingly become practical... The ioT is relevant in virtually every industry, although not in every application... There will be no purely ioT applications. Rather, there will be many applications that leverage the ioT in some small or large aspect of their work."

Currently, consumers don't own the data collected by ioT devices in homes. When the information collected is incorrect or applied to the wrong persons, consumers need legal remedies to have that information revised, corrected, and/or deleted. If not, then consumers have no control over the sensitive personal information about them collected by ioT devices.

The data collected by many ioT applications will probably be included into corporate databases. The U.S. Federal Trade Commission (FTC) has warned that while "big data" can be used to benefit under-served groups of consumers for education, credit, health care and employment, it can also be misused to target vulnerable consumers for fraud, higher prices, discrimination, and economic disparity. All of this highlights the need for legislation to keep pace.

What are your opinions of the implications of the Internet of Things? Is legislation keeping pace?