The SDK: The Privacy Edition 2015.03.25

The SDK: The Privacy Edition 2015.03.25 discusses the Student Digital Privacy and Parental Rights Act (the latest attempt to keep schools from tracking everything students do, including on social media…), the creation of the “Office of Technology Research and Investigation” (intended to protect you from many things, including the Internet of Things); updates on the latest hacks (smartphone scandals, Twitch, and CANtack); opt-outing of behavioral advertising on your TV; the Nextdoor App compared to the BART Watch App; and finally, includes a philosophical discussion as to whether today’s citizen can truly choose to “opt-out” of social media entirely.

Government Actions
Proposed student data privacy bill does little to protect privacy (update), The Washington Post, March 23, 2015
On March 23, 2015, Reps. Jared Polis (D-CO) and Luke Messer (R-IN) were set to introduce “the Student Digital Privacy and Parental Rights Act.” They ultimately did not, “a spokewoman for Messer said in an e-mail that a draft bill had been released and the sponsors were working on technical details before formally introducing it.” The bill was introduced in response to the fact that “[s]tudent data privacy has become a big issue in the era of standardized testing, with education companies collecting a seemingly endless amount of information on public school students, some of it incredibly detailed.” However, while the bill’s “chief sponsors say [the bill] is meant to address a growing concern among students, parents and educators about the use of the oceans of data being collected about America’s young people[,] a new analysis of the legislation . . . concludes that it doesn’t do much to protect the privacy of student data[, nor does] it doesn’t stop the actual collection and mining of data by companies, which can use it to make money.”
Via @WashingtonPost @ValerieStrauss
Note: This article is well worth the read. The NY Times article cited by the IAPP is also worth looking at, but I decided that The Washington Post article was better 1) because it spelled out the pros & cons of the bill, and 2) because the author bothered to update her readers that the legislatures failed to introduce the bill as planned on Monday.

FTC Forms Office of Technology Research and Investigation, Hunton Privacy Blog, March 25, 2015
Announcement available here. “On March 23, 2015, the Federal Trade Commission announced the formation of the Office of Technology Research and Investigation (“OTRI”)[, which t]he FTC has charged . . . with conducting research on technology issues including ‘privacy, data security, connected cars, smart homes, algorithmic transparency, emerging payment methods, big data, and the Internet of Things.’
Note: I’m glad to see the FTC working to regulate technology which is rapidly integrating into our entire lives. Too often government agencies fail to keep up. My fingers are crossed, hoping that this agency will carry out its mission!
Hack Updates
Hackers Use an Android App for Sex Extortion, NY Times, March 24, 2015
“Trend Micro, the cybersecurity firm based in Irving, Tex., said criminals have developed advanced mobile applications and tools that siphon their victims’ online passwords and contacts to increase the chance that they will pay up.. . . In some cases, the Android app turned the victim’s device into a recording device. It also intercepted incoming and outgoing telephone calls and text messages.. . . In 2008, Anthony Stancl, a Wisconsin teenager, created a fake female account on Facebook to bait classmates into sending naked pictures of themselves. He used those pictures to blackmail them into performing sexual favors.”
Via @NYTimes @NicolePerlroth
Note: This article fails to advise consumers as to how to avoid becoming a victim of one of these schemes, other than essentially say “be careful”. So I’ll just have to echo that message. Just don’t download anything you don’t trust, and don’t send naked pics to people you don’t know… (or perhaps don’t send them at all)

Twitch hack: Amazon gaming site says user details may have been stolen, Twitch, March 24, 2015 Twitch’s official blogpost regarding the hack available here. “Passwords and keys reset to protect customers, says blogpost, after ‘possible unauthorised access’ on live-streamed service.”
Via @GuardianTech
Note: I had never even heard of Twitch. But if you use it – heads up.
A $60 Gadget That Makes Car Hacking Far Easier, Wired, March 25, 2015
“Tomorrow at the Black Hat Asia security conference in Singapore, 24-year-old Eric Evenchick plans to present a new device he calls the CANtact, which he hopes to sell for between $60 and $100.. . . The gadget isn’t intended for malicious car hacking. Instead, it’s meant to foster hobbyist car hacking and security research that can expose and help fix a car’s vulnerabilities.”
Via @Wired @A_Greenberg
Note: As much as I am completely pro-maker (Whitehat hacking/hacking-for-good, etc.), remember The SDK 2015.03.06 where I explained that hacking one’s car is illegal….
Preventative Measures
Google Fiber’s targeted TV ads are just the start of a bigger revolution in advertising, The Washington Post, March 24, 2015
“Google’s big business is online advertising — figuring out how to use behavioral data to market you to commercial entities. So it’s no surprise that it’s turning that expertise to its television offerings in Google Fiber.” Fortunately, “Users can opt out of the targeted ads using their remote control, according to Ars Technica, which added that once you’ve done so, the company will stop collecting your data for advertising purposes.”
Via @WashingtonPost @TheSwitch @B_Fung
Note: I would never leave you hanging. Here’s Google’s instructions for how to opt-out (Ars Technica actually points to Google’s site, and informs readers that Comcast and AT&T are actually doing the same thing, so here’s the list of ways to opt-out):
Google Fiber:
“Sign in to select your preferred advanced advertising setting for the video services that you receive through your cable television subscription. If you would like your cable television account to receive advertising based on “Activity Data,” and if you would like it to be included in “Ad Groups,” select the OPT IN option. But, if you would prefer to receive standard advertising and do not want to be included in “Ad Groups,” select the OPT OUT option. If you select OPT OUT, we will still display advertising to you, but we will not do so based on “Activity Data.””
Keeps it simple. Pay more – no tracking. Hey at least you know how much you’re worth.
AT&T charges $29 more for gigabit fiber that doesn’t watch your Web browsing, Ars Technica, Feb. 16, 2015
“AT&T offers different prices based on how jealously users guard their privacy. AT&T’s $70 per-month pricing for gigabit service is the same price as Google Fiber, but AT&T charges an additional $29 a month to customers who opt out of AT&T’s “Internet Preferences” program.”
Via @ArsTechnica @JBrodkin
Nextdoor, the social network for neighbors, is becoming a home for racial profiling, Fusion, March 24, 2015
“While Nextdoor’s ability to assist in crime-spotting has been celebrated as its “killer feature” by tech pundits, the app is also facilitating some of the same racial profiling we see playing out in cities across the country. Rather than bridging gaps between neighbors, Nextdoor can become a forum for paranoid racialism.. . . For its part, Nextdoor says it doesn’t take an active role in moderating racial profiling by its users.” In fact, “Nextdoor’s guidelines state that users should ‘refrain from using profanity or posting messages that will be perceived as discriminatory.’ Kelsey Grady, head of communications for Nextdoor, [assured Fusion] that if a user does cross the line, the company ‘would interject and potentially suspend a user’s account.’ And although Nextdoor communities are user-moderated, the company will step in when a post is flagged for a violation of site guidelines.” Grady additionally contends that the App’s “‘real identity” requirement—users must use their full names on the site—makes trolling and abuse less likely.”
Via @Fusion @TheRealFuture
Note: Nextdoor sounds an awful lot like the BART Watch App which encouraged reporting of “suspicious behavior” with little further instruction. (ACLU of Northern California article on the App available here). But to Nextdoor’s credit, the App actually has a Privacy Policy (there are actually two, available here and here). However, like BART-Watch, Nextdoor allows photo posting. This page discusses who can see posts, but gives no guidance as to what is ultimately done with the photos or other information posted. As far as reporting “suspicious behavior” to law enforcement, Nextdoor provides only this definition:
How to use Nextdoor for crime prevention: “Report suspicious activity or safety issues to your Nextdoor neighborhood. You can either post a message or send an urgent alert to all your neighbors. If you send an urgent alert, Nextdoor will immediately send an email and a mobile phone text message to your neighbors.”

Issues For Thought
Jacob Silverman’s Terms of Service and opting in to social media, Slate, March 25, 2015
“In his new book Terms of Service: Social Media and the Price of Constant Connection, journalist Jacob Silverman argues that we’ve yet to develop a language for discussing what it means to really give up on social media.” Silverman told the author that “we often regard those who do extract themselves—and those who refuse to participate in the first place—as pariahs.” The author goes on to cite Grady Johnson, who observed that “ceding our privacy may become increasingly essential to our health: ‘One day soon it may be considered ignorant and irresponsible not to be constantly monitoring your child’s health data, much as it is with opting out of vaccines today.’” And that “increasingly nonparticipation that comes at a cost, as access to biometric data becomes the basic price of admission for many forms of modern medical care. Privacy and security no longer necessarily go hand in hand.” Ultimately, the author concludes by proclaiming that “[q]uestioning social media should not require one to log off for good.”
Via @Slate @FutureTenseNow @Jacob_Brogan
Note: This article hit close to home for me, as I know extraordinarily few people who do not have a social media presence, and whenever their lack-of-use comes up, there’s always a shocked response from the crowd.

One thought on “The SDK: The Privacy Edition 2015.03.25

Debug This!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s