Anybody who has read this column over the years probably recognizes that I am an advocate for both security and privacy. As much as possible, I believe we should take responsibility for protecting our information, but with the current state of technology and laws that fail to protect us, protecting ourselves can be a challenge. So I had a thought with the goal of helping my neighbors better understand some of the issues. I thought I would write a series of articles for the column that covers various aspects of security and privacy from a technology perspective and discusses what we can do to reduce our own vulnerability and visibility and encourage our representatives to create and enforce laws that limit those that want to spy on us. I am expecting this series to go on for three to six columns.
To make the series complete, I will probably cover some ground that I have already covered, like how to create and manage secure passwords and how to configure Windows 10 to maximize privacy. That is OK because I will also be covering a lot of new things as well. With a limited number of words each month, I also know that the series will not be comprehensive, but if the topic interests you, I will try and give references to spark your own research. The discussions will all be technology based because many of these concerns exist because of the pervasiveness of technology that has grown for the past 50 years. These technologies include the Internet, mobile phones, cable television, facial recognition, AI, and others. But to really understand the issues, we need to look at society, how it has changed, and how our legal system has lagged behind. We will also need to look at existing and proposed local, national, and international laws and how they impact us. Many of the topics I present will try to provide background on things you may have heard about in the news, topics like net neutrality, the California Consumer Privacy Act (CCPA), and the European General Data Protection Regulation, better known as GDPR. I will also be discussing the technologies that are used to help protect us.
So let's kick this off by looking at some of the large organizations that are spying on us often with our help. This month I will simply call them out, but in future columns, I will explain how the spying technologies work and how the companies use them.
Mobile Phone Service Providers
It doesn't matter if you use Verizon, Sprint, AT&T, or T-Mobile: every one of these providers has been caught selling your real-time location data to third parties. The FCC is expected to complete its current investigation next month, but these providers failed to honor the commitment they made to stop the practice after the first time they were caught. The FCC has shown little desire to reign in bad industry behavior since the current FCC chair Ajit Pai took the position.
Your Mobile Phones and Computers
I woke up one Sunday morning and my phone announced exactly how long it should take me to drive to church that morning. Your phone not only tracks where you are, but it also remembers where you have been. Google noticed that I traveled to the same address most Sunday mornings, realized the address was that of a church, and inferred the rest. I immediately deleted all of the information Google had collected and then gave it an ambiguous location for my home and work addresses. The point of all of this is that your phones and the applications on your phones collect a lot of information about you and then share the information with the phone and application providers.
Windows also spies on you and regularly sends Microsoft information gathered from what you do on your computer and how it is configured.
Cable TV and Internet Providers
Did you know your cable box tracks what you watch and sends the information to the cable company? Many modern smart TVs do this as well. The smart TVs will sometimes determine what you are watching by listening to the sound from the TV and matching the sound track.
Your cable company is often your Internet service provider (ISP) as well. A few years ago, Congress passed a law allowing the ISP to track you on the Internet. If you use HTTPS, the secure version of HTTP, the ISP can't see or change the content sent to you, but it can still see what sites you have visited through their Domain Name Service (DNS). The Internet industry wants to implement new, open standards for secure DNS, but the cable companies have been lobbying Congress against allowing these standards. These companies claim falsely that the new standards give large companies like Google that also provide DNS services an advantage in monitoring DNS traffic.
Search Engines and Social Networks
Have you ever noticed that once you search a topic on Google or Bing you start to see ads for the topic of your search? Your search topics are being tracked by the search engines and used to target ads sent to you across multiple websites. If you don't want Google or Bing to find the latest health issue you are researching (for example), give DuckDuckGo.com a try. This search engine promises not to track you or your search results. For social networks like Facebook, you are the product not the customer. These networks collect your information and frequently hand it over to others. Facebook has also been found to ignore your privacy settings and was recently fined 5 billion dollars by the FTC for failing to conform to an earlier agreement to protect user privacy.
There are others that I will cover as we go through this journey. My next column will be about how we can help protect ourselves by changing our passwords, creating secure passwords, using 2 factor auth, using credential management tools, and watching out for sites that are not secure. In February, I expect to write about what you should expect from online privacy policies and how to discover a site’s published policies. Your thoughts, comments, and feedback are appreciated.
Have happy, safe, and secure holidays!