Category Archives: Privacy

OnStar Still Collecting Data After You’ve Cancel Service

onStarUnder a recent change in policy, OnStar which is owned by GM continues to connect to your vehicle and collect information about it even after you have cancelled your account. This change of policy goes into effect Dec 1. This information includes speed, location, odometer reading and seatbelt usage. Information that could be used by both law enforcement and insurance companies among others to both the aid and detriment of the consumer. OnStar stated they reserve the right to share this information with interested third parties, including law enforcement, although they do not do so at this time. OnStar stated that this allows them to communicate to the cars occupants about severe weather, emergency evacuation, and recalls. OnStar also insist that this information is clearly stated in the Terms of Service (TOS) and customers should be aware of it. It is unclear however, whether this is something that OnStar informs the customer when they cancel their service or is it something that the customer has to bring up. This is clearly an opt out service and not an opt in service. Let’s assume that consumers read the TOS when they first get the service and are aware they have to deactivate the data connection when they cancel service to stop OnStar from collecting data. Are they really going to remember this when they actually cancel service, I doubt it and I bet OnStar is betting on this. This change of policy has raise the ire of several Senators including Senator Schumer (NY), Al Franken (MN) and Christopher Coons (DE). They have all called upon Onstar to change it’s policy, Senator Schumer has also requested the FTC to launch and investigation.

First I am presently not a user of OnStar, none of the cars I own have it installed. A few rental cars I used in the past have had it installed. So I have never had to cancel the service. However when I cancel service with a business this means to me and I think most consumer, that my contract and connection to that business has been totally severed. It doesn’t mean the business can continue to collect information about me and that’s alright because it’s for my safety. Why OnStar thought that consumers would be ok with this is beyond me, or perhaps more likely they thought no one would notice. The second question is why OnStar is collecting this information in the first place, if not to sell it. With over 6 million willing customers from which they can collect information from, do they really need to collect information from ex-customers. Finally what prompted the change in policy and did anyone at OnStar say wait this might be a bad idea.


Depending on your point of view either strips the final layers of privacy from a narcisstic world or else provides a handy one-stop signposting to your Web 2.0 presence. As their tag line says, “It’s all about you.”

Like many people, your online life isn’t restricted to just one social media site. You have your friends on Facebook, your work colleagues on LinkedIn, random acquaintances on Twitter and family on Flickr. When it comes to pointing someone to “you” on-line, there’s no one place to go and this is where comes in. At, you can set up a cool picture and a biography, plus links to all of the social sites that you subscribe to.

To get an idea of what it’s like, here’s the page of one of the founders, Tony Conrad. Looks pretty cool doesn’t it? There are editing tools to setup your page just as you’d like and there are stock designs if you don’t have a good photograph to use. To further appeal to the cult of me, will provide statistics and graphics on who has been looking at your page.

It’s all very seductive, isn’t it. But let’s just have a little reality check here…this brings together your whole on-line life. Everything is linked to from one place, so if someone, say a prospective employer, wants to research you then it’s all there for them. They don’t even have to do any digging. Of course, you could have two profiles, one for your public persona and one for your private life… seems to be backed by AOL amongst other investors and you might recognise a few of their advisors too.

The landrush for good names is underway, but I think the site has only been up a couple of months so I was able to snag my name without any numbers. If you are interested, I’d pop over and grab your page just in case gets big.

How Far Should a Job Background Check Go?

As I am now on the prowl for a new job since I am being laid off from my current one, I’m thinking about all the things that could go wrong.  My credit might not be good enough, and is that speeding ticket I got a couple years ago going to be a problem?  And what about my online presence and activities?  How much of that will be a determining factor?  How far, really, will an employer attempt to go to dig into who I am and what I do with my life?

In the case of the Maryland Department of Corrections, background checks now require applicants (and those getting recertified or taking promotions to new jobs) provide their facebook username and password.  I, personally and professionally, think this is  a step too far.  What’s to stop them from asking me for my email accounts and passwords, and the usernames and passwords of any accounts I may have on a news website, blogging site, or forum or bulletin board?  At what point will they want to know what I watched on television last night, what YouTube videos I may have searched for, and what political, religious, or medical terms I may have Googled last week?  Where does the invasion of privacy end?

I purposely set my facebook privacy settings pretty high.  I am careful who I friend, and careful whose profiles I post on.  In other endeavors, I do blog on several websites, under my name, but none of these are likely to be issues, I don’t think.  I have other blogs that I post to that do not use my name at all, for good reason.  And my emails?  Well, aren’t those privileged communications too?  It would be like a potential employer asking for the box of love letters I keep under my bed that were between my husband and I when we were courting.  Pretty rude, even at just face value.

The ACLU has sent a letter off to the Maryland DOC asking them to cease the practice, and they have agreed to suspend it until they have given it a closer look.  But it seems to me that it should have never been a policy that was implemented in the first place.  While I understand the need to be sure that a potential employee is not a danger to the job, clients, or organization, I think there are limits on what it is okay to ask people to provide.  Yes, we should all be careful what we post online, who we connect with, and what information we give out.  But when it comes to personal communications, I think those need to be completely off-limits to any potential employer.

Would love to hear thoughts and comments on this.

GadgetTrak Remote Tracking Software For Mobile Gadgets

GadgetTrak is a piece of software that you install on your mobile phone or laptop. The software will periodically check in and let you know the physical location of the device. If a camera is present, for example on a laptop, it can even take a photo of the thief and email it back to the owner. The software cannot be disabled by the thief.

For a Mac or Windows laptop, the price is $34.95 per year.

For Android and Blackberry phones, which includes remote data wipe ability, secure encrypted backup and a loud piercing audible alarm even if the device is in silent mode, the price is $19.95 per year.

For iPhone, iPod, and iPad, the GadgetTrak app is .99 cents, The iOS version does not include remote data wipe, but does include remote camera and push notification support to inform the thief of the GadgetTrak software’s presence.

Interview by Jeffrey Powers of Geekazine.

Please Support our CES 2011 Sponsors.

Save 25% on 4GH Hosting 1yr Subscriptions Save 25% Promo Code CES2.

Google Acted Illegally in UK

Google LogoThe UK’s Information Commissioner today confirmed that Google breached UK’s Data Protection Act when the Street View cars captured personal data while collecting wi-fi network information.

As a result of this, Google will be required to sign an undertaking to take steps to ensure that breaches of the Act don’t re-occur.  Google will then be audited in nine month’s time to confirm that the required policies and training has taken place. Finally, once any legal obstacles have been cleared, Google will have to delete the personal data from the UK.

Currently, the Information Commissioner does not intend to fine Google, but will take further action if necessary

Information Commissioner's OfficeThe Commissioner, Christopher Graham said,  “It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act.  The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit.”

What’s interesting about this is that the Information Commissioner’s Office (ICO) had previously decided not to take action against Google because the sample data shown to the ICO was considered to be fragmentary and therefore unlikely to constitute personal data.

However, Google’s Alan Eustace admitted on Google’s own blog that, “A number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded). It’s clear from those inspections that whilst most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.”

The Commissioner then infers that because this happened in other countries, it happened in the UK, even if most of the data was fragmentary.  You can read the Commissioner’s letter to Google Inc here.

Personally, I’m pleased that Google is being held to account.  Far too often it seems that big business gets away with abusing our personal information.

Lower Merion School District Settlement

The Lower Merion School (Pennsylvania) has agreed to a settlement with two students involved in the laptop spying case that made national news in February of this year.  It seems that the school district, which began distributing laptops to high school students in 2008, had installed remote webcam activation software on the laptops for use when a laptop went missing.  There were several problems, not the least of which was that no one from the district informed parents or users that such software existed.  There was also no district policy in place to regulate the use of the software, and no oversight of the people in charge of activating the software.  In the process, district IT workers had captured over 56,000 images from activated webcams, some of which were not from computers that had been misplaced.

A single student sued the school for its breach of trust, and the lawsuit threatened to go to class-action status to cover the 40 or so students whose images had been captured and stored by the district’s IT department.

The settlement amounts to $610,000, to be paid by the district’s insurance company.  The majority of that payout (over $400,000) is paying off the lawyers; the student who sued first will receive $175,000 in a trust, and a second student will receive $10,000.

The school district, in my opinion, is getting off very very lucky, as is the IT manager who thought all this was a good idea in the first place.  I’m all for retrieving stolen property, but I’m also all for covering everyone’s butts with well-written, clear-cut policy statements that state when snooping software can be used and why.  You can’t get in trouble if you’re being above-board, everyone knows what you’re doing and why, and you are very clear about how policy will be enforced.

This should also send a message to other school districts who may be considering similar snooping measures to cover district-owned computer equipment.

Google Family Safety Centre

Google FamilyGoogle has setup the Family Safety Centre to help parents and teachers keep their children safe online.  After spending a little time in the resource, it seems to be a good introduction to online safety for children from a parent’s point of view.  If you need to know more, you can then take it further through some of the links.

The Centre has four main sections:

i) Google Safety Tools – information on Safesearch, which stops inappropriate material being returned in searches, and YouTube Safety Mode, which similarly stops age-restricted videos from appearing.

ii) Advice from partners – information from children’s organisations on cyberbullying, privacy, talking to strangers online, adult content and malware.

iii) Reporting abuse – if you find inappropriate material on any of Google’s properties (YouTube, Buzz, Picasa, Blogger), here’s how to flag the material to Google.

iv) Video tips from Google parents – a set of videos on YouTube from parents to parents.  In this section there’s also six basic tips for on-line safety.  Frankly, I think these tips should be more prominent as they’re good.
Keep computers in a central place
– Know where your children go online
– Teach internet safety
– Help prevent viruses
– Teach your children to communicate responsibly
– View all content critically

Each country has its own slight variant, including Australia, Canada, New Zealand, US and UK versions – there are probably others for non-English speakers. The main difference seems to be the list of partner organisations that Google has worked with (and spelling).

If you are a parent, you should spend a few minutes having a read of the information here.

Privacy in a Public World

Facebook rolled out Places late on Aug 18, it allows you to check in where you are through Facebook. In its default mode it also allows your friends to check you in. Lifehacker has a good article on how to adjust your privacy settings for Places to a level you are comfortable with.

This again brought out the issue of privacy. Some of the answers to the issue of privacy by those who believe being public is best ranged from impractical to absurd, such as don’t be on these social sites, to change your name, which is what Google’s CEO Eric Schmidt suggested in an interview with the Wall Street Journal. (if you are unable to get the Wall Street Journal article PC world has a good review of it ) On the other side, privacy evangelist can sound like members of a lunatic fringe group, when they talk about things like RFID tags being the work of the devil.

Both sides are trivializing an issue which can very serious for a lot of people, especially women who have been in an abusive relationship, it is important that their lives remain private. In fact for them it really can be a matter of life or death. However they should be able to participate in social media sites to connect with their friends, like anyone else. If they can’t then the abuser wins. How public or private someone is should be an individual’s choice. They should be able to control that privacy level how ever they see fit. My biggest fear is that the decision making is being taken away from the individual. Just because I make part of my life public doesn’t mean I have given up my right to privacy in other parts of my life.

Anytime an application or website is created or changed in a way that affects a person privacy, that change should be made clear and public. It should not be hidden in the middle of a 65 page software license agreement. Each person should make their own choice on how public or private they want to be and it shouldn’t be a decision made others. I have made a choice to be public in most areas of my life, I however don’t presume that I have the right to make that choice for someone else.

Google WiFi – Wrong But No Big Deal

Information Commissioner's Office logoThe UK’s Information Commissioner’s Office has issued a press release on Google’s collection of WiFi data that was obtained by the StreetView cars as they drove round.

In what appears to be a holding statement, the ICO says that it has reviewed samples of collected data at Google premises and confirms that the samples do not include any “meaningful personal details“.  Additionally, the information cannot be connected to an identified individual and it is unlikely to cause any harm.

However, the ICO confirms that collecting the information was wrong but there is nothing further in the press release to indicate if any penalties will be levied against Google.  Apparently the Information Commissioner will be taking a “responsible and proportionate approach.”