Category Archives: Privacy

Malls Maybe Tracking Your Cellphone are constantly trying to track shoppers activities, to try to attract more consumers to their stores and improve their sales. They use various methods to do this including shopper cards and newspaper inserts just to name a few. A couple of malls are testing a new technology called Footpath by Path Intelligence. Footpath tracks the movement of consumers by their cellphone. It has the ability to track the consumer to within a few meters of where they are. The information is then feed to a central processing center, where it is audited and studied to create a continual updated report on the flow of shoppers throughout a store or mall. It can be used to better place stores in a mall and merchandise within a store.

According to the Path website, it works by tracking random signals from mobile phones. The system does not collect or view phone numbers, SMS messages, or listen to calls. The information it collects can not identify an individual caller. The detector units can only be accessed by trained personal, mall employees do not have access to the tracking device. So the tracking devices can not be combined with other information by mall employees to get more detailed and individual information. It is aggregated information and not real-time that is provided to client. Path also has agreed not to access any third-party information that could in combination with Footpath identify individuals. Despite these promises some privacy experts are concerned about the misuse of the technology by both Path and their clients. Mark Rasch, the director of cyber security at CSC stated.

“Although this mall technology might not identify specific individuals, it raises a bunch of privacy red flags,” he wrote. “First, the instant the consumer identifies himself or herself anywhere in the mall (say, by using a credit or debit card to buy something), it is a trivial task to cross reference the cell phone data with the payment data and realize that the person hanging around outside the Victoria’s Secret dressing room was your 70-year-old neighbor.”(via We’re watching: malls track shopper’s cell phone signals to gather marketing data)

At this point only two malls in the United States are testing the technology, the Promenade Temecula in Southern California and the Short Pump Town Center in Richmond, Va. They will be testing it thru New Year’s Day. Both malls have signs throughout their location telling shoppers that their cellphones are being tracked and they can opt out of the system by turning their phones off. In today’s world where most people are never without their phones, this seems an unlikely choice. The system is also being tested in some malls in Europe and Australia. It wouldn’t be surprising to see this technology and it’s uses being tested in court by privacy advocates. However since malls are private properties courts tend to give them a lot of leeway.

Choices and Decisions

ChoicesOne of the things that we face everyday in the real world and online are choices. However, studies show that if people are given a default choice, along with others most people will choose the default choice. This is true in the both in the real world and online. Advertisers, companies like Google, Facebook and even politicians have known this for years. This is one of the main reasons that politicians fight hard to be first on the ballot and companies always list their preferred choice as the default choice when they have to give consumers an option. If you are a Facebook user, you know that one of the biggest complaints against Facebook is that the option to share your information has always been the default one. Facebook wants the user to make this choice and they know that most users will opt for the default choice. Often if you choose something other than the default choice you have to jump through multiple hoops to set up that choice up. Facebook is not alone in this type of behavior. This is a major reason that Google pays Mozilla and estimated 100 million dollars a year to be its default search engine.

Why are decisions made this way by consumers. Part of it is laziness, it is just easier to use the default choice, consumers often feel overwhelmed when given a lot of choices. However it is more than that, subconsciously we see the default choice as the one that the authorities recommend and therefore the best choice. This is one of the major issues that the Federal Trade Commission is dealing with when it comes to the issue of privacy online. Advertisers and companies like Facebook and Google want the choices they give to consumers to be self-regulated. Privacy advocates would like there to be more government oversight and regulation. Unfortunately for privacy advocates more choices is not the answer. When users are provided with multiple privacy tool options they often find the choices confusing and too complicated. Often they make choices that do little to protect their privacy, whether they want that protection or not. So more choices is clearly not the answer. The answer may be fewer choices, with the default one being at a higher privacy setting being key.
To read more about default choices and the impact they have on our decision-making process see the New York Times article The Default Choice, So Hard to Resist.

OnStar Still Collecting Data After You’ve Cancel Service

onStarUnder a recent change in policy, OnStar which is owned by GM continues to connect to your vehicle and collect information about it even after you have cancelled your account. This change of policy goes into effect Dec 1. This information includes speed, location, odometer reading and seatbelt usage. Information that could be used by both law enforcement and insurance companies among others to both the aid and detriment of the consumer. OnStar stated they reserve the right to share this information with interested third parties, including law enforcement, although they do not do so at this time. OnStar stated that this allows them to communicate to the cars occupants about severe weather, emergency evacuation, and recalls. OnStar also insist that this information is clearly stated in the Terms of Service (TOS) and customers should be aware of it. It is unclear however, whether this is something that OnStar informs the customer when they cancel their service or is it something that the customer has to bring up. This is clearly an opt out service and not an opt in service. Let’s assume that consumers read the TOS when they first get the service and are aware they have to deactivate the data connection when they cancel service to stop OnStar from collecting data. Are they really going to remember this when they actually cancel service, I doubt it and I bet OnStar is betting on this. This change of policy has raise the ire of several Senators including Senator Schumer (NY), Al Franken (MN) and Christopher Coons (DE). They have all called upon Onstar to change it’s policy, Senator Schumer has also requested the FTC to launch and investigation.

First I am presently not a user of OnStar, none of the cars I own have it installed. A few rental cars I used in the past have had it installed. So I have never had to cancel the service. However when I cancel service with a business this means to me and I think most consumer, that my contract and connection to that business has been totally severed. It doesn’t mean the business can continue to collect information about me and that’s alright because it’s for my safety. Why OnStar thought that consumers would be ok with this is beyond me, or perhaps more likely they thought no one would notice. The second question is why OnStar is collecting this information in the first place, if not to sell it. With over 6 million willing customers from which they can collect information from, do they really need to collect information from ex-customers. Finally what prompted the change in policy and did anyone at OnStar say wait this might be a bad idea.


Depending on your point of view either strips the final layers of privacy from a narcisstic world or else provides a handy one-stop signposting to your Web 2.0 presence. As their tag line says, “It’s all about you.”

Like many people, your online life isn’t restricted to just one social media site. You have your friends on Facebook, your work colleagues on LinkedIn, random acquaintances on Twitter and family on Flickr. When it comes to pointing someone to “you” on-line, there’s no one place to go and this is where comes in. At, you can set up a cool picture and a biography, plus links to all of the social sites that you subscribe to.

To get an idea of what it’s like, here’s the page of one of the founders, Tony Conrad. Looks pretty cool doesn’t it? There are editing tools to setup your page just as you’d like and there are stock designs if you don’t have a good photograph to use. To further appeal to the cult of me, will provide statistics and graphics on who has been looking at your page.

It’s all very seductive, isn’t it. But let’s just have a little reality check here…this brings together your whole on-line life. Everything is linked to from one place, so if someone, say a prospective employer, wants to research you then it’s all there for them. They don’t even have to do any digging. Of course, you could have two profiles, one for your public persona and one for your private life… seems to be backed by AOL amongst other investors and you might recognise a few of their advisors too.

The landrush for good names is underway, but I think the site has only been up a couple of months so I was able to snag my name without any numbers. If you are interested, I’d pop over and grab your page just in case gets big.

How Far Should a Job Background Check Go?

As I am now on the prowl for a new job since I am being laid off from my current one, I’m thinking about all the things that could go wrong.  My credit might not be good enough, and is that speeding ticket I got a couple years ago going to be a problem?  And what about my online presence and activities?  How much of that will be a determining factor?  How far, really, will an employer attempt to go to dig into who I am and what I do with my life?

In the case of the Maryland Department of Corrections, background checks now require applicants (and those getting recertified or taking promotions to new jobs) provide their facebook username and password.  I, personally and professionally, think this is  a step too far.  What’s to stop them from asking me for my email accounts and passwords, and the usernames and passwords of any accounts I may have on a news website, blogging site, or forum or bulletin board?  At what point will they want to know what I watched on television last night, what YouTube videos I may have searched for, and what political, religious, or medical terms I may have Googled last week?  Where does the invasion of privacy end?

I purposely set my facebook privacy settings pretty high.  I am careful who I friend, and careful whose profiles I post on.  In other endeavors, I do blog on several websites, under my name, but none of these are likely to be issues, I don’t think.  I have other blogs that I post to that do not use my name at all, for good reason.  And my emails?  Well, aren’t those privileged communications too?  It would be like a potential employer asking for the box of love letters I keep under my bed that were between my husband and I when we were courting.  Pretty rude, even at just face value.

The ACLU has sent a letter off to the Maryland DOC asking them to cease the practice, and they have agreed to suspend it until they have given it a closer look.  But it seems to me that it should have never been a policy that was implemented in the first place.  While I understand the need to be sure that a potential employee is not a danger to the job, clients, or organization, I think there are limits on what it is okay to ask people to provide.  Yes, we should all be careful what we post online, who we connect with, and what information we give out.  But when it comes to personal communications, I think those need to be completely off-limits to any potential employer.

Would love to hear thoughts and comments on this.

GadgetTrak Remote Tracking Software For Mobile Gadgets

GadgetTrak is a piece of software that you install on your mobile phone or laptop. The software will periodically check in and let you know the physical location of the device. If a camera is present, for example on a laptop, it can even take a photo of the thief and email it back to the owner. The software cannot be disabled by the thief.

For a Mac or Windows laptop, the price is $34.95 per year.

For Android and Blackberry phones, which includes remote data wipe ability, secure encrypted backup and a loud piercing audible alarm even if the device is in silent mode, the price is $19.95 per year.

For iPhone, iPod, and iPad, the GadgetTrak app is .99 cents, The iOS version does not include remote data wipe, but does include remote camera and push notification support to inform the thief of the GadgetTrak software’s presence.

Interview by Jeffrey Powers of Geekazine.

Please Support our CES 2011 Sponsors.

Save 25% on 4GH Hosting 1yr Subscriptions Save 25% Promo Code CES2.

Google Acted Illegally in UK

Google LogoThe UK’s Information Commissioner today confirmed that Google breached UK’s Data Protection Act when the Street View cars captured personal data while collecting wi-fi network information.

As a result of this, Google will be required to sign an undertaking to take steps to ensure that breaches of the Act don’t re-occur.  Google will then be audited in nine month’s time to confirm that the required policies and training has taken place. Finally, once any legal obstacles have been cleared, Google will have to delete the personal data from the UK.

Currently, the Information Commissioner does not intend to fine Google, but will take further action if necessary

Information Commissioner's OfficeThe Commissioner, Christopher Graham said,  “It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act.  The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit.”

What’s interesting about this is that the Information Commissioner’s Office (ICO) had previously decided not to take action against Google because the sample data shown to the ICO was considered to be fragmentary and therefore unlikely to constitute personal data.

However, Google’s Alan Eustace admitted on Google’s own blog that, “A number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded). It’s clear from those inspections that whilst most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.”

The Commissioner then infers that because this happened in other countries, it happened in the UK, even if most of the data was fragmentary.  You can read the Commissioner’s letter to Google Inc here.

Personally, I’m pleased that Google is being held to account.  Far too often it seems that big business gets away with abusing our personal information.

Lower Merion School District Settlement

The Lower Merion School (Pennsylvania) has agreed to a settlement with two students involved in the laptop spying case that made national news in February of this year.  It seems that the school district, which began distributing laptops to high school students in 2008, had installed remote webcam activation software on the laptops for use when a laptop went missing.  There were several problems, not the least of which was that no one from the district informed parents or users that such software existed.  There was also no district policy in place to regulate the use of the software, and no oversight of the people in charge of activating the software.  In the process, district IT workers had captured over 56,000 images from activated webcams, some of which were not from computers that had been misplaced.

A single student sued the school for its breach of trust, and the lawsuit threatened to go to class-action status to cover the 40 or so students whose images had been captured and stored by the district’s IT department.

The settlement amounts to $610,000, to be paid by the district’s insurance company.  The majority of that payout (over $400,000) is paying off the lawyers; the student who sued first will receive $175,000 in a trust, and a second student will receive $10,000.

The school district, in my opinion, is getting off very very lucky, as is the IT manager who thought all this was a good idea in the first place.  I’m all for retrieving stolen property, but I’m also all for covering everyone’s butts with well-written, clear-cut policy statements that state when snooping software can be used and why.  You can’t get in trouble if you’re being above-board, everyone knows what you’re doing and why, and you are very clear about how policy will be enforced.

This should also send a message to other school districts who may be considering similar snooping measures to cover district-owned computer equipment.

Google Family Safety Centre

Google FamilyGoogle has setup the Family Safety Centre to help parents and teachers keep their children safe online.  After spending a little time in the resource, it seems to be a good introduction to online safety for children from a parent’s point of view.  If you need to know more, you can then take it further through some of the links.

The Centre has four main sections:

i) Google Safety Tools – information on Safesearch, which stops inappropriate material being returned in searches, and YouTube Safety Mode, which similarly stops age-restricted videos from appearing.

ii) Advice from partners – information from children’s organisations on cyberbullying, privacy, talking to strangers online, adult content and malware.

iii) Reporting abuse – if you find inappropriate material on any of Google’s properties (YouTube, Buzz, Picasa, Blogger), here’s how to flag the material to Google.

iv) Video tips from Google parents – a set of videos on YouTube from parents to parents.  In this section there’s also six basic tips for on-line safety.  Frankly, I think these tips should be more prominent as they’re good.
Keep computers in a central place
– Know where your children go online
– Teach internet safety
– Help prevent viruses
– Teach your children to communicate responsibly
– View all content critically

Each country has its own slight variant, including Australia, Canada, New Zealand, US and UK versions – there are probably others for non-English speakers. The main difference seems to be the list of partner organisations that Google has worked with (and spelling).

If you are a parent, you should spend a few minutes having a read of the information here.