The story about the U.S. Department of Justice issuing a subpoena for phone records of the Associated Press has spread like wildfire. With good reason, as the EFF reports. There is a major need to look at the laws that affect privacy and information in this country, it is no longer sufficient to believe that information that is provided to third parties is of no value, or has no impact on the privacy of the individual. Not to mention that it is (to me at least) amazing how much information people will share without even considering that there are possible implications.
Now, I want to talk about this some in light of some other recent news stories. As I talk about these I will be using some of the larger social media sites, and service providers as examples. However, I am not directly commenting on their businesses or their motives, etc. I am using them only because they (a) are in the news, (b) are the closest fit to the types of issues that need to be discussed.
So, let’s get on with the discussion…
Facebook and cell phones
So far Facebook had tried twice to get in the mobile market and has failed. (It was noted recently that the Facebook Home Phone is now selling for $0.99, and will likely be dropped by AT&T once their display obligation to HTC has been met.) That’s for the best in my book (yup, puns are fun).
I was not enthused by the idea of Facebook getting into the mobile market. The way I understood what they are doing was just about looking for ways to mine more information out of their users. Information they aren’t getting now, like GPS tracking, more data usage info, and possibly even phone records and video chats. Not to mention the wealth of information they can get by just knowing what applications you have installed on your phone and how much you use them. Oh, and there is something to be said for knowing what things you are paying for, and which of them are free.
Now, admittedly, no one had come forth with a definitive list of all the things that Facebook was trying to track via the Facebook Home application, but I think the above list was a good start, and if Facebook missed any, they would just add it in an update to the application.
Now much of this information was already being gathered by your cell phone provider. Which meant that it was already available to be subpoenaed, just like phone records of the AP journalists. But, with the addition of Facebook home there is an additional danger because the information is compounded when added to all the information Facebook mines from the users of their web service. And, guess what, that information can now be subpoenaed from Facebook as well.
This adds another facet to the situation. Now by issuing subpoena’s for both your phone records, and Facebook records, the government or possibly any lawyer involved in a lawsuit can have information that tracks both your daily movement activities and your online activities. With a little simple work, it would be possible to reconcile any discrepancies between the two sets of records.
The likelihood that this would reveal more information about your life is quite chilling.
G+ And Android / Play
If you think Google is better regards to the gathering of information about you than Facebook, you might be in for a surprise. Google has the dominant cell phone operating system, and it has been documented that most (if not all) of the cell phone carriers modify the operating system to log a lot of technical information about the phone, and your usage of it. Compound that with the information Google has at its fingers including: applications loaded from the Google Play store, any information you share on G+, and any additional Google applications or services you use (Gmail, Google Docs, Blogger, Picasa, etc.) there is now a strong linkage there.
But it doesn’t stop there. Google is now selling a lot of things through the Play store: music, videos, books, magazines. That’s even more information that is being logged. And, there is probably even information that you hadn’t considered: if you keep your shopping list in an application that uses Google services to store the information (even something like Google notes, or Google Docs Write), they have that information too.
Basically, it’s the same situation as Facebook. Between Google and your cellphone provider it is possible to reconstruct a pretty good portion of your day based on the information that your phone provides, and the information from connected services. It’s not a problem to reconcile the pieces of information to come up with a pretty good picture of things from your movements, what you read, what you talk about, and possibly even what you eat.
This was the strangest and silliest story to catch my attention in the last couple of weeks. Apparently Amazon thinks it can cash in on the BitCoin buzz by starting its own “Amazon Coins”. Of course, Amazon Coins is the antithesis of the concept behind BitCoins. In reality, it is just a glorified digital gift card that can potentially be used in applications, as well as on the Amazon website for purchasing products.
Basically, the silliness of the whole thing is that BitCoin is a completely decentralized virtual digital currency, the value of which is determined by a market consensus. This of course means there is inherent instability in the currencies value. Amazon Coins, on the other hand are a digital currency that is centrally administered through Amazon, and is strictly tied to the value of the products sold by Amazon, and to the value of national currencies as Amazon interprets their value.
However, as I mentioned, the one thing about Amazon Coins is that they are designed such that they can be used in applications that accept them for payment. These, of course, would be applications that are installed on your Kindle through Amazon’s Application store. this is where the concept of Amazon Coins crosses the lines from being nothing more than another form of a gift card into another realm.
Amazon now use this information to track what you purchase even more deeply than just the applications that you have purchased from them, or the products you buy on their website. Now they have the ability to track the services you spend your money. Buy additional service for that game using Amazon Coins? Amazon knows about it. Buy some additional server space for that Todo List application using Amazon Coins? Amazon knows about it.
Now, this information isn’t quite at the level of the information that Facebook and Google are able to gather with level of integration into your life as they are making. However, it is still information that is of interest for numerous reasons (a) it allows Amazon to form a more complete profile of your purchasing interests, which allows them to try to market things to you more, and (b) it is more information that the government might be interested in having (and there is nothing stopping the government from subpoenaing that information).
Whenever I mention this, the person that hears me talk about it tends to roll their eyes and give me a blank look that is intended to make me think that I am some extremist that just doesn’t get it. But, I have to include this here as it fits the subject very well…
If you go to your favorite online publication and they are using a service like Disqus for the commenting system stop and think about what is happening.
If you use the comment system you are trusting a single service to store you comments across multiple websites. Most of the time this is probably not a huge issue if you are sticking to the mainstream publications. However, consider if you are particularly interested in politics and frequent a lot of political publications. Now, consider if you are also a gun enthusiast and frequent publications for gun enthusiasts. You now have a single system (Disqus) that can link information about you together across multiple subjects.
I’m using politics and gun rights as they are two very popular and touchy subjects to drive the point home. It doesn’t have to be those two topics. For an example, I am interested in free software, free culture, and copyright and patent reform. Now sometimes, I might not want my views on those topics linked together, or linked with my political interests, or my religious views or any dozens of other topics that I might make a comment on.
Now all of this information is in a single repository that can be accessed and used to track your activity across potentially dozens of websites on the internet. It not only tells people which publications, but when you were reading them. Oh, and it can be compounded: use your Facebook, Google, Twitter, or another common login to access Disqus, and now there are links to all the information I mentioned in earlier sections of this article. It’s enough to make your head hurt, at least it’s enough to make my head hurt, and I go out of my way to avoid a lot of these things.
The thing about these scenarios that I have talked about is they are all situations where information is contributed either intentionally or unintentionally to a third-party. The comments I made on a website are stored in another service. The service I purchased in an application, is tracked by Google or Facebook or Amazon.
It’s a side effect, often, of the activities that you are trying to do with your phone is captured by another service. Even things that you intend to be captured by Google, Amazon or Facebook, may now be tracked by your phone service provider.
There are people who attempt to keep a lot of their information secure when they are on the internet. They use encryption and certificates to safeguard their information. That is the best way to provide a certain level of privacy during the immediate activities. The problem is that much of this information can be tracked by third parties that aren’t involved directly in the activity that you are performing, nor are they (necessarily) parties to any agreements you might have with the provider of a service, or worse, that provider may have clauses that state it’s okay for them to give out that information to other “partners” without defining the amounts of information at are being passed on.
Hopefully this makes it even more clear that there is a major need, as the EFF has pointed out, to reform the third-party scope of information, and how that information can be used and accessed legally. I don’t think any of us want to be in the situation that the AP reporters find themselves in because they can no longer trust the phone company to be able to protect their information.