Privacy | HazDat

23Nov/11

Malls track shoppers’ cell phones on Black Friday

He knows when you are sleeping...

NEW YORK (CNNMoney) -- Attention holiday shoppers: your cell phone may be tracked this year.
Starting on Black Friday and running through New Year's Day, two U.S. malls -- Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. -- will track guests' movements by monitoring the signals from their cell phones.

While the data that's collected is anonymous, it can follow shoppers' paths from store to store.
The goal is for stores to answer questions like: How many Nordstrom shoppers also stop at Starbucks? How long do most customers linger in Victoria's Secret? Are there unpopular spots in the mall that aren't being visited?

While U.S. malls have long tracked how crowds move throughout their stores, this is the first time they've used cell phones.

But obtaining that information comes with privacy concerns.

The management company of both malls, Forest City Commercial Management, says personal data is not being tracked.

"We won't be looking at singular shoppers," said Stephanie Shriver-Engdahl, vice president of digital strategy for Forest City. "The system monitors patterns of movement. We can see, like migrating birds, where people are going to."

Still, the company is preemptively notifying customers by hanging small signs around the shopping centers. Consumers can opt out by turning off their phones.

Via http://money.cnn.com/2011/11/22/technology/malls_track_cell_phones_black_friday/

Filed under: Big Brother, Cellular, Future Proof, Handhelds, Privacy, Society, Surveillance, Tracking, Uncategorized No Comments

20Apr/11

Police Search Cell Phones During Traffic Stops

ACLU seeks information on Michigan program that allows cops to download information from smart phones belonging to stopped motorists.

The Michigan State Police have a high-tech mobile forensics device that can be used to extract information from cell phones belonging to motorists stopped for minor traffic violations. The American Civil Liberties Union (ACLU) of Michigan last Wednesday demanded that state officials stop stonewalling freedom of information requests for information on the program.

ACLU learned that the police had acquired the cell phone scanning devices and in August 2008 filed an official request for records on the program, including logs of how the devices were used. The state police responded by saying they would provide the information only in return for a payment of $544,680. The ACLU found the charge outrageous.

"Law enforcement officers are known, on occasion, to encourage citizens to cooperate if they have nothing to hide," ACLU staff attorney Mark P. Fancher wrote. "No less should be expected of law enforcement, and the Michigan State Police should be willing to assuage concerns that these powerful extraction devices are being used illegally by honoring our requests for cooperation and disclosure."

A US Department of Justice test of the CelleBrite UFED used by Michigan police found the device could grab all of the photos and video off of an iPhone within one-and-a-half minutes. The device works with 3000 different phone models and can even defeat password protections.

"Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags," a CelleBrite brochure explains regarding the device's capabilities. "The Physical Analyzer allows visualization of both existing and deleted locations on Google Earth. In addition, location information from GPS devices and image geotags can be mapped on Google Maps."

The ACLU is concerned that these powerful capabilities are being quietly used to bypass Fourth Amendment protections against unreasonable searches.

"With certain exceptions that do not apply here, a search cannot occur without a warrant in which a judicial officer determines that there is probable cause to believe that the search will yield evidence of criminal activity," Fancher wrote. "A device that allows immediate, surreptitious intrusion into private data creates enormous risks that troopers will ignore these requirements to the detriment of the constitutional rights of persons whose cell phones are searched."

The national ACLU is currently suing the Department of Homeland Security for its policy of warrantless electronic searches of laptops and cell phones belonging to people entering the country who are not suspected of committing any crime.

Via http://www.thenewspaper.com/news/34/3458.asp

Filed under: Big Brother, Cellular, Handhelds, Law, Privacy No Comments

9Feb/11

iConfess: Penance, There’s an App for That

I confess, though I consider myself a spiritual person, I'm not very religious. People born of a particular faith have all kinds of excuses for their lack of observance. But, usually, it just boils down to a matter of convenience. That's not my problem. I take my kids to religious school every week. I Facebook with a rabbi, a minister, a Jogye, a couple Hasidim, and members of an entire profession that most modern religions have determined to be Satan's disciples. I have plenty of opportunity, and ample reason, to pray and ask for forgiveness.

But, for those of you still searching for excuses, here's one less: If you happen to be Catholic, you no longer have to schlep your tuchas to the confessional. Now the "Jesus Phone" will bring the power of the confessional to the palm of your hand. What's more, this app not only received the coveted blessing of St. Jobs himself, but it even got the Pope's blessing for goodness sake. Which is impressive and shows great benevolence on the part of the church, considering that this app clearly duplicates existing ecclesiastical functionality.

I'm impressed that the Vatican is willing to embrace technology with open arms. Science, after all, is not their strong subject. The only question I have is, should one's iPhone become an item of evidence in a legal context, is it possible that this app will confess your sins to the police as well?

Similar Blog & News Articles

Filed under: Cellular, Crime, Future Proof, Handhelds, Privacy, Search & Seizure No Comments

8Feb/11

I Know What You Did Last Winter (Snow Job)

For those who believe revenge is a dish best served cold...

Like so many around the country, David Welles has had to endure a long cold Winter this year -- only made worse by the volume of snow in front of his Chicago home, and the untimely disappearance of his snow shovel. While Welles is no better equipped to dig his way out of a snowstorm than anyone else without a shovel, he was perfectly equipped to identify the perpetrator -- or, at least her car. That's because Welles works for a security company by the name of Tunnel Vision Technology, and it appears as though he's been visiting the supply closet.

While we'll presume that David's "eagle eye" came with a receipt, the snow shovel he caught his neighbor stealing on digital video didn't. Under ordinary circumstances, one might turn the evidence over to the police. Then again, under ordinary circumstances, it's not likely there would have been any evidence. But, these are no ordinary circumstances, and these are no ordinary times.

David's shovel was probably worth less than $25, maybe ten on the street. The trail was cold before it was laid. And the "perp" wore gloves, so no fingerprints. This wasn't about money. This was about the age's-old relationship between a man and his tools. Besides, Welles had another idea. He entered an arms race, added a dose of PsyOps... and then he turned to YouTube. The result? What Welles calls, "The Quadrilogy of My Favorite Snow Shovel". See the results for yourself.

(NOTE: If you are ONLY connaisseur of revenge, skip to the mid-point.)

Similar Blog & News Articles

The Quadrilogy of My Favorite Snow Shovel :: Latest Links for Milkandcookies.com

Filed under: Crime, Duh, Humor, Internet, Privacy, Security, Social Networking, Society, Surveillance No Comments

1Feb/11

Internet Explorer Flaw Could Disclose Passwords

Via MSNBC:

A recently discovered flaw in Internet Explorer could allow criminals to collect passwords and banking information. Microsoft is warning Windows users to be aware of the problem, with a manual work-around available, but there is no downloadable software fix available yet. So far, Microsoft says it “has not seen any indications of active exploitation of the vulnerability.”

Read the article: http://technolog.msnbc.msn.com/_news/2011/02/01/5967710-ie-flaw-could-mean-access-to-passwords

Filed under: Computers, Hacking, Identity Theft, Internet, Privacy, Security No Comments

31Jan/11

Security Minded: Drive Encryption

The Need

Where do I begin? Even before (maybe especially before) storage devices were portable, they were still vulnerable to theft, due more to their high resale value than the questionable value of their contents. Today, the market value of even a brand-new desktop computer may not be worth the potential consequences of being caught. But, the lucrative identity theft trade has given rise to an entirely different motive for computer, tablet, and cellphone theft. In this case, the device is simply a means to an end.

But theft and the obvious concern over losing such easily and commonly misplaced devices as thumb drives are far from the only reason to encrypt hard drive data. Today, for instance, international travelers may be subject to the copy and search of their hard drives, as authorized by the Department of Homeland Security's U.S. Customs and Border Enforcement's "Policy Regarding Border Search of Information" (July 16, 2008), which, among other things, allows Customs Agents broad discretion to detain "electronic devices, or copies thereof, for a reasonable period of time to perform a thorough border search." Regardless of your motivation, encrypting mobile data storage should be high on your list of priorities. Like my AmericanExpress card, I never leave home with out it.

Note to attorneys, medical professionals, or anyone with a fiduciary responsibility: Unlike most professionals, you may have a legal, if not ethical, responsibility to protect your clients' data. Even if a standard for "reasonableness" has previously been applied to "locks" and other 20th century security practices, it may not apply to devices removed from a secure space. Check with your respective associations and/or licensing boards for more information. ... CONTINUE READING »

Filed under: Crime, Hacking, Handhelds, Identity Theft, Law, Privacy, Search & Seizure, Security Continue reading

27Jan/11

Mixed Messages: US Govt. Tells Companies to Collect User Data, But Not To Use It

Last month the US Federal Trade Commission testified before Congress in order to establish "Do Not Track" legislation, challenging companies to either self-regulate, or face potentially stiff laws prohibiting the tracking of Internet users. This week the US Department of Justice testified before congress to establish regulations requiring data retention for the purposes of investigation and prosecution.

"Data retention is fundamental to the department's work in investigating and prosecuting almost every type of crime," US deputy assistant attorney general Jason Weinstein told a congressional subcommittee on Tuesday. "In some ways, the problem of investigations being stymied by a lack of data retention is growing worse." Weinstein acknowledged that greater data retention requirements raise legitimate privacy concerns but "any privacy concerns about data retention should be balanced against the needs of law enforcement to keep the public safe."

Emphasizing the vast disparity between the testimony of these two Federal organizations is the following statement from the FTC's own prepared statement to Congress expressing a principal of "reasonable security and limited retention for consumer data" among companies collecting sensitive data.

"A key to protecting privacy is to minimize the amount of data collected and held by ISPs and online companies in the first place," according to John Morris, general counsel at the non-profit Center for Democracy & Technology. "Mandatory data retention laws would require companies to maintain large databases of subscribers' personal information, which would be vulnerable to hackers, accidental disclosure, and government or other third party access."

The DOJ's request would require "an entire industry to retain billions of discrete electronic records due to the possibility that a tiny percentage of them might contain evidence related to a crime," says Kate Dean, executive director of the Internet Service Provider Association. "We think that it is important to weigh that potential value against the impact on the millions of innocent Internet users' privacy."

Similar Blog & News Articles

Privacy Law’s Gone Ex Parte Like it’s 1986…or 1984

A byproduct of life in the 21st Century is that many of the perks of a post-centennial lifestyle require the abdication of a fair bit of privacy to cyberspace. That means that the paper records that once required a search warrant to read (and maybe the forceful extraction from your cold-dead-hands), are now in the possession of companies who don't. Of course there's Facebook and Twitter. Those didn't exist in the 20th. Century. But, what about your phone records and email? While your phone company has long been subject to a warrant or subpoena, in the 21st. Century new "self-service" tools have been developed to help telcos manage the onslaught of requests made particularly attractive by the fact that most of us carry what amounts to a homing-beacon in our pockets. Similarly, while email has always been an attractive source of discovery, until recently most of it resided on each correspondent's physical, and virtual, desktop waiting to get written-over by something more current. Today, it's more likely been put out to pasture in a seemingly-endless "server farm", waiting to be picked by a custodian of records.

Even our personal computers, which have always required a search warrant, and often require a cascading series of search warrants covering various regions of storage space and categories of searches, are rapidly being replaced by windows to the web -- sleek sheets of glass and sculpted-aluminum that act as a portal to your virtual existence. Like a supermodel, these tablets are thin and beautiful, but two-dimensional, with very little substance inside. What makes these devices a reality today is a combination of near-ubiquitous Internet connectivity and access to your personal online data once it's established. Even the notion of "backing up" is becoming a thing of the past, because the data you see, isn't really here. It's somewhere else, presumably safe from destruction, but not necessarily from dissemination. Like many things in life, it's a trade-off.

But, not when it comes to fighting crime. The shift of discovery from physical space to cyberspace is a decided advantage for law enforcement. In fact, Google reports that it responded to more than 4200 discovery requests in the first-half of 2010 alone. One of the reasons these requests have become so popular is that online data is easier seize than a laptop, and often much more useful. Much of what can be had requires no search warrant at all, and thanks to online tools, can be had without even so much as contacting the service provider. Why? Because, unlike the data on your hard drive, you don't necessarily own your data when it's stored in cyberspace.

The Electronic Communications Privacy Act was enacted by Congress in 1986 -- long before most people had access to the Internet, email, or a cellphone. When Mark Zuckerberg's only friends were his stuffed animals. Mind you, it was revolutionary for it's time -- enacted to extend government restrictions on wire taps from telephone calls to also include transmissions of electronic data by computer. But, it doesn't address current evolution. Today, far more can be gleaned from a historical records search than any telephone wiretap. Perhaps that's why last year the Department of Justice argued in favor of warantless email searches. Or why in the same year the DOJ argued that cellphone users had abdicated any expectation of privacy by using a service that stores location data.