Jump to content

Internet privacy: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Laws for Internet Privacy Protection: removed sentence that didn't fit tone of paragraph
Line 155: Line 155:
'''Employees and Employers Internet Regulations'''
'''Employees and Employers Internet Regulations'''


When considering the rights between employees and employers regarding internet privacy and protection at a company, different states have their own laws. Connecticut and Delaware both have laws that state an employer must create a written notice or electronic message that provides understanding that they will regulate the internet traffic. <ref> NCSL (October 9, 2009). “State Laws Related to Internet Privacy.” National Conference of State Legislatures. Retrieved January 23, 2011, from http://www.ncsl.org/default.aspx?tabid=13463 </ref> By doing so, this relates to the employees that the employer will be searching and monitoring emails and internet usage. Delaware charges $100 for a violation where Connecticut charges $500 for the first violation and then $1000 for the second. <ref> NCSL (October 9, 2009). “State Laws Related to Internet Privacy.” National Conference of State Legislatures. Retrieved January 23, 2011, from http://www.ncsl.org/default.aspx?tabid=13463 </ref> When looking at public employees and employers, California and Colorado created laws that would also create legal ways in which employers controlled internet usage. <ref> NCSL (October 9, 2009). “State Laws Related to Internet Privacy.” National Conference of State Legislatures. Retrieved January 23, 2011, from http://www.ncsl.org/default.aspx?tabid=13463 </ref> The law stated that a public company or agency must create a prior message to the employees stating that accounts will be monitored. Without these laws, employers could access information through employees accounts and use them illegally. <ref> Cranor, Lorrie Faith (June 1998). “Internet Privacy: A Public Concern.” Lorrie Faith Cranor. Retrieved January 24, 2011, from http://lorrie.cranor.org/pubs/networker-privacy.html </ref> In most cases, the employer is allowed to see whatever he or she pleases because of these laws stated both publicly and privately. <ref> Privacy Rights Clearinghouse (January 2011). “Fact Sheet 7: Workplace Privacy and Employee Monitoring.” Privacy Rights Clearinghouse. Retrieved January 23, 2011 from http://www.privacyrights.org/fs/fs7-work.htm </ref> By creating these laws it accounts for a safer, more enjoyable working ground but with stricter internet access.
When considering the rights between employees and employers regarding internet privacy and protection at a company, different states have their own laws. Connecticut and Delaware both have laws that state an employer must create a written notice or electronic message that provides understanding that they will regulate the internet traffic. <ref> NCSL (October 9, 2009). “State Laws Related to Internet Privacy.” National Conference of State Legislatures. Retrieved January 23, 2011, from http://www.ncsl.org/default.aspx?tabid=13463 </ref> By doing so, this relates to the employees that the employer will be searching and monitoring emails and internet usage. Delaware charges $100 for a violation where Connecticut charges $500 for the first violation and then $1000 for the second. <ref> NCSL (October 9, 2009). “State Laws Related to Internet Privacy.” National Conference of State Legislatures. Retrieved January 23, 2011, from http://www.ncsl.org/default.aspx?tabid=13463 </ref> When looking at public employees and employers, California and Colorado created laws that would also create legal ways in which employers controlled internet usage. <ref> NCSL (October 9, 2009). “State Laws Related to Internet Privacy.” National Conference of State Legislatures. Retrieved January 23, 2011, from http://www.ncsl.org/default.aspx?tabid=13463 </ref> The law stated that a public company or agency must create a prior message to the employees stating that accounts will be monitored. Without these laws, employers could access information through employees accounts and use them illegally. <ref> Cranor, Lorrie Faith (June 1998). “Internet Privacy: A Public Concern.” Lorrie Faith Cranor. Retrieved January 24, 2011, from http://lorrie.cranor.org/pubs/networker-privacy.html </ref> In most cases, the employer is allowed to see whatever he or she pleases because of these laws stated both publicly and privately. <ref> Privacy Rights Clearinghouse (January 2011). “Fact Sheet 7: Workplace Privacy and Employee Monitoring.” Privacy Rights Clearinghouse. Retrieved January 23, 2011 from http://www.privacyrights.org/fs/fs7-work.htm </ref>


==Other potential Internet privacy risks==
==Other potential Internet privacy risks==

Revision as of 04:33, 8 February 2011

Internet privacy is the desire or mandate of personal privacy concerning transactions or transmission of data via the Internet. It involves the exercise of control over the type and amount of information a person reveals about himself on the Internet and who may access such information. The term is often understood to mean universal Internet privacy, i.e. every user of the Internet possessing Internet privacy.

Internet privacy forms a subset of computer privacy. A number of experts within the field of Internet security and privacy believe that privacy doesn't exist; "Privacy is dead – get over it" This should be more encouraged [1] according to Steve Rambam, private investigator specializing in Internet privacy cases. In fact, it has been suggested that the "appeal of online services is to broadcast personal information on purpose."[2] On the other hand, in his essay The Value of Privacy, security expert Bruce Schneier says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance."[3][4]


Levels of privacy

People with only a casual concern for Internet privacy need not achieve total anonymity. Internet users may achieve an adequate level of privacy through controlled disclosure of personal information. The revelation of IP addresses, non-personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may try to achieve Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information (P.I.I.) of the Internet user. In order to keep your information private, people need to be careful on what they submit and look at online. When filling out forms and buying merchandise, that becomes tracked and because your information was not private, companies are now sending you spam and advertising on similar products.

Related State Laws Privacy of Personal Information: Nevada and Minnesota require Internet Service Providers to keep information private regarding their customers. This is only unless a customer approves their information being given out. According to the National Conference of State Legislator, the following states have certain laws on the personal privacy of its citizens.

Minnesota Statutes §§ 325M.01 to .09 -Prohibits Internet service providers from disclosing personally identifiable information, including a consumer's physical or electronic address or telephone number; Internet or online sites visited; or any of the contents of a consumer's data storage devices. Provides for certain circumstances under which information must be disclosed, such as to a grand jury; to a state or federal law enforcement officer acting as authorized by law; pursuant to a court order or court action. Provides for civil damages of $500 or actual damages and attorney fees for violation of the law.


Nevada Revised Statutes § 205.498 -In addition, California and Utah laws, although not specifically targeted to on-line businesses, require all nonfinancial businesses to disclose to customers, in writing or by electronic mail, the types of personal information the business shares with or sells to a third party for direct marketing purposes or for compensation. Under the California law, businesses may post a privacy statement that gives customers the opportunity to choose not to share information at no cost.

There are also certain laws for employees and businesses and privacy policies for [5] websites.

California, Connecticut, Nebraska and Pennsylvania all have specific privacy policies regarding websites, these include:

"California (Calif. Bus. & Prof. Code §§ 22575-22578) California's Online Privacy Protection Act requires an operator, defined as a person or entity that collects personally identifiable information from California residents through an Internet Web site or online service for commercial purposes, to post conspicuously its privacy policy on its Web site or online service and to comply with that policy. The bill, among other things, would require that the privacy policy identify the categories of personally identifiable information that the operator collects about individual consumers who use or visit its Web site or online service and third parties with whom the operator may share the information.

Connecticut (Conn. Gen Stat. § 42-471) Requires any person who collects Social Security numbers in the course of business to create a privacy protection policy. The policy must be "publicly displayed" by posting on a web page and the policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.

Nebraska (Nebraska Stat. § 87-302(14)) Nebraska prohibits knowingly making a false or misleading statement in a privacy policy, published on the Internet or otherwise distributed or published, regarding the use of personal information submitted by members of the public.

Pennsylvania (18 Pa. C.S.A. § 4107(a)(10)) Pennsylvania includes false and misleading statements in privacy policies published on Web sites or otherwise distributed in its deceptive or fraudulent business practices statute."[6]

There are also at least 16 states that require government websites to create privacy policies and procedures or to include machine-readable privacy policies into their websites. These states include Arizona, Arkansas, California, Colorado, Delaware, Iowa, Illinois, Maine, Maryland, Michigan, Minnesota, Montana, New York, Sourth Carolina, Texas, Utah, and Virginia.

Risks to internet privacy

In today’s technological world, millions of individuals are subject to privacy threats. Companies are hired not only to watch what you visit online, but to infiltrate the information and send advertising based on your browsing history. People set up accounts for Facebook; enter bank and credit card information to various websites.

Those concerned about Internet privacy often cite a number of privacy risks — events that can compromise privacy — which may be encountered through Internet use.[7] These methods of compromise can range from the gathering of statistics on users, to more malicious acts such as the spreading of spyware and various forms of bugs (software errors) exploitation.

Privacy measures are provided on several social networking sites to try to provide their users with protection for their personal information. On Facebook for example privacy settings are available for all registered users. The settings available on Facebook include the ability to block certain individuals from seeing your profile, the ability to choose your "friends," and the ability to limit who has access to your pictures and videos. Privacy settings are also available on other social networking sites such as E-harmony and MySpace. It is the user's prerogative to apply such settings when providing personal information on the internet.

In late 2007 Facebook launched the Beacon program where user rental records were released on the public for friends to see. Many people were enraged by this breach in privacy, and the Lane v. Facebook, Inc. case ensued.

HTTP cookies

An HTTP cookie is data stored on a user's computer that assists in automated access to websites or web features, or other state information required in complex web sites. It may also be used for user-tracking by storing special usage history data in a cookie. Cookies are a common concern in the field of privacy. As a result, some types of cookies are classified as a tracking cookie. Although website developers most commonly use cookies for legitimate technical purposes, cases of abuse occur. In 2009, two researchers noted that social networking profiles could be connected to cookies, allowing the social networking profile to be connected to browsing habits.[8]

Systems do not generally make the user explicitly aware of the storing of a cookie. (Although some users object to that, it does not properly relate to Internet privacy. It does however have implications for computer privacy, and specifically for computer forensics.

The original developers of cookies intended that only the website that originally distributed cookies to users so they could retrieve them, therefore returning only data already possessed by the website. However, in practice programmers can circumvent this restriction. Possible consequences include:

Some users choose to disable cookies in their web browsers – as of 2000 a Pew survey estimated the proportion of users at 4%.[9] Such an action eliminates the potential privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) offer the option to clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general, but preventing their abuse. There are also a host of wrapper applications that will redirect cookies and cache data to some other location.

The process of profiling (also known as "tracking") assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. Some organizations engage in the profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing.

Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of 'typical Internet users'. Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does.

Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual.

Governments and organizations may set up honeypot websites – featuring controversial topics – with the purpose of attracting and tracking unwary people. This constitutes a potential danger for individuals.

Flash cookies

Flash cookies, also known as Local Shared Objects, work the same ways as normal cookies and are used by the Adobe Flash Player to store information at the user's computer. They exhibit a similar privacy risk as normal cookies, but are not as easily blocked, meaning that the option in most browsers to not accept cookies does not affect flash cookies. One way to view and control them is the Better Privacy add-on for Mozilla Firefox users.

Evercookies

An Evercookie is a JavaScript-based application which produces cookies in a web browser that actively "resist" deletion by redundantly copying themselves in different forms on the user's machine (e.g.: Flash Local Shared Objects, various HTML5 storage mechanisms, window.name caching, etc.), and resurrecting copies are missing or expired.

Photographs on the internet

'No photos' tag at Wikimania

Today many people have digital cameras and post their photos online. The people depicted in these photos might not want to have them appear on the Internet.

Some organizations attempt to respond to this privacy-related concern. For example, the 2005 Wikimania conference required that photographers have the prior permission of the people in their pictures. Some people wore a 'no photos' tag to indicate they would prefer not to have their photo taken.[citation needed]

The Harvard Law Review published a short piece called "In The Face of Danger: Facial Recognition and Privacy Law," much of it explaining how "privacy law, in it's current form, is of no help to those unwillingly tagged." [10] Any individual can be unwillingly tagged in a photo and displayed in a manner that might violate them personally in some way, and by the time Facebook gets to taking down the photo, many people will have already had the chance to view, share, or distribute it. Furthermore, traditional tort law does not protect people who are captured by a photograph in public because this is not counted as an invasion of privacy. The extensive Facebook privacy policy covers these concerns and much more. For example, the policy states that they reserve the right to disclose member information or share photos with companies, lawyers, courts, government entities, etc. if they feel it absolutely necessary. The policy also informs users that profile pictures are mainly to help friends connect to each other.[11] However, these, as well as other pictures, can allow other people to invade a person’s privacy by finding out information that can be used to track and locate a certain individual. In an article featured in ABC news, it was stated that two teams of scientists found out that Hollywood stars could be giving up information about their private whereabouts very easily through pictures uploaded to the Internet. Moreover, it was found that pictures taken by iPhones automatically attach the latitude and longitude of the picture taken through metadata unless this function is manually disabled.[12]

Privacy within social networking sites

Prior to the social networking site explosion over the past decade, there were early forms of social network technologies that included online multiplayer games, blog sites, news groups, mailings lists and dating services. These all created a backbone for the new modern sites, and even from the start of these older versions privacy was an issue. In 1996, a young woman in New York City was on a first date with an online acquaintance and later sued for sexual harassment as they went back to her apartment after when everything became too real. This is just an early example of many more issues to come regarding internet privacy.[13]

Social networking sites have become very popular within the last five years. With the creation of Facebook and the continued popularity of MySpace many people are giving their personal information out on the internet. These social networks keep track of all interactions used on their sites and save them for later use.[14] Most users are not aware that they can modify the privacy settings and unless they modify them, their information is open to the public. On Facebook privacy settings can be accessed via the drop down menu under account in the top right corner. There users can change who can view their profile and what information can be displayed on their profile.[15] In most cases profiles are open to either "all my network and friends" or "all of my friends." Also, information that shows on a user's profile such as birthday, religious views, and relationship status can be removed via the privacy settings.[16] If a user is under 13 years old they are not able to make a Facebook or a MySpace account, however, this is not regulated.[15]

Facebook recently updated its profile format allowing for people who are not “friends” of others to view personal information about other users, even when the profile is set to private. However, As of January 18, 2011 Facebook changed its decision to make home addresses and telephone numbers accessible to third party members, but it is still possible for third party members to have access to less exact personal information, like one’s hometown and employment, if the user has entered the information into Facebook . EPIC Executive Director Marc Rotenberg said "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used." [17] Similar to Rotenberg’s claim that Facebook users are unclear of how or why their information has gone public, recently the Federal Trade Commission and Commerce Department have become involved. The Federal Trade Commission has recently released a report claiming that Internet companies and other industries will soon need to increase their protection for online users. Because online users often unknowingly opt in on making their information public, the FTC is urging Internet companies to make privacy notes simpler and easier for the public to understand, therefore increasing their option to opt out. Perhaps this new policy should also be implemented in the Facebook world. The Commerce Department claims that Americans, “have been ill-served by a patchwork of privacy laws that contain broad gaps,” [18]. Because of these broad gaps, Americans are more susceptible to identity theft and having their online activity tracked by others.

Twitter Case - In January of 2011, the government recently obtained a court order to force the social networking site, Twitter, to reveal information applicable surrounding certain subscribers involved in the WikiLeaks cases. This outcome of this case is questionable because it deals with the user’s First Amendment rights. Twitter moved to reverse the court order, and supported the idea that internet users should be notified and given an opportunity to defend their constitutional rights in court before their rights are compromised. [19]

Facebook Friends Study - A study was conducted at Northeastern University by Alan Mislove and his colleagues at the Max Planck Institute for Software Systems, where an algorithm was created to try and discover personal attributes of a Facebook user by looking at their friend’s list. They looked for information such as high school and college attended, major, hometown, graduation year and even what dorm a student may have lived in. The study revealed that only 5% of people thought to change their friend’s list to private. For other users, 58% displayed university attended, 42% revealed employers, 35% revealed interests and 19% gave viewers public access to where they were located. Due to the correlation of Facebook friends and universities they attend, it was easy to discover where a Facebook user was based on their list of friends. This fact is one that has become very useful to advertisers targeting their audiences but is also a big risk for the privacy of all those with Facebook accounts.[20]

Internet service providers

Internet users obtain Internet access through an Internet service provider (ISP). All data transmitted to and from users must pass through the ISP. Thus, an ISP has the potential to observe users' activities on the Internet.

In addition, search engines have the ability to track a user’s searches. Personal information can be revealed through searches including search items used, the time of the search, and more. Search engines have claimed a necessity to retain such information in order to provide better services, protect against security pressure, and protect against fraud. [21]

However, ISPs are usually prevented from participating in such activities due to legal, ethical, business, or technical reasons.

Despite these legal and ethical restrictions, some ISPs, such as British Telecom (BT), are planning to use deep packet inspection technology provided by companies such as Phorm in order to examine the contents of the pages that people visit. By doing so, they can build up a profile of a person's web surfing habits,[citation needed] which can then be sold on to advertisers in order to provide targeted advertising. BT's attempt at doing this will be marketed under the name 'Webwise'.[citation needed]

Normally ISPs do collect at least some information about the consumers using their services. From a privacy standpoint, ISPs would ideally collect only as much information as they require in order to provide Internet connectivity (IP address, billing information if applicable, etc).

Which information an ISP collects, what it does with that information, and whether it informs its consumers, pose significant privacy issues. Beyond the usage of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. In the US and other countries, such a request does not necessarily require a warrant.

An ISP cannot know the contents of properly-encrypted data passing between its consumers and the Internet. For encrypting web traffic, https has become the most popular and best-supported standard. Even if users encrypt the data, the ISP still knows the IP addresses of the sender and of the recipient. (However, see the IP addresses section for workarounds.)

An Anonymizer such as I2P – The Anonymous Network or Tor can be used for accessing web services without them knowing your IP address and without your ISP knowing what the services are that you access.

General concerns regarding Internet user privacy have become enough of a concern for a UN agency to issue a report on the dangers of identity fraud.[22]

While signing up for internet services, each computer contains a unique IP, Internet Protocol address. This particular address will not give away private or personal information, however, a weak link could potentially reveal information from your ISP. [23]

Data logging

Many programs and operating systems are set up to perform data logging of usage. This may include recording times when the computer is in use, or which web sites are visited. If a third party has sufficient access to the computer, legitimately or not, the user's privacy may be compromised. This could be avoided by disabling logging, or by clearing logs regularly.

Social networking has redefined the role of Internet privacy. Since users are willingly disclosing personal information online, the role of privacy and security is somewhat blurry. Sites such as Facebook, Myspace, and Twitter have grown popular by broadcasting status updates featuring personal information such as location. Facebook “Places,” in particular, is a Facebook service, which publicizes user location information to the networking community. Users are allowed to “check-in” at various locations including retail stores, convenience stores, and restaurants. Also, users are able to create their own “place,” disclosing personal information onto the Internet. This form of location tracking is automated and must be turned off manually. Various settings must be turned off and manipulated in order for the user to ensure privacy. According to epic.org, Facebook users are recommended to: (1) disable "Friends can check me in to Places," (2) customize "Places I Check In," (3) disable "People Here Now," and (4) uncheck "Places I've Visited." [24]. Moreover, the Federal Trade Commission has received two complaints in regards to Facebook’s “unfair and deceptive” trade practices, which are used to target advertising sectors of the online community. “Places” tracks user location information and is used primarily for advertising purposes. Each location tracked allows third party advertisers to customize advertisements that suit one’s interests. Currently, the Federal Trade Commissioner along with the Electronic Privacy Information Center are shedding light on the issues of location data tracking on social networking sites. [25].

Use by government agencies of an array of technologies designed to track and gather Internet users' information are the topic of much debate between privacy advocates, civil libertarians and those who believe such measures are necessary for law enforcement to keep pace with rapidly changing communications technology.

Specific examples

  • Following a decision by the European Union’s council of ministers in Brussels, in January, 2009, the UK's Home Office adopted a plan to allow police to access the contents of individuals' computers without a warrant. The process, called "remote searching", allows one party, at a remote location, to examine another's hard drive and Internet traffic, including email, browsing history and websites visited. Police across the EU are now permitted to request that the British police conduct a remote search on their behalf. The search can be granted, and the material gleaned turned over and used as evidence, on the basis of a senior officer believing it necessary to prevent a serious crime. Opposition MPs and civil libertarians are concerned about this move toward widening surveillance and its possible impact on personal privacy. Says Shami Chakrabarti, director of the human rights group Liberty, “The public will want this to be controlled by new legislation and judicial authorisation. Without those safeguards it’s a devastating blow to any notion of personal privacy.”[26]
  • The FBI's Magic Lantern software program was the topic of much debate when it was publicized in November, 2001. Magic Lantern is a Trojan Horse program that logs users' keystrokes, rendering encryption useless.[27]

Laws for Internet Privacy Protection

USA Patriot Act

The purpose of this act, enacted on October 26, 2001 by former President Bush, was to enhance law enforcement investigatory tools, investigate online activity, as well as to discourage terrorist acts both within the United States and around the world. This act reduced restrictions for law enforcement to search various methods and tools of communication such as telephone, e-mail, personal records including medical and financial, as well as reducing restrictions with obtaining of foreign intelligence. [28]

Electronic Communications Privacy Act (ECPA)

This act makes it unlawful under certain conditions for an individual to reveal the information of electronic communication and contains a few exceptions. One clause allows the ISP to view private e-mail if the sender is suspected of attempting to damage the internet system or attempting to harm another user. Another clause allows the ISP to reveal information from a message if the sender or recipient allows to its disclosure. Finally, information containing personal information may also be revealed for a court order or law enforcement’s subpoena. [29]

Employees and Employers Internet Regulations

When considering the rights between employees and employers regarding internet privacy and protection at a company, different states have their own laws. Connecticut and Delaware both have laws that state an employer must create a written notice or electronic message that provides understanding that they will regulate the internet traffic. [30] By doing so, this relates to the employees that the employer will be searching and monitoring emails and internet usage. Delaware charges $100 for a violation where Connecticut charges $500 for the first violation and then $1000 for the second. [31] When looking at public employees and employers, California and Colorado created laws that would also create legal ways in which employers controlled internet usage. [32] The law stated that a public company or agency must create a prior message to the employees stating that accounts will be monitored. Without these laws, employers could access information through employees accounts and use them illegally. [33] In most cases, the employer is allowed to see whatever he or she pleases because of these laws stated both publicly and privately. [34]

Other potential Internet privacy risks

  • Malware is a term short for "malicious software" and is used to describe software to cause damage to a single computer, server, or computer network whether that is through the use of a virus, trojan horse, spyware, etc.[35]
  • Spyware is a piece of software that obtains information from a user's computer without that user's consent.[35]
  • A web bug is an object embedded into a web page or email and is usually invisible to the user of the website or reader of the email. It allows checking to see if a person has looked at a particular website or read a specific email message.
  • Phishing is a criminally fraudulent process of trying to obtain sensitive information such as user names, passwords, credit card or bank information. Phishing is an internet crime in which someone masquerades as a trustworthy entity in some form of electronic communication.
  • Pharming is hackers attempt to redirect traffic from a legitimate website to a completely different internet address. Pharming can be conducted by changing the hosts file on a victim’s computer or by exploiting a vulnerability on the DNS server.
  • Social engineering
  • Malicious proxy server (or other "anonymity" services)

How to protect yourself from malware

  • Keep your computer’s software patched and current. Both your operating system and your anti- virus application must be updated on a regular basis. Make sure you do all relevant security updates and keep your anti-virus up to date.
  • Only download updates from reputable sources. For Windows operating systems, always use genuine Microsoft windows updates. For other operating systems, always use the legitimate websites of the company or person who produces it.
  • Always think before you install something, weigh the risks and benefits, and be aware of the fine print. Does the lengthy license agreement that you don’t want to read conceal a warning that you are about to install spyware? Don’t install anything from a website that doesn’t look legitimate and be aware of your internet surroundings.
  • Install and use a firewall. If you are running Windows XP you can use the built-in software firewall under Control Panel, and there are free versions of firewalls that work on all versions of Windows. If you are using a MAC there are various free programs you can install which will help protect your system.
  • Prevention is always better than cure; do your best to protect your system from vulnerabilities and don't open yourself up to malware.

Specific cases

Jason Fortuny and Craigslist

In early September 2006, Jason Fortuny, a Seattle-area freelance graphic designer and network administrator, posed as a woman and posted an ad to Craigslist Seattle seeking a casual sexual encounter with men in that area. On September 4, he posted to the wiki website Encyclopædia Dramatica all 178 of the responses, complete with photographs and personal contact details, describing this as the Craigslist Experiment and encouraging others to further identify the respondents.[36]

Although some online exposures of personal information have been seen as justified for exposing malfeasance, many commentators on the Fortuny case saw no such justification here. "The men who replied to Fortuny's posting did not appear to be doing anything illegal, so the outing has no social value other than to prove that someone could ruin lives online," said law professor Jonathan Zittrain,[37] while Wired writer Ryan Singel described Fortuny as "sociopathic".[38]

The Electronic Frontier Foundation indicated that it thought Fortuny might be liable under Washington state law, and that this would depend on whether the information he disclosed was of legitimate public concern. Kurt Opsahl, the EFF's staff attorney, said "As far as I know, they (the respondents) are not public figures, so it would be challenging to show that this was something of public concern."[37]

According to Fortuny, two people lost their jobs as a result of his Craigslist Experiment and another "has filed an invasion-of-privacy lawsuit against Fortuny in an Illinois court." [39]

Fortuny did not enter an appearance in the Illinois suit, secure counsel, or answer the complaint after an early amendment. Mr. Fortuny had filed a motion to dismiss, but he filed it with the Circuit Court of Cook County, Illinois, and he did not file proof that he had served the plaintiff.[40] As a result, the court entered a default judgment against Mr. Fortuny and ordered a damages hearing for January 7, 2009.[41] After failing to show up at multiple hearings on damages,[42][43] Fortuny was ordered to pay $74,252.56 for violation of the Copyright Act, compensation for Public Disclosure of Private Facts, Intrusion Upon Seclusion, attorneys fees and costs.[44]

USA vs. Warshak

This case decided December 14, 2010 by the Sixth Circuit Court of Appeals maintained the idea that an ISP actually is allowed access to private e-mail. However, the government must get hold of a search warrant before obtaining such e-mail. This case dealt with the question of emails hosted on an isolated server. Due to the fact that e-mail is similar to other forms of communication such as telephone calls, e-mail requires the same amount of protection under the 4th amendment. [45]

Search engine data and law enforcement

Data from major Internet companies, including Yahoo! and MSN (Microsoft), have already been subpoenaed by the United States[46] and China.[47] AOL even provided a chunk of its own search data online,[48] allowing reporters to track the online behaviour of private individuals.[49]

In 2006, a wireless hacker pled guilty when his Google searches were used as evidence against him. The defendant ran a Google search over the network using the following search terms: "how to broadcast interference over wifi 2.4 GHZ," "interference over wifi 2.4 Ghz," "wireless networks 2.4 interference," and "make device interfere wireless network." While court papers did not describe how the FBI obtained his searches (e.g. through a seized hard-drive or directly from the search-engine), Google has indicated that it can provide search terms to law enforcement if given an Internet address or Web cookie. [50]

US v. Zeigler

In the United States many cases discuss whether a private employee (i.e., not a government employee) who stores incriminating evidence in workplace computers is protected by the Fourth Amendment's reasonable expectation of privacy standard in a criminal proceeding.

Most case law holds that employees do not have a reasonable expectation of privacy when it comes to their work related electronic communications. See, e.g. US v. Simons, 206 F.3d 392, 398 (4th Cir., Feb. 28, 2000).

However, one federal court held that employees can assert that the attorney-client privilege with respect to certain communications on company laptops. See Curto v. Medical World Comm., No. 03CV6327, 2006 U.S. Dist. LEXIS 29387 (E.D.N.Y. May 15, 2006).

Another recent federal case discussed this topic. On January 30, 2007, the Ninth Circuit court in US v. Ziegler, reversed its earlier August 2006 decision upon a petition for rehearing. In contrast to the earlier decision, the Court acknowledged that an employee has a right to privacy in his workplace computer. However, the Court also found that an employer can consent to any illegal searches and seizures. See US v. Ziegler, ___F.3d 1077 (9th Cir. Jan. 30, 2007, No. 05-30177). [1] Cf. US v. Ziegler, 456 F.3d 1138 (9th Cir. 2006).

In Ziegler, an employee had accessed child pornography websites from his workplace. His employer noticed his activities, made copies of the hard drive, and gave the FBI the employee's computer. At his criminal trial, Ziegler filed a motion to suppress the evidence because he argued that the government violated his Fourth Amendment rights.

The Ninth Circuit allowed the lower court to admit the child pornography as evidence. After reviewing relevant Supreme Court opinions on a reasonable expectation of privacy, the Court acknowledged that Ziegler had a reasonable expectation of privacy at his office and on his computer. That Court also found that his employer could consent to a government search of the computer and that, therefore, the search did not violate Ziegler's Fourth Amendment rights.

State v. Reid

The New Jersey Supreme Court has also issued an opinion on the privacy rights of computer users, holding in State v. Reid that computer users have a reasonable expectation of privacy concerning the personal information they give to their ISPs.[51][52]

In that case, Shirley Reid was indicted for computer theft for changing her employer's password and shipping address on its online account with a supplier. The police discovered her identity after serving the ISP, Comcast, with a municipal subpoena not tied to any judicial proceeding.[53]

The lower court suppressed the information from Comcast that linked Reid with the crime on grounds that the disclosure violated Reid's constitutional right to be protected from unreasonable search and seizure.[54] The appellate court affirmed, as did the New Jersey Supreme Court, which ruled that ISP subscriber records can only be disclosed to law enforcement upon the issuance of a grand jury subpoena.[55] As a result, New Jersey offers greater privacy rights to computer users than most federal courts.[56] This case also serves as an illustration of how case law on privacy regarding workplace computers is still evolving.

Robbins v. Lower Merion School District

In Robbins v. Lower Merion School District (U.S. Eastern District of Pennsylvania 2010), the federal trial court issued an injunction against the school district after plaintiffs charged two suburban Philadelphia high schools violated the privacy of students and others when they secretly spied on students by surreptitiously and remotely activating webcams embedded in school-issued laptops the students were using at home. The schools admitted to secretly snapping over 66,000 webshots and screenshots, including webcam shots of students in their bedrooms.[57][58]

Teachers and MySpace

Teachers’ privacy on MySpace has created controversy across the world. They are forewarned by The Ohio News Association [59] that if they have a MySpace account, it should be deleted. Eschool News warns, “Teachers, watch what you post online.” [60] The ONA also posted a memo advising teachers not to join these sites. Teachers can face consequences of license revocations, suspensions, and written reprimands.

The Chronicle of Higher Education wrote an article on April 27, 2007, entitled "A MySpace Photo Costs a Student a Teaching Certificate" about Stacy Snyder.[61] She was a student of Millersville University of Pennsylvania who was denied her teaching degree because of an unprofessional photo posted on MySpace, which involved her drinking with a pirate's hat on and a caption of “Drunken Pirate". As a substitute, she was given an English degree.

Internet privacy and Blizzard Entertainment

On July 6, 2010, Blizzard Entertainment announced that it would display the real names tied to user accounts in its game forums. On July 9, 2010, CEO and cofounder of Blizzard Mike Morhaime announced a reversal of the decision to force posters' real names to appear on Blizzard's forums. The reversal was made in response to subscriber feedback.[62]

See also

References

  1. ^ "Toor2122 – Steve Rambam – Privacy Is Dead – Get Over It". Video.google.com. August 1, 2006. Retrieved September 13, 2010.
  2. ^ Pogue, David (January 2011). "Don't Worry about Who's watching". Scientific American. 304 (1): 32.
  3. ^ The Value of Privacy by Bruce Schneier
  4. ^ The Eternal Value of Privacy by Bruce Scneier – Wired.com
  5. ^ Pam Greenberg (October 19, 2009). "State Laws Related to Internet Privacy". Ncsl.org. Retrieved September 13, 2010.
  6. ^ National Conference of State Legislators. (2009, October 19). Privacy policy for websites. Retrieved from http://www.ncsl.org/default.aspx?tabid=13463
  7. ^ Matt Schafer (August 2, 2010). "Privacy, Privacy, Where for Art Thou Privacy?". Lippmannwouldroll.com. Retrieved October 17, 2010. As consumers have became wise to the use of cookies, however, the industry has began using both normal cookies and local shared objects (a.k.a flash cookies) in the event that users would delete the normal cookies.
  8. ^ Krishnamurthy B, Wills CE. (2009). On the Leakage of Personally Identifiable Information Via Online Social Networks.
  9. ^ Trust and Privacy Online: Why Americans Want to Rewrite the Rules. Pew Internet & American Life Project. Released Aug. 20, 2000
  10. ^ In the Face of Danger: Facial Recognition and the Limits of Privacy Law. (2007). Retrieved from Harvard, Harvard Law Review: http://www.harvardlawreview.org/issues/120/may07/note_4397.php.
  11. ^ Facebook's Privacy Policy. (2010). Retrieved from Facebook: http://www.facebook.com/policy.php.
  12. ^ Heussner, M. K. (2010). Celebrities' Photos, Videos May Reveal Location. Retrieved from ABC: http://abcnews.go.com/technology/ celebrity-stalking-online-photos-give-location/ story?id=11162352&page=1.
  13. ^ Tracy Mitrano. (2006, November, December). A Wider World: Youth, Privacy, and Social Networking Technologies. Retrieved from http://www.educause.edu/EDUCAUSE+Review/EDUCAUSEReviewMagazineVolume41/AWiderWorldYouthPrivacyandSoci/158095
  14. ^ Dwyer, C., Hiltz, S. & Passerini, K. (2007). Trust and Privacy Concern within Social Networking Sites: A Comparison of Facebook and MySpace. Americas Conference on Information Systems. Retrieved from http://74.125.155.132/scholar?q=cache:qLCk18d_wZwJ:scholar.google.com/+facebook+privacy&hl=en&as_sdt=2000
  15. ^ a b Facebook’s Privacy Policy. (2010). Retrieved from http://www.facebook.com/policy.php
  16. ^ Lipford, H. R., Besmer, A. & Watson, J. (2009). Understanding Privacy Settings in Facebook with an Audience View. Department of Software and Information Systems University of North Carolina at Charlotte. Retrieved from http://www.usenix.org/events/upsec08/tech/full_papers/lipford/lipford_html/
  17. ^ Electronic Privacy Information Center, Initials. (2011, January 18). Facebook drops plan to disclose users' home addresses and personal phone number. Retrieved from http://epic.org/privacy/socialnet/
  18. ^ American Civil Liberties Union. (2010, December 16). Commerce department releases important report urging comprehensive privacy protections. Retrieved from http://www.aclu.org/technology-and-liberty/commerce-department-releases-important-report-urging-comprehensive-privacy-pr
  19. ^ (1/8/11) Government Requests For Twitter Users’ Personal Information Raises Serious Constitutional Concerns. Retrieved from http://www.aclu.org/technology-and-liberty/government-requests-twitter-users-personal-information-raise-serious-constitu
  20. ^ Erik Hayden. (2010, March 11). On Facebook, You Are Who You Know. Retrieved from http://www.miller-mccune.com/culture-society/on-facebook-you-are-who-you-know-10385/#
  21. ^ (December 2010) Online Privacy: Using the Internet Safely. Retrieved from http://www.privacyrights.org/fs/fs18-cyb.htm
  22. ^ UN warns on password 'explosion'
  23. ^ http://www.privacyrights.org/fs/fs18-cyb.htm
  24. ^ EPIC - In re Facebook. (n.d.). EPIC - Electronic Privacy Information Center. Retrieved January 25, 2011/
  25. ^ EPIC - In re Facebook. (n.d.). EPIC - Electronic Privacy Information Center. Retrieved January 25, 2011/
  26. ^ Police set to step up hacking of home PCs
  27. ^ FBI 'Lantern' Software Does Log Keystrokes
  28. ^ (January 2011) “USA Patriot Act.” Retrieved from http://www.fincen.gov/statutes_regs/patriot/
  29. ^ (December 2010) Online Privacy: Using the Internet Safely. Retrieved from http://www.privacyrights.org/fs/fs18-cyb.htm
  30. ^ NCSL (October 9, 2009). “State Laws Related to Internet Privacy.” National Conference of State Legislatures. Retrieved January 23, 2011, from http://www.ncsl.org/default.aspx?tabid=13463
  31. ^ NCSL (October 9, 2009). “State Laws Related to Internet Privacy.” National Conference of State Legislatures. Retrieved January 23, 2011, from http://www.ncsl.org/default.aspx?tabid=13463
  32. ^ NCSL (October 9, 2009). “State Laws Related to Internet Privacy.” National Conference of State Legislatures. Retrieved January 23, 2011, from http://www.ncsl.org/default.aspx?tabid=13463
  33. ^ Cranor, Lorrie Faith (June 1998). “Internet Privacy: A Public Concern.” Lorrie Faith Cranor. Retrieved January 24, 2011, from http://lorrie.cranor.org/pubs/networker-privacy.html
  34. ^ Privacy Rights Clearinghouse (January 2011). “Fact Sheet 7: Workplace Privacy and Employee Monitoring.” Privacy Rights Clearinghouse. Retrieved January 23, 2011 from http://www.privacyrights.org/fs/fs7-work.htm
  35. ^ a b Receieved from http://technet.microsoft.com
  36. ^ Neva Chonin (September 17, 2006). "Sex and the City". San Francisco Chronicle. Retrieved June 17, 2007.
  37. ^ a b Anick Jesdanun (September 12, 2006). "Prankster posts sex ad replies online". Associated Press. Retrieved June 27, 2007.
  38. ^ Ryan Singel (September 8, 2006). "Craigslist". Wired Blogs. Retrieved September 12, 2006.
  39. ^ Schwartz, Mattathias. "Malwebolence". New York Times. Retrieved August 1, 2008. After receiving death threats, Fortuny meticulously scrubbed his real address and phone number from the Internet. "Anyone who knows who and where you are is a security hole," he told me. "I own a gun. I have an escape route. If someone comes, I'm ready."
  40. ^ Doe v. Fortuny, 1:08-cv-1050 (D. Ill. December 15, 2008).
  41. ^ Doe v. Fortuny, 1:08-cv-1050 (D. Ill. 11/12/2008).
  42. ^ Doe v. Fortuny, 1:08-cv-1050 (D. Ill. 01/07/2009).
  43. ^ Doe v. Fortuny (D. Ill. 04/09/2009), Text.
  44. ^ Doe v. Fortuny, 1:08-cv-1050 (D. Ill. 04/09/2009).
  45. ^ (December 2010) Online Privacy: Using the Internet Safely. Retrieved from http://www.privacyrights.org/fs/fs18-cyb.htm
  46. ^ Bush Administration Demands Search Data; Google Says No; AOL, MSN & Yahoo Said Yes
  47. ^ Yahoo Knew More About China Journalist Subpoena Than It Told Congress It Did
  48. ^ Forget The Government, AOL Exposes Search Queries To Everyone
  49. ^ They know all about you
  50. ^ Tim Wafa (2009). "Global Internet Privacy Rights – A Pragmatic Approach". University of San Francisco Intellectual Property Law Bulletin. Retrieved June 1, 2009. {{cite web}}: Unknown parameter |month= ignored (help)
  51. ^ "a-105-06.doc.html". Lawlibrary.rutgers.edu. Retrieved September 13, 2010.
  52. ^ State v. Reid, 194 N.J. 386, 954 A.2d 503 (N.J. 2008)
  53. ^ Id. at 393.
  54. ^ Id. at 393
  55. ^ Id. at 402.
  56. ^ Id. at 3 96–97.
  57. ^ Doug Stanglin (February 18, 2010). "School district accused of spying on kids via laptop webcams". USA Today. Retrieved February 19, 2010.
  58. ^ "Initial LANrev System Findings", LMSD Redacted Forensic Analysis, L-3 Services – prepared for Ballard Spahr (LMSD's counsel), May 2010. Retrieved August 15, 2010.
  59. ^ Learning Curve
  60. ^ Related Top News – Teachers warned about MySpace profiles
  61. ^ Wired Campus: A MySpace Photo Costs a Student a Teaching Certificate – Chronicle.com
  62. ^ World of Warcraft forum post, Blizzard announces reversal of its decision to force real names to appear on its forums

Further reading