Educational CyberPlayGround ®☰ Menu

Privacy Online and what they know about you

Right Now You Are A Product

"If what you are getting online is for free, you are not the customer, you are the product." ~Jonathan Zittrain

Why Privacy Matters
Glenn Greenwald was one of the first reporters to see — and write about — the Edward Snowden files, with their revelations about the United States' extensive surveillance of private citizens. In this searing talk, Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide."


The massive hacking of the confidential
biometric files of voters stored in the
Commission on Elections (Comelec) databank.


Death Master File (DMF)

Where can I get a copy of the Death Master File? The National Technical Information Service distributes the Death Master File online. Login It contains more than 85 million records of deaths reported to Social Security from 1936 to the present. The DMF provides significant opportunities for identity thieves to commit tax fraud and should be limited.  “One of the more sinister schemes involves the misuse of a deceased taxpayer’s SSN to obtain fraudulent returns.” On the SSA website, “Because these individuals are deceased, the Privacy Act does not apply to our collection and maintenance of these records.”

IRS believes an individual's right to privacy terminates at death...SSNs easily available online and used for fraud: the Death Master File (DMF).
The Social Security Administration (SSA) The SSA DMF contains information on millions of deceased individuals with United States social security numbers whose deaths were reported to the Social Security Administration.  The DMF currently holds over 89 million records and is updated weekly.  It contains the following information about the deceased:  Last name, first name, Social Security Number, state issued, birth date, death date, and last residence zip code.  Created from the DMF is the Social Security Death Index (SSDI) which is available, free online from several genealogy websites.

2015 The Internet Dragnet Was a Clusterfuck … and NSA Didn’t Care - Here’s my best description from last year of the mind-boggling fact that NSA conducted 25 spot checks between 2004 and 2009 and then did a several months’ long end-to-end review of the Internet dragnet in 2009 and found it to be in pretty good shape, only then to have someone discover that every single record received under the program had violated rules set in 2004.

Given your sex, full birthday and zip code can pretty much match identify you individually.

2015 Internet privacy, funded by spooks: A brief history of the BBG
Broadcasting Board of Governors FUND Tor, CryptoCat and Open Whisper Systems. During my reporting, one agency in particular keeps popping up: An agency with one of those really bland names that masks its wild, bizarre history: the Broadcasting Board of Governors, or BBG. The BBG was formed in 1999 and runs on a $721 million annual budget. why is a federally-funded CIA spinoff with decades of experience in “psychological warfare” suddenly blowing tens of millions in government funds on privacy tools meant to protect people from being surveilled by another arm of the very same government?

Recommended Privacy Programs to Use

6 Tips for Protecting Your Communications From Prying Eyes

2015 Which VPN Services Take Your Anonymity Seriously

The combination of Tor, CSpace and ZRTP which is a form of encryption that protects mobile phone calls and texting -- it's used in apps like redphone and Signal (plus another anonymizing technology for good measure) results in levels of protection that the NSA deems "catastrophic" -- meaning the organization has "near-total loss/lack of insight to target communications," according to Der Spiegel.

The NSA encounters "major" problems in its attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor network*, which was developed for surfing the web anonymously. The NSA also has "major" problems with Truecrypt, a program for encrypting files on computers. A protocol called Off-the-Record (OTR) for encrypting instant messaging in an end-to-end encryption process also seems to cause the NSA major problems. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism -- an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple -- show that the NSA's efforts appear to have been thwarted in these cases: "No decrypt available for this OTR message." This shows that OTR at least sometimes makes communications impossible to read for the NSA.

Impact: Current high priority target use. "Tor, VeraCrypt 1.15, Tails".
When a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states. ZRTP, which is used to securely encrypt conversations and text chats on mobile phones, is used in free and open source programs like RedPhone and Signal. "It's satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque," says RedPhone developer Moxie Marlinspike.

The NSA operates a large-scale VPN exploitation project to crack large numbers of connections, allowing it to intercept the data exchanged inside the VPN -- including, for example, the Greek government's use of VPNs.


University of Washington Computer Science Professor Ed Lazowska speaks on the coalition of business and academic experts joining Microsoft in its efforts to protect consumer privacy. AMICUS BRIEF



You've Lost Privacy, Now They're Taking Anonymity
Government and private entities are working to shred privacy and warehouse personal, relationship, and communications data. Once unimaginable surveillance technologies are being perfected and implemented. The most intimate details of lives are routinely and unthinkingly surrendered to data-gatherers. Is it still possible to be an anonymous whistleblower? Is it still possible to be anonymous at all?



The big biz of spying on little kids


COPPA K12 EDUCATION sells student INFORMATION and their rights to privacy

1/12/15 The White House announced its commitment to protecting students' privacy online. Part of that commitment was a pledge companies could sign saying they wouldn't misuse students' data.
Companies must promise to "not sell student personal information" and "to collect, use, share, and retain student personal information only for purposes for which we were authorized" by schools, teachers, or parents. Google did not sign the pledge

75 companies including Apple and Microsoft, signed the pledge.

This is relevant because Google sells a a lot of products to schools, including a suite of apps called Google Apps for Education.The company's education apps are used by 40 million people, it says.

Zombie Cookie: The Tracking Cookie That You Can’t Kill An online ad company called Turn is using tracking cookies that come back to life after Verizon users have deleted them. Turn’s services are used by everyone from Google to Facebook.

Terms and Conditions May Apply
A documentary that exposes what corporations and governments learn about people through Internet and cell phone usage, and what can be done about it ... if anything.




Did you realize that you had No legal right to privacy under American law until 1890s when Brandeis' daughter's wedding photographed?


2014 Launching a Privacy Policy Built the Wiki Way - the new privacy policy


2014 Brazilian Congress passes world's first Internet bill of rights. It establishes the right to free online expression as a core principal. It only forces sites to remove users' copyright-infringing content if they receive a court order. And it establishes the principle of guaranteed net neutrality—meaning Internet providers can't charge customers extra to to visit certain sites—though some activists worry the wording of that section could lead to companies privatizing access in the future. The lower house of the National Congress of Brazil has passed a landmark, sweeping Internet freedom bill, believed to be the first of its kind.

Marco Civil, as it's known, includes provisions fornet neutrality, protection of Brazilians' privacy rights, and makes it hard to knock a site offline just because a user links to copyrighted content.

2014 Microsoft admitting to reading journalist's emails After outrage from privacy campaigners, the tech firm will now seek legal advice before examining the contents of customers’ inboxes

2013 U.S gives Big, Secret Push to Internet Surveillance
Justice Department agreed to issue "2511 letters" immunizing AT&T and other companies participating in a cybersecurity program from criminal prosecution under the Wiretap Act, according to new documents obtained by the Electronic Privacy Information Center.
Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws. The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors' Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12. "The Justice Department is helping private companies evade federal wiretap laws," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. "Alarm bells should be going off." Those documents show the National Security Agency and the Defense Department were deeply involved in pressing for the secret legal authorization, with NSA director Keith Alexander participating in some of the discussions personally. Despite initial reservations, including from industry participants, Justice Department attorneys eventually signed off on the project. The Justice Department agreed to grant legal immunity to the participating network providers in the form of what participants in the confidential discussions refer to as "2511 letters," a reference to the Wiretap Act codified at 18 USC 2511 in the federal statute books. The Wiretap Act limits the ability of Internet providers to eavesdrop on network traffic except when monitoring is a "necessary incident" to providing the service or it takes place with a user's "lawful consent." An industry representative told CNET the 2511 letters provided legal immunity to the providers by agreeing not to prosecute for criminal violations of the Wiretap Act. It's not clear how many 2511 letters were issued by the Justice Department. In 2011, Deputy Secretary of Defense William Lynn publicly disclosed the existence of the original project, called the DIB Cyber Pilot, which used login banners to inform network users that monitoring was taking place. In May 2012, the pilot was turned into an ongoing program -- broader but still voluntary -- by the name of Joint Cybersecurity Services Pilot, with the Department of Homeland Security becoming involved for the first time. It was renamed again to Enhanced Cybersecurity Services program in January, and is currently being expanded to all types of companies operating critical infrastructure. The NSA and DOJ declined to comment.

2003 Free Access To Dozens of Anonymous VPNs
VPN Gate Academic Experiment Project launched by The Graduate School of University of Tsukuba, Japan, to expand the knowledge of Global Distributed Public VPN Relay Servers. Get back on The Pirate Bay, KAT or H33T, a new tool from researchers gives instant access to dozens of VPN services. Not only is the system simple to use, but it’s also completely free.

Senate Democrats and some libertarian Republicans, say consumers should have the option of not being tracked at all. Microsoft is offering a new browser that encourages people to block the technology that enables tracking. Online privacy rules are changing. The question now is how much consumers will care. America's tech industry is finalizing voluntary disclosure standards on the sensitive information being sucked from your smartphone like your location, surfing habits and contacts. Lou Mastria, managing director of the Digital Advertising Alliance thinks people don't mind surveillance.
Mobile applications like Google Maps, Angry Birds and GasBuddy have become popular, inexpensive ways to personalize smartphones or tablets and improve their functionality. Often free or just 99 cents to download, apps can turn a phone into a sophisticated roaming office or game console with interactive maps and 24-7 connectivity. They want information from you like your birthdate or local postal code.


The ethics of data and power.


The data all of these firms collect is proprietary and closed. Analysis of human behavior from the greatest trove of data ever collected is limited to questions of how best to harvest clicks and turn a profit. In a sector filled with large oligopolistic firms bolstered by network effects and opaque terms of service agreements laden with fine-print, there are legitimate reasons to question the efficacy of the market as a regulator of these issues. The privacy framework tells us that we should feel violated by what they know about us. Understanding these issues in the context of power tells us that we should feel manipulated and controlled.
The Internet of free platforms, free services and free content is wholly subsidized by targeted advertising, the efficacy (and thus profitability) of which relies on collecting and mining user data. We experience this commodification of our attention everyday in virtually everything we do online, whether it's searching, checking email, using Facebook. We are getting a raw deal. The bargain that we are making is a collective one, and the costs will be felt at a societal scale. When we think in terms of power, it is clear we are getting a raw deal: we grant private entities -- with no interest in the public good and no public accountability -- greater powers of persuasion than anyone has ever had before and in exchange we get free email.
Using all of the trace data we leave in our digital wakes to target ads is known as "behavioral advertising." Their goal is actually to alter user behavior. Companies use extensive knowledge gleaned from innumerable micro-experiments and massive user behavior data over time to design their systems to elicit the monetizable behavior that their business models demand. There is a Longstanding discussion in business ethics circles over the implications of persuasive advertising. Behavioral economics has shown that humans' cognitive biases can be exploited, so Roger Crisp has noted that subliminal and persuasive advertising undermines the autonomy of the consumer. [1]

 "'Rethinking Privacy in an Era of Big Data'." 2012
The UC-Berkeley’s School of Information held a forum — called the DataEDGE Conference -- seeking to explore the challenges and opportunities associated with the transition to a data-intensive economy. One of the speakers Wasdanah Boyd, Senior Researcher at Microsoft Research and an Assistant Professor at New York University, who discussed the implications of Big Data on privacy -- and the role for researchers and technologists moving forward.
The New York Times‘ Bits Blog has coverage of boyd’s talk:
"Privacy is a source of tremendous tension and anxiety in Big Data," says Danah Boyd, a senior researcher at Microsoft Research. Speaking last week at a conference on Big Data at the University of California, Berkeley, she said, "It’s a general anxiety that you can’t pinpoint, this odd moment of creepiness." She asked, "Is this moving towards a society that we want to build?"
Erwin Gianchandani Director, Computing Community Consortium - Computing Research Association




Dead Drops Un-cloud your files in cement! 'Dead Drops’ is an anonymous, offline, peer to peer file-sharing network in public space.


Essential measures for preventing the invasion of privacy caused by photographs taken in secret
A pair of glasses dubbed a "privacy visor" has been developed to thwart hidden cameras using facial-recognition software. Protect your privacy from photos with photographic information [geotags]... essential measures for preventing the invasion of privacy caused by photographs taken in secret and unintentional capture in camera images is now required."Disguise your face from Heavy make-up or a mask will also work, as will tilting your head at a 15-degree angle, which fools the software into thinking you do not have a face, according to an online guide produced by hacktivist group Anonymous.

How citizens can regain their privacy from the National Security State. Start locking down your online life.

1) Your smartphone

The most recent versions of the iPhone’s operating system, iOS, generally get high marks from security professionals, and Android phones have a fairly simple mechanism for encrypting all data, but by far the most important step is to use a passkey that locks your phone. And even that is no permanent guarantee of safety. Four-digit pins can be cracked reasonably quickly by brute force, six digits take longer, and so on. The iPhone has a setting that freezes access if more than 10 different attempts to input a pin number are employed in quick succession. Use it.

2) Your browsing
TOR A free software implementation of second-generation onion routing, a system enabling its users to communicate anonymously on the Internet. Using Tor will slow your Web browsing experience. Tor Browser signing keys have changed. They are here

3) Your hard drive
You’d rather the government doesn’t know that you’ve been writing pornographic fan fiction about the CIA director and a pair of Lebanese twins? Encrypt your hard drive data. Truecrypt is one popular, well-regarded, free option.

 Your email
There are no shortage of encryption programs that will lock up your email. The old gold standard, Pretty Good Privacy, is now part of a package of commercially available encryption products sold by Symantec. There are also free software options, built on top of the GPG (GNU Privacy Guard) standard. Some may find, however, that their user-friendliness is less than ideal.

I2P (Invisible Internet Project)
is a computer network layer that allows applications to send messages to each other pseudonymously and securely. Possible uses include anonymous Web surfing, chatting, blogging and file transfers. The software that implements this layer is called an I2P router and a computer running I2P is called an I2P node.
The software is free and open source and is published under multiple licenses. The name I2P is derived from Invisible Internet Project, which, in pseudo-mathematical notation, is represented as I²P. Download after reading


Judge: An IP-Address Doesn’t Identify a Person (or BitTorrent Pirate)

The person listed as the account holder is often not the person who downloaded the infringing material. Or put differently; an IP-address is not a person.

A landmark ruling in the US. New York Judge Gary Brown explains in great detail why an IP-address is not sufficient evidence to identify copyright infringers. According to the Judge this lack of specific evidence means that many alleged BitTorrent pirates have been wrongfully accused by copyright holders.

“Although the complaints state that IP addresses are assigned to ‘devices’ and thus by discovering the individual associated with that IP address will reveal ‘defendants’ true identity,’ this is unlikely to be the case,” he concludes. In other words, the copyright holders in these cases have wrongfully accused dozens, hundreds, and sometimes thousands of people.
Previous judges who handled BitTorrent cases have made observations along these lines, but none have been as detailed as New York Magistrate Judge Gary Brown was in a recent order. Aside from effectively shutting down all mass-BitTorrent lawsuits in the Eastern District of New York, the order is a great reference for other judges dealing with similar cases. Suing BitTorrent users is fine, especially one at a time, but with proper evidence and not by abusing and misleading the courts. Brown also cites various other judges who’ve made comments on the IP-address issue. In SBO Pictures, Inc. v. Does 1-3036 for example, the court noted:

"By defining Doe Defendants as ISP subscribers who were assigned certain IP addresses, instead of the actual Internet users who allegedly engaged in infringing activity, Plaintiff’s sought-after discovery has the potential to draw numerous innocent internet users into the litigation, placing a burden upon them that weighs against allowing the discovery as designed."
"An IP address provides only the location at which one of any number of computer devices may be deployed, much like a telephone number can be used for any number of telephones."
"The assumption that the person who pays for Internet access at a given location is the same individual who allegedly downloaded a single sexually explicit film is tenuous, and one that has grown more so over time," he writes. "Thus, it is no more likely that the subscriber to an IP address carried out a particular computer function – here the purported illegal downloading of a single pornographic film – than to say an individual who pays the telephone bill made a specific telephone call."
"Different family members, or even visitors, could have performed the alleged downloads. Unless the wireless router has been appropriately secured (and in some cases, even if it has been secured), neighbors or passersby could access the Internet using the IP address assigned to a particular subscriber and download the plaintiff’s film."

Judge Brown explains that the widespread use of wireless networks makes a significant difference in cases against file-sharers. He refers to an old RIAA case of nearly a decade ago where the alleged infringer was located at a University, on a wired connection offering hundreds to tracks in a shared folder. The Judge points out that nowadays it is much harder to pinpoint specific infringers. Having an IP-address as evidence is even weaker than a telephone number, as the majority of US homes have a wireless network nowadays. This means that many people, including complete strangers if one has an open network, can use the same IP-address simultaneously. Judge Brown concludes that in these and other mass-BitTorrent lawsuits it is simply unknown whether the person linked to the IP-address has anything to do with the alleged copyright infringements.

IP-Address Can't Even Identify a State, BitTorrent Judge Rules
May 15, 2012
The mass-BitTorrent lawsuits that are sweeping the United States are in a heap of trouble. After a Florida judge ruled that an IP-address is not a person, a Californian colleague has gone even further in protecting the First Amendment rights of BitTorrent users. The judge in question points out that geolocation tools are far from accurate and that it's therefore uncertain that his court has jurisdiction over cases involving alleged BitTorrent pirates. As a result, 15 of these mass-BitTorrent lawsuits were dismissed.


FIVE YEARS the amount of time the center can retain private information about Americans when there is no suspicion that they are tied to terrorism, intelligence officials said. The guidelines are also expected to result in the center making more copies of entire databases and “data mining them” using complex algorithms to search for patterns that could indicate a threat.


Learn how to protect your privacy when you are online.

2/23/12 Web Firms to Adopt 'No Track' Button
"privacy bill of rights" gives thepeople greater control over the personal data collected about them.
Digital Advertising Alliance, which represents over 400 companies will begin adopting and honoring the system within nine months. Google Inc. agreed to support a do-not-track button to be embedded in most Web browsers. The new do-not-track button isn't going to stop all Web tracking. This is all a fake because the Loophole says if they don't commit to honoring the button then they can't be proscecuted.
The companies have agreed to stop using the data about people's Web browsing habits to customize ads, and have agreed not to use the data for employment, credit, health-care or insurance purposes. But the data can still be used for some purposes such as "market research" and "product development" and can still be obtained by law enforcement officers. The do-not-track button also wouldn't block companies such as Facebook Inc. from tracking their members through "Like" buttons and other functions. Google is expected to enable do-not-track in its Chrome Web browser by the end of this year.

Australian Gov't: Not In The Public Interest For The Public To Be Interested In Secret Anti-Piracy Negotiations

Bill of Rights


Here are the seven rights that the White House is calling for:

  • Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
  • Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.
  • Respect for Context: Consumers have a right to expect that companies will collect, use and disclose personal data in ways that are consistent with the context in which consumers provide the data.
  • Security:Consumers have a right to secure and responsible handling of personal data.
  • Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
  • Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
  • Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the consumer-privacy bill of rights.

Federal enforcement officials say there are no standard privacy rules for Web sites.

“There is no general legal requirement for companies to get rid of information,” said Christopher N. Olsen, the FTC’s assistant director of privacy and identity protection. It recently charged Facebook with failing to delete past users’ data, even though it said it had.



There’s a price to pay for using the services. MONITOR YOUR online history littering the Internet with so many pieces of YOUR personal information = customer databases ARE ALWAYS SOLD = users MAY have the right to request that images / photo albums - not go to another company.

Hotmail | MySpace profile | AOL |Hotmail | Gmail | Facebook | Twitter | LinkedIn | HootSuite | YOUTUBE | Picasa |Gowalla |Google+

The Federal governments “intelligence gathering” practices on the web.


Why are market forces so weak in protecting users’ online privacy?  Where's the Market for Online Privacy? by Scott Cleland 

The main reason is that the online marketplace is economically structured around users being a commodity, data, to be aggregated and mined, not customers to be served and protected in a competitive marketplace. That’s because the overriding economic force that created the free and open commercial Internet – the predominant Silicon Valley venture capital/IPO value creation model – was and remains largely antithetical to protecting online privacy.

Creepy Retail Stalkers



How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did!! Retailers data-mine its way into your womb. Every time you go shopping, you share intimate details about your consumption patterns with retailers. Target assigns each shopper a unique code known internally as the Guest ID number that keeps tabs on everything they buy. "If you use a credit card or a coupon, or fill out a survey, or mail in a refund, or call the customer help line, or open an e-mail we’ve sent you or visit our Web site, we’ll record it and link it to your Guest ID," Pole said. "We want to know everything we can." Target learned: "And we found out that as long as a pregnant woman thinks she hasn’t been spied on, she’ll use the coupons. She just assumes that everyone else on her block got the same mailer for diapers and cribs. As long as we don’t spook her, it works." How Companies Learn Your Secrets You should consider going the way of the common criminal and paying for far more of their purchases in cash.



Privacy Online

Privacy Icons, an alpha version. Like creative commons for privacy policies


Define Cultural Literacy and Technological Literacy.
The Problems with Web 2.0 and Social Networks

Parents: Teach Your Children Well!
Bristol Palin, Levi Johnson, Govenor Sarah Palin

Rules of Social Media by George Washington

Schools Used the Webcam to Spy on Children in their own House


National Labor Relations Board (NLRB) recently released a guide (PDF) for employers and employees wondering just how much they can post on the Internet about their workplace without fear of being fired. And the answer to "how much?" can be summed up in three words: a whole lot. "We found that the biggest misconception amongst employers was how these cases should be properly handled," Wagner said. "We found that many employers had broadly written social media policies that either didn't address the real issues of acceptable social media use, or offered broad language or impermissible rules such as forbidding employees from even mentioning their employer's name on Facebook."
The board found that many employees had come to them feeling that they had been unfairly disciplined, and in some cases terminated, for making comments online that they felt should have been considered protected speech. And in many cases, these employees were right.

Privacy Rights Clearinghouse tracks data breaches. "Even the most well-designed systems are not safe. ... This case is a good example of how the human element is the weakest link.

12/2010 Brian Kennish, a former Googler, quit Google and launches a disconnect browser extension that essentially blocks Google from tracking you. He was scared by how much Google and Facebook know about you. He is now actively building Disconnect, "a browser extension for Chrome and Rockmelt that disables multiple third party data tracking while browsing." Brian explained why he left Google to do this:

I called it quits at Google three weeks ago so I could help web users better understand the data they're unintentionally sharing and develop tools that make it simple for them to control this data (I've been referring to this effort as Web 2.1, a privacy patch for the web).

Google Profits from it's data vs. Your Privacy 2010
A confidential, seven-page Google Inc. How far should it go in profiting from its crown jewels the vast trove of data it possesses about people's activities? 2009 Google for the first time started collecting a new type of data about the websites people visit, and using it to track and show them ads across the Internet.The Federal Trade Commission does not regulate the data collecting business. The most aggressive ideas would put Google at the cutting edge of the business of tracking people online to profit from their actions. A data-trading marketplace, for instance, would allow personal information from many sources including Google to be combined and used for highly personalized tracking of individuals. Tiny companies like BlueKai Inc. and eXelate Media Ltd. already offer some of these services, pressuring Google to match them.

Recipient of Offensive E-mails Can't Force Yahoo! To Name Their Sender A plaintiff who fails to make out a claim of intentional infliction of emotional distress based on anonymous, offensive e-mails can't compel the sender's Internet service provider to reveal his or her identity, a New Jersey appeals court rules.

The FBI's Secretive Practice of "Blackballing" Files


Revealed: The FBI's Secretive Practice of "Blackballing" Files 1/17/2012
by: Jason Leopold, Truthout | Report

Have you ever filed a Freedom of Information Act (FOIA) request with the FBI and received a written response from the agency stating that it could not locate records responsive to your request? If so, there's a chance the FBI may have found some documents, but for unknown reasons, the agency's FOIA analysts determined it was not responsive and "blackballed" the file, crucial information the FBI withholds from a requester when it issues a "no records" response. The FBI's practice of "blackballing" files has never been publicly disclosed before. With the exception of one open government expert, a half-dozen others contacted by Truthout said they were unfamiliar with the process of "blackballing" and had never heard of the term.
Trevor Griffey learned about "blackballing" last year when he filed a FOIA/Privacy Act request with the FBI to determine whether Manning Marable, a Columbia University professor who founded the Institute for Research in African-American Studies, sought the FBI's files on Malcolm X under FOIA. At the time of his death last April, Marable had just finished writing an exhaustive biography on the late civil rights activist. Griffey filed the FOIA hoping he would receive records to assist him with research related to a long-term civil rights project he has been working on.
In a letter the agency sent in response to his FOIA, the FBI told Griffey that it could not locate "main file records" on Marable responsive to his request. Last November, in response to a FOIA request Truthout filed with the FBI for a wide-range of documents on the Occupy Wall Street, the agency also said it was unable to "identify main file records responsive to [our] FOIA," despite the fact that internal FBI documents related to the protest movement had already been posted on the Internet. The FBI has been criticized in the past for responding to more than half of the FOIA requests the agency had received by claiming it could not locate responsive files.
Griffey, who also teaches US history at The Evergreen State College in Olympia, Washington, and is co-editor of the book, "Black Power at Work: Community Control, Affirmative Action and the Construction Industry," was baffled. He found it difficult to believe that Marable would not have filed a FOIA for Malcolm X's FBI file. So, he sent an email to an FBI FOIA analyst asking for clarification.
The FBI FOIA analyst responded to Griffey in an email, asking him to supply additional "keywords" to assist in a search of the agency's main file records for documents on Marable responsive to his FOIA request.

The analyst then disclosed to Griffey, perhaps mistakenly, that a search for previous requests for records on Marable turned up a single file that was "blackballed" per the agency's "standard operating procedure."

So last May, Griffey again turned to FOIA, this time to try and gain insight into the blackballing process. He filed a FOIA request with the FBI seeking a copy of the agency's standard operating procedure for "blackballing" files. Two months later, he received five pages from an untitled and undated PowerPoint presentation that outlined procedures for blackballing files from FOIA requests. The FBI cited three exemptions under the law to justify withholding a complete and unredacted copy of the PowerPoint:

(b)(6) Personnel and medical files and similar files, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy.

(b)(7) Records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information:

C. Could reasonably be expected to constitute an unwarranted invasion of personal privacy;

E. Would disclose techniques and procedures for law enforcement investigations or prosecutions or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law ...

Griffey appealed the FBI's decision to withhold information contained in the PowerPoint under the (b)(7)(E) exemption, but it was denied.
Still, the PowerPoint pages the FBI did turn over to Griffey provide insight into the "blackballing" process. On a page titled, "Blackball Files," it says files identified as 190 and 197 "main files," which are FBI classifications pertaining to FOIA/Privacy Act requests for files on people and civil litigation, are blackballed unless "specifically ask[ed] for" by the requester when an initial FOIA request is made.
Moreover, the agency deems certain "control files," "separate files which relate to a specific matter and is used as an administrative means of managing, or 'controlling' a certain program or investigative matter," that pop up and are unresponsive to a FOIA to be ripe for blackballing. However, a FOIA analyst must first get permission from a supervisor before a "control file" can be blackballed.

Finally, according to the PowerPoint, some files are automatically blackballed by an FBI FOIA analyst, but the public is not permitted to know the classification of files that fall into that category because the FBI redacted that part of the PowerPoint, claiming disclosure would reveal "techniques and procedures for law enforcement investigations and procedures." "Not only are we not told when the FBI withholds material from FOIA requests, but we are not even allowed to know all of the kinds of material it withholds," Griffey told Truthout. "The law itself and not just its enforcement, is now effectively secret."
But Bill Carter, an FBI spokesman, told Truthout in an interview that "blackballing" is not about secrecy nor is the process used in any way to conceal responsive records, which the Justice Department revealed it has been doing for more than two decades in certain cases.
"Blackball is a term of art used by the [FBI's] FOIA section people in the records management division," he said. "It's an unfortunate term. It applies to people and events. It means that we pulled a file that initially looked responsive but after a review it turned out it wasn't because the file didn't match the requesters' specific request" for records.
Carter sent Truthout an email that contained an explanation of the blackballing process as provided to him by Dennis Argall, the assistant section chief of the Record/Information Dissemination Section, FBI's Records Management Division:

"[B]lackball" is a term we typically use to describe a file (not a request) that initially looked responsive but upon review we find it's for a different guy or event. It can also be used to describe a file that we won't process because, i.e., a guy makes a request for his "FBI file" in 2005 and [we] process it for him. When he makes another request for his "FBI file" in 2011, we will only process his "records" but will not process the file that was created to respond to the 2005 FOIA request, which is 190 file series [the classification the FBI uses for files requested on people].

That's exactly how the FBI described the blackballing process to attorney Kel McClanahan, executive director of Arlington, Virginia-based National Security Counselors, a public interest law firm.
McClanahan told Truthout in an email interview that he first learned about blackballing when the term was used in a set of FBI "processing notes" he requested from the agency to determine how FBI FOIA analysts had handled one of his FOIA requests. Although McClanahan believes there is "definitely a place for blackballing in the FOIA process" he said the way the FBI "does blackballing leaves a lot to be desired."

"First of all, even though [the FBI] may blackball 50 records and release 3, they never tell the requester about the 50," McClanahan said, hitting on Griffey's main complaint about blackballing. "They never mention word one about 'and we found other records that we deemed non-responsive.' The requester is left to wonder why the FBI only found 3 records about the subject in question and he will never know that they found 50 others that they ultimately deemed non-responsive unless he has the foresight to FOIA the FBI's processing notes for his request. Knowledge like that is very important when a requester is trying to decide whether or not to tie up [the Justice Department's's Office of Information Policy] with an administrative appeal, let alone litigation."

McClanahan said his concerns would largely be addressed if the FBI "only blackballed records for good reasons." "If I could trust the FBI only to blackball things that were clearly non-responsive, I don't need to know that they found completely unrelated records," he added. "However, that's not what the FBI does. I have seen it blackball records because they 'weren't FBI records,' even though they were in FBI files (they were FBI copies of other agencies' records, which any FOIA person worth his salt knows are still responsive to a FOIA request made to FBI). I've seen it blackball records because the request asked for 'internal FBI records' and the records in question were sent outside of the FBI, based on a strained interpretation of the word 'internal.'" The FBI will be forced to make a choice "if it wants to apply FOIA correctly," McClanahan said. "The agency can either limit its blackballing to records that nobody would think are responsive (e.g. different people with the same name, records outside a set time frame); or it can tell requesters in the administrative stage that it determined that certain records were non-responsive and why," he said. "Failing to do either, however, is bad FOIA."

The Cloud Mirror by Eric Gradman


Privacy is Dead - Lessons Learned from the Cloud Mirror
"It may seem obvious that a generation that's had access to social networks since they learned to type would have notions of privacy different from your own. But there's no clearer illustration of that than the Cloud Mirror. Over the course of the week, I saw groups of junior- and high-schoolers register with the Cloud Mirror without a moment's hesitation. What happened next was even more fascinating. They would proceed to literally *shove* one another out from in front of the camera, hungry for a moment on stage presenting the social network they'd so carefully cultivated . There wasn't a hint of hesitation in their actions. To them, the Internet is for sharing." The lesson here is that if you give someone a shiny trinket, they'll give you their password in return. The Cloud Mirror reveals our online identities, but it also reveals that we're easily persuaded to exchange personal data for a shiny trinket or a quick laugh.

2013 iCloud spam filter to blame for auto-deletion of emails containing pornographic phrase "barely legal teen." As part of the iCloud's Terms and Conditions, the company notes that it can pre-screen or otherwise modify content at any time:

You acknowledge that Apple is not responsible or liable in any way for any Content provided by others and has no duty to pre-screen such Content. However, Apple reserves the right at all times to determine whether Content is appropriate and in compliance with this Agreement, and may pre-screen, move, refuse, modify and/or remove Content at any time, without prior notice and in its sole discretion, if such Content is found to be in violation of this Agreement or is otherwise objectionable.

iCloud's so-called "silent email filtering" raises questions as to the reliability of Apple's service as an inadvertent phrase flagged by the spam blocking system could cause a user to never receive a message. The situation is concerning given both iCloud users and senders have no way of knowing an email was not received as the messages are simply deleted. Other services, like Google's Gmail, Yahoo Mail or Microsoft's Outlook, are not known to have such measures in place.


[ Big Brother - Einstein 3 ]
$17 billion - Einstein grew out of a still-classified executive order, called National Security Presidential Directive 54, that President Bush signed in 2008.

  • Einstein 1: Monitors Internet traffic flowing in and out of federal civilian networks. Detects abnormalities that might be cyber attacks. Is unable to block attacks.
  • Einstein 2: In addition to looking for abnormalities, detects viruses and other indicators of attacks based on signatures of known incidents, and alerts analysts immediately. Also can't block attacks.
  • Einstein 3: Under development. Based on technology developed for a National Security Agency program called Tutelage, it detects and deflects security breaches. Its filtering technology can read the content of email and other communications.

Einstein 3 reportedly can read the content of email and other Internet traffic. It can also intercept threatening Internet traffic before it reaches a government system, thanks to technology based on a similar program used by the NSA.
The classified NSA system, known as Tutelage, has the ability to decide how to handle malicious intrusions — to block them or watch them closely to better assess the threat, sources said. It is currently used to defend military networks. Utah will host new $1.9 billion NSA spy center
An American Bar Association panel said this about Einstein 3 in a September 2009 report: "Because government communications are commingled with the private communications of non-governmental actors who use the same system, great caution will be necessary to insure that privacy and civil liberties concerns are adequately considered."
Privacy Impact Assessment document on Einstein page 18, “In this day and age it is assumed computer users are aware that they are voluntarily providing some information to the government when they communicate with it via the Internet. Electronic mail and Internet users have no expectation of privacy in the to/from addresses of their messages or the IP addresses of the websites they visit.” Deployment of the Einstein System on 3 major carriers – AT&T, Qwest and Sprint.



Coupons TELL ALL


A new breed of coupon, printed from the Internet or sent to mobile phones, is packed with information about the customer who uses it. While the coupons look standard, their bar codes can be loaded with a startling amount of data, including identification about the customer, Internet address, Facebook page information and even the search terms the customer used to find the coupon in the first place.


Adrianne Jeffries 12/13/11
Yesterday afternoon, this reporter was scrambling to finish reporting a forward-looking story about how banks are exploring the possibility of using social media data to judge loan and credit applicants. My editor wanted a quote from a privacy advocate, so I immediately thought of Eben Spying for Free Moglen, a militant digital privacy advocate, founder of the uber-secure personal server FreedomBox, and the inspiration for the decentralized social network Diaspora. In hindsight, perhaps I should have just called Cory Doctorow.

Mr. Moglen, a law professor at Columbia University, was not particularly interested in talking about banks using social media to spy on their customers.

Everyone who uses Facebook, Twitter and the like shares the blame for the serious and ongoing global erosion of privacy enabled by the internet, he said. Banks aren’t the problem, he said; the users tempting banks with their Twitter and Facebook postings are the problem. As are reporters who write about privacy issues with social media without first closing their Facebook accounts.

I call Mr. Moglen’s office

Me: I’m looking for… like, whether this is a privacy issue?

Mr. Moglen: I don’t understand what that means.

The data is a privacy issue because we have an enormous ecological disaster created by badly-designed social media now being used by people to control and exploit human beings in all sorts of ways.

That’s the consequence of social media structures which encourage people to share using centralized databases, and everything they share is held by someone who is no friend of theirs who also runs the servers and collects the logs which contain all the information about who accesses what, the consequences of which is that we are creating systems of comprehensive surveillance in which a billion people are involved and those people’s lives are being lived under a kind of scrutiny which no secret police service is the 20th century could ever have aspired to achieve. And all of that data is being collected and sold by people whose goal it is to make a profit selling the ability to control human beings by knowing more about themselves than they know. Okay? That’s true of all this information all the time everywhere. The thing you’re working on is simply one of 100,000 implications of that disaster.

Me: Right.

Mr. Moglen: Okay, so have you closed your Facebook account and stopped using Twitter?

Me: Have… I?

Mr. Moglen: Yes, you!

Me: No, I can’t!

Mr. Moglen: (getting agitated) Of course you can, if you don’t want to be in a situation in which you are more heavily surveilled than the KGB or Stasi or Securitate or any other secret police ever surveilled anybody (indistinguishable) and what do you mean you ‘can’t'? I can, how come you can’t?

Me: Well, everyone else is using it.

Mr. Moglen: That’s not true. And besides, if everybody else is using them then I couldn’t be doing what I’m doing. I’m not using them. You’re quite wrong.

Me: Right…

Moglen: Right. But you’re not going to do anything about that. So you’re using them and every time you tag anything or respond to anything or link to anything, you’re informing on your friends. You’re part of the problem, you’re not part of the answer. Why are you callng up to ask me about the problem you’re creating?

Me: Well, I was hoping you might be ableto help me think about this particular—

Mr. Moglen: I have helped you. And you have refused to help me back. I’ve told you this is an ecological problem created by people doing a silly thing.

Me: I think the problem is, people have trouble understanding why, like what the real dangers are—

Mr. Moglen: But that’s not the problem! You know what the problem is. The problem is, even though you know what the problem is you’re continuing to make it worse.

Me: It just doesn’t seem like the consequences are that bad.

Mr. Moglen: The problem isn’t people who don’t know! The problem is people like you who do know and go on making it worse. Right?

Me: Well I think for me personally—

Mr. Moglen: Well, now you know. So you should stop now. And not only should you stop, you should get the people around you to stop. If you get the people around you to stop, they’ll get the people around them to stop and we’ll fix the problem. It’s like littering. Why are you calling me up to ask me about the social consequences of your littering without stopping doing it? And then when you tell me a fatuous thing like you ‘can’t,’ it’s perfectly clear that whatever you do here, it won’t be civic journalism because it won’t result in a better world.

Me: Uh, okay. I hear what you’re saying.

Mr. Moglen: No, you don’t actually. You just want to claim you hear what I’m saying.

Me: Well just for me personally right now, the utility seems to—

Mr. Moglen: Oh, no, no, no, no, no, no! You see that’s not true. You injure other people today also using social media. You’ve informed on them. You’ve created more records about them. You’ve added to the problems not of yourself but of other people. If it were as simple as just you’re only hurting yourself I wouldn’t bother pointing it out to you. See, that’s the difference, okay? The reason that this all works is that even when you know you’re hurting other people, you’re too selfish to stop. And there are hundreds of millions of people like you. That’s why it works.

Me: What’s the damage?

Dr. Moglen: Well you called me, you know what the problem is. People lost their homes. People lose their money. People lose their freedom. You know because you saw it, because you’re following this, that Facebook now acknowledges what we said for a long time and they didnt acknowledge, that every single photograph uploaded to Facebook is put through facial recognition software they call PhotoDNA which is used to find people for whom any law enforcement agency in the world is looking. You understand? So every time you upload a photograph to Facebook or put one on Twitter for that matter you are now ratting out anybody in that frame to any police agency in the world that’s looking for them. Some police agencies in the world are evil. That’s a pretty serious thing you’ve just done. But you do it all the time. And when I asked you to stop you tell me you can’t, which is an antisocial thing to say.

Me: That wasn’t a totally serious answer.

Mr. Moglen: Of course it was a totally serious answer. It’s the truth. You’re not going to do anything about fixing this problem. You’re going to claim that it’s just something you’re reporting and then you’re going to go right back to making it worse. And if you ever call me up again to ask me about yet another one of these things you’ll still be making it worse, because although you can report the problem you can’t take social responsibility for your part in causing the problem. That’s why I tell you it’s like littering. You should stop doing it before you write in the newspaper that there’s too much garbage on the street.

Me: Okay. Well thanks for your help. I appreciate it.

Mr. Moglen: No it wasn’t helpful, it was hurtful because I told you the story you’re working on is the story of your own anti-social behavior and that of people like you. It’s not helpful.

What you want to know is that somewhere there’s a regulator who might stop the bank. But you don’t want to hear that the regulator we really need to call upon is you, yourself. Right? You don’t want to write that in the newspaper. I guarantee you whatever story you file will treat this as a problem caused by everyone except the readers at The Observer and that will be false. The problem is caused by people who would like a little help spying on their friends. And in a genteel way, that’s what the social media offers. They get to surveil other people. In return for a little bit of the product, they assist the growth of these immense commercial spying operations. The commercial spying operations are used to empower people who have lots to get more from people who have less. They lead to a more unequal society. More unequal in economic terms and more unequal in political terms. The users, as with most stuff that’s dangerous that’s sold to people, the users are the victims and even the stuff you write which purports to be critical will do everything except telling people the central fact, which is they have to stop using.

Me: I think that’s totally relevant and will definitely put it in. (N.B.: In the end, I did not put this in the story for several reasons, not the least of it was the fact that it was late and over word limit.)

Mr. Moglen: Well, we’ll see what gets past your editor. That much there’s a test for. I can see what The Observer publishes. Now, assuming all that, and assuming you’re actually going to give even an instant’s consideration to your own part in creating this ecological nightmare, what else do you want to know?



Federal Trade Commission officials have been vocal, saying that privacy policies of companies are not clear or accessible enough to protect visitors, and debating whether online data is being used appropriately.

You aren't searching annonymously





May 17th, 2010 Web Browsers Leave 'Fingerprints' Behind as You Surf the Net
EFF Research Shows More Than 8 in 10 Browsers Have Unique, Trackable Signatures
New research by the Electronic Frontier Foundation (EFF) has found that an overwhelming majority of web browsers have unique signatures -- creating identifiable "fingerprints" that could be used to track you as you surf the Internet. The findings were the result of an experiment EFF conducted with volunteers who visited The website anonymously logged the configuration and version information from each participant's operating system, browser, and browser plug-ins -- information that websites routinely access each time you visit -- and compared that information to a database of configurations collected from almost a million other visitors. EFF found that 84% of the configuration combinations were unique and identifiable, creating unique and identifiable browser "fingerprints." Browsers with Adobe Flash or Java plug-ins installed were 94% unique and trackable.

Google Toolbar Tracks Browsing Even After Users Choose "Disable" even after a user specifically chooses to "disable" the Google Toolbar, and even after the Google Toolbar disappears from view, Google Toolbar continues tracking users' web browsing -- including the specific sites visited, pages browsed, and searches conducted. Learn how Google's installation -- which lets users activate these transmissions in a single click, while making it much harder to cease the transmissions and compare Google's current notice/consent process to Google's 2004 version, finding important declines in both presentation and substance of disclosures. ~ Ben Edelman


Google Toolbar Tracks Browsing Even After Users Choose not to so that we can be tracked for advertisers.


Federal Trade Commission Groups Far Apart on Online Privacy Oversight has been examining whether online privacy should be regulated. The debate has grown louder as technology companies are tracking and profiling people in new ways, Congress is showing an interest in the subject, and companies are trying to avoid government intervention.

This year, Google began running online advertisements based on consumers' online behavior patterns.,


A Little 'i' to Teach About Online Privacy

2010 Most major companies running online ads are expected to begin adding the icon to their adsalong with phrases like “Why did I get this ad?” When consumers click on the icon, a white “i” surrounded by a circle on a blue background, they will be taken to a page explaining how the advertiser uses their Web surfing history and demographic profile to send them certain ads.

Mihajlo Zeljkovic, and Craig E Wills have a Web site that detects sites that your browser has visited.
The site then shows you how your browsing habits are tracked by third-party sites for advertising purposes along with information such as location, age and gender that is inferred about you by these advertisers. The site does not store any information such as cookies or IP address that could identify you.  By participating you will not only be able to see your results, but aggregate results of others who have participated.

Ruling Limits Prosecutions of People Who Violate Law on Privacy of Medical Records
The ruling was a surprise to many lawyers. Robert M. Gellman, an expert on privacy and information policy, said, "Under this decision, a tremendous amount of conduct that is clearly wrong will fall outside the criminal penalties of the statute," the Health Insurance Portability and Accountability Act of 1996.

If a hospital sells a list of patients' names to a firm for marketing purposes, the hospital can be held criminally liable, Mr. Gellman said. But if a hospital clerk does the same thing, in defiance of hospital policy, the clerk cannot be prosecuted under the 1996 law, because the clerk is not a "covered entity."

© Educational CyberPlayGround ® All rights reserved world wide.