Your Privacy Rights



The Privacy Act prohibits the disclosure of personal information, no matter how this information is gathered. The consumers’ control and knowledge applied to on the internet come under two categories- purchasing and surfing. The legal protection law for individual privacy in the United States has been passed fairly recently, and limits the protection of data. Data collection methods have raised concerns about consumer privacy. The FTC, in their efforts to ensure success, has developed principles that would protect consumers and the information they choose to display. The USA PATRIOT Act was put in to effect in reaction to the 9/11 Terrorist attacks. To prevent terrorism in the United States by keeping an eye on communication around the country, the Government felt that terrorism could be diminished. This Act gives the Government powers to disregard privacy concerns of the citizens in the face of national security concerns.
Electronic Communications Privacy Act (ECPA) lays the precincts for law enforcement having access to personal electronic communiqué and electronic records like emails, documents, pictures etc. With the immense growth in the use of computers, many people store copious data on servers that can be visible to many parties in the infrastructure business. The ECPA protects this material from being accessed by law administration. The exclusions to this law allows the ISP to view private e-mail if the sender is suspected of attempting to damage the internet system or attempting to harm another use,  the ISP can  reveal information from a message if the sender or recipient allows disclosure or in the event of a court order or law enforcement’s subpoena.
The Electronic Communications Privacy Act (ECPA) makes it illegal under certain conditions for anyone to read or disclose the content of any electronic communication (18 USC § 2511).
However, below are some exceptions to ECPA
a.            The ISP may view private e-mails of its subscribers if it doubts the sender is endeavoring to damage the system or damage another user. However, arbitrary monitoring of e-mail is normally forbidden.
b.            The ISP may lawfully view and reveal private e-mail if either the disseminator or the receiver of the message consents to the scrutiny or revelation. Many ISPs require a consent agreement from subscribers when signing up for the service.
c.             If the e-mail server and software is owned  or hosted by an employer, the employer may examine the contents of employee e-mail on the system. Therefore, any e-mail sent from a business location, device or using a host server owned by the employer or paid for by the employer is probably not private. Several court cases have determined that employers have a right to monitor e-mail messages of their employees.
d.            ISP’s may be required to disclose personal information in response to a court order or a subpoena.  A subpoena may be obtained by law enforcement or as part of a civil lawsuit.  A subpoena as part of a private civil lawsuit, defamation or a divorce case may disclose more personal information.
The USA PATRIOT as amended in 2006, makes it easier for the government to access records about online activity of the subscribers.  In an effort to increase the speed in which records are acquired, the Act eliminates much of process required to acquire private data. 6
In the case of U.S. v. Warshak (December 14, 2010), the Sixth Circuit Court of Appeals ruled that although an ISP has access to private e-mail, the government must obtain a search warrant before seizing such e-mail.  The decision is particularly significant to the degree that it could incentivize Congress to reassess the federal statutes that, in some cases, do allow warrantless searches of e-mail.
Online discussion and message boards are also list servers. These can be open or closed boards for discussion groups and sometimes the privacy policy for these boards allow inspection and disclosure of all the content posted. Message notifications or summaries are posted as emails to the participants and most of the boards archive the discussions.
In Feb 2012, the US Government signed a covenant to put some new guidelines in place to regulate the information that can be asked and received from people on the Internet. These new regulations are a “privacy bill of rights.” And corporations are expected to change their privacy policies to ensure that personal information of their customers will only be used for purposes that that be specifically agreed to by the user. 
The National Telecommunications and Information Administration in partnership with several privacy activist groups are working to develop “codes of conduct” for companies who collect personal information.
This document lays out seven rights.
a. Individual control. The companies have to provide easy to understand policies on what data they are collecting and how they will use this data.
b. The individual has the right to transparency and knowing the exact reason as to why the data is being collected at all.
c. The corporations cannot decide to use the data as they wish for another purpose other than what has been communicated to the individual.
d. Adequate security for customer data needs to be provided.
e. Individuals have rights to edit their data and therefore should have acess to all their date for editing and keeping current.
f. Corporations are only allowed to collect the data they need. They are not allowed to collect any incidental data.
g. Corporations are accountable to individuals for lost and misplaced data.
As privacy management develops in terms of improvements in efficacy and the growing intricacy of the challenges establishments face; accountability is evolving as a essential element of handling personal information. In specific terms all regulators and executives are looking at corporations to be more accountable for their actions. On a corporate level, accountability is taking form in:
• Implementation of Privacy by Design (PbD) and Privacy by ReDesign (PbRD)
• Redefinition of the role of the privacy professionals
• Acceptance the concept of BCR (Binding Corporate Rules)
• Cultivating internal monitoring, with the use of data loss prevention (DLP) tools
Governments are adopting steps to legalize the use of personal information and industry forums are exploring self-regulation to ensure that their interests are served before they have to succumb to greater restrictions, should they not assume responsibility on privacy. In 2011 in the European Union (EU), the European Commission (EC) modified its Electronic Communication Directive to give customers more control over their individual data. EU data protection rules and the new EC directive requires EU member states to induce electronic publishers to get consent from users before tracking their online behavior through cookies or other methods.

How your personal information becomes public on the internet Part 2


In part 2 of exploring how your actions online translate into your information being stored and used by unknown parties. Here are a few more ways. 


Cookies:  When users visit different Web sites, most of the sites deposit data about the user visit, called "cookies," on the user’s hard drive. Cookies are then used to send pieces of information by the Web server to a user's browser for purposes of identification, authentication, marketing, shopping cart information or browsing history etc. Cookies may include information such as login or registration identification, user preferences, online "shopping cart" information, and so on. The browser saves all the information, and sends it back to the Web server whenever the user returns to the Web site. The Web server may use the cookie to adapt the information, content or format that it sends to the user, or it may preserve tracking of the different pages within the site that the user accesses.
If a user uses the Internet to buy a product or download a service, the user’s details, credit card information or address are all stored in a cookie.  Cookies that are used by websites to advertise products and services are called first-party cookies.
Other cookies, called third-party cookies, transfer data about users to advertising clearinghouses which in turn shares that data with other online marketers.  Many websites have begun to utilize a new type of cookie called a "flash cookie" (sometimes also called a "supercookie") that is more persistent than a regular cookie. 

Fingerprinting: A device fingerprint is the software and hardware settings collected from a computer.  When a computer goes online, it broadcasts these details to other computers that it communicates with. These details can be collected and patched together to form a distinctive "fingerprint" for that specific device. This fingerprint is allocated an identifying number and used in the network to define that specific device to track the computer or mobile device. This is a very useful technique in tracing cyber criminals.

GPS and data capture: Many GPS and location based services companies work all the time to capture locations, draw maps and places of interest the world over thus collecting data about places and intermittently people. In the much recent case of Google Street View case, Google was fined $25,000 for obstructing an FCC investigation into whether Google violated user privacy by collecting Wi-Fi data during its Street View project. The examination involved Google capturing data from its Street View car which provided a photograph of what users were doing at the time. Google initially denied the charge, and then submitted that it was only "fragmented data," before finally confessing that full emails, URLs, and even passwords were captured and stored. Data was only taken from open networks with no security.


a               Websites, Interactive Chat and Social Networks
Domain names: Many internet users own a website for their self or their businesses by booking a Web site address or URL (Uniform Resource Locator), called the domain name.  Domain registrations are public information unless you pay an additional fee to make your domain name private through Domain Registrants and resellers. The Domain ownership is easily searched through tracking the URL’s Whois. Many people or establishments try to keep domain ownership information private for reasons of privacy.
Blogs:  Journals and blogs or newsletters where content is frequently updated to update the clients of the business or group of interested people on the business or personal apprises are called Blogs.  Depending on the blog service used to post the blog, the user’s private information may be available. Generally blog services, through their service agreements and personalized controllable setting allow the amount of information that the user may be able to make public. Comments on the blogs or newsletter can also be controlled by settings in the blog. Blogs record IP addresses and the identity of the person updating the blog or commenting on it can be fairly easily traced.
Social Networks like Facebook, Twitter: The social networks have come under a lot of flak for weak privacy since a lot of user information is available on these servers. Users on Facebook link to people (known and unknown) and share their personal data, pictures, location and details about their activities through the social site leaving quite a few personal security loopholes in the process. Recently a home was robbed in Australia because one of the family members uploaded a picture of cash at home on facebook.


 Financial Transactions and Bill Payments Online
             Online banking:  Online banking is extremely prevalent in the finance and it has moved on to mobile banking as well. Customers are able to check balances,transfer money between accounts, and track transactions online. Using online banking, customers transmit a huge amount of private and sensitive financial and personal data through online website channels. Though most online banking systems use a high degree of encryption technologies and authentication techniques, a lot of information does get stored intermittently in cookies.  

 

How your personal information becomes public on the internet Part 1


As most of our personal and private lives continue to be greatly resident on the internet, it is very important for internet users to understand that although the Internet permits us to increase communication, remove physical obstacles, and grow our knowledge. Its engagement with all aspects of our society has been quite intricate We normally assume that the same formal laws or societal rules that protect your privacy in the physical world apply to the digital world as well. However, the laws concerning online privacy are still being established.
Every site visited and any interaction that you may have had on your computer leaves a track that can be traced to you. Any information that you explicitly or inadvertently provide while your traverse content or transactions on websites is stored and used to determine your identity, preferences and profile.
a    Subscription to an Internet Service
There are thousands of Internet Service Providers (ISP’s) that enable your computers to be linked to the internet.  Each computer in the world connected to the Internet, has a unique address, known as its IP address (Internet Protocol address). It takes the form of four sets of numbers separated by dots, for example: 193.42.97.110. This IP Address allows your computer to send and receive information over the Internet connection.  Depending upon your type of service that has been subscribed to with the ISP, the IP address may be "dynamic", that is, one that changes occasionally, or it may be "static", which is permanently assigned to the connection or contract for the length as the service.
The IP address does not provide personally identifiable information (PII). However, since the service has been bought from the ISP, they retain all personal data about their subscribers.  Most ISPs do not disclose their data retention policies. However, they are bound to disclose subscriber information on basis of any court orders asking them to do so.  Subscriber information is not made public but is retained for traffic analysis and purposes of national security.

      Signing up to an Email service or a List Server
The email communication itself carries a lot of information data about the sender of the email. The data included, apart from the content includes the IP address, the details of the ISP, the Mac ID of the computer or any other mobile device you may have used along with all the details of your location, servers that the mail used to relay etc.  Through email communications, users also give away a lot of information in the content which may or may not be private. The Electronic Communications Privacy Act (ECPA) makes it illegal under certain conditions for anyone to read or disclose the content of any electronic communication. However, below are some exceptions to ECPA
a.     The ISP may view private e-mails of its subscribers if it doubts the sender is endeavoring to damage the system or damage another user. However, arbitrary monitoring of e-mail is normally forbidden.
b.     The ISP may lawfully view and reveal private e-mail if either the disseminator or the receiver of the message consents to the scrutiny or revelation. Many ISPs require a consent agreement from subscribers when signing up for the service.
c.     If the e-mail server and software is owned  or hosted by an employer, the employer may examine the contents of employee e-mail on the system. Therefore, any e-mail sent from a business location, device or using a host server owned by the employer or paid for by the employer is probably not private. Several court cases have determined that employers have a right to monitor e-mail messages of their employees. 
d.     ISP’s may be required to disclose personal information in response to a court order or a subpoena.  A subpoena may be obtained by law enforcement or as part of a civil lawsuit.  A subpoena as part of a private civil lawsuit, defamation or a divorce case may disclose more personal information.
The USA PATRIOT as amended in 2006, makes it easier for the government to access records about online activity of the subscribers.  In an effort to increase the speed in which records are acquired, the Act eliminates much of process required to acquire private data. Online discussion and message boards are also list servers. These can be open or closed boards for discussion groups and sometimes the privacy policy for these boards allow inspection and disclosure of all the content posted. Message notifications or summaries are posted as emails to the participants and most of the boards archive the discussions.
a    Internet Browsing
Most internet browsers allow users to relay and store information and data to the website owning corporations. The data may be relayed through cookies or by the users submitting their personal data to register or transact. The browser also records the information about the IP address and the logs of sites visited by a user to the web site operators. Most browsers give users some control over how much information is kept and stored by the cookies. Users have the ability to change the settings to restrict cookies and enhance the privacy. A high privacy setting disallows users to use online banking or shopping services since authentication of users may become an issue.  Most browsers also offer a "Private Browsing" extension to increase user privacy.
Search Engines:  A lot of users on the internet navigate the Internet by using search engines like Google or Bing. Search engines have and use the ability to track each one of your searches. They can record your IP address, the search terms you used, the time of your search, and other information. Google has just updated its Privacy  policy to simplify it in March 2012. Their privacy policy lays out in simplistic terms what information they collect and how they will use it.
User search strings on search engines may also store some important data that users inadvertently search for. For instance if a user searches for any web information on his own personal information such as his phone number, the search engine string will retain that search string and the search engine will have a record of our phone number.
Most search engines also advocate that they need to preserve personal data of their users, in part, to deliver competent services, to prevent security threats, to keep people from gaming search ranking results, and to combat click fraud scammers or to ensure national security. Yahoo holds data for 18 months; Bing holds it for 6 months and Google for 9 months. An engine operated by ixquick (https://www.ixquick.com/), based in The Netherlands, is the world’s most private search engine.  Under their methodology they remove all PII from user query before submitting it anonymously to Google 
 ( To be Continued ...) 
 

Pages

SO WHEN DOES LIFE BEGIN ?

We have been fighting a religion defined definition of “ when did the life of a fetus begin”. It is a trap. The debate around this whole con...