The Right to Privacy

The more technological advanced we become, the higher the degree the potential exists for an invasion of our privacy. Imagine how difficult it must have been for people’s personal information to get stolen—10,000 years ago.

2PWe now live in a world where someone half-way around it from you can nab your most personal information in seconds.

Our right to privacy is just as strong now as it ever was, despite the ease at which criminals and snoops can get your personal data.

Famed attorney and associate justice on the U.S. Supreme Court Louis Brandeis was a champion of a person’s right to privacy, and defined the right of a person “to be let alone” as “the most comprehensive of rights, and the right most valued by civilized men.”

To keep up with the increasing ease of stealing a person’s data, legal remedies and privacy enabling software have been developed.

The Internet is infested with spammers, scammers, and hackers. Do you know that these spammers and hackers can easily monitor your online activities and steal your personal data like credit card information and passwords?

Even your Internet Service Provider (ISP) spies on you! They monitor, track, and keep a record of all your web activities. The websites you visit, the software you download, your online purchases, and everything else are recorded and saved by your ISP.

If this bothers you, you now have options available to protect your privacy and identity. Just download and use Hotspot Shield software. It acts as an IP hider to mask or change your IP address and protect your privacy, while securing your Web browsing session at the same time.

“THE RIGHT TO PRIVACY,” by Samuel D. Warren and Louis D. Brandeis, appeared in the Harvard Law Review in December of 1890.

From that are derived six applicable limitations:

1. “The right to privacy does not prohibit any publication of matter which is of public or general interest.” Warren and Brandeis give elaboration on this exception to the right to privacy by stating:

In general, then, the matters of which the publication should be repressed may be described as those which concern the private life, habits, acts, and relations of an individual, and have no legitimate connection with his fitness for a public office which he seeks or for which he is suggested, . . . and have no legitimate relation to or bearing upon any act done by him in a public or quasi public capacity.

2. The right to privacy does not prohibit the communication of any matter, though in its nature private, when the publication is made under circumstances which would render it a privileged communication according to the law of slander and libel.

3. The law would probably not grant any redress for the invasion of privacy by oral publication in the absence of special damage.

4. The right to privacy ceases upon the publication of the facts by the individual, or with his consent.

5. The truth of the matter published does not afford a defense. Obviously this branch of the law should have no concern with the truth or falsehood or the matters published.

6. The absence of “malice” in the publisher does not afford a defense.

With regard to remedies, a plaintiff may institute an action for tort damages as compensation for injury or, alternatively, request an injunction.

A closing point to make is that Warren and Brandeis recommend that criminal penalties be imposed for violations of the right to privacy, but they decline to elaborate further on the matter, deferring rather to the authority of the legislature.

Source: http://faculty.uml.edu/sgallagher/Brandeisprivacy.htm

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Recognize Your Willingness to give up your Privacy

If a stranger stopped you on the street and requested your e-mail address and birthdate, would you give it to that person? A rational person would never give up this information.

1PThis is the same guard you should have when giving out your personal information to set up an online account, setting up a social account or to get some bargain or great deal on a product or service. Most people will give up all their data for 10% off at a shoe store.

Many people blindly give out personal information online or in person to get that bargain. Sometimes, these choices are made by people who claim to value their privacy.

Those same people may not know that every time you log into free unencrypted WiFi you are most likely revealing everything you communicate on a PC, laptop or mobile? This is why an encrypted connection like one provided with Hotspot Shield is very necessary.

A study from Carnegie Mellon University, conducted by Alessandro Acquisti, turned up some very interesting results.

He sent some graduate students to a shopping mall near Pittsburgh. The students were instructed to offer a $10 discount card, with an extra $2 discount to shoppers in exchange for their shopping information. Half turned down the extra offer. The $2 wasn’t enough to get them to reveal their shopping cart items.

Another group of shoppers was offered a $12 discount and the choice to exchange it for $10 if they desired to keep their shopping data private. Ninety percent decided to keep the $12 discount, which meant they were willing to reveal their shopping data.

What gives?

It looks as though if people already have ownership of private data from the get-go, they’re more likely to value it. If it’s yet to be acquired, however, the value placed on it is less.

So getting back to cyber space then, have you ever wondered if the data, that the online advertising industry collects on you, is truly scrambled so that it’s not possible to identify individuals?

Acquisti conducted another experiment. With a webcam he took snapshots of about 100 campus students. It took only minutes for him to identify about 30 percent of these nameless students by using facial recognition software.

He then went a step further and gathered enough information on about a quarter of the identified students via Facebook to guess a portion of their Social Security numbers.

Acquisti showed how simple it is to identify people from scratch because they leave a data trail in cyber space—and this includes photos. This shows how easy it is for criminals to use Facebook to steal a person’s identity.

Though it would violate Facebook’s terms of service to register a fake birthdate, the user needs to be aware of the tradeoff: Identity thieves love to find birthdates.

Facebook says that the user can control who sees personal information. So you just have to weigh the pros and cons. Is receiving well wishes on your birthday worth the risk of a thief using your basic information to steal your identity?

And by the way, thieves can use your Facebook profile photo to help steal your identity. Maybe this is why some people use their baby’s or dog’s photo for their Facebook photo?

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Can your Privacy Policy be Read by a 5th Grader?

Zero. The number of people who have ever read word for word—and understood—a website’s privacy policy.

2PWell, maybe not zero, but the actual number is pretty close to it. And this excludes the lawyers who compose these thick walls of tiny text that are filled with legalese.

How many people even open the link to the privacy policy? After all, it’s almost always at the bottom of the site page, called “Privacy Policy,” in a font that doesn’t even stand out.

It’s time that the privacy policy (aka transparency statement) be short, sweet and simple, with an attractive graphic to catch the visitor’s attention. The purpose of a privacy policy seems to be to inform the website visitor/user just how that person’s data will be used by the business or enterprise that the site is for.

But more accurately, the purpose is for the statement to protect the business in the event of a dispute.

Why don’t businesses introduce a short, in-plain-English statement with the sole purpose of explaining privacy and data protocols; right to the point, no legalese filler fluff? And easy to access while they’re at it. The larger, complicated privacy policy could back up the short, simple transparency statement. Over time, the way the big, and the little, statements work in tandem could be refined.

With this upgrade in the “privacy policy,” visitors to sites will be able to make better choices and have a firmer grip on how the site manages their data.

Just think how much smoother things would be if every website had a link titled “Transparency Statement” that took you to a one-page document with a friendly font size and no legalese. Better yet, why not call the “transparency statement” something like, “How we handle your private information.”

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Your Customers’ High Cost of Privacy

This writer has said numerous times that privacy is waning and dying. Partly because we have allowed it with our bazillion posts to social and partly because of the shift from print advertising to digital. During that shift, lots of creative types figured out how to figure you out and get inside your digital head. But all at a cost of your privacy.

1PArwa Mahdawi in the Gurdian brilliantly posed “Privacy isn’t dead, but it’s getting very expensive.” So true.

Ask yourself: as a decision maker for your business or employer, when it comes to protecting your organization’s customers’ or clients’ personal data, how proactive are you? And even if you’re proactive, are you aware of just what is involved on the part of the customer/client to ensure that their personal information doesn’t get into the wrong hands?

Or perhaps you’re not very active in this realm at all, figuring that it’s “up to the customer” to figure out how to secure their data, or that it’s the responsibility of the banks and credit card companies.

I contend that businesses who collect valuable data from customers and profit from it – from email addresses, to credit cards to SSNs – have the responsibility to protect the data collected. Otherwise customers inclined to do so must pay a fee to have their personal information protected. That business is booming.

It’s fair to speculate that if businesses, such as retailers and healthcare organizations, had an excellent history of keeping customers’ data airtight, the protection of privacy wouldn’t have become something that people must pay for.

Of course, there are ways that consumers can protect their privacy without paying for it, such as giving up the use of credit and debit cards, always remembering to disconnect their mobile device in public when they don’t need to be online, never seeing doctors, disabling their cookies, etc.

But let’s face it, these free approaches are impractical or even impossible. How many Internet users even know how to disable their cookies, or even what a cyber cookie is? How many know what a VPN is?

Consumers should not have to be tech savvy or have a lot of money or make impractical lifestyle changes in order for their private information to be leak-proof.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Risk Reduction: #1 Concern of Bank Boards

The Bank Director’s 2014 Risk Practices Survey reveals some very interesting information about the risk management programs that bank boards have in place.

11DIt’s classically challenging for many banks to assess how risk management practices affect the institution. However, banks that have worked at measuring the impact of a risk management program report favorable outcomes on financial performance.

Survey Findings

  • 97 percent of the respondents reported the bank has a chief risk officer in place or equivalent.
  • 63 percent said that a separate risk committee on the board oversaw risks.
  • 64 percent of banks that have the separate risk committee reported that the bank’s strategic plan plus risk mitigation strategies got reviewed; the other 36 percent weren’t doing this.
  • 30 percent of the respondents believed that the bank’s risk appetite statement encompasses all potential risks.
  • Of this 30 percent, less than half actually use it to supply limits to the board and management.
  • The survey found that the risk appetite statement, risk dashboard and the enterprise risk assessment tools aren’t getting fully used.
  • And only 30 percent analyze their bank’s risk appetite statement’s impact on financial execution.
  • 17 percent go over the bank’s risk profile monthly at the board and executive level, and about 50 percent review such only quarterly; 23 percent twice or once per year.
  • 57 percent of directors believe the board can benefit from more training in the area of new regulations’ impact and possible risk to the bank.
  • 53 percent want more understanding of newer risks like cyber security issues.
  • Senior execs want the board to have more training in overseeing the risk appetite and related issues.
  • 55 percent believe that the pace and volume of regulatory change are the biggest factors in leading to risk evaluation failures.
  • Maintenance of data infrastructure and technology to support risk decision making is a leading risk management challenge, say over 50 percent of responding bank officers, and 40 percent of survey participants overall.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Private Identifiers Not Private

Today’s commerce occurs very much online, with products and services ranging from A to Z. Hence, these many online merchants have hundreds of millions of people around the globe registered with them for convenient purchases.

1PTo verify authentication as the true user of these services, the registrant must supply personal data. If cyber criminals get ahold of this data, much of it can be changed by the user after the breach, such as user name, password and even the address they’ve been using.

However, the Social Security Number and date of birth cannot be changed. When cyber crooks get personal data off of these online retailers and service providers, it invades the customer’s privacy.

Online enterprises must take full responsibility for stolen data. It’s a real serious issue when permanent (“static”) data like DOB and SSN is breached, as opposed to temporary data like a password or answer to a security question.

Of course, the registrants to these sites do bear some culpability when they post their personal data in the public domain. But business sites make posting personal data a requirement to use their site. Unique data like the SSN should not be a requirement.

The online commerce world should know that such a requirement destroys confidence in current and potential customers, and that their competitors who abandon this practice will have the upper hand in gaining and retaining business.

More and more users are realizing that the security systems of online enterprises are weak, putting users at risk for identity theft—a risk that they’re catching onto.

NSS Labs, Inc., a world leader in information security research and advisement, has the following recommendations:

  • Online businesses should limit requiring data that can be shared among other enterprises.
  • Online enterprises should be designed with the anticipation of possible data breaches; this way they’ll minimize risk and be more prepared to mitigate problems.
  • Third-party data breaches should be analyzed by online companies to protect users if data seeps out.
  • “At risk” users should be able to be re-authenticated.
  • Governments need to reassess the idea of using static data like DOB and SSN.
  • Online enterprises must embrace the possibility that legislation will eventually make it illegal to require SSNs from users.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures

7 Ways we leak our Private Data

Smartphone apps. There are apps wanting your location when they do not need it. Are there any apps requesting your location? You should deny them this information unless it’s absolutely necessary.

2PAnother way your phone knows where you are in terms of location is through the data of a photo. Put up lots of photos on Facebook, and the metadata will contain your location. A stranger can then figure out your where you’ve parked yourself.

Solve this problem with these apps for iOS and Android: deGeo and Pixelgarde, respectively. They’ll rid your GPS data prior to the photos getting posted.

Too close for comfort. When services are linked together, your private information is more likely to get leaked. An example would be to hook an app into Facebook. If you link an account, that’s set to private, with a second, public account, anyone might see your activities. Unknowingly granting unwanted access to an app can result in data leakage. To make the process of figuring out all the different privacy rules, you can use MyPermissions. Don’t be lax on privacy issues.

Always being connected. Always staying connected to social networks means they can track your activities via cookies. If you don’t need to be connected online, then disconnect your device from the cyber world. However, it’s easy to forget to keep doing this.

A browser extension can solve this problem by preventing entities from tracking where you visit online. You should also make a habit of deleting cookies from your browser.

And if you want to know how your phone “knows” your shopping habits, it’s because your Wi-Fi is enabled when you walk into stores or even past a retailer without ever stepping inside; stores implement wireless technology to collect your data, even track your walking pattern inside the store. Turn your Wi-Fi connection off when being near retailers.

A retailer’s free service. Sign up for this and they’ll probably collect data from you, somehow, some way. The customer reward card that you get at the supermarket will likely collect lots of your private information.

Not encrypting. Encryption, by scrambling messages, prevents snoops from reading the messages you’re sending while they’re in transit, but the messages can still be found on your device. However, encryption is one way to reduce the amount of data that gets in unwanted hands. Encryption isn’t just for using a public computer; use it on your home computer and mobile too.

Using free WiFi. Every time you log into free WiFi you are either giving your data away through the carrier who logs your device or criminal hackers are sniffing out your information via unencrypted wireless. Never log into free WiFi without a virtual private network (VPN ) like that offered by Hotspot Shield.

Using a public computer to log into a private service. When you access one of your accounts on a computer at a coffee shop or hotel, this can leave your data on that computer. The browser’s private mode is the solution: use it. If you’re particularly concerned, use Tails, a private operating system.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Privacy is more than locking your Doors

There are 10 distinct meanings of privacy.

2PProtecting Reputation

You’ve heard of money management, right? Well, there’s also reputation management. There’s a difference between having facts about a person and then making judgments based on those facts. Often, judgments are skewered, and the result is a soured reputation.

Showing Respect

We must respect one’s desire to keep personal data about themselves personal. That’s why it’s called personal data. It’s not so much that revealing one’s private information would do little, if any, harm. It’s the principle of respect that’s the bigger picture.

Trust

Trust is vital in any kind of relationship, from personal to commercial to professional. When trust is broken in one relationship, this could cause a domino effect into other kinds of relationships.

Social Boundaries

We all need a sanctuary from people’s interest in us. When boundaries are crossed, relationships can be tarnished. Nobody really wants everyone to know everything about them, or vice versa.

Freedom to speak freely

We’re all free to think whatever we want without fear of repercussion, but turning those thoughts into speech is what can create problems—both real and perceived.

The Second Chance

Thank goodness that once we get our foot stuck in the railroad track, we can yank it out and start over. Having privacy promotes the second chance, the ability to make changes.

Control

You’ll be hard-pressed to come up with a transaction you can complete in public or online without forking over your personal data. Minus cold cash transactions, just about every move we make requires some revealing of personal information. And the more that your data is out there, the more likely someone can use it to control you.

Freedom of Political Association

Due to privacy, we can associate with political activities, and nobody ever has to know whom we voted for for a political office.

What others think of You is none of your Business

Privacy means never feeling you must explain or validate yourself to those near or far.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Businesses fail in Customer Privacy

The U.S. Consumer Confidence Index, released by TRUSTe®, shows an alarming trend: A high percentage of U.S. people over age 18 are unnerved about their online privacy, and this trend is worsening.

2PThis survey was conducted online among 2,019 U.S. adults and reveals that 92 percent of the participants are on edge, at least some of the time, concerning online privacy. Nearly three-quarters of Internet users in the U.S. are worried about privacy more so than a year ago. And more users worry about business data collection versus government surveillance programs.

Many businesses are not taking measures to mitigate this concern among users. This can backfire on businesses, e.g., more people not willing to download apps or click on ads. Protecting consumers is crucial to a company’s success—not just with customers but with competitors; companies should not cut corners here.

What are the top reasons for privacy concerns? The top two responses: 1) Businesses sharing personal data, and 2) Businesses tracking online behavior.

More specific findings:

  • 58 percent of respondents were worried about businesses giving out their personal information with other businesses
  • 47 percent worried about businesses tracking their online actions
  • Only 38 percent named media attention to government surveillance programs as a cause for concern.

What are consumers doing about all this?

  • 83 percent are leery of ad clicking.
  • 80 percent won’t use smartphone apps that apparently don’t protect privacy.
  • 74 percent aren’t comfortable enabling location tracking on their smartphone.

Other findings of the TRUSTe survey:

  • User concerns over online privacy are climbing: 92 percent of users worry about privacy.
  • Trust with businesses is declining, coming in at 55 percent currently.
  • 89 percent of consumers will refrain from conducting business with a company they don’t feel is protecting their online privacy.

The public wants more:

The tides of privacy are turning and the public is waking up. Businesses who fail to take action will surely be met with customer defection.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Why Should You Care About a Site’s Privacy Policy

Most websites should have a privacy policy (although I don’t think it’s always the easiest thing to find). And then once you do find it, you’ll see a huge amount of what I consider to be legal mumbo jumbo. And because you really should care about this stuff, the question becomes how do you sort through all this stuff?

2PMost privacy policies usually begin with something around them collecting, using and sharing your personal information or data. For example, here’s how Google, Twitter and Apple’s privacy policies start out:

  • Google (http://www.google.com/policies/privacy/) – “There are many different ways you can use our services – to search for and share information, to communicate with other people or to create new content.”
  • Twitter (https://twitter.com/privacy) – “This Privacy Policy describes how and when Twitter collects, uses and shares your information when you use our Services. Twitter receives your information through our various websites, SMS, APIs, email notifications, applications, buttons, widgets, and ads (the “Services” or “Twitter”) and from our partners and other third parties.”
  • Apple (http://www.apple.com/privacy/) – “Your privacy is important to Apple. So we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information.”

Here’s what you really need to understand about a website’s privacy policy as this can affect you

  • How it gathers information – sites usually use cookies to collect or track information.
  • The type of information it gathers – it is keeping track of your name, age, or email address.
  • What it is doing with the information – make sure you understand how the site is using your information, whether it’s just to provide a better experience for you when you return to the site or it is sharing your data with third parties.
  • Security measures it has in place – how a site is protecting your information that it gathers is critical. This should be not only when the data is being transmitted to them, but also once they have it.

And why is this important? Those factors above can affect you if the site is not taking care of your personal information. It could lead to unwanted spam, identity theft and financial fraud depending on what type of information they have gathered from you and how they are using it or taking care of it.

You should also know that the sites should provide options for you to opt in or opt out of how they share your information. Another key thing is to find out how long the site keeps your information. Some sites keep it forever, while others delete it after a certain amount of time. For instance, you should know what happens to your data if you delete your account.

Yes this is something else for you to check. But in our digitally connected world, it’s something you just gotta do.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.