Do you know when and how the government can access your telephone records? Do you care? Do you worry about your personal privacy? Well, there is major legislation on the horizon that will affect how and when your data is collected and retained.
On May 22, 2014, the United States House of Representatives passed bill H.R. 3361, the USA Freedom Act, aimed at limiting the federal government’s ability to collect bulk phone records and also increasing transparency. This bill, supported by the President, received bipartisan support. It restricts the data collected from communications companies by the NSA and other intelligence agencies. One of the goals is to minimize the retention and dissemination of non-public data. The House’s approach to data retention is to have telecoms store the data, to be made available to the government, by request. The bill has no mandated retention period. Finally, the bill also extends certain provisions of the USA Patriot Act, scheduled to expire in 2015.
What will the Senate do? It has been almost a month since they’ve received the bill and it has not yet passed. Senate Intelligence Committee chair Dianne Feinstein (D-Calif.) said that she wanted to find a way to get the USA Freedom Act (H.R. 3361) passed, though she would prefer that the government, rather than telecom companies, retain the responsibility for storing and analyzing data.
The European Court of Justice recently determined that their data retention law, which is similar to the House’s bill, violates the fundamental rights of citizens. How should this determination play into the U.S.’s data retention law? If its a violation of the fundamental rights–namely privacy–for European citizens, does it violate the fundamental rights of US citizens? How do you want any data collected by your telecom company stored and accessed? The expiration of portions of the US Patriot Act, as well as the call for data retention, and surveillance reform in the wake of the Snowden leaks raise a lot of questions. Now is the time for the US government to pass legislation that both protects the privacy of citizens and aids in protecting national security.
Tired of changing your privacy settings on Facebook? Well… Sorry! You need to do it again… If you do not want Facebook to track your browsing both on and off their site and track the apps you use, change your settings!
Today, Facebook announced that it would begin targeting advertisements to users based on the websites they visit and apps that they use. In a blog post, the company explained that users can opt out of the web browser-based tracking through an online ad industry program and can also opt out of the app-based tracking through their smartphones’ privacy controls.
If you have to see ads while using Facebook, they might as well cater to your specific needs and likes, right? It’s seemingly harmless and most people do not have anything to hide. However, this kind of customization is a double edge sword. On one side you have the benefit of a tailored experience while on the other hand your private searching is being consumed by entities like Facebook. A more specific and more troubling concern is that children as young as 13 will be monitored… Are your teens thinking about the ramifications of having Facebook watch their every movement? Congress is promising to monitor the implications of this new advertising system and so should you. Your privacy and the privacy of your family is important!
Privacy is the price of convenience. Decide which one matters to you most.
Protecting your personally identifiable information is increasingly difficult as hackers get more sophisticated and we become more reliant on computers and the Internet to handle sensitive information. Being aware of the threats around you and knowing how to protect yourself is extremely important.
This post will highlight the two most recent threats and provide some general tips to prevent ID theft, invasion of privacy and generally protect yourself online.
Heartbleed is a software bug (not a virus) that affects OpenSSL, which is a technology used by websites to encrypt data as it travels between the website server and your computer. In other words, HTTPS! Now do you see why you should be concerned?
OpenSSL is one of the ways companies can implement HTTPS for their site and it is likely the most popular. As you know HTTPS is used for any site that uses sensitive data including online shopping and banking. That means attackers are seeing information’s supposed to be encrypted like usernames & passwords, credit card numbers, etc.
Most sites run Open SSL so you’re likely to use more than a few affected by this bug. Sites like Yahoo, Amazon, LinkedIn, Facebook, Twitter, and Google were all affected and have all been patched. Most major sites have moved quickly to secure their site. You can check here to see if the sites you frequent have been affected: http://filippo.io/Heartbleed/
Most important tip to protect yourself from Heartbleed: If you have an account with an affected website, change your password, but only AFTER the site has been fixed.
The Chrome Vulnerability
A security flaw in Google Chrome could allow a hacker to turn on a user’s computer microphone and secretly obtain a Chrome-generated transcript of the user’s conversations, according to an Israel-based software developer who highlighted the flaw in a blog post this week. The recording itself is not captured, but the recording is run through Google’s speech-to-text engine. Google has confirmed the vulnerability.
Do not use the same password or the same few passwords for all accounts.If you cannot keep track of all of your passwords you may want to consider using a password manager like LastPass, Dashlane, and KeePass. These services also enable you to only have to remember one password.
Change passwords by going directly to the website.If you receive an email from a site encouraging you to change your password, do not follow the link in the email. Whether this email looks legitimate or not, this is a prime opportunity for attackers to attempt to steal data.
Watch bank accounts and credit report for fraud.The Heartbleed bug and undoubtably a number of other have been in the wild for quite some time (Heartbleed for approx 2 years) so there are always threats and attackers seeking to get your data. Monitor your accounts for irregular and fraudulent activity.
Change passwords periodically. Changing your passwords can help avoid discovery of passwords and the subsequent access to sensitive data.
Avoid the automatic login feature. This may not be as critical for some services but should be standard practice for bank accounts and other sites that store or take sensitive data like personal data and banking or credit card information.
Actively manage the security and privacy setting on the sites you use.
Do you have any additional tips? Do you know anyone affected by either Heartbleed or the Chrome vulnerability? How are you protecting yourself?!