ReadWriteWeb

A few recent legal developments affecting U.S. online privacy have rightfully troubled privacy advocates and civil libertarians on American soil. In addition to the Patriot Act's relaxed regulation of law enforcement's access to private data, recent court rulings have made it clear that U.S. authorities can secretly request data from tech companies without the user ever knowing.

If this seems objectionable from the standpoint of U.S. citizens, imagine how it looks to outsiders who are storing their data there. Some European companies who do business with U.S. technology companies are concerned enough to start looking elsewhere for infrastructure.

There is a brewing controversy surrounding the data that cellular operators and cellphone manufacturers know about users. It has started with researcher and coder Trevor Eckhart, known as TrevE on the XDA Developer forums, digging into the code of a company called Carrier IQ (CIQ). According to Eckhart's research, CIQ has the ability to know just about everything a user does with a cellphone, from when and how a dropped call took place at a certain time and location to what input method a consumer is using and even what they user is inputting.

The depth of the allegations are startling. Does CIQ really have the ability to key log everything that a user types? The fight has now gone legal with CIQ sending Eckhart a cease-and-desist letter and removal of his research while the Electronic Frontier Foundation (EFF) has come to his aid. CIQ claims copyright and false allegations of Eckhart's research while the EFF says the researcher is protected under Freedom of Speech and Fair Use doctrines. Make no mistake, this battle is more than just about copyright and the free speech. It is the first step of unveiling exactly what companies know about their cellphone customers and how they use that data.

Facebook recently instituted a new program that makes it easy for 3rd party websites and services to automatically post links about your activity elsewhere back into Facebook and the newsfeeds of your friends. It's called Seamless Sharing (a.k.a. frictionless sharing) and there's a big backlash growing about it, reminiscent of the best-known time Facebook tried to do something like this with a program called Beacon. The company has done things like this time and time again.

Critics say that Seamless Sharing is causing over-sharing, violations of privacy, self-censorship with regard to what people read, dilution of value in the Facebook experience and more. CNet's Molly Wood says it is ruining sharing. I think there's something more fundamental going on than this - I think this is a violation of the relationship between the web and its users. Facebook is acting like malware.

Whether it's to elude oppressive governments or something a bit less noble, many users have a need to browse the Web in complete secrecy. Tools that enable anonymous browsing have existed for years on the desktop and some have popped up for Android. There are some for iOS as well, but until now, none of them featured the bulletproof privacy of the Tor network.

Enter Covert Browser, which was approved by Apple earlier this week. It uses Tor to encrypt Internet traffic and route it through three different servers to ensure data about users cannot be intercepted by third parties. Such data would include browsing history or, more commonly, one's geographic location.

Global Village, a phrase we use so frequently these days, was coined by the media expert, Marshall McLuhan. It seemed like the perfect phrase to describe the world created by a growing body of interconnected online users of the time. From "global village" emerged the phrase "global citizens," used to describe people who think, behave and act in similar ways. Experts like McLuhan and Alvin Toffler ushered in the era with descriptors that seemed to fit perfectly - "Future Shock" and "Future Arriving Yesterday," among others.

Logically, interconnectedness should only grow with time, creating a form of intense, almost bland, homogeneity. However, recent online trends, including search engines like Google and social networks like Facebook seem to have broken the global village down into sects or tribes of users who rally around common interests, heritage or affinity. Even in a seemingly homogenous world, personalization and heterogeneity thrive. Most services, from search to to newsfeeds, seem to be personalized to suit the individual user's need. Almost all categories of online usage seem to be moving towards hyper-personalization, all based on the individual's social trending, search, and unique, personal, browsing data.

A U.S. Federal Court in Virginia caused quite a stir among digital privacy advocates last week when it ordered Twitter to grant the Justice Department access to private data from the accounts of three suspected WikiLeaks supporters. That data includes IP addresses, session times and relationships between other Twitter users.

Normally, requests for this type of information are not particularly controversial, but in this case a warrant was not required and the subjects of the data inquiries have not yet been charged with any crimes. The government is able to make such warrantless requests thanks to a 1994 law known as the Stored Communications Act.

Internet privacy solutions provider TRUSTe is concerned that mobile apps do not have built-in privacy solutions. TRUSTe claims that 77% of all mobile applications lack privacy policies that can allow users to decide how they want to share data third parties. As such, TRUSTe is coming out with a free privacy policy for mobile developers later this month.

Essentially what TRUSTe is coming out with is a privacy policy wizard or starter kit for mobile developers that do not have policies in place for their apps. Developers are led through a set of questions defining what their apps do and do not do in terms of privacy and at the end of the quiz, TRUSTe gives them a line of code that links to the apps privacy policy. The free version does not give a developer a certified TRUSTe privacy seal and there is potential for abuse of the system by creating a privacy policy with an app that does not follow those guidelines.

Dolphin HD, a popular third party Web browser for iOS and Android, has been found to have a potentially serious privacy flaw. The software routinely sends a list of visited Web addresses back to the servers of MoboTap, the company that makes the browser.

The breach, which was confirmed by CNet today, affects the security of encrypted data accessed over HTTPS, in addition to raising privacy issues.

New Businesses and Civil Rights Both Require Legal Change.

Location data produced by modern technology like GPS and cell phones can today be accessed by law enforcement agents without probably cause and a warrant, but Oregon Senator Ron Wyden has introduced legislation that would change that.

Senator Ron Wyden (D-Ore.) this week welcomed U.S. Senator Mark Kirk (R- Ill.) as a cosponsor of the Geolocation Privacy and Surveillance Act (GPS), making the joint announcement at a Retro Tech Fair sponsored by the Center for Democracy in Technology commemorating the 25th anniversary of the Electronic Communications Privacy Act (ECPA). The new Act would require law enforcement to get a warrant before accessing historical or real-time location data about an individual from a technology provider or device, except in cases of national security, theft or fraud.

We have written frequently about the various security loopholes that are part of Facebook but never described the step-by-step process that you need to take to lock things down. Now someone has done it for us. Cameron Camp, researcher for ESET, has put together such a step-by-step guide to controlling privacy and security on Facebook. Reviewing this post it is clear that many of us aren't as secure as we want to be, and we're not just talking here about our exes or prospective employers being able to check up on us.

Camp covers the full breadth of Facebook privacy settings, including Facebook check-ins, third-party applications, login nuances and devices. He also shows users how to best secure their profile to avoid being hacked. Some of his suggestions make use of little-known security features. It is well worth following.