Googling a personal question might not be a private act

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

In some cases, the most intimate questions a person is asking on Google—about health worries, relationship woes, financial hardship—are the ones that set off a chain reaction that can have troubling consequences both online and offline. Being online increasingly means being put into categories based on a socioeconomic portrait of you that’s built over time by advertisers and search engines collecting your data—a portrait that data brokers buy and sell, but that you cannot control or even see. Consider, for example, a person who googles, “can’t pay rent.” Among the search results may be ads for payday loans designed to circumvent Google’s policies against predatory financial advertising. They’re placed by companies called lead generators, and they work by collecting and distributing personal data about consumers online. Lead generators may direct consumers to a landing page where they’re asked to input sensitive identifiable information. Then, payday lenders buy that information from the lead generators and, in some cases, target those consumers—online, via phone, and by mail—for the very sorts of short-term loans that Google prohibits. Source: The Atlantic

Worry isn’t changing their shopping habits

sh_online shopping_280More than half of Canadians (54 percent) say they are more concerned about identity theft today than they were a year ago according to a study by Equifax Canada on consumer spending habits online and in stores. In the past 18 months, Equifax Canada has received more than 180 reports of data breaches involving companies of every size. When surveyed, nearly half (49 percent) of Canadians indicated they are particularly worried about the risk of identity theft when making online purchases. Even with this growing risk and concern, 75 percent of shoppers still plan to make their holiday purchases online this year. Source: MarketWatch

Identity thief gets a new liver out of her crime

Cases of medical identity theft are getting more bizarre and more serious. Amira Avendano-Hernandez, an undocumented immigrant, had a liver transplant using a stolen identity after buying a Social Security number for around $1,500 and applying for disability benefits. She was sentenced to six months in prison after pleading guilty to defrauding state and federal governments of hundreds of thousands of dollars. The victim in Puerto Rico did not know her identity had been stolen until authorities contacted her. In another case, a couple were trying to buy their first home, but were denied a loan because of an outstanding medical bill for a heart procedure the husband never had. Such crimes can go undetected for years. Source: WTMJ, Milwaukee

Small towns not immune to big thefts

sh_small town bank_280Marshfield, Mass., police are investigating the cyber theft of about $30,000 from a town-owned bank account. Chief Phillip Tavares said that a municipal account held at Rockland Trust was hacked, but he does not suspect criminal involvement by any public employee or official. “Somehow somebody was able to access that account and we are going to hold someone responsible,” Tavares said. “I have every reason to believe an outside person hacked in.” Rockland Trust did not respond to questions. Source: WCVB, Boston, Mass.

Want to buy a car? I’ll need your fingerprint first

Every year, millions of dollars are lost by finance companies and dealerships due to fraud and identity-theft related crimes, and identifying and convicting suspects is nearly impossible. The California Highway Patrol is proposing a legislative bill requiring all licensed vehicle dealers to get a customer thumbprint before any vehicle sale. The thumbprint would be maintained for the life of the sales contract, then destroyed or deleted. A digital copy of the thumbprint would be maintained with the deal file or a third-party service provider with a secure database and is not accessible to the public or law enforcement without probable cause or a search warrant. Once a dealer is notified that it is a victim of fraud, law enforcement would have requisite probable cause to inspect, copy or seize the print for investigation. Source: Lexology

$1 million bounty to jailbreak iPhone has been claimed

sh_iPhone jailbreak hack_280Security startup Zerodium announced that it’s agreed to pay a $1 million bounty to a team of hackers who have successfully developed a technique that can hack any iPhone or iPad that can be tricked into visiting a carefully crafted website. Zerodium describes that technique as a “jailbreak”—a term used by iPhone owners to hack their own phones to install unauthorized apps. But Zerodium and its founder, Chaouki Bekrar, have made clear that its customers include governments who might use such “zero-day” hacking techniques on unwitting surveillance targets. Bekrar says two teams of hackers had attempted to claim the bounty, which was announced in September with an Oct. 31 deadline. Bekrar confirmed that Zerodium plans to reveal the technical details of the technique to its customers, whom the company has described as “major corporations in defense, technology and finance” seeking zero-day attack protection as well as “government organizations in need of specific and tailored cybersecurity capabilities.” Source: Wired

Oh, yeah? Well I say we didn’t pull our spies out of China!

sh_U.S. embassy_200The CIA did not pull officers out of the U.S. embassy in Beijing following the hack of the Office of Personnel Management, the nation’s top intelligence official said. Speaking at a Defense One conference, Director of National Intelligence James Clapper flatly contradicted September media reports that such action had been taken to protect agents whose identity might be revealed as a result of the hack. “No,” Clapper said, when asked if the United States had removed agents from Beijing, adding: “Don’t believe everything you read in the media.” Current and former U.S. officials who spoke on the condition of anonymity told The Washington Post that the agents were allegedly withdrawn as a precautionary measure. Source: The Hill

Click yes on that user agreement, and you may give up more than you think

The Ranking Digital Rights 2015 Corporate Accountability Index finds that user agreement policies in place with the world’s top technology firms shows that freedom of expression and user privacy aren’t top priorities. The project’s key findings reveal a lack of transparency on the part of many businesses. The collection, use, sharing and retention of user data is poorly conveyed, and few organizations reveal information about third-party data requests to remove or restrict content. In addition, the report found that many businesses are hampered by legal and regulatory requirements when it comes to respecting user privacy. The report looked at the practices employed by such companies as Google, Microsoft and Tencent. Google scored highest on the Corporate Accountability Index, with 65 percent, while seven of 16 firms surveyed scored less than 22 percent, highlighting the “serious deficit of respect for users’ freedom of expression and privacy.” Source: ITProPortal

And they’ll drink to that

sh_wine_280The Liquor Control Board of Ontario, which spent more than $250,000 fighting the case, is now destroying the personal information of wine, beer and spirit club members that the privacy commissioner said it was wrong to collect. Now the LCBO is winding down its wine club program, which let members buy products not normally available at the LCBO and to get volume discounts. The Vin de Garde wine club complained to Ontario’s Information and Privacy Commissioner that the LCBO had started requiring information beyond names and addresses, including details and quantities of their orders. Club members worried that the LCBO was collecting and tracking consumption habits. Consumption was not being tracked, the LCBO said, but it needed the data to process orders, recall products and detect fraud. The LCBO was concerned wine clubs could stockpile alcohol and illegally resell it. “The LCBO has not provided my office with much more than anecdotal or hypothetical evidence to support its position that the illegal resale of liquor by wine clubs in this province is so problematic that it necessitates the collection of the personal information of club members,” wrote then-privacy commissioner Ann Cavoukian. Further, the LCBO had managed to process the club’s orders since 2004 before requiring personal information, Cavoukian noted. She ruled that the information collection violated the Freedom of Information and Protection of Privacy Act. Source: CBC

City authorities blamed in long-standing case of identity theft

Wesley Taylor’s wallet was stolen in 2006, and that incident has evolved into a worst-case scenario of identity theft. His driver’s license was suspended. An application for a gun permit was denied. He’s been denied several jobs. Now, Taylor is suing the city of Indianapolis in federal court, claiming officials didn’t do enough to help him correct a record tarnished by another man he says stole his identity and passed himself off as Taylor while committing several misdemeanor crimes. That man is now sitting in a prison cell on a murder conviction. “This is what you see on paper,” Taylor said. “You see me as a gun-toting, arrest-resisting murderer.” The complaint alleges that, despite Taylor’s pleas with the Indianapolis Metropolitan Police Department and the Marion County court staff to remove his name from the other man’s cases, the criminal record stayed wrongfully associated with Taylor for years. That inaction, Taylor’s complaint alleges, amounted to defamation. Representatives from the city’s legal department declined to comment about Taylor’s case. Source: USA TODAY