Happy International Data Privacy Day. Have we got some privacy news for you.
Canada’s electronic spying agency, the CSE, has been tracking millions of Internet downloads around the world, according to a new report based on a document obtained by former U.S. government tech contractor Edward Snowden. The project, called Levitation, is part of what the CBC News calls “a sweeping bid to find extremist plots and suspects.”
The CSE can access data from 102 free file-upload sites, according to the document. How does it do that? The document refers to “special sources” that have in the past Snowden documents referred to telecoms or cable operators, CBC reports.
The Levitation process: The CSE follows suspicious files, traces the IP, follows the cookies, ID the suspect, finds more information about that suspect, then shares findings.
The CBC points out that it’s unclear how long the project was in place, and whether it’s still in effect.
Proponents of updating ECPA, or the Electronic Communications Privacy Act, are using today to renew their call for reform.
“The statute governing access to electronic communications was written in 1986, well before most Americans relied on email and mobile devices to communicate,” said Ed Black, president and CEO of the Computer & Communications Industry Association (CCIA), in a statement. “After nearly 30 years on the books, it’s long overdue for an update.”
An update is what reform legislation, which will reportedly be re-introduced in “the coming weeks” by Sens. Patrick Leahy, D-Vermont, and Mike Lee, R-Utah, would provide. The bill would require a warrant before authorities could search email or other online communications. Under today’s ECPA, no warrants are required for such content that’s older than 180 days.
CCIA members include Google, Facebook and Yahoo. As we’ve written, tech companies support updating ECPA because it would give them more clarity about complying with requests for information stored in the cloud. ECPA reform is also supported by groups such as the ACLU, the Electronic Frontier Foundation and libertarian Grover Norquist.
Meanwhile, remember “God View”? It’s a real-time map San Francisco-based Uber uses to keep track of drivers and requesting riders in certain areas. Sen. Al Franken, D-Minnesota, had some questions about it and the rest of the ride-hailing company’s privacy practices. Franken said last month he wasn’t satisfied with Uber’s responses, as Michelle Quinn wrote.
Among the questions he asked in a new letter Tuesday: Who in the company specifically needs God View access and why? Do customers have any control over with whom their data is shared? Can the company clarify its data-retention policy? And what about privacy training and auditing of its systems?
Finally, in the hopes that we can still have some semblance of control over our online information, we asked some experts about the most important thing people need to know about protecting their data — because you know, some people actually are worried about their online privacy. A couple of answers:
“While this advice may seem threadbare, it bears repeating: Don’t reply to email with personal information, don’t click a link in a email you don’t recognize, use unique passwords on each site, and password-protect all devices,” said Patrick Peterson, CEO of Agari, a security-solutions company in San Mateo.
From Sanjay Beri, CEO of Netskope, a security-services firm in Los Altos: “Examine your online presence. Which apps store sensitive information like your credit card information or even your email address, which are actually one of the most valuable finds for hackers? It’s a good habit to look into the privacy and security policies for a given app — you may be surprised at what you find.”
Photo from Associated Press archives
