The new normal: Internet privacy snafus
The Federal Communications Commission recently wrapped up its probe of Google Street View, another in a series of examples where governments and privacy advocates butted heads with tech companies over their propensity to overstep certain -- perhaps, ill-defined -- red lines governing user privacy and information on the Internet.
But Google's not the only offender. Though the names change, the song remains the same over the last decade and a half. Indeed, there has been no shortage of "mistakes" to remind us that Internet privacy remains a work in progress -- as the following slides make painfully clear.
Google Street View
Turns out that this particular case was one of several government investigations examining how Google's Street View cars actually collected the personal and private data of individuals via wireless networks while mapping cities in more than 30 countries. The cars were supposed to collect just the locations of Wi-Fi access points but inadvertently also collected e-mail and text messages, passwords, Internet-usage history, and other data from unsecured wireless networks for four years. Google said that it didn't do anything purposely untoward while the government countered that, yes, there actually was a much bigger problem in the way companies treat the (supposedly) private information of people in our ever-increasing cyber lives.
Google blamed a lone engineer acting without authorization, though the government claims that several people -- including a manager -- had been informed. The Federal Communications Commission was exasperated with Google's cooperation, ultimately fining the company $25,000 and complaining in a report that Google had obstructed its investigation.
Early on, there was the uproar over the advertising program Beacon. "We've made a lot of mistakes building this feature, but we've made even more with how we've handled them," Zuckerberg wrote after backing down.
The company has promised to keep its nose clean and signed off on a settlement with the FTC late in November, requiring Facebook to give “prominent notice” and first obtain consumers' “express consent before their information is shared beyond the privacy settings they have established.” The list of particulars compiled by the FTC goes back to 2009 when Facebook changed the site so that certain information users may have designated as private was made public. Without advance approval. Other highlights from the hit parade include:
• Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data -- data the apps didn't need.
• Facebook said it complied with the U.S.- EU Safe Harbor Framework governing data transfer between the U.S. and the European Union. Untrue, said the FTC.
• Facebook told users they could restrict sharing of data to limited audiences. The reality, according to the FTC: Electing "Friends Only" did not prevent their information from being shared with third-party applications their friends used.
• Facebook had a "Verified Apps" program which it claimed certified the security of participating apps. Untrue, said the FTC.
• Facebook promised users that it would not share their personal information with advertisers. Untrue, said the FTC.
• Despite claiming that photos and videos would be inaccessible after users deactivated or deleted their accounts, Facebook allowed access to the content, according to the FTC.
Its security program is also subject to an independent audit every other year for the next decade.
Apple iPhone tracking
Intel: Big Brother inside
However, the installation of a so-called rootkit was found to interfere with the operating system and left the door open to malware infection. The blowback was intense and led to several lawsuits. Critics said that rootkits were frequently used by virus makers to burrow inside of Windows. It got so bad that Microsoft felt compelled to label part of the copy protection Sony used as spyware. Sony was forced to recall more than 4.7 million CDs as well as offer to replace 2.1 million CDs that it sold.
The company was also incorrectly accused of being a "rootkit keylogger." While that turned out not to be true, the software raised other privacy concerns, such as being able to record and transmit a list of URLs visited when using Wi-Fi, when the contents of encrypted HTTPS URLs are leaked, and so on. Sprint later disabled the software in devices running on its network. (Sprint also said at the time that it would not use any of the information collected from Carrier IQ.)
AOL search log
The database did not include names or user identities. But it did list a unique ID number for each user thus making it possible to view the search terms that users of a single account typed in while using AOL Search during a three-month period.