Privacy in weakness

Green dialog bubbleI remember when my grandfather was in a nursing home. He wasn’t able to get around easily, his hearing was poorer, he would sleep more and seemed tired most of the time.

It seems that he had much less privacy than he did when he was living with my grandmother and aunt. People could come and see him at any time. He didn’t have the opportunity to say no.

When they would need to draw blood for tests, they would take it from a vein in his hand. We never knew whether he was screaming out of fear or pain.

The people in the nursing home lost most of their privacy in their weakness. It wasn’t up to my grandfather to decide when or what to eat. The men and women living at the facility often went to the central area of the halls to sit and wait through the day. No one to talk to. No one to listen to.

It was work for the staff to get my grandfather to the rest room or get around for the day so that added to the indignities he faced. Bathing I’m sure was difficult—someone you don’t know is taking your clothes off and doesn’t really take the time to help you understand.

When I’ve been a hospital patient in the past, I took it for granted that people I didn’t know would come and go. The nurse that helped me Friday night, I might never see again. I wouldn’t know the ultrasound tech who was examining me. No one one asked if I wanted my friend that was there to wait outside.

I read the book “Privacy” by Garret Keizer. He was visiting a hospital and the doctor he was following asked if Garret would go with him to see a patient. The doctor mentioned that he’d ask permission. The author’s response was that he wouldn’t go in; that it wasn’t fair to ask the patient. “How do you say no to the the doctor that gives you your pain meds?”

When there’s an imbalance of power, the powerful one needs to be especially respectful of the others privacy. People in a nursing home are in an imbalance of power with almost everyone and their privacy suffers as a result.

I wrote him a letter once that made him very happy.

I wonder if he was depressed. No one asked him.

Outside Google filter bubbles

This fall, I didn’t recognize the ways that a search history can be harmful. Even if a site means to be polite, it can still cause problems.

One problem is that you could end up in a filter bubble. Inside the bubble, you see things you already knew. You can enter an echo chamber where you hear what you already believe.

So, I decided: Let’s get out of my Google filter bubble. It wasn’t easy (which didn’t surprise me) but I got it done in Firefox.

I blocked all Google and YouTube cookies as well as their saved login information.

My goal was narrow. I didn’t want to improve privacy around Google. There are better tools for that. I just wanted to eliminate Google’s awareness of who I am. I did my best to not affect other services unnecessarily.

Some consequences that I know about:

  • You can’t read Gmail.
  • You can’t turn on SafeSearch in Google Images.
  • You can’t leave comments or thumb videos on YouTube.
  • You can’t use Watch Later in YouTube.
  • You have no history in YouTube.
  • Google Books lets you view extremely little of books (less than 5 pages).
  • You get the same ad links over and over.

I did some more investigation about the content of search results but I’ll explore that later.

Continue reading “Outside Google filter bubbles”

Surveillance: an additional cost

I was just reading “Privacy and Positive Intellectual Freedom” by Alan Rubel from the Fall 2014 issue of Journal of Social Philosophy (vol. 45, no. 3, pp. 390-407).

The article includes several ideas that I’d like to write about in the future. This post might simplify the argument about surveillance and intellectual freedom.

The section that explains the harms of surveillance is complicated.  With other privacy violations, it’s easy to connect the dots. How does surveillance affect an individual who will never be aware of the surveillance?

The surveillance’s victim is not the only actor in the situation. The people who are controlling that surveillance are also part of the equation. It’s easy to show that the surveillance is harming their intellectual freedom.

They know that they, themselves, can be monitored. They lose the same freedoms that can be taken by other privacy violations.

The right to be let alone

The Supreme Court case Olmstead v. United States from 1928 is very famous for the dissenting opinion written by Justice Louis Brandeis.

However, it easy to misquote Brandeis by saying he wrote “the right to be left alone-the most comprehensive of rights and the right most valued by civilized men.” For example, sometimes the mistake is made in library science documents.

However, the actual quote is “the right to be let alone….” not “left alone.” The difference is  substantial.

“Left alone” refers to things that directly affect a person. Generally, a violation of this definition would be known to the person whose privacy was violated. When the police come without a warrant looking for contraband, that would violate the principle of being left alone.

“Let alone” makes irrelevant whether there is the knowledge of the violation by the victim or whether they are directly affected. When the police use a Stingray to capture cell phone information, that is a violation of being let alone, but it isn’t a violation of being left alone.

Is the Signal Private Messenger app supporting its user’s privacy?

Since starting this privacy blog, I’ve become more aware of ways privacy can be threatened. One vulnerability is through apps that require smartphone features that are not necessary for the proper functioning of the app itself.

I was looking at the Signal messaging app by Open Whisper Systems. It is mentioned by the Library Freedom Project as beneficial. When I installed it on my Android smartphone I noticed and found troubling that it requires access to almost every feature of my phone when it is installed.

I’m not sure I would recommend it as being helpful for privacy when it requires access to each of these:  Device & app history, Identity, Calendar, Contacts, Location, SMS, Phone, Photos/Media/Files and the Camera. I’m not sure whether there are any Android features that it does not need access to.

I can’t imagine that it requires all of those features to function properly and all of them can give highly sensitive information to the app’s owners.

I decided to reevaluate whether Signal should actually be recommended. Since it has unnecessary and unexplained access to so many parts of a smartphone’s capabilities, I decided to uninstall it. Without the LFP recommendation, I would never have installed it to begin with.

The recommendation and its marketing are solely based on the feature that Signal allows you to send private and encrypted messages. However, these access demands make me doubt that it has a net positive effect on user privacy.

North Carolina’s HB 2 and Privacy

A sign saying "PRIVATE"Most discussions of HB 2 discuss its discriminatory nature and attack it on that basis, it is more fundamentally a violation of the privacy of anyone who goes to North Carolina.

Although North Carolina’s “Public Facilities Privacy and Security Act” (House Bill 2) includes Privacy in the name of the bill, it is actually in opposition to privacy principles. The section of the law that affects transgender citizens defines individual’s biological sex as “the physical condition of being male or female, which is stated on the person’s birth certificate.” This requires any application of the law to refer to any individual’s birth certificate or information derived from it. Potentially, this birth certificate information is required for anyone who uses “single-sex multiple occupancy bathroom and changing facilities” and not just transgender people. This is extremely private information.

For a transgender woman or man, some friends may know the truth of the matter, but often it would have been shared in a manner that proved that it was intended to be confidential and thus private between the confidants. It still should be protected as private because it was not meant to be shared with others. The law does not have the moral authority to interrogate that information. Court decisions not withstanding, information shared in such a manner is private and should have legal recognition.

Information can be shared in confidence with a covenant, pact, or promise that the information will not be shared outside of that confidence. This promise may not expressed verbally, but that is not necessary for the covenant to exist. The situation at the time of the sharing the information can be clearly understood by both parties that the ensuing conversation is confidential.

If John learned that his friend Kevin had been sexually abused as a child, John might share with his friend that he had been sexually abused as a child as well. By saying that he understands what Kevin was struggling with, they begin a conversation where the information is confidential. Although it is not protected by any legal doctrine such as attorney/client privilege, or a patient/therapist relationship, that does not make it any less private. By taking his friend aside and speaking with him out of the company of others in this manner, he has made a covenant that “Kevin, this is for us to share. What you share with me next, I am not going to share with others.” If John later shared with Kevin’s girlfriend details of that abuse, the outrage of Kevin would be a reasonable expectation. If John had shared it even wider than that, the presence of a privacy violation would be clear.

Similarly, if Torie shared with a trusted teacher about her transgender status, she would do it in a manner that any teacher would understand that the information had been shared in confidence. There would be a connection between the two of them that had developed gradually that led them to be able to have such a covenant of confidentiality about this information. The words “don’t tell anyone else” are not required for the mutual understanding to be just as factual.

With respect to HB 2, the state has no right to interfere with that confidence nor claim that Torie’s status is no longer private. Requiring her to reveal what her birth certificate says is an affront to her dignity. It tears at the very fabric of what human relationships are truly woven from.

Original image: private. By Bryan Kennedy [Image license]

Marco Polo Video Walkie Talkie and Privacy

 Recent I got an invitation to install an app for my phone from a person in my contact list that I rarely interact with. The app sent this message “Hey get on this so we can chat marcopolo70.me/[omitted]”

I was hesitant to install the app because I don’t really like video chat. I decided to check it out the next day anyways. When I went to install it I looked at the information the app wanted access which included SMS,  contact list, photos and SD card.

Being more conservative I decided to not install it. I didn’t want an app that could send texts and read my contact list. After deciding to ignore the app. I looked at some reviews  and saw that once installed, the app sends messages just like the one I received to a random set of contacts.

That makes it viral because it can replicate by sending it to others who can expand the installed base. By using social engineering it is able spread itself exponentially without needing to take advantage of any technological flaws to spread automatically. It effectively works like a digital chain letter without the participants being aware of that.

However there is another pernicious effect of the app which is that the link it sent me was personalized and pointed to a web page.  This let the owners if the app to verify my phone number as a valid cell number without my permission  or ability to evaluate the privacy policy or review the qualities of the app. This information is really valuable and can be sold for legal (our illegal) activities. In addition the owner learns the model of phone,  version of OS and other technical information that allows access to any real security flaws (known or day zero) of the victim’s phone.

The domain contact for marcopolo70.com is “BORTNIK BORTNIK” associated with a business “EVERY1X1” It’s has been registered for only 26 days. The remainder of the domain information including full contact information for the registrant is available at http://servicehostnet.com/domain/marcopolo70.com#reg-metadata The domain marcopolo70.me is harder to get information about the registration so I’m not sure the exact details but it’s obviously linked to the same organization.

It’s pretty clear that these violate the domain registrar’s enom.com and the Montenrgro (.me) terms of service but I haven’t heard if either of then have taken action. (But they haven’t had much time to react either.)

From a fair information practices point of view it blows then out of the water. There is no notice or awareness of the owners practices,  no consent or choice,  no access or participation and no security or integrity of their handling of the information. In fact there is the exact opposite of all of them.

As far as the app and website violating US or EU laws, that’s probably easy to determine but I’m not sure the procedure of reporting that at the moment. I won’t have access to a desktop computer for a few days.

Edit: every1x1 also owns marcopolo54.org and marcopolo66.org and apparently every other marcopoloXX