Contextual Information Search

De Google Paradox

2009-03-31T17:33:00.000-07:00

Permalink, 1 April 2009

'Googlen' is een werkwoord geworden in onze taal, synoniem voor zoeken op het Web. Het probleem is dat we er zo kritiekloos mee omgaan, alsof Google alle antwoorden heeft. Ons vertrouwen in Google berust echter op een misvatting volgens Siva Vaidhyanathan, professor in de Bibliotheekwetenschappen:

"....We do not properly understand the nature of the nature of the transaction between us and Google. ...into our relationship with Google we do not grasp that we are not really Google's costumers. Google calls us users, but in fact we are Google's products. Our attention is what Google sells to its customers, which are the advertisers." (BBC interview)

We zijn dus geen klanten van Google, maar Google gebruikt onze argeloze aandacht en nieuwsgierigheid om zijn adverteerders te bedienen.

Volgens prominente linguisten zoals Arbib en Lakoff verklaren spiegelneuronen de biologische ontwikkeling van het menselijk taalvermogen (Arbib, 2005; Gallese, Lakoff, 2007). Ze maken het in alle geval mogelijk dat we elkaar begrijpen zelfs in dubbelzinnige situaties die weinig aanknopingspunten bieden. Omdat spiegelneuronen het mogelijk maken ons in de schoenen van iemand anders te plaatsen kunnen we ook zijn intenties begrijpen. Ook als we zoeken met Google maken we op een of andere manier onze intenties duidelijk. Google krijgt onze aandacht gratis. De vraag is schenkt Google ook aandacht aan ons, of loert het gewoon van achter een doorkijkspiegel naar ons terwijl het ons wat brokjes informatie toegooit die al of niet relevant zijn voor onze vraag.

Google verzamelt en bewaart in alle geval persoonlijke gegevens over ons. In Google's privacyoverzicht kan je zien welke gegevens het verzamelt over zijn gebruikers. Als je aangemeld bent bij Google kan je ook je zoekgeschiedenis bekijken. Google gebruikt die gegevens over onze intenties om ons advertenties voor te schotelen aangepast aan de context. Google maakt ook een profiel op basis van ons zoekgedrag, maar dit profiel krijgen we niet te zien, alhoewel Google zich het recht voorbehoudt dit profiel met derde partijen te delen:

We kunnen persoonlijke gegevens gebruiken om de door u gevraagde services te verbeteren, zoals services die aangepaste inhoud en advertenties weergeven.

We kunnen persoonlijke gegevens ook gebruiken voor controle, onderzoek en analyse om zo de Google-technologieën en -services te leveren en te verbeteren.

We kunnen gecombineerde, niet-persoonlijk traceerbare gegevens mogelijk doorgeven aan derden buiten Google.

Wanneer we de hulp van derden inroepen om uw persoonlijke gegevens te verwerken, vereisen we dat zij zich houden aan ons privacybeleid en de vereiste maatregelen treffen met betrekking tot vertrouwelijkheid en beveiliging.

We kunnen gegevens in speciale gevallen ook aan derden ter beschikking stellen, bijvoorbeeld als dat in overeenstemming is met juridische procedures, fraude of schade voorkomt, of de veiligheid van ons netwerk en onze services garandeert.

Google verwerkt persoonlijke gegevens op onze servers in de Verenigde Staten en in andere landen. In bepaalde gevallen verwerken we persoonlijke gegevens op een server die zich niet in uw eigen land bevindt. (http://www.google.be/intl/nl/privacy_highlights.html)

De verbijsterende paradox is dat Google beweert die gegevens te gebruiken om zijn diensten te verbeteren maar daarin achterblijft tegenover andere zoekmachines omdat zoeken niet de business is van Google maar wel adverteren. Onlangs implementeerde Google een verbetering van zijn zoekresultaten. Volgens 'The Official Google Blog' voegde het op 24 maart 2009 "a new technology that can better understand associations and concepts related to your search" toe aan pagina met de zoekresultaten. Nu was het wel hoog tijd dat Google deze verbetering invoerder, de voornaamste concurrenten hadden dit al jaren eerder gedaan.

Ask geeft 'Related Searches' sedert mei 2005[1]. 'Ask' stelt daarnaast ook een lijst van veel gestelde vragen en antwoorden voor die verband houden met het onderwerp. Van bij zijn lancering in juli 2008 toont Cuil verwante categorieën en subcategoriën in de rechterkolom. 'Ask' en 'Cuil' waren niet alleen eerder in het aanbieden van verwante concepten, ze bieden ook meer dan Google. Yahoo's versie van verwante concepten is met die van Google te vergelijken met dat verschil dat het reeds voorhandig is sedert 9 mei 2006[2]. Wikia Search biedt niet enkel verwante begrippen aan maar laat de gebruikers ook toe om interactief suggesties toe te voegen volgens de vertrouwde Wiki procedure en dit sedert juni 2008[3]. Het lijkt er dus meer op dat Google de hete adem van zijn concurrenten in zijn nek begon te voelen in plaats van vernieuwend te zijn zoals het de zaken voorstelt. In feite blijft Google achterop hinken als het vernieuwing en verbetering betreft.

Is Google dan zo dom of denkt het dat wij dol zijn? Ik vrees dat dit laatste het geval is. Google heeft de beste brains verzameld in Mountain View en het financiert top research aan verschillende universiteiten maar het gebruik van die kennis komt meer en meer in botsing met zijn 'busines model'. Als gebruikers van Google direct die relevante zoekresultaten zouden voorgeschoteld krijgen die ze willen, dan wordt het window om pay-per-click advertenties te tonen wel heel klein. Deze advertenties zijn het hoofdinkomen van Google sedert Microsoft en Yahoo hun eigen zoekrobotten gebruiken. Door semantiek toe te voegen aan zijn zoekresultaten verlaat Google ook gedeeltelijk zijn mythisch zoekalgoritme PageRanking, ontwikkeld door de oprichters van Google Larry Page en Sergey Brin. Kort samengevat werkt het als volgt: de zoekmachine kijkt hoe vaak de ene website door de andere wordt genoemd en onthoudt dat heel precies. Hoe vaker naar een website wordt verwezen, hoe hoger het resultaat in Google. Niet alleen zijn deze verwijzingen gemakkelijk manipuleerbaar[4], het algoritme kent ook geen enkele betekenis toe aan de informatie die het voorschotelt en dat zou volgens Henk van Ess wel eens de Achilleshiel van Google kunnen zijn:

"Durfinvesteerders geloven in hun zoektocht naar de opvolger van Google. Zij staken de afgelopen drie jaar meer dan 250 miljoen euro in tientallen startups die zoekmachines ontwikkelen. Hun zoekrobots moeten beter begrijpen wat gebruikers zoeken op het web. „Alle initiatieven richten zich op de achilleshiel van Google", zegt de Nederlandse internetdeskundige Henk van Ess. „Google kent geen betekenis toe aan zoekresultaten. Het weet niet wat het voorschotelt.""[5]

Vroeg of laat zal Google uit de markt geprezen worden als de zoekmachine zich niet weet aan te passen aan de vereisten van de menselijke intelligentie. We gaan hier in op een van de belangrijkste aspecten van ons zoekgedrag, namelijk dat het intentioneel is. Momenteel wordt dit nog zwaar uitgebuit door Google, zonder dat het daar veel voor in de plaats aanbiedt.

Alhoewel dat niet zo lijkt, toch zijn de antwoorden die Google en andere zoekrobotten ons voorschotelen vrij willekeurig. Dat het niet onwijs is als je op zoek ben naar goede informatie om eerst in de Wikipedia te zoeken eventueel met Powerset en pas dan met verschillende zoekrobotten te zoeken. Zoekrobotten geven onderling uiteenlopende resutaten weer. Dit wordt grafisch weergegeven op de site Thumbshots. Het programma zoekt hetzelfde met Google, Yahoo en Live en toont grafisch - met blauwe en grijze bolletjes - welke zoekresultaten overlappen. Bij uiteenlopende zoektermen is dat ten hoogste 20 procent. Dit is verbazend weinig en doet ons sterk twijfelen aan de betrouwbaarheid van zoekrobotten in het algemeen.

[1] Zie Ask Jeeves Serves Up New Features

[2] Zie Livesearch on AlltheWeb

[3] Zie Wikia Adds Features to its Open Source Search and Search Wikia Launches Open Source, Distributed Crawler

[4] Er draait in feite een hele industrie op de Search Engine Optimizers. De simpelste manier is drukbezochte webspace huren en daar dan links plaatsen. Niet verwonderlijk maar wel verwerpelijk en heel hypocriet wordt die industrie op verschillende manieren gevoed vanuit Google, onder andere door trefwoorden ten veilen.

[5] Zie http://www.voelspriet.nl/googlekillers.htm

Dit is de vertaling van het eerste deel van een artikel oorspronkelijk gepubliceerd in het Engels:
Google’s one-way mirror: a business model for privacy invasion [CIS 2]

Google tips and tricks: find definitions and define price ranges

2009-03-31T14:35:00.000-07:00

Permalink, 31 March 2009

In a previous article we showed that Google is rather refraining the development of search technology instead of advancing it. But there is more. Google seems also to hide some undocumented search options. When you go to 'advanced search' you can use options like 'site:' , 'filetype:', 'allintitle:' when you want to specify that you only want results from a specified domain, in a specified file type or only those who have your search term in the title. There is another undocumented option: 'define:'

Its quite simple just type

define: adhd

define: swaps

define: schizophrenia

or another word you want the definition of and Google will return 10 to 20 definitions from trusted sites like Wikipedia, princeton.edu, Stanford.edu etc. You can even get those definitions in other languages like French, Italian, German or Russsian.

It's a quick way to find a definition when you do not have the time to read the article in the Wikipedia.

Beware, when you leave the realm of encyclopaedic knowledge you might nog get the answer you are looking for. Google shapes its and our world according to its own world view. When I asked to define 'contextual search' I got the following answer:

Text links appear in an arlicle based on the context of the content. Advertiser pays when the link is clicked.
www.tvb.org/multiplatform/Multiplatform_Glossary.aspx

That one wasn't very useful. But what would you exspect.

Another usefull trick is when you search for products in a given price range. Let's say you search for a laser printer beween 100 and 200 euro. Just type:

laserprinter 100...200 euro

You first type the name of the product and then the range. Notice I typed 3 dots between the numbers, not two of four, just three to make it work. Also do not type dots in the numbers looking for an apartment then use 250000 without dots! Like this

Appartement London 250000...300000

Well Connected? The Biological Implications of 'Social Networking'

2009-03-23T11:44:00.000-07:00

Hours per day of face-to-face social interaction declines as use of electronic media increases. These trends are predicted to increase (data abstracted from a series of time-use and demographic studies)."

Permalink

Two scientists express their concern about the use of the social Web. According to Sigman’s article, entitled “Well Connected? The Biological Implications of ‘Social Networking.”, it could increase the risk of problems as serious as cancer, strokes, heart disease and dementia. Lady Greenfield expressed earlier this month her concerns in a debate in the House of Lords, in which she said that social networking, as well as computer games, might be particularly harmful to children, and could be behind the observed rise in cases of attention deficit-hyperactivity disorder.

Research suggested that the number of hours people spent speaking to others face-to-face had fallen dramatically since 1987 as the use of electronic media increased. Social networking sites such as Facebook could raise your risk of serious health problems by reducing levels of face-to-face contact, a doctor claims. Emailing people rather than meeting up with them may have wide-ranging biological effects, said psychologist Dr Aric Sigman.

Social networking sites such as MySpace and Facebook allow people to keep in touch with friends over the web. They can swap pictures, play games and leave messages which explain how their day is going. But the lack of face to face contacts can cause health problems as to Sigman.

We are lacking face to face contacts

Britons spend about 50 minutes a day interacting socially with other people. The Internet and other electronic media “can be fantastic tools but they shouldn’t displace real relationships,” Sigman said said. “The balance is all wrong.” But even though they are designed to bring people together, Dr Sigman said they were actually playing a significant role in people becoming more isolated.

The Office for National Statistics of the UK has just reported that "over the last two decades the proportion of people living alone doubled", a trend now highly pronounced in the 25-44 age group. For the first time in our history a third of the adults in this country live alone, a trend that looks set to continue.

The rapid proliferation of electronic media is now making private space available in almost every sphere of the individual's life. Yet this is now the most significant contributing factor to society's growing physical estrangement. Whether in or out of the home, more people of all ages in the UK are physically and socially disengaged from the people around them because they are wearing earphones, talking or texting on a mobile telephone, or using a laptop or Blackberry. An increasing number of deaths caused by the wearers of MP3 players inadvertently stepping into oncoming traffic has led to Senatorial proposals for a New York State 'distracted walking bill' to outlaw the use of mobile phones, handheld emailing devices such as Blackberries and video games while crossing a road. Senator Carl Kruger described how people walking around 'tuned in' were, in the process of being tuned in, being 'tuned out' to the world around them. The malady is referred to as "iPod oblivion".

Children now spend more time in the family home alone in front of TV/computer screens than doing anything else (Sigman, 2007). A study by the Children's Society recently found that television alone is displacing the parental role, eclipsing "by a factor of five or ten the time parents spend actively engaging with children". Another ongoing study reports that 25% of British five-year olds own a computer or laptop of their own. In particular, the study noted an enormous increase in 'social networking' among younger children which "has overtaken fun (online games) as the main reason to use the Internet". UK social-networking usage is now the highest in Europe. The trend is set to increase: the BBC has recently unveiled the social networking site MyCBBC directed at children as young as six.

Electronic media was also undermining the ability of children and young people to learn vital social skills and read body language, said Dr Sigman. 'Parents spend less time with their children than they did only a decade ago. Britain has the lowest proportion of children in all of Europe who eat with their parents at the table. The proportion of people who work at home alone continues to rise.

Couples spend less time with each other and more time at work, commuting, or in separate rooms of the same house using electronic media devices, and Britain has the lowest proportion of children in Europe who eat with their parents at the table.

'One of the most pronounced changes in the daily habits of British citizens is a reduction in the number of minutes per day that they interact with another human being,' he said. 'In less than two decades, the number of people saying there is no one with whom they discuss important matters nearly tripled.

Is Social Networking Killing us?

Well, no, probably not. Or at least, not literally. But also Susan Greenfield suggested that spending all day, and — admit it — much of the night networking on a computer might in fact be bad for your body and your brain.

Susan Greenfeld is an authority on the brain’s workings , she's a professor of pharmacology at Oxford University and the director of the Royal Institution of Great Britain. She told a British newspaper that social networking sites remind her of the way that “small babies need constant reassurance that they exist” and make her worry about the effects that this sort of stimulation is having on the brains of users. Lady Greenfield (she’s a neuroscientist and a baroness) told the Daily Mail:

My fear is that these technologies are infantilizing the brain into the state of small children who are attracted by buzzing noises and bright lights, who have a small attention span and who live for the moment.

These remarks echo concerns that Lady Greenfield expressed earlier this month in a debate in the House of Lords, in which she said that social networking, as well as computer games, might be particularly harmful to children, and could be behind the observed rise in cases of attention deficit-hyperactivity disorder:

If the young brain is exposed from the outset to a world of fast action and reaction, of instant new screen images flashing up with the press of a key, such rapid interchange might accustom the brain to operate over such timescales.

As if to perfectly prove her point, here is 36 seconds of Lady Greenfield attempting to explain her thoughts to a reporter for Britain’s Channel Five, in a video clip posted on YouTube today by the broadcaster, without any introduction or context:

A day later, in a very interesting interview on The Guardian’s Newsdesk podcast, Lady Greenfield was given several minutes more to expand on her thoughts. It is worth listening to the whole interview, but of particular interest is her suggestion that conducting personal relationships through a screen could be having an effect on the brains of users and might even be related to the rise in cases of both A.D.H.D. and autism.

In the House of Lords debate, Lady Greenfield also stressed that social interactions conducted through computer screens are fundamentally different from spoken conversations — which, she said, are “far more perilous” than electronic interactions because they “occur in real time, with no opportunity to think up clever or witty responses.”

Lady Greenfield told the Lords:

Real conversation in real time may eventually give way to these sanitized and easier screen dialogues, in much the same way as killing, skinning and butchering an animal to eat has been replaced by the convenience of packages of meat on the supermarket shelf. Perhaps future generations will recoil with similar horror at the messiness, unpredictability and immediate personal involvement of a three-dimensional, real-time interaction.

Biological mechanisms

Time that was previously spent interacting socially is increasingly been displaced by the virtual variety. A recent editorial of the Journal of the Royal Society of Medicine made the timely point that leukocytes, the small white blood cells of the human immune system, has reported the first evidence that social isolation is actually linked to global alterations in human gene transcription in leukocytes. Transcriptioninvolves the transfer of genetic information from the DNA molecule to the messenger RNA. DNA analysis identified 209 genes that were differentially expressed in circulating leukocytes taken from subjects who reported high levels of social isolation versus those reporting low levels. The differences between the groups included the increased expression of genes involved in immune activation, transcription control, and cell proliferation, and the decreased expression of genes supporting the function of the leukocytes (mature B lymphocytes) and Type I interferon response. The researchers found impaired transcription in genes, which is central to our bodies mounting an anti-inflammatory reaction to illness or stress, referred to as a glucocorticoid response. They also observed increased activity in the gene transcription control pathways that promote inflammation in disease and stress, and they now believe that this is a functional genomic explanation for the greater risk of inflammatory disease and adverse health outcomes in individuals who experience high levels of subjective social isolation (Cole et al, 2007).

Based on quantitative angiogram findings, subjects with smaller social networks had narrower arteries (mean angiogram stenosis value, 40.8 vs 27.2 for small vs. large social networks, respectively; (p<0.001) (adapted from Rutledge et al., 2004).

Lack of social connection or loneliness is also associated with increased risk of cardiovascular disease. The neuropeptide oxytocin is increasingly considered the 'hormone of affiliation', released in plasma and cerebrospinal fluid in response to everyday aspects of human interaction such as somatosensory stimulation, hugging, touch, warm temperature - and it is also involved in feelings of trust and generosity. Oxytocin has recently been found to prevent detrimental cardiac responses including elevated resting heart rate, reduced heart rate variability, and reduced parasympathetic regulation of the heart in adult female animals exposed to social isolation. This may be one of the central mechanisms that underlie the relationship between social contact, cardiovascular disease or better cardiac function in humans.

The lack of “real” interaction combined with a dependence on technology is increasingly tied to physiological changes known to influence morbidity, or the extent of disease, and mortality, according to the article, which collates data from western industrialized societies. Those changes include upsetting hormone levels, immune responses and blood pressure, the function of arteries and mental performance. Social networking Web sites such as Facebook and MySpace may increase the risk of health problems as serious as cancer, strokes and dementia by altering the way genes work, according to Sigman's report in the Biologist journal.

“We probably have an evolutionary protective mechanism and when we were still in the cave, we would survive so much easier when we worked together,” Sigman said in a telephone interview. “Evolution has a system that benefits us when we connect with other people in the flesh.”
National debate

Interacting 'in person' had effects on the body not seen when writing emails, Dr Sigman claimed. Levels of hormones such as the 'cuddle chemical' oxytocin, which promotes bonding, altered according to whether people were in close contact or not. 'There does seem to be a difference between "real presence" and the virtual variety,' Dr Sigman added.

Some genes, including ones involved with the immune system and responses to stress, acted differently according to how much social interaction a person had with others. Increased isolation could alter the way genes work and upset immune responses, hormone levels and the function of arteries. It could also impair mental performance.

This could increase the risk of problems as serious as cancer, strokes, heart disease and dementia, Dr Sigman says in Biologist, the journal of the Institute of Biology.

Dr Sigman added: 'Social networking sites should allow us to embellish our social lives, but what we find is very different.

Looking around him, Dr. Sigman has observed that, lately, more people “are physically and socially disengaged from the people around them because they are wearing earphones, talking or texting on a mobile telephone, or using a laptop or Blackberry.” Then he notes:

Time that was previously spent interacting socially has increasingly been displaced by the virtual variety. A recent editorial in the Journal of the Royal Society of Medicine made the timely point that social networking “encourages us to ignore the social networks that form in our non-virtual communities. … The time we spend socializing electronically separates us from our physical networks.”

From there, Dr. Sigman makes something of a leap, suggesting on the basis of no experimental evidence that virtual social networking, by way of Web sites like Facebook or Twitter, probably does not confer the same health benefits as actual, unmediated social interaction.

One problem with this analysis, as Charles Arthur pointed out on The Guardian’s technology blog, is that Dr. Sigman does not seem to distinguish between interactive activities people engage in online, particularly on social networking sites, and the more passive consumption of media, like watching television or listening to music. He refers to time spent “in front of TV/computer screens” and presents a chart of hours spent in “Social Interaction vs. Electronic Media Use,” which of course assumes that there is no overlap between those two activities.

Most telling, as Mr. Arthur noted, is that Dr. Sigman seemed not to take account of how the Web is increasingly used in what Lawrence Lessig calls read-write ways that are very different from passive media consumption. As Mr. Arthur wrote:

Sigman points to a 1998 study that suggested that greater use of the Internet “was associated with declines in communication between family members in the house, declines in the size of their social circle, and increases in their levels of depression and loneliness.”

O.K., that was 1998, though. In fact, Sigman doesn’t really have anything to say about social networking systems such as Facebook and Twitter.

So, until some future studies are done comparing the health of compulsive users of Facebook or Twitter to that of their peers, the jury is still out on whether we will all be killed or driven mad by social networking.

One conclusion that some networkers have already come to, though, is that social networking may be killing us in a different way — by adding to our workloads. As Kamran Abbasi wrote in the editorial in the Journal of the Royal Society of Medicine that was cited by Dr. Sigman:

My enthusiasm for reviving old friendships and retaining newer ones via social networking waned when managing information about other people’s socializing became harder work than my day job.

Two summers ago, the editors of the journal N+1 made a similar point about how even e-mail had started to seem more like work than play. And last month in The London Review of Books, in an essay on video games, John Lanchester wrote that in some ways, even games played on a computer are a kind of work:

A common criticism of video games made by non-gamers is that they are pointless and escapist, but a more valid observation might be that the bulk of games are nowhere near escapist enough. A persuasive recent essay by the games theorist Steven Poole made the strong argument that the majority of games offer a model of play which is oppressively close to work. The Grand Theft Auto games, for example, are notorious (especially among people who’ve never played them) for their apparent celebration of random violence. The most recent iteration of the game, however, Grand Theft Auto IV, involves the main character having to spend a large amount of time building up his relationships, so that he can have people to help him do his criminal thing; and building up these relationships involves driving to see these people, taking them out to nightclubs, and sitting there with them. It’s not significantly less boring in the game than it would be in real life.

The very interesting post Mr. Lanchester points to, “Working for the Man: Against the Employment Paradigm in Videogames,” on Steven Poole’s blog, makes you wonder if there is any way in which computers can be used now that is not some form of work. After noting that many games “hire us for imaginary, meaningless jobs that replicate the structures of real-world employment,” Mr. Poole makes a persuasive case that all of us really should get away from our screens for a good long while:

Today, the most common paradigm for progress in games, for example, is the idea of “earning.” Follow the rules, achieve results, and you are rewarded with bits of symbolic currency — credits, stars, skill points, powerful glowing orbs — which you can then exchange later in the game for new gadgets, ways of moving, or access to previously denied areas. The only major difference between this paradigm and that of a real-world job is that, whereas the money earned from a job enables you to buy beer and go on holiday — that is, to do things that are extraneous to the mechanized work process — the closed video-game system rewards you with things that only makes it supposedly more fun or involving to continue doing your job, rather than letting you get outside it.

Sources:

Well connected? (paper of Dr. Sigman)

MMR and the value of word of mouth in social networks
Technology Blog
Daily Mail online
New York Times

Highlights 2bloggen

2009-03-23T02:09:00.000-07:00

Introduction to Contextual Information Search [CIS 1]

The point is that computer science has far to long restricted its research in typical domains as logics, statistics and economic

Google’s one-way mirror: a business model for privacy invasion [CIS 2]

….we do not properly understand the nature of the nature of the transaction between us and Google. …into our relationship with Google we do not grasp that we are not really Google’s costumers. Google calls us users, but in fact we are Google’s products. Our attention is what Google sells to its customers, which are the advertisers.

Mafia and Mafia-type organizations in Italy by UmbertoSantino

Tens of thousands march in Naples against Mafia

More than 100,000 people marched in Naples on Saturday in one of the biggest anti-mafia rallies in recent years to commemorate the victims of organized crime and demand an end to its stranglehold on southern Italy.

Questioning Authority: A Rethinking of the Infamous Milgram Experiments by Leliana Segura

Carrières d’espion en France

E-reputation toolkit

Democracy-support and the Arab World: after the fall by Tarek Osman

a common ground for search in real life and search using computers

2009-03-20T11:04:00.001-07:00

permalink

Googling has become a verb in our language. This shows the deep impact of Google on our culture and our lives. But Google is not primarily about searching. Google is an information shovel selling adds. In a previous article I intuitively described contextual search as finding information on the web not using Google. I was a little bit surprised about the interest for the story, because the idea of contextual search was still an embryonic idea. In this article I will develop this idea of contextual search further correlating to and in opposition to googling trying to find out what it is and what it is not. When looking for better information search strategies I want to compare our search behaviour using CMC based systems like Google with natural communication. This is the starting point. This may sound odd and completely off the record, but in fact I'm only re-joining a tradition that has started in the sixties and seventies at the Biological Computer Lab in Urbana Campaing by Gordon Pask

Breaking the walls

The point is that computer science has far to long restricted its research in typical domains as logics, statistics and economics. This is understandable since the background disciplines of most computer scientists is of course beta science, but it has lead to a dangerous tendency of inbreeding. Though many of scientists that were at the origin of computer science and cybernetics like Weizenbaum, and Wiener, were far more critical to their own domain and open minded towards other scientific disciplines. They were aware of the social implications and warned for misuse and abuse.

In 1950, Wiener published The Human Use of Human Beings, which was widely read by general audiences. This book expressed Wiener's deep concern over the ethical consequences of the new technologies which science and cybernetics were making possible. It examines the nature of language and education as the means for a society to transmit cultural knowledge. It also examines the use of law, mass communication, secrecy and espionage by political regimes to enforce, regulate and protect their systems of power and control. He expresses a deep concern that the technologies of atomic weapons could not be kept from spreading to other countries because just knowing that they are possible is a sufficient incentive to motivate scientists to find the means of building it. And so he urges intellectuals and scientists to think carefully about the consequences of their work, and whether it will really improve the state of the world in the long-run.

An even more reflective book, God & Golem Inc. (1964) addresses the implications of cybernetics for the ethical society. Wiener takes the image of the golem from Jewish mythology, which is a being made of clay and brought to life by a sorcerer, as a metaphor for the scientist who brings machines to life with cybernetics. He uses the metaphor to develop the idea that every age has its dogmatic beliefs, and there will be those who stand up to oppose them.

In 1966 Weizenbaum fooled those who believed in the almightiness of computers with his automatic therapy program ELIZA. He claimed that the shrink could simply be replaced by a computer program. Many believed the program could cure mental desease until Weizenbaum told to his surprised audience that ELIZA was fake. The second generation of cybernetic scientists, second order cybernetics or new cybernetics only added to this criticism. (see for a tribute to Weizenbaum Geert Lovink: The society of the query and the Googlization of our lives)

New cybernetics was quite aware of the shortcomings of Computer Mediated Communication and it left the narrowness of logics, mathematics and economics .Phisiology, biology, psychology, neurology, epistemology, belonged to their domain of discovery. In Urbana-Campaign at the University of Illinois the Biological Computer Lab of Heinz Van Foerster was inquiring the man-machine interaction. A range of brilliant scientists developed new cybernetics there from 1958 until 1974. The most important were: Heinz von Foerster (fysics, biofysics, epistemology), von Glaserfeld (epistemology, radical constructivism), Maturana and Varela (biologists, radical constrivism), Gordon Pask (psychologist, neurologist), Ashby (Cybernetics). Close to it, at Palo Alto worked Watzlack and Bateson developping communication theory and double bind theory. Both teams were connected (Müller, 2000)

Today science is even tighter locked op in disciplines. This is a problem for a system engineer who wants to anticipate the social implications of his design. Jim Hendler notes in "Reinventing Academic Publishing - Part III":

"In science, I would argue that a similar effect is what causes a lot of the jargon issues to arise. When we use a particular term from a particular field, we are usually in a context, be it a talk at a conference or a paper in a journal, which defines how that term is used. In fact, one problem that scientists often face is that when we try to explain what we do to the general public, they don't have these contexts and the words we use revert to their more generic meanings - leading to misunderstandings and confusion. Similar misunderstandings and confusions happen when scientists communicate across boundaries, and that is where much of the problem arises in interdisciplinary scientific discourse."

David Koepsel complaints in "Back to Basics: How Technology and the Open Source Movement Can Save Science":

"The relation of article publishing to career promotion in academic science has also promoted "salami science," in which a single scientific study may generate more papers than would practically be necessary to disseminate the results of a single study."

I propose that science and science application meet again. Therefore I want to join Gert Lovinks proposal of "dismantling the academic exclusion machine", and leave the strict borders of computer science scout outside this domain in neurology, linguistics, sociology and political economics. Pask's creative ideas are still at the core of research today.

On the road with Gordon Pask

The idea of Pask's conversation theory is that learning occurs through conversations which make the knowledge explicit. This is the main point I want to follow. t I want to consider information searching as a human learning activity. Pask's conversation Theory regards social systems as symbolic, language-oriented systems where responses depend on one person's interpretation of another person's behaviour, and where meanings are agreed through conversations. This vision is continued in the sociological work of Niklas Luhman and the evolutionary cybernetics of Francis Heylighen. Heylighen developed the idea of learnig Webs in his article 'Bootstrapping Knowledge representations: from entailments meshes via semantic nets to learning webs' (Heylighen Francis, 1997). This idea introduces the possibility of connecting the namespaces of the semantic Web with link-spaces. Heylighen continues doing research in this field. See his homepage or his publicaion list at Scientific Commons. Interdiscaplinarity was a main approach of Pask's Interactions of Actors Theory.

The progress made in the recent years in neuroscience confirms that the approach of the computer-men relation at the BCL was enlightening only computer science today doesn't seem to be aware of it. Behaviourist Stimulus-Response theories are still predominant in the majority of publications though they have proven to be false. In the 1973 Robert Rescorla refuted the stimulus-response schema (S-R) , one of the dogma's of behaviourism[1]..Even the mice brain is not an input-output machine reacting on impulses, it's behaviour is anticipative. Some computer scientists that promote a system centred approach are still working with old fashioned ideas or are they just erring taking men for computers? Anyway this is what happens when putting walls between scientific disciplines. Let's have a look what we can learn from actual neuroscience.

Since the discovery of mirror neurons in 1994 by Gallese, neuroscience is uncovering bit by bit the interaction of our brain in communication with other brains. Neurosociology and neuroeconomics are fast developing fields. They stress the importance of empathy and social interaction in communication .

Conversation Theory and Pragmatics share important basic concepts on communication. Today pragmatics as well as conversation theory remain greatly ignored in Net applications. As to Pragmatics, and this is stressed in the Relevance Theory (Dan Sperber, Gloria Orriggi, 2004), the primary condition for success of the human communication system is overtness.

The code model of communication has the advantage of simplicity but if it has to cover human communication it suffers from some important inconsistency: How does a child learn to speak, learn the code, having no basic code available to start with? In engineering we call such a problem, the bootstrapping problem. The inference model doesn't need a code to start with. As to Dan Sperber and Gloria Origgi intention is the key to understanding:

"After Grice, a second, wholly different mechanism was identified that also made communication possible: a communicator could communicate a content by giving evidence of her intention to do so, and the audience could infer this intention on the basis of this evidence. Of course, the two mechanisms, the coding-decoding, and the evidence-inference one, can combine in various ways. Today, most students of linguistic communication take for granted that normal comprehension involves a combination of decoding and of Gricean inference processes." (Sperber, Dan, Origgi, Gloria, 2000)

They point to a key aspect of Paul Grice's pragmatics is analysing language as speech. Pragmatics today refutes the unique role of codification and confirms that intentions play the leading role. Pragmatics shares this vision with Noam Chomsky. Noam Chomsky may be called the father of the anti-behaviourist paradigm in language analysis, criticising Skinner in 1959.

Tardes political economy of knowledge fits in Heylighens conceptual schema. See e.g. Trust in Communication between Individuals: A Connectionist Approach (2008). In recent analysis of Web 2.0 we found also indications that Adam Smith's and Marx's analysis of the market and commodities cannot be applied on information. One of the misleading concepts in Web 2.0 is the long tail, a marketing based concept (consumer demographics). It points to the context of Smiths free market as a driving force in the development of the World Wide Web. This is a cliché that easily can be undermined. Denis Hancock did put the long tail of Youtube in perspective:

"To me, that looks like a blockbuster model - and based on the viewing habits of people I know that go to YouTube, this makes sense (many simply check out whatever is most popular, which becomes a self-perpetuating cycle). But what do you think - am I missing something here, or is the long tail really not that important no YouTube?"

In their paper: Metcalfe's Law, Web 2.0, and the Semantic Web James Hendlerand Jennifer Golbeck explain the success of Youtube:

"Interestingly, email and blogging has proven to be one of the crucial aspects of the YouTube phenomenon.(...) Search in YouTube is rimarily enhanced by the social context, not by the "semantic content" of what is in the videos (Marcus, Perez, 2007). While automated technologies to create indexes of these videos are being sought, the primary indexing comes through the social overlay of the site." (Hendler, James and GolBeck, Jennifer, 2007, p. 3)

"...we argue that given the prevalence of the social constructs within these sites, that value of the network effect is coming from the links between people arising from the interactions using these sites." (Hendler, James and GolBeck, Jennifer, 2007, p. 4)

Therefore we prefer the political economy of knowledge of Tardes to be our guide where once again overtness plays a crucial role and where the market reductionism is disaproved. The complete commodification of knowledge and thereby of communication isn't possible because it is not a commodity in the traditional sense of Adam Smith's political economic theory. Making 'le savoir' a commodity is a reduction inflicted by those who want to earn money with knowledge and the desire to know, curiosity, a basic human drive. Google mixes these two concepts of knowledge: knowledge as a basic human quality acquired in experience, communication and learning and information as a commodity.

Gabriel Tarde noticed this market reduction more then 100 years ago in 'Psychologie économique'. Knowledge is a value in itself not needing a market to spread but an educating parent, a classroom teacher, a university professor, a librarian, a trainer, a friend. Tardes theory got lost in time but in the information age it's an eye opener. Instead of taking material production the famous needle factory of Adam Smith, as a starting point for his political economical analysis, he started with the analysis of 'la production de connaissances', 'des valeurs vérités' (truth values). Think about it as the production of a book, the production of a text, starting with the author having an idea to write about until the publication and acceptance (Lazzarato, Maurizio, 1999). The social context with strong collaboarative aspects is the domain for political economy of knowledge in Tardes view.

Well on the Web, the text you are reading isn't a commodity either, since it is published under the Creative Commons Licence. Anyway Google is going to use it to sell its clicks, to earn money with my work. Mixing the economic value of a book, text, with it's truth value, creates ambiguity resulting in giving up the truth value. This might not have been the original purpose of Google, but it's clear a result. So Tardes view is quite relevant for our information society and the way it treats knowledge.

An intuitive definition for a start

When looking to human search activities in the real world, the first thing that strikes me is that most of the time we do not search by trial and error, not randomly which is the foundation of the of the Google Page Rank model, but intentionally. Based on our intention there is always an anticipation process, often also a conscious search strategy. For instance when looking for blackberries in a wood, we do not look in trees but search for thorny bushes because we know that blackberries do not grow on trees. The knowledge we used to anticipate our search is contextual. But our knowledge is not static, it is a learning process. The first example is a fairly simple case, looking for things. Looking for information, also knowledge, is a bit more complicated. At the side of the searcher there are 2 steps in which the second step is used as feedback for the first:

(1) searching information (2) learning to find information as a process

As a child, driven by curiosity, we start by asking questions to our parents. On that moment it is still clear that there is a communication process involved. When we learn that we can find information on other places, in libraries for example, we forget about the communication process, because we do not longer have a personal contact with the person who made the information we look for available. The main characteristics of human search activities can be conceived as (1) constructive (2) inter-active (3) intentional. The contexts for successful human search activities are (4) collaborative and (5) overt. Overt: because this is a condition for relevant communication. These characteristics are interconnected. You cannot pick out one of them and leave the others out, my idea. Making a search environment just interactive, like Wikis Search isn't gone work, while the Wiki model, that resulted in the Wikipedia was successful because it was collaborative, constructive, interactive and intentional at the same time. This is also suggested by James Hendler and Jennifer Golbeck:

"What one sees when examining Wikipedia, and other successful sites, is the social construct being critical. As Jimmy Wales, developer of Wikipedia, stated in his (2005) talk at the Doors of Perception Conference, "Wikipedia is not primarily a technological innovation, but a social and design innovation." (Hendler, James and GolBeck, Jennifer, 2007, p. 3-4)

Searching is communicative, because is does not only rely on experience but also takes place in a social context. While this was obvious in our example an this is not a common view. But think: if nobody would make information available we would not find any. In addition if the information provider thinks about who or what his information is for, his activity, be it broadcasting, publishing, content providing, should be coherent with communicating. I use the word coherent because I do not believe it is a model for communication, it is rather the other way around.

Searching is using knowledge and building new knowledge at the same time. It is constructive, because it is always starting from the knowledge we have, we are not 'tabulae rasae'. Active because we work with the knowledge we have. Since basically we have learned to seek for information by communication, an intelligent information provider will try to facilitate our search process mirroring its own search activity.

The actual web publishing business throws all knowledge on a heap, reduces it to a homogeneous mass of unrelated data. As a 'Deus ex Mchina' Google connected it again, not based on content, but following links to pages and links to links without giving a damn about the content, without taking in account of these links do really express a relevant relation. I call this the bits and bytes approach. It lets you find a needle in a haystack but what is needed is a bird's' eye view that uncovers the relations between texts and data, that converts the haystack in a map that can be explored. The semantic is at least a step in the good direction, but it's not enough. Why not rethink the whole mess looking at human search activities, that after all were rather successful.

I consider internet and the web as a mirror of human search activities. My proposal is to inquire how we can connect context space, link space and namespace on the internet as a mirror of human search activities in the real world.

I will expand my arguments in several articles to come. The first is about the role of mirror neurons (neuroscience) and intention (pragmatics) in CMC as opposed to Google's business model.

[1] There are two competing theories of how classical conditioning works. The first, stimulus-response theory (S-R), suggests that an association to the unconditioned stimulus is made with the conditioned stimulus within the brain, but without involving conscious thought. The second theory stimulus-stimulus theory(S-S) involves cognitive activity, in which the conditioned stimulus is associated to the concept of the unconditioned stimulus, a subtle but important distinction.

E-reputation toolkit: Social Web Metasearch

2009-03-19T16:53:00.002-07:00

Permalink

The Socal Web is fantastic if it is built on top of social relations in the real world. Somebody discribed it ironically: "Twitter is for the friends you want to have while Facebook is for the friends you have had." I have no experience with Twitter, but research demonstrated that Twitter is not a social network. About Facebook, Myspace... and alike, I can be positive, they are an extra channel for multimedia exchange. For some social Webs are the photo-book we had before... for the activists it's the place where they launche petitions.

A few years ago there was much ado about the long tail, a statistic concept from consumer demographics to describe the niche strategy of businesses, such as Amazon.com or Netflix, that sell a large number of unique items, each in relatively small quantities. A frequency distribution with a long tail has been studied by statisticians since at least 1946. The distribution and inventory costs of these businesses allow them to realize significant profit out of selling small volumes of hard-to-find items to many customers, instead of only selling large volumes of a reduced number of popular items. The group that purchases a large number of "non-hit" items is the demographic called the Long Tail.

The Long Tail might be valid for sites like Amazon and Ebay, it doesn't work in social networking. After all social relations are not built on consumer demographics. Maybe the popularity of politicians might work this way, but in politics today, nobody has real friends. So? A study of Youtube showed that the long tail doesn't work on the social web. The popularity of videos on Yuotube follows rather the blockbuster model. Based on the viewing habits of people I know that go to YouTube, this makes sense. Many simply check out whatever is most popular, which becomes a self-perpetuating cycle. Desaster tourism works the same way, people slowing down on the highway if there has been an accident. So, beware! It is passing. Once the mess is cleaned, nobody will be looking any longer.

In the real world 'trust building' gives stable results when one invests time, while a reputation is shallow and passing. Trust building' is a process that takes time. One has to give evidence of this truthfulness and trustworthiness, it's about quality. But on Internet things seem to be different. PR based reputation building seems to work all the time. It suffices to get in the picture without getting in jail and that's about it. But keep in mind, it's about quantity and a self-perpetuating cycle, not about quality.

The tools I list here cost nothing. Look at them, but if you use them, keep in mind that long standing relations are built on trust not on reputation and that relations in the real world are not interchangeable.

Social Metasearch : They let you look different sources like social networks, blogs micro-blogs etc.

Whostalkin to follow those who talk about you on the Web

Samepoint Social Media search, Samepoint is a conversation search engine that lets you see what people are talking about. You can discover, learn and share new web sites and ideas. Seaches in blogs, comments, forums, micro-blogs, news, pictures and videos.

Socialmention close to Samepoint but gives a neater result since it orders the results by source. It also searches in bookmarks.

Serph anohter meta-engine but less performing

Icerocket BigBuzz Meta-engine of Web 2.0. Searches blogs, twitter, news and micro-blogs 'en plus' adds an RSS feed of the results.

Blog search Engines : These I have tested a little bit, being a blogger myself. I used the string 'Galese and Rizzolatti', because that string is in 2 of my postings from the day before, and it is rather rare. I was curious if they would find my postings.

Google Blog Search This is the typical Google interface for blogs. All options available for website search are also available for blog search. It found one of my postings and also another one with 'Galese and Rizzolati in it': Posts about Web Standards as of March 18, 2009 To my surprise it was pointing to my posting. Google does'nt offer tag-search, only text search. That's what Google is all about. Google offers Atom and RSS feeds of it's results. That's OK.

Technorati is the professional search engine for blogs. It lets you searchs to blogposts on text and tags. I use is often. It's all there: Booleans, url-search, tag-search, RSS. But the interface isn't userfriendly. To my surprise it did only find one of the two postings but it also found 2 mentions of it in Delicious, both pointing to the other posting. I suppose it eliminates doubles. Nothing to worry about I hope.

Icerocket The advanced section allows booleans, lets you look for strings, select on date. RSS also. It let's you search in title, authors list, and tags. In fact Icerocket has more options then Technorati. And it's indexes are complete also. It did find both postings. That was nice.

Blogpulse: Sophisticated. The advanced section allows booleans, lets you look for strings, select on date. You can track conversations and view the blog profiles. Lets you also search to blogs that link to your blog. RSS channel also available. But it didn't find my posting. That was bad. I presume its indexes are rather limited.

News Search

Google News

Yahoo Actualités

Wikio

Topix

Tools to follow comments.

Backtype indexes mainly blogspot blogs. You can receive RSS feeds and mail alerts.

coComment looks for comments at a predefined source address.

Yacktrack has Friendfeed, Digg et WordPress in its index.

Tools to follow forums

boardtracker.com

Omgili

BoardReader

Tools to follow micro-blogs

Twitter Search

Twilert

TweetBeep

Twitturly

Integrated sources

FriendFeed

Mybloglog

Keotag

Links to Wikipedia: Web 2.0, Social Web, Internet, Communication, Social Network, Search Engines

Google's one-way mirror: a business model for privacy invasion by Daniël Verhoeven

2009-03-18T07:54:00.000-07:00

Permalink

Author: Daniël Verhoeven

About the importance of Mirror neurons, also in CMC intention counts

Mirror Neurons were discovered in 1994 in the macaque brain by Gallese and Rizzolatti. What do Mirror Neurons do? They mirror observed actions:

"The observation of an object-related hand action leads to the activation of the same neural network active during its actual execution. Action observation causes in the observer the automatic activation of the same neural mechanism triggered by action execution." (Gallese, 2005).

In the years that follow, Gallese and others (also called the Parma Group because they all work at the university of Parma in Italy) explore the Mirror Neuron system. The Mirror Neuron system is also demonstrated in the human brain.What is special about this is that the neural system for action execution is triggered but the execution of the action is inhibited. It's not mere a system that is mirroring action it also performs simulations. When a given action is planned, its expected motor consequences are forecast. This means that when we are going to execute a given action we can also predict its consequences. The action model enables this prediction. Since the Mirror Neurons uses the same neuronal circuits this mechanism allows us also to predict actions of others.

"The same functional logic that presides over self-modelling is employed also to model the behaviour of others: to perceive an action is equivalent to internally simulating it. This enables the observer to use her/his own resources to experientially penetrate the world of the other by means of a direct, automatic, and unconscious process of simulation." (Gallese, 2005)

This 'process of simulation' of the action of others takes place regardless of the fact we are in direct communication with them. In a way our brain is communicating with the persons we observe before we even exchanged a word.

Iacobini compared the action of Mirror Neurons when observing intentional and not intentional behaviour. He concluded that the reaction pattern of the Mirror Neurons is different when the actions observed were intentional. Mirror Neurons are only activated when the action is meaningful to the observer, the system cannot be deceived:

"-areas active during the execution and the observation of an action-previously thought to be involved only in action recognition are actually also involved in understanding the intentions of others. To ascribe an intention is to infer a forthcoming new goal, and this is an operation that the motor system does automatically." (Iocobioni, 2005)

The system of Mirror Neurons also works with emotions as to Gallese:

"We recently published an fMRI study showing that experiencing disgust and witnessing the same emotion expressed by the facial mimicry of someone else, both activate the same neural structure - the anterior insula - at the same overlapping location (Wicker et al. 2003). This suggests, at least for the emotion of disgust, that the first- and third-person experiences of a given emotion are underpinned by the activity of a shared neural substrate." (Gallese, 2004)

These results provide a neurological basis for pragmatic linguistics, saying that we understand each other in grasping the intentions of our collocutor. This is not to say that Mirror Neurons are the only mechanism through which we understand the intentions of others, analysis of the perceived action and connecting it to the context and some theory we have in mind play a role as well (Rizzolatti and Craigheiro, 2005, p. 108-109).

Extract form Gallese's "Mirror neurons and the social nature of language: The neural exploitation hypothesis"The MNS has been invoked to explain many different aspects of social cognition, like imitation (see Rizzolatti et al., 2001), action and intention understanding (see Rizzolatti, Fogassi, & Gallese,2006), mind reading (see Gallese, 2007; Gallese & Goldman, 1998), empathy (see de Vignemont & Singer, 2006; Gallese, 2003a,b; Sommerville & Decety, 2006) and its relatedness to aesthetic experience (see Freedberg & Gallese, in press), and language (see Arbib, 2005; Gallese & Lakoff, 2005; Rizzolatti & Arbib, 1998). The posited importance of the discovery of mirror neurons for a better understanding of social cognition,together with a sort of mediatic overexposure and trivialization, have stirred resistance, criticism and even a sense of irritation in some quarters of the cognitive sciences.I think a clarification is in order. The relevance of the MNS in so many different aspects of social cognition does not stem from a specific endowment of these neural cells, as if mirror neurons were ''magical neurons,'' so to speak. Mirror neurons derive their property from the specific input[1]output onnections they entertain with other populations of neurons in the brain.The MNS is involved in so many aspects of social cognition because the activation of the multiple and parallel cortico-cortical circuits instantiating mirror properties underpins a fundamental aspect of social cognition, that is, the multilevel connectedness among individuals within a social group. Such onnectedness finds its phylogenetic and ontogenetic roots in the social sharing of situated experiences of action and affect. The MNS provides the neural basis of such sharing. Embodied simulation and the MNS certainly cannot provide a full and thorough account of our sophisticated social cognitiveskills. However, I believe that the evidence presented here indicates that embodied mechanisms involving the activation of the motor system, of which the MNS is part, do play a major role in social cognition, language included. A second merit of this hypothesis is that it enables the grounding of social cognition into the experiential domain of existence, so heavily dependent on action (Gallese, 2007; Gallese et al., 2004).

To imbue words with meaning requires a fusion between the articulated sound of words and the shared meaning of the experience of action. Embodied simulation does exactly that.Furthermore, and most importantly, the neural exploitation hypothesis holds that embodied simulation and the MNS provide the means to share communicative intentions and meaning, thus granting the parity requirements of social communication.

By attributing to action the crucial role it plays in experientially grounding the meanings we share with others, the neural exploitation hypothesis stresses that the multi-level comparative study of the premotor system of primate brains is a necessary starting point for a better understanding of social cognition, and, more generally, for a better understanding of who we are.

Rizzolatti and Craigheiro also wondered if mirror neurons are also the basis for altruism.

"Can we deduce from this that the mirror mechanism is the mechanism from which altruistic behavior evolved? This is obviously a very hard question to answer. Yet, it is very plausible that the mirror mechanism played a fundamental role in the evolution of altruism. The mirror mechanism transforms what others do and feel in the observer's own experience. The disappearance of unhappiness in others means the disappearance of unhappiness in us and, conversely, the observation of happiness in others provides a similar feeling in ourselves. Thus, acting to render others happy - an altruistic behavior - is transformed into an egoistic behavior - we are happy." (Rizzolatti and Craigheiro, 2005, p. 116-120)

Our brains appear to have developed a basic functional mechanism, called 'embodied simulation' by Gallese, which gives us an experiential insight of other minds. The hypothesis of the 'embodied mind' has gained more and more proof in recent neurological research.

This let's us also tune up with others, this is what we call empathy. The theory (well let's not forget it is based on a mass of empirical research) of Mirror Neurons states that we are continually in a process of mirroring the behaviour of the people we live with and deduct from these neuronal mirror actions the intentions of the others. The system of Mirror Neurons thus has a double functionality: It let's us grasp the intentions of our collocutor and it creates empathy for him.

Research uncovered the role of mirror neurons in action understanding and imitation, intention understanding, emotions and empathy, and language evolution. Giacomo Rizzolatti and Maddalena Fabbri Destro explain the role of mirror neurons in language evolution:

"The discovery of mirror neurons provided strong support for the gestural theory of speech origin. Mirror neurons create a direct link between the sender of a message and its receiver (Rizzolatti and Arbib, 1998). Thanks to the mirror mechanism, actions done by one individual become messages that are understood by an observer without any cognitive mediation. The observation of an individual grasping an apple is immediately understood because it evokes the same motor representation in the parieto-frontal mirror system of the observer.On the basis of this fundamental property of mirror neurons and the fact that the observation of actions like hand grasping activates the caudal part of IFG (Broca's area), Rizzolatti and Arbib (1998) proposed that the mirror mechanism is the basic mechanism from which language evolved. In fact, the mirror mechanism solved, at a initial stage of language evolution, two fundamental communication problems: parity and direct comprehension. Thanks to the mirror neurons, what counted for the sender of the message also counted for the receiver. No arbitrary symbols were required. The comprehension was inherent in the neural organization of the two individuals." .

"It is obvious that the mirror mechanism does not explain by itself the enormous complexity of speech. Yet, it solves one of the fundamental difficulties for understanding language evolution, that is, how what is valid for the sender of a message become valid also for the receiver. Hypotheses and speculations on the various steps that have led from monkey mirror system to language have been recently advanced (Arbib, 2005) "(Giacomo Rizzolatti and Maddalena Fabbri Destro (2008), Scholarpedia, 3(1):2055).

See also for a review of the role of mirror neurons the article of Giacomo Rizzolatti and Maddalena Fabbri Destro in the Scholarpedia.

More neurological research points in the direction of the intentional and social grounding of our communication skills. The work of Tania Singer and Ernst Fehr in Zurich linking neurological research on empathy to micro-economics (altruistic punishment) was one of the first to give a push to several interdisciplinary studies where neurology is used to shed light on human communication and exchange. Neuro-economics and Neuro-sociology are research fields that are developing fast today. Mirror neurons are one of the basic systems for the human communication. They are also involved in Computer Mediated Communication, you cannot switch them off. Or as communication theorist Watzlawick did put it: "You cannot not communicate."

Google's one-way mirror

Google is a one-way mirror, meaning you cannot look back. Besides Google is still a lousy search engine. Vint Cerf, Googles evangelist even admits that Google is rather a big shovel:

"Look search today is messy. Think about one of those big construction shovels, you know, like a tractor with a big shovel on the front. And you have to operate it by pulling and pushing a series of levers. It's big and imprecise. Using a search engine today feels like trying to move one of these Earth-moving shovels." (Interview with Vint Cerf of Google, 13 August 2008, Siva Vaidhyanathan)

But it is for all a money shovel:

"The real brilliance of Google is the ability to monetize search through AdSense. This company uncovered the relationship between advertising and information. The old way of advertising had no direct interaction with the audience. But now the audience can click." (same interview)

The primary view of Google is behaviourist and system centred. The following oracle of Vincent Cerf's is clear:

"There are things that computers can do that six billion humans can't do. Computers have the scale capacity to discover and analyze things," (same interview)

This a quite humiliating claim for human kind in my opinion. Recently bionics made important progress by realising a bionic eye. But we must also consider the relativity of this realisation. Our retina contains 126 million sensitive cells, the bionic interface consisted out of only 60 electrodes. One estimate puts the human brain at about 100 billion (10^11) neurons and 100 trillion (10^14) synapses. Each neuron can be considered as a small biological computer on its own. Google's cloud computers is compared with the human brain merely a fart.

Google is expanding because that's the only way to stay on top since it misses evolutionary constraints. It will only reproduce its own model. Google's chief evangelist Vincent Cerf is looking for answers in the InterPlaNetary Internet. I'm afraid he isn't going to find them. Google will expand until it bursts.

Google's search system is a black box, all we know about it are the published patents, but the search algorithms used aren't part of them.

Wiki Search acknowledges the demand for openness as you can read on the about Page:

"For hundreds of years, the most respected institutions have treated transparency as a requirement. Those who, of their own accord, promise openness find that with this pledge comes credibility, as, in the words of the late Justice Louis Brandeis of the United States Supreme Court, "Sunlight is the best disinfectant." Indeed, those who avoid the light of scrutiny and instead opt for obfuscation are often assumed to be hiding something, and for good reason."

David Koepsell pleads for a new paradigm in scientific research based on the Wiki model:

"In idealized science, the search for the laws of nature and explanations of phenomena is collaborative and ongoing, and does not become fixed in a final text, but is always subject to revision and refinement in the face of new evidence. The wiki model is the natural extension of the initial model of science employed in the early salons and meetings of the first scientific societies, before publishing overtook the processes employed by natural philosophers as the be-all and end-all of science itself." (David Koepsell, Back to Basics: How Technology and the Open Source Movement Can Save Science)

Also Tim Bernbers-Lee (unplugged) stressed the need for open WEB standards and its use in data queries as you can see in this video of 2007 and his view in "Up to Design Issues".

A business model for Privacy Invasion

I have no clue what techniques Google is using for its contextual ads, I guess one is latent semantic analysis. My experience before was that Google adapts its answers based on my previous search behaviour. Google stores that information and is quite hypocrite about it. After several protests Google promised to delete this logged information after 9 months, but it only anonymizes IP addresses on its server logs. Google recently confirmed my suspicion when launching a detailed behavorial add program.

"The most privacy protective solution would be to have behavioral targeting systems be based on the user's opt-in. To no one's surprise, Google has not gone down that road ("'Offering advertising on an opt-in basis goes against the economic model of the Internet,' Google spokesperson Christine Chen told the IDG News Service"), and we are not aware of any major player in online advertising that has an opt-in targeting system. Google has, however, done some things that make opt-out quite a bit better." (EFF)

Google defines and re-shapes the economic model of Internet[1]. What's more, Google's contextual voyeurism entails a privacy invading culture snooping and spying the Net while we tend to consider the Net as an information source. Google contextual ads business model has many followers. See for some recent examples: Deep Packet Inspection, Advance Interactive Media using questionnaire as a manipulating marketing technique and video screens with built in tracking systems.

'Contextual advertising' is typical Orwellian newspeak. Why not call it what it is: "unsolicited advertising" like "unsolicited mail": SPAM. At the same time it is a huge privacy invading system. Everybody that is questioning this should read Greg Conti's "Googling Security: book that opens your eyes to how much you disclose to Google"

As pod casters, broadcasters, bloggers, site builders, in one word: content providers we leave our traces on the Net. While the Net is a huge space to seek an audience, big players, telecom providers and service providers, want to use the Net primarily to make money, annihilating human presence, turning and degrading communication into bits and bytes, into usable code for profit making. Google's net neutrality is circumstantial as we showed in a previous article. A free meal is never entirely free. Most people are not aware of that evidence. This is the shadow side of Web 2.0. See also In Your Face: Recession and The Rise of the Anti-Social Web, about the risk that service providers like Google and Facebook will try to make profit with usercontent when they run into financial problems, something that is rather likely to happen today.

We should become aware of the reshaping of our communication practices using the Net. Why not make part of its infrastructure public or social owned. After all, Internet (DARPA TCP/IP) and the Web (HTML of Tim Berners-Lee at CERN) was developed in the public domain. If not, there would be no Internet, no Web, I'm afraid. Google is using our data, why do we have nothing to say about the way it does? Because Christine Chen said so? Because Google wants it this way? One of the reasons is simple: a lot of content-providers do not understand Google's trap. They participate in the page-ranking competition and join the page-ranking manipulation business. This allows Google to say that keywords aren't relevant any longer when describing documents.

"Next we have two name values: keywords, which these days is mostly useless, ironically, and description, which is still somewhat useful." (Google Code Home, Metadata, http://code.google.com/intl/nl/webstats/2005-12/metadata.html)

But after all, what could you expect when Google started a business based on a random surfing, pageranking mechanism and contextual advertising? Google itself is at the core of pagerenking manipulation business. It does not only organise an auction of webcontent (see Tony Curzon Price) it also organises an auction on keywords. Google has come under fire for allowing AdWords advertisers to bid on trademarked keywords. In 2004, Google started allowing advertisers to bid on a wide variety of search terms in the US and Canada, including the trademarks of their competitors. See Stefanie Olsen, Google plans trademark gambit, .CNET. http://news.com.com/2100-1038-5190324.html.

Danny Sullivan, widely considered a leading "search engine guru", proposed that Google should open it's search index for researchers and for its compettitors to research, because since Google has he largest search index it has an advantage his competitors cannot coop with. But Google won't do that. On Google's closeness he remarks in "Google: As Open As It Wants To Be (i.e. When It's Convenient)";"

"There's probably no deeper example of Google being closed than when it comes to book search. Google's efforts to scan books are well known at this point. But Google keeps coming under fire for agreements said to restrict those scans for being used by its competitors.

(...)

To be fair, Microsoft has also added similar restrictions. But if Google's on an "open" kick, why not join the Open Content Alliance?"

(...)

AdSense isn't an "open" marketplace where publishers set prices and see how much advertisers are willing to pay, with Google taking a known and set percentage. Google will take whatever it wants, and publishers are left guessing. So much for open.

Google has been criticised for selling keywords of its competitors but another issue is also coming up: Google's quasi monopoly in online advertising. The mainstream press, such as The New York Times, has noticed that even Google itself is starting to worry about the possibility that the Department of Justice of the US may seek regulation, possibly even the break-up of Google. Eric Clemens is Professor of Operations and Information Management at The Wharton School of the University of Pennsylvania. He sketches what an anti-trust case against Google might look like:

"·Even with the appearance of competition from other search engines such as Yahoo and Microsoft in the market for sponsored search, Google enjoys monopoly power over corporations that participate in its keyword auctions. This monopoly power is especially great when Google deals with corporations whose operations are largely fixed cost, such as hotels and airlines.

Google is abusing its monopoly position by overcharging corporations for access to consumers. These charges are passed along to consumers and ultimately result in consumer harm.

Google is likewise abusing its monopoly position, deterring market entry in areas that would benefit consumers and damaging potential entrants.Any one of these would justify regulatory intervention. The second and possibly the third would also justify some form of financial compensation to those who could demonstrate that they had been damaged by Google."

And of course Google's privacy policy has been under attack many times. Recently the Electronic Privacy Information Center filed a 15-page complaint asking the FTC to force Google to stop offering online services that collect data until the presence of adequate privacy safeguards is verified. The FTC is de Federal Trade Commission in the US. The EPIC complaint [PDF] also listed other security flaws in Gmail and Google Desktop, a desktop indexing program, and urged Google to donate $5 million to a public fund that will support research into technologies such as encryption, data anonymization and mobile location privacy. (see EPIC Urges FTC To Investigate Google Services)

References:

Arbib M.A. 2005a From monkey-like action recognition to human language: an evolutionary framework for neurolinguistics. The Behavioral and brain sciences. 2:105-24

Arbib, Michael, 2005b, "The Mirror System Hypothesis. Linking Language to Theory of Mind", published on Interdisciplines, http://www.interdisciplines.org/coevolution/papers/11

Gallese, Vittorio, 2004, Intentional Attunement. The Mirror Neuron system and its role in interpersonal relations, paper published at 'Interdisciplines', consulted online on 15/03/2008 at http://www.interdisciplines.org/mirror/papers/1

Gallese, Vittorio, 2007, "Mirror neurons and the social nature of language: The neural exploitation hypothesis",University of Parma, Parma, Italy, consultedd online on 15/03/2007 at http://www.unipr.it/arpa/mirror/pubs/pdffiles/Social_neuroscience_2008.pdf

Rizzolatti G, Arbib MA. 1998. Language within our grasp. Trends Neurosci. 21:188-94

Rizzolatti,Giacomo, Craighero, Laila, 2005, Mirror neuron: a neurological approach to empathy, Neurobiology of Human Values, Springer-Verlag Berlin Heidelberg 2005, online http://www.robotcub.org/misc/review2/06_Rizzolatti_Craighero.pdf

[1] After pressure of the Electrtonic Frontier Foundation, Google has delivered an opt-out option for the behavioural ad system.

Additional Electronic Resources

Neuroscience

Broken Mirrors, A Theory Of Autism

Neuroeconomics of Mind Reading and Empathy

Psychologists shed light on origins of morality

Nikolas Rose, Neurosociology, and Neurochemical Selves

What Is The Value of Neuroscience?

Privacy

New privacy policy, cooperation with law enforcement & your data: An interview with Google

A Race to the Bottom - Privacy Ranking of Internet Service Companies

Proximic Signs Deals With Yahoo and eBay To Turn Product Listings Into Contextual Ads; Taking on AdSense

When you watch these ads, the ads check you out

Orwell's 1984 revisited: Uberveillance

Google Big Brother? Eyetracking en Latitude

Jacht op je privéleven geopend by Karin Spaink

Debunking Google's log anonymization propaganda

Hi-Tech Spousal Abuse - Technology Perverted

Privacy group calls Google Latitude a 'danger' to security

Privacy Rights Clearinghouse Data Breaches list

'1 miljoen geen baan door fouten in Franse politiedatabank'

Les "Déchets Infoactifs" : Avec Le Développement Des Réseaux Sociaux (FR)

La Vie Privée S'expose À La Surveillance (FR)

Facebook, Le Meilleur Ami Du Détective Privé (FR)

Vos Traces Internet Valent De L'or (FR)

Peut-On Tout Confier À Google ? (FR)

Das Google-Imperium (DE)

More articles about Google Watch

More articles about Privacy

More articles about the Social Web

More articles about Uberveillance

More articles about Web 2.0

Links to Wikipedia: Open Society, Closed Society, Advertising, Surveillance, Uberveillance, World Wide Web

Google Begins Behavioral Targeting Ad Program « EFF by Kurt Opsahl

2009-03-18T04:12:00.000-07:00

Published at EFF, 11 March , 2009 News Update

Author: Kurt Opsahl

Today Google launched its behavioral targeting ad program, which it calls "interest-based advertising." This move has been widely expected once Google completed its $3.1 billion acquisition of DoubleClick one year ago today.

The issues with behavioral advertising have been with us for over a decade (DoubleClick was founded in 1996, and privacy issues soon followed), and have grown as more people use more services online and more information has become available about your online behavior. Many, including EFF, are concerned about behavioral targeting because it means that information about how you use the web is collected, stored and associated with a cookie on your browser, which can track you across different websites and online services. One way to help protect your privacy is to clear cookies regularly. However, this is insufficient, because a new cookie would be written the next time your browser loaded a banner ad.

The most privacy protective solution would be to have behavioral targeting systems be based on the user's opt-in. To no one's surprise, Google has not gone down that road ("'Offering advertising on an opt-in basis goes against the economic model of the Internet,' Google spokesperson Christine Chen told the IDG News Service"), and we are not aware of any major player in online advertising that has an opt-in targeting system. Google has, however, done some things that make opt-out quite a bit better.

Google contacted us about behavioral targeting early on in their development process, and solicited our feedback. One issue we discussed was a persistent problem with opting-out of targeted online advertising -- the use of cookies to opt-out of tracking cookies. The problem is that the very users who care most about privacy are the ones most likely to delete cookies. Yet, if a user deleted all their cookies, they would also delete the cookie that had opted them out of the targeting.

So we worked with Google to seek a new solution. Google accepted the technical challenge, and the result is the Advertising Cookie Opt-Out Plug-in, which allows users to keep their opt-out status for a particular browser even when they clear all cookies. We appreciate that Google was responsive to the opt-out cookie concerns, and especially pleased that the plug-in is available as an open source project. We look forward to it being available for Safari, Chrome and other browsers, not just IE and Firefox.

Google also introduced its Ad Preferences Manager tool. While using this tool does not stop Google from tracking users, it allows users to express preferences about what sort of advertisements will result from that tracking. We prefer to opt-out, but this is an improvement to transparency.

If you are a user who shares our concerns about privacy, we encourage you to opt-out of tracking and keep regularly deleting your cookies. Just as critically, we encourage Google to promote the opt-out options prominently, and make it simple and easy for an average person to use. After all, these tools are not useful if no one uses them. Keep in mind that the plug-in works only on particular browsers, so you will need to install it on every browser you use.

This may not be the end of the story. Last month, the FTC revised its Online Behavioral Advertising Principles. Last year, the House Energy and Commerce Committee looked at online advertising practices, and Rep. Markey said "he and his colleagues plan to introduce legislation next year [i.e. 2009], a sort of online-privacy Bill of Rights, that would require that consumers must opt in to the tracking of their online behavior and the collection and sharing of their personal data." We expect that government policy-makers will continue to look at behavioral advertising for the next decade.

Related Issues at EFF: Privacy, Search Engines

Links to Wikipedia: Advertising, Surveillance, Uberveillance, World Wide Web, Privacy, Google Watch

More articles about Google Watch

More articles about Privacy

More articles about Uberveillance

Six Tips to Protect Your Search Privacy « EFF

2009-03-17T19:08:00.000-07:00

Published at EFF, September 2006
Google, MSN Search, Yahoo!, AOL, and most other search engines collect and store records of your search queries. If these records are revealed to others, they can be embarrassing or even cause great harm. Would you want strangers to see searches that reference your online reading habits, medical history, finances, sexual orientation, or political affiliation?

Recent events highlight the danger that search logs pose. In August 2006, AOL published 650,000 users' search histories on its website.¹ Though each user's logs were only associated with a random ID number, several users' identities were readily discovered based on their search queries. For instance, the New York Times connected the logs of user No. 4417749 with 62 year-old Thelma Arnold. These records exposed, as she put it, her "whole personal life."²

Disclosures like AOL's are not the only threats to your privacy. Unfortunately, it may be all too easy for the government or individual litigants to subpoena your search provider and get access to your search history. For example, in January 2006, Yahoo!, AOL, and Microsoft reportedly cooperated with a broad Justice Department request for millions of search records. Although Google successfully challenged this request,³ the lack of clarity in current law leaves your online privacy at risk.

Search companies should limit data retention and make their logging practices more transparent to the public,⁵ while Congress ought to clarify and strengthen privacy protections for search data. But you should also take matters into your own hands and adopt habits that will help protect your privacy.

The Electronic Frontier Foundation has developed the following search privacy tips. They range from straightforward steps that offer a little protection to more complicated measures that offer near-complete safety. While we strongly urge users to follow all six tips, a lesser level of protection might be sufficient depending on your particular situation and willingness to accept risks to your privacy.

1. Don't put personally identifying information in your search terms (easy)

Don't search for your name, address, credit card number, social security number, or other personal information. These kinds of searches can create a roadmap that leads right to your doorstep. They could also expose you to identity theft and other privacy invasions.

If you want to do a "vanity search" for your own name⁵ (and who isn't a little vain these days?), be sure to follow the rest of our tips or do your search on a different computer than the one you usually use for searching.

2. Don't use your ISP's search engine (easy)

Because your ISP knows who you are, it will be able to link your identity to your searches. It will also be able to link all your individual search queries into a single search history. So, if you are a Comcast broadband subscriber, for instance, you should avoid using http://search.comcast.net. Similarly, if you're an AOL member, do not use http://search.aol.com or the search box in AOL's client software.

3. Don't login to your search engine or related tools (intermediate)

Search engines sometimes give you the opportunity to create a personal account and login. In addition, many engines are affiliated with other services -- Google with Gmail and Google Chat; MSN with Hotmail and MSN Messenger; A9 with Amazon, and so on. When you log into the search engine or one of those other services, your searches can be linked to each other and to your personal account.

So, if you have accounts with services like Google GMail or Hotmail, do not search through the corresponding search engine (Google or MSN Search, respectively), especially not while logged in.

If you must use the same company's search engine and webmail (or other service), it will be significantly harder to protect your search privacy. You will need to do one of the following:

Install two different web browsers to separate your search activities from your other accounts with the search provider. For example, use Mozilla Firefox for searching through Yahoo!, and Internet Explorer for Yahoo! Mail and other Yahoo! service accounts.⁶ You must also follow Tip 6 for at least one of the two browsers.⁷

For Google and its services, you can use the Mozilla Firefox web browser and the CustomizeGoogle plugin software. Go to http://www.customizegoogle.com/ and click "Install." Restart Firefox and then select "CustomizeGoogle Options" from the "Tools" menu. Click on the "Privacy" tab and turn on "Anonymize the Google cookie UID." You must remember to quit your browser after using GMail and before using the Google search engine.⁸ In addition, be sure not to select the "remember me on this computer" option when you log into a Google service.

If you are using a browser other than Firefox, you can use the GoogleAnon bookmarklet, which you can obtain at http://www.imilly.com/google-cookie.htm. You will need to quit your browser every time you finish with a Google service. Unfortunately, we currently do not know of similar plugins for other search providers.⁹

4. Block "cookies" from your search engine (intermediate)

If you've gone through the steps above, your search history should no longer have personally identifying information all over it. However, your search engine can still link your searches together using cookies and IP addresses.¹⁰ Tip 4 will prevent tracking through cookies, while Tips 5-6 will prevent IP-based tracking. It's best to follow Tips 3-6 together -- there is less benefit in preventing your searches from being linked together in one way if they can be linked in another.

Cookies are small chunks of information that websites can put on your computer when you visit them. Among other things, cookies enable websites to link all of your visits and activities at the site. Since cookies are stored on your computer, they can let sites track you even when you are using different Internet connections in different locations. But when you use a different computer, your cookies don't come with you.¹¹

From a privacy-protection perspective, it would be best to block all cookies. However, because cookies are necessary for accessing many websites, it may be more convenient (though less privacy-protective) to allow short-lived "session" cookies. These cookies last only as long as your browser is open; therefore, if you quit your browser, re-open it, and then go back to your search engine, your search provider will not be able to connect your current searches with previous ones via your cookies.

Use the following steps to allow only "session cookies," and remember to quit your browser at least once a day but ideally after each visit to your search provider's site. We recommend that you use Mozilla Firefox and apply these settings:

From the "Edit" menu, select "Preferences"

Click on "Privacy"

Select the "Cookies" tab

Set "Keep Cookies" to "until I close Firefox" ¹²

Click on "Exceptions," type in the domains of all of your search sites, and choose "Block" for all of them

If you use Microsoft Internet Explorer to surf the web:

From the Internet Explorer "Tools" menu, select "Internet Options"

Click on the "Privacy" tab and then press the "Advanced" button

Click on "Override automatic cookie handling"

Set both "first party" and "third party" cookies to "Block"

Select "Always allow session cookies"

5. Vary your IP address (intermediate)

When you connect to the Internet, your ISP assigns your computer an "IP address" (for instance, EFF's web server's IP address is 72.5.169.162). Search providers -- and other services you interact with online -- can see your IP address and use that number to link together all of your searches. IP addresses are particularly sensitive because they can be directly linked to your ISP account via your ISP's logs. Unlike cookies, your IP address does not follow your computer wherever it goes; for instance, if you use your laptop at work through AT&T, it will have a different IP address than when you use it at home through Comcast.

If your ISP gives you a changing, "dynamic" IP address,¹³ or you surf from an office computer that is behind the same firewall as lots of other computers, then this concern is diminished. However, if you have a dynamic IP address on a broadband connection, you will need to turn your modem off regularly to make the address change. The best way to do this is to turn your modem off when you finish with your computer for the day, and leave it off overnight.

On the other hand, if you have an unchanging, "static" IP address, you will certainly need to use anonymizing software to keep your address private; see Tip 6.

6. Use web proxies and anonymizing software like Tor (advanced)

To hide your IP address from the web sites you visit or the other computers you communicate with on the Internet, you can use other computers as proxies for your own -- you send your communication to the proxy; the proxy sends it to the intended recipient; and the intended recipient responds to the proxy. Finally, the proxy relays the response back to your computer. All of this sounds complicated, and it can be, but luckily there are tools available that can do this for you fairly seamlessly.

Tor (http://tor.eff.org) is a software product that encrypts then sends your Internet traffic through a series of randomly selected computers, thus obscuring the source and route of your requests. It allows you to communicate with another computer on the Internet without that computer, the computers in the middle, or eavesdroppers knowing where or who you are. Tor is not perfect, but it would take a sophisticated surveillance effort to thwart its protections.¹⁴

You also need to make sure that your messages themselves don't reveal who you are. Privoxy (http://www.privoxy.org) helps with this, because it strips out hidden identifying information from the messages you send to web sites. Privoxy also has the nice side benefit of blocking most advertisements and can be configured to manage cookies. (Privoxy comes bundled with Tor downloads.)

You can also use web proxies like Anonymizer's (http://www.anonymizer.com) Anonymous Surfing. This option is more user-friendly but possibly a less effective method of anonymizing your browsing. Anonymizer routes your web surfing traffic through their own proxy server and hides your IP address from whatever web sites you visit. However, Anonymizer itself could in principle have access to your original IP address and be able to link it to the web site you visited; therefore, that service is only as secure as Anonymizer's proxy facilities and data retention practices. While there is no reason to believe that Anonymizer looks at or reveals your information to others (we know the people currently running Anonymizer and they are good folks), there is little opportunity to verify their practices in these regards.

Using Tor and Privoxy is more secure because one untrustworthy proxy won't compromise your search privacy. On the other hand, web proxies like Anonymizer are slightly easier to use at present.

Tor and Privoxy downloads and instructions can be found here: http://tor.eff.org/download.html.en

Conclusion

If you've implemented all six tips, congratulations -- you're now ready to search the Web safely. These steps don't provide bulletproof protection, but they do create a strong shield against the most common and likely means of invading your privacy via your search history.

By Peter Eckersley, Seth Schoen, Kevin Bankston, and Derek Slater.

¹ For more on the disclosure, see http://eff.org/Privacy/AOL.

² See http://www.nytimes.com/2006/08/09/technology/09aol.html.

³ See http://eff.org/Privacy/search for documents related to Google's challenge. The logs were to be used as evidence in a case in which the government is defending the constitutionality of the Child Online Protection Act (COPA). See also http://news.com.com/FAQ+What+does+the+Google+subpoena+mean/2100-1029_3-6029042.html and http://news.com.com/Judge+Google+must+give+feds+limited+access+to+records/2100-1028_3-6051257.html.

⁴ The search providers' have so far been unreasonably tight-lipped about their specific practices regarding search logging. For some insight, see http://news.com.com/Verbatim+Search+firms+surveyed+on+privacy/2100-1025_3-6034626.html?tag=nl and http://www.mercurynews.com/mld/mercurynews/news/breaking_news/15315062.htm.

⁵ Or your MySpace profile, personal blog address, or other similar personal information.

⁶ Advanced tip: you could also use two profiles for one browser. For instance, if you run Mozilla Firefox with the -ProfileManager flag, it will let you choose a profile. To learn more, visit http://mozilla.org/support/firefox/profile. Mozilla Seamonkey has a "Switch Profile" command in the "Tools" menu. Pick a different theme/skin for each profile so you can tell which one you are using. To learn more, visit http://kb.mozillazine.org/Profile_Manager. With Internet Explorer, you may need to use two separate Windows user accounts.

⁷ Otherwise, your two separate browsers' activities could be linked by IP address, as discussed below.

⁸ Mail.google.com and google.com leave some additional cookies that will identify you while searching, but which CustomizeGoogle (and GoogleAnon) will not anonymize. Unless you remember to quit your browser, some of those cookies persist even if you logout of Gmail. Future versions of these privacy-protection tools may help fix this problem.

⁹ There is another Firefox plugin intended to protect your search privacy called TrackMeNot (http://mrl.nyu.edu/~dhowe/trackmenot/). At present, we cannot recommend TrackMeNot. For one thing, it may actually make it easier for search engines to link your searches together (the fact that you're using the plugin is distinctive). Moreover, although it may create some uncertainty about aspects of your search history, it does not hide personally identifying information or the bulk of your most sensitive searches. For further criticisms, see http://www.schneier.com/blog/archives/2006/08/trackmenot_1.html.

¹⁰ The search engine may also be able to pick you out of the crowd based on an unusual browser, operating system, language setting, or other atypical HTTP headers. The software recommended in Tip 6 can be used to impede these methods as well.

¹¹ So long as you haven't logged in; see Tip 3.

¹² You can select "ask me every time" if you want more control, although the current Firefox user interface is not very good for this purpose. At this time, the Mozilla Seamonkey browser is more suitable if you wish to have fine-grained control over cookies.

¹³ You can find out your IP address by visiting a site like http://myipinfo.net. Ask your ISP if you have trouble determining whether your IP address changes.

¹⁴ For a technical discussion of this subject, see http://www.cl.cam.ac.uk/~sjm217/papers/oakland05torta.pdf.

Links to Wikipedia: Advertising, Surveillance, Uberveillance, World Wide Web, Privacy, Google Watch

More articles about Google Watch

More articles about Privacy

More articles about Uberveillance

Related Issues at EFF: Search Engines

Suveilance Selfdefence Project « EFF [part 4]

2009-03-17T18:34:00.000-07:00

From EFF.org

Defensive Technology

If you are looking for basic technical information on how to protect the privacy of your data — whether it's on your own computer, on the wire, or in the hands of a third party — you've come to the right place. Although we hope you'll have the time to review all of the information in the SSD guide, if you're in a hurry to get to the technical details, this is where you can read articles that will explain:

the basics of the relevant technologies, such as the Internet Basics and Encryption Basics articles

how to improve the security of different communication applications, such as your web browsers, email systems and IM clients

how to protect your privacy by using defensive technologies such as secure deletion software, file and disk encryption software, and virtual private networks

the overarching security threat posed by malware, how to evaluate that threat, and how to reduce it

Just remember: technology changes quickly. We'll be doing our best to keep these articles updated to reflect current developments, but in the meantime, you should take the time to review information from multiple sources before making any serious security decisions.

Internet Basics

The Internet is a global network of many individual computer networks, all speaking the same computer language, the Internet Protocol (IP). Every computer connected to the Internet has an IP address, a unique numeric identifier that can be "static", i.e. unchanging, or may be "dynamically" assigned by your ISP, such that your computer’s address changes with each new Internet session.

More sophisticated networking protocols may be "layered" on top of the IP protocol, enabling different types of Internet communications. For instance, World Wide Web (Web) communications are transmitted via the HyperText Transfer Protocol (HTTP) and e-mails via the Simple Mail Transport Protocol (SMTP).

These additional protocols use their own types of addresses, apart from IP addresses. For example, to download a Web page, you need its Web address, known as a Uniform Resource Locator (URL) (e.g., http://www.eff.org). To exchange e-mails, both the sender and recipient need e-mail addresses (e.g., user@emailprovider.com).

Computers that offer files for download over the Internet are called servers or hosts. For example, a computer that offers Web pages for download is called an HTTP server or Web host. Any computer may be server, client, or both, depending on the communication. The amount of data in an Internet communication is measured in bytes.

Communications to and from an Internet-connected computer occur through 65,536 different computer software "ports." Many networking protocols have been assigned to particular port numbers by the Internet Engineering Task Force. For example, HTTP (Web) is assigned to port 80 and SMTP (e-mail) is assigned to port 25. However, any port can be used for any application, and these are only conventions.

If you want to learn more, the website How Stuff Works publishes a popular series of "Internet Basics" articles that answer questions about the nuts and bolts of the Internet.

Encryption Basics

Encryption is a technique that uses math to transform information in a way that makes it unreadable to anyone except those with special knowledge, usually referred to as a "key." There are many applications of encryption, but some of the most important uses help protect the security and privacy of files on your computer, information passing over the Internet, or left sitting in a file on someone else's computer. If encryption is used properly, the information should only be readable by you and people that receive the key from you. Encryption provides a very strong technical protection against many kinds of threats — and this protection is often easy to obtain.

How Does Encryption Work?

What do you need to know about how encryption works? Surprisingly little. Encryption is conceptually similar to the "secret codes" that children learn about and use to communicate. If you’ve ever spoken in pig Latin or used a decoder ring, you've used very simple encryption techniques on a message. Again, the idea is to take a normal human-readable message (often called the plaintext message) and transform it into an incomprehensible format that can only become comprehensible again to someone with secret knowledge:

Plaintext message + Encryption algorithm + Key = Scrambled message

Decryption algorithm + Key + Scrambled message = Plaintext Message

Your Little Brother’s Cryptography. A simple encryption system would be to change each letter in your message to a set number of letters later in the alphabet. The specific number of spaces you move down the alphabet for each letter is the secret key. If the key is two, A becomes C, B becomes D, C becomes E, etc. Using that encryption system, the plaintext message "INSECURE" would become "KPUGEWTG."

How is Encryption Applied?

Although the mechanics of encryption can be explained by the "decoder ring" analogy, the modern practice of using encryption has been accurately described as using a very resilient envelope for your messages. Most unencrypted data transmitted online is accessible to the servers passing off the information. Conversely, using encryption puts your online communications in a "steel envelope" — they can't be read in the course of delivering the message to the recipient and are extremely resistant to tampering.

Modern encryption is very difficult to break, using very complex mathematics to scramble information and ensure that only people possessing the right key can unscramble it. In many cases you can get major security benefits from encryption without a detailed understanding of how it works. Some software implements very convenient, fully automated encryption features which may simply require that you turn them on.

For instance, when a website is configured properly, web browsers can use SSL encryption to protect the privacy of information you send to or receive from a web server. This is most often used to protect log-in passwords and financial data. Using a browser's SSL encryption can be as simple as accessing a site with the https scheme instead of the http scheme (for instance, https://www.eff.org/ instead of http://www.eff.org/); the browser typically takes care of all the details behind the scenes.

Why Is Encryption Important?

Encryption plays an important role in mitigating risk related to the many threats listed in this guide. If sensitive information stored on your computer is encrypted, it will take a secret key to decode it. If sensitive information en route to others is encrypted, only someone that knows the secret key can read what it says. When you encrypt sensitive information and it ends up logged by others in the course of communicating online, encryption keeps those without the secret key from knowing the contents of the message.

Most of the Defensive Technology articles in this guide will cover practical ways to apply encryption to particular communications (like email) or particular applications (like web browsers).

Encryption is absolutely essential to maintaining information security. Moreover, modern computers are powerful enough that we can aim to make encryption of our communications and data routine, not just reserving encryption for special occasions or particularly sensitive information.

For More About Encryption

Many encryption tools can be used successfully without much beyond a conceptual understanding. We explain how to use many of these well-developed tools in other parts of this guide.

However, be aware that while encryption is a powerful tool and is critical to information security, it has limitations — particularly if it is not being used correctly. Learning more about encryption and its limitations can help ensure that you're using it properly and getting protection against as many kinds of attacks as possible.

Web Browsers

Web browsers are software on your machine that communicate with servers or hosts on the Internet. Using a web browser causes data to be stored on your computer and logs to be stored on the web servers you visit, and frequently transmits unencrypted information.

Until you have understood the mechanisms by which this occurs — and taken steps to prevent them — it is best to assume that anything you do with a web browser could be recorded by your own machine, by the web servers you're communicating with, or by any adversary that is able to monitor your network connection.

Controlling and Limiting the Logs Kept by Your Browser

Web browsers often retain a large amount of information about the way they are used. A browser typically keeps a history of the web pages it visits. Browsers also often retain cached copies of the pages you've visited, information about which accounts you log into on web servers, names and other data you enter into web forms, and cookies that record preferences and link your browser to records on third party web servers. Fortunately, browsers also include features for managing these records. In general, the features are getting better, so it's getting easier to control browser records.

For example, here are the stored data privacy settings pages for Firefox, the free web browser:

For each type of information your browser stores, you can either set it to not collect it at all, set it to delete within a certain span of days, set it to delete when you quit the browser, or press "clear" to manually erase the data. Or you can "clear all" of the info — all the data your browser’s been keeping on you.

Apple’s Safari browser also has an easy one-click option to clear everything. Just select "Reset Safari" from the "Safari" pull-down menu and you’ll get this option:

Controlling and Limiting the Logs Kept By Web Servers

Web servers usually see and retain a large amount of information about what you do when you surf to them. For instance, if you type any information into a form on a web page (such as a search engine), the server will record not only what you sent it, but also information that might identify you: your IP address, the browser and operating system you are using, whether you followed a link from another web page to get to the page, what that previous site/page was, your account if you are logged in to the site, and cookies that were created when you previously looked at pages on the site.

Web Privacy is Hard

If you use a particular website a lot, the chances are that it is going to end up retaining a huge amount of information about you. To get a sense of the kinds of information, and what needs to be done to prevent them from being aggregated, read our white paper on search privacy. Although that document primarily discusses search engines, the issues to consider for other kinds of sites are similar.

Cookies

Cookies are pieces of information that a web site can send to your browser. If your browser "accepts" them, they will be sent back to the site every time the browser accepts a page, image or script from the site. A cookie set by the page/site you're visiting is a "second party" cookie. A cookie set by another site that's just providing an image or script (an advertiser, for instance), is called a "third party" cookie.

Cookies are the most common mechanisms used to record the fact that a particular visitor has logged in to an account on a site, and to track the state of a multi-step transaction such as a reservation or shopping cart purchase. As a result, it is not possible to block all cookies without losing the ability to log into many sites and perform transactions with others.

Unfortunately, cookies are also used for other purposes that are less clearly in users' interests, such as recording their usage of a site over a long period of time, or even tracking and correlating their visits to many separate sites (via cookies associated with advertisements, for instance).

With recent browsers, the cookie setting that offers users the most pragmatic tradeoff between cookie-dependent functionality and privacy is to only allow cookies to persist until the user quits the browser (also known as only allowing "session cookies").

You can enable this in the "Privacy" tab of Firefox 3's "Preferences" pane:

Unfortunately, if you only quit your browser entirely once every week or two, web sites will still collect a huge amount of information about your habits, such as the IP addresses you use at home, at work, at friends' houses and at Internet cafes. However, the "Incognito" mode offered by Google's Chrome browser and the "InPrivate" mode offered by Internet Explorer 8 are signs that in future browsers may offer more convenient ways to limit cookie tracking.

Sophisticated users can configure their browser to manually decide whether each site they visit is allowed to set cookies. This may have good privacy outcomes, such as allowing session cookies for sites the user logs in to or purchases things from, but not any other sites. But it requires a lot of work. A certain amount of debugging may also be required for situations where sites are poorly designed and fail to function without certain third-party cookies.

Recent Cookie-Like "Features" in Web Browsers

In addition to the regular cookies that web browsers send and receive, and which users have begun to be aware of and manage for privacy, companies have continued to implement new "features" which behave like cookies but which aren't managed in the same way. Adobe has created "Local Stored Objects" (also known as "Flash Cookies") as a part of its Flash plug-ins; Mozilla has incorporated a feature called "DOM storage" in recent versions of Firefox. Web sites could use either or both of these in addition to cookies to track visitors. We recommend that users take steps to prevent this.

Managing Mozilla/Firefox DOM Storage Privacy. If you use a Mozilla browser, you can disable DOM Storage pseudo-cookies by typing about:config into the URL bar. That will bring up an extensive list of internal browser configuration options. Type "storage" into the filter box, and press return. You should see an option called dom.storage.enabled. Change it to "false".

Managing Adobe Flash Privacy. Adobe lists advice on how to disable Flash cookies here. There are some problems with the options Adobe offers (for instance, there is no "session only" option), so it's probably best to globally set Local Stored Object space to 0 and only change that for sites which you're willing to have tracking you. On the Linux version of Adobe's Flash plugin there doesn't seem to be a way set the limit to 0 for all sites — consider donating or contributing to the Gnash project to give users an alternative to Adobe's privacy-unfriendly design decisions.

Aside from being an annoying medium for advertising, Flash poses other kinds of privacy and security risks. Some people choose not to use Flash at all (using other tools like youtube-dl for watching Youtube videos). Others install a Flash management browser plugin like FlashBlocker. Unfortunately, while FlashBlocker makes surfing the web a more peaceful experience, it does not protect you from being tracked by Flash cookies or from exposure to other flash-based security risks.

IP Addresses

Whenever your browser fetches a page, image or script from a website, you should expect the website to record the IP address of the computer you're using. Your ISP, or anybody with the power to subpoena your ISP, could tie those records to the Internet account subscription you are connected through. Use Tor (or a proxy server, which is faster but less secure) if you wish to prevent these records from being created.

Privacy on the wire

HTTPS

Most sites on the web are accessed using the unencrypted HTTP protocol. HTTP is susceptible to eavesdropping, and even to intermediaries that might set out to modify the pages a browser is fetching.

HTTPS is a more secure alternative to HTTP. HTTPS encrypts pages, and attempts to ensure three things: (1) that third parties cannot see the contents of the page; (2) that the page cannot be modified by third parties; (3) that the page was really sent by the web server listed in the URL bar.

Unfortunately, a web server must be configured to support HTTPS properly before you can use it. If there is a site you were planning to send sensitive information to, ensure that you are using HTTPS. If a site doesn't support HTTPS, don't send sensitive information to it.

Some Notes on Using HTTPS

Check three indicators to ensure that you're at an HTTPS page: (1) the URL begins with https://; (2) there is a lock icon in the corner of the browser; and (3) the URL/location bar is colored.

If you receive a warning about certificates, or a see broken lock icon, you should assume that any of the security properties of the page could be broken. Contact the site's webmaster and have them fix the problem before sending any sensitive information to the site.

Blocking Javascript for Browser Security and Privacy?

Javascript is a simple programming language which is part of modern web browsers. Unlike HTML, javascript allows a page to make the browser perform complicated and conditional calculations in determining what a page will look like and how it will function.

Javascript has many uses. Sometimes it is simply used to make webpages look flashier by having them respond as the mouse moves around or change themselves continually. In other cases, javascript adds significantly to a page's functionality, allowing it to respond to user interactions without the need to click on a "submit" button and wait for the web server to send back a new page in response.

Unfortunately, javascript also contributes to many security and privacy problems with the web. If a malicious party can find a way to have their javascript included in a page, they can use it for all kinds of evil: making links change as the user clicks them; sending usernames and passwords to the wrong places; reporting lots of information about the users browser back to a site. Javascript is frequently a part of schemes to track people across the web, or worse, to install malware on people's computers.

For this reason, sophisticated users with strict security and privacy requirements may wish to consider selectively blocking javascript in their browser. There is a Mozilla/Firefox plugin called NoScript which is very useful for this purpose. Noscript (1) allows you to see the sources of any javascript in a page (many pages include javascript from third parties); (2) blocks javascript by default and (3) allows javascript from particular sources to be temporarily or permanently reenabled. Surfing the web with NoScript is more work (because when you visit new sites, you may have to enable some javascript sources to make them work properly), but surfing the web with NoScript is also much more secure.

Email

The act of using email stores data on your machines, transmits data over the network, and stores data on third party machines.

Locally Stored Data

The usual measures apply to managing the copies of emails (both sent and received) that are kept on your own machines. Encrypt your drives and decide upon and follow an appropriate data deletion policy.

Data on the Wire

Email usually travels through a number of separate hops between the sender and receiver. This diagram illustrates the typical steps messages might travel through, the transmission protocols used for those steps, and the available types of encryption for those steps.

End-to-End Encryption of Specific Emails

Encrypting emails all the way from the sender to the receiver has historically been difficult, although the tools for achieving this kind of end-to-end encryption are getting better and easier to use. Pretty Good Privacy (PGP) and its free cousin GNU Privacy Guard (GnuPG) are the standard tools for doing this. Both of these programs can provide protection for your email in transit and also protect your stored data. Major email clients such as Microsoft Outlook and Mozilla Thunderbird can be configured to work smoothly with encryption software, making it a simple matter of clicking a button to sign, verify, encrypt and decrypt email messages.

The great thing about end-to-end encryption is that it ensures that the contents of your emails will be protected not only against interception on the wire, but also against some of the threats to the contents of copies of your emails stored on your machine or third party machines.

There are two catches with GnuPG/PGP. The first is that they only work if the other parties you are corresponding with also use them. Inevitably, many of the people you exchange email with will not use GPG/PGP, though it can be deployed amongst your friends or within an organization.

The second catch is that you need to find and verify public keys for the people you are sending email to, to ensure that eavesdroppers cannot trick you into using the wrong key. This trickery is known as a "man in the middle" attack.

Probably the easiest way to start using GnuPG is to use Mozilla Thunderbird with the Enigmail plugin. You can find the quick start guide for installing and configuring Enigmail here.

Server-to-Server Encrypted Transit

After you press "send", emails are typically relayed along a chain of SMTP mail servers before reaching their destination. You can use your mail client to look at the headers of any email you've received to see the chain of servers the message traveled along. In most cases, messages are passed between mail servers without encryption. But there is a standard called SMTP over TLS which allows encryption when the sending and receiving servers for a given hop of the chain support it.

If you or your organization operates a mail server, you should ensure that it supports TLS encryption when talking to other mail servers. Consult the documentation for your SMTP server software to find out how to enable TLS.

Client-to-Mail Server Encryption

If you use POP or IMAP to fetch your email, make sure it is encrypted POP or IMAP. If your mail server doesn't support the encrypted version of that protocol, get your service provider or systems administrator to fix that.

If you use a webmail service, ensure that you only access it using HTTPS rather than HTTP. Hushmail.com is a webmail service provider that always uses HTTPS, and also offers some end-to-end encryption facilities (though they are not immune to warrants).

Many webmail service providers only use HTTPS for the login page, and then revert to HTTP. This isn't secure. Look for an account configuration option (or a browser plugin) to ensure that your webmail account always uses HTTPS. In Gmail, for instance, you can find this option in the "general" tab of the settings page:

If you can't find a way to ensure that you only see your webmail through https, switch to a different web mail provider.

Data Stored on Second- and Third-Party Machines

There are two main reasons why your emails will be stored on computers controlled by third parties.

Storage by your Service Provider

If you don't run your own mail server, then there is a third party who obtains (and may store) copies of all of your emails. This would commonly be an ISP, an employer, or a webmail provider. Copies of messages will also be scattered across computers controlled by the ISPs, employers and webmail hosts of those you correspond with.

Make sure your email software is configured so that it deletes messages off of your ISP's mail server after it downloads them. This is the most common arrangement if you're using POP to fetch your email, but it is common for people to use IMAP or webmail to leave copies of messages on the server.

If you use webmail or IMAP, make sure you delete messages immediately after you read them. Keep in mind that with major webmail services, it may be a long time – maybe a matter of months – before the message is really deleted, regardless of whether you still have access to it or not. With smaller IMAP or webmail servers, it is possible that forensically accessible copies of messages could be subpoenaed years after the user deleted them.

The content of PGP/GnuPG encrypted emails will not be accessible through these third parties, although the email headers (such as the To: and Subject: lines) will be.

Running your own mail server with an encrypted drive, or using end-to-end encryption for sensitive communications, are the best ways of mitigating these risks.

Storage by Those You Correspond With

Most people and organizations save all of the email they send and receive. Therefore, almost every email you send and receive will be stored in at least one other place, regardless of the practices and procedures you follow. In addition to the personal machine of the person you sent/received the message to/from, copies might be made on their ISP or firm's mail or backup servers. You should take these copies into consideration, and if the threat model you have for sensitive communications includes an adversary that might gain access to those copies, then you should either use PGP to encrypt those messages, or send them by some means other than email. Be aware that even if you use PGP, those you communicate with could be subject to subpoenas or requests from law enforcement to decrypt your correspondence.

End-to-End Email Encryption

Email encryption is a topic that could fill a book, and has: see Bruce Schneier's book Email Security: How to Keep Your Electronic Messages Private. While this book is somewhat out of date (it refers to old versions of software), the concepts it introduces are essential.

Instant Messaging (IM)

Instant messaging is a convenient way to communicate with people online. In privacy terms, it's a bit better and easier to secure than email but in some situations a telephone call will offer you better privacy.

Instant messaging software creates data stored on your computer (logs of your communications), transmits communications over the network (the messages traveling back and forth), and leaves communications stored on other computers (logs kept by the people you talk to, and sometimes logs kept by the IM provider).

If you use IM without taking special precautions, you can assume that all of these records will be available to adversaries. The easiest way for an adversary to obtain the contents of your communications is from you, your correspondent, or your service provider, if any of those parties logs (stores) the messages. The more difficult way is to intercept the messages as they travel over the network.

Encrypt Your Instant Messaging Conversations as They Travel

To protect messages from interception as they travel over the network, you need to use encryption. Fortunately, there is an excellent instant messaging encryption system called OTR (Off The Record). Confusingly, Google has a different instant messaging privacy feature which is also called "Off The Record". To disambiguate them, this page will talk bout "OTR encryption" and "Google OTR". It's actually possible to be using them both at the same time.

If you and the person you are talking to both use OTR encryption, you have excellent protection for communications on the network, and you will prevent your IM provider from storing the content of your communications (though they may still keep records of who you talk to).

The easiest way to use OTR encryption is to use Pidgin or Adium X for your IMs (Pidgin is a program that will talk to your friends over the MSN, Yahoo!, Google, Jabber, and AIM networks; Adium X is similar program specifically for Mac OS X). If you're using Pidgin, install the the OTR encryption plugin for that client. Adium X comes with OTR built in.

With OTR encryption installed, you still need to do a few things for network privacy:

Read and understand OTR encryptions's information.

Make sure the people you are talking to also use OTR encryption, and make sure it's active. (In Pidgin, check for OTR:private or OTR:unverfied in the bottom right corner.)

Follow OTR encryption's instructions to "Confirm" any person you need to have sensitive conversations with. This reduces the risk of an interloper (including the government with a warrant) being able to trick you into talking to them instead of the person you meant to talk to. Recent versions of OTR encryption allow you to do this just by agreeing on a shared secret word that you both have to type ("what was the name of the friend who introduced us?"). Older versions required that both users check that their client reported the right fingerprint for the other client.

Understand and Control IM Logging on Your Machine

To protect the privacy of your IM conversations, you will need to decide what to do about logs kept on your computer. You have three choices:

Configure your IM client to not keep logs

Encrypt your hard disk

Accept the risk that anyone who has access to your computer can read your old messages

If at some point you decide to configure your IM client not to keep logs, you may want to go back and delete previous logs using secure deletion software.

Be Aware of Logging on Others' Machines

As noted above, using OTR encryption will ensure that your IM service provider should be unable to log the contents of your communications. They will, however, be in a position to record who you talk to, and possibly record the timing and length of the messages you exchange.

OTR encryption does not stop the people you are talking to from logging your conversations. Unless you trust that they have disabled logging in their client or that they encrypt their hard disk and will not turn over its contents, you should assume that an adversary could obtain records of your conversations from the other party, either voluntarily or through subpoena or search.

Google OTR

Google OTR is a feature of the Google instant messaging service that allows you to request that neither Google nor the people your talk to should be able to log your conversations. Unfortunately, there is no plausible enforcement mechanism for this feature. The people you talk to could be using a different IM client (like Pidgin or Adium) that can log regardless of whether Google OTR is enabled — or they could take screenshots of your conversations. Your client might be able to tell you whether they are using a client that follows the OTR rules (such as Gmail or Gchat), but that won't tell you whether they are taking screenshots. The bottom line is that Google OTR is nice in theory but insecure in practice. Turn it on, but don't expect it to work if the other party uses a non-Google client or actively wants to record the converstion.

Wi-Fi

Wireless networking is now a ubiquitous means of connecting computers to each other and to the Internet. The primary privacy concern with Wi-Fi is the interception of the communications you send over the air. In some cases, wireless routers might also store a small amount of information about your computer, such as its name and the unique number assigned to its networking card (MAC address).

Wireless networks are particularly vulnerable to eavesdropping — in the end, "wireless" just means "broadcasting your messages over the radio," and anyone can intercept your wireless signal unless you use encryption. Listening in on unencrypted Wi-Fi communications is easy: almost any computer can do it with simple packet-sniffing software. Special expertise or equipment isn't necessary.

Even worse, the legal protections for unencrypted wireless communications are unclear. Law enforcement may be able to argue that it does not need a wiretap order to intercept unencrypted wi-fi communications because there is an exception to the rules requiring such orders when the messages that are being intercepted are "readily accessible to the public." Basically, any communication over the radio spectrum that isn't transmitted by your phone company and isn't scrambled or encrypted poses a privacy risk.

Encrypting a Wireless Network

If you want to protect your wireless communications from the government or anyone else, you must use encryption! Almost all wireless Internet access points come with WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access) encryption software installed to encrypt the messages between your computer and the access point, but you have to read the manual and figure out how to use it. WEP is not great encryption (and we recommend strong, end-to-end encryption for sensitive communications regardless of the transmission medium), and practiced hackers can defeat it very quickly, but it's worth the trouble to ensure that your communications will be entitled to the legal protections of the Wiretap Act. WPA is much stronger than WEP, but it still only covers the first step your packets will take across the Internet.

When Using Open Wi-Fi

If you're using someone else's "open" — unencrypted — wireless access point, like the one at the coffee shop, you will have to take care of your own encryption using the tools and methods described in other sections. Tor is especially useful for protecting your wireless transmissions. If you don't use Tor, and even if you do, you should also always use application-level encryption over open wireless, so no one can sniff your passwords.

Because of the threat of password sniffing, it is crucially important that you do not use the same password for all your accounts! For example, http://www.nytimes.com/ requires a username and password to log in, but the site does not use encryption. However, web sites for banks, like https://www.wellsfargo.com/, always use encryption due to the sensitive nature of the transactions people make with banks. If you use the same passwords for the two sites, an eavesdropper could see your unencrypted password traveling to the newspaper site, and guess that you were using the same password for your bank account.

Tor

Tor is another encryption tool that can help you protect the confidentiality of your communications. Tor is a free, relatively easy to use tool primarily designed to protect your anonymity online. But it also has the side benefit of encrypting your communications for some of their journey across the Internet.

How Tor Works

Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and many other applications. The information you transmit is safer when you use Tor, because communications are bounced around a distributed network of servers, called onion routers. This provides anonymity, since the computer you’re communicating with will never see your IP address — only the IP address of the last Tor router that your communications traveled through.

Tor helps to defend against traffic analysis by encrypting your communications multiple times and then routing them through a randomly selected set of intermediaries. Thus, unless an eavesdropper can observe all traffic to and from both parties, it will be very hard to determine your IP address. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you, and then periodically erasing your footprints.

To create a private network pathway with Tor, Alice’s Tor client first queries a global directory to discover where on the Internet all the Tor servers are. Then it incrementally builds a circuit of encrypted connections through servers on the network. The circuit is extended one hop at a time, and each server along the way knows only which server gave it data and which server it is giving data to. No individual server ever knows the complete path that a data packet has taken. The Tor software on your machine negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through.

Due to the way Alice’s Tor client encrypted her data, each node in the circuit can only know the IP addresses of the nodes immediately adjacent to it. For example, the first Tor server in the circuit knows that Alice’s Tor client sent it some data, and that it should pass that data on to the second Tor server. Similarly, Bob knows only that it received data from the last Tor server in the circuit — Bob has no knowledge of the true Alice.

For efficiency, the Tor software uses the same circuit for connections that happen within the same ten-minute period. Later requests are given a new circuit, to keep people from linking your earlier actions to the new ones.

Tor’s primary purpose is to frustrate traffic analysis, but as a by-product of how it works, Tor's encryption provides strong protection for the confidentiality of the content of messages as well. If an eavesdropper wiretaps Alice’s network link, all she’ll see is encrypted traffic between Alice and her first Tor server — a great feature. If the eavesdropper wiretaps Bob’s network link, she can see the unencrypted content Alice sent to Bob — but it may be very hard indeed for her to link the content to Alice!

You can learn about Tor, find easy installation instructions, and download the software at http://www.torproject.org. There you will also find instructions on how to easily "Torify" all kinds of different applications, including web browsers and instant messaging clients.

What Tor Won't Defend You Against

Tor won't defend you against malware. If your adversary can run programs on your computer, it's likely that they can see where you are and what you're doing with Tor.

If you've installed Tor on your computer but are using applications that don't understand how to use it, or aren't set up to use it, you won't receive protection while using those applications.

Tor may not defend you against extremely resourceful and determined oponents. Tor is believed to work quite well at defeating surveillance from one or a handful of locations, such as surveillance by someone on your wireless network or surveillance by your ISP. But it may not work if someone can surveil a great many places around the Internet and look for patterns across them.

If you aren't using encryption with the actual servers you're communicating with (for instance, if you're using HTTP rather than HTTPS), the operator of an "exit node" (the last Tor node in your path) could read all your communications, just the way your own ISP can if you don't use Tor. Since Tor chooses your path through the Tor network randomly, targeted attacks may still be difficult, but researchers have demonstrated that a malicious Tor exit node operator can capture a large amount of sensitive unencrypted traffic. Tor node operators are volunteers and there is no technical guarantee that individual exit node operators won't spy on users; anyone can set up a Tor exit node.

These and related issues are discussed in more detail at here.

Malware

Malware is a catch-all term refering to software that runs on a computer and operates against the interests of the computer's owner. Computer viruses, worms, trojan horses, "spyware", rootkits and key loggers are often cited as subcategories of malware. Note that some programs may belong to more than one of those categories.

How Does Malware Get Onto a Computer?

Some malware is spread by exploiting vulnerabilities in operating systems or application software. These vulnerabilities are design or programming errors in software that can allow a clever programmer to trick the defective software into giving someone else control. Unfortunately, such vulnerabilities have been found in a wide variety of mainstream software, and more are detected all the time — both by those trying to fix the vulnerabilities and by those trying to exploit them.

Another common vector by which malware spreads is to trick the computer user into running a software program that does something the user wouldn't have wanted. Tricking the user is a pretty powerful way to take over a computer, because the attacker doesn't have to depend on finding a serious weakness in mainstream software. It is especially difficult to be sure that computers shared by several users, or a computer in a public place such as a library or Internet café, are not compromised. If a single user is tricked into running a malware installer, every subsequent user, no matter how cautious, could be at risk. Malware written by sophisticated programmers generally leaves no immediately visible signs of its presence.

What is Malware Capable of?

Malware is extremely bad news from a security and privacy perspective. Malware may be capable of stealing account details and passwords, reading the documents on a computer (including encrypted documents, if the user has typed in the password), defeating attempts to access the Internet anonymously, taking screenshots of your desktop, and hiding itself from other programs. Malware is even capable of using your computer's microphone, webcam, or other peripherals against you.

The chief limitation in malware's capability is that the author needs to (1) have anticipated the need for the malware to do something, (2) spent a substantial amount of effort programming the malicious feature, testing that it works and is robust on numerous different versions of an operating system, and (3) be free of legal or other restrictions preventing the implementation of the feature.

Unfortunately, a black market has appeared in recent years that sells malware customized for various purposes. This has reduced the obstacles listed in category (2) above.

The most alarming feature of malware is that, once installed, it can potentially nullify the benefits of other security precautions. For example, malware can be used to bypass the protections of encryption software even if this software is otherwise used properly. On the other hand, the majority of malware is mainly designed to do other things, like popping up advertisements or hijacking a computer to send spam.

Is Malware Infection Likely?

Nobody knows how many computers are infected with malware, but informed estimates range from 40% to almost 90% of computers running Windows operating systems. Infection rates are lower for MacOS and Linux systems, but this is not necessarily because Windows is an easier target. Indeed, recent versions of Windows are much improved in security. Rather, more malware authors target Windows machines because an effective attack will give them control of more computers.

The risk that any given computer is infected with malware is therefore quite high unless skilled computer security specialists are putting a substantial amount of effort into securing the system. With time, any machine on which security updates are not installed promptly is virtually guaranteed to become infected. It is however overwhelmingly likely that the malware in question will be working on obtaining credit card numbers, obtaining eBay account passwords, obtaining online banking passwords, sending spam, or launching denial of service attacks, rather than spying on specific individuals or organizations.

Infection by malware run by U.S. law enforcement or other governmental agencies is also possible, though vastly less likely. There have been a handful of cases in which it is known that warrants were obtained to install malware to identify a suspect or record their communications (see the section on CIPAV below). It is unlikely that U.S. government agencies would use malware except as part of significant and expensive investigations.

How Can You Reduce the Risk of Malware Infection?

Currently, running a minority operating system significantly diminishes the risk of infection because fewer malware applications have been targeted at these platforms. (The overwhelming majority of existing malware targets only a single particular operating system.)

Vulnerabilities due to software defects are difficult to mitigate. Installing software updates promptly and regularly can ensure that at least known defects are repaired.

Not installing (or running) any software of unknown provenance is an important precaution to avoid being tricked into installing malware. This includes, for example, software applications advertised by banner ads or pop-ups, or distributed by e-mail (even if disguised as something other than a computer program). Recent operating systems attempt to warn users about running software from an unknown source; these security warnings serve an important purpose and should not be casually ignored. Strictly limiting the number of users of a computer containing sensitive information can also be helpful. Notably, some malware targets children, including malicious code along with downloadable video games. (Of course, computer users of any age can be tricked into installing malware!)

On Windows, regularly running antivirus and antispyware software can remove a large proportion of common malware. However, this software is not effective against all malware, and must be regularly updated. Since anti-malware software is created by researching malware discovered "in the wild," it's also probably ineffective against uncommon, specially-targeted malware applications that aim to infect only a few specific computers rather than a large population on the Internet.

CIPAV: An Example of Malware Use for Law Enforcement

A CIPAV is an FBI acronym which stands for Computer and Internet Protocol Address Verifier. CIPAVs are a type of malware intended to identify people who are hiding their identity using proxy servers, bot nets, compromised computers or anonymity networks like Tor. A small amount is known about them as a result of published documents from cases in which they were used. CIPAVs may include use of browser exploits to run software on a computer regardless of how many steps of indirection are present between the attacking server and the user.

Malware Risk Assessment

Ubiquitous malware poses a threat to all computer users. The seriousness of the threat varies greatly. For some users, it is sufficient to install operating system updates regularly and utilize caution in running software found on the web. For organizations that face a high risk of being specifically targetted by a malware author, it is advisable to find computer security experts to defend their computers — or better yet, to simply avoid using networked computers for their most sensitive activities.

Mobile Devices

This article discusses privacy implications of cell phones and other devices that communicate with large scale wireless voice and data networks.

This page doesn't discuss Wi-Fi. If you have a mobile device that uses Wi-Fi but not GSM, CDMA 2000, or any of the other cellular networks, you should follow the same steps that you would for a laptop with Wi-Fi. If you have a cell phone that also connects to Wi-Fi networks, you should read the Wi-Fi article as well as the material below.

Problems with Cellular Device Privacy

Cell phones pose several privacy problems.

No Anonymity. Every cell phone has several unique identifying numbers. For a GSM phone these include the IMEI number for the handset itself and the IMSI in the SIM card. Unless you have purchased your handset and account anonymously, these will be linked to your real identity. Even if you have an anonymous handset and account, the typical use pattern of a phone is almost always enough to link it to your identity.

Location tracking. Cell phones communicate with transmission towers. The strength of the signal received by these towers from a phone is a measure of distance, and this allows the phone network to know where its users are. Many if not all networks log approximate location on a regular basis. These records may be subject to subpoena. If your adversary is law enforcement and has probable cause for a warrant, they could receive continuous triangulation location surveillance data from the network.

Easy interception. Cell phone communications are sent through the air like communications from a walkie-talkie, and encryption is usually inadequate or absent. Although there are substantial legal protections for the privacy of cell phone calls, it's technologically straightforward to intercept cell phone calls on many cell networks without the cooperation of the carrier, and the technology to do this is only getting cheaper. Such interception without legal process could be a serious violation of privacy laws, but would be immensely difficult to detect. U.S. and foreign intelligence agencies have the technical capacity to intercept unencrypted and weakly encrypted cell phone calls on a routine basis.

Lack of user control. Cell phones tend to run proprietary operating systems, and the operating systems on different devices tend to be different from each other. This means for instance that on most cell phones:

it's impossible to guarantee that the phone is using secure encryption for its transmissions, or determine whether it's using encryption at all

it's very difficult for the user to gain access to and control over the data recorded by the phone's operating system

However, because cell phones do not create stored records of the contents of your communications, telephonic communication has certain privacy advantages over other modes of communication, like email, instant messaging or text messaging which do create such records.

Data Stored by Your Phone

Your phone will store the contents of the text messages you send and receive, the times and numbers of the calls you make and receive, and possibly other information such as location-related data. Secure deletion of this data poses a challenge. On most mobile devices your best strategy is to manually delete these records using the phone's user interface, and then hope that new records will overwrite them. If you have deleted all your text messages and calls, and waited long enough for the phone's memory to fill, there is a chance that later forensic investigation would not find the original data.

There are a couple of drive encryption programs available for devices that run the Windows Mobile operating system. Proprietary drive encryption that has not been audited by the computer security community should always be treated with caution; it is probably better than no protection at all, although even that is not guaranteed.

We are hopeful that the arrival of open Linux-based phones (notably OpenMoko and those using the Google Android code) will offer users better control over stored data in the future.

The undeleted data could be accessible to anyone who takes physical possession of the phone, including thieves or an arresting officer.

Transmitted Data

The control data and actual voice conversations sent by cellular devices may be encrypted using various standard encryption protocols. There is no guarantee that this will occur — phones do not usually offer users a way to refuse to operate in unencrypted mode, and many don't indicate whether they are using encryption. As a result, it is largely up to the network operator to decide if its users will receive any cryptographic defense against eavesdropping.

Carrier-provided encryption can be good protection against eavesdropping by third parties. However, if it is the carrier that wants to listen in, or the government with a warrant ordering the carrier to allow wiretapping access to your calls, then that encryption will not protect you because the carrier has the means to decrypt.

Even if your cell phone is communicating in an encrypted fashion, it turns out that most of the standard cryptography used in cell networks has been broken. This means that an adversary that is motivated and able to intercept radio communications and cryptanalyze them will be able to listen to your phone calls.

It would be technologically possible to use strong end-to-end encryption with voice calls, but this technology is not yet widely available. The German company GMSK has begun selling a GSM-based "Cryptophone"; as with computer encryption, both users would need to be using the technology in order to make it work. Some third parties have produced software to encrypt SMS text messages; here, again, both the sender and recipient of a message would need to use compatible software.

Data Stored by Other Parties

A great deal of data pertaining to your use of your phone will be stored by the telephone company or companies that are providing you with service. A more diffuse set of records will also be stored by the phones of the people you communicate with.

Expect your telephone company to keep a record of: who you talk to and when; who you exchange messages with and when; what data you send and receive using wireless data services; information revealing your physical location at any time when your phone is on; and whether your phone is on or off.

The text messages exchanged by your phone — as well as summary information for the calls you sent and receive from other cell phones — are likely to be stored by those other cell phones. As anyone who follows celebrity gossip should know, the people you are communicating with can disclose the contents of your communications. Other adversaries may use subpoenas or other legal process to obtain text messages or call information.

Malware for Phones

If you face a determined adversary such as federal law enforcement with a warrant, assume that your phone could be reprogrammed with malware to assist in their investigations; there are reports of the FBI doing this.

Under these extreme circumstances, it is possible for your phone to be turned into a remote bugging device. It is possible for a phone to remain on even when you press the "off" button, but not if you remove the battery.

If you have a pair of speakers that crackle when your phone is nearby, you can check that the phone is actually off / not transmitting continuously by placing it near those speakers.

Secure Deletion

Secure deletion involves the use of special software to ensure that when you delete a file, there really is no way to get it back again.

When you "delete" a file — for instance, by putting the file in your computer's trash folder and emptying the trash — you may think you've deleted that file. But you really haven't. Instead, the computer has just made the file invisible to the user, and marked the part of the disk drive that it is stored on as "empty," meaning that it can be overwritten with new data. But it may be weeks, months, or even years before that data is overwritten, and the computer forensics experts can often even retrieve data that has been overwritten by newer files. Indeed, computers normally don't "delete" data; they just allow it to be overwritten over time, and overwritten again.

The best way to keep those "deleted" files hidden, then, is to make sure they get overwritten immediately. Your operating system probably already includes software that can do this for you, and overwrite all of the "empty" space on your disk with gibberish (optionally multiple times), and thereby protect the confidentiality of deleted data. Examples include GNU Shred (Linux), Secure Delete (Mac OS X), and cipher.exe (Windows XP Pro and later).

Windows Secure Deletion

Without Installing New Software: Use Cipher.exe

Update: Cipher.exe is no longer recommendedWe previously discussed using a program called Cipher.exe to clear free space on Windows systems, without having to install any new software on the machine. However, people have written in to inform us about a grievous design flaw in Cipher.exe that could cause unintended deletion of entire drives of data.We recommend using Eraser instead.

A Better Option: Install Eraser

Eraser is a free/open source secure deletion tool for Windows, and is much more sophisticated than the built in cipher.exe. It can be used to quickly and easily target individual files for secure deletion, or to implement periodic secure deletion policies. You can get a copy of Eraser here and some tips on how to use it here.

Secure Deletion on Mac OS X

Secure Deletion of Individual Files

On OS X 10.4 an above, you can securely delete files by moving them to the Trash, and then selecting Finder > Secure Empty Trash.

Ensuring Previously Deleted Data Cannot be Recovered

Apple's advice on preventing forensic undeletion on Mac OS X is as follows:

To prevent the recovery of files you deleted previously, open Disk Utility (in Applications/Utilities), choose Help > Disk Utility Help, and search for help on erasing free disk space.

Secure Deletion on *nix Operating Systems

Secure Deletion of Individual Files

Linux, FreeBSD and many other UNIX systems have a command line tool called shred installed on them. Shred works quite differently to the Windows cipher.exe program; rather than trying to prevent previously deleted files from being recoverable, it singles out specified files and repeatedly overwrites them and their names with random data.

If you are comfortable using a terminal or command line, secure deletion of files with shred is simple. Just run the following command:

shred -u

Ensuring Previously Deleted Data Cannot be Recovered

Unfortunately we are not aware of any standard Linux/UNIX tools for overwriting previously deleted files to prevent undeletion.

A hack solution that may work is to write zeroes or random data to a file on the drive until it fills up all of the available space, then delete it. Unfortunately, this will fill up the filesystem and may therefore make the system unstable while it is in progress. Caveat emptor.

On Linux systems, you could try to achieve this by running the following command as root:

dd if=/dev/zero of=/directory/junkfile ; rm /directory/junkfile

Replace /directory/ with a directory that is within the mounted partition within which you wish to ensure that forensic undeletion is impossible. The dd command will take a long time to run and will finish with an error saying the disk is full; the rm will then delete the huge file full of random junk.

Replacing /dev/zero with /dev/urandom uses random data instead of zeroes; that will result in slightly more secure erasure, but can take much longer.

A Warning About the Limitations of Secure Deletion Tools

Even if you follow the advice above, there is a chance that certain traces of deleted files may persist on your computer, not because the files themselves haven't been properly deleted, but because some part of the operating system or some other program keeps a deliberate record of them.

There are many ways in which this could occur, but two examples should suffice to convey the possibility. On Windows, a copy of Microsoft Office may retain a reference to the name of a file in the "Recent Documents" menu, even if the file has been deleted (office might sometimes even keep temporary files containing the contents of the file). On a Linux or other *nix system, a user's shell history file may contain commands that include the file's name, even though the file has been securely deleted. And OpenOffice may keep as many records as Microsoft Office. In practice, there may be dozens of programs that behave like this.

It's hard to know how to respond to this problem. It is safe to assume that even if a file has been securely deleted, its name will probably continue to exist for some time on your computer. Overwriting the entire disk is the only way to be 100% sure the name is gone. Some of you may be wondering, "Could I search the raw data on the disk to see if there are any copies of the data anywhere?" The answer is yes and no. Searching the disk (eg by using a command like grep -ab /dev/ on Linux) will tell you if the data is present in plaintext, but it won't tell you if some program has compressed or otherwise coded references to it. Also be careful that the search itself does not leave a record! The probability that the file's contents may persist is lower, but not impossible. Overwriting the entire disk and installing fresh operating system is the only way to be 100% certain that records of a file have been erased.

Secure Deletion When Discarding Old Hardware

If you want to finally throw a piece of hardware away or sell it on eBay, you'll want to make sure no one can retrieve your data from it. (Studies have repeatedly found that computer owners usually fail to do this — and hard drives are resold chock-full of highly sensitive information.) So, before selling or recycling a computer, be sure to overwrite its storage media with gibberish first. (Even if you're not getting rid of it right away, if you have a computer that's reached the end of its useful life and is no longer in use, it's also safer to wipe the hard drive before stashing the machine in a corner or a closet.) Darik's Boot and Nuke is an excellent free tool for this purpose.

Some full-disk encryption software has the ability to destroy the master key, rendering a hard drive's encrypted contents permanently incomprehensible. Since the key is a tiny amount of data and can be destroyed almost instantaneously, this represents a much faster alternative to overwriting with software like Darik's Boot and Nuke, which can be quite time-consuming for larger drives. However, this option is only feasible if the hard drive was always encrypted. If you weren't using full-disk encryption ahead of time, you'll need to overwrite the whole drive before getting rid of it.

Discarding CD-ROMS

When it comes to CD-ROMs, you should do the same thing you do with paper — shred'em. There are inexpensive shredders that will chew up CD-ROMs. Never just toss a CD-ROM out in the garbage unless you're absolutely sure there's nothing sensitive on it.

File and Disk Encryption

Modern operating systems allow you to use a system of accounts and passwords to limit access to data on a computer. This may be useful when adversaries have casual passing access to your machine, but those accounts and passwords will not protect your data if your computer is stolen or seized — or if the adversaries have more than a minute or two alone with your computer. There are many ways (such as plugging your hard disk into another computer, or booting another operating system using a CD or USB key) that would allow files to be read off the disk. Even deleted files may be recoverable.

The theft or seizure threats can be mitigated by encrypting the data on the disk. Some sort of mitigation is especially important for laptops, which are at high risk of being lost or stolen, but the same measures can be useful for improving the security of any client or workstation-type computer.

Full-disk encryption is meant to protect stored data against this sort of exposure, if the computer is stolen or seized when it is powered off. If the computer is seized while running, there are tricks that sophisticated adversaries could use to read the data regardless of encryption.

File encryption is disk encryption that only applies to certain specific files on your computer. It may be easier to deploy but is vulnerable to several threats that do not apply to full disk encryption.

Hard disk passwords are a feature offered by many laptop manufacturers. These can be enabled within the BIOS of your computer. Hard disk passwords don't encrypt any data on your drive, they just prevent the drive from cooperating with the computer until the password is supplied. There are numerous commercial services which will disable these passwords for about $100 per drive. So a hard disk password is useful against a casual thief, but of no use against law enforcement or other non-casual adversaries.

Should I Encrypt My Drive?

Everybody should use either disk encryption or a hard disk password (possibly augmented with file encryption) on their laptops. If your laptop has personal data but you would not regard any of it as sensitive, a hard disk password may be quick and easy, and sufficient protection in case of theft.

If your computer contains a very small and easily quantified set of somewhat sensitive documents, it may be sufficient to use file encryption for those documents, alongside a hard disk password.

If you computer contains a larger (or harder to quantify) set of sensitive documents, or any documents which might be considered highly sensitive, it is best to use full disk encryption. In such cases the threat posed by malware should also be taken into account.

Disk Encryption Is Of Little Use in Civil Lawsuits

It is extremely important to note that disk encryption is unlikely to offer much protection against civil litigation. Many of the procedural obstacles which might apply to law enforcement attempts to obtain encrypted data during a criminal investigation would not apply in a civil case. If an adversary in a civil case persuades a judge to issue a subpoena for your data, a failure to decrypt and disclose the data would be held against you in the case.

If your threat model involves civil litigation, it is essential to simply not have the data on a computer in the first place, or to have secure deletion practices in place long before any lawsuit is filed. Once a lawsuit is filed, you will be obliged to preserve any pertinent documents, and the presence of forensic evidence that you deleted data after a suit was filed would have dire consequences.

Choosing Disk Encryption Software

There are many full-disk encryption tools. Using a mainstream one is probably safer than an obscure one, since mainstream disk encryption products have usually received more expert review. Leading disk encryption programs include BitLocker, PGPDisk, FileVault, TrueCrypt, and dm-crypt (LUKS); some of these come with the operating system, while others are third-party add-ons. You can read a detailed comparison of these and many other disk encryption products from a comparison at Wikipedia. This comparison may help you select a disk encryption product to meet your needs, but any of these systems can protect your data better than having no disk encryption
at all.

Things To Know When Using Disk Encryption

Generally, disk encryption software will require you to enter a separate disk password when you turn the computer on or start using the disk (some systems can use a smartcard instead of or in addition to a password). To be effective, this password must be resistant to all forms of automated guessing. Remember that the disk encryption is fully effective at preventing access to the disk when the computer is turned off (or the encrypted disk is entirely unmounted or removed from use); to get the full benefit, you should unmount the encrypted disk or turn the computer off in any situation where the risk of compromise is especially high, such as a computer left unattended overnight or a laptop being carried from place to place. (Using disk encryption without following this precaution scrupulously will still provide more protection against some attackers than not using disk encryption.)

Finally, full-disk encryption can also be used on servers, providing some protection against seizure of the servers. However, even servers with encrypted hard drives could be vulnerable to attackers with specialized techniques if they're seized while they're operating. Proper use of disk encryption on servers can also be a nuisance because the server can't do a fully unattended automatic reboot. (It's not safe to store the password for the disk on the server itself, so an administrator will have to enter the disk password whenever the computer is restarted.)

Plausible Deniability

One interesting property which some disk encryption developers are working towards is plausible deniability. The goal of these efforts is to offer users a way to not only encrypt their files, but to prevent an attacker from being able to even deduce the existence of some of the encrypted files. The user will have a way to "plausibly deny" that the files exist.

One example of this concept is TrueCrypt's ability to have an encrypted partition (which can be hidden as any file on your hard drive) and within that partition hide another partition. One password will reveal the outer partition and another separate password will reveal the inner one. Because of the way TrueCrypt encrypts the partition table itself, an observer cannot detect a hidden partition even if she has access to the "regular" encrypted share. The idea is to give the user something to decrypt if a law enforcement officer or Customs official asks, while keeping the rest of their information secure.

In practice, TrueCrypt's first attempt to implement this feature was shown to be ineffective because operating systems and applications leave so many traces of the files they work with, that a forensic investigator would have many avenues by which to determine that the inner partition existed. The TrueCrypt developers have responded to this research by offering a way to install and boot from an entire separate operating system within the inner partition. It is too soon to know whether their new approach will turn out to offer secure plausible deniability.

Technical issues aside, remember that lying to a federal law enforcement officer about material facts is a crime, so if a person chose to answer a question about whether there were additional encrypted partitions on a computer, they would be legally obligated to answer truthfully.

Virtual Private Networks (VPN)

Virtual Private Networks (VPNs) are a very powerful and general tool that can be used to encrypt all of the communications between participating computers. VPNs can be used to improve the privacy and security of protocols that are not encrypted (or not securely encrypted) by default.

The biggest catch with VPNs is that all of the computers participating in them must be running the same VPN software, and must be correctly configured to communicate with each other. In general, this means that deploying a VPN is a non-trivial task requiring signicant systems administration time.

Organizations that need to arrange secure access to intranet web servers, file servers, print servers and similar facilities should deploy VPNs.

More information about different VPN architectures and software can be found at Wikipedia.

Legal disclaimer: This guide is for informational purposes only and does not constitute legal advice. EFF's aim is to provide a general description of the legal and technical issues surrounding you or your organization's computer and communications security, and different factual situations and different legal jurisdictions will result in different answers to a number of questions. Therefore, please do not act on this legal information alone; if you have any specific legal problems, issues, or questions, seek a complete review of your situation with a lawyer licensed to practice in your jurisdiction.

Links to Wikipdia: Malware, Privacy, Surveillance, Uberveillance

More articles about Uberveillance

More articles about Privacy

Suveilance Selfdefence Project « EFF [part 3]

2009-03-17T18:10:00.000-07:00

From EFF.org

What Can I Do To Protect Myself?

When we were talking about how to defend yourself against subpoenas and search warrants, we said, "If you don't have it, they can't get it." Of course, that's only partially true: if you don't have it, they can't get it from you. But that doesn't mean they might not be able to get copies of your communications or detailed records about them from someone else, such as your communications service providers or the people and services that you communicate with. Indeed, as we outlined in the last section, it's much easier as a legal matter for the government to obtain information from these third parties - often without probable cause or any notice to you. So, you also need to remember this lesson: "If someone else has stored it, they can get it." If you let a third party store your voicemail or email, store your calendar and contacts, back up your computer, or log your communications traffic, that information will be relatively easy for the government to secretly obtain, especially compared to trying it to get it from you directly. So, we'll discuss in this section how to minimize the content that you store with third parties. We've also asked you to "encrypt, encrypt, encrypt!" in the previous sections about protecting data on your computer and while you are communicating. The same holds true when protecting against the government getting your information from other people. Although ideally you will avoid storing sensitive information with third parties, using encryption to protect the data that you do store - such as the emails you store with your provider, or the files you back up online - can provide a strong line of defense. We'll talk in this section about how to do that. Communications content that you've chosen to store with a service provider isn't the only issue, though. There are also the records that those third parties are creating about your interactions with their services. Practically everything you do online will create records, as will your phone calls. So your best defense is to think before you communicate:

Do you really want the phone company to have a record of this call - who you called, when, and how long you talked?

Do you really want a copy of this email floating around in the recipient's inbox, or on your or his email provider's system?

Do you really want your cell phone provider to have a copy of that embarrassing SMS text message?

Do you really want Google to know that you're searching for that?

It may be that the communication is so trivial or the convenience so great that you decide that the risk is worth it. But think about it - seriously consider the security trade-offs and make a decision - before you press "send". We'll give you information in this section that should help you make those decisions. Another option for minimizing the information that's recorded about you - short of avoiding using a service altogether - is to protect your anonymity using encryption and anonymous communication tools. If you want to search Google or browse Amazon without them being able to log information that the government could use to identify you, you'll need to use software such as Tor to hide your IP address, as well as carefully manage your browser's privacy settings. This section will give you the information you need to do that.

Getting Started

Learn What Your Service Providers Store

Most communications service providers and commercial web sites have privacy policies. Read them to find out:

What information do they collect? It may be more than you think. If anyone you do business with doesn't have a privacy policy (or their policy is unclear), you should contact them and ask about what they collect.

With whom do they share it? Most companies will share your information with other companies in their corporate family and with marketers; many companies will sell your data to anyone who wants it. Check to see if they'll let you "opt-out" of sharing your information with other companies.

What about the government? Look in the privacy policy to see under what circumstances they'll hand your information over to the government. Try to do business with companies that will not give your information to the government unless required by law to do so. Also find out whether they will notify you if the government asks for your files, and do business with companies who will always notify you unless prohibited by law from doing so. That way, you can call a lawyer and try to stop the disclosure before it happens.

Consider using activist-friendly, privacy-respecting communications providers that offer free services. The Online Policy Group, for example, offers free web hosting and email list hosting, while Rise Up offers free email (including web-mail), web hosting, and email list hosting. These services have strong privacy policies and will notify you of any governmental or other attempt to seek customer information unless prevented by law. Cable companies that offer Internet access usually also have a policy of notifying you unless they've been gagged - in fact, because of a quirky imbalance in the law, they actually have to notify you if they can, unlike non-cable providers. So, if you're especially worried about the communications records held by your ISP, consider using a cable broadband provider.

Choosing a Communications Method

Again, Telephone Calls are Your Safest Bet

When it comes to protecting the privacy of communications content stored by your provider, the safest choice is to avoid storing any content with the provider at all. Therefore, just as when we were discussing wiretapping, regular old telephone calls have a distinct advantage over other communications methods: putting aside voicemail, which we'll discuss on the next page, telephone calls don't create copies. That means, unless the government goes to the technical and legal trouble of directly wiretapping you (a very low risk, compared to the government trying to obtain stored copies of your communications), or the person you are talking to is so untrustworthy that they would record your conversation without telling you (a rarity, but it does sometimes occur), your telephone call will be safe from prying ears. As you'll see on the following pages, telephone calls are far preferable to SMS text messages, which providers apparently store for long periods of time, and which are very difficult to encrypt. IM and VOIP are better alternatives, as we'll also discuss, since they can be more easily encrypted, and since instant messages and VOIP call contents are typically not logged by providers. Email is a harder case, since it necessarily creates a range of copies - with providers and with recipients - but as you'll see later, there are a number of steps you can take to make that mode of communication safer, too.

Protecting Your Voicemail

As we explained previously, copies of your communications stored by your phone company such as your voicemail receive very weak legal protection compared to copies of your communications stored in your own home. In particular, after a communication has been stored more than 180 days - or, according to the government's reading of the law, after you've first accessed that stored communication - the government no longer needs to get a warrant before obtaining that communication, and can instead use only a subpoena to the company (usually with no notice to you). When it comes to your voicemail, this means two things:

Where possible, use your own answering machine or voicemail system, not the phone company's.

Where it's not possible to use your own answering machine or voicemail system, such as with your cell phone, you should always delete your voicemails as soon as you listen to them!

Protecting Your Voice Over IP Communications

As best we can tell, providers of Voice Over IP telephone service such as Skype do not record your calls as a matter of routine. So, short of using encryption to protect the confidentiality of your calls there are no special steps that you need to take to ensure that the government can't obtain stored copies of your conversations. Notably, Skype uses encryption by default. However, as discussed in our VoIP article, the security of Skype's encryption system is still in question. And, as with your regular phone calls, there is always going to be some risk that the person at the end of the line is recording the conversation.

Protecting Your Email Inbox

(and Sent folder, and Drafts folder, and...)

The Stored Communications Act requires the government to obtain a warrant before seizing emails that are in "electronic storage" with your communications provider and are less than 181 days old. However, under the government's interpretation of the term "electronic storage", the emails that arrive in your inbox lose warrant protection under the Stored Communications Act, and are obtainable with nothing more than a subpoena (often with no notice to you) as soon as you've downloaded, opened, or otherwise viewed them. Similarly, the government believes that it can obtain the sent emails and draft emails that you store with your provider with only a subpoena, again often without notice to you; the government doesn't think those sent or draft emails are in "electronic storage" as defined by the statute, either. EFF is doing it's best to prove the government's interpretation wrong in court, and some courts have already disagreed with the government. Yet as far as we can tell, those court decisions haven't significantly changed the government's behavior and it still routinely obtains opened emails (and sent emails and draft emails) without warrants, regardless of how old they are. Because of the government's aggressive position, you need to be just as aggressive when it comes to defending your email privacy. As described on the next few pages, the most critical things you can do are:

Delete emails from your provider's server as soon as you first access the messages, and store your sent and draft emails locally in your email client software, rather than with your provider.

In order to minimize the number of emails stored with your provider - be they received, sent, or draft - avoid using webmail if at all possible, or, if you do use a webmail account, avoid the web interface and instead configure your email client software to send and receive emails directly via POP.

Encrypt your emails whenever possible.

Protecting Email: Download and Delete!

The single most powerful step you can take to protect the privacy of your email is to not store it with your email provider. Rather than leave email on your provider's server, you should configure your email software to immediately delete incoming emails from your provider's server as you download those messages to your computer - and also make sure that your email software is configured to store your draft and sent email on your computer rather than with the provider. Of course, this is a serious security/convenience trade-off - by fetching your email using the "POP" email protocol and storing all your mail locally, you won't have access to your email from multiple devices like you would if you were using the IMAP protocol or a webmail interface, both of which store all of your mail with the provider. We realize that for some people, particularly those without their own computer, using POP and storing everything locally may not be an option. But if it is an option, and you can effectively function without storing your emails with your provider, we highly recommend doing so. For more, check out our email article.

Don't Use Webmail if You Don't Need It - or POP It.

Webmail poses a serious security trade-off for those concerned about a government adversary.

Webmail is usually free, very easy to use, and super-convenient, especially if you want the ability to access your email from several different computers or mobile devices. However, deleting your email from your provider's servers as soon as you've downloaded - a critical step to protecting your email's privacy against the government - is hard if not impossible to do when you use a webmail service like Gmail or Yahoo! Mail, especially if you want to maintain access to a copy of that email. Since you view your email in your browser rather than downloading it to email client software, the only conveniently accessible copy of your email is going to be the one you store with your provider. If you take the idea of a government adversary seriously, webmail is a very bad risk. The government is hundreds if not thousands of times more likely to try and obtain your stored email rather than wiretap it. Indeed, the reason that the number of wiretaps on electronic communications is so low is because it's so easy to obtain the same information from the provider's storage. So, if you think that government adversaries may pose a threat to your privacy, we strongly recommend that you not use webmail for any unencrypted sensitive communications, unless you simply can't live your life or do your job without an easy-to-access-anywhere inbox. If you really don't need that kind of access and usually access your mail from the same computer, the convenience of webmail probably isn't worth the risk. If you do use a webmail account, though, one way of mitigating the risk is to avoid using the web interface and instead download your emails directly to your email client software using POP and immediately delete them from the provider's server. This option may not be available from all webmail providers, but it is offered by major providers such as Gmail, Microsoft and Yahoo!. You'll lose the convenient access to past messages via the web, and it might not be free (Microsoft and Yahoo! charge a fee of $19.95 per year for POP service through Hotmail Plus and Yahoo! Mail Plus, while Google's Gmail service offers the option at no cost), but you'll still have cheap and reliable email service.

Protecting Email: Use Email Encryption When You Can

Using email encryption is a good idea even if you are storing all your email locally, if only to counter the wiretapping threat. But using encryption becomes all the more important if you are storing your email content with your email provider. If the government comes calling on your provider with a subpoena for your stored emails, you'll wish you had learned how to protect those messages with encryption, so visit our email article and learn now!

Protecting Instant Messaging

Major IM service providers like AOL, Yahoo! And Microsoft say that they don't store your IM messages after they are transmitted. We think they are telling the truth, but even so, you should use encryption when IMing, if only because it is so easy to do (see our IM article to find out how). Gmail's chat, on the other hand, logs all of your IMs by default as a feature and stores them online in your Google account for you to access later. If you use Google Talk or Gmail's chat service, we strongly recommend turning off this feature by going "Off the Record" or "OTR", as Google calls it - so that you aren't storing those transcripts with Google. If you really need access to past transcripts, log them on your own computer using your IM software's settings (subject, of course, to the data retention policy you established after reading our section on protecting data stored on your computer). However, also keep in mind that many if not most of the people you chat with will be keeping their own logs on their own computer (or in their Google account if using Gchat, unless you've gone "Off the Record").

Protecting SMS

Avoid Texting Sensitive Communications

Major cell phone providers claim that they don't log your SMS text messages except for a very short period of time to ensure delivery (see, e.g., statements from providers in this news story entitled "Most Text Messages Are Saved Only Briefly", or another article containing similar claims). However, there is reason to doubt these claims: we've seen several cases where SMS messages were disclosed by a provider months or even years after they were originally sent. For example, as USA Today recounts, text messages were subpoenaed in the Kobe Bryant rape case four months after they were sent, despite A&T Wireless' claims that customers' text messages are deleted within 72 hours. According to that story, "How messages in the Bryant case would be available four months later isn't known; most likely they were retrieved from an archival storage system." Considering such incidents, provider-side logging of your SMS text messages must be considered a high risk. Furthermore, although we think that the Stored Communications Act and the Fourth Amendment require the government in most cases to get a warrant before obtaining your pager or SMS messages from your provider, there are several known cases where it has obtained such messages without warrants under the lower legal standards reserved for non-content records, using only subpoenas. Not only is there the threat of your provider logging your messages and the government subpoenaing them, but also the near certainty that the phones of the people you are communicating with are logging those messages, adding yet another point of vulnerability. That's in addition to the logs on your own phone, which you should delete regularly based on the data retention policy you developed after reading about "Data Stored on Your Computer." However, keep in mind that with the right forensic tools, investigators will likely be able to recover even those deleted messages if they ever get a hold of your phone, and the secure deletion options for mobile devices are still quite limited. Finally, although there have been some efforts at coming up with encryption solutions that work for SMS (as described in our mobile devices article), none of those techniques are easily or widely used. Therefore, given the possibility that your SMS texts are logged by your provider, that the government may be able to obtain those messages from your provider without warrants and without notice to you, and that such messages are hard if not impossible to encrypt, along with the certainty that they will be logged on your phone and the phones of the people you communicate with, we strongly recommend against using SMS for any sensitive communications.

Online Storage of Your Private Data

Online Storage of Your Private Data

There's a lot of talk these days about how convenient it is to store your data in the internet "cloud." Why store your calendar or contacts list or critical documents on one computer, or buy a hard drive to back up your files at home, when you can store them "in the cloud" and access them from anywhere using services like Google Calendar, or Google Docs, or remote backup services that will store copies of all your files for you? Well, here's a reason: the government can easily subpoena that data from those providers, with no notice to you. As we already described in the "What Can The Government Do?" section, the communications stored by your communications service providers are very weakly protected compared to those you store yourself: after 180 days (or after you've downloaded a copy, according to the DOJ), the government can get those communications with only a subpoena and usually with no notice to you. But the situation is even worse when it comes to data that you store with someone other than your communications provider - so called "remote computing services" (RCSs). Under the Stored Communications Act, the government can obtain data that you send to an RCS for storage or processing with only a subpoena regardless of how old it is, and although the government is supposed to notify you before they do, the law makes it very easy for investigators to delay that notice until after they've gotten your data. Therefore, storing all that data yourself, on your own computers - without relying on RCSs - is the most legally secure way to handle your private information. If you do choose to store copies of your files online, though, we strongly recommend encrypting those files yourself before you do (visit our article on disk and file encryption to learn how), or using services like IDrive or MozyPro that give you the option of encrypting your files using your own private encryption key.

Protecting Your Search Privacy and Your Web Browsing Activity

The search history you generate when using search engines like Google or Yahoo! reveals incredibly sensitive data about what you look at - or even think of looking at - on the web. These logs may be tied to your identity based on your IP address, the cookie files that the search engine places on your computer, or your account information if you've registered to use the search engine or other services offered by the provider. And as discussed earlier in the "What Can the Government Do?" section, these logs are subject to uncertain legal protections. Considering the sensitivity of search logs and the questions surrounding their legal status, we highly recommend that you exercise great care to ensure that your identity cannot be linked to your search queries. For an in-depth discussion of how to do that, read EFF's "Six Tips to Protect Your Search Privacy". You should also take a look at our article on browsers to learn more about cookie management and on the anonymizing software Tor to learn more about how to mask your IP address. These same techniques can be used to protect you against logging by any web site you visit, not just search engines, and we recommend that you do use them whenever you visit a web site and don't want that site to log personally-identifying information about you and the pages that you read. Finally, we recommend avoiding using one online portal for multiple services - e.g., try to avoid using Yahoo! Search and Yahoo! Mail, or Google Search and Google Reader. Not only are you making it easier for the search provider to identify you by virtue of linking all of your activity to your personalized account, but you are also offering the government a convenient "one-stop shop" opportunity to access a wide range of your personal information at once. Using these "mega-portals" to manage all aspects of your online life might be convenient, but it also creates a single point of failure that raises a serious security risk.

TMI on the Web

Do You Really Want to Publish that Blog Post, Flickr that Picture, or Broadcast that Facebook Status?

The web is a powerful engine of personal expression, giving you a wide variety of online venues to speak your mind and communicate with friends or the public. But before you publish that blog post on MySpace or Blogger, post a picture to a picture-sharing sites like Flickr or Picasa, or broadcast your status on Facebook or using Twitter, think, "Is this really information that you want to expose on the web?" Even if you do now, think about years from now: will you want evidence of this youthful indiscretion or that personal opinion floating around on the web in the future? Remember, you don't have any expectation of privacy in information that you post to the public web, and information that you post now but delete later may still persist, whether on the pages of the friends you communicated with (like your Wall Posts to a friend on Facebook), or in Google's cache of old web pages, or the Internet Archive's library of public web pages. One way of limiting the risks of posting information about yourself on the web is to use the privacy settings offered by social sharing sites like Flickr or Facebook, with which you can avoid publishing your information to the public web and can define which of your "friends" on the same service are allowed access to your information. However, these settings can sometimes be confusing and difficult to configure correctly, and it's unclear how robust such privacy protections would be against the attacks of a dedicated hacker. There's also the possibility that an adversary may try to "friend" you using fake information to pose as someone you know or would want to know. (A good rule of thumb is to only become "friends" with people that you know personally, after verifying with them via another means of communication - for example, by emailing them or calling them - to ensure that they are the ones that actually made the request.). Then there's the additional threat of adversaries gaining access to your account information by convincing you to use their "app." Finally, of course, there's always the risk that one of your "friends" will republish to others the information that you thought you had posted privately. So, even if you think you've strictly controlled access to your Facebook profile or Flickr page, you should recognize the significant risk that what you post there might leak out, and act accordingly. Another option, if you're more interested in sharing information and opinion than in socializing, is to communicate anonymously, without tying your posts to your real identity. For an extended discussion of how to do that safely and effectively, take a look at our guide on "How to Blog Safely (About Work or Anything Else)."

Protecting Your Location Information

More on Cell Phone Tracking

We described earlier how the government can enlist your phone company's help in tracking the location of your phone in real time. However, that's not the only location privacy threat posed by your cell phone: your provider also keeps records of where your cell phone was each time you made or received a phone call. In particular, phone companies typically log the cell phone tower you were closest to when you called someone or someone called you, as well as which "sector" of the tower's coverage area your phone was in. Particularly in urban environments where there are lots of cell towers, such records can locate you with a fairly high degree of precision, sometimes to within a city block or even within a particular building. The government routinely obtains these kinds of location records with only subpoenas and with no notice to the target, although EFF is working hard to ensure that such data can only be obtained with a search warrant. Unfortunately, there's nothing you can do to prevent these records from being created short of not making phone calls, and turning your phone off to ensure that no one calls you. Indeed, turning your phone off might be your only recourse - particularly since some experts have advised us that the phone companies not only log the location of your phone when a call is made but also log the closest cell tower whenever your phone is turned on, as your phone continuously registers itself with the cell network. Therefore, as is true with every communications device that you use, your best defense is to think before you use your cell phone. Do you really want your phone company to have a log reflecting that you were in that part of town at that time? If not, then you should turn the cell phone off. Another potential solution is to anonymously purchase a prepaid cell phone using cash. The phone company will still have the same location data, but it won't be as easily linked to your identity. Keep in mind, however, that even if the phone company doesn't have subscriber information like your name and address, investigators might be able to quickly associate you with the phone based on the people you communicate with, or based on security camera footage from the store where you bought the phone. For more information about the privacy risks posed by cell phones, take a look at our article on mobile devices. You may also want to take a look at the advice offered by MobileActive.org in its Primer on Mobile Surveillance.

Summing Up

Whenever you use technology to communicate, you will necessarily leave traces of your activity with third parties like your phone company, your ISP, or your search engine provider. If a third party has it, the government can get it, often under weak legal standards and without any notice to you. So remember:

Think before you communicate. Do you really want there to be a record of this?

Choose to make a telephone call when you can, rather than using SMS or the Internet, unless your communications are encrypted. Otherwise, there may be a record of the content of your communication on some third party's server or in an archival database.

Avoid storing your data with third parties when you can. The records you store with others receive much less legal protection than those you store yourself.

Use file encryption where possible if you do choose to store data with an online service.

If you are using email or voicemail, delete the copies stored by your communications provider as soon as you download or listen to them.

Learn how to hide your identity online and minimize the information that online services log about you by learning how to configure your browser and use anonymizing technologies like Tor.

Powerful new communications technologies carry with them powerful risks to the privacy and security of your communications. Learn to defend yourself!

Legal disclaimer: This guide is for informational purposes only and does not constitute legal advice. EFF's aim is to provide a general description of the legal and technical issues surrounding you or your organization's computer and communications security, and different factual situations and different legal jurisdictions will result in different answers to a number of questions. Therefore, please do not act on this legal information alone; if you have any specific legal problems, issues, or questions, seek a complete review of your situation with a lawyer licensed to practice in your jurisdiction.

Links to Wikipdia: Malware, Privacy, Surveillance, Uberveillance

More articles about Uberveillance

More articles about Privacy

Suveilance Selfdefence Project « EFF [part 2]

2009-03-17T18:01:00.000-07:00

From EFF.org

Electronic Eavesdropping is Legally Hard for the Government, But Technically Easy

As you learned in the last section, wiretapping is legally difficult for the government: it must obtain a hard-to-get intercept order or "super-warrant" from a court, subject to strict oversight and variety of strong privacy protections. However, wiretapping is typically very technically easy for the government. For example, practically anyone within range of your laptop's wireless signal, including the government, can intercept your wireless Internet communications. Similarly, practically anyone within range of your cell phone's radio signal, including the government, can — with a few hundred bucks to buy the right equipment — eavesdrop on your cell phone conversations.

As far as communications that travel over telecommunications' companies cables and wires rather than (or in addition to) traveling over the air, the government has very sophisticated wiretapping capabilities. For example, using a nationwide surveillance system called "DCSNet" ("DCS" stands for "Digital Collection System") that is tied into key telecommunications switches across the country, FBI agents can from the comfort of their field offices "go up" on a particular phone line and start intercepting or pen-trap tapping wireline phone calls, cellular phone calls, SMS text messages and push-to-talk communications, or start tracking a cell phone's location, at a moment's notice. The government is believed to have similar capabilities when it comes to Internet communications. The extensive and powerful capabilities of the DCSNet, first uncovered in government documents that EFF obtained in a Freedom of Information Act lawsuit (details at http://www.eff.org/issues/foia/061708CKK), are well-summarized in the Wired.com article "Point, Click...Eavesdrop: How the FBI Wiretap Net Operates".

Using "bugs" to eavesdrop on your oral conversations has also gotten much easier for the government with changes in technology. Most notably, the government now has the technical capability, with the cooperation of your cell phone provider, to convert the microphone on some cell phones or the cell phone in your car's emergency services system into a bug. The government likely also has the ability, with your phone company's help, to open the line on your landline phone and use its microphone as a bug, although we've yet to see any specific cases where such landline phone-based bugging has been used. Finally, the government may even have the capability, using remotely-installed government malware, to turn on the microphone or camera on your computer.

Choosing a Communication Method

Old Ways are Often the Best Ways

Considering the government's broad capability to wiretap communications, there isn't much difference in the technical risk that wiretapping poses to your phone calls versus your emails versus your SMS text messages. However, as described in the last section, there are differences in the legal protections for these modes of communication, and as will be described later in this section, there may be technical steps that you can take — such as encrypting your communications — that may be easier or harder depending on which communications method you choose.

So, when thinking about securing your communications against eavesdropping and wiretapping, your first choice — whether to meet in person, call on the telephone, write an email, or tap out an SMS text or IM message — is also your most important choice. As you'll see below, the least technically sophisticated modes of communication like face-to-face conversations and landline telephone conversations are often the most secure against unwanted eavesdropping, unless you and those you communicate with have mastered how to encrypt your Internet communications.

Face-to-Face Conversations Are the Safest Bet

As shown in the last section, government eavesdropping of your "oral communications" or face-to-face conversations using "bugs" or hidden microphones is very rare: only 20 court orders authorizing oral intercepts were reported in the 2007 wiretap report, compared to 1,998 orders authorizing wiretapping of "wire communications" or voice communications. In other words, you are 100 times more likely to have your phone conversations tapped than to have your face-to-face conversations "bugged".

Not only are your oral conversations at less risk than your phone conversations, but they also receive the same strong legal protections as your phone conversations. Like your phone calls and unlike your non-voice Internet communications, oral communications that are intercepted in violation of the Wiretap Act are subject to that statute's exclusionary rule, and cannot be used against you as evidence in a criminal trial.

Therefore, face-to-face conversations in private are the most secure method of communicating. Deciding whether to talk face-to-face rather than send an email or make a telephone call becomes a traditional security trade-off: is the inconvenience of having to meet face-to-face worth the security gain? Depending on whom you want to talk to and where they are, that inconvenience could be trivial or it could mean a cross-country trip. If the person you want to communicate with is in the same office or just next door, you may want to choose a private conversation even for communications that aren't particularly sensitive. When it comes to your very most sensitive data, though, that cross-country flight might be worth the trade-off.

Just because the risk of oral interception is very low doesn't mean you shouldn't take technical precautions to reduce that risk, particularly when it comes to very sensitive conversations. Therefore, depending on how convenient it is and how sensitive the conversation is — again, it's a trade-off — you may want to have your conversation in a room that does not contain a landline telephone or a computer with a built-in or attached microphone or camera, and either not carry your cell phone or remove its battery (the microphone on some phones can be activated even when the phone is powered down, unless you remove the battery). Even if your conversation isn't especially sensitive, it doesn't hurt to detach external microphones and cameras from your laptop or cover the lens of attached cameras with a small piece of tape when they aren't in use. It's easy to do, and ensures that remote activation of those mics and cameras is one less thing to worry about.

Using the Telephone is Still the Second Safest Bet

If having an oral conversation is simply too great an inconvenience, the second most secure option — unless you've mastered how to encrypt your internet communications — is to use the phone. Even though your phone is statistically more likely to be wiretapped than your Internet communications, the phone is still less risky than unencrypted Internet communications.

This is true for several reasons. First and most important, your phone calls don't generate copies of your communications — once your call is over, the communication disappears forever. Internet communications, on the other hand and as discussed more below, generate copies that make it easier and more likely that someone can find out what you said. The risk of subpoenas to get these copies is much higher than the risk of a phone wiretap. Also, many more potential adversaries have or can gain access to your Internet traffic than to your phone lines.

Also, remember that "wire communications" — that is, voice communications — get more legal protection. If your voice communications are wiretapped in violation of the Wiretap Act, they won't be allowed as evidence; illegally wiretapped Internet communications may still end up in court. That means that investigators have less reason to avoid stretching the law when it comes to your electronic communications.

Speaking generally, just as phone conversations are a safer bet than unencrypted Internet communications, telephone conversations between landline telephones are a safer bet than telephone conversations that involve a cellular telephone.

Most obviously, conversations that involve cellular telephones are technically much easier to tap than your landline phone conversations — anyone who is in range of a cell phone's radio signal can listen in using a few hundred dollars worth of specialized cell phone interception equipment (for more discussion of the security threats posed to mobile devices like cell phones, see the article on mobile devices). If you are concerned that government agents may ignore the law and choose to intercept your phone conversations without a wiretap order, intercepting your cell phone's radio signals would be an effective way for them to secretly do so, particularly considering that they do not need to get the assistance of the cell phone provider and that their radio-based interception wouldn't leave any physical trace.

Cell phone conversations may also be more vulnerable legally — some courts have held that communications using cordless telephones are not protected by the Fourth Amendment, finding that there is no reasonable expectation of privacy in the radio signal sent between the cordless handset and the base station. The government may similarly consider the radio signal sent between your cell phone and the cell phone company's cell tower to be unprotected by the Fourth Amendment.

Privacy tip: Avoiding phone tap paranoiaContrary to popular belief, modern phone wiretaps used by the government don't make any noise — no clicks, no hisses, no static, nothing. Don't worry that the government is monitoring you if you happen to hear some unexplained noise on the phone line. You wouldn't believe how often we're told, "I think I'm being wiretapped — I keep hearing clicks!"

What About Phone Calls Using the Internet?

Your "wire communications" or voice communications are subject to stronger legal protections than your other communications, regardless of what communications medium you use. So, for example, whether government agents intercept your landline telephone call, your cellular telephone call, or a telephone call made over the Internet, the Wiretap Act's exclusionary rule will prevent them from using that information as evidence against you in a criminal trial if they didn't get a wiretap order first. In contrast, the statute wouldn't prevent the government from using illegally intercepted "electronic communications" like text messages or emails as evidence.

Therefore, you may want to consider using Voice-over-IP (VoIP) services, which allow you to send live voice communications — basically, phone calls — over the Internet. VoIP may be more private than regular calls for one big reason: it's easier to encrypt your conversation, as encrypting regular phone calls is very difficult and expensive. Unfortunately, there isn't any obviously effective and trustworthy option for encrypted VoIP that we can recommend at the moment. See our article on VoIP for futher details.

Learn to Encrypt Your Internet Communications

Always remember that anyone with access to a wire or a computer carrying your communications, or within range of your wireless signal, can intercept your Internet communications with cheap and readily available equipment and software. Lawyers call this wiretapping, while Internet techies call it "packet sniffing" or "traffic sniffing". The only way to protect your Internet communications against wiretapping by the government or anyone else is by using encryption. Of course, it is true that most encryption systems can be broken with enough effort. However, breaking modern encryption systems usually requires that an adversary find a mistake in the way that the encryption was engineered or used. This often requires large amounts of effort and expense, and means that encryption is usually a critically significant defensive measure even when it isn't totally impregnable.

Encryption, unfortunately, isn't always easy to use, so as in other cases, your decision of whether to use it will pose a trade-off: is the inconvenience of using the encryption worth the security benefit?

The occasional inconvenience posed by some encryption systems is counter-balanced by the fact that encryption will protect you against much more than overzealous law enforcement agents. Your Internet communications are vulnerable to a wide range of governmental and private adversaries in addition to law enforcement, whether it's the National Security Agency or a hacker trying to intercept your credit card number, and encryption will help you defend against those adversaries as well.

Also, as described in later sections, encrypting your communications not only protects against wiretapping but can also protect your communications while they are stored with your communications provider. So, for example, even if the government is able to seize your emails from your provider, it won't be able to read them.

Considering all the benefits of encryption, we think that it's usually worth the trade-off, although as always, your mileage may vary depending on your tolerance for inconvience and on how serious you judge the threat of wiretapping to be. In some cases, using encryption may not be inconvenient at all. For example, the OTR encryption system for IM is extremely easy to set up and use; there's little reason not to give it a try. Check out the following articles to learn more about how you can use encryption to protect your internet communications against wiretapping, as well as against traffic analysis using pen-trap taps.

Wi-Fi. Using encryption is especially critical when transmitting your Internet communications over the air using Wi-Fi, since pretty much anyone else in the area that has a wireless-enabled laptop can easily intercept your radio signals. This article will explain how to encrypt the radio signals sent between your laptop and a wireless access point.

Virtual Private Networks (VPNs). Virtual Private Networks or "VPNs" are a potent encryption tool allowing you to "tunnel" communications securely over the Internet.

Web browsers. Some of your web communications can be encrypted to protect against traffic sniffing. Take a look at this article to learn more about HTTPS, the most common web encryption standard, as well as other browser security and privacy tips.

Email and IM. There are a number of poweful tools available for encrypting your emails and your IM messages; take a look at these articles to learn more.

Tor. Tor is free, powerful, encryption-based anonymizing software that offers one of the few methods of defending yourself against traffic analysis using pen-trap taps, and also provides some protection against wiretapping. Visit this article for all the details.

Defend Yourself Against Cell Phone Tracking

As described earlier, the government can use information transmitted by your cellular telephone to track its location in real-time, whether based on what cell phone towers your cell phone is communicating with, or by using the GPS chip included in most cell phones.

Many courts have required the government to obtain a warrant before conducting this type of surveillance, often thanks to briefing by EFF. (For more information on our work in this area, visit EFF's cell tracking page.) However, many other courts have been happy to routinely authorize cell phone tracking without probable cause.

Even more worrisome, the government has the capability to track cell phones without the cell phone provider's assistance using a mobile tracking technology code-named "triggerfish". This technology raises the possibility that the government might bypass the courts altogether. Even if the government does seek a court order before using "triggerfish," though, it will only need to get an easy-to-get pen-trap order rather than a wiretap order based on probable cause.

Put simply, cell phone location tracking is an incredibly powerful surveillance technology that is currently subject to weak technical and legal protections.

Unfortunately, if you want to use your cell phone at all, avoiding the threat of this kind of real-time tracking is nearly impossible. That's because the government can track your cell phone whenever it's on, even if you aren't making a call. The government can even track some cell phones when they are powered down, unless you have also removed the battery. So, once again, there is a security trade-off: the only way to eliminate the risk of location tracking is to leave the cell phone at home, or remove the battery.

For more information about the privacy risks posed by cell phones, take a look at our article on mobile devices. You may also want to take a look at the advice offered by MobileActive.org in its Primer on Mobile Surveillance.

Summing Up

What You Need to Know

Due to a combination of legal and technical factors, face-to-face conversations and conversations using landline telephones are more secure against government wiretapping than cell phone or Internet communications. Cell phone conversations are more vulnerable both technically and legally, while SMS text messaging appears for now to be very insecure both technically and legally. Cell phones also create the risk of location tracking, and the only way to eliminate that risk entirely is to not carry a cell phone or to remove the battery.

When it comes to Internet communications, using encryption is the only way to defend against wiretapping, whether by the government or anyone else.

When it comes to pen/trap taps, on the other hand, most encryption products won't protect the types of information that the government can get. That information needs to be transmitted in the clear so computers can direct it to the proper recipient. Only anonymizing tools like Tor will protect you from traffic analysis via pen/trap tap.

Information Stored By Third Parties

Third parties — like your phone company, your Internet service provider, the web sites you visit and interact with or the search engine that you use — regularly collect a great deal of sensitive information about how you use the phone system and the Internet, such as information about who you're calling, who's emailing or IMing you, what web pages you're reading, what you're searching for online, and more. In addition to those records being compiled about you, there's also data that you choose to store with third parties, like the voicemails you store with you cell phone company or the emails you store with your email provider. In this section, we'll talk about the legal rules that govern when and how law enforcement agents can obtain this kind of information stored by and with third parties. We'll then outline steps that you can take to reduce that risk, by learning how to reduce the amount of information collected about you by third parties, minimize the amount of data you choose to store with third parties, or replace plainly readable data with encrypted versions for storage with third parties.

Some Records Only Require a Subpoena

Basic Subscriber Information Held by Your Communications Providers Is Available With Just a Subpoena

With a subpoena, the government can obtain from your communications providers what is often called "basic subscriber information." Sometimes, the subpoena will specifically name a person whose information is being sought; other times the government will ask for information regarding a particular phone number, Internet username, email address, or IP address. With such a subpoena, the government can (only) get your:

Name.

Address.

The length of time you've used that phone or Internet company, along with service start date and the types of services you use.

Phone records. They can get your telephone number, as well as local and long distance telephone connection records — those are records identifying all the phone numbers you've called or have called you, and the time and length of each call.

Internet records. They can get the times you signed on and off of the service, the length of each session, and the IP address that the ISP assigned to you for each session.

Information on how you pay your bill, including any credit card or bank account number the ISP or phone company has on file.

The government can get this information with no notice to you at all, and can also get a court order forcing your service provider not to tell you or anyone else.

Other Records Require a Court Order

Other Communications Records Held by Your Communications Providers Require a Court Order

In order to get a communications provider to turn over other records beyond basic subscriber information, the government either has to get a search warrant or a special court order. Sometimes called "D" orders, since they are authorized in subsection (d) of section 2703 of the Stored Communications Act, these court orders are much easier to get than search warrants but harder to get than subpoenas. The government can get this information with no notice to you at all, and can also get a court order forcing your service provider not to tell you or anyone else.

In addition to basic subscriber information, your ISP or email provider may maintain records or "logs" of:

The email addresses of people you send emails to and receive emails from, the time each email is sent and received, and the size of each email

The IP addresses of other computers on the Internet that you communicate with, when you communicated with them, and how much data was exchanged

The web addresses of the web pages that you visit

Which, if any, of the above are logged varies, depending on your particular ISP or email provider's privacy policies and resources. However, just about every ISP will log IP addresses and log-on/off times, and keep those logs for at least a few months.

Cellular phone companies may also keep records of which cell tower your phone communicated with when you were making calls. These cell site tower records can help pinpoint your physical location at points in the past, and are increasingly the target of law enforcement investigations. And although some courts have required the government to obtain a warrant based on probable cause before obtaining these records, the government's usual practice is to get such records based on the much lower "D" Order standard.

Not All Records are Protected

Records Collected by Search Engines and Other Web Sites May Not Be Protected

In addition to the logs kept by your communications providers, there are also logs kept by the Web sites that you visit. For example, the Apache web server is currently the most widely used web server on the Internet. In its default configuration, it logs the following information about each request it receives from a web browser:

requesting host name/IP address

username of requester (rarely present)

time of request

first line of request (indicating requested page, plus some parameters)

success or failure of request

size of response in bytes

the previous page viewed by requester (if any)

the name and version of the web browser used

However, the server could potentially be configured to log anything you or your browser tells it, in addition to the above.

The Stored Communications Act clearly protects records held by companies that offer the public the ability to send and receive communications — phone companies, ISPs, webmail providers, IM providers, bulletin board sites, etc. However, it does not necessarily protect logs held by web sites that don't offer communications service, which is most of them.

This is particularly worrisome when it comes to search engines. The government's position is that logs kept by search engines are not protected by the Stored Communications Act at all. Considering that these logs can often be linked back to you — either by your IP address or "cookies," or, if you've registered with other services offered by the search engine, by the information you entered when registering — this potential gap in legal protection represents a serious privacy threat.

Some Content Receives Stronger Protection

Emails, Voicemails, and Other Communications Content Stored by Your Communications Providers Receive Stronger Protection

Compared to the relatively weak protection for non-content records, the law gives some extra protection to communications content that you have stored with (or that is otherwise stored by) communications service providers like your phone company, your ISP, or an email provider like Gmail or Hotmail. Your communications providers cannot disclose your stored communications to the government unless the government satisfies the requirements described below; nor can they disclose your stored communications to anyone other than the government without your permission. There is one notable exception, though, for serious emergencies: if the provider believes in good faith that not immediately disclosing the communications could lead to someone’s death or serious injury, they can give them to the government.

Note, however, that these restrictions on the disclosure of your communications only apply to communications providers that offer their services to the public. Even more worrisome, the government doesn’t consider businesses or schools and universities that offer their employees and students service to be offering services to the public, and therefore considers them unprotected by the Stored Communications Act. That means they could get communications from those entities with only a subpoena, and maybe even just a polite request if your employee agreement or your school's privacy policy allows it.

Privacy tip: Use communications providers that serve the public!Don’t let some friend with a mail server in his basement handle your email service unless he is very trustworthy — unlike a regular ISP or public web-mail service, there are no legal restrictions on who your friend shares your emails with.

The Stored Communications Act strongly protects communications that have been in 'electronic storage' for 180 days or less, but the government has a very narrow reading of what 'electronic storage' means in the statute. The government doesn't consider already-read or opened incoming communications to be in electronic storage (for example, emails in your inbox that you've already looked at, or voicemails in your voicemail account that you've saved after listening). Nor does the government consider messages in your sent box or messages in your drafts box to be in 'electronic storage.' Under the government's view, here's how your communications are treated under the law:

New unopened communications: If the email or voice-mail messages are unopened or unlistened to, and have been in storage for 180 days or less, the police must get a search warrant. However, you are not notified of the search.

Opened or old communications: If you have opened the stored email or voice-mail messages, or they are unopened and have been stored for more than 180 days, the government can use a special court order — the same “D” orders discussed — or a subpoena to demand your communications. Either way, the government has to give you notice (although, like with sneak & peek search warrants, that notice can sometimes be delayed for a substantial time, and as far as we can tell almost always is delayed). However, the police may still choose to use a search warrant instead of a D order or subpoena, so they don’t have to give you notice at all.

Notably, the Ninth Circuit Court of Appeals has disagreed with the government's reading of the law, finding that communications are in electronic storage even after they are opened — meaning that the government needs a warrant to obtain opened messages in storage for 180 days or less.

Privacy tip: Use communications providers based in CaliforniaCommunications providers in states that are in the Ninth Circuit, such as California, are bound by Ninth Circuit law and therefore are very resistant to providing the government with opened emails that are 180 days old or less without a warrant.

In sum, although the law sometimes requires the government to get a warrant before accessing communications you’ve stored with your communication provider, it doesn’t always. For this reason, storing your communications on your own computer is preferable — the government will almost always need a warrant if it wants to seize and search the files on your computer.

What Can I Do To Protect Myself?

In the last section, you learned that wiretapping and pen-trap tapping are powerful and routine government surveillance techniques, and got an idea of how often those techniques are legally used. In this section, you'll learn how to defend yourself against such real-time communications surveillance. As we'll describe in detail below, unless you take specific technical measures to protect your communications against wiretapping or traffic analysis — such as using encryption to scramble your messages — your best defense is to use the communications methods that possess the strongest and clearest legal protections: postal mail and landline telephones.

Legal disclaimer: This guide is for informational purposes only and does not constitute legal advice. EFF's aim is to provide a general description of the legal and technical issues surrounding you or your organization's computer and communications security, and different factual situations and different legal jurisdictions will result in different answers to a number of questions. Therefore, please do not act on this legal information alone; if you have any specific legal problems, issues, or questions, seek a complete review of your situation with a lawyer licensed to practice in your jurisdiction.

Links to Wikipdia: Malware, Privacy, Surveillance, Uberveillance

More articles about Uberveillance

More articles about Privacy

Suveilance Selfdefence Project « EFF [part 1]

2009-03-17T17:04:00.000-07:00

From EFF.org

The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.

Surveillance Self-Defense (SSD) exists to answer two main questions: What can the government legally do to spy on your computer data and communications? And what can you legally do to protect yourself against such spying?

After an introductory discussion of how you should think about making security decisions — it's all about risk management — we'll be answering those two questions for three types of data:

First, we're going to talk about the threat to the data stored on your computer posed by searches and seizures by law enforcement, as well as subpoenas demanding your records.

Second, we're going to talk about the threat to your data on the wire — that is, your data as it's being transmitted — posed by wiretapping and other real-time surveillance of your telephone and Internet communications by law enforcement.

Third, we're going to describe the information about you that is stored by third parties like your phone company and your Internet service provider, and how law enforcement officials can get it.

In each of these three sections, we're going to give you practical advice about how to protect your private data against law enforcement agents.

In a fourth section, we'll also provide some basic information about the U.S. government's expanded legal authority when it comes to foreign intelligence and terrorism investigations.

Finally, we've collected several articles about specific defensive technologies that you can use to protect your privacy, which are linked to from the other sections or can be accessed individually. So, for example, if you're only looking for information about how to securely delete your files, or how to use encryption to protect the privacy of your emails or instant messages, you can just directly visit that article.

Risk Management

Security Means Making Trade-Offs to Manage Risks

Security isn't having the strongest lock or the best anti-virus software — security is about making trade-offs to manage risk, something we do in many contexts throughout the day. When you consider crossing the street in the middle of the block rather than at a cross-walk, you are making a security trade-off: you consider the threat of getting run over versus the trouble of walking to the corner, and assess the risk of that threat happening by looking for oncoming cars. Your bodily safety is the asset you're trying to protect. How high is the risk of getting run over and are you in such a rush that you're willing to tolerate it, even though the threat is to your most valuable asset?

That's a security decision. Not so hard, is it? It's just the language that takes getting used to. Security professionals use four distinct but interrelated concepts when considering security decisions: assets, threats, risks and adversaries.

Assets

What You Are Protecting

An asset is something you value and want to protect. Anything of value can be an asset, but in the context of this discussion most of the assets in question are information. Examples are you or your organization's emails, instant messages, data files and web site, as well as the computers holding all of that information.

Threats

What You Are Protecting Against

A threat is something bad that can happen to an asset. Security professionals divide the various ways threats can hurt your data assets into six sub-areas that must be balanced against each other:

Confidentiality is keeping assets or knowledge about assets away from unauthorized parties.

Integrity is keeping assets undamaged and unaltered.

Availability is the assurance that assets are available to parties authorized to use them.

Consistency is when assets behave and work as expected, all the time.

Control is the regulation of access to assets.

Audit is the ability to verify that assets are secure.

Threats can be classified based on which types of security they threaten. For example, someone trying to read your email (the asset) without permission threatens its confidentiality and your control over it. If, on the other hand, an adversary wants to destroy your email or prevent you from getting it, the adversary is threatening the email's integrity and availability. Using encryption, as described later in this guide, you can protect against several of these threats. Encryption not only protects the confidentiality of your email by scrambling it into a form that only you or your intended recipient can descramble, but also allows you to audit the emails — that is, check and see that the person claiming to be the sender is actually that person, or confirm that the email wasn't changed between the sender and you to ensure that you've maintained the email's integrity and your control over it.

Risk

The Likelihood of a Threat Actually Occuring

Risk is the likelihood that a particular threat against a particular asset will actually come to pass, and how damaged the asset would be. There is a crucial distinction between threats and risks: threats are the bad things that can happen to assets, but risk is the likelihood that specific threats will occur. For instance, there is a threat that your building will collapse, but the risk that it will really happen is far greater in San Francisco (where earthquakes are common) than in Minneapolis (where they are not).

People often over-estimate and thus over-react to the risk of unlikely threats because they are rare enough that the worst incidents are well publicized or interesting in their unusualness. Similarly, they under-estimate and under-react to more common risks. The most clichéd example is driving versus flying. Another example: when we talk to individuals about government privacy intrusions, they are often concerned about wiretapping or searches, but most people are much more at risk from less dramatic measures, like subpoenas demanding records from you or your email provider. That is why we so strongly recommend good data practices — if it's private, don't give it to others to hold and don't store it, but if you do store it, protect it — while also covering more unusual circumstances, like what to do when the police show up at your door or seize your laptop.

Evaluating risk is necessarily a subjective process; not everyone has the same priorities or views threats in the same way. Many people find certain threats unacceptable no matter what the risk, because the mere presence of the threat at any likelihood is not worth the cost. In other cases, people disregard high risks because they don't view the threat as a problem. In a military context, for example, it might be preferable for an asset to be destroyed than for it to fall into enemy hands. Conversely, in many civilian contexts, it's more important for an asset such as email service to be available than confidential.

In his book Beyond Fear, security expert Bruce Schneier identifies five critical questions about risk that you should ask when assessing proposed security solutions:

What assets are you trying to protect?

What are the risks to those assets?

How well does the security solution mitigate those risks?

What other risks does the security solution cause?

What costs and trade-offs does the security solution impose?

Security is the art of balancing the value of the asset you are trying to protect against the costs of providing protection against particular risks. Practical security requires you to realistically judge the actual risk of a threat in order to decide which security precautions may be worth using to protect an asset, and which precautions are absolutely necessary.

In this sense, protecting your security is a game of tradeoffs. Consider the lock on your front door. What kind of lock — or locks — should you invest in, or should you lock the door at all? The assets are invaluable — the privacy of your home and control over the things inside. The threat level is very high — you could be financially wiped out, and all of your most valuable and private information exposed, if someone broke in. The critical question then becomes: how serious is the risk of someone breaking in? If the risk is low, you probably won't want to invest much money in a lock; if the risk is high, you'll want to get the best locks that you can.

Adversaries

Who Poses a Threat?

A critical part of assessing risk and deciding on security solutions is knowing who or what your adversary is. An adversary, in security-speak, is any person or entity that poses a threat against an asset. Different adversaries pose different threats to different assets with different risks; different adversaries will demand different solutions.

For example, if you want to protect your house from a random burglar, your lock just needs to be better than your neighbors', or your porch better lit, so that the burglar will choose the other house. If your adversary is the government, though, money spent on a better lock than your neighbors' would be wasted — if the government is investigating you and wants to search your house, it won't matter how well your security compares to your neighbors. You would instead be better off spending your time and money on other security measures, like encrypting your valuable information so that if it's seized, the government can't read it.

Here are some examples of the kinds of adversaries that may pose a threat to your digital privacy and security:

U.S. government agents that follow laws which limit their activities

U.S. government agents that are willing and able to operate without legal restrictions

Foreign governments

Civil litigants who have filed or intend to file a lawsuit against you

Companies that store or otherwise have access to your data

Individual employees who work for those companies

Hackers or organized criminals who randomly break into your computer, or the computers of companies that store your data

Hackers or organized criminals that specifically target your computer or the computers of the companies that store your data

Stalkers, private investigators or other private parties who want to eavesdrop on your communications or obtain access to your machines

This guide focuses on defending against threats from the first adversary — government agents that follow the law — but the information herein should also provide some help in defending against the others.

Putting it All Together

Which Threats from Which Adversaries Pose the Highest Risk to Your Assets?

Putting these concepts together, you need to evaluate which threats to your assets from which adversaries pose the most risk, and then decide how to manage the risk. Intelligently trading off risks and costs is the essence of security. How much is it worth to you to manage the risk? For example, you may recognize that government adversaries pose a threat to your webmail account, because of their ability to secretly subpoena its contents. If you consider that threat from that adversary to be a high risk, you may choose not to store your email messages with the webmail company, and instead store it on your own computer. If you consider it a low risk, you may decide to leave your email with the webmail company — trading security for the convenience of being able to access your email from any internet-connected computer. Or, if you think it’s an intermediate risk, you may leave your email with the webmail company but tolerate the inconvenience of using encryption to protect the confidentiality of your most sensitive emails. In the end, it’s up to you to decide which trade-offs you are willing to make to help secure your assets.

A Few Parting Lessons

Now that we've covered the critical concepts, here are a few more basic lessons in security-think that you should consider before reading the rest of this guide:

Knowledge is Power. Good security decisions can't be made without good information. Your security tradeoffs are only as good as the information you have about the value of your assets, the severity of the threats from different adversaries to those assets, and the risk of those attacks actually happening. We're going to try to give you the knowledge you need to identify the threats to your computer and communications security that are posed by the government, and judge the risk against possible security measures.

The Weakest Link. Think about assets as components of the system in which they are used. The security of the asset depends on the strength of all the components in the system. The old adage that "a chain is only as strong as its weakest link" applies to security, too: The system as a whole is only as strong as the weakest component. For example, the best door lock is of no use if you have cheap window latches. Encrypting your email so it won't get intercepted in transit won't protect the confidentiality of that email if you store an unencrypted copy on your laptop and your laptop is stolen.

Simpler is Safer and Easier. It is generally most cost-effective and most important to protect the weakest component of the system in which an asset is used. Since the weak components are much easier to identify and understand in simple systems, you should strive to reduce the number and complexity of components in your information systems. A small number of components will also serve to reduce the number of interactions between components, which is another source of complexity, cost, and risk.

More Expensive Doesn't Mean More Secure. Don't assume that the most expensive security solution is the best, especially if it takes away resources needed elsewhere. Low-cost measures like shredding trash before leaving it on the curb can give you lots of bang for your security buck.

There is No Perfect Security — It's Always a Trade-Off. Set security policies that are reasonable for your organization, for the risks you face, and for the implementation steps your group can and will take. A perfect security policy on paper won't work if it's too difficult to follow day-to-day.

What's Secure Today May Not Be Secure Tomorrow. It is also crucially important to continually re-evaluate the security of your assets. Just because they were secure last year or last week doesn't mean they're still secure!

Data Stored on Your Computer

Search, Seizure and Subpoenas

In this section, you'll learn about how the law protects — or doesn't protect — the data that you store on your own computer, and under what circumstances law enforcement agents can search or seize your computer or use a subpoena to demand that you turn over your data. You'll also learn how to protect yourself in case the government does attempt to search, seize, or subpoena your data, with a focus on learning how to minimize the data that you store and use encryption to protect what you do store.

Data on the Wire

Electronic Surveillance and Communications Privacy

In this section, you'll learn about what the government can do — technically and legally — when it wants to conduct real-time surveillance of your communications, whether by planting a "bug" to eavesdrop on your face-to-face conversations, "wiretapping" the content of your phone calls and Internet communications, or using "pen registers" and "trap and trace devices" to track who you communicate with and when. We'll also discuss what steps you can take to defend against this kind of surveillance, with a focus on how to use encryption to protect the privacy of your communications.

What Can the Government Do?

When the government wants to record or monitor your private communications as they happen, it has three basic options, all of which we'll cover in-depth: it can install a hidden microphone or "bug" to eavesdrop on your conversation; it can install a "wiretap" to capture the content of your phone or Internet communications as they happen; or it can install a "pen register" and a "trap and trace device" to capture dialing and routing information indicating who you communicate with and when. In this section, we'll lay out the legal rules for when the government can conduct these types of surveillance, and look at some statistics to help you gauge the risk of having your communications targeted.

Wiretapping

Wiretapping By The Government is Strictly Regulated

When it comes to secretly eavesdropping on your conversations — whether you're talking in private or public, on the phone or face to face, by email or by instant messenger — no one's got better funding, equipment or experience than the government. They are capable of "bugging" you by using tiny hidden microphones that they've installed in your home, office, or anywhere else that you have private conversations. They can also bug you from long distances or through windows using high-powered microphones, or even laser microphones that can hear what you say by sensing the vibrations of your voice on the window's glass. They can put a "wire" or a small hidden microphone on an informant or undercover police officer to record their conversations with other people. Or they can conduct a "wiretap," where they tap into your phone or computer communications.

Use of these investigative techniques is regulated by very strong laws that protect the privacy of your communications against any eavesdropper, including law enforcement, and we'll describe those below. (Another set of laws regulating surveillance for foreign intelligence and national security purposes will be discussed later.)

However, it's important to note at the outset that the government has been known to break these laws and spy on communications without going to a judge first, usually in the name of national security. Indeed, as was first revealed in December 2005, since 9/11 the National Security Agency (NSA) has been conducting a massive and illegal program to wiretap the phone calls and emails of millions of ordinary Americans without warrants, hoping to discover terrorists by sifting through the mounds of data using computers (for more details, see EFF's NSA Spying page and the Beyond FISA section of this guide).

One might hope that the information collected as part of the NSA's dragnet surveillance will only be used against real terrorists, but there's no guarantee, particularly when there's no court oversight. And we don't have any hard data about how the NSA actually uses that information, with whom it is shared, or how long it is stored. So, although communications that have been illegally wiretapped by the NSA are unlikely to be used against you in a criminal trial — the Fourth Amendment's exclusionary rule would likely disallow it — there's no knowing whether it might be used against you in the future in some other way.

Therefore, regardless of the strengths of the laws described below, you should consider wiretapping to be a high risk, unless and until the NSA program is stopped by Congressional action or a successful lawsuit. EFF is currently suing the government and the individual officials responsible for the NSA program (see http://www.eff.org/cases/jewel), as well as AT&T, one of the companies assisting in the illegal surveillance (see http://www.eff.org/nsa/hepting), to try and stop the surveillance.

Wiretapping Law Protections

Wiretapping Law Protects "Oral," "Wire," and "Electronic" Communications Against "Interception"

Before 1967, the Fourth Amendment didn't require police to get a warrant to tap conversations occurring over phone company lines. But that year, in two key decisions (including the Katz case), the Supreme Court made clear that eavesdropping — bugging private conversations or wiretapping phone lines — counted as a search that required a warrant. Congress and the states took the hint and passed updated laws reflecting the court's decision and providing procedures for getting a warrant for eavesdropping.

The federal wiretap statute, originally passed in 1968 and sometimes called "Title III" or the Wiretap Act, requires the police to get a wiretap order — often called a "super-warrant" because it is even harder to get than a regular search warrant — before they monitor or record your communications. One reason the Fourth Amendment and the statute give us more protection against government eavesdropping than against physical searches is because eavesdropping violates not only the targets' privacy, but the privacy of every other person that they communicate with.

The Supreme Court has also said that since eavesdropping violates so many individuals' privacy, the police should only be allowed to bug or wiretap when investigating very serious crimes. So, the Wiretap Act contains enumerated offenses — that is, a list of crimes — that are the only ones that can be investigated with a wiretap order. Unfortunately, Congress has added so many crimes to that list in the past 30 years that now practically any federal felony can justify a wiretap order.

The Wiretap Act requires the police to get a wiretap order whenever they want to "intercept" an "oral communication," an "electronic communication," or a "wire communication." Interception of those communications is commonly called electronic surveillance.

An oral communication is your typical face-to-face, in-person talking. A communication qualifies as an oral communication that is protected by the statute (and the Fourth Amendment) if it is uttered when you have a reasonable expectation that your conversation won't be recorded. So, if the police want to install a microphone or a "bug" in your house or office (or stick one outside of a closed phone booth, like in the Katz case), they have to get a wiretap order. The government may also attempt to use your own microphones against you — for example, by obtaining your phone company's cooperation to turn on your cell phone's microphone and eavesdrop on nearby conversations.

A wire communication is any voice communication that is transmitted, whether over the phone company's wires, a cellular network, or the Internet. You don't need to have a reasonable expectation of privacy for the statute to protect you, although radio broadcasts and other communications that can be received by the public are not protected. If the government wants to tap any of your phone calls — landline, cellphone, or Internet-based — it has to get a wiretap order.

An electronic communication is any transmitted communication that isn't a voice communication. So, that includes all of your non-voice Internet and cellular phone activities like email, instant messaging, texting and websurfing. It also covers faxes and messages sent with digital pagers. Like with wire communications, you don't need to have a reasonable expectation of privacy in your electronic communications for them to be protected by the statute.

Privacy tip: Voice communications have more legal protection.Under the Wiretap Act, although a wiretap order is needed to intercept your email and other electronic communications, only your oral and wire communications — that is, voice communications — are covered by the statute's exclusionary rule. So, for example, if your phone calls are illegally intercepted, that evidence can't be introduced against you in a criminal trial, but the statute won't prevent the introduction of illegally intercepted emails and text messages.

An interception is any acquisition of the contents of any oral, wire, or electronic communication using any mechanical or electronic device — for example, using a microphone or a tape recorder to intercept your oral communications, or using computer software or hardware to monitor your Internet and phone communications. Wiretap law does not protect you from government eavesdroppers that are just using their ears.

Although the government may get a super-warrant to "intercept" your communications, it is not allowed to prevent your communications from occurring. For example, the government can't prevent your calls from being connected, block your emails and their attachments, or otherwise interfere with your communications based on an intercept order. In fact, if their goal is to gather intelligence on you by tapping your communications, it will not be in their best interest to interfere in your communications and possibly tip you off to their surveillance, which might prompt you to use another communications method that may be more difficult to tap.

According to the Wiretap Act, it's a crime for anyone that is not a party to a communication — anyone that isn't one of the people talking, listening, writing, reading, or otherwise participating in the communication — to intercept the communication, unless at least one of the parties to the communication has previously consented to (agreed to) the interception. Many state wiretap laws require all parties to consent, but those laws control state and local police, not the feds. If the police want to intercept an oral, wire, or electronic communication to which they are not a party and for which they have no consent, they have to get a wiretap order. Of course, an undercover police officer or informant that is talking to you while wearing a wire is a party to the conversation and has consented to the interception.

Privacy tip: Wiretapping and public websites, newsletters, and message boardsThe police do not need to get a wiretap order to read your organization's website, sign up for your email newsletter, visit your public MySpace or Facebook profile or pose as a member in an Internet chat room. Since those are all open to the public, you're allowing the police to become a party to those communications.

Getting a Court Order Authorizing a Wiretap

It Isn't Easy

The requirements for getting a wiretap order from a judge are very strict. The Wiretap Act (and similar state statutes) requires law enforcement to submit a lengthy application that contains a full and complete statement of facts about (1) the crime that has been, is being, or is about to be committed and (2) the place, like your house or office, and/or the communications facilities, like those of your phone company or ISP, from which the communications are to be intercepted. The government must also submit a particular description of (3) the communications sought to be intercepted and (4) the identity of the persons committing the crime (if known) and of the persons whose communications are to be intercepted. Finally, the government must offer 5) a full and complete statement of whether other investigative procedures have been tried and have failed or why they appear unlikely to succeed or are too dangerous, (6) a full and complete statement of the period of time for which the interception is to be maintained, and (7) a full and complete statement about all previous wiretap applications concerning any of the same persons, facilities, or places.

The court can then issue the wiretap order only if it finds probable cause to believe that (1) a person is committing an enumerated offense (one of the crimes listed in the Wiretap Act); (2) communications concerning that crime will be obtained through the interception; and (3) the facilities from which the communications are to be intercepted are being used in connection with the commission of the offense. The court must also find that normal investigative techniques have failed, appear unlikely to succeed, or would be too dangerous.

The wiretap order, if issued, will almost always require the cooperation of some other person for it to be carried out. For example, the police can make your landlord let them into your apartment to install a bug, or, more often, force your ISP or phone company to help them intercept your phone or Internet communications. The wiretap order will include a "gag order" prohibiting anyone who cooperated with the police from telling you — or anyone else — about the wiretap.

It's important to note that when it comes to tapping your Internet or phone communications, third parties like your ISP or your phone company can act as an important check on police abuse. In general, the police need their cooperation, and most will not cooperate unless there is a valid wiretap order requiring them to (otherwise, they could be violating the law themselves). However, as AT&T and other companies' cooperation in the NSA's illegal wiretapping shows, these companies can never be a perfect check against government abuse, particularly when the government cites national security as its goal.

Although law enforcement can intercept your communications without your knowledge, they generally have to tell you about it when they are done. A wiretap order initially lasts for 30 days, and investigators can obtain additional 30-day renewals from the court if they need more time. But after the interception is completed and the wiretap order expires, an inventory must be issued to the person(s) named in the wiretap order and, as the judge may require, to other persons whose communications were intercepted.

How Big is The Risk?

A wiretap is an incredibly powerful surveillance tool. A single wiretap can invade the privacy of dozens or even hundreds of people. Fortunately, wiretaps in criminal investigations are pretty rare. Here are some numbers to keep in mind when calculating the risk of government wiretaps to you or your organization, according to the 2007 Wiretap Report to Congress from the Administrative Office of U.S. Courts:

In 2007, according to the report, 2,208 applications for wiretap orders were submitted to state and federal courts. 457 were in federal cases, the rest state. The courts granted every application, and of the 2,208 authorized wiretaps, 2,119 of them were installed.

Although it may appear that the number of federal wiretaps has been steadily dropping since 2004, in contrast to the sharp rise in state wiretaps, the truth is much more troubling. According to the latest report, the U.S. Department of Justice has in recent years declined to provide information about all of its wiretap activity for the report, in order to protect "sensitive and/or sealed" information. The Department of Justice admits that if it did provide all of that information, however, the 2007 report "would not reflect any decrease in the use of court-approved electronic surveillance" by U.S. agencies. So, the feds aren't wiretapping any less — they're just being even more secretive about it — and presumably the number of federal wiretaps is growing at the same rate as the state number.

On average, according to the report, each installed wiretap intercepted over 3,000 separate communications.

On average, according to the report, each installed wiretap intercepted the communications of 94 different people. In other words, the 2,119 installed wiretaps reported in 2007 intercepted the communications of nearly two hundred thousand people!

"Roving" wiretap orders are especially powerful. Instead of being limited to particular phone lines or Internet accounts, these orders allow the police to tap any phone or computer that the suspect uses, even if it isn't specified in the order itself. In 2007, 21 roving wiretap orders were reported by state authorities, mostly in narcotics cases. The federal authorities didn't report any roving wiretaps, but that doesn't mean they didn't use them; the Department of Justice likely thinks all of its roving wiretaps were in cases too "sensitive" to warrant reporting.

Over 80% of all reported wiretap orders in 2007 were issued in drug investigations.Wiretap orders by crime:

Nearly 95% of the 2,119 wiretap installations reported in 2007 were for the interception of wire communications — that is, taps on phones — rather than for interception of electronic communications. It's doubtful that the federal authorities have been fully forthcoming on this point — they reported only one (!) wiretap of electronic communications and only three wiretaps that collected a combination of wire and electronic communications — but it's clear that telephone wiretaps are still much more prevalent than Internet wiretaps. One major reason for this is that the government has another way of getting at your Internet communications, under less strict legal requirements: by obtaining stored copies of your communications from your ISP or your email provider, as described in the next section, Information Stored By Third Parties. Oral intercepts — through the bugging of your home or car or office, for example — are also quite rare. You're more likely to have your oral conversations intercepted by an undercover agent or informant wearing a hidden microphone, since such conduct does not require a wiretap order.Wiretaps by type of communication intercepted:

In conclusion, although the annual Wiretap Report is no longer as useful a gauge as it once was due to the Department of Justice's recent withholding of information, it's still clear that unless you're suspected of dealing drugs (or targeted for foreign intelligence surveillance), the chances of you or your organization's phone lines being tapped are fairly low, and the chances of your Internet communications being tapped are even lower. But remember, you don't have to be a suspect to end up having your communications intercepted. So, for example, if your organization serves a client population arguably connected to criminal activity, or if you personally associate with "shady characters," your risk goes up.

"Pen Registers" and "Trap and Trace Devices"

Less Powerful Than a Wiretap But With Much Weaker Privacy Safeguards

There's a particular type of communications surveillance that we haven't discussed yet and that's not included in the above numbers: surveillance using pen registers and/or trap & trace devices ("pen/trap taps"). Pen registers record the phone numbers that you call, while trap & trace devices record the numbers that call you. The Supreme Court decided in 1979, in the case of Smith v. Maryland, that because you knowingly expose phone numbers to the phone company when you dial them (you are voluntarily handing over the number so the phone company will connect you, and you know that the numbers you call may be monitored for billing purposes), the Fourth Amendment doesn't protect the privacy of those numbers against pen/trap surveillance by the government. The contents of your telephone conversation are protected, but not the dialing information.

Luckily, Congress decided to give us a little more privacy than the Supreme Court did — but not much more — by passing the Pen Register Statute to regulate the use of "pen/trap" devices. Under that statute, the police do have to go to court for permission to conduct a pen/trap tap and get your dialing information, but the standard for getting a pen/trap order is much lower than the probable cause standard used for normal wiretaps. The police don't even have to state any facts as part of the Electronic Communications Privacy Act of 1986 — they just need to certify to the court that they think the dialing information would be relevant to their investigation. If they do so, the judge must issue the pen/trap order (which lasts for sixty days rather than a wiretap order's thirty days). Also, unlike normal wiretaps, the police aren't required to report back to the court about what they intercepted, and aren't required to notify the targets of the surveillance when it has ended.

With a pen/trap tap on your phone, the police can intercept:

The phone numbers you call

The phone numbers that call you

The time each call is made

Whether the call was connected, or went to voicemail

The length of each call

Most worrisome, we've heard some reports of the government using pen/trap taps to intercept content that should require a wiretap order: specifically, the content of SMS text messages, as well as "post-cut-through dialed digits" (digits you dial after your call is connected, like your banking PIN number, your prescription refill numbers, or your vote for American Idol).

That information is revealing enough on its own. But pen/traps aren't just for phones anymore — thanks the USA PATRIOT Act, the government can now use pen/trap orders to intercept information about your Internet communications as well. By serving a pen/trap order on your ISP or email provider, the police can get:

All email header information other than the subject line, including the email addresses of the people to whom you send email, the email addresses of people that send to you, the time each email is sent or received, and the size of each email that is sent or received.

Your IP (Internet Protocol) address and the IP address of other computers on the Internet that you exchange information with, with timestamp and size information.

The communications ports and protocols used, which can be used to determine what types of communications you are sending using what types of applications.

Although we don't think the statute allows it, the police might also use pen/trap taps to get the URLs (web addresses) of every website you visit, allowing them to track what you are reading when you surf the web. The Department of Justice's apparent policy on this score is to collect information about what site you are visiting — e.g., "www.eff.org" — using pen/trap taps, but to obtain a wiretap order before collecting information about what particular page or file you are visiting — e.g., "www.eff.org/nsa". However, there's no way to confirm that federal authorities actually follow this policy in all cases, and serious doubt as to whether state authorities do.

(If you are confused by terms like "IP addresses" and "communications ports and protocols", you may want to take a quick look at our very basic explanation of how the Internet works.)

Pen/trap taps enable what the security experts call traffic analysis. That's when an attacker tries to discover information about an asset by analyzing how it moves. For example, if your organization is working with another organization and you need to keep the relationship confidential, traffic analysis of your Internet communications could reveal the connection and show who you emailed, who you instant messaged with, what web sites you visited, and what online forums you posted to. It could also show when those communications occurred and how big they were.

For the government, the usual goal of a pen/trap tap is to identify who you are communicating with and when. In particular, individuals can often be identified based on the IP address assigned to their computer. IP addresses are generally allotted in batches, semi-permanently, to institutions such as universities, Internet service providers (ISPs), and businesses. Depending how the institution distributes its IP address allotment, it may be more or less difficult to link specific computers, and users, to certain IP addresses. It is often surprisingly easy. ISPs often keep detailed logs about IP address allotment, and as we'll discuss later, those logs are easy for the government to get using a subpoena. Similarly, if the government is collecting email addresses with a pen/trap, it's easy for them to go to the email provider and subpoena the identity of the person who registered that address.

Another purpose of pen/trap taps is to access information about your cell phone's location in real-time. When your handset is powered on, it connects to nearby cell towers to signal its proximity, so that the towers can rapidly route a call when it comes through. Law enforcement can use pen/trap devices to monitor these connections, or "pings", to pinpoint the physical location of the handset, sometimes within a few meters. And although Congress has made clear that pen/trap orders alone cannot be used to authorize this sort of location surveillance, it hasn't yet clarified what type of court order would suffice. So, although many courts have chosen to require warrants for location tracking, others have not, and the government has routinely been able to get court authorization for such tracking without probable cause.

As already noted, court authorization for a pen/trap tap is much easier to get than a wiretap order. We don't know how many pen/trap orders get issued every year — unfortunately, there is no annual report on pen/trap surveillance like there is for wiretapping — but we have heard unofficial numbers that reach into the many tens of thousands. Therefore, the risk of being subjected to pen/trap surveillance is higher than the risk of being wiretapped.

Google and net neutrality by Daniël Verhoeven

2009-02-22T15:47:00.000-08:00

Permalink

Author: Daniël Verhoeven, 22 feb 2009

Avant-propos: finding information on the web NOT using Google or any other search engine

A fortnight ago I planned to write an article about Google and contextual information search, the opposite of full text search (Google, Altavista, Yahoo search...). I started to collect information NOT using Google. I found out that one of my best friends in Belgium, Wim VDB - saw him on the birthday party of Francis - had made a small critical posting about Google privacy: 'Zoekmachines en uw Privacy'. When browsing his blog I stumbled on an article of Geert Lovink, I knew Geert a long time ago as a writer in Hactic... I wanted to reconnect. Using the tag http://wordpress.com/tag/geert-lovink, I found an article of him on Weizenbaum and Google search. Weizenbaum is a shared reference, one of the first well grounded critics of the information age. Since Weizenbauw was himself one of the architects of computer technology, he knows what he is talking about. Geert's article was a tribute to Weizenbaum and also a kind of Google bashing. This article linked to another article in Eurozine this one from Daniel Leisegan, Das Google-Imperium and to Siva Vaidhyanathan's huge project:

The Googlization of Everything: http://www.googlizationofeverything.com/. 379 postings until now.

Using the tag Google on the German Wordpress domain, http://de.wordpress.com/tag/google/, I found more articles and again a complete blog dedicated to Google watching: 'Google is watching you! "Don't be evil" ? - Pah..'. Because I want to assist to HAR2009 I landed on Karin Spaink's Blog, who had also written a few articles about Google and privacy. I like Tony Curson Price writings, I follow his articles on OpenDemocracy (I get them in my mail). He has written 'Google's Attention Deficit Disorder' and in his series the Liberty of the networked', Google is analysed and discredited in a broader context. I also discovered there is a site of Google Watchers: http://www.google-watch.org/. Somebody linked, I think it was Wim, to an article on Cnet: Debunking Google's log anonymization propaganda... And of course it didn't stop there, I didn't mention yet Pit Schultz, Nicolas Carr, several articles I found on Libertés Internets, Slash Dot nor tag search using Technorati.

I found all this critical articles about Google NOT using Google at all, but using a contextual search for information about my subject, defining contextual search as looking in places, reading and consulting people that I had figgered out to be critical about Google.

Of course I also dived in the resources used, weaving a coherent network of related and associated retrieval. For the writers I mentioned , referencing is self-evident, thus finding resources was a peace of cake. The path to all these resources is transparent and meaningful. It's not about bits and bytes, but about well formed statements and anlysis, mostly based on a lot of research. I landed where I wanted to land, without having to throw away the typical search engine garbage that's returned. It's like asking a librarian: "I'm looking for... but do not find the exact division... to look for in the catalogue. The librarian in the dull library revives, is happy somebody is requiring his expertise, he loves books, he likes to help and to chatter a little, he shows me: 'You had to look here..' and there it is.". Of course I also know something about my subject and I have a circle of friends and acquaintances that have the same interests and know more... this helps.

There is also another important surplus for these findings, since I know most of the people who have written these articles, I know their background and a lot of their past, I also know I can rely on the information they offer and I know how I must interpret things. I know Geert is exaggerating sometimes... wanting to shock people, but his bottom-line is OK, and so on. I can contextualise almost completely the information I found. This is reliable info, there is no hidden agenda and nobody owes Google something. This is no bullshit.

I also consulted the opposition. In an email discussion with another friend Gert, who is/was a Google fan, but switched 180 degrees when I reported him that the MOS of his Mobile, Google's Android has a security flaw, I could collect a lot of information too. After he realised that he was defending a system he didn't want to defend - he is very scrupulous about digital security, doesn't want to work on MS Windows for instance, because it's not safe and it's clumsy and ugly - he started to collect prove and information against Google for me... Expert information. All information I can use to write my article.

But now I have another problem. I have so much information, enough to write a book about the flaws and hegemony of Google, but I have no time to write a book though I would like to, but Google is not my main subject, contextual search is, Google is only related to it. But meanwhile also most of my friends know I'm preparing an article about Google, I have to write something and I have to keep my standards high. They will not accept chewed old stuff neither a messy sketch. So, I've changed my plan, I'm going to make it a series, now and then a short episode, with some original material but of course relying on all the good stuff they delivered. This way my time management isn't put upside down. It's always a hack. So I discharged myself of a structured approach but not from being coherent. But what can I do better than take over the approach of Siva Vaidhyanathan in preparing his book:

"The book will answer three key questions: What does the world look like through the lens of Google?; How is Google's ubiquity affecting the production and dissemination of knowledge?; and how has the corporation altered the rules and practices that govern other companies, institutions, and states?"

I will try to find answers on these questions in my series, of course more diffracted, and also with a small angle shift. Since my relation to Google critics is research on 'contextual search', and the first peer group of my research is aged between 15 and 25 yrs old, and I am a computer pedagogue having kids myself, the pedagogic view will have more stress. My stand is clear. Google is a disease, an addiction, a money machine that could implement contextual search, combine it with full text search, but refuses to do so because this would throw sand in its own money machinery. In real life, people search always contextual. If you want to buy a bread, you do not go to the pharmacy, but to the bakery. When looking for a text using full text search, you go nowhere and everywhere at the same time. That's how full text search works when you can not define the domain you are searching in.

All blog postings are XHTML. XHTML, is now the standard for web pages. These webpages contain meta-information about the content domain, topic etc. A lot of older pages also contain keywords discribing the domain, topic of a page. This meta information could be extracted and added to the text-database allowing users of a search engine do define beforehand in which contextual domain they are looking, thus reducing the irrelevant results significantly.

Blogplatforms propagate this meta-information. That way you can do a contextual search using tags within the blogplatform, but also outside the platform using Technorati. I do not say it's simple, but it is feasible, and of course a lot of texts containing no, or false meta-information should become second rang, superflouos garbage. This would aslo be a radical but efficient way to counter the pagerank manipulating idiots, something Google claims it is doing all the time. But I doubt about their perseverence. If they are doing it, the result is never stable and it is almost invisible.

For a blogger Google has become completely superfluous. When looking to the referrer statistics of 2bloggen only 10,86% of the hits arrive on the blog through Google Search, all the rest is contextual. Google is almost completely useless. So Google bashing will be the generic tendency of all episodes. The first article is undermining the so called 'net neutrality' of Google, a public demand Google once supported, but isn't practicing any longer itself.

Google the lapdog of authoritarian regimes?

Source Watch discribes 'net neutrality' this way:

"...the guiding principle that preserves the free and open Internet. Net neutrality ensures that all users can access the content or run the applications and devices of their choice. With net neutrality, the network's only job is to move data - not choose which data to privilege with higher quality service."

Net neutrality is an important issue in the US. In 2008 a coalition of organisations and individuals started a campaign to saveguard the free and open Internet. Put simply, Net Neutrality means no discrimination. Net Neutrality prevents Internet providers from blocking, speeding up or slowing down Web content based on its source, ownership or destination. Some very important organisations support the campaing, like:

Consumers Union
American Library Association
National Coalition of Women's Organizations
Parents Television Council
Consumer Federation of America
Office of Communication of the United Church of Christ, Inc.
Public Knowledge
Common Cause
Christian Coalition of America
Democracy for America
Electronic Retailing Association
American Civil Liberties Union
and many others.

Also Obama and a lot of politicians worry about 'net neutrality'. Let us quote from the 'Net Neutrality Blog':

"President Barack Obama signed an economic stimulus bill with $7.2 billion to get fast, affordable, neutral Internet to the nearly half of American homes that don't have it.

Net Neutrality was written into the DNA of the broadband stimulus. The plan requires that those who build Internet networks (using the nearly $4.7 billion in NTIA grants provided by the bill) adhere to the nondiscrimination and openness principles at the core of Net Neutrality.

Obama himself pledged to "take a back seat to no one" in his commitment to Net Neutrality. And the administration's technology policies now posted on the White House Web site list Net Neutrality as the top priority.

Obama's all-but-certain pick to head the FCC, Julius Genachowski, was one of the principal architects of the president's pro-Net Neutrality platform."

See for more detailed information also a text of FreePress.

Who wants to get rid of 'Net Neutrality'? As to the faq of the campaign site:

"The nation's largest telephone and cable companies -- including AT&T, Verizon, Comcast and Time Warner -- want to be Internet gatekeepers, deciding which Web sites go fast or slow and which won't load at all."

This is also an European threat as you can read in: Who wants Net Discrimination in Europe?

But it's not Google's matter apparently, or it isn't any longer. Google supported 'Net Neutrality' thus far. They had too. A search engine that wants to favour certain content, looses his impartiality. Who would still want to use a biased search engine? But America wouldn't be America and Google is meanwhile one of the biggest American corporations, if they were not hypocritical about this[1]. We all know that Google blocks a lot of sites in China since 2006, especially sites about Tibet, the Dalai Lama and the Falun Gong. See Sites Google Agreed to Censor in China. In 2001 Human Rights Watch still congatulated Google for not wanting to give free sensitive Informationn to the Chinese Government, while Yahoo and MSN didn't have a moral problem helping to put Chinese dissidents in jail. Source watch gives more examples of Google's censorship and the following case is also very clear.

Everybody knows Google Earth where you can see Sharp pictures of any spot on the Globe. The two pictures beneath have both been taken by the Google satellite. The first picture has disappeared meanwhile for reasons we will explain.

Photo of secret CIA base in Baluchistan, Pakistan 2006

Photo of secret CIA base in in Baluchistan, Pakistan 2009

On the First picture you can see 'Drones', used by the CIA to bomb the frontier area of Pakistan with Afghanistan. The Information Clearing House knows exactly what kind of planes you see:

"The MQ1 Predator carries two laser-guided Hellfire missiles, and can fly for up to 454 miles, at speed of up to 135mph, and at altitudes of up to 25,000ft, according to the US Air Force website www.af.mil"

The Information Clearing House also mentions that several governments have asked to remove such pictures. They have accused Google also of giving free military secrets. The argument often used is that Iraqui insurgents possessed detailed pictures of UK military bases when arrested.

We do not know and will probably never know why Google has removed the picture but we know the reason is not military security, but pure political considerations.

As to the Washingon Post some 30 attacks from the air were deployed on Pakistani territory using unmanned aeroplanes ascending from a secret CIA base in Pakistan, Baluchistan. The Taliban does not have aeroplanes to revenge these attacks, so knowing where these planes lift-off is not useful information for them. But there is another problem. The Pakistani do not like the US military. Pervez Musharraf is a servile ally of the US, because in exchange his government receives a billion dollar support.

But now and then there are elections in Pakistan, it is some kind of democracy. Pervez Musharraf is one of the candidates of the elections to be held this year in Pakistan. The Washington Post expected Musharraf to stop his support for the raids on Pakistani territory using a Pakistani airbase. If the Pakistani newspapers would print pictures of these secret airbase, it would excite many Pakistani and Musharraf would be considered as a traitor of his own people and therefore not being reelected. So. I think this is a clear cut case of political influence resulting in Google censorship. Google's Net Neutrality is circumstantial. You can not rely on it.

[1] Google is also confronting the anti-trust law. See Slashdot | Obama Anti-Trust Chief on Google the Monopoly Threat and Obama anti-trust chief: Google is a monopoly threat, not Microsoft. The US has one of the best anti-trust laws, but did only use it against MS when it was far to late... The Google story, I'm afraid will not be different. Also Europe reacts flabbily against the quasi advertising monopoly of Google on the Net.

More on Net Neutrlity

How the net-neutrality debate crossed the pond (UK)

More articles about Net Neutrlity

More articles about Google Watch

More articles about Context Awareness

Links to Wikipedia: Context Awareness, Net Neutrality, Content Filtering, Google Watch