Entries in Privacy (10)


Facebook and State Attorneys General Team Up to Educate Teens and Parents about Privacy 

Peter Foley/Bloomberg via Getty Images(NEW YORK) -- While some reports indicate that teen Facebook use is on the decline, Facebook along with the National Association of Attorneys General are about to become laser focused on educating that younger demographic and their parents about privacy on the social networking community.

On April 15, Doug Gansler, the National Association of Attorneys General (NAAG) president and Maryland's attorney general, plans to announce that the two groups will work together in the coming months to educate teens and their parents about Facebook safety and privacy through a number of different informational webpages and videos.

"There are more and more parents now who understand Facebook and how it works and how their children are using it, but don't necessarily understand the privacy settings and how they work," Gansler told ABC News in an interview.

The education will begin through the launch of a few different educational web tools, he said. A Facebook and NAGG "Safety and Privacy on Facebook" page on the social network will feature information on privacy settings, best practices and a tip sheet on how to set up privacy controls.

The page will also include "Ask the Safety Team" videos, in which members of Facebook's safety team answer questions about privacy, bullying and safety. It will also include a basic primer video explaining what Facebook is and how to use it.

In addition to those, state attorneys general Facebook pages will feature state-specific public service announcements and videos, in which participating attorneys general and Facebook COO Sheryl Sandberg will offer tips. Gansler will appear in Maryland's video, which will be released on Tuesday.

While teens might not frequent those attorneys general sites or Facebook pages, Gansler said he is hoping their parents will, and said he is also relying on Facebook's advertising of the pages to get the word out. Facebook confirmed that over the next year, it would advertise those state-specific video PSAs to parents, teens, and families in participating states on Facebook.

"This program is designed to provide teens with tools and tips to manage their privacy and visibility on Facebook and across the internet," Sandberg said in a statement provided to ABC News. "We're grateful for Maryland Attorney General Doug Gansler's leadership on this issue, and we look forward to working with him and attorneys generals around the country."

Gansler will just be the first attorney general to work with Facebook; more than a dozen other attorneys general will share the new pages and videos with their constituents through their web and Facebook pages.

Sandberg is meeting privately today with Gansler and the other participating attorneys general in National Harbor, Md., to discuss the program. Sandberg, who recently released Lean In, a best-selling book about women in the workforce, has been extremely involved in the project.

While Gansler will formally announce the project Monday, the PSAs won't start popping up until Tuesday. Gansler's version for Maryland will appear on his official Facebook page and on his website. Other participating states, which have not yet been revealed, will also have the videos and information on their respective Facebook pages.

Gansler said that although Facebook is still the "800-pound gorilla," he is aware of the data that shows that the younger set is beginning to move to other messaging services and social networks.

"Five years ago it was MySpace. The attorneys general got involved with MySpace and we addressed the sexual predator issues on the site," Gansler said. "While there is some movement [away from Facebook] into other places, and we are aware of that, we are going to make sure we are involved in those as well. We will move along with the trends towards the next thing in a regulatory capacity."

Copyright 2013 ABC News Radio


Lawsuit: Gmail, Yahoo Email Invade Privacy, Even Non-Users'

iStockphoto/Thinkstock(NEW YORK) -- By now most of us have accepted a fact of the digital age: If, say, we write the word "eyeglasses" in the body of an email, advertisements for LensCrafters and Armani specs will most likely pop up on our computer screens soon.  We may not like it, but we understand that we trade privacy for the convenience of modern technology.

But some California residents have decided to take a stand against it, and have filed two class action lawsuits against Google and Yahoo in Marin County Superior Court.  The suits, filed on June 12 and June 28, claim that the web giants illegally intercept emails sent from individual non-Gmail and non-Yahoo subscribers to individual Gmail and Yahoo subscribers, without their knowledge, consent or permission.  What's more, they say the interception takes place before the email reaches its intended target.

"We began the investigation quite some time ago when a client came to us," said F. Jerome Tapley, a lawyer in Birmingham, Ala., who represents the plaintiffs.  "They noticed that the ads within their email browser were strangely correlating to the incoming email they were getting from their friends.  It creeps people out."

In the suit, Stuart Diamond, of Marin County; David Sutton, also of Marin County; and Roland Williams of Sonoma County -- none of whom have personal Google or Yahoo email accounts, but have sent emails to people who do -- allege that Google and Yahoo are violating the California Invasion of Privacy Act (CIPA), which prohibits anyone from wiretapping or eavesdropping on emails without the consent, knowledge and permission of all parties.

"The invasion of privacy by wiretapping or, in the alternative, eavesdropping, caused by Google and Yahoo's! continual and pervasive use of such devices seriously threatens the exercise of personal liberties," the lawyers write.

The suit, which is for unspecified financial damages, was filed on behalf of all residents of California who are not Google or Yahoo email subscribers but have sent emails to people who are. 

Yahoo did not respond to requests for comment, but in an email statement, a Google spokesperson said, "We're not going to comment on the ongoing litigation.  But to be clear, ad targeting in Gmail is fully automated, and no humans read users' emails or Google account information in order to show advertisements."

Copyright 2012 ABC News Radio


Demanding Facebook Passwords May Break Law, Say Senators

Peter Foley/Bloomberg via Getty Images(NEW YORK) -- It's become standard practice for employers and schools to peruse potential applicants' Facebook profiles. But in some cases, they are going even further: Some have demanded applicants hand over their passwords so they can view individuals' restricted profiles.

Job applicants have reported situations in which employers, potential employers, or colleges have asked for Facebook passwords so they can inspect people's profiles.

"It's an invasion of privacy for private employers to insist on looking at people's private Facebook pages as a condition of employment or consideration in an application process," said Catherine Crump, an American Civil Liberties Union attorney, on the ACLU's website. "People are entitled to their private lives."

Other privacy groups have expressed similar opinions and even Facebook's own privacy officer, Erin Egan, weighed in.

"In recent months, we've seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people's Facebook profiles or private information," Facebook's Egan said.

"This practice undermines the privacy expectations and the security of both the user and the user's friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability."

And the legal issue has brought government officials, including a number of senators, to fight this practice. Monday, New York Senator Charles Schumer and Connecticut Senator Richard Blumenthal asked the U.S. Department of Justice to investigate if the practice violates federal laws.

Schumer and Blumenthal said in their letter that they are "drafting legislation that would fill any gaps in federal law that allow employers to require personal login information from prospective employees to be considered for a job."

Maryland Senator Ronald Young has already been fighting that fight in his home state. After hearing that an applicant at the Department of Corrections in Maryland had to sit and watch his employer go through his Facebook page and that student-athletes were being forced to share their Facebook logins with schools, Young drafted a Social Media Privacy bill.

"I put in two pieces of legislation to stop these practices. It is an infringement on constitutional rights," Sen. Young told ABC News. "Lots of these organizations don't realize they are asking the same thing as monitoring a phone call or reading your personal mail." Some schools require students to download social media monitoring software, like UDilidence and Varsity Monitor, which can access their password-protected content.

The legislation, which was submitted last year, has passed the Maryland State Senate; it is now in the House.

However, even without this legislation, what many of these employers and universities are doing could be illegal. Since employers may be exposed to private information such as age, national origin, race, they could be violating the Stored Communications and Computer Fraud and Abuse acts.

Bradley Shear, a social media lawyer and expert in the field, also mentions that if they are a public institution they could be violating the First, Fourth, and Fifth Amendments.

Still, Shear said, updated legislation is needed to solve this problem.

"Until someone says no, you can't do it, they are going to do it -- that's why the legislation is important. This legislation is needed on a state and a national level. It's that simple."

Copyright 2012 ABC News Radio


Children's Apps Need Privacy Policing, Says FTC

Tooga/The Image Bank(WASHINGTON) -- It's been a heck of a week when it comes to app security issues.

Just after Congress took issue with Apple on its address book and app privacy issues, the Federal Trade Commission has issued a report pushing Apple and Google to better police the security in applications for children.

"Companies that operate in the mobile marketplace provide great benefits, but they must step up to the plate and provide easily accessible, basic information, so that parents can make informed decisions about the apps their kids use," FTC Chairman Jon Leibowitz said in a statement.

"Right now, it is almost impossible to figure out which apps collect data and what they do with it. The kids app ecosystem needs to wake up, and we want to work collaboratively with industry to help ensure parents have the information they need," he added.

The 23-page report calls the current privacy disclosures "dis app ointing" (yes, "app" is italicized in the report), and after looking at hundreds of children's apps, including learning and gaming options, the report recommends that the app stores, developers and third parties improve how and what information is provided to parents about the app.

It goes on to suggest concrete ideas of how that can be done:  "App developers should provide this information through simple and short disclosures or icons that are easy to find and understand on the small screen of a mobile device."

The full report can be read here.

Apple already responded to similar security concerns earlier in the week with a statement detailing that it would be taking steps to be more transparent about what personal information is being accessed or stored by applications.

"We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release," Apple wrote.

Apple did not have any further comment in response to the FTC report focusing on children's apps.

Google, on the other hand, has promised to review the report. "We are reviewing the FTC's report," Google spokesperson Randall Sarafa told ABC News. "From the beginning, Android has had an industry-leading permission system, which informs consumers what data an app can access and requires user approval before installation. Additionally, we offer parental controls and best practices for developers to follow when designing apps that handle user data."

Still, as the FTC points out numerous times in the report, the biggest issue is the transparency and understanding of those privacy permissions. Android and iPhone/iPad apps do not have an in-your-face alert that allows parents to know exactly what the privacy policy is and if data could be accessed on the device.

When you download a popular children's game like Angry Birds on the iPhone, it simply provides the link to the privacy policy on the company's website.

On an Android device, there is a helpful list of permissions (location, etc.), but the disclosures are fairly buried and do not always include what the app does with the access. Rovio, the developer of the popular game, did not respond for comment.

A company like Duck Duck Moose, which develops apps like Wheels on the Bus and Itsy Bitsy Spider, does not collect any information from users.

"We do not ask users to provide any information and we do not collect any information about users, their devices or usage of our mobile applications," Caroline Hu Flexer, the co-founder of the company told ABC News. However, while that policy is listed on its website, it is buried in the applications. Hu Flexer said the company would appreciate more flexiblity in the app store to display privacy policies.

Michael Kaiser, executive director of the National Cyber Security Alliance, is calling for the same thing.

"Anything that developers can do to make privacy controls and permission settings more prominent and easier to navigate is helpful to parents and to users in general," he said.

Copyright 2012 ABC News Radio


Google Changes Raising Privacy Concerns

JOHANNES EISELE/AFP/Getty Images(MOUNTAIN VIEW, Calif.) -- In just over a month, Google will roll out sweeping new changes to its privacy polices and terms of service that will link user data across its e-mail, video and social-networking services -- a move that has some privacy watchdogs worried.

Starting on March 1, when people sign up for Google, they'll be signing up for and agreeing to all of its products -- Gmail, YouTube, Google+, etc. -- which will all be covered under one new privacy policy.

"Our new Privacy Policy makes clear that, if you’re signed in, we may combine information you've provided from one service with information from other services.  In short, we’ll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience," Google explained in a blog entry Tuesday.

The changes will also allow the online search engine to follow users' activities across of its platforms.  Google says the adjustments will enable it to improve the services it provides.

Alan Simpson, the vice president of the group Policy for Common Sense Media, isn't a fan of the move and thinks users should have the ability to opt out.

"It's tracking across a lot of different platforms and combining a lot of different things that we do.  It's a challenging area because its new technology and its hard to follow how we're being tracked," Simpson said.

He added, "These companies can and should do a better job of enabling us as consumers, and especially parents of kids to protect their privacy and their personal information.  And to make the choices they see fit."

Copyright 2012 ABC News Radio


Facebook Sued for Allegedly Tracking Users after They've Logged Off

Justin Sullivan/Getty Images(OXFORD, Miss.) -- A Mississippi woman has sued Facebook in federal court, accusing the social network of violating federal wiretap laws to track her online activity, even when she wasn't logged onto the site.

Facebook denies the allegations, but it has conceded in the past that it inadvertently tracked users through so-called cookies -- small files a website sends to your computer when you visit.  It has said it fixed the problem before the Mississippi suit was filed.

"Leading up to September 23, 2011, Facebook tracked, collected, and stored its users' wire or electronic communications, including but not limited to portions of their Internet browsing history even when the users were not logged-in to Facebook," reads the complaint by Brooke Rutledge of Lafayette County, Miss.  "Plaintiff did not give consent or otherwise authorize Facebook to intercept, track, collect, and store her wire or electronic communications, including but not limited to her Internet browsing history when not logged-in to Facebook."

It is not the first lawsuit of its kind -- there are suits in Kansas, Kentucky and Louisiana -- and Facebook is not the only large company to be accused of violating visitors' privacy.  But the issue has spread since Facebook's CEO Mark Zuckerberg introduced the site's new Timeline and Ticker features in September.

"All your stories, all your apps, a new way to express who you are," Zuckerberg said at the introduction.

Facebook sent ABC News a one-line statement in response to the suit: "We believe this complaint is without merit and we will fight it vigorously"

Copyright 2911 ABC News Radio


New Facebook Facial Recognition Feature Brings More Concerns

NICHOLAS KAMM/AFP/Getty Images(PALO ALTO, Calif.) -- Facebook is facing a new wave of concerns over privacy protection after launching its latest feature, which allows users to identify their friends automatically in photos without their permission.

The photo tagging tool, called Tag Suggestions, was put into place in December, but it was listed as unavailable until recently.

Here's how it works: When a user uploads new photos to his or her Facebook profile, the new feature then scans them with facial recognition software to match the people in the photos with other photos in which they might have been previously tagged.

The feature also offers "group tagging," which allows users to type in a person's name and "apply it to multiple photos of the same person," according to Facebook's blog post on the subject.

The problem is that users can do this without their friend's permission.

Facebook said on its blog Tuesday that it has been rolling out the Tag Suggestions feature over the course of several months.  While it was originally just available in the United States, they also said it is now activated in several countries, which has already caused some headaches. reported that a group of European Union data-protection regulators announced Wednesday they have launched a probe into the new feature, which was enabled as an active default setting, to see if it violated any privacy rules.

Graham Cluley, a senior technology consultant for Sophos, a British Internet security firm, called the new feature "creepy" and said that one of Facebook's biggest offenses was not telling its users this feature was being launched, as well as not explaining to them how to opt out of it.

Cluley said the potential danger with this feature is your Facebook friends can upload any photo and tag it with your name, and Facebook doesn't give you the option to pre-approve your name being attached to that photo.

Another concern with Facebook gathering this data, Cluley said, is what the company might do with it five or 10 years down the road.

"Maybe in the future [Facebook] will sell this information to third parties," he said.  "There's so much information we've already given away willingly to Facebook.  They have slowly eroded away our control over that data."

Facebook has issued instructions as to how to disable the feature.

Copyright 2011 ABC News Radio


Senate Considers Privacy 'Bill of Rights' to Protect Consumers

Comstock/Thinkstock(WASHINGTON) -- U.S. consumer privacy laws are, to put it bluntly, a mess.  We have sectoral laws that provide different protections for financial information, cable and phone subscriber records, health privacy and yes, video rentals.

But we are the only country in the Organisation for Economic Co-operation and Development except for Turkey that fails to provide baseline protections for consumer data that is collected online and offline.

Every day, our personal data are scattered across the Internet and beyond to advertisers, social network sites, data brokers, direct marketers and the myriad of companies we do business with.  And our privacy laws simply haven't moved in step with the way our capacity to collect, process and share our personal information.

The Federal Trade Commission has pushed about as far as it can with its limited power to go after bad guys for unfair or deceptive practices, but that case-by-case focus on instances where companies deceive consumers is just not enough.  Companies simply hide behind ponderous and undecipherable privacy policies that do nothing to protect privacy, written by lawyers who are looking out for their companies -- not you.

But we might make progress yet.  A recently introduced a bill from Senators John Kerry (D-Mass.) and John McCain (R-Ariz.) would create for the first time a commercial privacy "Bill of Rights."  It is the first comprehensive privacy bill in the Senate in more than a decade.

The bill would require basic Fair Information Practice Principles for all companies that collect personal data both online and offline.  In practice, this means you get clearer, more timely and understandable notice when your information is collected.

Companies will have to tell you exactly what they are planning to do with your information, collect only what they need to accomplish that purpose and only hold on to your data as long as they need it for the stated purpose.  You will be able to opt out of third party advertising and that opt-out needs to be global and persistent over time.

Security rules will be strengthened, as will the right of consumers to access the information that a company holds about you.  If it's wrong, you can fix it.  Both the FTC and State Attorneys General would have power to enforce the new law and impose significant civil penalties for violations, up to $6 million in civil fines.

The bill also has a requirement that companies engage in "Privacy by Design," which means they have to have internal processes in place to consider how to protect privacy as a product or service is first developed.

Finally, in order to make sure that these high level obligations can be tailored to different industries, the bill encourages companies to collaborate with consumer groups and others to develop industry-specific codes that incorporate and build upon the law's requirements.  It is then up to the FTC to review those codes and approve the ones that pass muster.

Copyright 2011 ABC News Radio


Facebook Suspends Data-Sharing Feature over Privacy Concerns

Photo Courtesy - Getty Images(PALO ALTO, Calif.) -- Facebook has announced that it will temporarily suspend a feature that provides members' addresses and phone numbers to external websites and applications.

The social network implemented the feature only a few days ago but plans to reinstate it after changing the way the site asks for permission. The new feature had stirred the concerns of privacy advocates.

Copyright 2011 ABC News Radio


Facebook Has Another Privacy Scandal on Its Hands

Photo Courtesy - Facebook(NEW YORK) -- Facebook has acknowledged a problem with its site that reveals your name and the names of your Facebook friends to some advertisers, and potentially tracks the websites you visit online.

The Wall Street Journal tore apart the code in Facebook to determine what identifying user information was being forwarded to third-party applications such as Farmville, Mafia Wars and some of the quizzes people take.  These are all add-on apps on which a user has to click to access Facebook, not features such as photos or videos.

The Journal found that in 25 instances the third-party app companies were taking in users' Facebook identification numbers.  The number then tied into a user's profile and could identify the person by name, no matter how secure his or her privacy settings were.

The companies tracking you could then build a clear profile of your habits.  If they used other Internet tracking technology to keep a record of the websites you visit and then married that to your name, this would be a clear violation of Facebook's policies, which has consumer groups up in arms.

"In general, what's going to happen here is targeting of ads," said Kurt Opsahl, senior staff attorney at the Electronic Frontier Foundation, a nonprofit, nonpartisan organization working to protect fundamental civil liberties.  "The advertiser will be able to know a little bit more about you and target ads based on that knowledge.

"But the real question comes, where does it stop? If it goes to one company who then transfers it to another company, does that third company then transfer it further on? You lose control of where the information goes.

"And, on some level, if this information goes out beyond the advertising networks and becomes available to other, perhaps more nefarious users, they could use that information for identity theft or for targeting phishing attacks or targeting virus attacks," he said.

Copyright 2010 ABC News Radio

ABC News Radio