House of Representatives votes 215-205 to do away with Broadband Privacy, allow ISPs to sell your private internet history

House of Representatives votes 215-205 to do away with Broadband Privacy, allow ISPs to sell your private internet history
By Caleb Chen

“The ayes have it.” Broadband Privacy has been dealt a blow in Congress with the recent repeal of online privacy protections by the FCC with a 215-205 vote. FCC. Since the online privacy protections were voted in by the FCC in 2016, ISPs and their lobbying organizationshave been donating and posturing hard to dismantle Internet privacy and bring us to this vote. The CTIA, a telecom lobbying organization, even went so far as to submit a filing claiming that web browsing history and app data usage shouldn’t be considered as “sensitive information.” This appears to be the true sentiment about your online privacy – that it isn’t private and isn’t sensitive and therefore deserves no protections.

Edit: a previous post misrepresented the vote as 232-184. The final vote count is now correct.

Broadband Privacy protections voted down by Congress

After According to GovTrack, after only one hour of debate and no allowance for amendments, S.J. Res 34 passed through the House of Representatives with a majority vote of 215-205 (231-189) along party lines. President Trump has signaled that he supports S.J.Res 34 and will sign it. 34.

Opposition to the vote has been fierce. Representative Mike Pocan, vice chair of the Congressional Progressive Caucus, said:

“Considering how much access providers already have to highly sensitive data, it is absolutely unacceptable for them to monetize personal information.”

Now, Americans will have no online privacy from their ISPs unless they take matters into their own hand. Rick Falkvinge, Head of Privacy at Private Internet Access, commented:

“Privacy isn’t a luxury privilege. It’s not even primarily an individual right. It’s first and foremost a collective necessity, for without it, we punish the freethinkers, the divergents, and the breakers of consensus: those we call entrepreneurs and trailblazers. Without it, our society stops dead, gray, and dull.”

Like this article? Get notified by emailwhen there is a new article or signup to receive the latest news in the fight for Privacy via the Online Privacy News RSS Feed.

The post House of Representatives votes 215-205 to 231-189 do away with Broadband Privacy, allow ISPs to sell your private internet history appeared first on Privacy Online News.

March 28, 2017 at 10:15PM
via Privacy Online News

VPN Searches Soar as Congress Votes to Repeal Broadband Privacy Rules

VPN Searches Soar as Congress Votes to Repeal Broadband Privacy Rules
By Andy

In a blow to privacy advocates across the United States, the House of Representatives voted Tuesday to grant Internet service providers permission to sell subscribers’ browsing histories to third parties.

The bill repeals broadband privacy rules adopted last year by the Federal Communications Commission under the Obama administration, which required ISPs to obtain consumer consent before using their data for advertising or marketing purposes.

The House of Representatives voted 215-205 in favor of overturning the regulations after the Senate voted to revoke the rules last week. President Donald Trump’s signature is needed before it can go into law but with the White House giving its full support, that’s a given.

“The Administration strongly supports House passage of S.J.Res. 34, which would nullify the Federal Communications Commission’s final rule titled ‘Protecting the Privacy of Customers of Broadband and Other Telecommunication Services’,” the White House said in a statement yesterday.

“If S.J.Res. 34 were presented to the President, his advisors would recommend that he sign the bill into law.”

If that happens, the US will free up the country’s Internet service providers to compete in the online advertising market with platform giants such as Google and Facebook. Of course, that will come at the expense of subscribers’ privacy, whose every browsing move online can be subjected to some level of scrutiny.

While supporters say that scrapping the regulations will mean that all Internet companies will operate on a level playing field when it comes to privacy protection, critics say that ISPs should be held to a higher level of accountability.

Whereas consumers have a choice over which information can be shared with websites, browsing history via an ISP is total, potentially exposing sensitive issues concerning health, finances, or even sexual preferences.

With this in mind, it’s no surprise that US Internet users are beginning to realize that everything they do online could soon be exposed to third-parties intent on invading their privacy in the interests of commerce. Predictably, questions are being raised over what can be done to mitigate the threat.

Aside from cutting the cord entirely, there’s only one practical way to hinder ISPs, and that’s through the use of some form of encryption. Importantly, visitors to basic HTTP websites will have no browsing protection whatsoever. Those using HTTPS can assume that although ISPs will still know which URLs they’ve visited, content exchanged will be cloaked.

Of course, for those looking for a more workable solution, VPNs – Virtual Private Networks – can provide a much greater level of encrypted protection, especially among providers who promise to keep no logs.

As a result, various providers, including blackVPN, ExpressVPN, LiquidVPN, StrongVPN and Torguard, have weighed in on the debate via social media. NordVPN have also spoken out against the bill in the press, and Private Internet Access even took out a full page ad in the New York Times this week.

It’s now becoming clear that while it was once a somewhat niche activity, VPN use could now be about to hit the mainstream.

Taking a look at Google Trends results for the search term ‘VPN’, we can see that interest across the United States is now double what it was back in 2012. The significant surge to the right of the chart is likely attributable to the past few weeks of debate surrounding the repeal of broadband privacy rules.

While most VPN providers have been campaigning against the changes, there can be no doubt that the signing of the bill into law will be extremely good for business. As seen from the above, record numbers of people are learning about VPNs and there’s even encouragement coming in from people at the very top of Internet commerce.

Following the vote yesterday, Twitter general counsel Vijaya Gadde took to her company’s platform to‏ suggest that citizens should take steps to protect their privacy.

Her tweet, which was later attributed to her own opinion and not company policy, was retweeted by Twitter Chief Executive Jack Dorsey.

It will be interesting to see how the new rules will affect VPN uptake longer term when the fuss around the debate this month has died down. Nevertheless, there seems little doubt that VPN use will rise to some extent and that could be bad news for copyright holders seeking to enforce their rights online.

In addition to stopping ISPs from spying on users’ browsing histories, a good VPN also prevents users being monitored online when using BitTorrent. A further handy side-effect is that they also render site-blocking efforts useless.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

March 29, 2017 at 11:22AM
via TorrentFreak

Privacy By Practice, Not Just By Policy: A System Administrator Advocating for Student Privacy

Privacy By Practice, Not Just By Policy: A System Administrator Advocating for Student Privacy
By Gennie Gebhart

When Matt L. started to raise the alarm about educational technology in his school district, he knew it would ruffle some feathers.

As a system administrator (or sysadmin), Matt has had a front-row seat to the increasing use of technology in his rural, public school district. At first, the district only issued Chromebooks to students in guest “kiosk” mode for test-taking. Over time, though, each of the district’s 10,000 students got individual access to school-issued devices, from iPads for younger students who cannot yet type to Chromebooks and G-Suite for Education logins for students as young as third grade.

Matt and his sysadmin colleagues are at the center of deploying, configuring, and maintaining Google devices and software for the entire district. This gives Matt opportunities to identify privacy problems with ed tech implementation, and to propose solutions.

“All our eggs in one basket”

“I don’t want to say that Google or Chromebooks or any of this stuff is inherently bad,” Matt said. “Getting these tools into the hands of kids is hard to argue with. That’s why I got into technology.”

As the district has continued to expand its technology use, however, Matt has started to have concerns about consolidating students’ educational and personal information in one company. “We’re putting all our eggs in one basket that we’re not in control of,” he said. “We don’t know where this student data is going.”

On top of his privacy concerns, Matt observed students learning about only certain softwares without broader awareness of their technology choices. Having grown up experimenting with Linux and other open softwares, he was dismayed to see students being steered toward only Google services and away from other options.

“The beauty of technology is that it is so vast and deep, with so many choices. But we’re funnelling people into one situation, which is not our job,” he said. “We should be teaching concepts of computing, not specific software. We should be giving parents and kids a choice.”

Privacy by policy

After frustrating initial conversations with colleagues, it became clear to Matt that student privacy advocacy in his district could “get touchy pretty quick.” Even higher-up colleagues who might have been in a position to make district-level changes were hard to effectively approach.

“They like Chrome because it’s easy to use and they don’t have to worry much about the mechanics behind it,” he said. “So, I was constantly ridiculed when I brought up concerns about privacy.”

Colleagues also pointed out the cost-effectiveness of free Google services in response to Matt’s concerns. But Matt was not convinced.

“Nobody’s asking why it’s free,” Matt said. “I thought it was common sense that, generally, if you’re not paying for the app, you’re the product.”

After repeated requests to talk more about student privacy issues, Matt’s boss and members of administration pointed him to the district’s as well as Google’s privacy policies. But this approach of ensuring “privacy by policy” did not lessen Matt’s concerns.

“We have privacy policies for our website, and for our student academic records, but not so much for students’ information in regards to what Google is collecting,” he said. “We can’t guarantee what Google is or is not doing with this information. It’s all pretty vague, and it’s not the kind of thing you want to be vague about.”

One of the biggest problems with such “privacy by policy” is that it relies on all staff members being up-to-date on complex, sometimes vague policies, and having the time and resources to comply with them consistently. Matt observed that many in his districtincluding his colleagues in system administrationsee student privacy as a long-term issue rather than an active, ongoing project.

“Stuff like student privacy gets back-burnered,” Matt said. “It’s hard to look down the road at long-term projects when teachers’ day-to-day is consuming all of our department’s time and energy.”

Privacy by practice

Unsatisfied by the “privacy by policy” that his district usually practices, Matt is investigating how he can implement “privacy by practice”that is, prioritizing student privacy with active safeguards to augment and ensure existing policy, like technical settings and opt-out options.

His first step has been to “crank down the lid” on privacy settings so that students use Google products as anonymously as possible by default, without associating their online profiles with identifying information. Ideally, technical controls like these will make it harder for teachers or third-party companies to collect student data, making privacy the default in students’ and teachers’ work.

He is also advocating for an opt-out policy. EFF helped Matt locate relevant examples of opt-out policies from other school districts to get conversations started. However, this advocacy process has brought up more questions than answers. Coworkers were concerned that giving students the option to opt out of Chromebooks and/or Google services will create more work for teachers and administrators, and it has been hard to build consensus around what classroom alternatives would be available when students choose to opt out.

Continuing to advocate

Matt’s conversations with colleagues have moved forward in fits and starts, and are constantly changing as the district’s technology situation changes. For example, a system-wide update gave Matt an opportunity to propose concurrent changes in ed tech implementation. But, soon after, discussions about abandoning local storage and migrating completely to Google Drive ran counter to Matt’s efforts to locally control student data and ensure their privacy.

In the meantime, Matt is thinking about stepping up student digital literacy education with more student-staff interactions on the topic. He has also brought up his concerns at professional conferences to learn from sysadmin in different schools and districts. Matt remains persistent and committed to advocating for more secure, more private student systems.

“It’s a really hard problem, but we need to come up with an answer,” Matt said.

March 28, 2017 at 05:29PM
via Deeplinks

After 12 Rejections, Apple Accepts App That Tracks U.S. Drone Strikes

After 12 Rejections, Apple Accepts App That Tracks U.S. Drone Strikes
By Josh Begley

Five years ago, I made a simple iPhone app. It would send you a push notification every time a U.S. drone strike was reported in the news.

Apple rejected the app three times, calling it “excessively objectionable or crude content.”

Over the years, I would occasionally resubmit the app, changing its name from Drones+ to Metadata+. I was curious to see if Apple might change its mind. The app didn’t include graphic images or video of any kind—it simply aggregated news about covert war.

At its core was a question: do we want to be as connected to our foreign policy as we are to our smartphones? My hypothesis was no. Americans don’t care about the drone war because it is largely hidden from view.

In 2014, after five rejections, Apple accepted the app. It remained in the App Store for about a year. According to Apple’s internal statistics, Metadata+ was downloaded by more than 50,000 people.

But the following September, Apple decided to delete the app entirely. They claimed that the content, once again, was “excessively objectionable or crude.”

Well, Apple’s position has evolved. Today, after 12 attempts, the Metadata app is back in the App Store.

Taliban chief Mansour 'likely killed' in US drone strike

Wreckage of a vehicle in which Mullah Mansour was allegedly traveling after it was hit by U.S. drone on May 22, 2016 in Balochistan, Pakistan.

Photo: Barkat Tareen/Getty Images

As an artist who works with data, I think the story of this app is about more than a petty conflict with Apple. It is about what can be seen—or obscured—about the geography of our covert wars.

For the past 15 years, journalists on the ground in Yemen, Pakistan, and Somalia have worked hard to uncover the contours of U.S. drone attacks—in some cases at their own peril. Filmmakers, academics, and attorneys have done important work documenting their ghastly aftermath. Websites like The Intercept have published whistleblower exposés about how the covert drone program clicks together.

But buried in the details is a difficult truth: no one really knows who most of these missiles are killing.

Because the particulars of the drone wars are scant, we only have ‘metadata’ about most of these strikes—perhaps a date, the name of a province, maybe a body count. Absent documentary evidence or first-person testimony, there isn’t much narrative to speak of.

The name ‘Metadata’ has a double meaning: the app both contains metadata about English-language news reports, and it refers to the basis on which most drone strikes are carried out. (As General Michael Hayden famously said, “we kill people based on metadata.”)

Smartphones have connected us more intimately to all sorts of data. As Amitava Kumar put it recently, “The Internet delivers ugly fragments of report and rumor throughout the day, and with them a sense of nearly constant intimacy with violence.” Yet information about drone strikes—in Apple’s universe—had somehow been deemed beyond the pale.

What would it mean to be more connected to our wars? Might our phones allow us to think more constellationally?

With a president who plans to lift the Obama-era constraints on drone strikes even further, declaring parts of Yemen and Somalia as “areas of active hostilities,” I’m glad that Apple has decided to stop blocking a news app.

If anything about the app is “excessively objectionable or crude,” perhaps it’s the airstrikes themselves.

The post After 12 Rejections, Apple Accepts App That Tracks U.S. Drone Strikes appeared first on The Intercept.

March 28, 2017 at 02:00PM
via The Intercept

We Have 24 Hours to Save Online Privacy Rules

We Have 24 Hours to Save Online Privacy Rules
By Kate Tummarello

This is our last chance to save critical online privacy protections.

We are one vote away from a world where your ISP can track your every move online and sell that information to the highest bidder. Call your lawmakers now and tell them to protect federal online privacy rules.

Last year the FCC passed a set of rules for how ISPs deal with their customers’ data. The commonsense rules updated longstanding federal protections for Internet users. Under the rules, ISPs would be required to protect your data and wouldn’t be allowed to do a host of creepy things, including sell your Internet browsing records without your consent.

Those rules were a huge victory for consumers. Of course, the ISPs that stand to make money off of violating your privacy have been lobbying Congress to repeal those rules. Unfortunately, their anti-consumer push has been working.

The Senate voted last week 50-48 on a Congressional Review Act (CRA) resolution to repeal the FCC’s privacy rules. Now the resolution heads over the House, where it’s scheduled to get a vote on Tuesday.

If the House passes it, you’ll be even more at the mercy of your ISP. Because Congress is using a CRA resolution, the FCC will be prohibited from writing similar rules in the future. And thanks to the current legal landscape, no other federal agency has the authority to protect you against privacy invasions by your ISP.

With a House vote scheduled for Tuesday, we have 24 hours to speak up and tell our representatives that they can’t put ISPs’ profits over our privacy.

Call your lawmakers today and tell them to oppose S.J. Res. 34, which would repeal the FCC’s broadband privacy rules.

Take ActionCall Congress now!

March 27, 2017 at 03:30AM
via Deeplinks

Trump and his EPA chief are ready to wage war on environmental protections

Trump and his EPA chief are ready to wage war on environmental protections
By Carter Sherman

Two days before President Donald Trump plans to sign a sweeping executive order to roll back Obama-era environmental protections, his EPA chief called the landmark 2015 international agreement to fight climate change “just a bad deal” for the U.S.

“China and India, the largest producers of CO2 internationally, got away scot-free,”  EPA head Scott Pruitt said in a Sunday ABC interview. Pruitt was referring to the Paris Climate Agreement, in which almost every country in the world committed to decreasing emissions of climate change–causing greenhouse gas, such as carbon dioxide (CO2). Unlike in previous agreements, both developing and developed countries pledged to help.

“[China and India] didn’t have to take steps till 2030,” Pruitt went on. “So we’ve penalized ourselves through lost jobs while [they] didn’t take steps to address the issue internationally. So Paris was just a bad deal, in my estimation.”

While on the campaign trail, Trump said he would “cancel” the Paris agreement.

Pruitt also labeled the Clean Power Plan, an Obama initiative to cut power plants’ carbon pollution, as part of “past administration’s effort to kill jobs throughout the country.” The plan — already stayed thanks to a lawsuit Pruitt helped originally bring — was seen as an important part of meeting the goals the United States set in the Paris accord.

Yet Pruitt’s comment that China and India are the “largest producers of CO2 internationally” may be misleading. While China does emit more carbon dioxide than any other country in the world, the next-biggest emitter is not India, according to the U.S. Energy Information administration. That would be the United States.

While China’s energy consumption led the country to emit more than 9,000 million metric tons of carbon in 2014, the United States released about half that amount — even though the United States has less than a third of China’s population. India emitted only about 1,800 million metric tons of carbon dioxide that year.

China and the United States’ carbon emissions have declined in recent years, leading the global rate of carbon emissions to flatten even as the world economy grows. Experts say this trend may represent a “decoupling” of the conventional wisdom that economies cannot grow and go green at the same time.

But the United States’ carbon emissions may soon be on the rise again, as Pruitt revealed in his Sunday interview that Trump’s executive order will review, rescind, or revise several federal environmental protections. And its impact may be immense, according to details of the order shared with Bloomberg News.

Not only will the Clean Power Plan likely be dismantled, but other regulations are also at risk. For instance, during the Obama administration, officials had to often calculate the effects of climate change by factoring a metric called “the social cost of carbon” into their decision-making. Trump’s executive order is expected to end that policy.

These changes may help resurrect the ailing U.S. coal industry, which Trump promised to improve during his campaign.

It’s unclear whether Trump will use the order to withdraw from the Paris accord, but Pruitt said that the Clean Power Plan was “not tethered” to that agreement, suggesting that Trump may pull the United States out of the deal later on.

“This is about making sure that we have a pro-growth and pro-environment approach to how we do regulation in this country,” Pruitt said of the order.

March 27, 2017 at 05:19PM
via VICE News

With looming changes to U.S. broadband privacy, police can bypass warrants entirely and just BUY your browser history from your ISP

With looming changes to U.S. broadband privacy, police can bypass warrants entirely and just BUY your browser history from your ISP
By Rick Falkvinge

The bill passed the U.S. Senate: it looks like your ISP will be allowed to just sell your browsing history. While the bill still needs to pass the House (the lower legislature in the U.S.) and the President’s signature, it seems increasingly likely to unfortunately do so. This doesn’t just mean that your privacy is commercialized – it also means that search-and-seizure is: the Police will be able to just buy your browsing history from your ISP, bypassing any privacy protections completely.

In the beginning of telephony, the telco switchboard operators – human operators who connected phone calls – had the ability to listen in to anything and everything. At the time, telcos took privacy seriously. To qualify as a switchboard operator at a serious telco, you had to swear a formal oath to respect the privacy of the customers – and advertising seeking customer trust indeed spoke of “our oathsworn operators”.

That was a century ago.

Today, telcos are tripling over to milk the sheep – that’s you – for as much dough as they can get away with. All thoughts about earning the end users’ trust in delivering value are long gone, almost like it wasn’t modern management to run a good business in the telco world.

A century ago, telcos advertised to seek customer trust by telling the public how their employees were oathsworn to respect and protect privacy.

But this bill is about ISPs, and in the US, there aren’t a lot of dedicated Internet Service Providers – almost all of them are telcos or cable companies, which means we also need to include cable companies – Comcast and the like – in this bunch of customer-condescending business practices. (You’ll remember that Comcast has been repeatedly voted the most hated company in America.)

When you’re on the web on a regular insecure page, your ISPs sees everything: not just what page you visit, but also what that page looks like to you, and what data you send to it (except passwords, which are almost always encrypted). This includes any private messages you send or receive that are displayed on that web page, any forum posts, any images, et cetera.

When you’re on a secure HTTPS page, which are quickly becoming the norm, your ISP is not supposed to see anything. But your ISP will still know what website you asked for – it won’t know that you’re on a page with the address, or what you see on that page, but your ISP will be aware that you’re probably on the server, which can be bad enough for many server names. It knows this since your ISP handles what’s called a name lookup – translating the server name to an IP address for you – and your ISP can remember what server name you asked for and how long time you spent on that server.

With the new bill, police won’t need a warrant or subpoena to get your browsing history, but can just buy it from your ISP like it were yesterday’s bread at a shady bakery. This includes much of your HTTPS browsing, even if in less detail.

The one defense against this remains an honest ISP with oathsworn operators (good luck with that) or using a no-log VPN service, a VPN which also performs the name lookups for you so your ISP won’t see them. (Disclaimer: Private Internet Access is such a VPN service.) Only then are you rightfully concealing your private activity from an ISP which may, can, and will sell you out to the highest bidder – including the police.

As a final punch in the gut, the Police won’t just buy your browsing history, they’ll be doing so with your money – with taxpayer money.

Hat tip to Phil A. Buster on Twitter.

Privacy remains your own responsibility.

The post With looming changes to U.S. broadband privacy, police can bypass warrants entirely and just BUY your browser history from your ISP appeared first on Privacy Online News.

March 26, 2017 at 01:49PM
via Privacy Online News