K12 Student Online Privacy Bill passed by California Assembly

A new online privacy bill has been passed by the California Assembly which aims to protect student online privacy. It is the first bill to be passed in the U.S specifically covering the online privacy of K-12 students. Senate Bill 1177 has been termed The Student Online Personal Information Protection Act (SOPIPA), and the new bill is intended to prohibit companies from using the data collected from Apps and online technology products from being used for profit.

The new measure was introduced by Senate Leader Darrell Steinberg following the discovery of inadequacies in online data security on K-12 websites. Online security flaws have allowed student profiles and personal data to be accessed and used by third party contractors with that information potentially sold on to advertisers and marketers to enable the targeting of K-12 students.

Federal law currently prohibits the use of student information by districts, yet the companies who are employed to manage websites and data are not covered under current legislation. Since the creation, management and maintenance of many school is contracted out to third parties, confidential information may be sold on to marketers. Unfortunately, since the data is cloud hosted, from the second it is created it has already moved out of the districts control.

Last year, Google told Education Week Magazine that the applications used by schoolchildren actually scanned their private emails to gain information to help provide targeted adverts through its network. Many of the apps currently in use in classrooms require students to create personal accounts. In order for them to do so they must enter personal information about themselves, in some cases this includes details of their home and even their home addresses. This highly sensitive information is made available to third parties and the risk to children’s online privacy and security is severe.

Applications currently used by teachers involve the entry of data such as attendance records, grades, health and student discipline, and all of this data is not being kept private and confidential. Private emails sent between students, parents and teachers are also cloud stored and potentially open to be read, used and sold on.

The new SOPIPA bill, if passed by the Senate, is likely to force companies to encrypt data, take greater care over who is allowed access to student information and will prevent student data from being used for profit. The bill should at last tighten up and safeguard student privacy, although student information would still be available for educational purposes. It will also ensure that educational tech data is kept secure.

Current restrictions covering K-12 student online privacy regarding educational technology products is restricted only by the privacy policies on K12 websites, which in the majority of cases, removes liability for any misuse of data and allows that data to be disclosed to whoever the company wishes.

Senate President Pro Tem Darrell Steinberg believes SOPIPA to be a landmark bill that will protect student online privacy and hopes that other states will follow California’s lead. In his words, “My goal is to encourage technological innovation while protecting kids’ privacy and this bill doesn’t trade one goal for another, it achieves both”.

Microsoft Defies Court Order and Refuses U.S Government Access to Customers’ Private Emails

Despite being ordered to hand over private emails to the U.S Government, Microsoft has made the decision to refuse U.S prosecutors access to its client’s private emails and by doing so is defying a Federal court order. The company is planning to take the matter to appeal and will not be releasing any data or private emails to federal authorities.

The case was originally heard by the Judge Loretta Preska in the U.S District Court in Manhattan on July 31st, and while the order to release private cloud data was issued, it was suspended when numerous complaints were received. A number of technology companies and legal experts have argued that her order has broken international law. If data is not held within U.S borders, the Government and Federal authorities had absolutely no jurisdiction, and should not even be making the request to release data through the U.S court system.

However, on Friday – a month after the suspension was issued – it has been lifted. In spite of this, Microsoft is still refusing to hand over data and private emails. The judge has stated that the matter is one of control, and believes that since the data is held by a U.S company, the physical location of the data is irrelevant and the matter falls entirely under U.S jurisdiction.

Microsoft is arguing that since the data is held in Ireland, if it complies with the order it will be violating Irish law and in a case such as this the correct way of proceeding would be for the U.S Government to arrange a legal treaty with Ireland which would allow access to data and private emails in criminal cases. The case is being closely watched by internet privacy watchdogs as it is believed a precedent could be set in this landmark internet privacy case.

Should the case be ruled in favor of the prosecutors, it would make it difficult for other companies to deny future requests by the U.S Government to release private data held in worldwide cloud data centers. This is not the first time the U.S Government has demanded access to users’ private emails and data, and while companies have made stands in the past on moral grounds, first time that a U.S company has defied an order issued by a Federal court.

Microsoft is fighting the order because it has profound implications for its customers and the cloud data services they are offered. The company is believed to have already suffered as a result of the U.S government’ s online spying activities and should customers believe that their data is not actually private and the U.S Government can gain access to whatever data it wishes, customers would be unlikely to continue using its cloud data services.

Microsoft’s actions have been backed by a number of U.S technology companies including Verizon, Cisco, Apple and AT&T, all of which would be negatively impacted should the appeal be ruled in favor of U.S prosecutors.  Many legal experts also agree that federal authorities have absolutely no jurisdiction over data held outside the country’s borders.

Microsoft and Federal prosecutors have until Friday 5th September to advise the judge on how to proceed. In a statement issued by the software giant, “Microsoft will not be turning over the email and plans to appeal”.

Majority of Americans Deeply Concerned About Online Privacy

Americans are deeply concerned about privacy online and the security of data entered in website forms according to a recent WP Engine Online Privacy Study. The survey, conducted by market research firm Harris International, clearly indicates that fears the American public has about the security of financial data entered online and privacy on the internet.

71% of the survey’s respondents state that they care deeply about privacy online, with 99% of respondents caring about the security of their private information when surfing the internet, sending emails, using social media and shopping online.

WP Engine is a SaaS content management platform developed for use on WordPress, one of the internet’s most popular website platforms. The company developed the survey with the Harris poll run in June 2014 on a sample of 2,100 adults from across the United States. The results published on 31st July this year.

The major causes of concern relate to privacy on the internet when entering and accessing financial information on websites – checking online bank accounts for example – with three out of 4 participants expressing concern about the security of the data they enter online, while over half (57%) express similar concerns about online shopping.

The survey probed views on ownership of information entered on websites, in particular on social media channels such as Facebook and Twitter, in addition to communications programs like WhatsApp. The vast majority (93%) believe that they should have either full or at least partial ownership of the online content they generate on these sites and platforms, with ownership of uploaded photographs the main concern. 19% of people believe ownership should be theirs.

Online privacy protection is an issue when accessing online pornography with 16% of the surveys participants concerned about their privacy while doing so, although it is not clear how many out of the 2,100 sample size actually use the internet for this purpose.

14% were concerned about the information they access on the web and social media channels at work, 10% would like to keep their checks on ex’s private and confidential, while 12% were concerned about how private their naked selfies would turn out to be, although perhaps not enough to stop taking them and posting them.

Aside from financial data, the biggest areas of concern were shown to be referencing photos of themselves online, with 27% eliciting privacy concerns, while the biggest risk to privacy online appears to be social media networks such as Facebook, with 66% of respondents concerned about the data entered and stored in their profiles. Email (56%), internet browser security (52%) and search engines (45%) were other notable areas where privacy was a major worry.

Considering the sensitive nature of the financial data entered on websites and the potential for naked photographs, photos of users’ children and internet browsing history to come back to bite people at a later date, it is no surprise that so many Americans have very real concerns about privacy on the internet and android phones.

NSA and GCHQ Spies Highlight Flaws in Tor Browser

Internet privacy afforded by Tor is both loved and hated by governments; on the one hand it allows them to maintain their own anonymity while on the other it lets criminals, terrorists and spies to do likewise. However it has recently come to light that users of the Tor network are far from guaranteed anonymous internet access.

Tor is a private browser network designed to allow its users to surf anonymously and avoid being tracked, traced and targeted by cybercriminals and governments alike. Tor is an acronym for The Onion Router and was so named due to the numerous layers that exist within the browser, supposedly making it impossible for website owners, phishers and governments to view the websites that Tor users access through the browser.

The project was originally developed as a network of anonymous servers to provide the U.S. Navy with untraceable internet access, with funding still provided by the U.S. State Department to further develop the project.

U.K. Government Communications Headquarters (G­CHQ) allegedly relies heavily on the browser to protect its data and provide totally anonymous internet access, while the U.S. National Security Agency (NSA) and the U.S. military are also believed to use the browser to surf anonymously, maintain internet privacy and protect data.

Tor browser is available for free download by anyone, and it has fast become the internet browser of choice for spies, cyber criminals, activists, pedophiles and hackers, all of whom are looking to hide within the private browser network’s layers and shield their unsavory internet activities from prying eyes.

Due to the secret nature of users of Tor, there has been considerable chatter in hacker forums suggesting that even downloading Tor is enough to get the users real name and IP address on a NSA or GCHQ watch list­­. To date, the supposedly anonymous network has 2.5 million worldwide users, the bulk of whom are located in the United States, UK, China, Vietnam, Iran and Russia.

It has recently come to light that both the NSA and GCHQ have not only been using Tor for anonymous internet access to maintain their own online privacy, but have simultaneously been working hard to break it and expose its security flaws. Tor project director Andrew Lewman has recently claimed that the non-profit organization has been receiving anonymous emails from within the NSA, GCHQ and other international security agencies exposing the browsers security flaws and holes.

Far from being the work of hackers trying to secure their own anonymity online, Lewman claims that the senders of the email have “highly technical knowledge of the Tor browser” and sufficient resources to examine the source code for “hours, for weeks, [and] for months. This suggests government agencies rather than individuals have been probing, and accessing, Tor data.

With such detailed knowledge of the intricacies of the inner workings of Tor and its flaws, it strongly suggests that both the NSA and GCHQ have accessed the project’s data and that its users are not actually given anonymous internet access after all. Tor’s network of nodes may prevent website owners from seeing the real IP addresses of its users, but hiding from the government does not appear to be possible and safe and secure ‘dark net’ access is far from guaranteed.

Google Plan to Target Children Worries Internet Privacy Watchdogs

According to recent reports on The Information, Google is planning an unprecedented move that places the online privacy of kids at risk. In its quest to find new users, the search engine giant is planning to start targeting children by offering them private Gmail accounts; a move that will take the internet search giant into highly controversial territory.

For Google to start actively pursuing children it will have to enter a legal minefield. Under current legislation set out in the Children’s Online Privacy Protection Act (COPPA), parents are given control over what information is collected on their children. Websites specifically aimed at kids – under 13 years old – must make information available to parents concerning their privacy policies; specifically what information is collected and stored. Under COPPA regulations, verifiable consent must be obtained from a legal parent or guardian before any information is collected and if a kid-targeted service is to be offered by Google, it must comply with these laws.

Google is believed to be investigating ways that it can comply with this legislation and provide a new child-targeted service. The move has caused concern from internet privacy watchdogs and parents, and has been condemned by advocates of internet privacy, and with good reason; the privacy of potentially millions of children is at stake.

Google’s Gmail and YouTube services are currently not specifically offered to children, although accounts can easily be set up if children lie about their ages or access the services anonymously. A date of birth is required for accounts to be opened; although at present all a child has to do to gain access to content – including adult content – is to change the year they were born in the signup field. It does not take a child genius to figure this out and no checks are currently in place to verify the ages of users.

The move, likely to be billed as a way to avoid this and improve the control parents have over what their kids can see online and therefore improve children’s online privacy, potentially allows Google to collect information on children, their viewing habits, preferences and tastes and sell this information to its advertisers.

In order to comply with current legislation and to appease parents, Google is allegedly planning to create a dashboard which parents can use to control what their children can view online and to see what sites their children are accessing. However, advertisers would be given the power to start specifically targeting children – your children – with products and services that will be totally out of the control of parents.

If Google is successful in its efforts, despite appropriate parental controls being implemented, will the privacy of children actually be protected? Will parents actually be able to make informed decisions about what their children see? Will their authority be undermined? Will advertisers take advantage of young, impressionable minds? These are questions that must be answered.

Google currently provides a remarketing service which lets advertisers follow adults around the net across multiple websites and track them, serving targeted adverts for products wherever they go online through its Display Advertising Network. The worry is that children will also be pursued, hounded and brainwashed by advertisers. How strict the controls will be on what advertisers show them and the data they are provided is unknown.

Also, if the service does go ahead, a digital fingerprint will be created for every individual from a very early age. Online privacy advocates consider this to be of major concern and that the move will set a precedent: Facebook and other internet giants can be expected to follow suit.

The ‘rumors’ have caused The Center for Digital Democracy to highlight the issue to the Federal Trade Commission, which is responsible for setting both the rules of the COPPA Act and enforcing them. Google has declined the opportunity to respond to the reports – a Google spokesman told the Financial Times and others that it does not comment on rumors.