Skip to main content

Microsoft, Google Reveal How Much of Your Data Were Shared With the Government: Security Concerns in Your Technology World!

By VJ
government spying

ECPA (the Electronic Communications Privacy Act) of 1986 in the United States has enabled the US government to legally seek information from online service providers about various activities conducted by their users. It had a major amendment in the form of the Patriot Act of , in response to the 9/11 attacks. With this amendment, the government and agencies affiliated to the government, such as the FBI, NSA, etc., can demand information about user activities from any company. Google, in its transparency report about user data requests, did reveal the information demanded by government agencies. Quite recently, Microsoft also outed how much data has been requested from the company by the use of this law.

Through the amendment known as the Patriot act (USA PATRIOT Act), law enforcement agencies are capable of demanding information required for further investigation and evidence-gathering through what is known as National Security Letters (NSL).

ECPA, Patriot Act, and NSL


Basically the Electronic Communications Privacy Act has been prepared to enable the law enforcement agencies to gather information about electronic communications of the population, while still upholding the privacy rights of every individual. Seems a bit difficult or far-fetched to implement, doesn’t it?

ECPA includes three major parts—the Wiretap act, Pen-register act, and Stored communications act. About a month after the September 11 attacks on the United States, the government passed an amendment to the ECPA in the form of Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2011. Based on this act with a blatant acronym, government agencies like the FBI are able to issue something known as National Security Letters (NSL) to any online service provider—your web host, email provider, social network, etc.—in order to gather information about specific individuals that they believe are working against national security. If you wish to know in detail about NSLs, read this .

US agencies, Pentagon, the CIA, and specifically the FBI have been issuing NSLs since 2001, after the Patriot act made it possible to issue NSLs without much hassle.

an example of a national security letter

As in the letter shown here, the FBI is requesting certain type of information from a service provider, and as per the ECPA guideline of privacy concern, certain information, such as the subject and content of an email need not be sent to the agency.

In the year 2012, Google and Microsoft had received thousands of NSLs from the government requesting information on certain account holders. An important thing is that the NSLs require the company to not disclose the fact that it received an NSL to the account holder (something known as a gag order). Also, the company cannot disrupt or close the service to the individual, thereby alerting him that something wrong (such as a police investigation) is happening on his account.

These clever requirements of the NSL keep you feeling safe while your data is being snooped at.

Google’s data shows about 16,407 NSLs from the US government, 2883 requests from the UK government, and 4750 requests from the Indian government for account transaction data from its database.

Microsoft has also divulged the information, and about 11,073 requests concerning 24,565 accounts were initiated by the US government. UK had 9226 requests concerning 14,301 accounts, and the Indian government had 418 requests.

As per the law, certain information has to be passed on by these companies when a request is raised. The company also can neither reveal the details of the request, nor disrupt the service given to the concerned account holder.

Web Services Do Track Your Data


So far, only Google and Microsoft have provided us with the data concerning NSLs. The law enforcement agencies may require information from any web service provider regarding its users. Web hosting companies, email providers, cloud storage service providers, instant messaging providers, social networks, blogs, web apps, etc., all may be required to provide information through an NSL. It is to be noted that nothing is safe.

Already, there is a lot of concern regarding the privacy rights of individuals after the Patriot act was passed in 2001, without apparently much inspection into its content and implications. One thing that probably gives you some relief is that the law prohibits the agencies from gathering some information, such as the subject and content of an email.

Today, as everything that you do online can be tracked precisely, your privacy is not properly guaranteed. Some of you may believe that your data may be tracked only if you log into your account, such as your Google account or your Facebook account. That is not the case. Even if you log out of all accounts, and clear all your cookies, and then browse the web through the anonymous browsing option, such as the Incognito window on Chrome or InPrivate browsing on IE, data about your computer can be tracked.

visitor tracking on a web page

Every website on the planet has the capability of logging some information about your visit to that site, such as the time, IP address, your location, your browser, operating system, the version, support for Flash and JavaScript, screen resolution, the page from which you are visiting (the source), the search query you used to find the page, whether you are a new visitor or a returning visitor, etc., in real time. A little bit terrifying, isn’t it?

With such data tracked through every web application that you know, gathering information is not a difficult thing for law enforcement agencies.

How to Be Safe


You had better not do anything that violates the law of the land or that borders on outright treason. Any terrorist activity conducted through the services of these tech companies is not in public interest and should be prosecuted. For ordinary people, staying secure online and keeping your information private is an important concern.

As we mentioned earlier, only certain type of data is transmitted to the law enforcement when an NSL request is made. Microsoft provided the information about what is divulged. Here is it.

Information shared with the government

As you can see, the main information that is given out includes your first and last name, the location, and the IP address, which can identify your computer in the Internet. The IP address is the potential target in this case. Since every web service does have the power to log your IP address, and the fact that there is a court ruling in the US in 2009 identifying IP addresses as not personally identifiable information (PII), makes it possible to target you based on your IP. This is especially the case if you have a static IP (that doesn’t change).

You may probably know that you should never ever disclose your IP address to the public. It is a unique code that identifies your device (whether it is your computer, tablet, or smartphone) in a network, such as the Internet. Although there are ways to mask your computer’s IP (making it invisible or stealth) with the help of a firewall application, it has never been regarded as entirely safe to divulge IP addresses.

Hence, as a first step, make sure you have a good firewall running and do not ever disclose your network information to anybody. It goes without saying how protective you should be of your password. This article explains it clearly how good your password has to be in order to ward off hacking attempts.

The computer’s password is another important thing. As long as it is connected to the Internet, make sure that you have good password on the computer. Even tablets and smartphones should have good passwords to protect them. But the story doesn’t end there. Check out this BBC video that disturbed iPhone users some time back.



That is a perfect example of how insecure some of our gadgets can be. As an update, here is something that we found very recently [Updated]:



We have strayed away from government agencies requiring information from web service providers about account holders, to hackers gathering information about your device. In a recent post in Krebs on Security, you see how Microsoft’s popular service Skype is divulging your IP address to the public. That is pretty disturbing indeed to Skype users. In our world filled with security holes, there are only two recommendations that I can make to you to protect yourself.

  • Firstly, make sure that you take advantage of every single security option that your device and your service provider gives you. Such as two-factor authentication, passcodes, passwords (strong ones), screen locks, firewalls, etc., and keep updating your software or hardware and get security fixes as they come up.
  • And secondly, please do not disclose your security information to anybody. As in the rule ‘if it’s too good to be true, it probably is’, if someone is socially engineering you to give out some important information, it probably is just that (social engineering). So, don’t divulge anything that people other than you don’t need.

By doing these two steps, will you be safe? Well, it is not quite guaranteed.

Conclusively


As long as you are using the Internet and its best services, you are never going to completely ward off governmental snooping. Be just content that you are not living in a country like China or Russia, where governments are not only spying on individuals, but also within itself. In some countries, the snooping is generally illegal and should be done in accordance with individual privacy laws of the land. That is the only protection that people have.

To be cool, post your comments exactly when you start following us @bluebugletech. This can be done by opening that Twitter page on your phone and then clicking on that follow button exactly when you are clicking on submit comment button on this page on your computer screen. Or vice versa ;-)

[Image: CIO]
Labels:

Popular posts from this blog

Technologies on Smartphones That You Should Look For

By VJ
Apple has unveiled two underwhelming products with iPhone 5S and 5C . That was the major news for the last week. Although the devices completely lacked any inspiration, they have included two very important things—the touch ID sensor for security and the 64-bit architecture for better computing. Earlier we also mentioned what Apple should have done . In Android devices, we have a huge number of innovations too that we got to see in the past few months. In this article, let me discuss a few innovations that you have to look for in your next smartphone. 1. NFC Near Field Communication has always been regarded as a cutting edge technology. You can’t throw a stone now without hitting an Android device with NFC technology. It is a secure way that devices can connect by simply bringing them together. Right now, NFC has yet to find applications in the current smartphone market. The technology is not new, although it has yet to have any big applications. However, NFC has its importance....
Read the full article »

Five Great Alternatives for iGoogle Home Page Portal

By VJ
Google’s popular home page service, iGoogle will be retired on November 1st, 2013. That’s a little over a year of managing your home page through this service. It came as a great disappointment to me since I had been using the service for a long time. I have a nice home page set up in iGoogle with news from BBC, CNN, and others; my calendar; a widget for time management; topic-specific news on technology, stock quotes, weather; and some other interesting stuff. It was a page that I woke up to for many days. It seems obvious that the popularity of home page services has been coming down in the recent years; another popular service in this arena, Netvibes has turned into something else entirely. I could have turned my attention to Netvibes after they retire iGoogle, but that won’t happen now. I will miss Google’s home page, and before that I want to find out another portal service that I could love as I do iGoogle. In search for one, I found these great services which can replace iG...
Read the full article »

A Tablet Running Both Windows and Android Side By Side

By VJ
The latest innovation from Samsung is the ATIV Q tablet, a streamlined 13-inch tablet that is extremely powerful and not that chunky for a tight competitor to the likes of Microsoft Surface Pro. It is thin, extremely powerful, and has a large brilliant QHD resolution screen, which is higher than Full HD. QHD is 3200x1800 pixels, while FHD is 1920x1280 pixels. Let’s take a brief look at this device. Technical Specifications The tablet-laptop mash-up is not yet in the market. We may update this post as it is made available in the market. Here are the brief technical specifications of the tablet. Display 13.3 inch; 3200x1800 px (the highest in the market); 16 million colors Processor Intel Haswell Core i5 processor (details unknown) RAM 4 GB Graphics Intel HD 4000 Storage 128 GB SSD Battery life 9 hours of usage Operating system(s) Android 4.2.2 Jelly Bean; Windows 8 ...
Read the full article »