Skip to main content

Microsoft, Google Reveal How Much of Your Data Were Shared With the Government: Security Concerns in Your Technology World!

By VJ
government spying

ECPA (the Electronic Communications Privacy Act) of 1986 in the United States has enabled the US government to legally seek information from online service providers about various activities conducted by their users. It had a major amendment in the form of the Patriot Act of , in response to the 9/11 attacks. With this amendment, the government and agencies affiliated to the government, such as the FBI, NSA, etc., can demand information about user activities from any company. Google, in its transparency report about user data requests, did reveal the information demanded by government agencies. Quite recently, Microsoft also outed how much data has been requested from the company by the use of this law.

Through the amendment known as the Patriot act (USA PATRIOT Act), law enforcement agencies are capable of demanding information required for further investigation and evidence-gathering through what is known as National Security Letters (NSL).

ECPA, Patriot Act, and NSL


Basically the Electronic Communications Privacy Act has been prepared to enable the law enforcement agencies to gather information about electronic communications of the population, while still upholding the privacy rights of every individual. Seems a bit difficult or far-fetched to implement, doesn’t it?

ECPA includes three major parts—the Wiretap act, Pen-register act, and Stored communications act. About a month after the September 11 attacks on the United States, the government passed an amendment to the ECPA in the form of Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2011. Based on this act with a blatant acronym, government agencies like the FBI are able to issue something known as National Security Letters (NSL) to any online service provider—your web host, email provider, social network, etc.—in order to gather information about specific individuals that they believe are working against national security. If you wish to know in detail about NSLs, read this .

US agencies, Pentagon, the CIA, and specifically the FBI have been issuing NSLs since 2001, after the Patriot act made it possible to issue NSLs without much hassle.

an example of a national security letter

As in the letter shown here, the FBI is requesting certain type of information from a service provider, and as per the ECPA guideline of privacy concern, certain information, such as the subject and content of an email need not be sent to the agency.

In the year 2012, Google and Microsoft had received thousands of NSLs from the government requesting information on certain account holders. An important thing is that the NSLs require the company to not disclose the fact that it received an NSL to the account holder (something known as a gag order). Also, the company cannot disrupt or close the service to the individual, thereby alerting him that something wrong (such as a police investigation) is happening on his account.

These clever requirements of the NSL keep you feeling safe while your data is being snooped at.

Google’s data shows about 16,407 NSLs from the US government, 2883 requests from the UK government, and 4750 requests from the Indian government for account transaction data from its database.

Microsoft has also divulged the information, and about 11,073 requests concerning 24,565 accounts were initiated by the US government. UK had 9226 requests concerning 14,301 accounts, and the Indian government had 418 requests.

As per the law, certain information has to be passed on by these companies when a request is raised. The company also can neither reveal the details of the request, nor disrupt the service given to the concerned account holder.

Web Services Do Track Your Data


So far, only Google and Microsoft have provided us with the data concerning NSLs. The law enforcement agencies may require information from any web service provider regarding its users. Web hosting companies, email providers, cloud storage service providers, instant messaging providers, social networks, blogs, web apps, etc., all may be required to provide information through an NSL. It is to be noted that nothing is safe.

Already, there is a lot of concern regarding the privacy rights of individuals after the Patriot act was passed in 2001, without apparently much inspection into its content and implications. One thing that probably gives you some relief is that the law prohibits the agencies from gathering some information, such as the subject and content of an email.

Today, as everything that you do online can be tracked precisely, your privacy is not properly guaranteed. Some of you may believe that your data may be tracked only if you log into your account, such as your Google account or your Facebook account. That is not the case. Even if you log out of all accounts, and clear all your cookies, and then browse the web through the anonymous browsing option, such as the Incognito window on Chrome or InPrivate browsing on IE, data about your computer can be tracked.

visitor tracking on a web page

Every website on the planet has the capability of logging some information about your visit to that site, such as the time, IP address, your location, your browser, operating system, the version, support for Flash and JavaScript, screen resolution, the page from which you are visiting (the source), the search query you used to find the page, whether you are a new visitor or a returning visitor, etc., in real time. A little bit terrifying, isn’t it?

With such data tracked through every web application that you know, gathering information is not a difficult thing for law enforcement agencies.

How to Be Safe


You had better not do anything that violates the law of the land or that borders on outright treason. Any terrorist activity conducted through the services of these tech companies is not in public interest and should be prosecuted. For ordinary people, staying secure online and keeping your information private is an important concern.

As we mentioned earlier, only certain type of data is transmitted to the law enforcement when an NSL request is made. Microsoft provided the information about what is divulged. Here is it.

Information shared with the government

As you can see, the main information that is given out includes your first and last name, the location, and the IP address, which can identify your computer in the Internet. The IP address is the potential target in this case. Since every web service does have the power to log your IP address, and the fact that there is a court ruling in the US in 2009 identifying IP addresses as not personally identifiable information (PII), makes it possible to target you based on your IP. This is especially the case if you have a static IP (that doesn’t change).

You may probably know that you should never ever disclose your IP address to the public. It is a unique code that identifies your device (whether it is your computer, tablet, or smartphone) in a network, such as the Internet. Although there are ways to mask your computer’s IP (making it invisible or stealth) with the help of a firewall application, it has never been regarded as entirely safe to divulge IP addresses.

Hence, as a first step, make sure you have a good firewall running and do not ever disclose your network information to anybody. It goes without saying how protective you should be of your password. This article explains it clearly how good your password has to be in order to ward off hacking attempts.

The computer’s password is another important thing. As long as it is connected to the Internet, make sure that you have good password on the computer. Even tablets and smartphones should have good passwords to protect them. But the story doesn’t end there. Check out this BBC video that disturbed iPhone users some time back.



That is a perfect example of how insecure some of our gadgets can be. As an update, here is something that we found very recently [Updated]:



We have strayed away from government agencies requiring information from web service providers about account holders, to hackers gathering information about your device. In a recent post in Krebs on Security, you see how Microsoft’s popular service Skype is divulging your IP address to the public. That is pretty disturbing indeed to Skype users. In our world filled with security holes, there are only two recommendations that I can make to you to protect yourself.

  • Firstly, make sure that you take advantage of every single security option that your device and your service provider gives you. Such as two-factor authentication, passcodes, passwords (strong ones), screen locks, firewalls, etc., and keep updating your software or hardware and get security fixes as they come up.
  • And secondly, please do not disclose your security information to anybody. As in the rule ‘if it’s too good to be true, it probably is’, if someone is socially engineering you to give out some important information, it probably is just that (social engineering). So, don’t divulge anything that people other than you don’t need.

By doing these two steps, will you be safe? Well, it is not quite guaranteed.

Conclusively


As long as you are using the Internet and its best services, you are never going to completely ward off governmental snooping. Be just content that you are not living in a country like China or Russia, where governments are not only spying on individuals, but also within itself. In some countries, the snooping is generally illegal and should be done in accordance with individual privacy laws of the land. That is the only protection that people have.

To be cool, post your comments exactly when you start following us @bluebugletech. This can be done by opening that Twitter page on your phone and then clicking on that follow button exactly when you are clicking on submit comment button on this page on your computer screen. Or vice versa ;-)

[Image: CIO]

Labels

Labels:

Popular posts from this blog

10 Worst Android Antivirus Apps You Can Get

By VJ
Are you careful about the security of your smartphone? For your Android device, Google Play store offers a number of antivirus apps. There are paid and free apps from professional companies like Avast!, Kaspersky, and Lookout, as well as free antivirus apps that install and work relatively faster. Among the security apps found on the Play Store, there are a number of free, lightweight ones, most of which enjoy a great number of downloads and high ratings. Most of the ratings are done by people who find the interface easy to use, but have no idea whether the app actually works or not. Many of us feel the app is great if the interface is cool, don’t we? It is painful to note that most of these free apps not only fail at most antivirus tests, but experts regard them to be incapable of detecting any threat. Last year, the latest mobile antivirus test report was published by AV-Test.org , in which they tested and rated the best and the worst antivirus programs among multiple platforms. ...
Read the full article »

Five Great Alternatives for iGoogle Home Page Portal

By VJ
Google’s popular home page service, iGoogle will be retired on November 1st, 2013. That’s a little over a year of managing your home page through this service. It came as a great disappointment to me since I had been using the service for a long time. I have a nice home page set up in iGoogle with news from BBC, CNN, and others; my calendar; a widget for time management; topic-specific news on technology, stock quotes, weather; and some other interesting stuff. It was a page that I woke up to for many days. It seems obvious that the popularity of home page services has been coming down in the recent years; another popular service in this arena, Netvibes has turned into something else entirely. I could have turned my attention to Netvibes after they retire iGoogle, but that won’t happen now. I will miss Google’s home page, and before that I want to find out another portal service that I could love as I do iGoogle. In search for one, I found these great services which can replace iG...
Read the full article »

Should Microsoft Consider Buying Nokia?

By VJ
In a recent talk between Microsoft and Nokia, the two companies contemplated a merger. WSJ reported the story  yesterday, and for quite a while, industry leaders have been cogitating on this move. Since 2011, Nokia has been in tie-up with Microsoft to use Windows Phone operating system on all of its major devices, notably the Nokia Lumia series ( Lumia 920 , 928 , etc). This has helped both companies in great ways. Here is an analysis as to whether the merger could pave way to success to these companies. Nokia Nokia, the Finnish smartphone maker, has been quite big in the market up until Android and iOS destroyed the stronghold of its Symbian OS. Nokia subsequently fell from the top and now has the tenth position in global smartphone market with about 2.8 percent of the market, according to research firm Gartner. Nokia lost its stock value considerably, and the strong stock, which some time in 2007 was trading at a peak rate of 40 dollars, now trades at around 3-4 dollars...
Read the full article »