Skip to main content

Microsoft, Google Reveal How Much of Your Data Were Shared With the Government: Security Concerns in Your Technology World!

By VJ
government spying

ECPA (the Electronic Communications Privacy Act) of 1986 in the United States has enabled the US government to legally seek information from online service providers about various activities conducted by their users. It had a major amendment in the form of the Patriot Act of , in response to the 9/11 attacks. With this amendment, the government and agencies affiliated to the government, such as the FBI, NSA, etc., can demand information about user activities from any company. Google, in its transparency report about user data requests, did reveal the information demanded by government agencies. Quite recently, Microsoft also outed how much data has been requested from the company by the use of this law.

Through the amendment known as the Patriot act (USA PATRIOT Act), law enforcement agencies are capable of demanding information required for further investigation and evidence-gathering through what is known as National Security Letters (NSL).

ECPA, Patriot Act, and NSL


Basically the Electronic Communications Privacy Act has been prepared to enable the law enforcement agencies to gather information about electronic communications of the population, while still upholding the privacy rights of every individual. Seems a bit difficult or far-fetched to implement, doesn’t it?

ECPA includes three major parts—the Wiretap act, Pen-register act, and Stored communications act. About a month after the September 11 attacks on the United States, the government passed an amendment to the ECPA in the form of Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2011. Based on this act with a blatant acronym, government agencies like the FBI are able to issue something known as National Security Letters (NSL) to any online service provider—your web host, email provider, social network, etc.—in order to gather information about specific individuals that they believe are working against national security. If you wish to know in detail about NSLs, read this .

US agencies, Pentagon, the CIA, and specifically the FBI have been issuing NSLs since 2001, after the Patriot act made it possible to issue NSLs without much hassle.

an example of a national security letter

As in the letter shown here, the FBI is requesting certain type of information from a service provider, and as per the ECPA guideline of privacy concern, certain information, such as the subject and content of an email need not be sent to the agency.

In the year 2012, Google and Microsoft had received thousands of NSLs from the government requesting information on certain account holders. An important thing is that the NSLs require the company to not disclose the fact that it received an NSL to the account holder (something known as a gag order). Also, the company cannot disrupt or close the service to the individual, thereby alerting him that something wrong (such as a police investigation) is happening on his account.

These clever requirements of the NSL keep you feeling safe while your data is being snooped at.

Google’s data shows about 16,407 NSLs from the US government, 2883 requests from the UK government, and 4750 requests from the Indian government for account transaction data from its database.

Microsoft has also divulged the information, and about 11,073 requests concerning 24,565 accounts were initiated by the US government. UK had 9226 requests concerning 14,301 accounts, and the Indian government had 418 requests.

As per the law, certain information has to be passed on by these companies when a request is raised. The company also can neither reveal the details of the request, nor disrupt the service given to the concerned account holder.

Web Services Do Track Your Data


So far, only Google and Microsoft have provided us with the data concerning NSLs. The law enforcement agencies may require information from any web service provider regarding its users. Web hosting companies, email providers, cloud storage service providers, instant messaging providers, social networks, blogs, web apps, etc., all may be required to provide information through an NSL. It is to be noted that nothing is safe.

Already, there is a lot of concern regarding the privacy rights of individuals after the Patriot act was passed in 2001, without apparently much inspection into its content and implications. One thing that probably gives you some relief is that the law prohibits the agencies from gathering some information, such as the subject and content of an email.

Today, as everything that you do online can be tracked precisely, your privacy is not properly guaranteed. Some of you may believe that your data may be tracked only if you log into your account, such as your Google account or your Facebook account. That is not the case. Even if you log out of all accounts, and clear all your cookies, and then browse the web through the anonymous browsing option, such as the Incognito window on Chrome or InPrivate browsing on IE, data about your computer can be tracked.

visitor tracking on a web page

Every website on the planet has the capability of logging some information about your visit to that site, such as the time, IP address, your location, your browser, operating system, the version, support for Flash and JavaScript, screen resolution, the page from which you are visiting (the source), the search query you used to find the page, whether you are a new visitor or a returning visitor, etc., in real time. A little bit terrifying, isn’t it?

With such data tracked through every web application that you know, gathering information is not a difficult thing for law enforcement agencies.

How to Be Safe


You had better not do anything that violates the law of the land or that borders on outright treason. Any terrorist activity conducted through the services of these tech companies is not in public interest and should be prosecuted. For ordinary people, staying secure online and keeping your information private is an important concern.

As we mentioned earlier, only certain type of data is transmitted to the law enforcement when an NSL request is made. Microsoft provided the information about what is divulged. Here is it.

Information shared with the government

As you can see, the main information that is given out includes your first and last name, the location, and the IP address, which can identify your computer in the Internet. The IP address is the potential target in this case. Since every web service does have the power to log your IP address, and the fact that there is a court ruling in the US in 2009 identifying IP addresses as not personally identifiable information (PII), makes it possible to target you based on your IP. This is especially the case if you have a static IP (that doesn’t change).

You may probably know that you should never ever disclose your IP address to the public. It is a unique code that identifies your device (whether it is your computer, tablet, or smartphone) in a network, such as the Internet. Although there are ways to mask your computer’s IP (making it invisible or stealth) with the help of a firewall application, it has never been regarded as entirely safe to divulge IP addresses.

Hence, as a first step, make sure you have a good firewall running and do not ever disclose your network information to anybody. It goes without saying how protective you should be of your password. This article explains it clearly how good your password has to be in order to ward off hacking attempts.

The computer’s password is another important thing. As long as it is connected to the Internet, make sure that you have good password on the computer. Even tablets and smartphones should have good passwords to protect them. But the story doesn’t end there. Check out this BBC video that disturbed iPhone users some time back.



That is a perfect example of how insecure some of our gadgets can be. As an update, here is something that we found very recently [Updated]:



We have strayed away from government agencies requiring information from web service providers about account holders, to hackers gathering information about your device. In a recent post in Krebs on Security, you see how Microsoft’s popular service Skype is divulging your IP address to the public. That is pretty disturbing indeed to Skype users. In our world filled with security holes, there are only two recommendations that I can make to you to protect yourself.

  • Firstly, make sure that you take advantage of every single security option that your device and your service provider gives you. Such as two-factor authentication, passcodes, passwords (strong ones), screen locks, firewalls, etc., and keep updating your software or hardware and get security fixes as they come up.
  • And secondly, please do not disclose your security information to anybody. As in the rule ‘if it’s too good to be true, it probably is’, if someone is socially engineering you to give out some important information, it probably is just that (social engineering). So, don’t divulge anything that people other than you don’t need.

By doing these two steps, will you be safe? Well, it is not quite guaranteed.

Conclusively


As long as you are using the Internet and its best services, you are never going to completely ward off governmental snooping. Be just content that you are not living in a country like China or Russia, where governments are not only spying on individuals, but also within itself. In some countries, the snooping is generally illegal and should be done in accordance with individual privacy laws of the land. That is the only protection that people have.

To be cool, post your comments exactly when you start following us @bluebugletech. This can be done by opening that Twitter page on your phone and then clicking on that follow button exactly when you are clicking on submit comment button on this page on your computer screen. Or vice versa ;-)

[Image: CIO]
Labels:

Popular posts from this blog

A Tablet Running Both Windows and Android Side By Side

By VJ
The latest innovation from Samsung is the ATIV Q tablet, a streamlined 13-inch tablet that is extremely powerful and not that chunky for a tight competitor to the likes of Microsoft Surface Pro. It is thin, extremely powerful, and has a large brilliant QHD resolution screen, which is higher than Full HD. QHD is 3200x1800 pixels, while FHD is 1920x1280 pixels. Let’s take a brief look at this device. Technical Specifications The tablet-laptop mash-up is not yet in the market. We may update this post as it is made available in the market. Here are the brief technical specifications of the tablet. Display 13.3 inch; 3200x1800 px (the highest in the market); 16 million colors Processor Intel Haswell Core i5 processor (details unknown) RAM 4 GB Graphics Intel HD 4000 Storage 128 GB SSD Battery life 9 hours of usage Operating system(s) Android 4.2.2 Jelly Bean; Windows 8 ...
Read the full article »

10 Worst Android Antivirus Apps You Can Get

By VJ
Are you careful about the security of your smartphone? For your Android device, Google Play store offers a number of antivirus apps. There are paid and free apps from professional companies like Avast!, Kaspersky, and Lookout, as well as free antivirus apps that install and work relatively faster. Among the security apps found on the Play Store, there are a number of free, lightweight ones, most of which enjoy a great number of downloads and high ratings. Most of the ratings are done by people who find the interface easy to use, but have no idea whether the app actually works or not. Many of us feel the app is great if the interface is cool, don’t we? It is painful to note that most of these free apps not only fail at most antivirus tests, but experts regard them to be incapable of detecting any threat. Last year, the latest mobile antivirus test report was published by AV-Test.org , in which they tested and rated the best and the worst antivirus programs among multiple platforms. ...
Read the full article »

Why Apple’s Retina Display No Longer Matters?

By VJ
Apple trademarked Retina Display in Nov, 2012. Retina Display is one of the major attractions of Apple’s top products. Introduced with the iPhone 4, during Steve Jobs’s reign, it sure sold quite a number of iPhones in two years. At this time, however, is Retina Display still relevant? Should Apple be actively marketing this feature at all? Let’s see. What Exactly Is It? Retina Display or any display at that matter has a particular ppi ratio (Pixels Per Inch). [ Learn about pixels ]. If, on a display panel, there are more than a fixed number of pixels in every inch, that display will be rich enough to avoid the pixelation issue given by older, low pixel-density devices. If you can see individual pixels, such a display looks rather dull. Look at this image below. One of half of the Apple logo is pixelated, and you can see the difference. Creating too many pixels and cramming them up within a display is a very expensive job. This is the reason why mainstream smartphone manufacture...
Read the full article »