Your cellphone, your digital camera and your color laser printer may be betraying your privacy without your knowing it, Eva Galperin, an activist with the Electronic Frontier Foundation (EFF), told a sparse audience at the Web 2.0 Expo Thursday.
The EFF classifies software or devices that act behind the user’s back to actively betray their privacy as “traitorware,” Galperin said.
“The EFF is particularly interested in the issue of traitorware because we are a digital civil liberties organization,” Galperin stated.
Every Call You Make …
In one instance, a German politician sued his cellphone company in order to find out what information it had about him and his account, Galperin told the audience.
The company had been tracking him for months and knew whom he was calling, how long he was calling for, and the contents of his email and text messages, Galperin disclosed.
The politician, Malte Spitz, found that his carrier, Deutsche Telekom, had recorded his location on more than 35,000 occasions over a six-month period, according to a New York Times report.
Spitz, a privacy advocate, had battled Deutsche Telekom, the parent company of T-Mobile USA, for six months in court to get it to hand over the data.
“All this information is sitting around on your cellphone company’s records ready to be subpoenaed,” Galperin stated.
“We know that the EU has considerably more stringent privacy laws than the United States, and so there’s a reason to believe that cellphone companies in the United States are even more likely to keep data on who you are and who you’re calling and where you’re going,” Galperin elaborated.
Taking Cellphone Betrayal Further
Cellphones may soon be able to invade users’ privacy to an even greater degree.
Apple filed a patent for technology last August that it said could identify unauthorized users of its iDevices by recording the authorized owner’s voice, heartbeat and mug shot and storing the data in the operating system.
When anyone else tries to use the iDevice, it will grab that person’s biodata and compare it to what is already stored in the database. If they don’t match, the operating system will be able to shut down sensitive files and restrict the use of others.
The act of capturing the iDevice owner’s biodata is in itself an invasion of privacy unless Apple specifically indicates it’s going to do this and gets the owner’s permission.
About Sony BMG
Another example Galperin cited was Sony’s BMG effort. Back in 2005, Sony introduced a rootkit into its music CDs to prevent people from copying those CDs. That led to a public uproar and lawsuit from the EFF when Sony denied there was a security problem.
“If you had the temerity to uninstall this secret driver it would destroy your hard drive,” Galperin said.
At least 15 different class action lawsuits were filed; later, those filed in New York were consolidated into one proceeding. Sony finally settled the lawsuit in 2006.
Digital Cameras Are Traitors Too
The geotagging device in digital cameras may be a cool tool, but it can also cause users grief.
Adam Savage, a member of the Discovery Channel’s “MythBusters” team, found this out first hand.
“Adam last year tweeted a picture from his home and was unaware that his digital camera was geotagging the location of the photo, which made people aware of where he lives,” Galperin announced.
Itsy-Bitsy Teenie-Weenie Yellow Polka-Dotted Printouts
Some color laser printers include “barely visible” yellow dots which appear on documents they print out, Galperin said.
These dots indicate when the document was printed, the name of the user printing the document, and the serial number of the printer that output the document, she elaborated.
“The yellow dots of mystery came into being at the request of law enforcement agencies who were particularly interested in using them to find forgeries,” Galperin told the audience. “But they only really work if they’re entirely clandestine and they were really upset when we discovered it and put up a website to help people decode the dots,” she added.
Fending Off the Traitorware
Consumers may be able to do little to keep themselves safe from traitorware.
“Adam [Savage] is a relatively tech-savvy human being, and even he made a mistake that let all his fans know his home address,” Galperin pointed out.
The burden of protection lies with the hardware and software developers, Galperin said. They have to ensure they get the user’s informed consent if they have a cool new feature in their product. They also have to make sure they don’t leave privacy open by default, Galperin recommended.
“If your business model is giving away your users’ data without letting them know, you’re probably making traitorware,” Galperin said.
“A few things will happen. The first is a publicity nightmare. You’ll lose the trust of your users. Finally, the EFF will be professionally angry at you,” Galperin warned.