Your Privacy at Risk
Surveillance is the New Norm
This page has a lot of information on it. The issues are complex and it is very important to our future as a free society that we not only understand what is happening, but what the stakes are and how we can protect ourselves.
Your privacy is at risk like it has never been before, yet most folks think they have no need for concern if they have nothing to hide. They are wrong!
I think everyone's become slightly accustomed to the fact that there's a camera on every street corner, and it's always been necessary in order to keep our country safe. — Olivia Cappuccini
A lot of people assume that those who are under surveillance are quite deserving of that surveillance. That is not true. — Mailyn Fidler
We're being lied to about the necessity and effectiveness of constant surveillance on all of us (not just the criminals or terrorists).
The British security industry association figures there are nearly six million CCTV cameras in the UK. That's one camera for every 11 people. — Veronica Belmont
For a long time, internet privacy seemed to only concern the conspiracy theorists and worriers among us. But these days it's getting harder to tell the difference between reality and an episode of Black Mirror. — Mozilla
These examples are only the very tip of the iceberg.
The rest of this page talks about the reality that we're being constantly spied upon by our governments, corporations, our employers and many others.
See Restoring Your Privacy for the tips and tools to help you restore your privacy in the face of unprecedented attacks on personal freedom by corporations and governments worldwide.
The End of Personal Privacy
Each year the number and severity of data breaches, compromised accounts and more get worse.
The 2017 Equifax data breach saw a delay in reporting the breach while executives cashed out. It provides more than enough information to anyone wanting to commit identity theft, yet if you use the site set up to check if you're personal identity has been compromised, you give up the right to sue.
Besides giving us a remarkably tainted election year,  also provided the worst year ever for free speech and digital privacy rights. And we're not just talking data breaches or hacks either (looking at you, Yahoo!). It was also the year of unabashed social media censorship, questionable advertising tactics, and the proliferation of fake news for clicks and profit. — MeWe
- Check if you have an account that has been compromised in a data breach.
- 10 ways you lost your privacy in 2016.
- If you use Yahoo Mail (or services like Tumblr, Flickr, Fantasy Football), you need to know that 500 million Yahoo! accounts were breached. Here's what to do.
- The biggest hacks, leaks and data breaches of 2016.
- One of the biggest hacks happened last year, but nobody noticed.
- These companies lost your data in 2015's biggest hacks, breaches.
We've seen a series of laws and rules that greatly increase the power of the government and police to gather information on their own citizens and use it without the traditional requirement for warrants or probable cause.
Your cellular provider already tracks your physical location at all times: it knows where you live, where you work, when you go to sleep at night, when you wake up in the morning, and — because everyone has a smartphone — who you spend time with and who you sleep with. — Bruce Schneier
Current trends included allowing U.S. ISPs to collect and sell your surfing data, exclusion of Canadians from privacy protection under U.S. law and the unnecessarily broad powers provided by Canada's Bill C-51.
Privacy a Basic Human Need
There is a reason we have locks on our doors and curtains in our windows.
Privacy is a basic human need.
Fear of Surveillance is Real
The fear of surveillance is realistic and stifles personal expression.
We act differently when we're being followed by a police car.
In the same manner, we don't feel as free to express our creativity when our conversations or Internet activities are being monitored.
Privacy is Not About Hiding Wrongs
How would you feel about every document, photo and file on your computer being printed and posted in a public place? Even more is at stake.
If you believe that you have "nothing to hide" from the prying eyes of the NSA, you shouldn't mind letting a stranger rifle through your bank statements, emails, and photos — right? — ZDNet.com
Protecting your privacy DOESN'T mean you have something to hide.
The most common retort against privacy advocates — by those in favor of ID checks, cameras, databases, data mining and other wholesale surveillance measures — is this line:If you aren't doing anything wrong, what do you have to hide?
… [This] accept[s] the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.
Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that's why we should champion privacy even when we have nothing to hide. — Bruce Schneier: The Eternal Value of Privacy
The debate between privacy and security has been framed incorrectly as a zero-sum game in which we are forced to choose between one value and the other. Why can't we have both? — Daniel J. Solove: Nothing to Hide
Blaming the Victim
This spying while blaming the victim has a strong echo of McCarthyism.
Even if we think we have nothing to hide, all of us, whether world leaders or ordinary citizens, have good reason to be concerned. — TomDispatch
[A] federal court in the Eastern District of Virginia held that individuals have no reasonable expectation of privacy in a personal computer located inside their home. — Electronic Frontier Foundation
More about why privacy matters:
- A Saturday Morning Breakfast Cereal comic examines privacy abuse.
- Glenn Greenwald: Why privacy matters — TEDGlobal October 2014.
- 10 big data analytics privacy problems. The mass collection of personal data needs to have regulation to protect our privacy.
- Appeals court affirms NSA surveillance can be used to investigate domestic criminal suspects.
Everyone is Collecting Information
Everyone is collecting vast amounts of information about you — governments, businesses and the sites you visit on the Internet.
Collecting Domestic Phone Records Unconstitutional
While the stated purpose of NSA (and Canadian) collection of personal phone records is to prevent future terrorist attacks, this abuse of privacy has made us no safer.
The NSA surveillance program collects hundreds of millions of phone records daily. One federal judge criticized the program asbeyond Orwellianandlikely unconstitutional.— Fight 215
We have not yet seen any evidence showing that the NSA's dragnet collection of Americans' phone records has produced any uniquely valuable intelligence. — Senator Ron Wyden
Big Corporations Hijacked the Internet
The Internet was made for everyone but is being hijacked by big corporations that are turning people into products without their knowledge or consent. — The Hidden Business of the Internet
And it is probably going to get worse.
Trade deals like TPP, TISA and TTIP have all been open to input from industry but closed to input from both non-profit groups that look out for the public interest as well as many of our elected government representatives.
It appeared that we'd defeated the TPP then the U.S. negotiation team began making the same demands within NAFTA. One example: they are seeking to invalidate Canadian laws protecting privacy and copyright so that U.S. cloud providers face no restriction on doing business here.
Currently, policies in British Columbia and Nova Scotia require public-sector information — data from universities, hospitals, and government institutions — to be stored in Canada with the intent to prevent public information from being accessed elsewhere. However, that protection no longer applies if that data is stored in the US, and its own protections don't extend to non-citizens. — MotherBoard
Big Data: Tracking Your Every Move
Big Data is the current mantra of organizations. How to obtain it, store it, process it.
If you're using privacy software like Ghostery on your web browser, you've probably noticed that most sites now use invisible web beacons, analytics services, page widgets and other third-party page elements that are secretly tracking your every move.
Even the videos and comments section on these sites are marketing tools. You quickly find that by blocking tracking elements, you can no longer view embedded videos or see the comments left by other site visitors.
More About Big Data
There's more about Big Data on these pages:
- What information is being collected about you?
- Big Data: The eye-opening facts everyone should know.
- The awesome ways Big Data is used today to change our world.
- How is Big Data used in practice? 10 use cases everyone must read.
Social media is a very important aspect of privacy because so much personal information is collected including facial recognition software, comparative and linked data (such as the "Like" button) and more.
- Most, if not all, social media data is being stored outside Canada and no longer has the protections afforded by Canadian law.
- Most webmail is stored on servers in the U.S. or other countries.
- Your emails are scanned to profile you to serve ads, alter search results, and other purposes based upon the emails you send and receive if you're using Gmail, Yahoo! mail and similar services.
"If the government said you have to have a tracking device, for certain you would rebel," notes Schneier. "But the government doesn't have to say that because you do it willingly and they just get a copy of the data." — Bruce Schneier
The Guardian reports that
- 300 hours of video are uploaded to YouTube every minute.
- 500 million tweets are sent every day.
- 30 billion WhatsApp messages are sent every day.
- 40 million photos are uploaded to Instagram every day.
From the dawn of civilization until 2003, humankind generated five exabytes of data. Now we produce five exabytes every two days…and the pace is accelerating. — Eric Schmidt
Facial recognition is nearly perfect and is now being deployed in businesses and government services around the world. There has been an explosion of the number of cameras in public areas — often accessible via the Internet.
However, much like with other technology, the legal framework to protect your privacy has fallen far behind which places us at risk.
A report by Georgetown Law Center for Privacy and Technology estimates that about half of US adults — more than 117 million people — have their images logged in a facial recognition network of some kind — a trend civil liberties group the Electronic Frontier Foundation describes as "a real and immediate threat" to privacy. — BBC
Windows 10 is Spyware
Windows 10 is spyware and Microsoft cannot be trusted.
Windows 10 is spying on you, especially if you're using the default privacy settings during installation, log in using your Microsoft Account and use Cortana.
With Windows 10, Microsoft has failed to be completely transparent with users about just what is going on in the background. Sure, the information is out there, but it is hidden away, difficult to interpret, and — let's face it — not something that the vast majority of people are going to spend the time to hunt down and digest. — BetaNews
The Microsoft Services Agreement revised at the same time as Windows 10 is a 12,000-word document where you essentially agree to give up your privacy.
Even the contents of your emails and documents stored in private, offline folders can be subject to scrutiny and “disclosure” (to unspecified parties), according to the wording of Microsoft's privacy policies. — Bernard Marr
This information is already collected by mobile devices.
By making Windows 10 mobile-first, cloud-first on desktops and laptops, Microsoft effectively extended this lack of privacy.
In less than 3 years Windows 10 will become the only Microsoft option.
Prior versions of Windows, including Windows 7 and Windows 8.1, have limited support when running on new processors and chipsets from manufacturers like Intel, AMD, NVidia, and Qualcomm. — Microsoft
Microsoft's Unethical Practices
Microsoft's tricks and schemes to get Windows 7 and 8 users to move to Windows 10 were unethical at best:
In May 2016, in an action designed in a way we think was highly deceptive, Microsoft actually changed the expected behavior of a dialog window, a user interface element that's been around and acted the same way since the birth of the modern desktop. Specifically, when prompted with a Windows 10 update, if the user chose to decline it by hitting the ‘X’ in the upper right hand corner, Microsoft interpreted that as consent to download Windows 10. — Electronic Frontier Foundation
Updates Reset Privacy Settings
Microsoft has made automatic updates mandatory in Windows 10 and seems to reset privacy options to their more-revealing defaults during major updates rather than respecting the user's wishes for privacy.
Too Little, Too Late?
Microsoft has begun to respond to these issues.
On January 10, 2017 a new web-based privacy dashboard was released where you could manage your browse data, clear your search history on Bing, review and clear your location data and edit Cortana knows about you.
But is it enough to restore trust?
Apple Treating Privacy Differently
It doesn't have to be like that. Here's a new Apple policy related to the information they collect to help you navigate using their maps application:
[S]ome of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. They're gobbling up everything they can learn about you and trying to monetize it. We think that's wrong. And it's not the kind of company that Apple wants to be.
Maps is also engineered to separate the data about your trips into segments, to keep Apple or anyone else from putting together a complete picture of your travels. Helping you get from Point A to Point B matters a great deal to us, but knowing the history of all your Point A's and Point B's doesn't. — The Washington Post
Your Devices Are Watching You
The problem of privacy is only going to get worse as the Internet of Things evolves. Already there are more connected devices than people in the world. There is an imminent explosion of devices that will track every aspect of our lives.
Virtually every “smart” device is gathering information on you (perhaps including your private conversations). From connected baby monitors to smart TVs to video cameras, everything is being connected — the majority in a very insecure manner that can be hacked.
This isn't an isolated incident. Visio surrendered to a lawsuit charging them with collection viewing data on 11 million consumer TVs.
Many people feel safe with a printed document, assuming it can't be traced.
The U.S. government made a secret deal to place yellow dots onto every page printed from many (perhaps most) colour laser printers, ostensibly to track counterfeiters.
We've found that the dots from at least one line of printers encode the date and time your document was printed, as well as the serial number of the printer. — Electronic Frontier Foundation
Smart Meters Reveal Much About You
Analogue meters simply recorded the total amount of electricity used between readings.
Smart meters do more than simply remove the need for meter readers to visit your home or business a few times a year. They record the timing, duration and quantity of electricity you use.
Privacy information begins at the video's 24:24 mark but I strongly recommend watching the entire presentation.
Legislation will likely be required to manage this “no holds barred” collection of personal data just as certain questions are no longer acceptable on an employment application and access is provided to challenge your credit reporting data.
Current Trends Contrary to Privacy
Current trends in the U.S. are contrary to this protection and it will be an uphill battle.
Not only is this culling of data extremely profitable, but these companies spend a great deal of money lobbying for a relaxation of existing laws. Even politicians that should be protecting our rights want to know the demographics that will get them re-elected regardless of the threat to our privacy.
Not only have [U.S. lawmakers] voted to repeal a rule that protects your privacy, they are also trying to make it illegal for the Federal Communications Commission to enact other rules to protect your privacy online. — Bruce Schneier
This isn't just your browsing history or cookies. It's geolocation data, financial info, passwords, health info, even your Social Security Number. Anything you do, any data you enter, any online video you watch, any email you write. Your ISP could store it all and sell it for their own profit if Congress throws out the FCC rulings. — SaveBroadbandPrivacy.org
Remember, this isn't just what you're typing into your browser. More and more our applications have moved from our computer to become Software as a Service (SaaS) — software running on the Internet. Even our operating systems like Windows 10 are moving that direction. If this trend is allowed to continue, we'll soon have even less control (or potentially ownership) of our own data in the future.
- Save Broadband Privacy.
- Congress repeals Internet privacy rules.
- Five creepy things your ISP could do if Congress repeals the FCC's privacy protections.
- Snoops may soon be able to buy your browsing history. Thank the US Congress.
There are bound to be abuses by law enforcement of any tracking system.
No Privacy for Canadians in the U.S.
Trump's 'no privacy for non-Americans' order is not encouraging but don't be fooled into thinking that other governments are benevolent.
Private data for citizens of Lithuania, Estonia, Malta and the Netherlands receive greater legal protection from the U.S. than Canadians' data does. Canada is NOT designated as a “covered country” even though we share a huge common border and they are our largest trading partner and have some of the toughest copyright laws.
Fight for our Privacy
To make matters worse, a great deal of Canadian Internet traffic flows in and out of the U.S.
Add your name to the letter to these ministers to demand that they take action to fight for our privacy at Fight for our Privacy.
“We're Only Collecting Metadata”
Many organizations indicate that they are “only collecting metadata.”
Try asking any of these organizations for their metadata and you'll have a visit from their lawyers. Apparently they view their privacy as more important than yours.
Why Metadata Matters
Research has shown that using only call metadata, the government can determine what your religion is, if you purchased a gun or got an abortion, and other incredibly private details of your life.
Former director of the NSA and CIA, Michael Hayden, recently admitted:We kill people based on metadata.
And former NSA General Counsel Stu Baker said:metadata absolutely tells you everything about somebody's life. If you have enough metadata, you don't really need content.— Electronic Frontier Foundation
How revealing metadata can be is demonstrated in these three (rather obvious) examples presented by Kurt Opsahl at CCC on December 30, 2013:
- They know you rang a phone sex service at 2:24 a.m. and spoke for 18 minutes. But they don't know what you talked about.
- They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
- They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don't know what was discussed.
Why metadata matters further expands this concept and helps you to better understand what metadata is and how it affects us.
Anonymous No More
A more intensive look at telephone metadata reveals much more. Your privacy could be compromised by linking the timing of anonymous data to data that directly identifies you via credit card, hotel stays and more.
All this can be used to build a profile of you that may make judgement calls which are then processed as “facts” by other parties. Metadata IS surveillance.
Even something like Alfred Kinsey's sex research data from the 1930s and 1940s isn't safe. Kinsey took great pains to preserve the anonymity of his subjects, but in 2013, researcher Raquel Hill was able to identify 97% of them. — Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World by Bruce Schneier
Much more data is collected today. We can no longer blindly provide access to all our personal data assuming it is truly anonymous.
Hacks and Security Breaches
While organizations are happy to collect your private data, they aren't spending nearly as much protecting it as they do their own private information.
These companies seldom report the loss until much later (often years later) and are not financially responsible because of their vague terms of service and poor privacy policies.
You only need to look at the way Facebook, Hotmail and others so quickly changed their privacy policies to enhance their profitability. You're on your own when it comes to protecting your identity.
If the service is free, then you are the product. — The Day We Lost Everything
Governments Collecting More
[K]now that every border that you cross, every purchase you make, every call you dial, every cellphone tower you pass, friend you keep, site you visit, and subject line you type, is in the hands of a system whose reach is unlimited but whose safeguards are not. — CITIZENFOUR documentary
Everything We Know About NSA Spying is an excellent YouTube video about NSA spying. It shows just how extensive the reach of this program is and how easy it is to become a target.
- Fighting for privacy, two years after Snowden.
- Mikko Hypponen: How the NSA betrayed the world's trust.
- What can government security agencies tell from your phone's metadata?
In the "new propaganda era" we are entering, where the frontier between information, communication and propaganda becomes blurry, the world needs independent journalists, who engage in the pursuit of the truth, who respect standards of ethics, and whose mission is to give citizens of this world tools to understand what surrounds them. That is to say, in a word, free journalists. — Defence Handbook For Journalists and Bloggers
Governments Collecting More Personal Information
Governments are collecting more about you and your Internet activities.
Never in history has a surveillance state and a representative form of government existed side by side. A free society and a surveillance society cannot be reconciled. Biometrics is the linchpin to a surveillance society. — Constitutional Alliance
Never give a government a power you would not want a despot to have. — John Gilmore
Canadian Government Double Standard
The Canadian government will not allow its data to be stored on servers outside Canada. Canadians should be similarly concerned about the loss of privacy and protection.
However, the government is much less concerned about your privacy. They continue to share data about their own citizens with the US and other Five Eyes partners — even unconfirmed data that has cost innocent individuals their freedom.
Overseas Privacy Threatened
Microsoft successfully fought a December 2013 federal search warrant demanding that the company release emails stored in Ireland.. This demand that data stored on overseas servers be made available should concern everyone. The US is not the only country doing this.
The revelations of NSA searches on U.S. servers has cost American tech companies, forcing them to build servers overseas rather than hosting them all in the United States. This case clearly had implications for these companies being abandoned if foreign customers felt their privacy was threatened even with servers hosted in their own country.
You can find out more about governments collection of personal information at:
- Privacy Rights Clearinghouse.
- Electronic Frontier Foundation defending your rights in the digital world.
- Privacy International is committed to fighting for the right to privacy across the world.
- Surveillance Self-Defense is a guide to protecting yourself from electronic surveillance.
Other reports about privacy and surveillance:
- Online Censorship News is an on-going log of events concerning censorship around the globe.
- The year that governments struck back: Seven things you need to know about privacy in 2014.
- The chilling effect of domestic spying.
- It's time for our governments to stop eavesdropping and start listening .
- Canadian privacy stories.
- Lavabit owner found no justice when indicted for refusing to provide customer passwords.
- 8 million reasons for real surveillance oversight.
- Criminal DNA collection laws “for identification” could easily be misused.
- Surveillance State: NSA Spying and more.
- Security expert Bruce Schneier on passwords, privacy and trust .
- Your interest in privacy will ensure you're targeted by the NSA.
- Ten international organizations trying to hack into your computer.
- Google faces more government demands for user info.
Less than 50 percent of the government requests for user data were complied with in Canada, Chile, France, Hong Kong, Mexico, the Netherlands, Russia, Turkey and South Korea.
- Online privacy: using the Internet safely.
- Integration of Drones into Domestic Airspace: Selected Legal Issues (PDF–363 KB) discusses the legal issues surrounding small drones and personal privacy.
- Old Technopanic in New iBottles is a look at encryption to protect privacy following the release of Apple's default encryption.
- For sale: Systems that can secretly track where cellphone users go around the globe.
DRM is supposed to stop illegal use of software and media while not interfering with legal use.
DRM creates a damaged good; it prevents you from doing what would be possible without it. — Defective by Design
…trying to make digital files uncopyable is like trying to make water not wet. — Bruce Schneier
DRM is based upon the supposed millions of dollars of lost sales due to piracy. The main assumption in punishing piracy is that everyone that downloads a pirated song or movie would have paid for it. The EU suppressed a 300-page study that found piracy doesn't harm sales.
Interestingly, if similar laws were in place when these companies got started, they wouldn't have been the success they are today.
Imagine demanding that these corporations provide public access to their payroll information and bank statements so we could ensure they weren't abusing the funds we provide to them.
DRM places unreasonable restrictions that sacrifice your privacy to ensure corporate profit.
These companies don't want a free web. They think they make money by limiting your freedom. — Defective by Design
DRM Affects Privacy
If consumers even know there's a DRM, what it is, and how it works, we've already failed.— Peter Lee, Disney Executive in 2005.
One example of how DRM can affect your privacy is Amazon's tracking of where you are in a Kindle ebook. They tell you how long it would take to finish it at your current reading speed but also control how you use Kindle content.
Too often the Digital Millennium Act (DMCA) has been used to stiffle legitimate uses.
It's certainly easier to implement bad security and make it illegal for anyone to notice than it is to implement good security. — Bruce Schneier
Researchers are prevented from discovering security flaws in software. John Deere used it to prevent farmers from repairing their own equipment. Volkswagen used it to hide faked emission control data.
After Apple changed their DRM policies when Apple Music was released some users report losing copies of their own music when unsubscribing from the service.
I experienced this removal of music and as a result seldom listen to music on my iPhone anymore. It was simply too much trouble to restore the music I was actually listening to.
TPP and other trade agreements are designed to increase corporate control worldwide.