Adobe Eases Privacy Concerns

Tests on the latest version of Adobe System’s e-reader software reveals the company is now collecting less data following a privacy-related row last month, according to the Electronic Frontier Foundation.

Digital Editions version 4.0.1 appears to only collect data on e-books that have DRM (Digital Rights Management), wrote Cooper Quintin, a staff technologist with the EFF. DRM places restrictions on how content can be used with the intent of thwarting piracy.

Adobe was criticized in early October after it was discovered Digital Editions collected metadata about e-books on a device, even if the e-books did not have DRM. Those logs were also sent to Adobe in plain text.

Since that data was not encrypted, critics including the EFF contended it posed major privacy risks for users. For example, plain text content could be intercepted by an interloper from a user who is on the same public Wi-Fi network.

Adobe said on Oct. 23 it fixed the issues in 4.0.1, saying it would not collect data on e-books without DRM and encrypt data that is transmitted back to the company.

Quintin wrote the EFF’s latest test showed the “only time we saw data going back to an Adobe server was when an e-book with DRM was opened for the first time. This data is most likely being sent back for DRM verification purposes, and it is being sent over HTTPS.”

If an e-book has DRM, Adobe may record how long a person reads it or the percentage of the content that is read, which is used for “metered” pricing models.

Other technical metrics are also collected, such as the IP address of the device downloading a book, a unique ID assigned to the specific applications being used at the time and a unique ID for the device, according to Adobe.

Source

Google Fights NSL Over Data Privacy

Google is fighting a National Security Letter (NSL) issued by the US government, with the Electronic Frontier Foundation (EFF) acknowledging it is one of the first firms to do so.

Google took the unusual step last month of revealing, albeit in vague terms, the number of NSLs it received from the US government. At the time the company said it was working with the authorities to improve transparency around the subject, but according to court filings it is also fighting against handing over users’ data.

In March, Google filed a petition to set aside a legal process. Kevan Fornasero, a lawyer for Google said in the filing that petitions “filed under Section 3511 of Title 18 to set aside legal process issued under Section 2709 of Title 18 must be filed under seal because Section 2709 prohibits disclosure of the legal process”.

Fornasero’s reference to Section 2709 refers to the ability of the FBI to issue NSLs and force the handover of user data. According to the EFF, Google is one of the first communications companies to fight an NSL, but because Section 2709 doesn’t allow firms to disclose the legal process, few people can be certain that others haven’t tried to stand up to the US government.

Matt Zimmerman, a lawyer for the EFF said, “The people who are in the best position to challenge the practice are people like Google. So far no one has really stood up for their users’ among large Internet service providers.”

Google has tried in recent years to provide users with some information on how it deals with government agencies’ requests for user data. If the firm can succeed in its fight against NSLs then it could open the floodgates for others to stand up against a law that some see to be nothing more than a snooper’s charter.

Source

‘Do Not Track’ Internet Legislation, Advances

California is a moving closer to making  into law the first Do Not Track legislation in the U.S., aimed at protecting Internet users from invasive advertising.

The proposed Senate bill, SB-761, passed a Senate Judiciary Committee vote late Tuesday, but it still has a long road ahead before having a chance of being signed into law. It now moves on to the Appropriations Committee, and must also pass the Senate and State Assembly before being sent to Governor Jerry Brown’s desk.

Still, it’s the first time such a bill has made it out of committee, and that’s a big deal, according to John Simpson, director of Consumer Watchdog’s Privacy Project. “This is the first time that a ‘do not track’ bill has actually had a hearing and been debated and then voted forward in the legislative process,” he said.

The bill would give California consumers a simple way of opting out of data collection systems that keep track of their online activities. “It puts up a no trespassing sign on our device,” Simpson said.

Opponents of the bill, including Google, the Direct Marketing Association, and the wireless industry group CTIA, say it puts an unnecessary burden on online commerce.

Online marketers love this type of data because it helps them fashion highly effective targeted advertising. But many consumers don’t want to hand marketers every detail of what they do on the Web.

Under the proposed law, users would have a way — possibly a through a browser setting — of telling Web sites not to track them. If a company disregarded this and collected data without permission, it could face stiff fines.

Read More…

FTC Singles Out Google’s Chrome

Federal Trade Commission Chairman Jon Liebowitz this week singled out Google for not adopting “Do Not Track,” the privacy feature that allows consumers the ability to opt out of online tracking by Web sites and marketing entities.

In an interview Monday with Politico, Liebowitz called out Google for not supporting Do Not Track in its Chrome browser.

Noting that Do Not Track had gathered momentum, Liebowitz said, “Apple just announced they’re going to put it in their Safari browser. So that gives you Apple, Microsoft and Mozilla. Really the only holdout — the only company that hasn’t evolved as much as we would like on this — is Google.”

Do Not Track has been promoted by the FTC and by privacy advocates including the Electronic Frontier Foundation (EFF), as the best way to help consumers protect their privacy.

The technology requires sites and advertisers to recognize incoming requests from browsers as an opt-out demand by the user. The information is transmitted as part of the HTTP header.

As Liebowitz said, Microsoft and Mozilla have added Do Not Track header support to their Internet Explorer 9 (IE9) and Firefox 4 browsers. While Apple hasn’t confirmed that the next version of Safari will include Do Not Track, developers have reported finding the feature in early editions bundled with Mac OS X 10.7, aka “Lion,” the upgrade slated to ship this summer.

Read More….