Privacy advocates and law enforcement are currently at odds over this issue when it comes to internet activity. In a recent case, a search warrant has been issued to Google over an identity theft crime.

The victim in the case had funds stolen from their bank account, and the transactions were completed due to a fake U.S. passport.  With so much information about the victim used in the crime—including name, birthdate, a photo, and Social Security number—someone may have gained access to this person’s personal data online.

The search warrant in question is what has experts concerned. Authorities investigating the case want Google to turn over any information they have, including IP addresses, for anyone who searched for the victim’s name online between December 2016 and January 2017. A judge has found sufficient reason for the information to be turned over to the police, and has signed off on the warrant.

As might be expected, Google is not pleased by this request. Anyone is free to use the search engine, whether they create a Google account or not, so providing the IP address of every individual who searched for that name would not necessarily mean they’d uncovered the guilty party. Moreover, there’s a matter of trust at stake; tech users aren’t fond of having their internet activity tracked and they certainly don’t want that information turned over to the authorities.

This type of conundrum is a fact of the digital age, and it’s possible that it will only grow as new forms of internet crimes and new methods of investigation come along. As with any type of criminal matter, it’s important to weigh the right to privacy against the needs of society, and vice versa.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

A recent 50-48 Senate vote seeks to overturn privacy regulations enacted under the Obama administration.

The rule basically barred internet service providers (ISPs) from gathering, storing, and then selling your internet use to advertising firms or other interested parties. The privacy regulations were enacted last fall by the Democratic majority at the Federal Communications Commission, something Republican leaders have been working to undo.

These regulations in no way interfered with the work of law enforcement, but instead pertained primarily to advertisers. So what’s wrong with advertisers knowing a little bit of information about you? After all, advertising makes the internet affordable, and wouldn’t you rather only see ads for products you actually want?

Take this example. Mastercard filed a patent in 2015 for a concept that allows it to track your purchases and then sell that information online. One of the proposed purposes is reportedly figuring out what size clothing you buy, what types of food you buy, whether you have a gym membership or not…and then informing the transportation companies about your approximate size based simply on your purchase history. In theory, this could be used to spread passengers’ weight evenly throughout the plane, train, or bus, but privacy advocates fear that it’s really about discriminating against overweight consumers by charging larger passengers a higher fare.

In a much more ominous case, law enforcement officials were granted a warrant that was served to Google, demanding all of the IP addresses—the “signature” that individual computer connections are assigned when online—for everyone who searched for a specific person’s name over a two-month period. The name belongs to a victim of identity theft, and officials want to locate everyone who looked up the victim’s name. Google, who states that it doesn’t even have the technology to track and provide that information, has refused to comply on the grounds that IP addresses are not as foolproof as something like fingerprints and therefore don’t provide the name of the actual perpetrator.

Some politicians say this move to strip away the privacy regulations won’t change anything about consumers’ internet privacy, but techxpertsdisagree. One of the chief rules in these regulations is that your ISP has to get your permission before turning over your internet browsing history, the apps you use, your health and fitness information (something that’s gathered if you use a fitness tracker, for example), and your physical location.

One of the interesting features about today’s current political climate is the fresh wave of activism that citizens are engaged in nationwide. More and more consumers are reaching out to their representatives and weighing in on a large number of hot-button topics, and advocates expect that this issue will be no different. Individuals who wish to contact their Representatives—as the vote will now go to the House—can locate their names and contact information by clicking here.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

It takes only one infected app to take down an entire network.

Personal cell phones in the workplace have become a rather controversial topic in recent years. Early on, back when businesses used to ban personal devices, the result was astounding costs to issue phones and tablets to employees. With the adoption of bringing your own device (BYOD) policies, the costs went down but the dangers went up. Apart from the mundane concerns of employees checking their phones constantly or using them to access social media on company time, there are very real risks associated with them.

One study of the Android operating system has found that it would only take a single infected app to completely take down the entire US 911 emergency call system with a DDoS attack. How could something as simple as a game or streaming movie app disrupt an entire nation? The Android platform is based on the idea of open source code, or the ability to let others build their own apps and sell them to the public in third-party app stores. Since it’s difficult for hackers to break into an app like Netflix they create a fake version that looks and acts like the real deal. Users download the “wrong” version by mistake and never know that it’s full of malicious code.

When you go to work and connect to your company’s network with your phone, that malware infects the entire network. This is just one example that makes many employers feel they should have the right to inspect any phones that connect to the network, whether they’re company owned or personal.

According to privacy and employment practices experts, that may just be legally allowable. Without clear federal legislation about how this kind of technology impacts citizens, the rules are usually left up to the individual workplace. That means depending on the company—and in some cases, even depending on the location—the rights to privacy you think you had at one job are no longer in place at another job.

This is just one more reason why it’s a smart move to have an employee handbook that addresses technology and internet use at work. This type of issue can readily be explained before anyone carries any device into the facility and attempts to connect to the network. Any surprises can result in hurt feelings at the very least, and termination or lawsuits at worst. Of course, a solid technology handbook is good for all employees and would encompass other aspects of network security and data breach prevention as well.


How much information are you putting out there? It’s probably too much. We are here to help you stop sharing Too Much Information. Sign up for the TMI Weekly.

It’s tough to be famous. Having A-lister celebrity status and the wealth that goes along with it might seem glamorous from the outside, but recent cybersecurity issues have proven that it’s not all private jets and red carpets.

 A major headlining data breach in 2014 affected the private email accounts of more than 300 well-known people, including actresses like Jennifer Lawrence and Emma Watson. The hacker was caught and sentenced last month to only nine months in jail after leaking nude pictures of his victims online.

How did the hacker, Edward Majerczyk of Chicago, pull it off? A simple phishing attack. He emailed his victims with what appeared to be a letter from their internet service providers, informing them of an issue with their accounts. The celebrities—or quite possibly, their staff members—turned over their usernames and passwords.

British soccer star and model David Beckham recently suffered a ransom attack when his sports management agency was breached by hackers who then demanded a hefty ransom payment in exchange for not releasing the contents of his email online. Beckham, whose email was handled by the agency on his behalf, was not the only victim. The agency handles accounts for other top-notch athletes like Usain Bolt and Xavi Hernandez, and more than 18.6 million emails were held hostage.

The agency refused to pay the ransom and the emails were leaked. While they did contain a few embarrassing rants, there was apparently nothing genuinely career-ending in any of them.

Reports have surfaced of another well-known actress, Emily Ratajkowski, whose iCloud account was breached by a hacker. The link to the exposed account was sent to an online tabloid reporter with instructions to publish it, apparently for no fee whatsoever. The hacker seems to simply want to expose the actress’ very private photos and personal emails. Ratajkowski was also one of the victims of the 2014 celebrity hacking.

Why are celebrities such hot targets for this kind of thing? Mostly because there’s an audience for it. Even people who would never think it’s okay to steal someone’s identity, or break into their email accounts, might be tempted to click on the photos; after all, they weren’t the ones who hacked it, so they didn’t do anything wrong. But that’s actually not the case. Remember back to high school: the kid who stole a copy of the answer key from the teacher’s desk got in trouble, but so did everyone who looked at it in order to get the answers to the test. Viewing stolen content is still wrong, even if you’re not the one who originally had a hand in the theft.

It’s small comfort that this kind of celebrity attack is nothing new. For decades, paparazzi have stood waiting to snap famous people’s pictures and “gossip rag” reporters have dug through their trash cans for some dirt. Unfortunately, the digital age has just made the work of exposing people’s private lives easier and more effective. That trash can might have held a handful of pictures even just a few years ago, but an actor’s cloud storage account today can hold thousands or even tens of thousands of images and files.

What can the average citizen do in these cases? Refuse to play the game. For some hackers, the “street cred” of pulling off a major attack is all the compensation they want, but for many others, there’s big money to be made off of leaked photos or emails. When we peruse those stolen files, we’re making hacking both lucrative and more widespread. Don’t play along, and don’t support it. After all, today it might be a big celebrity’s personal account, but tomorrow it could be yours.


How much information are you putting out there? It’s probably too much. We are here to help you stop sharing Too Much Information. Sign up for the TMI Weekly.

The wave of the future gadgets might once have been the domain of EPCOT Center and “The Jetsons,” but many of those what-if devices are now a reality. More than that, many of them are now in our homes, our pockets, and our everyday lives.

A lot of our newfangled technology is “smart” or connected, meaning it has functions that require internet access. It might be storing your favorite TV shows in “the cloud,” or connecting your hallway lamp to the internet so that it knows to come on when it senses you—or rather, your smartphone since it’s always with you—coming within range. Either way, for most of our favorites new devices to work, we’ve been forced to share a little bit of our privacy.

One such device is the Amazon Echo. This home-based virtual assistant has a number of competitors on the market already, but recent information about how these convenience-keepers work has made people question the privacy we take for granted. Basically, all of these devices are “always on” and listening for their wake words, or names, to be called. If Amazon’s device hears one of three names you can choose at setup, it begins recording the interaction for customization purposes and better functionality. While the need to listen in and record has some concerned consumers rethinking their privacy, this feature is clearly stated by the developer and includes instructions for deleting the recordings whenever you like.

Another device manufacturer has come under fire for recording and storing consumers’ information, but this time it was without their knowledge or permission. A home electronics manufacturer has been ordered to pay more than $2 million to the Federal Trade Commission and the State of New Jersey because it let consumers know that the television could make suggestions for content to watch, but didn’t disclose that the reason the TV knew what you might like is because your viewing habits were being monitored. Not only that, the company must change its disclosure notice to let customers know that this feature requires access to some personal information.

While it might seem like this is the stuff of conspiracy theorists, the hard truth is that our privacy is more important than ever before. IoT-connected gadgets are in our homes, our schools, even inside our bodies thanks to medical advances. Without a clear understanding of our rights and full disclosure from the manufacturers, it’s hard to know when we’re giving up a little bit of our personal security. Keeping companies accountable for disclosure is an important step in keeping ourselves safe.


How much information are you putting out there? It’s probably too much. We are here to help you stop sharing Too Much Information. Sign up for the TMI Weekly.

When the internet of things first took off with “connected” devices and home appliances, the resulting reaction was fairly positive.

After all, this was finally the EPCOT Center-style wave of the future we’d long been promised. Our thermostats could adjust themselves based on our usage and our time away, our lights could come on when our smartphones told them to, our refrigerators could order our groceries as we ran out of milk. In short, it was pretty cool.

But then the privacy risks started to come into question. Who else could see our thermostat usage and know whether or not we were home? Which advertisers were ableto tap into that refrigerator’s grocery list and target us with products, whether we wanted them or not?

The bigger risk so far has been from privacy issues related to IoT medical implants. From pacemakers to glucose monitors, the internet has provided a better quality of care by letting doctors access their patients’ implants, but who else can see the data?

As it turns out, the police can, if they have a warrant and reason to suspect you of a crime. That’s certainly the case in a very bizarre tale out of Ohio. According to reports, a man set fire to his own house in order to commit insurance fraud. After different parts of his story didn’t line up, the police requested a warrant for the information recorded by the suspect’s pacemaker, which a judge then granted. Experts in the case have already concluded that his medical history and his heart rate readout from the device indicate he was never in any danger, and that the timeline of his heart rate’s increases and decreases couldn’t match his version of the events.

That case and others have privacy experts concerned. If the man didn’t have a pacemaker—or at least didn’t have one that sent recorded readouts to his doctor over the internet—he would never have been forced to cooperate in his own incrimination.

Another headline-grabbing case involved a man who was charged with murder, largely based on recordings from his home virtual assistant, Amazon’s Alexa. Again, other circumstances provided enough cause for the judge to issue the warrant, but if the man had not owned an IoT-connected device, there would have been no recordings from the night of the murder.

These are just two cases in which users’ own technology may turn on them in a court of law, and it’s a trend that has raised some eyebrows among privacy advocates. It’s also certainly something lawmakers will be expected to address in the future, but for now, it may take a few key court rulings in order to set a privacy precedent.

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the TMI Weekly.

Online advertising is to many tech users what those annoying late-night TV commercials once were. The cheesy sales pitches, the obnoxious fast-talking announcers, and the promises of “But wait! If you act now we’ll double your order!” have become such a part of our pop culture that they’re a joke all on their own.

Some users rely on ad blocking software to eliminate the popups and the flashing sidebar offers, and while it does make our lives easier, there are some pitfalls to it. The first is that the websites we visit rely on that advertising revenue to keep their sites going and to keep the internet relatively inexpensive for most users. The other factor is that some sites can detect your ad blocker and require you to disable it in order to proceed.

But how do websites actually benefit from the ads? By tracking your visit and your interaction. If you simply “see” the ad on your screen there’s one level of payoff, but if you were to actually click on it, then there’s more revenue. In some instances, actually making a purchase after clicking on an ad can result in even more revenue for the website that hosted it.

If you’d like to see this in action, here’s a test. Be warned, it will result in altering the way the internet thinks of your shopping needs. Try searching for something completely out of the blue, something that you would never shop for, like a stroller for your dog or a different model of vehicle. Then start paying attention to the ads that appear in your email inbox, your social media pages, and other sites.

You’ll notice that dog stroller or that new pickup truck starting to appear in different ads on different websites. You might even see competitors’ products or other brands than the one you searched for, or related products like ultra-expensive dog food—you obviously take special care of your pet since you’re interested in pushing it in a stroller—after that search.

That’s the sort of tracking that privacy experts are concerned about. If the internet ad industry can keep up with your search history and generate algorithms based on your interests, what’s to stop someone from following your searches and deciding on malicious ways to use that information? Even worse, who already has access to that search information? A search for a brand-new, high-dollar vehicle could mean you’ve got money to spend. A search for Black Friday deals on toys could alert a pedophile that there are children in your home. A search for medical marijuana could potentially alert someone—perhaps even your employer—to an illness you may have or an illegal activity you’re allegedly engaging in, depending on where you live.

Now, backing up…those are all very frightening and very unrealistic speculations about what happens to your internet searches. But it’s still the underlying reason why security advocates want tighter reins on who can track you for advertising purposes and who can legally access that data. Remember though, when you signed up for an account with an internet service provider or a cellular service provider, you agreed to certain terms and conditions. You might not have read the fine print, but it’s very likely that you agreed to have your search and shopping behaviors monitored and shared.

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the TMI Weekly.

As a consumer, you’ve probably heard about the importance of monitoring your credit reports for any signs of suspicious activity, and staying on top of your credit score to make sure your purchasing power is all that it should be.

Your reports and your score are compiled by the three major credit reporting agencies: TransUnion, Experian, and Equifax. They compile information on your credit card accounts, any debt and collections issues, even inquiries by other agencies into your credit. As a US consumer, you’re entitled to one free copy of each of these agencies’ reports every year, and the instructions for getting those reports can be found here.

While these might be the “big dogs” of the credit reporting world, there are far more credit agencies than just these three and they have different functions. Known as “specialty credit reporting agencies,” these other entities have specific focuses that pertain to your buying history and consumer behaviors.

There’s an agency dedicated to your banking activity, such as keeping up with how many bounced checks you’ve had. Another agency deals with real estate, specifically apartment or home rentals, that monitors missed payments to your landlord. Other agencies check up on your history of payments to your utility companies or to medical facilities, and more. However, not all of these agencies will have information to report on you; if you’ve never rented an apartment, for example, or if you rented from a family friend who didn’t report you for missing a rent payment, then that agency might not be able to compile a report.

Who gets to access your specialty credit reports? They’re typically requested by lenders in very detailed circumstances. A potential landlord might not care about your Experian report, since that may not include data on what kind of tenant you’ll be when it comes to paying on time. The utility company also doesn’t have a lot of interest in your credit card history, but will certainly want to know from the specialty credit reporting agency that addresses public utilities what your past behavior has been like.

Now for the good news: if you care to know, you’re entitled to copies of these reports, too. Some of them will be free once per year like your major credit reports, while others may charge you a nominal fee for the information. However, if you are ever faced with an issue—like being turned down for an apartment or declined a bank account—based on the information in these reports, you’re entitled to a free copy at that time. You may also receive a free report if your identity has been stolen and used in a way that a specialty credit reporting agency would monitor, such as opening phone service or other utilities in your name.

For more information on specialty credit reporting and how it can affect you, read more at ConsumerFinance.gov.

How much information are you putting out there? It’s probably too much. We are here to help you stop sharing Too Much Information. Sign up for the TMI Weekly.

Taking care of your identity and protecting your privacy might seem like insurmountable tasks, especially in the face of major data breaches, large-scale international hacking, and other “out of my hands” threats.

While those things certainly are problematic, the reality is there are many steps you can take to make yourself less likely to become an identity theft victim and to minimize the damage if your information has already been compromised.

Trying to take every single privacy step all at once is a surefire way to suffer from burnout and “data breach fatigue,” a very real phenomenon that can occur when the public is overwhelmed with constant news of identity theft dangers. But experts in a variety of fields know that making real changes in your life starts small by developing good habits and sticking to them. Tune In to Watch: Data Privacy Day 2018 – Live From LinkedIn hosted by the National Cyber Security Alliance.

Here are seven great privacy habits you can start working on:

Mailbox Monday

Your mailbox contains many of the pieces of your identity puzzle, and recent statistics have shown that mail theft is still a widespread problem. Make Monday the day you stop leaving mail in your mailbox, stop mailing important papers or checks in the corner mailbox, and stop throwing away unshredded documents or credit card offers.

TMI Tuesday

Sign up to receive the Identity Theft Resource Center’s TMI Weekly delivered to your inbox each week …yes, as in “too much information.” It outlines news items and information on oversharing and other threats to your personal data. Signing up is easy, and the link can be found here.

Weak Password Wednesday

It’s tempting to use a super-simple password (like “password”…literally) or to make one really good password and use it for all your online accounts. Unfortunately, both of those are great ways to hand your information over to a hacker. Use Wednesday to think about your passwords and to change a few of them on the dozens of online accounts you may have.

Twitter Thursday

From live Twitter chats to daily social media updates from privacy experts, Thursday is a great day to spend a little while on Twitter catching up on the latest news. A number of organizations host regular chats throughout the month, like the ITRC’s monthly #IDTheftChat events. Participate in a #ChatSTC with @StaySafeOnline on Wednesday, Jan. 10, where we’ll be talking about “Privacy Matters ‒ Why You Should Care and What You Can Do to Manage Your Privacy.”

Financial Friday

It’s the last day of the work week for a lot of people, and there’s no better day to spend some time on your financial privacy. Monitor your bank accounts and credit card accounts for any signs of unusual activity, and check up on any mobile payment accounts or apps you use (like PayPal and Apple Pay) to make sure there’s nothing out of the ordinary. If your credit card company offers it, log in and take a peek at your credit score; you won’t see your whole report, but if there’s a sudden, dramatic change in your score, that’s a sure sign that you need to order copies of your credit reports.

Share It Saturday

Did you know that you can be harmed if someone you know falls for a scam? Let’s say your mom shares a “forward this to ten people” hoax email or social media post, and you click on a link it contains. Congratulations, you may have just downloaded a virus to your computer. It’s not enough to protect your own privacy, so Saturdays are a great day to share genuine news items about data breaches, scams, and fraud. You’ll protect the people you care about, and you just might be protecting yourself.

Social Media Sunday

A lot of people like to set aside Sundays for a little rest and relaxation before heading into another work week, and that can mean checking up on social media buzz. But are you oversharing online? Do you have your privacy settings in place, and are they set to the most protective level? Stop and think for a while about what you share, where you share it, and how far it can go.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Data Privacy Day is held annually on Jan. 28 to create awareness about the importance of respecting privacy, safeguarding data and enabling trust. Here are a few resources to help you be more #PrivacyAware from the National Cyber Security Alliance – plus, learn how you can get involved this Data Privacy Day.

Established in North America in 2008 as an extension of a similar event in Europe, it’s held each year on January 28th in honor of the signing of Convention 108, the “first legally binding international treaty dealing with privacy and data protection.”

The National Cyber Security Alliance (NCSA) oversees this annual event, and as such the organization plays host to a number of important community awareness-raising activities. While no one can argue that personal data protection and privacy are year-round causes, Data Privacy Day serves as a great way to kick-off your twelve-month commitment towards security.

The theme for this year’s observance is “Respecting Privacy, Safeguarding Data and Enabling Trust,” all three of which are critical areas of need for citizens and businesses alike. StaySafeOnline.org contains a wealth of information on protecting yourself, but its Data Privacy Day resources include ways to get involved at home, at work, and in your community. There are some simple measures you can take, like just changing your profile picture on your social media accounts in order to get the conversation out there, as well as some far more involved activities, like volunteer opportunities to take the message to schools, community centers, churches, and more.

One event you don’t want to miss is the 2017 Data Privacy Day Event Live From Twitter HQ. Register now for exciting TED-style talks and segments including “Scams, ID Theft and Fraud, Oh My – And Ways to Fight Back” with ITRC CEO, Eva Velasquez.

To find out more about the many ways to get involved this year, check out these resources and make plans to attend the #ChatSTC Twitter chat in order to get valuable privacy tips. More importantly, use this time to plan how you will incorporate data privacy into your everyday life, and how you will make it a lifelong good habit.

How much information are you putting out there? It’s probably too much. We are here to help you stop sharing Too Much Information. Sign up for the TMI Weekly.