Archive for September, 2013

Businesses are keeping a close watch on California Gov. Jerry Brown's next move with the state's new "Do Not Track" legislation. Lawmakers passed the bill in late August that would require websites to clearly state in their privacy policy how they honor "do not track" requests and when exactly advertisers and data firms are tracking consumers' online behaviors.

The Do Not Track bill amends the existing California Online Privacy Protection Act, which required companies that collect identifiable information on online users to post their privacy policies in an obvious and easily-identifiable place on their sites, the .

The measure was sponsored by Assemblyman Al Muratsuchi (D-Torrance) and passed unanimously in  the California Assembly. Gov. Brown has until Oct. 13 to sign the bill into law, and most expect him to meet that deadline, .

Support and implications of the bill
Along with state lawmakers, privacy advocates support the measure. California Attorney General Kamala Harris helped draft the bill. NetChoice Policy Counsel Carl Szabo told The Hill Harris' efforts should be noted as the bill now focuses on "getting information into the hands of consumers about the tools available to them today." Jim Halpert, a technology lawyer, also said the bill is written so that it can evolve with technology in the future.

Joanne McNabb, director of privacy education and policy in the California Attorney General's office, spoke of the outcome of the bill if it becomes law.

"Information on who does what will move into the public eye," she said, according to the San Francisco Chronicle. "The goal is to bring the largely invisible practice of online tracking more into the light."

While technically, the law only requires websites to share this information with California residents, changes to a company's website will impact residents nationwide as it's unlikely businesses will craft a California-specific privacy policy, the Chronicle said.

Relevant trade groups of the online standards body the World Wide Web Consortium (W3C) are unofficially unopposed, though not necessarily in support of the California bill, according to the source. A committee of the W3C has tried for years to create a do not track rule, but have come up empty handed. And while the majority of consumers may not actually read privacy policies, if passed, the California bill would require businesses to make changes to their websites, the Chronicle reported.

Eduard Goodman is chief privacy officer at IDentity Theft 911.

California Gov. Jerry Brown signed a new bill into law Sept. 23 that allows minors to delete Web posts they may regret in their adult years. The law that improves data privacy and security allows young people to ask social media websites like Facebook and Twitter to remove or hide information or photos they previously shared on the Internet, the . California is the first state to pass approve such legislation to improve data privacy and security.

Sen. Darrell Steinberg (D-Sacramento) said the measure, which was being called the "eraser button" bill, is "a groundbreaking protection for our kids who often act impetuously with postings of ill-advised pictures or messages before they think through the consequences." He added minors should be allowed to remove information online that could potentially affect their futures and careers.

Websites also have to offer clear instructions on how to remove old posts and inform users when they register for a site that they will be able to delete information if they wish, . 

Websites have until 2015 to comply with the law.

Questions and Exceptions
However, the law does not dictate specifically what content a minor can have removed from websites, . It also does not include information on how a website would be punished if they do not remove the requested information in a timely manner.

Many popular social networking sites like Google, LinkedIn, Twitter and Facebook are headquartered in California, the source pointed out, and will have to comply with the new law fairly quickly.

There are other limitations to the law. While minors will be able to take down a silly photo they posted on Facebook a year ago, if their friend tagged them in an equally embarrassing picture, there may be nothing they can do about it. The friend would have to remove the photo, making some of the content filtering out of the tagged person's control, PC World reported.

Adults, too, seem to be out of luck, as the law does not include a provision allowing an adult California resident to take down embarrassing posts from their pasts, according to the source.

Some have voiced opposition to the new law. The Center for Democracy & Technology, a nonprofit that promotes Internet freedom and accessibility, said while the bill had good intentions, the new law could confuse website operators.

"If the sites are unclear whether they are covered under the scope of the bill, the response could be to bar minors from the sites entirely," said Emma Llanso, policy counsel for the Center for Democracy & Technology, according to the LA Times.

Opponents also say it would force web developers to create state-specific Internet privacy laws, developing a "patchwork of policies," .

Additional Rules of the New Law
Under current state and federal law, websites were already required to inform users the information they share online will be collected. But the new law in California also prohibits websites from selling identifying information about minors to third parties and bans advertisers from marketing certain products to young consumers. These products include spray paint, tobacco, firearms, tattoos and lottery tickets, PC World reported.

"[T]his bill will help keep minors from being bombarded with advertisements for harmful products that are illegal for them to use, like alcohol, tobacco and guns," Sen. Steinberg said in a statement. "I thank Gov. Brown for recognizing that these common sense protections will help our children as they navigate the online world."

Alex Flores is a product marketing manager at IDentity Theft 911.

About 16,000 children suffered identity theft in 2012, according to Federal Trade Commission data. The growing use of mobile devices and technology among children and teenagers has made online identity theft more prevalent.

"Kids are more connected now," Michelle Tabler of the Better Business Bureau Alaska . "They have iPhones now, they're on the web, they're using the Internet, they're using iPads, they're shopping online and they're buying electronic equipment, so it's affecting them."

The misconception that adults are the only victims of identify theft still exists, the source said, making children easier targets for criminals. People can steal Social Security numbers or other personal information from children and use it to open credit cards in their name. A main problem with this is the child or parent won't discover their credit history has been destroyed by a criminal until their on or daughter applies for a credit card later in life.

This sort of damage can affect the rest of the child's life, Tabler said.

"It affects everything you do," she told KTUU.  "It's essential that you keep your identity secure."

Others have also pointed to the lack of credit monitoring among children as a main reason criminals target the young consumers. Children or their parents rarely monitor their credit history, the . Identity thieves use stolen information from children to apply for government benefits or loans or even rent an apartment, the source said.

Parent Role in Protection Child's Information
Parents should play an active role in keeping their child's personal information safe. They should shred all documents that contain the child's Social Security number and never carry around their Social Security card in their wallet, the Post-Crescent reported.

Parents should also talk to their children about the need to keep personal information off social networking sites and to avoid downloading free games on the Internet, as many applications contain malware, the source said. Sharing music on computers and other devices can also accidentally leak private files or information.

Use of Mobile Devices Increasing
The hours children spent on mobile devices is increasing each year. Fifty-three percent of mobile device owners spend more time playing games on these devices than they did in 2011, a new report from The NPD Group showed. Those ages 12 to 17 are the group that is spending the most time gaming on mobile devices, using smartphones and tablets to play games an average of seven hours a week. In 2011, they were spending five hours a week gaming on these devices, according to the report.

"Kids embrace change, adopting new devices and technologies, for the experience of gaming and accessing other entertainment content, and it is critical to understand the current mindset of the highly engaged 2- to 17-year-old gamer," NPD analyst Liam Callahan said. "Kids are engaged with mobile devices as less expensive tablets and an increasing amount of hand-me-down phones create greater accessibility to these platforms than before."

The age kids start using mobile devices to game is also dropping, . In 2011, the average age was 9. It is now 8, the NPD report showed. The group expect that age to continue to fall, with younger children using smartphones and tablets.

As younger children turn to technology for entertainment, parents will need to step up their monitoring of the mobile devices their kids are using and what they are doing on them. Children, too, will need to be taught how to be safe online and what information to avoid sharing over the Internet to protect against identity theft at a young age.

Matt Cullina is chief executive officer of IDentity Theft 911.

LinkedIn, the professional networking website, is facing a lawsuit from a number of its users who say the company hacked into their external email accounts to gain access to their contacts' addresses. LinkedIn then spammed those contacts repeatedly by sending them invitations to join the social network, the lawsuit states.

"These 'endorsement e-mails' are sent to e-mail addresses taken from LinkedIn users' external e-mail accounts including the addresses of spouses, clients, opposing counsel, etc.," according to the complaint, .

The four plaintiffs said LinkedIn pretended to be the owner of the email account when it contacted people about joining the site.

"LinkedIn pretends to be that user and downloads the email addresses contained anywhere in that account to LinkedIn's servers," the suit said, according to Bloomberg. "LinkedIn is able to download these addresses without requesting the password for the external email accounts or obtaining users' consent."

The plaintiffs say LinkedIn sends reminder emails to users' email contacts for monetary gain.

While four people are involved in the suit thus far, the group is seeking damages on behalf of all LinkedIn users. The lawsuit also brings to light the issue of data privacy and security. Is LinkedIn making its users fully aware of what it does with their personal information? And, , does LinkedIn actually have their consent to use that information?

As of the end of June, LinkedIn had 238 million users around the globe – an increase of 37 percent from the second quarter of 2012, the Times reported.

LinkedIn's Response
The company has defended itself, saying it always asks for consent from users before sending emails to their contact, the Times reported.

"LinkedIn is committed to putting our members first, which includes being transparent about how we protect and utilize our members' data," the company said. "We believe that the legal claims in this lawsuit are without merit, and we intend to fight it vigorously."

It has also denied ever hacking into users emails accounts or pretending to be a customer to reach other potential users, according to Bloomberg.

"We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so," a LinkedIn blog stated.

Yet hundreds of complaints have been filed on LinkedIn's own website regarding the privacy issue, Bloomberg reported.

The lawsuit was filed in San Jose federal court. The plaintiffs want a jury trial, according to the source.

Brett Montgomery is a fraud operations team leader at IDentity Theft 911.

October is National Cybersecurity Awareness Month, and this year marks the 10th anniversary of the event sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center.

The month's goal is to call attention to the necessity for businesses and the general public to "create a safe, secure, and resilient cyber environment," the . This is especially pertinent as cyberthreats become more advanced and criminals create new ways to hack into secure networks and obtain corporate or personal information.

"Cyberspace is woven into the fabric of our daily lives and the world is more interconnected today than ever before. We enjoy the benefits and convenience that cyberspace provides as we shop from home online, bank using our smart phones and interact with friends from around the world through social networks," the DHS said on its website. "The Department of Homeland Security is committed to raising cybersecurity awareness across the nation and to working across all levels of government, the private sector and internationally to protect against and respond to cyber incidents."

Cyberthreats Increasing
The number of businesses that have experienced a data breach has increased, bringing to light the need for data privacy and security to protect against online identity theft. Consumers demand computer access to their bank accounts and are using smartphones and other mobile devices to access their personal information online. This has made the U.S. financial system more accessible to hackers, .

"The growing sophistication and frequency of cyberattacks is a cause for concern, not only because of the potential for disruption, but also because of the potential for destruction of the systems and information that support our banks," Comptroller of the Currency Thomas Curry said, according to Bloomberg.

Curry is also head of the interagency group the Federal Financial Institutions Examination Council, which created a cybersecurity group that is meeting with law-enforcement and intelligence officials to develop ways to defend the financial system against cyberattacks, Bloomberg reported.

Each week of Cybersecurity Awareness Month, local events are being held to educate the public and business leaders on different elements of cybersecurity. Week two, for instance, focuses on mobile security, while the third week focuses on educating the U.S. workforce to keep company data secure.

"Together, we can maintain a cyberspace that is safer and more resilient, and that remains a source of tremendous opportunity and growth for years to come," the DHS said.

Matt Cullina is chief executive officer of IDentity Theft 911.

A California school district hired a company starting last year to monitor its students' activity over social media websites.

The move by Glendale Unified School District to hire Geo Listening was an attempt to combat cyberbullying and curtail drug use. After two local students committed suicide in 2012, school officials hoped scouring social media websites could potentially warn them of suicidal behavior.

However, the social media monitoring service has sparked concerns over the students' data privacy and security on online platforms, .

Geo Listening searchers the school system's computers for public posts students make on Facebook, Twitter, personal blogs and other websites. The company is alerted any time there is a post that suggests suicidal thoughts, bullying or vandalism, the AP reported. It also tags posts that use obscenities. If a post violated the school district's student codes of conduct, the school is also notified.

"We think it's been working very well," District Superintendent Dick Sheehan said. "It's designed around student safety and making sure kids are protected."

Opposition to the Monitoring
Some students are uncomfortable with school administrators keeping an eye on their online activity.

"We all know social media is not a private place, not really a safe place," said Young Cho, 16, a junior at Hoover High, one of the three high schools in the district that launched a monitoring pilot program last year. "But it's not the same as being in school. It's students' expression of their own thoughts and feelings to their friends. For the school to intrude in that area – I understand they can do it, but I don't think it's right."

Brendan Hamme, an attorney with the Southern California branch of the American Civil Liberties Union, said the school district may be going too far to ensure student safety.

Another attorney, Lee Tien, senior staff attorney for the nonprofit Electronic Frontier Foundation, had issues with the program

"It's not stumbling into students — like a teacher running across a student on the street," Tien said, . "This is the school sending someone to watch them."

Geo Listening is being paid $40,500 to track the social media posts by the district's approximately 14,000 students, the Daily News reported. Any social media account that is kept private by a student cannot be tracked by the company. Also, only students 13 and older are part of the program automatically. Younger students can be monitored with parental consent.

Alex Flores is a product marketing manager at IDentity Theft 911.1.

Ann Cavoukian may be smiling in this picture, but , is not happy about revelations that the NSA circumvented or cracked encryption that protects international commerce and banking systems, trade secrets and medical records, and Internet searches and chats around the world.

The privacy watchdog delivered an impassioned rebuke in this , part of an ongoing series about privacy called “Commissioner’s Corner.”

We’ve provided some highlights below, but it’s worth taking the time to listen to in full.


A shows how many children are bullied online and how few understand the importance of Internet safety. The study, which will be published in the International Journal of Social Media and Interactive Learning Environments, includes a survey of more than 4,200 middle and high school students about the risks of child identity theft. The report gathered information indicating if children and teens are aware of what information they shouldn't be sharing on social networking sites as well as behaviors that could lead to cyberbullying and identity theft.

Nearly nine out of every 10 children have access to a computer and 93 percent of teens use the Internet, the survey showed. Just one-third of middle school students and 17 percent of high school students said their parents monitor their Internet use. Many of the participants have experienced cyberbullying and have little knowledge of Internet safety, the survey also revealed.

"The need to monitor children's behaviors has become increasingly difficult with the extension of the Internet and cellphones," the team of researchers from Johnson & Wales University, in Providence, R.I., said. "No longer are children safe and sound in their home or school. In fact, the threats found on the Internet may be more dangerous and threatening since there are often no barriers."

The team also said many teens think online identity theft won't happen to them and see taking steps to prevent the crime as trivial and unnecessary. 

Educating Children About Proper Internet Use
As the popularity of social media websites continues, and cyber criminals come up with new ways to hack into user profiles, it's important for children and teens to know that they shouldn't share certain personal information online. Social profiles on websites should be private, and users should limit the information they post, the . For instance, it's probably not necessary to post your home address on your Facebook page.

Regularly checking your child's privacy settings on a social network and making sure they change their passwords regularly will also protect against identity theft.

"You're not going be around your children 24/7, so teach [your children] safe online protocol," Denis Kelly, author of "The Official Identity Theft Prevention Handbook,"  from  recently. "Understand that they shouldn't be providing any information that they wouldn't tell a stranger. Once it's [online] it's permanent."

Matt Cullina is chief executive officer of IDentity Theft 911.


Here’s another reason to choose your Facebook friends wisely: Your social networking activity could affect your credit score and ability to get a loan.

Some tech start-ups are using social data as a way of measuring creditworthiness, according to a . That could be good or bad news—depending on who you’re friends with on Facebook.

Lenddo relies on a person’s online reputation to determine their financial reliablility. Kreditech uses up to 8,000 data points—pulling data from Facebook, Amazon and eBay—to assess a loan application.

Though the practice , it’s a good reason to go review social media best practices. Here are some good tips for protecting your reputation and identity online:


It's time to honor Nana and Pop-Pop for all they've done to make our lives better. But it's also a good time for us to lend them a hand, too.

Statistics show that seniors are targeted more than other age groups for identity theft scams. As a result, they lose billions of dollars every year to scammers, . 

Types of Scams Targeted at Seniors
One reason seniors are targeted more is because many prefer to use checkbooks instead of debit or credit cards to make purchases, . Checks, however, contain sensitive personal information such as a person's name and address. They also include customer banking data: their account number, address and even the routing number - everything someone needs to set up in order to  transfer funds electronically, the source said.

Receiving checks can also be deceiving. Scammers may send senior citizens checks that look like a rebate or reward, but the fine print on the check tells the true story: by depositing this check, a person will be automatically enrolled in some kind of program that takes money out of the person's account on a monthly basis, the Times-Union reported. The same type of information (routing number, account number) can be obtained when someone deposits a check the same way as writing one.

Seniors are also targeted over phone scams. This is when someone poses to be someone they are not to obtain personal information from a senior. Avoid giving information out over the phone when someone calls you asking for bank account data, the source said.

Talking to Your Parent About Identity Theft Risks
Explaining reasons why your elderly parent has to hang up the phone when someone calls asking for account info or immediately throw away a scam letter is important, AARP reported. Explain to them that the government doesn't make unsolicited phone calls asking for personal information, for example, because they already should have this information on file, the source said.

Another tip AARP gave to ensure seniors protect against identity theft was not to "shame or blame" your parents for being unaware of potential data security risks. Remind them to never trust strangers, especially those asking for personal information and money.

Raul Vargas is a fraud operations team leader at IDentity Theft 911.