MONEY privacy

Security Flaws Let Hackers Listen in on Calls

German researchers say the network that allows cellphone carriers to direct calls to one another is full of security holes.

TIME Morning Must Reads

Morning Must Reads: December 17

Capitol
The early morning sun rises behind the US Capitol Building in Washington, DC. Mark Wilson—Getty Images

Terror Threat Nixes The Interview

Some cinema chains are pulling Sony’s film The Interview from their lineups after hackers threatened a 9/11-style attack against theaters who screen the upcoming movie. Sony said it is going forward with plans to release the film, but would support theaters’ decisions

Starbucks CEO Talks Racism

Howard Schultz outlined his concern about the effects of racism and increasing social polarization in America in a letter to all Starbucks employees

Putin’s Influence Wanes

Russia’s worst economic crash since 1998 may force the Russian President to rethink his adventures abroad

Jeb Bush Eyes Run for Presidency

Former Florida Gov. Jeb Bush announced Tuesday that he will “actively explore” running for president in 2016. “I think we need to have candidates lift our spirits,” he said, one day before announcing his formal intention to explore a campaign

U.S. Will Bid to Host the Summer Olympics in 2024

The United States Olympics Committee (USOC) unanimously approved on Tuesday a U.S. bid to host the 2024 Summer Olympics and Paralympic Games. One of Boston,

Washington D.C., San Francisco and Los Angeles will be picked for the bid in 2015

Pakistan Mourns After Peshawar School Massacre

Pakistanis mourned collectively and individually on Wednesday after a brutal attack on a school in Peshawar by Taliban militants that claimed more than 140 lives, including 132 children. But questions remain over the military’s relationship with extremist groups

Angelina Jolie Hires Experts to Protect Her Kids Online

Angelina Jolie and her husband Brad Pitt, who don’t use social media, have hired a cyber-security team to monitor their children’s Internet usage and exposure. “We wouldn’t even know what to look for,” she said

Australia’s PM Demands Answers After Sydney Siege

Tony Abbott has said that everything from the nation’s gun laws to its national security policies are up for serious review after a troubled Iranian migrant on bail was able to evade watch lists, buy a firearm and take over a Sydney café, leading to three deaths

Clifford the Big Red Dog Creator Norman Bridwell Dies at 86

Author and illustrator Norman Bridwell died on Friday, Dec. 12, in Martha’s Vineyard at age 86. His publisher, Scholastic, announced the news Tuesday, but did not give a cause of death. Bridwell was best known for creating the Clifford the Big Red Dog book series

Bill Cosby Won’t Be Charged Over L.A. Molestation Claim

Los Angeles prosecutors on Tuesday declined to file any charges against Bill Cosby after a woman recently claimed the comedian molested her around 1974. The rejection of a child sexual abuse charge by prosecutors came roughly 10 days after Judy Huth met city police

NHL Teams Postpone Seasonal Hospital Visits

Several NHL teams are postponing their annual holiday visits to hospitals, amid a mumps outbreak within the league. At least 15 NHL players have so far come down in the outbreak, including for the Anaheim Ducks, Minnesota Wild, New Jersey Devils and New York Rangers

Poll: 57% of Americans Say Race Relations in U.S. Are Bad

A majority of Americans now say that race relations in the United States are bad, according to a new poll, which showed the most pessimistic assessment of racial issues in almost two decades

We will hold an #AskTIME subscriber Q&A this Friday, December 19, at 1 p.m., with TIME managing editor Nancy Gibbs, who recently selected The Ebola Fighters as TIME’s choice for Person of the Year 2014.

You can submit your questions beforehand on Twitter using the #AskTIME hashtag or in the comments of this post. We depend on smart, interesting questions from readers.

You will need to be a TIME subscriber to read the Q & A. ($30 a year or 8 cents a day for the magazine and all digital content.) Once you’re signed up, you can log in to the site with a username and password.

Get TIME’s The Brief e-mail every morning in your inbox

TIME legal

Why Microsoft, Apple, Fox News and NPR Are Suddenly Working Together

Microsoft
The Microsoft logo is displayed over the Microsoft booth at the 2010 International Consumer Electronics Show at the Las Vegas Hilton January 7, 2010 in Las Vegas, Nevada. Justin Sullivan—Getty Images

Microsoft is fighting a U.S. warrant to turn over emails stored in Ireland

It’s not every day you see Microsoft and Apple or Fox News and NPR going to bat for the same team — but that’s exactly what’s happening now, in a case that could have big consequences for American tech and media companies.

Last December, a Federal judge granted U.S. investigators a warrant to access a Microsoft user’s emails, stored in a data center in Dublin, Ireland, in relation to an investigation. Microsoft said no way, arguing the U.S. government has no right to issue a warrant for emails stored abroad.

Microsoft has good reason to reject the government’s demands here: If would-be Microsoft customers outside the U.S. start thinking their emails are subject to U.S. warrants, they might think twice about becoming Microsoft customers. Indeed, top tech firms have already lost big overseas contracts over fears that American services are subject to National Security Agency snooping.

Microsoft has yet to convince any court to overturn the original warrant. A magistrate first ruled against Microsoft’s challenge in April. The company got another defeat in August when U.S. District Judge Loretta Preska found that it wasn’t a matter of where Microsoft stored the emails, but rather where Microsoft and the user in question were themselves based.

However, Microsoft still refused to hand over the user’s emails. The company filed a new appeal last week, arguing that a ruling against Microsoft threatens the privacy of foreign users and Americans alike as more people choose to store their emails and other sensitive documents in off-site cloud servers instead of local hard drives.

“We believe that when one government wants to obtain email that is stored in another country, it needs to do so in a manner that respects existing domestic and international laws,” Microsoft General Counsel Brad Smith wrote Monday. “In contrast, the U.S. Government’s unilateral use of a search warrant to reach email in another country puts both fundamental privacy rights and cordial international relations at risk.”

And that’s where Microsoft’s strange bedfellows come into play. Rival tech companies like Apple, Amazon and HP, as well as news organizations from across the political spectrum like CNN, Fox News, NPR and The Guardian, have all signed amicus briefs supporting Microsoft’s fight to keep its users’ emails away from the U.S. government. It may seem weird for these companies to work together on just about anything else, but it makes sense here: technology companies have a business interest in keeping users’ communications private, while media outlets don’t want their reporters’ messages to fall into the government’s hands.

“The government’s position . . . will significantly deter the use of remote data management technologies by businesses and individuals, particularly their use of U.S. cloud services providers, and thereby undermine a significant contributor to U.S. economic growth,” reads an amicus brief filed in the case by the Business Software Alliance, a trade group that counts Microsoft, Apple, Intel and other top tech companies as members. “There is no basis in law for the extraordinary result sought by the United States.”

Whatever happens in the Microsoft case, then, could have big privacy implications for businesses and users alike. There probably won’t be a resolution until late 2015 at the earliest, but some observers expect this one to wind up all the way at the Supreme Court.

MONEY Shopping

3 Scary Smart Ways Stores Use Your Personal Information

man handing credit card
Robert Hadfield

Shops are saving all your details so they can sell you even more.

Retailers want to get to know you. This should come as no surprise — we’ve all seen how our Internet search history and purchases affect the online ads we see — but it’s just as important for bricks-and-mortar stores to understand their customers.

It’s all about marketing. Whether you like it or not, retailers want you to see sales, deals and new products you’ll be interested in, and the only way they’ll know your preferences is by tracking them.

“In newspapers, we would throw out these blanket ads, and there was so much waste,” said Ritchie Sayner, referencing pre-Internet marking strategies. He has worked for RMSA Retail Solutions, a retail consulting firm, for 35 years and has seen firsthand how direct marketing campaigns have evolved.

Most people know that retailers want their contact information — handing over your name, email address, ZIP code and phone number has become a somewhat standard element of the modern in-store transaction. It’s better than nothing, but a name and email address isn’t much of a customer profile. That’s the bare minimum. If they’re doing it right, a retailer is not only going to know your name and where you live, they’re going to keep track of how much money you spend, your favorite brands, your shoe size and pretty much anything else they can think of. Here’s what they use it for.

1. Clearing Out Inventory

Say you own a shoe store. You’re going through your inventory, and you notice you have three times as many women’s shoes in size seven than in any other size. Where are all the size seven customers? How can you get them to come into your store and solve your superfluous seven problem?

Simple: Send them an email. From boutiques to big-box stores, retailers are doing their best to build robust customer profiles so they can reach a specific group of shoppers when necessary. Sure, you could send an email to all the women on your mailing list, promoting a big weekend shoe sale, but the size nine ladies won’t be too pleased when they show up and all the great shoes are only available in sevens.

“They’re going to keep track of you by ‘She’s a size four, she buys this particular line,’” Sayner said. “If you buy on sale or if you buy at full price — they have more information about you than you’d probably like them to.”

2. Making You Feel Loved

Happy birthday! Enjoy a free cup of coffee. It’s your anniversary? Here’s a coupon for two meals at the price of one! Remember that time you bought something from us last year? It’s that time of year again! Here’s 30% off for nothing in particular — we miss you!

You may not love the idea of a company keeping a ton of information on you, but man, you love getting free stuff on your birthday. It’s like that free birthday cookie makes up for the hundreds of emails that business sends you every other day of the year. Retailers want details on who you are so they can appropriately reward you with freebies and discounts, in exchange for your loyalty.

3. Classifying You

It can be very difficult for a salesperson to get you to share your information — just think of how many times you’ve declined to give the cashier your email address when checking out.

“It’s really hard to do,” said Jason Becker, chief operating officer at RICS Software, a point-of-sale platform. “If you’re going to ask for a customer’s information, you have to give a good reason for why.”

That requires establishing a relationship. The salesperson has to treat you well and earn your trust. At the end, he or she can use your interaction to fill out a customer profile.

It’s funny, because for all the people skills it may require to develop the profile, the way it’s used is quite robotic. You’re no longer Jane who likes running, you’re a 35-year-old female marathoner who spends $300 on athletic gear every three months and replaces her running shoes every February.

“Most softwares also enable the retailer to classify that customer into a cohort, classify that type of runner into what type of runner or athlete that person is,” Becker said, speaking in general about POS systems. “It enables them (retailers) to market more effectively.”

A lot of that information is populated through loyalty programs or entered manually by the sales person, especially if you’re in a smaller store. Larger retailers may generate a customer profile with the information it captures when you swipe a credit card. It happens in many ways, through software of various sophistication levels, but you can confidently assume the stores you frequent have a sort of dossier on you.

For many consumers, that dossier is terrifying because of the slew of retail data breaches that happened in 2014. After having their credit cards compromised, their email addresses stolen and even their passwords cracked, it can be hard to trust a retailer, but it all comes down to what you’re comfortable giving up for a deal.

More from Credit.com

This article originally appeared on Credit.com.

MONEY Workplace

Why Smart People Send Stupid Emails That Can Ruin Their Careers

Producer Scott Rudin and Sony Pictures Entertainment Co-Chairman Amy Pascal attend the Sony Pictures Classic 68th Annual Golden Globe Awards Party held at The Beverly Hilton hotel on January 16, 2011 in Beverly Hills, California.
Producer Scott Rudin and Sony Pictures Entertainment Co-Chairman Amy Pascal publicly apologized for racially insensitive emails. Neilson Barnard—Getty Images

High-profile email leaks show, once again, the danger of assuming that what you write is for the recipient's eyes only.

What were they thinking?

When Amy Pascal and Scott Rudin were exchanging their now infamous emails, leaked in the Sony Pictures Entertainment hacking scandal, they clearly weren’t worried about what would happen to their careers if anyone else read their notes.

You have to wonder why not: Companies routinely monitor worker communications. Email is regularly used as evidence in lawsuits and criminal investigations. Now hacking is another threat. Email isn’t private. Everyone knows that.

Pascal, who climbed the ranks at Sony Pictures Entertainment to become co-chairman, and Rudin, an Oscar-winning movie producer, are not stupid people. Yet they are just the latest example of high-profile executives who send email without a thought about what would happen if the outside world read them.

Remember David Petraeus, the four-star general and CIA director who resigned from his job after an FBI investigation inadvertently turned up emails that exposed an extramarital affair? Ironically, Petraeus didn’t even send the emails. He wrote them and saved them to his drafts folder. He and his girlfriend shared the password and simply logged in to read the drafts.

Then there’s New Jersey Gov. Chris Christie, who fired his chief of staff Bridget Anne Kelly after it was revealed that she sent emails joking about traffic tie-ups caused by lane closings on the George Washington Bridge. The closures, an alleged retaliation against the mayor of Fort Lee for not endorsing Christie’s bid for governor, spawned a scandal that continues to affect Christie’s presidential prospects.

And most recently, a Harvard business school professor publicly apologized last week for an epic email rant that went viral, in which he threatened to sic the authorities on a local Chinese food restaurant that allegedly overcharged him $4 for a dinner delivery.

Even though senders should know better, “there’s an illusion of privacy, because the truth is, most of us haven’t been hacked or even know if higher-ups are reading our email,” says Dana Brownlee, president of Professionalism Matters. When it comes to successful people, she says, ego often trumps common sense. “Those with power often reach a point where they let their guard down because they feel somewhat invincible.”

It’s a trap that any of us can easily fall into, particularly in today’s time-crunched workplace, where it’s often easier to shoot off an email or text rather than pick up the phone—or, better still, walk down the hall—to discuss a sensitive issue. “We all have to be really careful about using email almost exclusively to communicate,” Brownlee says. “It’s dangerous.”

Brownlee suggests giving yourself this simple test: How comfortable would you be if your boss, a co-worker or the person you are writing about read it? Not sure? Don’t send it.

“Warning flags truly should go off in your head any time you prepare to hit send on anything you wouldn’t want to read on the front page of the paper,” says Brownlee. “Save the jokes and snarky or personal stuff for one-on-one time. You’ll be glad you did.”

TIME privacy

Julian Assange Is Crowdfunding a Life-Size Statue of Himself Because Of Course He Is

Wikileaks Founder Julian Assange Makes A Statement After Six Months Residing At The Ecuadorian Embassy
Wikileaks founder Julian Assange speaks from the Ecuadorian Embassy on December 20, 2012 in London, England. Peter Macdiarmid—Getty Images

The WikiLeaks founder wants to get his face out of the Ecuadorian embassy

Julian Assange has been stuck in the Ecuadorian Embassy in London for two and a half years, and the WikiLeaks founder apparently has a lot of time on his hands.

Assange is using the whistle-blowing website’s official Twitter account to fuel a funding drive for a life-size bronze public “monument to courage” featuring himself, Chelsea Manning and Edward Snowden, the Independent reports. The Italian sculptor Davide Dormino will stick bronze depictions of the trio on chairs with another empty seat beside them—that’s for the public, who can join the whistleblowers.

Some £100,000 is needed for the project, while just £19,360 has been raised on Kickstarter so far. The Kickstarter page says that the the statue “is not a simple homage to individuals, but to courage and to the importance of freedom of speech and information.”

Assange is wanted for questioning in Sweden over sex offense allegations, which he has denied. He fears that if he leaves that embassy, he’ll be extradited to the U.S. after his organization published classified military and diplomatic documents.

[The Independent]

TIME privacy

Half of Americans Don’t Know What a Privacy Policy Is

Privacy Policy
A human rights activists wears pink glasses reading "stop spying" during a protest against the alleged violation of privacy by the U.S. National Security Agency at McPherson square in downtown Washington D.C., July 4, 2013. Mladen Antonov—AFP/Getty Images

It doesn't automatically keep your data confidential

It looks like Facebook’s privacy-focused blue dinosaur has some more work to do, as a new survey from the Pew Research Center finds that 52% of American Internet users don’t actually know what a privacy policy is.

A majority of respondents believe that when a company posts a privacy policy, “it ensures that the company keeps confidential all the information it collects on users.” Only 44% of survey respondents knew that answer was false — a privacy policy simply states whatever rules a website has drafted to determine how it will share and use people’s data. Such policies often include fine print that actually make people’s data less private than they might expect, allowing it to be used in ads or handed off to third parties.

With so few people who understand privacy policies, it’s no wonder that a bogus Facebook post proclaiming to protect people’s copyright went viral this week. Users erroneously believed that invoking a specific intellectual property statute would retroactively protect their photos and other media from being used by Facebook. In fact, users already own all the content they put on Facebook, but the social network reserves the right to use that content for activities related to its business. And users all agreed to that stipulation when they accepted—you guessed it—the privacy policy.

MONEY online shopping

How to Stop Facebook from Ruining Your Holiday Gift Surprises

Wrapped bicycle
Michael Blann—Getty Images

Parents who shop online—so all parents, basically—need to know how easy it is for kids to find out what they're getting for the holidays.

Every week, it seems, there’s a new scandal about email passwords being stolen or retail customers’ data being hacked by stealthy cyber criminals. Yet such incidents represent only a teeny-tiny slice of how our online behavior is spied upon and used. In the vast majority of cases, our data is tracked and used in entirely legal ways by search engines, social media, retailers, and advertisers. Legal or not, the repercussions of such tracking—and the ads that inevitably follow—can feel like an ongoing privacy violation.

What’s more, targeted ads come with the potential of revealing secrets about what people have been searching, browsing, and buying online. While the results are generally not nearly as devastating as identity theft, they can create tense situations. In probably the most notorious example, a father found out his high school daughter was pregnant only after Target had sent her coupons for cribs and other baby products—offers that were based on her shopping history.

This time of year, the relentless stream of targeted (also known as “interest-based” or “retargeted”) ads that pop up in banners or on the side of web pages also come with the potential of ruining a holiday gift surprise. Say a mom does some browsing online for presents for her son. Soon thereafter, the items she viewed start showing up in ads on the device that was used, along with ads “inspired” by her browsing history.” If and when the would-be recipient hops on the same device, he’ll see all of those ads. Without much sleuthing, he’ll be clued in about what mom was shopping for, and he’ll have a good idea to expect the new Nike high-tops, game console, or whatever come December 25. So much for the big reveal.

It’s unclear how often this scenario plays out, but it’s a possibility some parents worry about. “I guess you have to pick btw letting your kids use the computer and shopping online, since custom ads follow you and spoil gift surprises,” one mom tweeted recently. Last year the founder of Marketing Land wrote at length about his wife’s frustrated attempts to stop banner ads from Macy’s, ThinkGeek, and other retailers she shopped from popping up on the computer she often shared with her kids.

It’s not just parents who worry about blown surprises. One Reddit user recently posted, coyly and excitedly, that her longtime boyfriend had been getting engagement ring ads in his Facebook feed. Surely, she felt, this was an indication that he was getting ready to pop the question. One commenter followed up with a story about a friend whose boyfriend also was flooded with engagement ring ads before he proposed. Then, as soon as she changed her status to “engaged,” she was slammed with weight loss ads offering to provide assistance “fitting into your dress.” Naturally, the baby-related ads followed after the wedding took place.

“You’re stalked with ads related to what you’ve been shopping for all the time,” says Bruce Schneier, an internationally renowned computer security expert and a fellow at Harvard’s Berkman Center for Internet and Security. Nonetheless, Schneier thinks it’s probably “a rare occurrence” for people to correctly deduce what they’ll be getting as holiday gifts based on the ads they see on a shared computer. “When a kid sees an ad for an Xbox, he’s probably just going to think I want an Xbox, not Mom got me an Xbox.”

For that matter, the presence of these ads is no indication of whether anything was actually purchased. As an Al Jazeera column about “curated” and “retargeted” ads noted, consumers can be “stalked by socks” and other items they browsed while shopping online regardless of whether or not they purchased the goods, or whether they searched for such goods randomly, as a goof, or out of genuine interest. “Personalized ads can be right, but they’re often wrong” in terms of being truly appealing to the right set of eyes, Schneier says.

Most e-retailers offer consumers the right to opt out of being subjected to tracking and retargeted ads, but Schneier thinks doing so is a waste of time. Not only are the processes for opting out convoluted and filled with loopholes, there are so many digitized eyeballs monitoring your online activity that successfully negating them one at a time is virtually impossible.

It’s much better and more effective, he says, to install a tool such as Adblock Plus (which blocks some or all ads according to filters checked by the user), Privacy Badger (which automatically blocks trackers or ads that it deems to violate “the principle of user consent”), or some combination of several blockers. Others recommend shopping online in private browsing mode; when using Google Chrome Incognito, for instance, the browser doesn’t save a record of what sites have been visited, and therefore (theoretically) there should later be no retargeted ads that surface as a result.

If you’re dealing with an especially stubborn child or spouse who has a history of noticing what online ads foretell in terms of holiday gifts, you might want to try a different strategy: Spend some time here and there clicking on all sorts of items haphazardly, or purposely browse for things you know he’d absolutely hate to receive on Christmas. The resulting collection of retargeted ads is likely to be so random, nonsensical, and disappointing that it’ll throw him off the trail and he’ll have no clue what you actually bought.

As a bonus, you’ll simultaneously be messing with the retailers, browsers, and other bots that generate these annoying ads in the first place.

MORE:
What Should I Do If I’ve Been the Victim of a Data Breach?

TIME Companies

Google Wants to Launch Kid-Friendly Services for Users Under 13

Google kids
Small boy looking at laptop Thanasis Zovoilis—Getty Images/Flickr RF

YouTube is already the most popular site with tweens

Google is aiming for a new market: kids.

One of the tech giant’s executives told USA Today that the company is planning to make versions of some of its online products for kids below the age of 13. Google didn’t specify which products will get revamped, but YouTube in particular seems likely—the video site was recently found to be the most popular website amongst tweens, according to one survey.

Age thirteen has long been used as the minimum cutoff for popular websites like YouTube, Facebook and Twitter. Targeting younger users could raise a host of privacy concerns, especially when it comes to using their data to serve them advertising. The Federal Trade Commission strictly regulates the operation of websites aimed at kids under 13 — but Google believes it can bring in these younger users without running afoul of regulations.

“We expect this to be controversial, but the simple truth is kids already have the technology in schools and at home,” said Pavni Diwanji, Google’s vice president of engineering, who is overseeing the rollout. “So the better approach is to simply see to it that the tech is used in a better way.”

[USA Today]

TIME technology

No, Facebook Is Not Planning to Sell Your Images

Facebook Privacy Policy
In this Wednesday, June 11, 2014 photo, a man walks past a sign in an office on the Facebook campus in Menlo Park, Calif. Jeff Chiu—AP

Photographers -- amateurs and professionals alike -- are concerned about a notice of Facebook's supposed privacy changes

After Facebook publicized its intentions to simplify its privacy policy starting in January, a growing number of users have opposed the changes by sharing a private note on their accounts that purports to protect their ownership of their information and photographs.

The notice, which has been circulating for more than two years, typically reads: “On this date, in response to new guidelines on Facebook, pursuant to articles l. 111, 112 and 113 of the code of intellectual property, I declare that my rights are connected to all of my personal data drawings, paintings, pictures, texts, music, etc… Posted on my profile, before this date, now and forever. My consent is necessary for commercial use of what is stated previously is required at all times.”

That message, however, is useless, argues Mickey Osterreicher, General Counsel for the National Press Photographers Association (NPPA). “That message pops up from time to time, and we try to tell people that posting it doesn’t do anything,” he says. “People really don’t understand copyright, and that’s a problem.”

The latest wave of posts came within hours of Facebook emailing its users its privacy changes, with many photographers — amateurs and professionals alike — arguing that the social network could start commercializing their images.

They are wrong, says Matt Steinfeld, Facebook’s Privacy Communications Manager. “The passage in our terms of service that covers your information and your content has not changed,” he tells TIME. “We can’t sell property that we don’t have. You own the things you share on Facebook.”

By signing up to the social media site, users agree to grant Facebook “a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook.” This license, however, ends “when you delete your [Intellectual Property] content or your account unless your content has been shared with others, and they have not deleted it.”

Steinfeld argues that this license is required to allow Facebook to show that particular content on its platform. “But we can’t turn around and sell [it] without your knowledge or permission,” he adds.

“The issue is that the word ‘use’ is a vague and broad term. It could mean just about anything,” says Osterreicher. “In this case, [this license] only grants Facebook the right to use your content, so it might be hard for a third party to use your images. But it still opens the question of what Facebook plans to use that intellectual property for.”

Facebook, however, has gotten used to this perceived uncertainty, which regularly drives users to debate the social site’s commercial intentions.

“I think people are rightly interested in making sure that they have ownership and control over the things they are sharing,” Steinfeld adds. “When people see things [that allude to the fact] that it might not be the case, they are understandably worried. But, the fact of the matter is that it’s pretty clear-cut. There’s no question that people own the things they share on Facebook.”

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser