Wednesday, October 28, 2015

What does the new "Relevant Mobile Advertising" mean to you?

What does the new "Relevant Mobile Advertising" mean to you as a smartphone user, and what can you do if you disagree with it?

It's been said, if it is free to you, then you are the product. If you are not paying, then the business model of the service or website is likely business to business (B2B). But now, even though you are paying for mobile carrier or Internet Service Provider (ISP) services, you are also the product as well, in a B2B profit model between those companies and others.

Relevant Mobile Advertising allows third party partners and marketers to use a socioeconomic and demographic web of your information to advertise to you on your smartphone. The information belonging to you that they use includes:
  • where you live
  • where you travel to
  • where you shop
  • what websites you visit on your personal computer and phone.
  • email address and metadata in body of your emails
  • smartphone device make & model
  • gender, age, and interest indicators such as:
    • favorite sports team, pet owner, where you dine out, etc.
    • what you've typed into Google search engine on your personal computer and phone.
Cumulatively, this data amounts to your Unique Identifier Header (UIDH). We all have a UIDH which internet advertisers use to for targeted advertising campaigns. Now, the said campaigns have become more elaborate by including your smartphone use and by advertising to you on your mobile devices as well using your UIDH.
Customer Proprietary Network Information Settings (CPNI) are regulated and enforced by the Federal Communications Commission (FCC). All mobile carriers are supposed to protect our CPNI by law, but selling our UIDH is fair game. Relevant Mobile Advertising allows for a large playing field largely because of how tricky carriers get in their privacy policy disclosures. For example, many companies claim proudly to consumers that they do not share your personal information with third parties. But then they state that any external company that they are working with or doing business with is not a third party. This means you have no cognizance of where your personal information goes. While your CPNI is generally protected from hacking or dissemination, our UIDH is frequently sold away in a very profitable industry. As a result, the web of information described above is likely already in the hands of companies you have never done business.
You have rights to privacy, and the companies you choose to do business with have obligations to protect your personal information and uphold your rights to privacy. Neither large corporations nor the FCC expect the common consumer to know how to exercise their rights nor when those rights are being violated.
What can do about it? You can contact your service provider to opt out of personal data sharing from your mobile device. But this does not prevent companies from receiving, within your UIDH, your location or shopping habits gathered from other methods for instance. Your carrier or ISP privacy policy is publicly available to you, but written using terminology that is not generally understood by the public. If you are curious about the methods in which you’re socioeconomic and demographic web of personal information is gathered or what preventative measures can be taken, contact me.

Parents, do you believe in invading your children’s privacy?

I do, to an extent at least. I recall the motto, “give’em enough rope to hang themselves” because it allows them to learn from their mistakes.  So how about using nanny-cams and key loggers?
A nanny cam is a hidden camera in a common area of your home used to observe your children and babysitter. Some argue that if you even think about installing a nanny cam, you shouldn’t have the babysitter. You’ve got to have trust foremost. And then why not have some inside information also.
A key logger is software that tracks computer usage as precise to sites visited, username and passwords entered, screenshots of what is being viewed, and it logs it in a file accessible remotely or locally. I want to talk about key loggers.
Although it is prohibited to install key logging software on medical, government, or educational computers, it is perfectly legal to use such technology on your own personal laptop or desktop. If you own a law firm for example, as long as your employees receive notification upon logon that they are being monitored, then your firm can use key loggers as well.  Here is what a key logger can do for you:
1.       If your laptop is stolen, you can view the thief’s activity remotely and facilitate with the police report or homeowner’s insurance claim filing.
2.       If you want to keep tabs on your child, you can attain their passwords to their social networking sites, email inboxes, and see what videos they watch and when.  “Keylogger is your litmus test as a caring parent.” (
3.       For security on your personal computer to covertly monitor unauthorized activity for purposes of identifying download locations for virus protection.
When selecting a key logger, free is usually attractive, but there are privacy issues to be aware of for yourself.  Free software often earns its value for the author via either advertisements or data collection. I warn you about the latter regarding some free key logging software. When selecting a key logger, make sure that it does not do the very same thing to you that you intend to use it for. By that, I mean be sure that it does not open ports on your firewall, collect info about your data usage and pass it from your computer through the firewall back to the author of the free software.  You should be the only one accessing your logs, not the owners of the software. ( I find key loggers (and software that does not compromise your privacy in general) useful even if not used for invading your children’s privacy. Maybe it is a question of trust over transparency?
From a legal perspective, should any party other than yourself have any reasonable expectation of data privacy when accessing the internet from your computer? Maybe the next time you borrow a friend’s laptop to conduct a quick check of your bank account balance or respond to an urgent email, you might inquire if they use a key logger.

Thursday, July 16, 2015

Which type of law firm is seen as the best candidate to hackers?

Which genre of law that a firm may practice makes a law firm most highly targeted by Advanced Persistent Threat (APT) attacks to their computers?
It's intellectual property.
The motivations are cyber espionage and monetary gain.

An APT attack is a set of stealthy and continuous hacking processes orchestrated by human, targeting a specific entity. In many cases, a law firm.
This is nothing new. FBI has been warning of "spear phishing" attempts on law firms since 2009.
Only in 2014 did some firms finally seem to become proactive about protecting client's data.

Intellectual property firms maintain trade secrets, pending patents, and merger/acquisition plans.  Details of such information could prove invaluable to competitors, and catastrophic to clients of targeted law firms.

For example, Lunchables spent $25M on market preparedness before launching their product in retail. Hacking the intellectual property law firm which served Lunchables as a client would allow a competitor to steal their trade dress packaging design, begin manufacturing, and capture the market before Lunchables brand could establish distinctiveness or recognition of their product. This would ruin an opportunity for return on their $25M investment.

Merger and acquisition plans could end up intermeddled with or give competitors unfair advantages. Also, insider trading can become an issue that could lead to SEC investigations that would lead back to the leakage at the law firm.

Small IP law firms and large international IP firms alike are both prime candidates for APT attacks. Firms often feel that it either wont happen to them or that the firm cannot afford protection. Fact is, hacking any law firm is very advantageous and profitable based on the motivation. The information that IP firms hold seems to be the strongest motivation thus far.

I'm Jamal, and I can help. Contact me if you would like to discuss further.

Tuesday, April 28, 2015

Is big brother not watching?

Is big brother not watching?

Google knows who you are, what you searched for, when you did it, where you were located when you did it and what computer you used. (
Google tracks your IP address, time/date, query attempts, web browser type & version, MAC address and more.
1.       Your internet service provider uses a unique subnet mask with a unique IP range that makes your region, city or even neighborhood identifiable. IPv4 addresses have 4 octets. The class of the IP range purchased by your internet service provider in your area, along with the subnet mask used by your service provider can separate clients by physical and logical segments.
2.       Google logs a time and date stamp with each query attempt. Attaching the timestamp to your IP can also be used for your security; If you generally browse the web from your home computer, but then I hack your account from my home computer at the same time, the conflicting timestamps and IP addresses are indicative of your account being accessed at an unusual location. Banks use this simple technology as well.
3.       Google logs what you are searching for by logging your query entries. This info can be spatial organized along with day of the week and time of the day data to formulate personal, unique usage habits/patterns. Counter terrorism agencies  use this type of collection of data to track trending events or trends of activity using algorithms that combine and analyze nationwide data.
4.       Whether you surf the web using Firefox, Chrome, IE, Safari, or whether your operating system is Mac, Linux, Win Vista or Win 8, might not initially seem important to you. Google wants to sell their Chrome brand browser so they will advertise it to you until you download and use it. They will know if you have done so or not. But that’s not so imposing or obtrusive. The version of the browser and operating system could be indicative of the age of the device being used. When the region of the IP address is evaluated in conjunction with very old versions of web browsers or OS for example, it could be used to identify a situation where antiquated technology is being used for cyber criminal activity from remote locations (or where competitive corporate hacking takes place to gain a competitive market advantage.
5.       Google thinks they are tricky in the wording of their privacy policy. The sixteen digit “cookie ID” is actually the unique physical ID of your Network Interface Controller (NIC card). Within those 16 digits, your make, manufacturer, model and more are pinpointed to your one and only NIC card of your physical computer or device. Their Pixel tags are like little computerized spies that send back data on where you go within websites, what you click on or even the status of your email messages. For example, your Droid or iPhone has a MAC that is connected to your user account information registered with your mobile phone service provider. You can deduce that all activity you conduct using Wi-Fi from your mobile phone is very easily identifiable as belonging to you by name, address, credit card number and phone number of course.
Do you see how these five types of data-collection are used to build a demographical, geographical, socio-economical web of who you are, where you go, who you know, and what your interests are?
IT professional & Law Student

Classification: UNCLASSIFIED
Caveats: FOUO

Friday, February 27, 2015

 "Net Neutrality" decision was approved by the FCC yesterday. Will it get past SCOTUS?

"Net Neutrality" decision was approved by the FCC. Court ruled in favor, 3-2. Broadband Internet now falls under the same strictly government regulated Title II Legislation passed in the 1930s for telephone lines. Advocates for "open internet" applaud this decision. I'm not certain yet how I feel about the entirety its implications, but I'm confident SCOTUS will grant certiorari.

Friday, January 9, 2015

What is Data Privacy and Cyber Security Law?

Much of the litigation that occurs in the field of information technology results from enterprises failing to keep customer and employee information secure. Now that it is primarily stored in digital format, sensitive information is susceptible to theft on a scale unimaginable in previous generations. Hackers and other cyber criminals routinely target financial institutions, e-commerce websites, and ordinary businesses, sometimes gaining access to thousands of customers’ data all at once. This can lead to various legal claims, from government enforcement actions to class action consumer lawsuits. 

Companies that have any presence on the internet should act proactively to avoid these problems. Information technology lawyers are available to audit security systems and policies, and to recommend any necessary changes. If a breach has already occurred, an experienced legal team can represent companies in investigations by the FTC or state attorneys general, and defend against civil litigation brought by private parties. Data privacy and security issues can arise at any time. To succeed in today’s business environment, it is critical to stay ahead of the curve and make safeguarding digital information a priority.