If the FBI wins against Apple, we all lose

The following is a letter I’ve written my US Senators and Representative regarding the FBI’s attempt to force Apple to provide a backdoor into their iOS encryption framework.

Dear $CongressCritter,

I am strongly against the FBI’s attempt to force Apple to provide a backdoor into their iOS encryption framework.

I am not an iPhone user, but as a 15-year veteran of the tech industry, I am intimately familiar with the importance of encryption in today’s technology ecosystem. If the FBI were to force Apple into providing a backdoor into their encryption framework, there is little to ensure that this capability is limited to this one case and absolutely nothing to prevent others from using it once created. To expect that the custom iOS provided to the FBI would never get into the hands of hackers and enemy states is naive and dangerous. Nor is there anything to prevent the FBI or other government security agencies from using this against US citizens in the future.

Forcing Apple to provide a backdoor sets a terrible precedent. It will negatively impact the US technology sector, and thereby the US economy, as individuals and businesses (both within the US and outside of it) stop purchasing US-made equipment knowing that the US government has, or can have, a route into their data.

Privacy and security are inherently at odds with one another and I acknowledge that it is hard to find a balance between the two. But the US government should be directing tech companies to do a better job of protecting citizen’s privacy, not providing backdoors to allow the US government and others to violate that privacy.

Please put pressure on the FBI to withdraw their request from Apple and make it clear that American citizens need strong encryption to protect our privacy and the US economy.

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.

— Benjamin Franklin

Casey Peel

ProtectMyID coverage from T-Mobile is an upgrade from Target’s

I was impacted by the Target data breach earlier this year and enrolled in the 2-year free Experian ProtectMyID service. I was also unfortunate enough to be impacted by the T-Mobile / Experian data breach a few months ago and received an invitation to enroll in another 2-year free Experian ProtectMyID service. Yesterday I called to see if I could just extend the time of the first account, but discovered that the accounts aren’t the same.

The ProtectMyID account provided by Target was their Alert level account. This level monitors your credit reports from all 3 credit agencies and sends alerts if something is awry.

The account provided by T-Mobile / Experian is an Elite level account. This includes all the features of the Alert level, plus alerts when a change of address is submitted at the post office. They have an optional feature they call “internet scan” which looks like they just check for your SSN (and any credit cards you input) against leaked personal data.

You can cancel the first account and set up the second one without any fee or hassle. I discovered all of the above on the phone while talking to a customer service agent, so I did the cancel/setup over the phone, but I presume you can do it all online.

Note that you can’t re-use the same username, but they give you the ability to change a username on the account. My recommendation would be to change the old account’s username to something else before cancelling the account. That should allow you to re-use it for the new account.

Facebook’s Pages replacing profile information

If any of you have viewed your own Facebook profile recently, I’m sure you’ve seen that pesky dialog that popped up soliciting you to link your profile to Pages.

Part of me appreciates what Facebook is doing: trying to massage a group of arbitrary text labels into a more structured set of data. For instance, on my profile I have ‘Michael Buble’ under Favorite Music. If I accepted the request to link to the Michael Buble Page, the string “Michael Buble” is removed from my profile and replaced with a link to a page all about Michael Buble.

There’s a downside however: information about what Pages you link to is completely public. So while you may have your information like your employer or education shown only to your friends, once you convert those to Pages that information is open to everyone, not just people who are logged into Facebook.

This to me is a grievous privacy violation. By changing this data, which Facebook is strongly wanting you to do based on the fact that the stupid pop-up comes up every time you access your profile, you’re changing the privacy level of your information without even knowing it.

So far I’ve ignored the more-annoying-by-the-day pesterings to link my profile to the suggested Pages, mostly because I haven’t decided which information I want being released to the world at large.

Edited to add: I just unselected all the solicited links and sure enough — all of that data was removed from my profile. Oh well, I guess that’s just a little less information about me floating out on the web. Facebook: you suck.