Ashkan Soltani | |
|---|---|
 | |
| Alma mater | University of California, San Diego (B.A.) University of California, Berkeley (M.A.) |
| Occupation(s) | Chief Technologist, Federal Trade Commission; Privacy and security researcher |
| Website | ashkansoltani |
Ashkan Soltani is the executive director of the California Privacy Protection Agency. [1] [2] He has previously been the Chief Technologist of the Federal Trade Commission and an independent privacy and security researcher based in Washington, DC. [3]
Soltani attended the University of California, San Diego, where he received a bachelor's degree in cognitive science. [4] Soltani would later receive a master's degree from the University of California, Berkeley School of Information. [5]
Between 2010 and 2011, Soltani worked for the US Federal Trade Commission as a staff technologist in the Division of Privacy and Identity Protection, where he assisted with the investigations of Google and Facebook. Soltani previously worked as the primary technical consultant to The Wall Street Journal's "What They Know" series investigating online privacy.
In 2011, he testified at two different hearings held by US Senate committees focused on privacy related matters. Julia Angwin, in her 2014 book Dragnet Nation, describes Soltani as 'the leading technical expert on ad tracking technology'. [6] He was part of the team at The Washington Post that shared the 2014 Pulitzer Prize for Public Service with The Guardian US and earned the 2014 Gerald Loeb Award for Large Newspapers [7] for their coverage of the disclosures about surveillance done by the US National Security Agency. [8] [9] [10] [11]
In 2021, Soltani became the executive director of the California Privacy Protection Agency. [1]
Soltani's first high-profile research project was a 2009 study, supported by the National Science Foundation's Team for Research in Ubiquitous Secure Computing, documenting the use of zombie Flash cookies by several online advertising networks. [12] Soltani and his colleagues at Berkeley revealed that websites were recreating tracking cookies after consumers deleted them by storing the unique tracking identifiers in Flash cookies, which were not automatically deleted when consumers cleared their browser cookies. [13]
After the publication of Soltani's research, class action law firms filed suit against several advertising networks and websites. Quantcast, Clearspring and VideoEgg collectively agreed to pay a total of $3.4 million to settle the lawsuits. [14]
In 2011, Soltani and Berkeley law professor Chris Hoofnagle published a follow-up study, documenting the use of web browser cache ETags to store persistent identifiers. [15] As with the case of Flash cookies, the identifiers stored in the ETags persisted even after consumers deleted their browser cookies. [16] The ETag tracking issue caught the attention of several members of Congress, who wrote to the Federal Trade Commission in September 2011 and urged the agency to investigate the use of advanced tracking technologies as a potentially unfair or deceptive business practice. [17]
Several companies performing ETag based tracking that were identified by the research team were subsequently sued by class action lawyers. In January 2013, KISSmetrics, an online advertising network, settled its ETag related lawsuit for $500,000. [18]
The Electronic Privacy Information Center (EPIC) is an independent nonprofit research center established in 1994 to protect privacy, freedom of expression, and democratic values in the information age. Based in Washington, D.C., their mission is to "secure the fundamental right to privacy in the digital age for all people through advocacy, research, and litigation." EPIC believes that privacy is a fundamental right, the internet belongs to people who use it, and there's a responsible way to use technology.
MUSCULAR (DS-200B), located in the United Kingdom, is the name of a surveillance program jointly operated by Britain's Government Communications Headquarters (GCHQ) and the U.S. National Security Agency (NSA) that was revealed by documents released by Edward Snowden and interviews with knowledgeable officials. GCHQ is the primary operator of the program. GCHQ and the NSA have secretly broken into the main communications links that connect the data centers of Yahoo! and Google. Substantive information about the program was made public at the end of October 2013.
Internet privacy involves the right or mandate of personal privacy concerning the storage, re-purposing, provision to third parties, and display of information pertaining to oneself via the Internet. Internet privacy is a subset of data privacy . Privacy concerns have been articulated from the beginnings of large-scale computer sharing and especially relate to mass surveillance.
HTTP cookies are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session.
The ETag or entity tag is part of HTTP, the protocol for the World Wide Web. It is one of several mechanisms that HTTP provides for Web cache validation, which allows a client to make conditional requests. This mechanism allows caches to be more efficient and saves bandwidth, as a Web server does not need to send a full response if the content has not changed. ETags can also be used for optimistic concurrency control to help prevent simultaneous updates of a resource from overwriting each other.
Barton David Gellman is an American author and journalist known for his reports on the September 11 attacks, on Dick Cheney's vice presidency, and on the global surveillance disclosure. Beginning in June 2013, he authored The Washington Post's coverage of the U.S. National Security Agency, based on top secret documents provided to him by ex-NSA contractor Edward Snowden. He published a book for Penguin Press on the rise of the surveillance-industrial state in May 2020, and joined the staff of The Atlantic.
Web tracking is the practice by which operators of websites and third parties collect, store and share information about visitors' activities on the World Wide Web. Analysis of a user's behaviour may be used to provide content that enables the operator to infer their preferences and may be of interest to various parties, such as advertisers. Web tracking can be part of visitor management.
Evercookie is an open-source JavaScript application programming interface (API) that identifies and reproduces intentionally deleted cookies on the clients' browser storage. This behavior is known as a Zombie cookie. It was created by Samy Kamkar in 2010 to demonstrate the possible infiltration from the websites that use respawning. Websites that have adopted this mechanism can identify users even if they attempt to delete the previously stored cookies.
A zombie cookie is a piece of data usually used for tracking users, which is created by a web server while a user is browsing a website, and placed on the user's computer or other device by the user's web browser, similar to regular HTTP cookies, but with mechanisms in place to prevent the deletion of the data by the user. Zombie cookies could be stored in multiple locations—since failure to remove all copies of the zombie cookie will make the removal reversible, zombie cookies can be difficult to remove. Since they do not entirely rely on normal cookie protocols, the visitor's web browser may continue to recreate deleted cookies even though the user has opted not to receive cookies.
Do Not Track (DNT) is a deprecated non-standard HTTP header field designed to allow internet users to opt out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of data derived from that activity outside the context in which it occurred.
Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-site scripting (XSS) with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities that are commonly exploited in all browsers.
Chris Jay Hoofnagle is an American professor at the University of California, Berkeley who teaches information privacy law, computer crime law, regulation of online privacy, internet law, and seminars on new technology. Hoofnagle has contributed to the privacy literature by writing privacy law legal reviews and conducting research on the privacy preferences of Americans. Notably, his research demonstrates that most Americans prefer not to be targeted online for advertising and despite claims to the contrary, young people care about privacy and take actions to protect it. Hoofnagle has written scholarly articles regarding identity theft, consumer privacy, U.S. and European privacy laws, and privacy policy suggestions.
Edward Joseph Snowden is an American-Russian former NSA intelligence contractor and whistleblower who leaked classified documents revealing the existence of global surveillance programs. He became a naturalized Russian citizen in 2022.
During the 2010s, international media reports revealed new operational details about the Anglophone cryptographic agencies' global surveillance of both foreign and domestic nationals. The reports mostly relate to top secret documents leaked by ex-NSA contractor Edward Snowden. The documents consist of intelligence files relating to the U.S. and other Five Eyes countries. In June 2013, the first of Snowden's documents were published, with further selected documents released to various news outlets through the year.
This is a category of disclosures related to global surveillance.
Global mass surveillance can be defined as the mass surveillance of entire populations across national borders.
The Fourth Amendment Protection Acts, are a collection of state legislation aimed at withdrawing state support for bulk data (metadata) collection and ban the use of warrant-less data in state courts. They are proposed nullification laws that, if enacted as law, would prohibit the state governments from co-operating with the National Security Agency, whose mass surveillance efforts are seen as unconstitutional by the proposals' proponents. Specific examples include the Kansas Fourth Amendment Preservation and Protection Act and the Arizona Fourth Amendment Protection Act. The original proposals were made in 2013 and 2014 by legislators in the American states of Utah, Washington, Arizona, Kansas, Missouri, Oklahoma and California. Some of the bills would require a warrant before information could be released, whereas others would forbid state universities from doing NSA research or hosting NSA recruiters, or prevent the provision of services such as water to NSA facilities.
This timeline of global surveillance disclosures from 2013 to the present day is a chronological list of the global surveillance disclosures that began in 2013. The disclosures have been largely instigated by revelations from the former American National Security Agency contractor Edward Snowden.
Jonathan Mayer is an American computer scientist and lawyer. He is an Associate Professor of Computer Science and Public Affairs at Princeton University affiliated with the Center for Information Technology Policy, and was previously a PhD student in computer science at Stanford University and a fellow at the Center for Internet and Society and the Center for International Security and Cooperation. During his graduate studies he was a consultant at the California Department of Justice.
Google's changes to its privacy policy on March 16, 2012, enabled the company to share data across a wide variety of services. These embedded services include millions of third-party websites that use AdSense and Analytics. The policy was widely criticized for creating an environment that discourages Internet innovation by making Internet users more fearful and wary of what they do online.