Group items matching

in title, tags, annotations or url

"Once the technology is in place, there will always be the temptation to use it. And it is poor civic hygiene to install technologies that could someday facilitate a police state." Today we're installing technologies of ubiquitous surveillance, and the temptation to use them will be overwhelming.

The NSA has become too big and too powerful. What was supposed to be a single agency with a dual mission -- protecting the security of U.S. communications and eavesdropping on the communications of our enemies -- has become unbalanced in the post-Cold War, all-terrorism-all-the-time era. Putting the U.S. Cyber Command, the military's cyberwar wing, in the same location and under the same commander, expanded the NSA's power. The result is an agency that prioritizes intelligence gathering over security, and that's increasingly putting us all at risk. It's time we thought about breaking up the National Security Agency. Broadly speaking, three types of NSA surveillance programs were exposed by the documents released by Edward Snowden. And while the media tends to lump them together, understanding their differences is critical to understanding how to divide up the NSA's missions.

We can't choose a world where the US gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance.

The basic government defense of the NSA's bulk-collection programs—whether it be the list of all the telephone calls you made, your email address book and IM buddy list, or the messages you send your friends—is that what the agency is doing is perfectly legal, and doesn’t really count as surveillance, until a human being looks at the data. It's what Director of National Intelligence James R. Clapper meant when he lied to Congress. When asked, "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" he replied, "No sir, not wittingly." To him, the definition of "collect" requires that a human look at it. So when the NSA collects—using the dictionary definition of the word—data on hundreds of millions of Americans, it’s not really collecting it, because only computers process it. <div><a href="http://pubads.g.doubleclick.net/gampad/jump?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_politics&t=src%3Dblog%26by%3Dbruce-schneier%26title%3Dwhy-the-nsas-defense-of-mass-data-collection-makes-no-sense%26pos%3Din-article&sz=300x185&c=898722889&tile=3" title=""><img src="http://pubads.g.doubleclick.net/gampad/ad?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_politics&t=src%3Dblog%26by%3Dbruce-schneier%26title%3Dwhy-the-nsas-defense-of-mass-data-collection-makes-no-sense%26pos%3Din-article&sz=300x185&c=898722889&tile=3" alt="" /></a></div> The NSA maintains that we shouldn't worry about human processing, either, because it has rules about accessing all that data. General Keith Alexander, director of the NSA, said that in a recent New York Times interview: "The agency is under rules preventing it from investigating that so-called haystack of data unless it has a 'reasonable, articulable' justification, involving communications with terrorists abroad, he added." There are lots of things wrong with this defense.

The NSA’s spying on everyone’s metadata can tell them just about everything about us … and it violates our Constitutional right to freedom of association. But people are getting distracted from the big picture by focusing on metadata. As security expert Bruce Schneier wrote yesterday: What frustrates me about all of this — [the Privacy and Civil Liberties Oversight Board] report, the president’s speech, and so many other things — is that they focus on the bulk collection of cell phone call records. There’s so much more bulk collection going on — phone calls, e-mails, address books, buddy lists, text messages, cell phone location data, financial documents, calendars, [smartphone apps] etc. — and we really need legislation and court opinions on it all. But because cell phone call records were the first disclosure, they’re what gets the attention. Indeed, Schneier confirmed last October what we’ve been saying for years … don’t get too distracted by the details, because the government is spying on everything:

Honestly, I think the details matter less and less. We have to assume that the NSA has EVERYONE who uses electronic communications under CONSTANT surveillance. New details about hows and whys will continue to emerge …but the big picture will remain the same. He’s right. As just one example, there is substantial evidence from top NSA and FBI whistleblowers that the government is recording the content of our calls and emails … word-for-word. So what should we make of the government’s denials that it records content? Given that the government has been caught lying about spying again and again, I’m not sure how much weight we should give to such denials. NSA whistleblower Russ Tice notes: They’re collecting content … word-for-word. *** You can’t trust these people. They lie, and they lie a lot.

It turns out that the NSA's domestic and world-wide surveillance apparatus is even more extensive than we thought. Bluntly: The government has commandeered the Internet. Most of the largest Internet companies provide information to the NSA, betraying their users. Some, as we've learned, fight and lose. Others cooperate, either out of patriotism or because they believe it's easier that way. I have one message to the executives of those companies: fight.

The Guardian has released new documents from Edward Snowden showing how the U.S. National Security Agency targets internet anonymity tool Tor to gather intelligence. One of the documents, a presentation titled "Tor Stinks," bluntly acknowledges how effective the tool is: "We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand." (Other documents: presentation 1, presentation 2.) The NSA is able to extract information sometimes, though, and Bruce Schneier details what we know of that process in an article of his own. "The NSA creates 'fingerprints' that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet. ... After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems." Schneier explains in a related article why it's important that we figure out exactly what the NSA is doing. "Given how inept the NSA was at protecting its own secrets, it's extremely unlikely that Edward Snowden was the first sysadmin contractor to walk out the door with a boatload of them. And the previous leakers could have easily been working for a foreign government."

The Guardian has released new documents from Edward Snowden showing how the U.S. National Security Agency targets internet anonymity tool Tor to gather intelligence. One of the documents, a presentation titled "Tor Stinks," bluntly acknowledges how effective the tool is: "We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand." (Other documents: presentation 1, presentation 2.) The NSA is able to extract information sometimes, though, and Bruce Schneier details what we know of that process in an article of his own. "The NSA creates 'fingerprints' that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet. ... After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems." Schneier explains in a related article why it's important that we figure out exactly what the NSA is doing. "Given how inept the NSA was at protecting its own secrets, it's extremely unlikely that Edward Snowden was the first sysadmin contractor to walk out the door with a boatload of them. And the previous leakers could have easily been working for a foreign government."

The revelation of Prism this month by the Washington Post and Guardian newspapers has touched off the latest round in a decade-long debate over what limits to impose on government eavesdropping, which the Obama administration says is essential to keep the nation safe. But interviews with more than a dozen current and former government and technology officials and outside experts show that, while Prism has attracted the recent attention, the program actually is a relatively small part of a much more expansive and intrusive eavesdropping effort. Americans who disapprove of the government reading their emails have more to worry about from a different and larger NSA effort that snatches data as it passes through the fiber optic cables that make up the Internet's backbone. That program, which has been known for years, copies Internet traffic as it enters and leaves the United States, then routes it to the NSA for analysis.

Whether by clever choice or coincidence, Prism appears to do what its name suggests. Like a triangular piece of glass, Prism takes large beams of data and helps the government find discrete, manageable strands of information. The fact that it is productive is not surprising; documents show it is one of the major sources for what ends up in the president's daily briefing. Prism makes sense of the cacophony of the Internet's raw feed. It provides the government with names, addresses, conversation histories and entire archives of email inboxes.

The NSA is prohibited from spying on Americans or anyone inside the United States. That's the FBI's job and it requires a warrant. Despite that prohibition, shortly after the Sept. 11 terrorist attacks, President George W. Bush secretly authorized the NSA to plug into the fiber optic cables that enter and leave the United States, knowing it would give the government unprecedented, warrantless access to Americans' private conversations. Tapping into those cables allows the NSA access to monitor emails, telephone calls, video chats, websites, bank transactions and more. It takes powerful computers to decrypt, store and analyze all this information, but the information is all there, zipping by at the speed of light. "You have to assume everything is being collected," said Bruce Schneier, who has been studying and writing about cryptography and computer security for two decades. The New York Times disclosed the existence of this effort in 2005. In 2006, former AT&T technician Mark Klein revealed that the company had allowed the NSA to install a computer at its San Francisco switching center, a key hub for fiber optic cables.

Similarly, the ACLU’s Jameel Jaffer testified before the Senate Judiciary Committee (PDF) on July 31, 2013: But the Fourth Amendment is triggered by the collection of information, not simply by the querying of it. The NSA cannot insulate this program from Fourth Amendment scrutiny simply by promising that Americans’ private information will be safe in its hands. The Fourth Amendment exists to prevent the government from acquiring Americans’ private papers and communications in the first place. Because the metadata program vacuums up sensitive information about associational and expressive activity, it is also unconstitutional under the First Amendment. The Supreme Court has recognized that the government’s surveillance and investigatory activities have an acute potential to stifle association and expression protected by the First Amendment.

(Reuters) - As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned. Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

The earlier disclosures of RSA's entanglement with the NSA already had shocked some in the close-knit world of computer security experts. The company had a long history of championing privacy and security, and it played a leading role in blocking a 1990s effort by the NSA to require a special chip to enable spying on a wide range of computer and communications products.

The RSA deal shows one way the NSA carried out what Snowden's documents describe as a key strategy for enhancing surveillance: the systematic erosion of security tools. NSA documents released in recent months called for using "commercial relationships" to advance that goal, but did not name any security companies as collaborators.

In a recent column, security expert Bruce Schneier proposed breaking up the NSA – handing its offensive capabilities work to US Cyber Command and its law enforcement work to the FBI, and terminating its programme of attacking internet security. In place of this, Schneier proposed that “instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.” This is a profoundly good idea for reasons that may not be obvious at first blush.People who worry about security and freedom on the internet have long struggled with the problem of communicating the urgent stakes to the wider public. We speak in jargon that’s a jumble of mixed metaphors – viruses, malware, trojans, zero days, exploits, vulnerabilities, RATs – that are the striated fossil remains of successive efforts to come to grips with the issue. When we do manage to make people alarmed about the stakes, we have very little comfort to offer them, because Internet security isn’t something individuals can solve.

I remember well the day this all hit home for me. It was nearly exactly a year ago, and I was out on tour with my novel Homeland, which tells the story of a group of young people who come into possession of a large trove of government leaks that detail a series of illegal programmes through which supposedly democratic governments spy on people by compromising their computers.

I explained the book’s premise, and then talked about how this stuff works in the real world. I laid out a parade of awfuls, including a demonstrated attack that hijacked implanted defibrillators from 10 metres’ distance and caused them to compromise other defibrillators that came into range, implanting an instruction to deliver lethal shocks at a certain time in the future. I talked about Cassidy Wolf, the reigning Miss Teen USA, whose computer had been taken over by a “sextortionist” who captured nude photos of her and then threatened to release them if she didn’t perform live sex shows for him. I talked about the future of self-driving cars, smart buildings, implanted hearing aids and robotic limbs, and explained that the world is made out of computers that we put our bodies into, and that we put inside our bodies.These computers are badly secured. What’s more, governments and their intelligence agencies are actively working to undermine the security of our computers and networks. This was before the Snowden revelations, but we already knew that governments were buying “zero-day vulnerabilities” from security researchers. These are critical bugs that can be leveraged to compromise entire systems. Until recently, the normal response to the discovery of one of these “vulns” was to report them to the vendor so they could be repaired.

Alleged leaked documents about the NSA's XKeyscore snooping software appear to show the paranoid agency is targeting Tor and Tails users, Linux Journal readers – and anyone else interested in online privacy.Apparently, this configuration file for XKeyscore is in the divulged data, which was obtained and studied by members of the Tor project and security specialists for German broadcasters NDR and WDR. <a href="http://pubads.g.doubleclick.net/gampad/jump?iu=/6978/reg_security/front&sz=300x250%7C300x600&tile=3&c=33U7ZK6qwQrMkAACSrTugAAAP1&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" target="_blank"> <img src="http://pubads.g.doubleclick.net/gampad/ad?iu=/6978/reg_security/front&sz=300x250%7C300x600&tile=3&c=33U7ZK6qwQrMkAACSrTugAAAP1&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" alt=""></a> In their analysis of the alleged top-secret documents, they claim the NSA is, among other things:Specifically targeting Tor directory servers Reading email contents for mentions of Tor bridges Logging IP addresses used to search for privacy-focused websites and software And possibly breaking international law in doing so. We already know from leaked Snowden documents that Western intelligence agents hate Tor for its anonymizing abilities. But what the aforementioned leaked source code, written in a rather strange custom language, shows is that not only is the NSA targeting the anonymizing network Tor specifically, it is also taking digital fingerprints of any netizens who are remotely interested in privacy.

These include readers of the Linux Journal site, anyone visiting the website for the Tor-powered Linux operating system Tails – described by the NSA as "a comsec mechanism advocated by extremists on extremist forums" – and anyone looking into combining Tails with the encryption tool Truecrypt.If something as innocuous as Linux Journal is on the NSA's hit list, it's a distinct possibility that El Reg is too, particularly in light of our recent exclusive report on GCHQ – which led to a Ministry of Defence advisor coming round our London office for a chat.

If you take even the slightest interest in online privacy or have Googled a Linux Journal article about a broken package, you are earmarked in an NSA database for further surveillance, according to these latest leaks.This is assuming the leaked file is genuine, of course.Other monitored sites, we're told, include HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion. The IP address of computer users even looking at these sites is recorded and stored on the NSA's servers for further analysis, and it's up to the agency how long it keeps that data.The XKeyscore code, we're told, includes microplugins that target Tor servers in Germany, at MIT in the United States, in Sweden, in Austria, and in the Netherlands. In doing so it may not only fall foul of German law but also the US's Fourth Amendment.

Top experts say there could be a new person leaking details about the National Security Agency, in addition to former contractor Edward Snowden.Glenn Greenwald, the journalist most closely associated to Snowden, said he suspects someone else has been involved in leaking out new documents, and other experts have backed up the claim.ADVERTISEMENTThe existence of a second leaker “seems clear at this point,” Greenwald wrote on Twitter over the weekend. “The lack of sourcing to Snowden on this & that last [Der Spiegel] article seems petty telling,” he added, after German broadcasters reported that the NSA was tracking people searching for details about privacy software. 

Neither the Der Spiegel article from December nor last week’s story, both of which were partly written by privacy advocate and security researcher Jacob Appelbaum, specifically mentioned that the information emanated from leaks by Snowden.“That's particularly notable given that virtually every other article using Snowden documents - including der Spiegel - specifically identified him as the source,” Greenwald said in an email to The Hill on Monday.Other people who have seen Snowden’s trove of documents have agreed that the documents revealed by German outlets seem to indicate a second source.

Bruce Schneier, a cryptologist and cybersecurity expert who has helped the Guardian review Snowden’s disclosures, said he did “not believe that this came from the Snowden documents.”“I think there’s a second leaker out there,” he wrote in a blog post last week. If true, it could add another headache for the NSA, which has struggled for more than a year to contain the fallout from Snowden’s revelations. Defenders of the NSA say that the disclosures have hurt U.S. security and empowered terrorists and other enemies abroad.Among other internal reforms, the spy agency has beefed up its clearance procedures to prevent another employee from passing along secret documents to journalists or governments in Beijing and Moscow.

As the world focuses on the high-tech spying of the National Security Agency, the misplaced card offers a rare glimpse inside the seemingly low-tech but prevalent snooping of the United States Postal Service. Mr. Pickering was targeted by a longtime surveillance system called mail covers, but that is only a forerunner of a vastly more expansive effort, the Mail Isolation Control and Tracking program, in which Postal Service computers photograph the exterior of every piece of paper mail that is processed in the United States — about 160 billion pieces last year. It is not known how long the government saves the images. Together, the two programs show that snail mail is subject to the same kind of scrutiny that the National Security Agency has given to telephone calls and e-mail. The mail covers program, used to monitor Mr. Pickering, is more than a century old but is still considered a powerful tool. At the request of law enforcement officials, postal workers record information from the outside of letters and parcels before they are delivered. (Actually opening the mail requires a warrant.) The information is sent to whatever law enforcement agency asked for it. Tens of thousands of pieces of mail each year undergo this scrutiny. The Mail Isolation Control and Tracking program was created after the anthrax attacks in late 2001 that killed five people, including two postal workers. Highly secret, it seeped into public view last month when the F.B.I. cited it in its investigation of ricin-laced letters sent to President Obama and Mayor Michael R. Bloomberg. It enables the Postal Service to retroactively track mail correspondence at the request of law enforcement. No one disputes that it is sweeping.

“In the past, mail covers were used when you had a reason to suspect someone of a crime,” said Mark D. Rasch, who started a computer crimes unit in the criminal division’s fraud section of the Justice Department and worked on several fraud cases using mail covers. “Now it seems to be ‘Let’s record everyone’s mail so in the future we might go back and see who you were communicating with.’ Essentially you’ve added mail covers on millions of Americans.” Bruce Schneier, a computer security expert and an author, said whether it was a postal worker taking down information or a computer taking images, the program was still an invasion of privacy. “Basically they are doing the same thing as the other programs, collecting the information on the outside of your mail, the metadata, if you will, of names, addresses, return addresses and postmark locations, which gives the government a pretty good map of your contacts, even if they aren’t reading the contents,” he said.

Just as it seems the White House is close to finally announcing its policy on encryption - the FBI has been pushing for tech companies like Apple and Google to insert backdoors into their phones so the US government can always access users’ data - new Snowden revelations and an investigation by a legendary journalist show exactly why the FBI’s plans are so dangerous. One of the biggest arguments against mandating backdoors in encryption is the fact that, even if you trust the United States government never to abuse that power (and who does?), other criminal hackers and foreign governments will be able to exploit the backdoor to use it themselves. A backdoor is an inherent vulnerability that other actors will attempt to find and try to use it for their own nefarious purposes as soon as they know it exists, putting all of our cybersecurity at risk. In a meticulous investigation, longtime NSA reporter James Bamford reported at the Intercept Tuesday that the NSA was behind the notorious “Athens Affair”. In surveillance circles, the Athens Affair is stuff of legend: after the 2004 Olympics, the Greek government discovered that an unknown attacker had hacked into Vodafone’s “lawful intercept” system, the phone company’s mechanism of wiretapping phone calls. The attacker spied on phone calls of the president, other Greek politicians and journalists before it was discovered. According to Bamford’s story, all this happened after the US spy agency cooperated with Greek law enforcement to keep an eye on potential terrorist attacks for the Olympics. Instead of packing up their surveillance gear, they covertly pointed it towards the Greek government and its people. But that’s not all: according to Snowden documents that Bamford cited, this is a common tactic of the NSA. They often attack the “lawful intercept” systems in other countries to spy on government and citizens without their knowledge:

Exploiting the weaknesses associated with lawful intercept programs was a common trick for NSA. According to a previously unreleased top-secret PowerPoint presentation from 2012, titled “Exploiting Foreign Lawful Intercept Roundtable”, the agency’s “countries of interest” for this work included, at that time, Mexico, Indonesia, Egypt and others. The presentation also notes that NSA had about 60 “Fingerprints” — ways to identify data — from telecom companies and industry groups that develop lawful intercept systems, including Ericsson, as well as Motorola, Nokia and Siemens. It’s the exact nightmare scenario security experts have warned about when it comes to backdoors: they are not only available to those that operate them “legally”, but also to those who can hack into them to spy without anyone’s knowledge. If the NSA can do it, so can China, Russia and a host of other malicious actors.

ne new email service promising "end-to-end" encryption launched on Friday, and others are being developed while major services such as Google Gmail and Yahoo Mail have stepped up security measures.A major catalyst for email encryption were revelations about widespread online surveillance in documents leaked by Edward Snowden, the former National Security Agency contractor."A lot of people were upset with those revelations, and that coalesced into this effort," said Jason Stockman, a co-developer of ProtonMail, a new encrypted email service which launched Friday with collaboration of scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.Stockman said ProtonMail aims to be as user-friendly as the major commercial services, but with extra security, and with its servers located in Switzerland to make it more difficult for US law enforcement to access.

"Our vision is to make encryption and privacy mainstream by making it easy to use," Stockman told AFP. "There's no installation. Everything happens behind the scenes automatically."Even though email encryption using special codes or keys, a system known as PGP, has been around for two decades, "it was so complicated," and did not gain widespread adoption, Stockman said.After testing over the past few months, ProtonMail went public Friday using a "freemium" model a basic account will be free with some added features for a paid account.

By locating in Switzerland, ProtonMail hopes to avoid the legal woes of services like Lavabit widely believed to be used by Snowden which shut down rather than hand over data to the US government, and which now faces a contempt of court order.Even if a Swiss court ordered data to be turned over, Stockman said, "we would hand over piles of encrypted data. We don't have a key. We never see the password."

There's a new international survey on Internet security and trust, of "23,376 Internet users in 24 countries," including "Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain, Hong Kong, India, Indonesia, Italy, Japan, Kenya, Mexico, Nigeria, Pakistan, Poland, South Africa, South Korea, Sweden, Tunisia, Turkey and the United States." Amongst the findings, 60% of Internet users have heard of Edward Snowden, and 39% of those "have taken steps to protect their online privacy and security as a result of his revelations." The press is mostly spinning this as evidence that Snowden has not had an effect: "merely 39%," "only 39%," and so on. (Note that these articles are completely misunderstanding the data. It's not 39% of people who are taking steps to protect their privacy post-Snowden, it's 39% of the 60% of Internet users -- which is not everybody -- who have heard of him. So it's much less than 39%.)

Even so, I disagree with the "Edward Snowden Revelations Not Having Much Impact on Internet Users" headline. He's having an enormous impact. I ran the actual numbers country by country, combining "data on Internet penetration with data from this survey. Multiplying everything out, I calculate that *706 million people* have changed their behavior on the Internet because of what the NSA and GCHQ are doing. (For example, 17% of Indonesians use the Internet, 64% of them have heard of Snowden and 62% of them have taken steps to protect their privacy, which equals 17 million people out of its total 250-million population.)

Note that the countries in this survey only cover 4.7 billion out of a total 7 billion world population. Taking the conservative estimates that 20% of the remaining population uses the Internet, 40% of them have heard of Snowden, and 25% of those have done something about it, that's an additional 46 million people around the world. It's certainly true that most of those people took steps that didn't make any appreciable difference against an NSA level of surveillance, and probably not even against the even more pervasive corporate variety of surveillance. It's probably even true that some of those people didn't take steps at all, and just wish they did or wish they knew what to do. But it is absolutely extraordinary that *750 million people* are disturbed enough about their online privacy that they would represent to a survey taker that they did something about it.