Group items tagged

More recently, as new technologies have offered more avenues to increase surveillance and data collection, the court has reiterated its position in a number of leading cases against several countries, including France, Romania, Russia and Britain, condemned for having infringed the right to private and family life that in the interpretation of the cour

unnecessary “wide-ranging and particularly serious interference with the fundamental right to respect for private life” and personal data, this court reaffirmed the outstanding place privacy holds in Europe

If European governments and parliaments do not respect fundamental principles and judicial obligations, our lives will become much less private. Our ability to participate effectively in public life is threatened, too, because these measures curtail our freedom of speech and our right to receive information — including that of public interest. Not all whistleblowers have the technical knowledge Mr. Snowden possessed. Many would fear discovery if they communicated with journalists, who in turn would lose valuable sources, jeopardizing their ability to reveal unlawful conduct in both the public and private spheres. Watergates can only happen when whistleblowers feel protected.

First, legislation should limit surveillance and the use of data in a way that strictly respects the right to privacy as spelled out in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, European data protection standards, the case law of the European Court of Human Rights and that of the European Court of Justice. These norms oblige states to respect human rights when they gather and store information relating to our private lives and to protect individuals from unlawful surveillance, including when carried out by foreign agencies.

Third, security agencies must operate under independent scrutiny and judicial review. This will require intrusive oversight powers for parliaments and a judiciary that is involved in the decision-making process to ensure accountability. Countries that have adopted controversial surveillance laws should reconsider or amend them. And those considering new surveillance legislation should do so with great caution.

Ms. Howerton herself can delete the comments under her own YouTube video. On Twitter, some of the accounts that have attacked Ms. Howerton and her family have been suspended; some have not. Twitter makes the determination about what constitutes hate or harassment

Her reaction encourages Danielle Citron, a professor of law at the University of Maryland and the author of “Hate Crimes in Cyberspace,” who notes that the support of the overall online community is key. Anyone who makes a living writing and speaking “can catch the attention of a hate group anytime,” she said, and shouldn’t be expected to shoulder the blame for the attacks. “There is nothing that constitutes a meaningful provocation for something like this,” she said. The more we recognize that, the less destructive these kinds of attacks will be.

It isn’t just the racist attacks that could silence Ms. Howerton, and deter other parents from writing and sharing their family experiences online. It’s the shame and fear that accompanies those attacks — the sense of being judged for putting their children’s images at risk, and the fear that their children will suffer as a result. The racist attacks themselves may be inevitable, but the judgment is not.

With the stories, we’re talking about people. Without them, it’s all abstract. To have a real conversation about race, we need some people willing to stand up and take a bigger risk. To support that conversation, the rest of us need to stand with them.

Behind Mr. Cook’s worry is a separate, perhaps even more immediate threat: the possibility that if Apple were to comply with the court’s order, other governments might follow suit and require Apple to give them access for their own investigative purposes

If Apple refused the request of, say, the Chinese government, it would risk being barred from doing business in China, its second-largest

And then there’s the possibility that if Apple were to build special software for the F.B.I., it could fall into the wrong hands, leading to even greater privacy and safety concerns.

Maybe that means Apple should work with law enforcement to train officials so they have a better ability to rapidly retrieve information legally? (After all, law enforcement had a chance to gain access to the iPhone in question had they taken certain steps early on.) Or maybe the president should create a commission to study the issue, bringing together people from Silicon Valley and law enforcement to create agreed-upon rules of the road. Or, perhaps new legislation is required.

“This has become, ladies and gentlemen, the Wild West of technology,” the Manhattan district attorney, Cyrus R. Vance Jr., said last Thursday, citing at least 175 iPhones that his office cannot gain access to, and arguing that it should be able to do so. “Apple and Google are their own sheriffs. There are no rules.”

Ultimately, it appears that both sides have left little room for compromise. “Tim Cook and lawyer Ted Olson have draped their argument in one of moral absolutism — but there is a hierarchy of moral reasoning they miss,” said Jeffrey Sonnenfeld

if this broader controversy is ever going to be solved for the long term, there has to be an opportunity to reach a consensus in the middle.

“What does it mean to say that ‘business’ has responsibilities?” Mr. Friedman wrote in The New York Times Magazine in 1970. Citing his book “Capitalism and Freedom,” he wrote, “There is one and only one social responsibility of business — to use its resources and engage in activities designed to increase its profits so long as it stays within the rules of the game, which is to say, engages in open and free competition without deception or fraud.”

“That tension should not be resolved by corporations that sell stuff for a living,” he said. “It also should not be resolved by the F.B.I., which investigates for a living. It should be resolved by the American people deciding how we want to govern ourselves in a world we have never seen before.”

Several former Obama administration officials said they believed the president personally leaned, at least slightly, toward the view that technology companies must be allowed to secure personal data if they want to earn the trust of their customers.

But some civil libertarians view Mr. Obama as, at best, a weak supporter of their views and one who has too often been swayed by his national security and law enforcement apparatus.

“The fact that it’s linked to the shootings makes it much more difficult politically,’’ Mr. Bankston said. “But the answer is to highlight that it’s not just about this case. It’s about every encrypted device.”

In a blogpost addressing the rise in zoombombings, the company said: “Like most other public forums, it’s possible to have a person (who may or may not be invited) disrupt an event that’s meant to bring people together.” It offered a list of tips on how to prevent them, such as not posting links on public social media when possible.

That same day an app called Zoom became the third most popular paid app on Apple’s App Store. That Zoom is a £3.99 magnifying glass app. The chat service Zoom is free.

In Toksook Bay, federal grants helped pay for a permanent path to the nearby village of Nightmute, according to Mr. Pitka. “Now people aren’t making their own trails and tearing up the environment with their A.T.V.s.,” he said.

“When a small tribe puts its own money into getting all members to participate and it gets back information that it has a population of zero, it’s certainly not going to be willing to promote the census in the future,” said Norm DeWeaver, a consultant for Native American tribes on data issues.

Census officials have already exempted state population totals from the algorithm’s effects, so congressional apportionment will remain as accurate as possible. Dr. Abowd said that the census plans to increase accuracy for the populations of some small areas, such as reservations, and that the undercount of Native Americans in the test run is “unacceptable.” There is still time to modify the algorithm — the bureau has more than a year before it releases results to the states for redistricting.

The goal of the Census Bureau is to “count everyone once, only once and in the right place.” Trudging through the snow, enumerators in rural Alaska are helping the government reach that standard. But if the bureau uses its privacy algorithm without hearing from small communities like Toksook Bay, it risks undermining their efforts and damaging the census’s reputation for decades to come.

Another study, out of the Sheba Medical Center near Tel Aviv, showed the vaccine to be 98 percent effective among 102 medical workers who had received both shots and suggested that recipients of the double dose are unlikely to become carriers of the virus. “There is definitely reason for optimism,

But Israel’s Weizmann Institute of Science found that a single dose of Pfizer’s vaccine was significantly less effective than had been indicated by the company’s clinical study.

epidemiologists said Israel might be able to achieve 80 percent immunity among its highest-risk groups by February and 95 percent of that population by March.

Netanyahu said Israel could be a “world laboratory for herd immunity.”

“When anti-vaccine citizens of other countries will look at us and say, all right, Israel has vaccinated and then started to have parties, to go back to life, they’ll want in, too. This will have a positive impact for all of humanity.”

The TraceTogether smartphone app and token are used by 78% of the people in Singapore, a country of 5.7 million. Balakrishnan called it "perhaps the most successful contact-tracing program in the world."

He said contact-tracing data have been used once so far, in a murder case, according to The Straits Times.

Eugene Tan, a law professor at Singapore Management University and a former nominated member of Parliament, told The Straits Times that the government's backtracking on privacy assurances undermines trust and credibility. "This damage could undermine its future efforts, given its reiteration that Singapore has only managed to keep COVID-19 under control due to the people's trust in the government's measures," he told the paper.

"You can be tested every time you cross a border. You cannot be vaccinated every time you cross a border," Thomas Crampton, chief marketing and communications officer for The Commons Project, told CNN Business.

Large tech firms are also getting in on the act. IBM (IBM) developed its own app, called Digital Health Pass, which allows companies and venues to customize indicators they would require for entry including coronavirus tests, temperature checks and vaccination records.

Early on in the pandemic, Apple (AAPL) and Google (GOOG) set aside their smartphone rivalry to jointly develop a Bluetooth-based system to notify users if they'd been exposed to someone with Covid-19.

"I think where exposure notification ran into some challenges was more of the piecemeal implementation choices, lack of federal leadership ... where each state had to go it alone and so each state had to figure it out independently," said Jenny Wanger, who leads the exposure notification initiatives for Linux Foundation Public Health, a tech-focused organization helping public health authorities around the world combat Covid-19.

"If we're successful, you should be able to say: I've got a vaccine certificate on my phone that I got when I was vaccinated in one country, with a whole set of its own kind of health management practices... that I use to get on a plane to an entirely different country and then I presented in that new country a vaccination credential so I could go to that concert that was happening indoors for which attendance was limited to those who have demonstrated that they've had the vaccine," said Brian Behlendorf, executive director of Linux Foundation.

A few companies within the Covid-19 Credentials Initiative are also developing a smart card that strikes a middle ground between the traditional paper vaccine certificates and an online version that's easier to store and reproduce.

CommonPass, IBM and the Linux Foundation have all stressed privacy as central to their initiatives. IBM says it allows users to control and consent to the use of their health data and allows them to choose the level of detail they want to provide to authorities.

"Trust and transparency remain paramount when developing a platform like a digital health passport, or any solution that handles sensitive personal information," the company said in a blog post. "Putting privacy first is an important priority for managing and analyzing data in response to these complex times."

"A point of entry — whether that's a border, whether that's a venue — is going to want to know, did you get the Pfizer vaccine, did you get the Russian vaccine, did you get the Chinese vaccine, so they can make a decision accordingly,"

The variance can be wide: the vaccine developed by Chinese state-owned pharmaceutical giant Sinopharm, for example, has an efficacy of 86% against Covid-19, while the vaccines made by Pfizer and Moderna each have an efficacy of around 95%.

It's also unclear how effective the vaccines are in stopping the transmission of the virus, says Dr. Julie Parsonnet, an infectious disease specialist at Stanford University. So while a vaccine passport app will show that you've received the shot, it may not be a guarantee that you safely attend an event or get on a flight.

Still, Behlendorf anticipates that the rollout and adoption of vaccine passports will happen rather quickly once everything falls into place and expects a variety of apps that can work with each other to be "widely available" within the first half of 2021.

In 2018 a different whistleblower outed Facebook for its sketchy collaboration with Cambridge Analytica, a research organisation that allowed users’ data to be collected without their consent and used for political profiling by Donald Trump’s campaign. Facebook’s founder, Mark Zuckerberg, went to Washington, DC to apologise, and in 2019 America’s consumer-protection agency, the Federal Trade Commission, agreed to a $5bn settlement with Facebook. That is the largest fine ever levied against a tech firm.

Congress has repeatedly called in tech bosses for angry questioning and public shaming without taking direct action afterwards.

Senators, who cannot agree on such uncontroversial things as paying for the government’s expenses, united against a common enemy and promised Ms Haugen that they would hold Facebook to account.

Social media’s harmful effects on children and teenagers is a concern that transcends partisanship and is easier to understand than sneaky data-gathering, viral misinformation and other social-networking sins.

If Congress does follow through with legislation, it is likely to focus narrowly on protecting children online, as opposed to broader reforms, for which there is still no political consensus.

Congress could update and strengthen the Children’s Online Privacy Protection Act (COPPA), which was passed in 1998 and bars the collection of data from children under the age of 13.

Other legislative proposals take aim at manipulative marketing and design features that make social media so addictive for the young.

However, Ms Haugen’s most significant impact on big tech may be inspiring others to come forward and blow the whistle on their employers’ malfeasance.

“A case like this one opens the floodgates and will trigger hundreds more cases,” predicts Steve Kohn, a lawyer who has represented several high-profile whistleblowers.

One is the industry’s culture of flouting rules and a history of non-compliance. Another is a legal framework that makes whistleblowing less threatening and more attractive than it used to be.

The Dodd-Frank Act, which was enacted in 2010, gives greater protections to whistleblowers by preventing retaliation from employers and by offering rewards to successful cases of up to 10-30% of the money collected from sanctions against a firm.

If the threat of public shaming encourages corporate accountability, that is a good thing. But it could also make tech firms less inclusive and transparent, predicts Matt Perault, a former Facebook executive who is director of the Centre for Technology Policy at the University of North Carolina at Chapel Hill.

People may become less willing to share off-the-wall ideas if they worry about public leaks; companies may become less open with their staff; and executives could start including only a handful of trusted senior staff in meetings that might have otherwise been less restricted.

Facebook and other big tech firms, which have been criticised for violating people’s privacy online, can no longer count on any privacy either.

“Security and privacy have long been top companywide priorities at Twitter,” said Twitter spokeswoman Rebecca Hahn. She said that Zatko’s allegations appeared to be “riddled with inaccuracies” and that Zatko “now appears to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders.” Hahn said that Twitter fired Zatko after 15 months “for poor performance and leadership.” Attorneys for Zatko confirmed he was fired but denied it was for performance or leadership.

the whistleblower document alleges the company prioritized user growth over reducing spam, though unwanted content made the user experience worse. Executives stood to win individual bonuses of as much as $10 million tied to increases in daily users, the complaint asserts, and nothing explicitly for cutting spam.

Chief executive Parag Agrawal was “lying” when he tweeted in May that the company was “strongly incentivized to detect and remove as much spam as we possibly can,” the complaint alleges.

Zatko described his decision to go public as an extension of his previous work exposing flaws in specific pieces of software and broader systemic failings in cybersecurity. He was hired at Twitter by former CEO Jack Dorsey in late 2020 after a major hack of the company’s systems.

“I felt ethically bound. This is not a light step to take,” said Zatko, who was fired by Agrawal in January. He declined to discuss what happened at Twitter, except to stand by the formal complaint. Under SEC whistleblower rules, he is entitled to legal protection against retaliation, as well as potential monetary rewards.

A person familiar with Zatko’s tenure said the company investigated Zatko’s security claims during his time there and concluded they were sensationalistic and without merit. Four people familiar with Twitter’s efforts to fight spam said the company deploys extensive manual and automated tools to both measure the extent of spam across the service and reduce it.

In 1998, Zatko had testified to Congress that the internet was so fragile that he and others could take it down with a half-hour of concentrated effort. He later served as the head of cyber grants at the Defense Advanced Research Projects Agency, the Pentagon innovation unit that had backed the internet’s invention.

Overall, Zatko wrote in a February analysis for the company attached as an exhibit to the SEC complaint, “Twitter is grossly negligent in several areas of information security. If these problems are not corrected, regulators, media and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics.”

Zatko’s complaint says strong security should have been much more important to Twitter, which holds vast amounts of sensitive personal data about users. Twitter has the email addresses and phone numbers of many public figures, as well as dissidents who communicate over the service at great personal risk.

This month, an ex-Twitter employee was convicted of using his position at the company to spy on Saudi dissidents and government critics, passing their information to a close aide of Crown Prince Mohammed bin Salman in exchange for cash and gifts.

Zatko’s complaint says he believed the Indian government had forced Twitter to put one of its agents on the payroll, with access to user data at a time of intense protests in the country. The complaint said supporting information for that claim has gone to the National Security Division of the Justice Department and the Senate Select Committee on Intelligence. Another person familiar with the matter agreed that the employee was probably an agent.

“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” Charles E. Grassley (R-Iowa), the top Republican on the Senate Judiciary Committee,

Many government leaders and other trusted voices use Twitter to spread important messages quickly, so a hijacked account could drive panic or violence. In 2013, a captured Associated Press handle falsely tweeted about explosions at the White House, sending the Dow Jones industrial average briefly plunging more than 140 points.

After a teenager managed to hijack the verified accounts of Obama, then-candidate Joe Biden, Musk and others in 2020, Twitter’s chief executive at the time, Jack Dorsey, asked Zatko to join him, saying that he could help the world by fixing Twitter’s security and improving the public conversation, Zatko asserts in the complaint.

The complaint — filed last month with the Securities and Exchange Commission and the Department of Justice, as well as the FTC — says thousands of employees still had wide-ranging and poorly tracked internal access to core company software, a situation that for years had led to embarrassing hacks, including the commandeering of accounts held by such high-profile users as Elon Musk and former presidents Barack Obama and Donald Trump.

But at Twitter Zatko encountered problems more widespread than he realized and leadership that didn’t act on his concerns, according to the complaint.

Twitter’s difficulties with weak security stretches back more than a decade before Zatko’s arrival at the company in November 2020. In a pair of 2009 incidents, hackers gained administrative control of the social network, allowing them to reset passwords and access user data. In the first, beginning around January of that year, hackers sent tweets from the accounts of high-profile users, including Fox News and Obama.

Several months later, a hacker was able to guess an employee’s administrative password after gaining access to similar passwords in their personal email account. That hacker was able to reset at least one user’s password and obtain private information about any Twitter user.

Twitter continued to suffer high-profile hacks and security violations, including in 2017, when a contract worker briefly took over Trump’s account, and in the 2020 hack, in which a Florida teen tricked Twitter employees and won access to verified accounts. Twitter then said it put additional safeguards in place.

This year, the Justice Department accused Twitter of asking users for their phone numbers in the name of increased security, then using the numbers for marketing. Twitter agreed to pay a $150 million fine for allegedly breaking the 2011 order, which barred the company from making misrepresentations about the security of personal data.

After Zatko joined the company, he found it had made little progress since the 2011 settlement, the complaint says. The complaint alleges that he was able to reduce the backlog of safety cases, including harassment and threats, from 1 million to 200,000, add staff and push to measure results.

But Zatko saw major gaps in what the company was doing to satisfy its obligations to the FTC, according to the complaint. In Zatko’s interpretation, according to the complaint, the 2011 order required Twitter to implement a Software Development Life Cycle program, a standard process for making sure new code is free of dangerous bugs. The complaint alleges that other employees had been telling the board and the FTC that they were making progress in rolling out that program to Twitter’s systems. But Zatko alleges that he discovered that it had been sent to only a tenth of the company’s projects, and even then treated as optional.

“If all of that is true, I don’t think there’s any doubt that there are order violations,” Vladeck, who is now a Georgetown Law professor, said in an interview. “It is possible that the kinds of problems that Twitter faced eleven years ago are still running through the company.”

“Agrawal’s Tweets and Twitter’s previous blog posts misleadingly imply that Twitter employs proactive, sophisticated systems to measure and block spam bots,” the complaint says. “The reality: mostly outdated, unmonitored, simple scripts plus overworked, inefficient, understaffed, and reactive human teams.”

One current and one former employee recalled that incident, when failures at two Twitter data centers drove concerns that the service could have collapsed for an extended period. “I wondered if the company would exist in a few days,” one of them said.

The current and former employees also agreed with the complaint’s assertion that past reports to various privacy regulators were “misleading at best.”

For example, they said the company implied that it had destroyed all data on users who asked, but the material had spread so widely inside Twitter’s networks, it was impossible to know for sure

As the head of security, Zatko says he also was in charge of a division that investigated users’ complaints about accounts, which meant that he oversaw the removal of some bots, according to the complaint. Spam bots — computer programs that tweet automatically — have long vexed Twitter. Unlike its social media counterparts, Twitter allows users to program bots to be used on its service: For example, the Twitter account @big_ben_clock is programmed to tweet “Bong Bong Bong” every hour in time with Big Ben in London. Twitter also allows people to create accounts without using their real identities, making it harder for the company to distinguish between authentic, duplicate and automated accounts.

In the complaint, Zatko alleges he could not get a straight answer when he sought what he viewed as an important data point: the prevalence of spam and bots across all of Twitter, not just among monetizable users.

Zatko cites a “sensitive source” who said Twitter was afraid to determine that number because it “would harm the image and valuation of the company.” He says the company’s tools for detecting spam are far less robust than implied in various statements.

The complaint also alleges that Zatko warned the board early in his tenure that overlapping outages in the company’s data centers could leave it unable to correctly restart its servers. That could have left the service down for months, or even have caused all of its data to be lost. That came close to happening in 2021, when an “impending catastrophic” crisis threatened the platform’s survival before engineers were able to save the day, the complaint says, without providing further details.

The four people familiar with Twitter’s spam and bot efforts said the engineering and integrity teams run software that samples thousands of tweets per day, and 100 accounts are sampled manually.

Some employees charged with executing the fight agreed that they had been short of staff. One said top executives showed “apathy” toward the issue.

Zatko’s complaint likewise depicts leadership dysfunction, starting with the CEO. Dorsey was largely absent during the pandemic, which made it hard for Zatko to get rulings on who should be in charge of what in areas of overlap and easier for rival executives to avoid collaborating, three current and former employees said.

For example, Zatko would encounter disinformation as part of his mandate to handle complaints, according to the complaint. To that end, he commissioned an outside report that found one of the disinformation teams had unfilled positions, yawning language deficiencies, and a lack of technical tools or the engineers to craft them. The authors said Twitter had no effective means of dealing with consistent spreaders of falsehoods.

Dorsey made little effort to integrate Zatko at the company, according to the three employees as well as two others familiar with the process who spoke on the condition of anonymity to describe sensitive dynamics. In 12 months, Zatko could manage only six one-on-one calls, all less than 30 minutes, with his direct boss Dorsey, who also served as CEO of payments company Square, now known as Block, according to the complaint. Zatko allegedly did almost all of the talking, and Dorsey said perhaps 50 words in the entire year to him. “A couple dozen text messages” rounded out their electronic communication, the complaint alleges.

Faced with such inertia, Zatko asserts that he was unable to solve some of the most serious issues, according to the complaint.

Some 30 percent of company laptops blocked automatic software updates carrying security fixes, and thousands of laptops had complete copies of Twitter’s source code, making them a rich target for hackers, it alleges.

A successful hacker takeover of one of those machines would have been able to sabotage the product with relative ease, because the engineers pushed out changes without being forced to test them first in a simulated environment, current and former employees said.

“It’s near-incredible that for something of that scale there would not be a development test environment separate from production and there would not be a more controlled source-code management process,” said Tony Sager, former chief operating officer at the cyberdefense wing of the National Security Agency, the Information Assurance divisio

Sager is currently senior vice president at the nonprofit Center for Internet Security, where he leads a consensus effort to establish best security practices.

The complaint says that about half of Twitter’s roughly 7,000 full-time employees had wide access to the company’s internal software and that access was not closely monitored, giving them the ability to tap into sensitive data and alter how the service worked. Three current and former employees agreed that these were issues.

“A best practice is that you should only be authorized to see and access what you need to do your job, and nothing else,” said former U.S. chief information security officer Gregory Touhill. “If half the company has access to and can make configuration changes to the production environment, that exposes the company and its customers to significant risk.”

The complaint says Dorsey never encouraged anyone to mislead the board about the shortcomings, but that others deliberately left out bad news.

When Dorsey left in November 2021, a difficult situation worsened under Agrawal, who had been responsible for security decisions as chief technology officer before Zatko’s hiring, the complaint says.

An unnamed executive had prepared a presentation for the new CEO’s first full board meeting, according to the complaint. Zatko’s complaint calls the presentation deeply misleading.

The presentation showed that 92 percent of employee computers had security software installed — without mentioning that those installations determined that a third of the machines were insecure, according to the complaint.

Another graphic implied a downward trend in the number of people with overly broad access, based on the small subset of people who had access to the highest administrative powers, known internally as “God mode.” That number was in the hundreds. But the number of people with broad access to core systems, which Zatko had called out as a big problem after joining, had actually grown slightly and remained in the thousands.

The presentation included only a subset of serious intrusions or other security incidents, from a total Zatko estimated as one per week, and it said that the uncontrolled internal access to core systems was responsible for just 7 percent of incidents, when Zatko calculated the real proportion as 60 percent.

Zatko stopped the material from being presented at the Dec. 9, 2021 meeting, the complaint said. But over his continued objections, Agrawal let it go to the board’s smaller Risk Committee a week later.

Agrawal didn’t respond to requests for comment. In an email to employees after publication of this article, obtained by The Post, he said that privacy and security continues to be a top priority for the company, and he added that the narrative is “riddled with inconsistences” and “presented without important context.”

On Jan. 4, Zatko reported internally that the Risk Committee meeting might have been fraudulent, which triggered an Audit Committee investigation.

Agarwal fired him two weeks later. But Zatko complied with the company’s request to spell out his concerns in writing, even without access to his work email and documents, according to the complaint.

Since Zatko’s departure, Twitter has plunged further into chaos with Musk’s takeover, which the two parties agreed to in May. The stock price has fallen, many employees have quit, and Agrawal has dismissed executives and frozen big projects.

Zatko said he hoped that by bringing new scrutiny and accountability, he could improve the company from the outside.

“I still believe that this is a tremendous platform, and there is huge value and huge risk, and I hope that looking back at this, the world will be a better place, in part because of this.”

The Foreign Intelligence Surveillance Act was adopted in 1978 and amended in 2008, with the addition of new surveillance authority and procedures, which are continued by the bill approved on Friday. The 2008 law was passed after the disclosure that President George W. Bush had authorized eavesdropping inside the United States, to search for evidence of terrorist activity, without the court-approved warrants ordinarily required for domestic spying.

By a vote of 52 to 43, the Senate on Friday rejected a proposal by Mr. Wyden to require the national intelligence director to tell Congress if the government had collected any domestic e-mail or telephone conversations under the surveillance law. The Senate also rejected, 54 to 37, an amendment that would have required disclosure of information about significant decisions by a special federal court that reviews applications for electronic surveillance in foreign intelligence cases.

The No. 2 Senate Democrat, Richard J. Durbin of Illinois, said the surveillance law “does not have adequate checks and balances to protect the constitutional rights of innocent American citizens.” “It is supposed to focus on foreign intelligence,” Mr. Durbin said, “but the reality is that this legislation permits targeting an innocent American in the United States as long as an additional purpose of the surveillance is targeting a person outside the United States.”

Mr. Merkley said the administration should provide at least unclassified summaries of major decisions by the Foreign Intelligence Surveillance Court. “An open and democratic society such as ours should not be governed by secret laws,” Mr. Merkley said, “and judicial interpretations are as much a part of the law as the words that make up our statute.”

Mr. Wyden said these writs reminded him of the “general warrants that so upset the colonists” more than 200 years ago. “The founding fathers could never have envisioned tweeting and Twitter and the Internet,” Mr. Wyden said. “Advances in technology gave government officials the power to invade individual privacy in a host of new ways.”

He advised logging off sites like Google and Facebook as soon as practicably possible and not using the same provider for multiple functions if you can help it. “If you search on Google, maybe you don’t want to use Gmail for your e-mail,”

Another shrouding tactic is to use the search engine DuckDuckGo, which distinguishes itself with a “We do not track or bubble you!” policy. Bubbling is the filtering of search results based on your search history. (Bubbling also means you are less likely to see opposing points of view or be exposed to something fresh and new.)

turn on your browser’s “private mode,” usually found under Preferences, Tools or Settings. When this mode is activated, tracking cookies are deleted once you close your browser, which “essentially wipes clean your history,”

private mode does nothing to conceal your I.P. address, a unique number that identifies your entry or access point to the Internet. So Web sites may not know your browsing history, but they will probably know who you are and where you are as well as when and how long you viewed their pages.

Shielding your I.P. address is possible by connecting to what is called a virtual private network, or V.P.N., such as those offered by WiTopia, PrivateVPN and StrongVPN. These services, whose prices price from $40 to $90 a year, route your data stream to what is called a proxy server, where it is stripped of your I.P. address before it is sent on to its destination. This obscures your identity not only from Web sites but also from your Internet service provider.

there is Tor, a free service with 36 million users that was originally developed to conceal military communications. Tor encrypts your data stream and bounces it through a series of proxy servers so no single entity knows the source of the data or whence it came. The only drawback is that with all that bouncing around, it is very S-L-O-W.

Free browser add-ons that increase privacy and yet will not interrupt your work flow include Ghostery and Do Not Track Plus, which prevent Web sites from relaying information about you and your visit to tracking companies.

“Companies like Google are creating these enormous databases using your personal information,” said Paul Hill, senior consultant with SystemExperts, a network security company in Sudbury, Mass. “They may have the best of intentions now, but who knows what they will look like 20 years from now, and by then it will be too late to take it all back.”

EU citizens have no means of legal recourse against the misuse of their data in the United States, the court said. A bill is currently winding its way through the U.S. Congress to give Europeans the right to legal redress.

ECJ in its ruling referred to revelations from former National Security Agency contractor Edward Snowden, which included that the Prism program allowed U.S. authorities to harvest private information directly from big tech companies such as Apple (AAPL.O), Facebook (FB.O) and Google.

IBM (IBM.N) said it created commercial uncertainty and jeopardized the flow of data across borders.

This growing “publicness,” as it is sometimes called, comes with significant consequences for commerce, for political speech and for ordinary people’s right to privacy. There are efforts by governments and corporations to set up online identity systems.

He posited that because the Internet “can’t be made to forget” images and moments from the past, like an outburst on a train or a kiss during a riot, “the reality of an inescapable public world is an issue we are all going to hear a lot more about.”