Gray Hat Hacking, The Ethical Hacker’s Handbook, Third Edition
40
In early 2010, a Gmail user brought a class-action lawsuit against Google and its
new “Google Buzz” service. The plaintiff claimed that Google had intentionally ex-
ceeded its authorization to control private information with Buzz. Google Buzz, a so-
cial networking tool, was met with privacy concerns when it was first launched in
February 2010. The application accessed Gmail users’ contact lists to create “follower”
lists, which were publicly viewable. They were created automatically, without the user’s
permission. After initial criticism, Google changed the automatic way lists were created
and made other changes. It remains to be seen how the lawsuit will affect Google’s lat-
est creation.
Interesting Application of ECPA
Many people understand that as they go from site to site on the Internet, their browsing
and buying habits are being collected and stored as small text files on their hard drives.
These files are called cookies. Suppose you go to a website that uses cookies, looking for
a new pink sweater for your dog because she has put on 20 pounds and outgrown her
old one, and your shopping activities are stored in a cookie on your hard drive. When
you come back to that same website, magically all of the merchant’s pink dog attire is
shown to you because the web server obtained that earlier cookie it placed your system,
which indicated your prior activity on the site, from which the business derives what it
hopes are your preferences. Different websites share this browsing and buying-habit
information with each other. So as you go from site to site you may be overwhelmed
with displays of large, pink sweaters for dogs. It is all about targeting the customer
based on preferences and, through this targeting, promoting purchases. It’s a great ex-
ample of capitalists using new technologies to further traditional business goals.
As it happens, some people did not like this “Big Brother” approach and tried to sue
a company that engaged in this type of data collection. They claimed that the cookies
that were obtained by the company violated the Stored Communications Act, because
it was information stored on their hard drives. They also claimed that this violated the
Wiretap Law because the company intercepted the users’ communication to other web-
sites as browsing was taking place. But the ECPA states that if one of the parties of the
communication authorizes these types of interceptions, then these laws have not been
broken. Since the other website vendors were allowing this specific company to gather
buying and browsing statistics, they were the party that authorized this interception of
data. The use of cookies to target consumer preferences still continues today.
Trigger Effects of Internet Crime
The explosion of the Internet has yielded far too many benefits to list in this writing.
Millions and millions of people now have access to information that years before
seemed unavailable. Commercial organizations, healthcare organizations, nonprofit
organizations, government agencies, and even military organizations publicly disclose
vast amounts of information via websites. In most cases, this continually increasing ac-
cess to information is considered an improvement. However, as the world progresses in
a positive direction, the bad guys are right there keeping up with and exploiting these
same technologies, waiting for the opportunity to pounce on unsuspecting victims.
Greater access to information and more open computer networks and systems have
provided us, as well as the bad guys, with greater resources.
