For my Ethical Hackers. The market for stolen data is growing and becoming quasi-legitimate. I also see this as authorization to “create” data that includes “evidence” implicating my “enemies” and then claim it can be used because it was stolen. How would you disprove that?

http://www.databreaches.net/?p=15564

Liechtenstein Bank Data May Be Used in Probe, German Court Says

November 30, 2010 by admin

Karin Matussek reports:

Stolen Liechtenstein bank account data may be used to by prosecutors justify a search warrant in a criminal probe, Germany’s top constitutional court ruled.

Data which may have been stolen from a Liechtenstein bank and later sold to German authorities can be used by a judge when authorizing prosecutors to raid homes as part of a probe into tax evasion, the Karlsruhe-based court said in an e-mailed statement today.

Read more on Bloomberg Businessweek

Wait... Isn't the guy in the White House a Harvard law Alum? Is this the Academic equivalent of “un-friending” the president?

http://www.pogowasright.org/?p=17837

Harvard Law Students Sue TSA

December 1, 2010 by Dissent

Jenny Paul and Joey Seiler report:

Two Harvard Law students have filed a federal lawsuit against the Transportation Security Administration that claims the use of “nude body scanners” and new enhanced pat-down techniques at airport security checkpoints are unconstitutional.

Jeffrey Redfern ’12 and Anant Pradhan ’12 filed the lawsuit Monday in the District Court of Massachusetts. The complaint names Secretary of Homeland Security Janet Napolitano and TSA Administrator John Pistole as defendants. Beginning in March 2010, the TSA deployed 450 full-body scanners in airports throughout the country. Boston’s Logan International Airport has 17 of the full-body scanners at issue in the lawsuit, according to the TSA’s website.

The lawsuit claims the mandatory screening techniques violate the students’ Fourth Amendment right against unreasonable search and seizure. The suit seeks a permanent injunction against the use of either screening method without reasonable suspicion or probable cause and a declaratory judgment stating that mandatory screening using these techniques is unconstitutional where probable cause or reasonable suspicion do not exist.

Read more on Harvard Law Record.

Worth reading at the DataBreaches site.

http://www.databreaches.net/?p=15579

Data Breach Investigation | Due Process of Law

November 30, 2010 by admin

The following is cross-posted from PHIprivacy.net:

In September, I posted an excerpt from a thought-provoking commentary by attorney Benjamin Wright. In discussing a fine levied against Lucile Salter Packard Hospital for late notification under California’s breach notification law, he had written, in part:

The California Legislature made clear it wants notices to be issued quickly. However, the law should not be interpreted to require rash decision-making. If the law is interpreted as a hair-trigger requirement for notices before a competent investigation can be concluded, then I question the constitutionality of the law. That interpretation would render the law arbitrary, capricious, unreasonable, in conflict with the need for due process under the US Constitution.

At the time, I had a number of questions about his analysis and commentary, and I’m delighted to say that Ben recently got in touch with me and offered to expand on his previous article. The following, then, is a guest article and commentary by Benjamin Wright:

Would the list of “Do Not Track” opt-outers be available to anyone other than the Behavioral Advertising trackers? Like Homeland Security (they must be terrorists) or my Insurance company (He's got something to hide)

http://www.pogowasright.org/?p=17821

FTC to discuss Privacy report and “Do Not Track”

December 1, 2010 by Dissent

FTC Bureau of Consumer Protection Director David Vladeck will discuss a soon-to-be-released FTC report on online privacy and establishing an online “Do Not Track Me” list at a conference convened by Consumer Watchdog Wednesday at the National Press Club.

Vladeck will offer an 8:45 a.m. keynote speech about the FTC’s much anticipated report, which is expected to be released in advance of Thursday hearing on “Do Not Track Me” legislation in the House of Representatives. You can view the event online on Consumer Watchdog’s site.

(Related) “If rape is inevitable, one should relax and enjoy it” Raul Manglapus Oh, really?

http://www.phiprivacy.net/?p=5120

Will any loss of privacy from digitizing health care will be more than compensated for by the welfare gains from increased efficiency?

By Dissent, November 30, 2010

Over on The Economist, you can read a point/counterpoint between Peter Neupert and Dr. Deborah Peel on:

This house believes that any loss of privacy from digitising health care will be more than compensated for by the welfare gains from increased efficiency.

Cast your vote and/or join the debate there!

(Related) I'll keep an eye peeled for this one.

http://www.pogowasright.org/?p=17828

Privacy victory as Firefox plots system to stop firms tracking what you look at online

December 1, 2010 by Dissent

Daniel Bates reports:

The makers of the web-browser Firefox are working on a system which will allow Internet users to stop themselves from being tracked on-line.

Mozilla wants to build a mechanism which will allow people to opt out of companies secretly monitoring which websites they visit, currently a common practice.

Internet giants like Google and Facebook use such information to sell targeted adverts and make money without ever asking the consent of the user.

Read more in the Daily Mail

No choice, no opt-out – no problem?

http://games.slashdot.org/story/10/12/01/067248/Apples-Game-Center-Shares-Your-Real-Name?from=rss

Apple's Game Center Shares Your Real Name

"Apple's Game Center has just made itself a few enemies through a simple change to their Terms of Service. Now, whenever you send a friend invitation, your real name will be attached as well as your Apple ID."

Apparently they didn't learn from the poor reaction to Blizzard's similar idea.

Why wait for a relationship when you can gather data without it?

http://yro.slashdot.org/story/10/11/30/1734249/Facebooks-Like-This-Button-Is-Tracking-You?from=rss

Facebook's 'Like This' Button Is Tracking You

Stoobalou submitted a story about some of the most obvious research I've seen in a while ...

"A researcher from a Dutch university is warning that Facebook's 'Like This' button is watching your every move. Arnold Roosendaal, who is a doctoral candidate at the Tilburg University for Law, Technology and Society, warns that Facebook is tracking and tracing everyone, whether they use the social networking site or not. Roosendaal says that Facebook's tentacles reach way beyond the confines of its own web sites and subscriber base because more and more third party sites are using the 'Like This' button and Facebook Connect."

[From the article:

But data about the user is sent to Facebook regardless of whether the Like button is actually activated.

… What becomes really scary is realising how Facebook can track your movements even if you haven't signed up to its fake-friend collection service for lonely teens and sad divorcees.

… "When a user does not have a Facebook account, there is no cookie and no user ID available. In this case, an HTTP GET request for the 'Like' button doesn't issue a cookie.

"However, when a site is visited which includes Facebook Connect, this application issues a cookie. From that moment on, visits to other websites which display the 'Like' button result in a request for the Like button from the Facebook server including the cookie."

Which means Facebook has swiped another batch of valuable data without asking for permission.

… "Every site that includes some kind of Facebook content will initiate an interaction with the Facebook servers, disclosing information about the visited web site together with the cookie."

[The paper: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1717563

Perhaps NOW you want to drop Facebook?

http://www.makeuseof.com/tag/properly-close-facebook-account/

How To Properly Close Your Facebook Account

The best approach or at least a better approach?

http://www.pogowasright.org/?p=17819

Article: Fourth Amendment Pragmatism

December 1, 2010 by Dissent

Daniel Solove writes that he has uploaded the final published version of his article, Fourth Amendment Pragmatism, 51 B.C. L. Rev. 1511 (2010) to SSRN. Here’s the abstract:

In this essay, Professor Solove argues that the Fourth Amendment reasonable expectation of privacy test should be abandoned. Instead of engaging in a fruitless game of determining whether privacy is invaded, the United States Supreme Court should adopt a more pragmatic approach to the Fourth Amendment and directly face the issue of how to regulate government information gathering. There are two central questions in Fourth Amendment analysis: (1) The Coverage Question – Does the Fourth Amendment provide protection against a particular form of government information gathering? and (2) The Procedure Question – How should the Fourth Amendment regulate this form of government information gathering? The Coverage Question should be easy to answer: The Fourth Amendment should regulate whenever government information gathering creates problems of reasonable significance. Such a scope of coverage would be broad, and the attention wasted on the Coverage Question would be shifted to the Procedure Question. This pragmatic approach to the Fourth Amendment is consistent with its text and will make Fourth Amendment law coherent and comprehensive.

The earlier version of Dan’s essay had generated a lot of discussion and response several months ago, and I look forward to reading the final version.