The correct question is,
“Who should NOT use encryption technology?”
New
“Surveillance-Proof” App To Secure Communications Has Governments
Nervous
October 18, 2012 by Dissent
Ryan Gallagher reports:
Lately, Mike Janke
has been getting what he calls the “hairy eyeball” from
international government agencies. The 44-year-old former Navy SEAL
commando, together with two of the world’s most renowned
cryptographers, was always bound to ruffle some high-level feathers
with his new project—a surveillance-resistant communications
platform that makes complex encryption so simple your grandma can use
it.
This week, after
more than two years of preparation, the finished product has hit the
market. Named Silent Circle, it is in essence a series of
applications that can be used on a mobile device to encrypt
communications—text messages, plus voice and video calls.
Read more on Slate.
(Related) Here's a small
breach to illustrate my point...
By Dissent,
October 18, 2012
The Maryville Daily Times
reports:
Blount Memorial
Hospital has informed patients of the theft of a hospital laptop
containing registration records of Blount Heart Consultants.
The laptop was
reported stolen from an employee’s home on Aug. 25 and has not yet
been recovered.
Read more on The
Maryville Daily Times. There does not seem to be any notice on
the hospital’s web site at the time of this posting although they
apparently sent out a press release. I’ll update this entry
if/when I find the full release or notice but The Maryville Daily
Times provides details on types of information, etc.
“Some conversation may
be recorded for quality assurance purposes...” Perhaps they will
flash custom ads to their passengers in exchange for free bus
service?
MD:
MTA recording bus conversations to eavesdrop on trouble
October 18, 2012 by Dissent
Candy Thomson reports:
A Maryland Transit
Administration decision to record the conversations of bus drivers
and passengers to investigate crimes, accidents and poor customer
service has come under attack from privacy advocates and state
lawmakers who say it may go too far.
The first 10 buses
— marked with signs to alert passengers to the open microphones —
began service this week in Baltimore, and officials expect to expand
that to 340 buses, about half the fleet, by next summer. Microphones
are incorporated in the video surveillance system that has been in
place for years. [So it's no big deal... Bob]
Read more on The
Baltimore Sun.
Those who do not have security/privacy
policies have a policy of failure – they just don't know it yet.
Canadian
town employee sends financial info to residents via Facebook account?
October 18, 2012 by Dissent
A town employee in La Scie, Canada,
used his personal Facebook email account to send private information
to two individuals, who then filed a privacy complaint over, inter
alia, the insecure method of sending financial information. The
town attempted to justify their action by saying that they had no
other way to contact the residents as they had no phone numbers and…
wait for it… the account was password protected (insert *facepalm*
here).
From the Office of the Information and
Privacy Commissioner of Newfoundland and Labrador:
The Information
and Privacy Commissioner, Ed Ring, has released his Report P-2012-001
under authority of theAccess to Information and Protection of
Privacy Act. A summary of the Report is included below.
To view the Report
in its entirety, please go to www.oipc.nl.ca/privacyreports.htm
Report: P-2012-001
Report Date: September 27, 2012 Public Body: Town of La Scie
Summary: On
January 19, 2012 the Office of the Information and Privacy
Commissioner received a Privacy Complaint under the Access to
Information and Protection of Privacy Act (“ATIPPA”)
filed collectively by two individuals regarding the Town of La Scie
(the “Town”). The Complainants stated that their personal
information had been sent to one of the Complainants by a Town
employee via a private message on a social media website
(“Facebook”). The message was sent using the
employee’s personal Facebook account. The Complainants
alleged that their personal information was not adequately protected
pursuant to section 36; was improperly used pursuant to section 38;
and was improperly disclosed pursuant to section 39.
The Commissioner
found that the disclosure of the Complainants’ personal information
was not contrary to the ATIPPA as the message was sent only
to the Complainants. The Commissioner found that the Facebook
message was a use of the Complainant’s personal information and
that the method by which this use was carried out (i.e. Facebook) did
not meet the limitations set out in section 38(2) or standard of
necessity required by sections 38(1)(a) and 40(b) of the ATIPPA
and, consequently, amounted to an improper use of personal
information. Finally, the Commissioner found that the personal
information had not been adequately protected. The
Commissioner also provided commentary on the use of social media
by public bodies and concluded that outside of community matters,
announcements and notices, social media websites should not be used
by public bodies to collect, use or disclose personal information
regardless of the mechanism of delivery. The Commissioner
recommended that the Town create and implement polices and practices
regarding the use of social media and ensure that privacy training is
provided to all Town employees.
Who'd a thunk it?
Article:
Fear and Loathing at the U.S. Border
October 19, 2012 by Dissent
Janet C. Hoeffel and Stephen Singer
have an article in Mississippi Law Journal, Vol. 82, No. 4, 2013.
Here’s the abstract:
In this paper, we
argue that when technology crosses the border in the form of personal
electronic devices (PEDs), there is a unique confluence of factors
that requires a fresh look at the border search exception.
International travel is now commonplace, or at least relatively
routine, and personal electronic devices are ubiquitous and often
necessary during travel. In this context, combining the Supreme
Court’s refusal to question individual officers’ motives for a
search with current border search law results in government searches
which, we submit, are “unreasonable” under the Fourth Amendment.
We demonstrate how the border search
exception to the Fourth Amendment has never actually gone through a
doctrinal development, and, as such, it is rather
thoughtless. We show how the doctrine should appear if
developed as an administrative search rather than a sui generis
historical exception, and we demonstrate why the doctrine dictates
that motive matters, at least when it comes to PEDs. Finally, we
suggest that a correct Fourth Amendment analysis would allow a
continuance of the suspicionless border searches that everyone
undergoes, but that before a person can be targeted for a more
intrusive, discretionary secondary search or seizure, agents must
have at least reasonable suspicion of criminal activity.
You can download the full article from
SSRN.
So what else is new?
Article:
Why the Right to Data Portability Likely Reduces Consumer Welfare:
Antitrust and Privacy Critique
October 19, 2012 by Dissent
Peter Swire and Yianni Lagos have an
article in a forthcoming issue of Maryland Law Review that
challenges the EU’s draft Data Protection Regulation on the issue
of a right to data portability. Here’s the abstract:
In its draft Data
Protection Regulation, the European Union has announced a major new
economic and human right – the right to data portability (‘RDP’).
The basic idea of the RDP is that an individual
would be able to transfer his or her material from one information
service to another, without hindrance. For instance,
consumers would have a legal right to get an immediate and full
download of their data held by a social network such as Facebook, a
cloud provider, or a smartphone app.
Although the idea
of data portability is appealing, the RDP as defined in Article 18 of
the draft Regulation is unprecedented and problematic. Part I
explains Article 18, whose text appears to require software and
online service providers to create what we call an ‘Export-Import
Module,’ or software code that exports data seamlessly from the
first service to the second service. The requirements would apply
globally, for any entity that sells to an E.U. resident.
Part II critiques
the RDP in light of the teachings of E.U. competition and U.S.
antitrust law. Competition law has long addressed the problems of
lock-in and high switching costs that form a chief justification for
the RDP. The RDP, however, applies to small enterprises, where there
is essentially no risk of lock-in. In contrast to competition law,
the RDP applies to all online services even where there is no market
power and no barrier to entry. Article 18 more generally is in
conflict with the rules in competition law about exclusionary conduct
– it creates a per se prohibition where competition law would apply
a rule of reason approach. Competition law would consider the many
efficiencies that result from a service provider deciding which
functions and formats to include in its products, which undergo rapid
innovation.
Part III shows
that Article 18 also suffers serious difficulties as a matter of
privacy or data protection law. Proponents have claimed the RDP is a
new fundamental human right, aiding the individual’s autonomy for
online activities. No jurisdiction has experimented with anything
resembling the proposed Article 18, however, casting serious doubt on
its status as a new human right. Among other difficulties, Article
18 poses serious risks to a long-established E.U. fundamental right
of data protection, the right to security of a person’s data.
Previous access requests by individuals were limited in scope and
format. By contrast, when an individual’s lifetime of data must be
exported ‘without hindrance,’ then one moment of identity fraud
can turn into a lifetime breach of personal data. Part IV shows that
Article 18 goes far beyond previous legal rules that specifically
address interoperability.
In conclusion, the
novel RDP is justified by the supposed benefits to consumers. As
drafted, however, the RDP likely reduces consumer welfare, as
articulated after long experience in competition law. It also
creates risks to privacy that are not addressed in the current text.
The RDP deserves far more scrutiny before becoming a mandate that
applies globally to software and online services.
You can download the full paper on
SSRN.
For my Computer geeks... (I'm having
touble with the video, but there is a transcript)
Eben Moglen, says
Wikipedia, "is a professor of law and legal history at
Columbia University, and is the founder, Director-Counsel and
Chairman of [the] Software Freedom Law Center, whose client list
includes numerous pro bono clients, such as the Free Software
Foundation." And if that wasn't enough, since 2011 he's been
working with FreedomBox,
a project working toward "a personal server running a free
software operating system, with free applications designed to create
and preserve personal privacy." Prof. Moglen is also one of the
most polished speakers anywhere, on any topic, ever. That's why,
instead of editing this interview Timothy Lord did with him, we
simply cut it in half, removed a little introductory and end
conversation, and let the Professor roll on. The second half of this
interview will run tomorrow. It's at least as worthwhile as the
first half, especially if you are interested in Free
Software.
Once again, the French may
find there are some things they can't control. Once again, that
won't stop them from trying.
"Google
has threatened to exclude French media sites from search results
if France goes ahead with plans to make search engines pay for
content. In a letter sent to several ministerial offices, Google
said such a law 'would threaten its very existence.' French
newspaper publishers have been pushing for the law, saying it
is unfair that Google receives advertising revenue from searches for
news. French Culture Minister Aurelie Filippetti
also favors the idea. She told a parliamentary commission it was 'a
tool that it seems important to me to develop.'"
Perspective And here I
thought we were talking a lot of money...
October 18, 2012
IAB
internet advertising revenue report 2012
IAB
internet advertising revenue report 2012 first six months' results,
October 2012. An industry survey conducted by PwC and sponsored
by the Interactive Advertising Bureau (IAB)
- "Internet advertising revenues (“revenues”) in the United States totaled $17.0 billion for the first six months of 2012, with Q1 2012 accounting for approximately $8.3 billion and Q2 2012 totaling approximately $8.7 billion. Revenues for the first six months of 2012 increased 14% over the first six months of 2011... “This report establishes that marketers increasingly embrace mobile and digital video, as well as the entire panoply of interactive platforms to reach consumers in innovative and creative ways," said Randall Rothenberg, President and CEO, IAB. “These half-year figures come on the heels of a study from Harvard Business School researchers that points to the ad-supported internet ecosystem as a critical driver of the U.S. economy. Clearly, the digital marketing industry is on a positive trajectory that will propel the entire American business landscape forward.” — Randall Rothenberg, President and CEO, IAB
Fight technology with
technology? “Assist law enforcement! Illuminate your plate!”
It enahances the lights that come with the car...
License
Plate Frame Foils Irksome Traffic-Light Cameras
Traffic-light tickets have ticked off a
gazillion drivers, some of whom have had to fork
over $500 for running a light. Now there’s a way for you to
throw a monkey wrench into that money-making machine.
Jonathan Dandrow has developed noPhoto,
which renders the pix snapped by those revenue-generating robo-cams
useless. The technology behind noPhoto is fairly simple. At the top
of the gadget, which doubles as a license plate frame, there’s an
optical flash trigger that detects the flash of the traffic-light
camera. That trigger sets off one or both xenon flashes in the sides
of the noPhoto, so when the traffic-light camera opens its shutter,
there’s too much light and the picture of your license plate is
overexposed. Big Brother can’t read your plate.
“Send Guido! Done deal.
Gimme the $50,000.” Tony Soprano
"It's not clear if the Federal
Trade Commission is throwing up its hands at the problem or just
wants
some new ideas about how to combat it, but the
agency is now offering $50,000 to anyone who can create what it
calls an innovative way to block illegal commercial robocalls on
landlines and mobile phones."
(Related) In New Jersey it's: “Siri,
start dis car and dem two ova dare..”
Siri,
Start My Car
The latest version of Viper’s
SmartStart app also lets you lock and unlock your vehicle directly
from your iPhone 4S or 5
running iOS
6.
The promise of Siri’s
app integration hasn’t been fully realized since Apple updated
iOS last month, but Viper is the first automotive accessory company
to tap Siri’s voice controls on its line of SmartStart products.
For my Ethical Hackers..
When numbers identifying people (like SSAN's) or things have
“meaning” they are much less random and therefore much less
difficult to “hack.”
For my Intro to Computer Security
students (Actually, for scaring the bejesus out of them)
… PrivacyFix is an extension for
Firefox and Chrome that points out settings you’ll want to change
and also helps you stop ad networks from tracking you.
Managing your privacy
online can be a hassle. PrivacyFix won’t completely solve the
problem, but it makes finding key privacy settings for Facebook and
Google trivial. Even more important: it’s incredibly simple to
use. Just follow the step-by-step directions, deciding which privacy
settings do and do not matter to you.
… Head
to PrivacyFix to get started. You’ll need to install an
extension for Chrome or Firefox, depending on your browser of choice.
Sorry, users of other browsers: you’re out of luck for now.
Another in a long line of “there has
to be something better than PowerPoint!” software.
… Presentista is a new way to
create presentations, and it works right from your web browser.
… When you are creating in
Presentista, everything is on one screen. You add your stuff and
create a flow, which are akin to slides. The link in the flow is how
it determines which section to jump to next. It is a really clean,
fluid way to make a presentation.
… Like any presentation, you can
include text and graphics. With Presentista, you can also add
YouTube videos, Google Images and photos from Flickr.
Wisdom from the mouths of
cartoon characters. The Perfect CEO response to eDiscovery!
No comments:
Post a Comment