- Privacy by Design
- Privacy Impact Assessments
- Consent Decrees
- Audits (internal and external)
- Regulatory reviews
- Data Processing Documentation
- Database notifications/registrations
- Binding Corporate Rules
- Safe Harbor Compliance programs
Tuesday, November 06, 2012
How can you tell when a politician is lying? His lips move. (Pre-historic joke)
Personal data routinely leaked from Obama and Romney websites
Both the Barack Obama and Mitt Romney campaigns swear that their websites don’t collect personally identifiable information from visitors, but a new report reveals that neither candidate can really back that claim up.
Responding to the New York Times for an article published just this week, representatives from both presidential contenders say no private information that could reveal their website visitors’ identity is offered to third-parties, with the paper even reporting, “both campaigns emphasize that such data collection is ‘anonymous’” since companies use code numbers — not names — to track site visitors. Jonathan Mayer of the Stanford Center for Internet Society didn’t seem convinced, though, and took it upon himself to investigate the truth.
Read more on RT.com
[From the article:
Although the campaigns are largely correct by saying data collected off their sites are never directly linked to a specific person, the alleged anonymity that they swear by hardly protects any identities. While the data is tied to a code number in lieu of a name, the data that is collected could easily be used to find out almost anything about a visitor of the site, Mayer writes.
(Related) Toys & Tools for whoever gets elected. Kind of a fluf piece but interesting how many involve drones...
7 Technologies That Will Make It Easier for the Next President to Hunt and Kill You
Is it still war if we spell it: “e-War?”
U.S. panel labels China largest cyberspace threat, report says
China poses the largest threat in cyberspace, with its hackers increasingly targeting U.S military computers and defense contractors, according to a draft of a Congressional report obtained by Bloomberg.
The report, produced by the U.S.- China Economic and Security Review Commission, found that China's persistence and its advances in hacking activities over the past year poses an increasing threat to information systems and users.
Another example of really bad reporting? It looks like the police suspected Mendoza, went on his property, found the marijuana plants and then set up the cameras to see who came to tend/harvest them. Not stated is why they suspected him or his property.
Court OKs warrantless use of hidden surveillance cameras
Declan McCullagh reports:
Police are allowed in some circumstances to install hidden surveillance cameras on private property without obtaining a search warrant, a federal judge said yesterday.
CNET has learned that U.S. District Judge William Griesbach ruled that it was reasonable for Drug Enforcement Administration agents to enter rural property without permission — and without a warrant — to install multiple “covert digital surveillance cameras” in hopes of uncovering evidence that 30 to 40 marijuana plants were being grown. [Okay, that isn't correct. They had already discovered more than 1000 plants. Bob]
Read more on CNET.
[From the article:
"The Supreme Court has upheld the use of technology as a substitute for ordinary police surveillance," Callahan wrote. [“susbtitute” as in “equal to?” So the Courst would have Okayed a 24/7 police presence? Bob]
Two defendants in the case, Manuel Mendoza and Marco Magana of Green Bay, Wis., have been charged with federal drug crimes after DEA agent Steven Curran claimed to have discovered more than 1,000 marijuana plants grown on the property... [Discovered using the camera or as justification for using the camera? Bob]
Since they broadcast, you have no way to know if or how often someone reads your data.
Smart meters not so clever about privacy, researchers find
Martyn Williams reports:
Researchers at the University of South Carolina have discovered that some types of electricity meter are broadcasting unencrypted information that, with the right software, would enable eavesdroppers to determine whether you’re at home.
The meters, called AMR (automatic meter reading) in the utility industry, are a first-generation smart meter technology and they are installed in one third of American homes and businesses. [Somehow, I doubt that Bob] They are intended to make it easy for utilities to collect meter readings. Instead of requiring access to your home, workers need simply drive or walk by a house with a handheld terminal and the current meter reading can be received.
Read more on Computerworld.
Click through to find inks to other papers as well...
Event: Friday, Nov. 9: Harvard Law Review Symposium on Privacy & Technology
November 6, 2012 by Dissent
Daniel Solove writes:
This Friday, November 9th, I will be introducing and participating in the Harvard Law Review’s symposium on privacy and technology. The symposium is open to the public, and is from 8:30 AM to 4:30 PM at Harvard Law School (Langdell South).
I have posted a draft of my symposium essay on SSRN, where it can be downloaded for free. The essay will be published in the Harvard Law Review in 2013. My essay is entitled Privacy Self-Management and the Consent Paradox, and I discuss what I call the “privacy self-management model,” which is the current regulatory approach for protecting privacy — the law provides people with a set of rights to enable them to decide for themselves about how to weigh the costs and benefits of the collection, use, or disclosure of their data.
For more details on the symposium, including the list of presenters, see Dan’s post on Concurring Opinions.
Take a really smart person and let them think about a topic for several years and you wind up with “words worth listening to.”
Article: Privacy by Design and the Emerging Personal Data Ecosystem
A paper by Ann Cavoukian, PhD, the Information & Privacy Commissioner of Ontario, describes the systems and initiatives driving the Personal Data Ecosystem and how they seek to address the challenge of protecting and promoting privacy, while at the same time, encouraging the socio-economic opportunities and benefits of personal information as a new asset class. The paper features case studies of the Personal Data Vault and platform at Washington-based Personal Inc., and the personal data network belonging to San Francisco-based Respect Network, plus invaluable market data on the emerging PDE provided by Ctrl-Shift of London:
Questions from Google's Privacy lawyer...
The Marketplace of Privacy Compliance Programs
Peter Fleischer writes:
The data protection establishment, worldwide, has been inventing a lot of new privacy compliance programs. All these different, well-intentioned initiatives are meant to serve the same purpose: improve privacy protections. All of them are, or likely will soon be, mandatory for most big companies. I can hardly keep track of all the different initiatives, but here are the ones I have struggled to understand:
Lots of my acquaintances in the privacy field have asked me what I think about all this: Are these programs meant to run independently, even if they overlap and cover the same ground? Does anyone have a clue how much all this will cost? Where do you turn for help to implement these programs? Can one solid privacy compliance program be implemented to meet all of these goals? Clearly, all of us privacy professionals are struggling to understand this.
Read more on Peter Fleischer: Privacy…?
Can you “un-release” documents after everyone on the Internet has made at lest one copy?
ICE Releases Documents Detailing Electronic Surveillance Problems . . . and then Demands Them Back a Year Later
November 6, 2012 by Dissent
Jennifer Lynch writes:
This is a first for us in all of EFF’s history of Freedom of Information Act (FOIA) litigation—Immigrations and Customs Enforcement (ICE) has demanded we return records it gave us more than a year ago. The release of these documents doesn’t endanger national security or create a risk to an ongoing law enforcement investigation. Instead, it seems that ICE simply wants to stymie further FOIA requests from EFF as we try to get answers about the government’s electronic surveillance procedures.
Read more on EFF. I hope that EFF’s amazing lawyers are writing a suitable response incorporating such legalistic phrases as “barn door… horse” and “snowball… hell.”
[From the EFF article:
The problem for ICE is, these records have already been in the public’s hands for over six months—we filed them as an exhibit (pdf) in our FOIA litigation (pdf) in March 2012, and they’re readily available on the PACER docket for the case (or from the Internet Archive).
“We want to tax online sales but we also want to make it impossible to sell online.”
Apple leads legal battle over e-commerce vs. privacy rights in California Supreme Court
Howard Mintz reports:
Parked at the computer and want to use your credit card to buy the latest Lil Wayne song or a cool app on iTunes? Arrange the perfect date on eHarmony? Buy a ticket to a 49ers game on StubHub?
Chances are those online merchants will ask for your personal information to close the deal. And they may just be violating a two-decade-old California law designed to restrict the amount of personal information consumers must provide to make a credit card purchase.
On Wednesday, the California Supreme Court will tackle the unprecedented question of whether that state law applies to online commerce in a legal challenge led by Apple and backed by a host of retailers ranging from Walmart to eBay.
Read more on Mercury News.
For my Crypto geeks...
"Side-channel attacks against cryptography keys have, until now, been limited to physical machines. Researchers have long made accurate determinations about crypto keys by studying anything from variations in power consumption to measuring how long it takes for a computation to complete. A team of researchers from the University of North Carolina, University of Wisconsin, and RSA Security has ramped up the stakes, having proved in controlled conditions (PDF) that it's possible to steal a crypto key from a virtual machine. The implications for sensitive transactions carried out on public cloud infrastructures could be severe should an attacker land his malicious virtual machine on the same physical host as the victim. Research has already been conducted on how to map a cloud infrastructure and identify where a target virtual machine is likely to be."
An interesting way to always win at Hide-and-Seek!
The system consists of a handheld transmitter and tiny receivers that look like something out of a 60s spy movie. The little receivers are about the size of a quarter and are black. To use the system you stick one of the little receivers to whatever it is you tend to lose be it a smartphone, your keys, or your glasses.
For my gaming friends...
EA and DICE have announced something special for fans of the Battlefield franchise. To celebrate the 10-year anniversary of the original Battlefield 1942, EA and DICE are giving away a free PC download the full version of Battlefield 1942. The game is available exclusively on http://store.origin.com/.
We live in a sick, sick world.
Justin Bieber Sex Doll Blows Up at Online Adult Store—See the Pic
… An enterprising adult store now wants to make sure you get every last inch of him.
Naughty Beliebers, behold: the Justin Bieber blow-up sex doll!
Or, rather—cough, cough—it's the "Just-in Beaver Love Doll," which bears an uncanny resemblance to the pop star, minus his trademark tattoos and plus, well, a whole lot more.
… We've reached out to Biebs' camp for comment, but you can bet the product won't stay on shelves for long: It comes from the same folks who created a similar Miley Cyrus-inspired sex doll, which was quickly, ahem, yanked.