This will be interesting. If it
actually happens, I'll work up a “What to look for” guide for my
students and scare the bejessus out of them.
Finally
You'll Get To See The Secret Consumer Dossier They Have On You
For the first time ever, the big daddy
of all data brokers is nearly ready to show consumers their intimate
personal dossiers, a move aimed at staving off public fears of Big
Brother and government regulation.
… What exactly does Acxiom know
about you? Their files record where you live and who else lives
there, your phone numbers, often including cell, general financial
situation and interests. Your file might include race, ethnicity,
religious affiliation, education, political affiliation and
occupation. They might list what credit cards you use, as well as
some health topics of interest to you such as diabetes or arthritis.
… The company has information on
nearly one billion online users and matches 90 percent of all U.S.
social profiles, CEO Scott Howe told investors last month.
… Acxiom had hoped to start letting
individuals see their consumer files by mid summer but has run into
delays. “It’s enormously difficult to do this,” said Suther,
who has overseen the company’s global marketing, strategy and
business development activities. “The reason for it is that all
the systems that have been built up over the years have been built up
with an eye for serving marketers, and marketers are not coming to
Acxiom saying, gee, can you please give me this individual record
about Adam Tanner. It’s not affordable, they are not interested.
What they are interested in is doing that en mass so the systems have
been built over the years to accomplish that.”
Each new generation of technology
(perhaps even “generations” that exist only in the minds of the
Marketing Dept.) MUST address the same secutity issues as all
previous generations, but typically start life with no security
whatsoever.
Rethinking
Security for the Internet of Things
… The growing Internet of Things —
the connection of physical devices to the internet — will rapidly
expand the number of connected devices integrated into our everyday
lives. From connected cars, iPhone-controlled locks (versions of
which here,
here,
and here are in or close
to production), to the hypothetical "smart fridge" that
will one day order milk for me when I've run out, these technologies
bring with them the promise of energy efficiency, convenience, and
flexibility.
… As consumer demand for connected
devices increases (and projections from Cisco and others suggest that
there will be 50 billion connected devices by 2020), traditional
manufacturers will, en masse, become manufacturers of connected
devices. As these devices become subject to the same cyber threats
with which software developers have long been familiar, companies
will need to take steps to integrate security considerations into
their designs and design processes right from the start.
No need to “forget” anything,
ever...
Google cannot be
obliged to delete sensitive information from its search index, a key
adviser to the European Court of Justice has said.
It follows a
Spanish case which challenged Google to remove outdated financial
details about an individual.
The opinion of
advocate general Niilo Jaaskinen could influence a wider EU debate
over whether people have “the right to be forgotten”.
Read more of this story on BBC.
Interesting. Better than it was, but
no where near what it should be?
… In physical searches, if the
government comes across evidence unrelated to the search it is
lawfully conducting, the government can seize that evidence as long
as its incriminating nature is immediately apparent. I have argued
that this rule is troublesome in the context of digital searches
because everything comes into plain view in computer
searches. A computer warrant for anything
becomes a warrant for everything,
making every computer warrant a general warrant in practice. To
counter that dynamic, I have argued that the plain view exception
should not apply to digital searches. See Orin
Kerr, Searches and Seizures in a Digital World, 119 Harv. L.
Rev. 531 (2005).
The Fourth Circuit rejected that
argument in United
States v. Williams, 592 F.3d 511 (4th Cir. 2010), where it
held that the plain view exception should apply in the same way to
digital searches as it applies to physical searches. As I understand
the Fourth Circuit’s view, the government can look for anything on
a hard drive if it has a warrant and keep anything that comes up.
Opening any file is permitted because it might contain
evidence in the warrant, and all evidence can be used because it has
come into plain view under the traditional plain view test.
… I was very interested to see the
Second Circuit’s decision today in United
States v. Galpin. First, the opinion agrees that the scope
of computer searches raises special problems:
… After ruling that the warrant in
that case was in valid and remanding for further proceedings, the
Second Circuit offered the district court guidance on how to apply
the plain view exception on remand:
… It’s hard to know exactly what
to make of this language. But if we take it seriously, the Second
Circuit appears to be saying that there is some sort of heightened
standard for when an agent is allowed to conduct a search through a
computer. Some of the words suggest at least a subjective test (thus
the focus on whether the “search was even directed” at the
evidence), which is what the Tenth Circuit adopted in United
States v. Carey, 172 F.3d 1268, 1273 (10th Cir. 1999). Other
parts of the passage suggest some sort of heightened scrutiny beyond
subjective intent. Parts suggest a necessity test: Would a proper
search have “necessitated” the opening of a particular file? And
other parts of the passage suggest a “possible evidentiary
connection” test, which I gather would be ess strict than a
necessity test.
Any attempt is welcome.
From the Executive Summary of this new
white paper:
… According to
a 2011 World Health Organization report, governments cite issues
related to data privacy and security and the protection of individual
health information as two of the top barriers to the expansion of
mHealth.
… The results
of this review show that the world of privacy law is roughly divided
into three major camps: (1) omnibus data protection regulation in
the style of the European laws that regulate all personal information
equally; (2) U.S.-style sectoral privacy laws that address specific
privacy issues arising in certain industries and business sectors, so
that only certain types of personal information are regulated; and
(3) the constitutional approach, whereby certain types of personal
information are considered private and inviolate from a basic human
rights perspective but no specific privacy regulation is in place
otherwise.
Read the report here
(pdf).
No comments:
Post a Comment