Wednesday, June 26, 2013

This will be interesting. If it actually happens, I'll work up a “What to look for” guide for my students and scare the bejessus out of them.
Finally You'll Get To See The Secret Consumer Dossier They Have On You
For the first time ever, the big daddy of all data brokers is nearly ready to show consumers their intimate personal dossiers, a move aimed at staving off public fears of Big Brother and government regulation.
… What exactly does Acxiom know about you? Their files record where you live and who else lives there, your phone numbers, often including cell, general financial situation and interests. Your file might include race, ethnicity, religious affiliation, education, political affiliation and occupation. They might list what credit cards you use, as well as some health topics of interest to you such as diabetes or arthritis.
… The company has information on nearly one billion online users and matches 90 percent of all U.S. social profiles, CEO Scott Howe told investors last month.
… Acxiom had hoped to start letting individuals see their consumer files by mid summer but has run into delays. “It’s enormously difficult to do this,” said Suther, who has overseen the company’s global marketing, strategy and business development activities. “The reason for it is that all the systems that have been built up over the years have been built up with an eye for serving marketers, and marketers are not coming to Acxiom saying, gee, can you please give me this individual record about Adam Tanner. It’s not affordable, they are not interested. What they are interested in is doing that en mass so the systems have been built over the years to accomplish that.”

Each new generation of technology (perhaps even “generations” that exist only in the minds of the Marketing Dept.) MUST address the same secutity issues as all previous generations, but typically start life with no security whatsoever.
Rethinking Security for the Internet of Things
… The growing Internet of Things — the connection of physical devices to the internet — will rapidly expand the number of connected devices integrated into our everyday lives. From connected cars, iPhone-controlled locks (versions of which here, here, and here are in or close to production), to the hypothetical "smart fridge" that will one day order milk for me when I've run out, these technologies bring with them the promise of energy efficiency, convenience, and flexibility.
… As consumer demand for connected devices increases (and projections from Cisco and others suggest that there will be 50 billion connected devices by 2020), traditional manufacturers will, en masse, become manufacturers of connected devices. As these devices become subject to the same cyber threats with which software developers have long been familiar, companies will need to take steps to integrate security considerations into their designs and design processes right from the start.

No need to “forget” anything, ever...
Google cannot be obliged to delete sensitive information from its search index, a key adviser to the European Court of Justice has said.
It follows a Spanish case which challenged Google to remove outdated financial details about an individual.
The opinion of advocate general Niilo Jaaskinen could influence a wider EU debate over whether people have “the right to be forgotten”.
Read more of this story on BBC.

Interesting. Better than it was, but no where near what it should be?
… In physical searches, if the government comes across evidence unrelated to the search it is lawfully conducting, the government can seize that evidence as long as its incriminating nature is immediately apparent. I have argued that this rule is troublesome in the context of digital searches because everything comes into plain view in computer searches. A computer warrant for anything becomes a warrant for everything, making every computer warrant a general warrant in practice. To counter that dynamic, I have argued that the plain view exception should not apply to digital searches. See Orin Kerr, Searches and Seizures in a Digital World, 119 Harv. L. Rev. 531 (2005).
The Fourth Circuit rejected that argument in United States v. Williams, 592 F.3d 511 (4th Cir. 2010), where it held that the plain view exception should apply in the same way to digital searches as it applies to physical searches. As I understand the Fourth Circuit’s view, the government can look for anything on a hard drive if it has a warrant and keep anything that comes up. Opening any file is permitted because it might contain evidence in the warrant, and all evidence can be used because it has come into plain view under the traditional plain view test.
… I was very interested to see the Second Circuit’s decision today in United States v. Galpin. First, the opinion agrees that the scope of computer searches raises special problems:
… After ruling that the warrant in that case was in valid and remanding for further proceedings, the Second Circuit offered the district court guidance on how to apply the plain view exception on remand:
… It’s hard to know exactly what to make of this language. But if we take it seriously, the Second Circuit appears to be saying that there is some sort of heightened standard for when an agent is allowed to conduct a search through a computer. Some of the words suggest at least a subjective test (thus the focus on whether the “search was even directed” at the evidence), which is what the Tenth Circuit adopted in United States v. Carey, 172 F.3d 1268, 1273 (10th Cir. 1999). Other parts of the passage suggest some sort of heightened scrutiny beyond subjective intent. Parts suggest a necessity test: Would a proper search have “necessitated” the opening of a particular file? And other parts of the passage suggest a “possible evidentiary connection” test, which I gather would be ess strict than a necessity test.

Any attempt is welcome.
From the Executive Summary of this new white paper:
… According to a 2011 World Health Organization report, governments cite issues related to data privacy and security and the protection of individual health information as two of the top barriers to the expansion of mHealth.
… The results of this review show that the world of privacy law is roughly divided into three major camps: (1) omnibus data protection regulation in the style of the European laws that regulate all personal information equally; (2) U.S.-style sectoral privacy laws that address specific privacy issues arising in certain industries and business sectors, so that only certain types of personal information are regulated; and (3) the constitutional approach, whereby certain types of personal information are considered private and inviolate from a basic human rights perspective but no specific privacy regulation is in place otherwise.
Read the report here (pdf).

No comments: