Friday, June 28, 2013

Who decides what to disclose?
Jam Kotenko reports:
When Facebook came clean about a recent security bug that caused the exposure of 6 million users’ personal information to their contacts, they softened the blow by saying that the effect of the bug was probably minimal, since the people who likely received their friends’ data could have already had access to the contact info in the first place. Facebook users were outraged nonetheless, and it turns out they had reason to be: According to Sophos, the Facebook info leak is actually much worse than we were told and that the researchers who initially discovered the existence of shadow profiles are saying that the numbers don’t match up.
Read more on Digital Trends.
[From the article:
In one case, they stated 1 additional email address was disclosed, though 4 pieces of data were actually disclosed. For another individual, they only told him about 3 out of 7 pieces of data disclosed. It would seem clear that they did not enumerate through the datasets to get an accurate total of the disclosure.
Facebook claimed that information went unreported because they could not confirm it belonged to a given user. Facebook used its own discretion when notifying users of what data was disclosed, but there was apparently no discretion used by the ‘bug’ when it compiled your data. It does not appear that they will take any extra steps at this point to explain the real magnitude of the exposure and we suspect the numbers are much higher.


More articles, but less shocking.
Glenn Greenwald and Spencer Ackerman disclose more from files leaked by whistleblower Edward Snowden:
The Obama administration for more than two years permitted the National Security Agency to continue collecting vast amounts of records detailing the email and internet usage of Americans, according to secret documents obtained by the Guardian.
The documents indicate that under the program, launched in 2001, a federal judge sitting on the secret surveillance panel called the Fisa court would approve a bulk collection order for internet metadata ”every 90 days”. A senior administration official confirmed the program, stating that it ended in 2011.
The collection of these records began under the Bush administration’s wide-ranging warrantless surveillance program, collectively known by the NSA codename Stellar Wind.
Read more on The Guardian.
And see their other report, “How the NSA is still harvesting your online data.”
[Interesting language in the order:
"communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States".
[I would take that to mean that if I couldn't see (didn't have a copy of) their birth certificate, it was okay to listen in... Bob]


Well, it's a start.
Casey Seller reports:
The state Court of Appeals has decided that the attachment of a GPS device on the personal vehicle of Michael Cunningham, a Department of Labor employee suspected of padding his time reports, was “unreasonable” in its scope. The use of the GPS device in the state Inspector General’s probe, the court concludes, crossed a line when it extended beyond the workday, when Cunningham used his car for official business.
While the decision to reverse a lower court’s action was unanimous, the judges split 4-3 on the question of whether the state could use such a device to track an employee during work hours.
Read more on Capitol Confidential.
Update: Orin Kerr comments on the decision on The Volokh Conspiracy.


Sound bites. Fluff. This is addressing the collected data rather than the collection (or collectors) of data. See the article on PII below.
Commissioner Julie Brill’s keynote speech at CFP yesterday is well worth reading. Here’s a small part of it where she addresses ideas apart from legislation:
I would suggest we need a comprehensive initiative – one I am calling “Reclaim Your Name.” Reclaim Your Name would give consumers the knowledge and the technological tools to reassert some control over their personal data – to be the ones to decide how much to share, with whom, and for what purpose – to reclaim their names.
Reclaim Your Name would empower the consumer to find out how brokers are collecting and using data; give her access to information that data brokers have amassed about her; allow her to opt-out if she learns a data broker is selling her information for marketing purposes; [Probably not possible unless this “opt-out” turns off all of the “opt-in” switches, Internet wide. Bob] and provide her the opportunity to correct errors in information used for substantive decisions – like credit, insurance, employment, and other benefits.

(Related) ...and mostly in her mind?
Kate Kaye writes that marketers were caught off-guard by FTC Commissioner Julie Brill’s “Reclaim Your Name” initiative, described in her keynote address as CFP this week:
The Direct Marketing Association was caught off guard by Commissioner Brill’s announcement. “DMA has been in discussion with Commissioner Brill regarding ways to increase transparency in the ‘data broker’ industry, but was surprised to see her announcement of this new initiative,” said Rachel Thomas, VP of government affairs at DMA. “The FTC’s Section 6B inquiry into ‘data brokers’ is still ongoing, and the Commission has yet to articulate a specific problem that would justify a call for congressional action in this area,” she continued in an emailed statement.
Ms. Brill indicated that the FTC believes mobile device IDs are personally-identifiable. Many of the companies using device IDs to track in-store shopping behavior and other location-based interactions hold that they are not. “Information linked to specific devices is, for all intents and purposes, linked to individuals,” she said.
Read more on Ad Age.


Again, collections vs collecting.
Daniel Solove and Paul Schwartz write:
We recently released a draft of our new essay, Reconciling Personal Information in the European Union and the United States, and we want to highlight some of its main points here.
The privacy law of the United States (US) and European Union (EU) differs in many fundamental ways, greatly complicating commerce between the US and EU. At the broadest level, US privacy law focuses on redressing consumer harm and balancing privacy with efficient commercial transactions. In the EU, privacy is hailed as a fundamental right that trumps other interests. The result is that EU privacy protections are much more restrictive on the use and transfer of personal data than US privacy law.
Numerous attempts have been made to bridge the gap between US and EU privacy law, but a very large initial hurdle stands in the way. The two bodies of law can’t even agree on the scope of protection let alone the substance of the protections. The scope of protection of privacy laws turns on the definition of “personally identifiable information” (PII). If there is PII, privacy laws apply. If PII is absent, privacy laws do not apply.
Read more on LinkedIn. [Interesting choice of forum Bob]


I note that the Privacy Foundation is not listed. That's a pretty significant omission.
New on LLRX – Privacy Resources and Sites on the Internet 2013
Via LLRX.com - Privacy Resources and Sites on the Internet 2013 - - Marcus P. Zilman’s guide is a comprehensive, timely and actionable resource inclusive of a wide range of privacy resources for individuals as well as organizations. His guide includes references to associations, indexes, search engines as and topical websites and sources that provide current applications, information and resources on the salient topic of privacy and how it relates to your use of the internet and social media.


It must be Audio week at MakeUseOF...
Audacity can be a fantastic audio recording and editing tool, especially because of its cross platform and open source nature. For example, you can make your own home music recordings with Audacity or use Audacity in ten other creative uses that you may not have thought of.
… here are four recommended tools you can use that are free and completely compatible with each other.
And even if these three don’t meet your needs somehow, there are still plenty of others available such as these 6 suggested Audacity alternatives, especially if you use a Mac.

(Related)
Format Factory promises to convert anything at all to any other format.
Not only does it work, but it’s free.


The world of IT is changing...
IT in the Cloud Era
An interview with Aaron Levie, cofounder and CEO of Box. Follow him on Twitter at @levie.


There are markets and there are black markets... The Internet enables them all.
Inside Atlantis, The New Amazon For Illegal Things
… Atlantis, which is accessible through the anonymity-enabling Tor network, lists among its product categories Drug, Forgeries, Money, and Lab Supplies.


For my students
CRS – Financial Aid for Students: Online Resources
Financial Aid for Students: Online Resources, Laura L. Monagle, Information Research Specialist, June 17, 2013
This report identifies various online sources for planning and acquiring funds for postsecondary education. Students themselves are often in the best position to determine which aid programs they may qualify for and which best meet their needs. This list includes both general and comprehensive sources, as well as those targeted toward specific types of aid and circumstances (e.g., non-need-based scholarships; female and minority students; students studying abroad; or veterans, military personnel, and their dependents). The selection of a resource for inclusion in this report is based upon a multitude of criteria, including long-standing history in publishing print guides on financial aid and other college information guides (e.g., College Board, Peterson’s, Princeton Review, Reference Service Press) and information on selected topics (e.g., specialized educational disciplines or students). The references in this report are examples, not an all-inclusive list, of resources to consult.”


For my students who complain my tests are “too hard.” This is similar to what I saw in Japan.
The IIT Entrance Exam
The admissions test for the Indian Institutes of Technology, known as the Joint Entrance Examination or JEE, may be the most competitive test in the world. In 2012, half a million Indian high school students sat for the JEE. Over six grueling hours of chemistry, physics, and math questions, the students competed for one of ten thousand spots at India’s most prestigious engineering universities.
When the students finish the exam, it is the end of a two plus year process. Nearly every student has spent four hours a day studying advanced science topics not taught at school, often waking up earlier than four in the morning to attend coaching classes before school starts.
… Government subsidies make it possible for any admitted student to attend IIT. [Would be nice if the US did the same. Bob]

No comments: