Saturday, November 16, 2013
When I say, repeatedly, that Intelligence services target everything, did you think I was talking only about the NSA? Perhaps if I say, “Everyone wants to know Everything about Everyone,” you'll get the picture. (This is not only logical, it should be obvious.)
The Department of Energy hack noted previously on this blog may be part of a larger and longer campaign against government agencies by members of Anonymous who exploited an Adobe vulnerability. At least that’s what an FBI memo seen by Reuters seems to suggest:
The hackers exploited a flaw in Adobe Systems Inc’s software to launch a rash of electronic break-ins that began last December, then left “back doors” to return to many of the machines as recently as last month, the Federal Bureau of Investigation said in a memo seen by Reuters.
The memo, distributed on Thursday, described the attacks as “a widespread problem that should be addressed.” It said the breach affected the U.S. Army, Department of Energy, Department of Health and Human Services, and perhaps many more agencies.
Read more on Reuters.
(Related) Increasingly, “everyone” includes parents, girlfriends, and employers.
Tracked Since Birth: The Rise Of Extreme Baby Monitoring
Think of it as knowing you visited certain pages on site vs. knowing everything you did on that site.
Richard Feloni reports:
Google, Microsoft, Apple, and Facebook all have their own tracking systems that may signal impending doom for the traditional cookie. First-party tracking can provide advertisers with much more accurate results than cookies, due to the access these companies have to user data.
Online radio service Pandora recently adopted its own cookie replacement, and it has been pitching its data to ad exchanges for the past few weeks, according to AdAge.
When a user registers for a Pandora account, the (sic) provides his or her age, gender, and zip code. The Internet radio company plans to go through its data and develop demographics it believes advertisers will find more attractive than the imperfect browsing habits collected by cookies.
Pandora has 70 million active users, which places it far ahead of rookie competitor iTunes Radio.
Read more on Business Insider.
Taking photos (or recording video) in public is not the issue. Posting those photos on a website is not an issue. Suggesting that something bad (like Tony Soprano will pay you a visit) will happen to you if your photo is on that website IS an issue.
The Canadian Press reports:
The Supreme Court of Canada on Friday struck down Alberta’s privacy law as unconstitutional in a case where a union photographed and videotaped people crossing a picket line during a long strike.
The United Food and Commercial Workers local representing employees at the Palace Casino at West Edmonton Mall was involved in a 305-day strike in 2006.
The union posted signs near the picket line saying images of people crossing the line might be posted on a website.
Read more on GlobalPost.
One of my Computer Security students was ranting about this just last week. Anyone want to mine that rant for legislative tips?
From the highlights of a GAO report issued in September and just posted today on GAO’s site:
No overarching federal privacy law governs the collection and sale of personal information among private-sector companies, including information resellers. Instead, a variety of laws tailored to specific purposes, situations, or entities governs the use, sharing, and protection of personal information. For example, the Fair Credit Reporting Act limits the use and distribution of personal information collected or used to help determine eligibility for such things as credit or employment, but does not apply to information used for marketing. Other laws apply specifically to health care providers, financial institutions, videotape service providers, or to the online collection of information about children.
The current statutory framework for consumer privacy does not fully address new technologies–such as the tracking of online behavior or mobile devices–and the vastly increased marketplace for personal information, including the proliferation of information sharing among third parties. With regard to data used for marketing, no federal statute provides consumers the right to learn what information is held about them and who holds it. In many circumstances, consumers also do not have the legal right to control the collection or sharing with third parties of sensitive personal information (such as their shopping habits and health interests) for marketing purposes. As a result, although some industry participants have stated that current privacy laws are adequate–particularly in light of self-regulatory measures under way–GAO found that gaps exist in the current statutory framework for privacy. And that the framework does not fully reflect the Fair Information Practice Principles, widely accepted principles for protecting the privacy and security of personal information that have served as a basis for many of the privacy recommendations federal agencies have made.
Views differ on the approach that any new privacy legislation or regulation should take. Some privacy advocates generally have argued that a comprehensive overarching privacy law would provide greater consistency and address gaps in law left by the current sector-specific approach. Other stakeholders have stated that a comprehensive, one-size-fits-all approach to privacy would be burdensome and inflexible. In addition, some privacy advocates have cited the need for legislation that would provide consumers with greater ability to access, control the use of, and correct information about them, particularly with respect to data used for purposes other than those for which they originally were provided. At the same time, industry representatives have asserted that restrictions on the collection and use of personal data would impose compliance costs, inhibit innovation and efficiency, and reduce consumer benefits, such as more relevant advertising and beneficial products and services. Nonetheless, the rapid increase in the amount and type of personal information that is collected and resold warrants reconsideration of how well the current privacy framework protects personal information. The challenge will be providing appropriate privacy protections without unduly inhibiting the benefits to consumers, commerce, and innovation that data sharing can accord. [Or perhaps informing consumers and allowing them to select a level of privacy they are comfortable with? Bob]
You can download the full report (pdf, 61 pp)
(Related) Perhaps a law review article on “Silly Technology Laws?”
Absurd: The Very Basic Thing It's Still Illegal to Do With Your Mobile Phone
Do you own a smart phone? Do you know how easy it is to break the law using only that smartphone?
It’s this easy: After your current contract with your wireless provider (perhaps Verizon) expires, change the software on your phone such that you can use it to make calls with a different provider (say, T-Mobile). There, you just broke the law.
Attention Ethical Hackers: No ethical concerns here, move along.
– If you’ve ever found yourself trying to try a product online which required a credit card, even when you just want to take a look, then you will know why this site is invaluable. It generates random lists of “valid” credit card numbers, but since there is no other corresponding information, they are useless for fraud purposes.
For my students who actually want to learn...
– is a course catalog for online learning. The site helps you find courses for subjects you want to learn and enables you to compare those choices easily and pick the best one for you. They find college courses from all the providers out there and put them in one place. They list all the courses from Massive Open Online Courses (MOOCs) such as Coursera, Udacity, edX, etc.
For my Business Students
Another question for my Statistics Class...