Wednesday, November 12, 2014

We love our customers, but only as long as we can use their emails for Behavioral Analysis. Encryption interferes with that. So we will support the FBI's efforts to ban encryption. (and meanwhile, we will remove it when possible.)
Jacob Hoffman-Andrews writes:
Recently, Verizon was caught tampering with its customer’s web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers’ data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1
Read more on EFF.

I expect more discussion on this point, but few people will agree with the judge. Would the judge have ruled differently if access depended on a retinal scan?
Evan Schuman comments on a recent court opinion in Virginia v. Baust that a person can be compelled to open his phone with his fingerprint but that trying to compel the person to disclose his password implicates the 5th Amendment [media coverage of ruling, commentary by Orin Kerr].
In his commentary, Evan argues that a fingerprint scan is just a substitute PIN, which can’t be required by law enforcement. Here’s a snippet from his commentary:
But consider this scenario. I have a physical key that opens a physical deadbolt on the front door of my house. Because certain family members (who I will not name; they know who they are) have a tendency to forget or lose their house keys, I’ve debated changing the lock to accommodate a PIN keypad.
Now, according to this weird legal distinction, I could be forced to give my key to the police, but not my lock’s PIN. But hold on. Just as the iPhone’s finger scan is simply a digital version of a password/PIN, that deadbolt’s PIN is simply a digital alternative to my physical key. On what possible rationale should law enforcement treat the two differently?
Read his article on ComputerWorld.

Interesting. As we become more like a Thing on the Internet of Things, we are measured and analyzed in every more intrusive ways – including a few we pay extra to have!
Kirk Nahra does a terrific job articulating the concerns about non-HIPAA-covered health data and the debate that has already started as to whether such data should be regulated, and if so, how. Read his article on Wiley Rein.

Divorce? There's an App for that!
WhatsApp Blamed For Causing Divorces
WhatsApp is being cited in 40 percent of divorce cases in Italy, at least according to a report from the Italian Association of Matrimonial Lawyers. Gian Ettore Gassani, president of the association, suggested, “Social media has boosted betrayal in Italy by making it easier, first through texting, then Facebook, and now WhatsApp,” before adding that the messaging app “has encouraged the return of the Latin lover.
There is clearly a debate to be had about whether WhatsApp and other messaging apps are actually encouraging people to cheat on their partners or whether they’re just the latest tools in a serial cheater’s arsenal. Regardless, the fact WhatsApp is cited in such a high percentage of divorce cases is rather unsettling.

No comments: