...because it's hard to forget or misplace a
fingerprint or an iris? Or because a fingerprint identifies you
every time on every device?
Japan's
Largest Mobile Provider to Ditch Passwords
Japan's
largest mobile service provider, NTT
DoCoMo, said it would replace passwords with biometric
credentials on a number of its online services, in a step to move
users closer to a password-free world.
Starting
Wednesday, NTT DoCoMo customers with smartphones capable of handling
biometric authentication will be able to access several online
services using iris recognition or fingerprint authentication, the
company said.
Did
I miss this? Professor Soma forwarded an email that makes me think I
did.
2015 Data
Breach Investigations Report
Prepare your enterprise to conduct individualized
self-assessments of risk, so you can make realistic decisions on how
to avoid cyber threats. The 2015 DBIR expands its investigation into
nine common threat patterns and sizes up the effects of all types of
data breaches, from small data disclosures to events that hit the
headlines.
Interesting,
but I think we're still a long way from understanding, let alone
controlling sexting. Would receipt of an unsolicited photo be an
“invasion” of privacy? How would you prove it was unsolicited?
Forwarding the photo is a different kettle of fish.
Michael Miller reports:
School officials on Wednesday said they reported a case of sexting to police to protect the privacy of students whose naked photos were being shared.
A female student saw pictures of a friend on a classmate’s phone in April and reported it to the assistant principal. The school’s resource officer called the Cape May County Prosecutor’s Office.
An investigation led to criminal charges being filed against 20 students at Lower Cape May Regional High School and the Richard M. Teitelman Middle School for allegedly invading the privacy of several female classmates.
Read more on Press
of Atlantic City.
[From
the article:
The students, including an 18-year-old, were
charged with a third-degree crime. Those under 18 face a two-year
sentence in a training school for juvenile offenders. The older
student could face a sentence of up to five years in state prison.
Is
this a disconnect between lawyers and techies? I wonder which side
made the assertion that “consumers” could opt out? Did the
lawyers just select a few phrases from some “standard” privacy
policies?
Elizabeth Litten writes:
This case has nothing to do with HIPAA, but should be a warning to zealous covered entities and other types of business entities trying to give patients or consumers more information about data privacy than is required under applicable law. In short, giving individuals more information is not better, especially where the information might be construed as partially inaccurate or misleading.
Read more on Fox Rothschild Privacy
Compliance & Data Security,
[From
the article:
The complaint alleged, among other things, that
although Nomi’s published privacy policy stated that Nomi would
“allow consumers to opt out of Nomi’s [data tracking] service on
its website as well as at any retailer using Nomi’s technology,”
Nomi actually only allowed consumers to opt-out on its website — no
opt-out mechanism was available at the clients’ retail stores.
… The odd aspect of this complaint and consent
order is that Nomi did not track or maintain information that would
allow the individual consumers to be identified. The media access
control (MAC) address broadcast by consumers’ mobile devices as
they passed by or entered the stores was cryptographically “hashed”
before it was collected, created a unique identifier that allowed
Nomi to track the device without tracking the consumer him/herself.
As dissenting Commissioner Maureen Ohlhausen points out, as “a
third party contractor collecting no personally identifiable
information, Nomi had no obligation to offer consumers an opt out.”
The majority, however, focuses on the fact that the opt out was
partially inaccurate, then leaps to the conclusion that the
inaccuracy was deceptive under Section 5 of the FTC Act, without
pausing to reflect on the fact that the privacy policy and opt out
process may not have been required by law in the first place.
No “opt out” here. I wonder if whatever the
police are “targeting” was kept and everything else deleted
immediately would reduce the concerns? But then, often there is no
specific license plate being searched for. If you fall into a
“pattern” the police have established, your data is retained.
Unfortunately, unless they know where and when I normally drive, they
can't eliminate me.
Martin Kaste reports:
License plate scanners have become a fact of life. They’re attached to traffic lights, on police cars — even “repo” staff use them. All those devices have created a torrent of data, raising new concerns about how it’s being stored and analyzed.
Bryce Newell’s laptop is filled with the comings and goings of Seattle residents. The data comes from the city’s license plate scanner, acquired from the police through public disclosure requests. He plugs in a license plate number, uncovering evidence of long-forgotten errands.
Read more on NPR.
[From
the article:
Ron Sloan is director of the Colorado Bureau of
Investigation. They've tried analyzing licence plate scans from an
area near where a murder victim was found.
"We were able to do some rudimentary analysis
of that data to try to determine whether or not there were vehicles
that were going through the area that did
not live in the area, [I
drive through lots of neighborhoods I don't live in. Bob
that were from outside of
the area or vehicles that that would
not have been their route driving home," he says.
I wonder if this comes with a warning to Facebook?
Justin Brookman writes:
Privacy law in the U.S. is weaker than in most places, but hey, at least we’ve got Section 5.
While many countries around the world have affirmative privacy protections for most data, the U.S. instead enforces a hundred-year old prohibition against deceptive business practices to merely prohibit companies from tricking people about data practices. In recent years, the FTC has expanded its interpretation of Section 5’s ban on deceptive practices to apply not just to misstatements but also to affirmative omissions—that is, when by failure to mention a potentially controversial privacy practice, the company is effectively trying to deceive consumers. This line of enforcement is all in the name of creating external accountability for privacy practices, and a transparent market for personal information. This market is far from perfect, and I think the law should do more to empower people to assess various privacy practices and control the flow of their information.
Still, at bottom, the U.S. has always had one (fairly low!) baseline: don’t lie about what you’re doing.
Recently, however, even this weak standard has been called into question—by two sitting Commissioners of the FTC no less.
Read more on IAPP.
Apparently this is even stranger that I first
thought. If you read the statement, it looks like the New jersey DA
was more 'saving face' than righting wrongs.
Earlier today, I posted the press release from New
Jersey about its settlement
with Tidbit’s developer, Jeremy Rubin.
Here’s his take on the issues and settlement:
There are some good and bad parts of the settlement. Although I am unhappy with how it reads at a glance — it seems like a defeat — under closer inspection, you can see that New Jersey’s ‘victory’ is Pyrrhic at best.
Read his full statement on Medium.
Unlikely to be followed, but what else is new
about UN “suggestions?”
UN Report
Champions Encryption and Anonymity
by Sabrina
I. Pacifici on May 28, 2015
EPIC – “The UN
Special Rapporteur on Freedom of Expression released a report
today supporting strong encryption and anonymity tools. The
Rapporteur finds that, “States should not restrict encryption and
anonymity, which facilitate and often enable the rights to freedom of
opinion and expression.” EPIC previously urged
the UN to support secure, anonymous communications, stating, “In
our modern age, encryption
is the key technique and anonymity is the core legal right that
protects the right to privacy.” EPIC published the
first comprehensive survey
of encryption use around the world and worked in support of the
OECD
Cryptography Guidelines of 1997.”
(Related) See what I mean? To decrypt any
encrypted communication, you must control the keys to all
encrypted communications.
Glyn Moody reports:
The new Investigatory Powers Bill, announced in yesterday’s Queen’s Speech, will include legislation to force Internet companies to give access to encrypted conversations of suspected terrorists and criminals. According to The Telegraph: “New laws will require WhatsApp, which is owned by Facebook, Snapchat and other popular apps to hand messages sent by their users to MI5, MI6 and GCHQ about suspects under investigation.”
Read more on Ars
Technica.
I did this in a Risk Management class. It touches
all the bases and actually gets students arguing!
Remember
DoD’s Counter-Zombie Plan? It's Actually a ‘Brilliant’
Preparedness, Mitigation, and Response Strategy for New and
Unforeseen Threats
It’s been many months since the Defense
Department’s fictitious CONPLAN
8888-11, Counter-Zombie Defense, was made public and held up
to ridicule –- some declaring it another example of wasteful
Pentagon spending. I mean, come on, frittering money on a fictitious
plan for countering a zombie apocalypse? But the fact is, CONPLAN
8888-11 is brilliant on so many levels.
As if “Female” wasn't enough (also inevitable)
note that her area of expertise is “security and terror.” That's
a much more interesting (and somewhat depressing) “first.”
Oxford
University first female head
Oxford University is set to have a female head for
the first time in its history, with the nomination of Louise
Richardson as vice chancellor.
Prof Richardson is currently in charge at St
Andrews and has previously had a senior role at Harvard University.
If she is formally adopted as the 272nd vice
chancellor, Prof Richardson will follow almost eight centuries of
male heads of Oxford University.
… Lord Patten said the nominating committee
had been "deeply impressed" by Prof Richardson's strong
commitment to "scholarly values" and her record as an
"educational leader".
A
political scientist, her academic expertise has been in security and
terror. She has written books about terror and
counter-terror in the wake of the 9/11 attacks in the United States.
For my Business Intelligence students. How do you
separate the wheat from the chaff? This is not so different from
political spin doctors but is is more likely to be believed?
Russia
steps up propaganda push with online “Kremlin trolls”
Deep inside a four-story marble building in St.
Petersburg, hundreds of workers tap away at computers on the front
lines of an information war, say those who have been inside. Known
as “Kremlin trolls,” the men and women work 12-hour shifts around
the clock, flooding the Internet with propaganda aimed at stamping
President Vladimir Putin’s world vision on Russia, and the world.
… She described how the trolls manage several
social media accounts under different nicknames, such as koka-kola23,
green_margo and Funornotfun. Those in her department had to bash out
160 blog posts during a 12-hour shift. Trolls in other departments
flooded the Internet with doctored images and pro-Putin commentary on
news stories that crop up on Russian and Western news portals.
For my Data Governance students.
3 Keys to
Data Modernization
Focus on Data Strategy and Data Quality
Do not underestimate the importance of a
well-managed
data governance team to document the processes and define the
data standards and strategy to support those processes.
Understand Data Relationships across the Business
In order for businesses to use data most
effectively, we must understand the relationship of the data across
the business.
Keep a Flexible Data Platform
The final key to successful data modernization is
using a platform that is flexible enough to be globally useful.
For all my students. They come in using the
latest technology and wonder why we teach them stuff from ancient (in
Internet years) history. e.g. My current textbook on Business
Intelligence makes no mention of social networking.
Breaking
the Death Grip of Legacy Technologies
Technologies like 3-D printing, robotics, advanced
motion controls, and new methods for continuous manufacturing hold
great potential for improving how companies design and build products
to better serve customers. But if the past is any indicator, many
established firms will be slow to adjust because of a formidable
obstacle: legacy assets and capabilities that they are reluctant to
abandon. Why are older incumbent firms slow to adopt new
technologies even when the economic or strategic benefits are clear?
The
literature on this subject is enormous. Much of the early
work focused on the adoption rate of new technologies following
an S-curve, with some users going early, a lot in the middle, and
some following late. These models assume that it takes a while for
companies to find out about new technology and, once they do, for
their employees to assimilate and use it.
No comments:
Post a Comment