Tuesday, December 20, 2011


Fair summary, good editorial.
Looking Back: Top U.S. Privacy Stories of 2011
December 19, 2011 by Dissent
It’s that time of the year: time to look back and reflect on the top privacy stories of the year for Americans. Foregoing any pretext of democratic process, I simply looked back through the headlines I had featured during the year to remind myself of what seemed important to me. Here’s a recap and synthesis of some the biggest privacy news this year:
Consumers increasingly assert right to be free from online tracking or unwelcome sharing of their data.
In 2011, we got into a rhythm that went something like this: researcher or media announce discovery of “feature” or “flaw” in a browser, social media platform, or app that enables collection or transmission of data that consumers had no idea was being collected or shared. Lawsuits ensue. Lawsuits get dismissed.
Congress, aware of growing consumer discontent, proposed some Do Not Track legislation and other bills that would give consumers “baseline” privacy protections. None of the bills were passed, leaving consumers pretty much where we were at the beginning of 2011 as far as federal protections go.
One ray of hope came from the FTC, who reached settlements with Google over their rollout of Buzz and with Facebook over a host of deceptive practices that left users with their private details hanging out for the world to see. The FTC settlements hopefully send a message to businesses that not only is transparency about data collection and use essential, but sometimes, you need to also get explicit consent. That notion of transparency has yet to be embraced by most businesses, however, and most consumers still have no idea as to how long their telecoms retain their data.
Our shrinking online privacy was also reflected in more mainstream web sites and platforms prohibiting users from posting anonymously or pseudoanonymously. In the process of protecting us from anonymous comments or profiles, Salman Rushdie was not allowed to use his own name on Facebook, who insisted he call himself “Ahmed Rushdie.” Once word spread on Twitter, Facebook promptly backed off. As for those of us who post anonymously or pseudoanonymously, apparently businesses respect our privacy but we are reminded that we have no right to keep our identity to ourselves if we wish to participate in public debate on their sites.
Despite the increased risk of breaches, businesses want more, more, MORE data, but damned if they’ll protect it adequately.
By mid-year, some were already calling 2011, “The Year of the Hack.” I will cover the year in data breaches in a separate post over on DataBreaches.net, but suffice to say that most businesses haven’t learned anything from some of the massive data breaches that occurred this year. They continue to try to amass data instead of purging data that is way past its freshness date or meaningful use date. The more they collect, the more inaccurate information about us is likely to show up in the over 200 databases where businesses sell our data and records. Then, too, the more they collect, the harder it should be for businesses or government to look us in the eye with a straight face and claim that our data can be “anonymized” and safely shared. Despite repeated warnings, many sites continue to store passwords in plain text or easily decrypted MD5 hashes. And despite repeated warnings, users continue to re-use ridiculously simple passwords like “123456″ across sites and accounts.
In light of the DOJ’s urging businesses and telecoms to retain data for longer (allegedly to help them fight child pornography and other crimes), Congress has predictably done absolutely nothing to reverse the dangerous trend of amassing more data. Even when businesses or entities experienced breaches affecting millions of people, Congress did nothing in 2011 to impose reasonable limits on data retention or to mandate better security protection.
Domestic surveillance increases and the DOJ gets by with a little help from its friends.
If anyone still harbored any hopes that President Obama might have a shred of left-leaning tendencies, 2011 should have disabused them of that notion. In a chilling oral argument before the Supreme Court in United States v. Jones, the DOJ claimed that yes, law enforcement can track you 24/7/365 using GPS or other technology-enabled surveillance, and by golly, they don’t need no stinkin’ warrant because we have no “reasonable expectation of privacy in public.”
The Supreme Court will rule on that case next year, but GPS surveillance and access of cell site location data by law enforcement were not the only big DOJ surveillance issues in 2011. At the beginning of the year, we learned that DOJ had used 2703(d) orders to compel Twitter (and other sites) to turn over information on people who had been linked to the WikiLeaks “cablegate” case. Presumably building a case against Julian Assange and WikiLeaks, the DOJ convinced a judge to order companies to turn over non-content data on Assange, PFC Bradley Manning, and three individuals who had been involved with WikiLeaks. The three individuals fought the order, lost, and appealed. They lost again and as the year draws to a close, are appealing again. The “Twitter Order” case, as it came to be called, has significant implications for privacy online, and highlights the need for Congress to update the Electronic Communications Privacy Act (ECPA) and its Stored Communications Act provisions. Those laws are badly in need of updating, but after an initial flurry in Congress with bills being proposed, nothing happened.
Domestic surveillance and intrusions on privacy by government certainly got a helping hand this year. Businesses continue to turn over our data upon request, states continue to enact or propose legislation that permits police to take DNA samples at time of arrest, states tried to get welfare applicants to undergo mandatory drug-testing as a precondition of getting assistance, and the courts held that cell phone searches “incident to arrest” do not require a warrant.
And we don’t know the half of it. Senators Wyden and Udall courageously publicized the fact that the DOJ has a “secret” interpretation of the PATRIOT Act that we, the public, know nothing about. How is their secret interpretation being used against citizens? We have no idea, but never have so few had so much power to trample our privacy and civil liberties.
Not all domestic surveillance increased, however. Following major flaps over intrusive TSA screening last year, TSA introduced less intrusive screeners. Complaints persist, however, as some passengers report finding personal notes in their searched luggage and little old ladies complain of being strip-searched. To date, the TSA has yet to demonstrate how its enhanced screening has actually prevented a single act of terrorism.
The year drew to a close with disturbing stories about the use of unmanned drones for domestic surveillance.
Protecting children’s privacy online is a Good Thing. Protecting it at school? Not so much.
In 2011, Congress considered changes to the Children’s Online Privacy Protection Act (COPPA). Despite Congress’s reported desire to protect children from online hazards and to protect their privacy and an FTC enforcement action, research revealed at the end of the year showed that many parents were actively assisting their children in signing up for over-13-only platforms.
While Congress and the FTC push for regulations that they claim will protect children’s privacy, down the block at the U.S. Department of Education, they’ve decided to go the opposite way and share more of children’s data. Districts that have continued to have breaches that have never been disclosed to government or parents will now be sharing more data, increasing the risk of identity theft.
While the U.S. Department of Education puts more students at risk of privacy breaches and/or identity theft, the powers that be continue to strip students of their privacy rights. It has long been established that students have less protection against search and seizure on school property. But now they also have fewer rights over their online conduct and speech in the privacy of their own homes as school districts decide they can discipline or expel students over online conduct outside of school. Since my editorial on this subject in August 2010, and despite admirable advocacy by the ACLU and other civil liberties organizations, children’s privacy remains at serious risk – from their schools, their government, and to a lesser extent, from businesses.
Of course, those weren’t the only privacy developments of note in 2011, but I think they top my list.
And if you were to ask me which I think is the biggest privacy story of 2011, I’d have to say it’s domestic surveillance – by our government, businesses, and schools.


I wonder if they use any of the tools our State Department is pushing to “Arab Spring” protestors? How is this different, other than we don't like it? Are factual responses not enough?
U.S. Considers Combating Somali Militants’ Twitter Use
The United States government is increasingly concerned about the Twitter account of the Shabab militant group of Somalia, with American officials saying Monday that they were “looking closely” at the militants’ use of Twitter and the possible measures to take in response.


Coming soon to a country near me!
Ca: Privacy Commissioner issues report on BC Hydro smart meters
December 19, 2011 by Dissent
Information and Privacy Commissioner Elizabeth Denham has released a report assessing the privacy and security of BC Hydro’s smart meters.
“It is clear from my investigation that BC Hydro is taking privacy and security seriously as it develops a framework for the implementation of smart meters and a smart grid,” said Commissioner Denham. “But there are areas for improvement.”
BC Hydro is replacing electro-mechanical and digital meters for its more than 1.8 million customers with smart meters. Once fully operational, smart meters will provide hourly information about customers’ electricity consumption. As a result, analysis of household consumption may reveal more information about our daily lives.
The Commissioner found that BC Hydro is complying with the Freedom of Information and Protection and Privacy Act with regard to the collection, use, disclosure, protection and retention of the personal information of its customers. However, the Crown corporation is not in compliance with regard to the notification it provides to its customers about smart meters.
“BC Hydro is required by law to tell their customers the purpose for collecting personal information for the smart meters project, what legal authority they have to do so and to provide contact information for a BC Hydro employee who can answer any questions that arise regarding collection. Hydro is not currently meeting this requirement, and we’ve made some recommendations to help them improve their customer notification,” said Denham.
The report makes 14 recommendations that will improve BC Hydro’s existing privacy and security practices. BC Hydro has committed to put action plans in place to address these recommendations.
“There is still much work to be done by BC Hydro with respect to smart meters and the smart grid. While I am satisfied with the work that has been done to date, my office will continue to take an active role in monitoring this project to ensure BC Hydro is properly considering privacy and security,” said Denham.
The Commissioner’s Office received complaints and correspondence from more than 600 British Columbians about the smart meter program, which prompted the investigation.
Source: Information and Privacy Commissioner’s Office, British Columbia


Them fur-in-ers have a different perspective.
German Data Protection authorities broaden application of German Data Protection Law to foreign social networks and attack the use of social plugins and fanpages
December 19, 2011 by Dissent
Dr Fabian Niemann, Lennart Schüßler, and Ruth Boardman write:
The Düsseldorfer Kreis (“Düsseldorf Circle”), an informal body of all German Data Protection Authorities (“DPAs”), has published a decision concerning the application of German data protection rules to social networks. The decision reflects the common view of all German DPAs and comments (i) on the (very broad) applicability of German Data Protection Law and on (ii) strict conditions for companies using fanpages and/or which include “like-buttons” on their websites. According to the German Data Protection Authorities, such companies are themselves responsible if the operator of a social network collects user data in a non-compliant way.
Read more on Bird & Bird.

(Ditto)
Google copyright surveillance would violate EU law, Italian court rules
December 20, 2011 by Dissent
Information society service providers are not obliged to monitor users’ activity in order to identify and prevent copyright infringement because such a requirement would lead to the invasion of users’ privacy, an Italian court has ruled.
Read more on Out-Law.com about the ruling.


Meanwhile, in even stranger lands...
http://techcrunch.com/2011/12/19/stanford-law-review-sopa-unconstitutional-and-would-break-the-internet/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29
Stanford Law Review: SOPA Unconstitutional, Would Break The Internet
The Stanford Law Review has posted a concise and informed takedown of SOPA and PROTECT-IP, the bills currently creeping their way towards votes in their respective legislative bodies.


“Oh well, no big deal, this won't reduce our bonus will it?”
AT&T Drops Its T-Mobile Merger Bid in $4B Fail
… As recently as 11 days ago AT&T said it would not back down (though Chief Financial Officer John Stephens did seem to betray a bit of uncertainty). Instead, AT&T is out $4 billion with nothing to show for a proposed merger that drew instant fire from consumer groups and spectrum geeks.
… Not that AT&T is conceding the merger was a bad idea.


Another example of software that would significantly reduce the risk of Data Theft...
"CryptDB, a piece of database software that MIT researchers presented at the Symposium on Operating System Principles in October, allows users to send queries to an encrypted SQL database and get results without decrypting the stored information. CryptDB works by nesting data in several layers of cryptography (PDF), each of which has a different key and allows a different kind of simple operation on encrypted data. It doesn't work with every kind of calculation, and it's not the first system to offer this sort of computation on encrypted data. But it may be the only practical one. A previous crypto scheme that allowed operations on encrypted data multiplied computing time by a factor of a trillion. This one adds only 15-26%."


For my Ethical Hackers/Broncos fans. “Strangely, the defense looked confused all day.” Just saying...
"The National Football League has been brainstorming with tech and communications companies on how to bring the NFL into the 21st century. Major-league sports are famously technophobic — the NFL outlaws computers and PDAs on the sidelines, in the locker room and in press-box coaching booths within 90 minutes of kickoff. But that may be about to change, which the WSJ's Matthew Futterman speculates could mean:
'Coaches selecting plays from tablet computers.
Quarterbacks and defensive captains wired to every player on the field and calling plays without a huddle.
Digital video on the sidelines so coaches can review plays instantly.
Officials carrying hand-held screens for replays.
Computer chips embedded in the ball and in the shoulder pads (or mouth guards) that track every move players make and measure their speed, the impact of their hits, even their rate of fatigue.'
Part of the impetus for the changes is the chance for a windfall — the NFL's sponsorship deals with Motorola and IBM will expire after this season, and the NFL will be seeking more technology (and presumably cash) from its next technology partner(s)."


Local. I was driving in last night's snow storm (along with a bunch of folks who apparently have never seen snow). I thought the intersection with a Red Light Camera was under a rocket attack – the “flash” must have gone off fifty times in two minutes... Merry Christmas, citizens!
"An audit of accidents at Denver intersections where red light cameras were installed versus increasing the length of the yellow light shows little difference in the results. In a case of putting the public ahead of the corporation, the Denver auditor is recommending canceling the red light camera program unless the city can prove a public-safety benefit."
I hope that private citizens offering analysis or recommendations are treated fairly.


Dude! Don't forget classes start this week!
… We’ve shed light before on how you can replace your texting plan with a few free apps, but Textfree from Pinger really goes a step beyond that.
Textfree is available for both the iOS and Android platform. Both applications are completely free.
… Textfree has a web version of this application. With Textfree Web, you can sign up for a brand new Textfree texting number or login to your existing Textfree account and go from car to desk like nothing ever even changed!
Once logged in, sending texts from your desktop is just as easy as it was from your mobile app. It’s a whole different approach when compared to the 10 other sites to send texts from that we’ve reviewed because of the synchronization between desktop and mobile. You have your own dedicated number, also. It’s more like Google Voice than anything else.


Are you paranoid enough?
… What I was looking for was a way to securely encrypt and password protect my bookmarks. I found two:
Link Password encrypts a URL and stores it as a bookmark in your bookmarks folder. It functions without a hassle and is a single click operation if you discount the password you have to enter twice for verification.
… I haven’t found a solution like Link Password that will protect only the bookmarks in Chrome. But the Chrome extension called Secure Profile enables you to protect the entire Chrome profile you are using. The simple Chrome extension stops unauthorized use of your browser, thus protecting your bookmarks from unneeded access. After installation, you have to set the password for the profile you are using (or the default one).
… Industry grade security solutions like TrueCrypt can also be used to make your bookmarks hack proof. Here are a few bulletproof security tips you can consider:


Help yourself to all you can afford!
Monday, December 19, 2011
The Internet is full of ebooks. Much to the chagrin of textbook publishers, some teachers are now using ebooks instead of issuing textbooks to students. Others are building their own etextbooks. [Being truly lazy, I plan to have my students create the textbook (Which I will then offer for sale) Bob] If you would like to find some free ebooks that you and your students can use take a look at the following resources.
Planet eBook is a free service where teachers and students can find classic literature titles available as free downloads.
Flat World Knowledge provides free textbooks created by experts in various academic fields.
E-Books Directory contains more than 6000 titles. The E-Books Directory provides freely downloadable textbooks, documents, and lecture notes.
Free Book-s is a search engine that scans many collections of ebooks to find free content that matches your search.
Google Books hosts thousands of books that are in the public domain. Many of the public domain books can be viewed and downloaded in their entirety for free.
Sciyo is a free service that allows scientists to publish their works and connect with other authors. Works published on Sciyo are made available for free to visitors.
Neotake is a search engine for ebooks that offers a nice community option.
Many Books is a service that has indexed more than 29,000 free ebooks that are available in a variety of formats for a variety of devices.
The Open Library is a part of the Internet Archive. The Open Library is a collection of more than one million free ebook titles.


Free is good! (Even if you do have watch a few ads.)
It's available for free, and it lets you invite up to 200 people to be part of the same web conference. You can chat, broadcast videos, display images and also have your whole screen shared with all the people you've invited. And something that's really interesting is that you can sell tickets for your online event.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)