Saturday, March 09, 2013

Next Friday!
MOBILE “APP” PRIVACY
A seminar presented by the Privacy Foundation.
REGISTRATION: Contact Privacy Foundation Administrator Cindy Goldberg at cgoldberg@law.du.edu or call 303.871.6628
.Seminar & lunch free for all DU Faculty, Alumni & Students. All others: Seminar/CLE ($20) or Seminar/CLE/Lunch ($40)


Could give us a look at Best(?) Practices in action.
Back in January, there were reports that Genesco might sue card issuers over their response to the firm’s malware breach in 2010. Now dmarsteller reports that Genesco has, indeed, sued VISA. The lawsuit was filed Thursday in Nashville. dmarsteller explains:
VISA later fined Fifth Third Bank and Wells Fargo $5,000 each and levied another $13.3 million in assessments, saying they were liable for the breach because they did not comply with industry-wide security standards. The banks paid, taking the money from Genesco’s accounts and assigning any recovery efforts to Genesco.
Genesco contends VISA overreacted because there was no evidence that the hackers stole any cardholder information. The retailer said regular rebooting of its computer servers erased any data before hackers could retrieve it.
Genesco also contends VISA violated its contracts with the banks by not following the required procedure before issuing the fines and assessments. The card company’s actions also are unfair business practices under California law, the suit contends.
Read more on The Tennessean.


So the court requires TSA to be suspicious before a forensic search, even if those in dissent think TSA won't know if they are suspicious or not... Note: DoJ won this case, so they will have a hard time appealing it...
Orin Kerr on today’s Ninth Circuit en banc opinion in United States v. Cotterman, a case involving border searches of laptops.
Today the Ninth Circuit announced a special rule for computer searches: Although a “review of computer files” can occur without reasonable suspicion, the “forensic examination” of a computer at the border requires reasonable suspicion because it is “akin to reading a diary line by line looking for mention of criminal activity—plus looking at everything the writer may have erased.” Here’s the key part of the analysis:
The relevant inquiry, as always, is one of reasonableness. But that reasonableness determination must account for differences in property. Unlike searches involving a reassembled gas tank, or small hole in the bed of a pickup truck, which have minimal or no impact beyond the search itself—and little implication for an individual’s dignity and privacy interests—the exposure of confidential and personal information has permanence. It cannot be undone. Accordingly, the uniquely sensitive nature of data on electronic devices carries with it a significant expectation of privacy and thus renders an exhaustive exploratory search more intrusive than with other forms of property.
After their initial search at the border, customs agents made copies of the hard drives and performed forensic evaluations of the computers that took days to turn up contraband. It was essentially a computer strip search. An exhaustive forensic search of a copied laptop hard drive intrudes upon privacy and dignity interests to a far greater degree than a cursory search at the border. It is little comfort to assume that the government—for now—does not have the time or resources to seize and search the millions of devices that accompany the millions of travelers who cross our borders. It is the potential unfettered dragnet effect that is troublesome.
We have confidence in the ability of law enforcement to distinguish a review of computer files from a forensic examination. We do not share the alarm expressed by the concurrence and the dissent that the standard we announce will prove unmanageable or give border agents a “Sophie’s choice” between thorough searches and Bivens actions.
In dissent, Judge M. Smith responds:
While I share some of the majority’s concerns about the steady erosion of our personal privacy in this digital age, the majority’s decision to create a reasonable suspicion requirement for some property searches at the border so muddies current border search doctrine that border agents will be left to divine on an ad hoc basis whether a property search is sufficiently “comprehensive and intrusive” to require reasonable suspicion, or sufficiently “unintrusive” to come within the traditional border search exception. Requiring border patrol agents to determine that reasonable suspicion exists prior to performing a basic forensic examination of a laptop or other electronic devices discourages such searches, leaving our borders open to electronicallysavvyterrorists and criminals who may hereafter carry their equipment and data across our borders with little fear of detection. In fact, the majority opinion makes such a legal bouillabaisse out of the previously unambiguous border search doctrine, that I sincerely hope the Supreme Court will grant certiorari, and reverse the holding in this case regarding the level of suspicion necessary to search electronic devices at the border, for the sake of our national security, and the consistency of our national border search law.
And Judge Callahan adds:
Regrettably the majority, dispensing with these wellsettled, sensible, and binding principles [from Supreme Court caselaw], lifts our anchor and charts a course for muddy waters. Now border agents, instead of knowing that they may search any and all property that crosses the border for illegal articles, must ponder whether their searches are sufficiently “comprehensive and intrusive,” to require reasonable suspicion, and whether they have such suspicion. In most cases the answer is going to be as clear as, well, mud. We’re due for another course correction.
Read Orin’s commentary on The Volokh Conspiracy.


Also interesting...
"Ars Technica reports that the Obama Administration has filed a brief in support of a Maryland photojournalist who says he was arrested and beaten after he took photographs of the police arresting two other men. The brief by the Justice Department argues that the U.S. Constitution protects the right to photograph the actions of police officers in public places and prohibits police officers from arresting journalists for exercising those rights. [What about us second class (non-journalist) citizens? Bob] Context: 'Garcia says that when Officer Christopher Malouf approached him, Garcia identified himself as a member of the press and held up his hands to show he was only holding a camera. But Malouf "placed Mr. Garcia in a choke hold and dragged him across the street to his police cruiser," where he "subjected him to verbal and physical abuse." According to Garcia's complaint, Malouf "forcibly dragged Mr. Garcia across the street, throwing him to the ground along the way, inflicting significant injuries." Garcia says Malouf "kicked his right foot out from under him, causing Mr. Garcia to hit his head on the police cruiser while falling to the ground." Garcia claims that Malouf took the video card from Garcia's camera and put it in his pocket. The card was never returned. Garcia was charged with disorderly conduct. In December 2011, a judge found Garcia not guilty.'"


Another resource...
Thanks to Danielle Citron, who reminds us that the 2013 edition of Dan Solove and Paul Schwartz’s Privacy Law Fundamentals is out now.


Cheap.
Google will soon settle with the attorneys general representing more than 30 U.S. states over its Street View cars collecting data from unsecured Wi-Fi networks, multiple sources said.
Google is to pay $7 million, to be distributed among the attorneys general, according to a person familiar with the matter. That person said the agreement is close to being finalized, and should be announced early next week.
Read more on AllThingsD
If people are using unsecured WiFi, I’m not sure Google should be paying anything at all. Don’t users assume some risk or responsibility for the risk if they’re using unsecured WiFi? [Not if it's election season... Bob]

(Related) Is this court recognizing the “Streisand Effect?”
A Wisconsin woman trying to protect her “wholesome” image failed to persuade a federal appeals court to hold Google Inc liable because searches for her name could lead people to advertisements for drugs to treat sexual dysfunction.
The 7th U.S. Circuit Court of Appeals in Chicago said on Wednesday Beverly Stayart did not show that Google violated Wisconsin privacy laws by misusing her name to generate advertising revenue.
Read more on Business Insider.
[From the article:
Stayart claimed that a search for "bev stayart" on the world's largest search engine generates a recommended search for "bev stayart levitra," which can direct users to websites that offer treatments for male erectile dysfunction.
… Circuit Judge Ann Claire Williams wrote that the search "bev stayart levitra" was a matter of public interest because Stayart had made it one by suing Google, and by previously suing rival Yahoo Inc over similar claims, which she lost.
The case is Stayart v. Google Inc, 7th U.S. Circuit Court of Appeals, No. 11-03012


Raises a couple of questions. Shouldn't the schools be thinking of this rather than Microsoft? How expensive will Microsoft's Cloud be if they forgo advertising revenue?
An anonymous reader points out a story at The Register about a Microsoft-backed bill proposed by Massachusetts state representative Carlo Basil which seems aimed directly at Google's cloud apps. The bill, if it should be enacted, would require that
"[a]ny person who provides a cloud computing service to an educational institution operating within the State shall process data of a student enrolled in kindergarten through twelfth grade for the sole purpose of providing the cloud computing service to the educational institution and shall not process such data for any commercial purpose, including but not limited to advertising purposes that benefit the cloud computing service provider."


This is why you only go to these sites using your “.edu” accounts... (Why would they want all the IP addresses?)
"Notorious copyright troll Prenda Law has sent a subpoena to WordPress attempting to force the disclosure of all IP addresses related to two WordPress-hosted sites that specialize in monitoring and encouraging action against copyright trolling. The sites in question are fightcopyrighttrolls.com and dietrolldie.com. These sites state their aims as: 'To keep the public and fellow victims informed and to ensure that through activism, trolls make as little money as possible.' These are goals which almost anyone (bar a copyright troll, or lawyer acting for one) might well applaud. Prenda Law's demand is not for a subset of addresses that might have posted in a manner that could be construed as legally defamatory but for all IP addresses that have accessed these sites, irrespective of the use made of them. Prenda Law has filed three defamation lawsuits already against the individuals who run Fightcopyrighttrolls, and one has been dismissed (PDF). Dietrolldie released the following warning: 'As there is a possibility that a release could occur, the public IP address (date/time stamp) could fall into the hands of Prenda. I would expect that they would then try to cross-reference the IP address with their list of alleged BitTorrent infringement IP addresses ... If you have ever gone to this site or Fightcopyrighttrolls.com since 1 January 2011, you may want to contact WordPress. Tell them you want them to refuse this overly broad request and at least wait until the issue of the case being moved to the Federal court is answered before releasing any information.'"


Another IP article... Looks like they are assuming the right to resell does not exist!
"The New York Times reports that Apple and Amazon are attempting to patent methods of enabling the resale of digital items like e-books and MP3s. Establishing a large marketplace for people to buy and sell used digital items has the potential to benefit consumers enormously, but copyright holders aren't happy. Scott Turow, president of the Authors Guild, 'acknowledged it would be good for consumers — "until there were no more authors anymore."' But would the resale of digital items really be much different than the resale of physical items? Or is the problem that copyright holders just don't like resale?"


For my students, but I wonder what percentage will actually protect themsleves...
March 08, 2013
EFF- How To Opt Out of Receiving Facebook Ads Based on Your Real-Life Shopping Activity
EFF: "Facebook has announced that it’s teaming up with four of the world’s largest corporate data brokers to “enhance” the ad experience for users. Datalogix, Epsilon, Acxiom, and BlueKai obtain information gathered about users through online means (such as through cookies when users surf the web) as well as through offline means (such as through loyalty cards at supermarkets and product warranty cards). Through the new relationship with Facebook, companies will be able to display advertisements to Facebook users based on data that these data brokers have on individuals... We recommend you use a tool such as Ghostery (now available on Firefox, Safari, Chrome, Opera and Internet Explorer) or Abine's DoNotTrackMe (available in Firefox, Safari, Chrome and Internet Explorer) or AdBlockPlus with EasyPrivacy Lists. See more comprehensive instructions in our 4 Simple Changes to Stop Online Tracking."


The future of the “book”
Army’s First Interactive iPad Book Lets You Finger-Swipe Through Afghanistan
The Army has no shortage of battlefield maps. But until Friday, it didn’t have many that animate troop movements or enemy positions at the touch of a fingertip. Now, explains Command Sgt. Major Joe B. Parson, Jr., “if I flick a finger, you don’t change the page, you change the picture.”
That’s the added value of Vanguard of Valor, a platoon-level recent history of the Afghanistan war published by the Army’s Combined Arms Center at Fort Leavenworth, Kansas, part of the ground force’s brain trust. There’s a musty paper edition. But the Army’s more excited about the iPad edition that debuted on Friday in the iTunes store.
Vanguard of Valor is primarily a teaching tool, meant to instruct the mid-career officers who pass through the Center about the lessons learned from years of grueling war in Afghanistan. The enhanced iPad edition is a step up from previous Army digitized books: It’s the first immersive, interactive Army e-book, replacing the simple PDF-style scans with dynamic animations of the warzone. Maps shift, videos load, audio plays and pictures scroll to complement the text.


I like lists, even those in slideshow formats...
Friday, March 8, 2013
Best of the Web 2013 - Updated
This morning at NCTIES 2013 I gave an updated version of my Best of the Web presentation. As promised to everyone in the room, I've uploaded the slides to Slideshare. You can view them on Slideshare


This could be a useful tool in my website class...
See a quick table of contents for any page on the web. HTML5 Outliner is a simple Chrome extension you can click anytime to see an outline for most pages. Using the document outlining algorithm in HTML5, this plugin gives you a quick outline for almost any page – even some that don’t use HTML5.

No comments: