"The evil that men do lives after
them; The good is oft really really hard to find..."
(Sorry Will)
The FTC may have settled
charges against Aaron’s over the use of DesignerWare LLC software,
but the consumers haven’t. Crystal
and Brian Byrd are still pursuing a lawsuit against Aaron’s and
now there’s another lawsuit filed on behalf of another consumer by
the same attorneys. As Associated Press reports:
Spyware installed
on computers leased from furniture renter Aaron’s Inc. secretly
sent 185,000 emails containing sensitive information _ including
pictures of nude children and people having sex _ back to the
company’s corporate computers, according to court documents filed
Wednesday in a class-action lawsuit.
According to the
filings, some of the spyware emails contained pictures secretly taken
by the rental computers’ webcams or other sensitive information
including Social Security numbers, social media and email passwords,
and customer keystrokes, the Federal Trade Commission determined last
year.
The attorneys also
claimed Atlanta-based Aaron’s hasn’t properly notified at least
800 customers allegedly targeted by spyware made by DesignerWare, a
company located in North East, Pa.
Read more on Public
Opinion.
With respect to that last point, I went
back and looked again at the consent
order involving Aaron’s, and it appears that it contains no
provision requiring notification of consumers whose images were
transmitted. [Oops! Bob] Could the
consent order even require that if it allows the respondents to get
away with not admitting any guilt or admitting to the facts of the
case? Going forward, the FTC needs to consider whether consumers
need to be notified of a privacy or data security breach and include
some requirement that such notification be made.
Update: I see that
ColorTyme
is also being sued in another potential class action lawsuit.
ColorTyme also one of the companies involved in the FTC’s case.
The case files on them can be found here.
Not much for each user and they don't
get even that.
Joe Mullin writes:
Internet privacy
lawsuits, especially of the class-action variety, have been sprouting
up everywhere in the past few years. Some of them have been settled
for considerable sums, especially when companies are sued over
publicly acknowledged privacy screw-ups that they’ve already taken
heat for. One of the most notable was the $9.5 million Facebook
settlement
over its Beacon program, which broadcast users’ activities from
other websites—including what they bought on various shopping
sites—in their Facebook news feed.
The number of
Facebook users affected by that class-action case was huge—the
class was determined to be 3.6 million users at the end of the
day. In part due to the large class, the judge allowed a so-called
cy pres award,
which is when a payment is made to a charity related to the issues in
the case rather than to the actual class members. The Facebook
settlement will go to a newly created Digital
Trust Foundation (DTF), which will fund initiatives related to
Internet privacy. $2.3 million of the settlement money
will go to fees
for the plaintiffs’ attorneys.
Read more about how some conservative
judges in the Ninth Circuit are not happy as to how the cy pres award
was made on Ars
Technica. All
Facebook also has more on this as does the Connecticut
Law Tribune.
In my Ethical Hacker classes, detection
is a 10 point deduction – dropping you to a “B” Where you hack
from is less important as long as it looks like you have passed
through several countries and dead links...
China
claims its military and defense sites were hacked by U.S. attackers
In a move to counter recent reports
claiming that a special unit in the Chinese Army is behind repeated
cyber attacks on U.S. institutions, the nation Thursday claimed its
military and defense ministries websites are routinely hacked from IP
addresses originating within the United States.
… "Any kid in a basement can
probe a computer in China," Stiennon noted. "For that
matter, Google probes every IP address every day,
so you can't call that an attack."
Something to plan for...
Kathleen Struck reports:
Hacking into
patient medical records can be as easy as tapping into a
hospital’s unsecured wireless network from a laptop in the parking
lot.
Government
auditors proved it “by sitting in hospital parking lots with simple
laptop computers” and obtaining “patient information from
unsecured hospital wireless networks,” according to Julie K.
Taitsman, M.D., J.D., and colleagues from the Office of the Inspector
General at the Department of Health and Human Services (HHS).
OK, that’s scary.
Read more on MedPage.
(Related) Not clear in the article,
but I suspect these are interrogated via RFID techology. I wonder if
they are encrypted?
This
Electronic Temporary Tattoo Will Soon Be Tracking Your Health
FitBit too bulky? Why not glue a sensor
array to your skin?
The quantified self goes nanoscale with
a stick-on silicon electrode network that could not only change the
way we measure health metrics, but could enable a new form of user
interface. And the researchers behind it aim to have the device
available in the next few weeks through a spinoff company, MC10.
The development takes wearable
technology to the extreme, designed as a non-invasive diagnostic
sensor that could be used to measure hydration, activity, and even
infant temperature. It bonds to the skin, somewhat like a temporary
tattoo, flexing and bending in sync with your skin the way you wish a
Band-Aid would.
(Related) And why would anyone want
Medical data?
Marcia Savage reports:
Data security
breaches involving third parties are on the rise, particularly in the
health-care industry, a panel of security experts said Tuesday at the
RSA Conference 2013.
“This is an
upward trend,” the panel moderator, James Christiansen, CISO at the
Sands Corp., told the audience of security professionals. “If it’s
not on your radar, it should be.”
Read more on CRN.
One of the panelists, Michael Breummer of Experian Data Breach
Resolution provided a real example of how medical ID theft could have
had fatal results:
A third party’s
office cleaner stole medical records, the boy’s records among them.
Someone then bought the records and used the boy’s information to
get medical care. That person wasn’t allergic to penicillin, but
the boy was. During a subsequent emergency, the boy was nearly
treated with penicillin due to an update to his records based on the
stolen medical information. Fortunately, the boy’s mother caught
the error, he said. As it turns out, the cleaner’s background
check was falsified.
It's good to know your local (law
school) librarian...
The current issue of Yale Journal
of Law & Technology includes two privacy-related articles.
Here’s their summary, but it looks like a subscription is required
to access the full articles:
Christina P.
Moniodis 15 Yale J.L. & Tech. 139
The Supreme
Court’s data privacy jurisprudence consists of only two cases, yet
these cases have fueled a circuit split on data privacy rights. The
Court’s hesitance to foray into data privacy law may be because the
nonrival, invisible, and recombinant nature of information causes
plaintiffs’ harms to elude courts. Such harms threaten the
democratic relationship between citizen and state.
Michael Birnhack
15 Yale J.L. & Tech. 24
Is
technology-neutral legislation possible? Technological neutrality in
legislation is often praised for its flexibility and ability to apply
to future technologies. Yet, time and again we realize that even if
the law did not name any technology, it was nevertheless based on an
image of a particular technology. When new technologies appear, they
expose the underlying technological mindset of the existing law.
This article suggests that we read technology-related laws to uncover
their hidden technological mindset so that we can better understand
the law and prepare for the future.
(Related) Another job for your local
librarian.
Shane Harris writes:
More than a decade
after the 9/11 terrorist attacks, a set of extraordinary and
secretive surveillance programs conducted by the National Security
Agency has been institutionalized, and they have grown.
These special
programs are conducted under the code name Ragtime, and are divided
into several subcomponents, according to the new book Deep
State: Inside the Government Secrecy Industry, by Marc
Ambinder and D.B. Grady.
Read more on
Dead Drop.
(Related)
Craig Hoffman of BakerHostetler writes:
This compendium
represents our global experience in this field. While it is not a
substitute for legal advice, it is a reference guide that outlines
the basic requirements in place when dealing with an international
data breach so that you can know what immediate steps to take and
what questions you need to ask to minimize your company’s exposure.
BakerHostetler’s
International
Compendium of Data Privacy Laws is now accessible.
Read more on Data
Privacy Monitor.
It would be easier if we had a
“National ID Card.” “e-Papers, Citizen!”
Sophia Elson writes:
Earlier today,
there was a hearing
in the House Judiciary Committee on whether all employers nationwide
should be required to use the employment verification system E-Verify
to investigate the backgrounds of each new employee they hire.
The hearing was
erroneously titled “How E-Verify Works
and How it Benefits American Employers and Workers.” As it turns
out, mandatory implementation of E-Verify would be disastrous for
both of those groups, forcing employers to navigate a costly and
time-intensive bureaucratic system and threatening the security of
highly sensitive employee data.
EFF has denounced
this invasive proposal in the past and now joins the ACLU and
forty-three other organizations in signing a coalition
letter that opposes its implementation.
Read more on EFF.
“We can, therefore we must?” I
sure don't understand this business model. Perhaps I'm getting to
old to appreciate being watched 24/7.
Koozoo
pitches surveillance for the masses via smartphones
If Koozoo CEO Drew Sechrist has his
way, cameras will record every move you make in public -- and make
your life better for it.
The San Francisco startup wants
smartphone owners to deploy a network of streaming smartphone cameras
that are accessible by anyone within the Koozoo network at any time.
… they can sign up to provide a
24-hour stream using an old smartphone. Anyone can jump on the
network to watch the feeds.
The idea of being watched by complete
strangers sounds creepy, but Sechrist said Koozoo
is anything but. It's about empowering people,
he said.
"Big Brother is your government
one way looking down at you, and this is the exact opposite. This is
from the ground looking up from a system that people can all benefit
from," Sechrist.
The service is free. The company plans
to charge for more premium services in the future, like saving
footage from lives feeds or adding notifications to alert that you
that certain events are happening.
To cut down on abuse on live streaming
feeds (and so unsuspected feed viewers don't have gross
ChatRoulette-like
moments), Koozoo reviews new feeds before they go live and existing
feeds when they get flagged.
(Related)
February 28, 2013
New
Documents Reveal U.S. Marshals’ Drones Experiment
"The use
of surveillance drones is growing
rapidly in the United States, but we know little about how the
federal government employs this new technology. Now, new information
obtained by the ACLU shows for the first time that the U.S. Marshals
Service has experimented with using drones
for domestic surveillance. We learned this through documents we
released today, received in response to a Freedom
of Information Act request. The documents are available here.
(We also released a short log of drone accidents from the Federal
Aviation Administration as well as accident reports and other
documents from the U.S.
Air Force.) This revelation comes a week after a
bipartisan bill to protect Americans’ privacy from domestic
drones was introduced in the House."
...so, what's the counter argument?
Outside of the
FISA context, the Court’s decision [in Clapper
v. Amnesty International] likely will make it more difficult
for private plaintiffs in privacy and data breach litigation cases to
establish standing based merely on a dignity interest
or potential future harm. The “certainly impending”
standard used in Clapper may provide further support for
courts to find a lack of standing in privacy and data breach cases
lacking evidence of misuse of information and actual financial harm.
Read more on Hogan Lovells Chronicle
of Data Protection
An interesting question...
To the casual observer, the e-book
revolution has produced two bumper crops: smutty trilogies à la
“Fifty Shades of Grey” and lawsuits. First there were the
authors (as represented by the Authors Guild), who sued Google Books
for digitizing their work without permission. Then the Department of
Justice sued five publishers and Apple for adopting a policy known as
the agency model. Finally, a trio of independent booksellers filed a
class-action suit last week against the six largest book publishers
and Amazon, accusing them of collaborating to create
a monopoly on e-book sales and shutting small retailers out of the
market.
The booksellers — Fiction Addiction
of Greenville, S.C., Book House of Stuyvesant Plaza in Albany, N.Y.,
and Posman Books of New York City — are demanding the right to sell
what they term “open-source and DRM-free” e-books, files that can
be read on a Kindle or any other e-reading device. The publishers
are accused of entering into “confidential agreements” with
Amazon making this impossible.
Double secret evidence?
"U.S. prosecutors won
a New Zealand court victory Friday in their battle to extradite
Megaupload founder Kim Dotcom and three colleagues accused of
facilitating massive copyright fraud through the now-defunct online
file-sharing site. The appeals court overturned an earlier
ruling that would have allowed Dotcom and the others broad access to
evidence in the case against them at the time of their
extradition hearing, which is scheduled for August. The appeals
court ruled that extensive disclosure would
bog down the process and that a summary of the U.S.
case would suffice. Dotcom says he's innocent and can't be held
responsible for those who chose to use the site to illegally download
songs or movies."
It looks like they are giving away our
secrets, but my Ethical Hackers always find a way... Unfortunately.
Open
Source Project Prepackages Kim Dotcom’s Security
When you use a web application, you
leave your data at the mercy of the company who runs it. Usually,
this isn’t a problem, but not always. Last
week, the web-based help desk application Zendesk was hacked,
potentially exposing data from users of Twitter, Tumblr and Twitter,
which all use the application for customer support.
Part of the problem is that a web app
gathers so many eggs in one basket. If someone hacks a service
provider, it can affect many different people.
But if each user’s information was
encrypted so that only that user could see it — locking out
even the service provider — then we could reduce the risk of
putting our data in these centralized web services. That’s the aim
of Crypton, a new open source
project that hopes to make it easier for app developers to add this
type of encryption to their applications.
It’s not unlike the approach
used by Kim Dotcom’s new service Mega.
When you upload a file to Mega, it’s encrypted and the key is
stored by the service. But the key itself is encrypted by a
passphrase that isn’t stored on Mega. That means even Mega’s
staff can’t look at the data without your passphrase.
Mega is doing this to limit their
liability in case of piracy, but the same principle
could be applied to just about any service that stores user data.
Crypton was created by SpiderOak,
a company that operates an online store service that’s similar to
Box or Dropbox.
My MBA professors taught me that you
can create a market for goods consumers didn't know they wanted. ABM
(Always Backward Managers) try to convince themselves that consumers
who want something they can't provide, don't really want it.
You
Don’t Want Super-High-Speed Internet, Says Time Warner Cable
Time Warner Cable chief technology
officer Irene Esteves says you don’t really want the gigabit speeds
offered by Google Fiber and other high speed providers.
On Wednesday, at a conference in San
Francisco, Esteves downplayed the importance of offering a service to
compete with Google, as reported by The
Verge. “We’re in the business of delivering what consumers
want, and to stay a little ahead of what we think they will want….
We just don’t see the need of delivering that
to consumers,” she said, referring to gigabit-speed internet
connections.
Print a copy of the NEW Second
Amendment: ...the right to print and bear arms.”
Watch
the New and Improved Printable Gun Spew Hundreds of Bullets
Late last year, a group of 3-D printing
gunsmiths developed a key component for an AR-15
rifle that anyone with a 3-D printer could download and make at
home. The problem: It only lasted six shots before snapping apart.
Now the group is back with a new and improved receiver that can fire
more than 600 rounds.
Worth a look!
Canvas
Network Social Media Course
I’ve been working hard on developing
an open course for Canvas Network on Social Media. The course is now
live and publicly visible. This means you can see all the content
pages and modules (but not the discussions or announcements). If
you’d like to take a peek, visit Social
Media on Canvas Network.
Make it a gradable project for your
students?
How
To Create An Effective Classroom Website
No doubt you have already have a
classroom website or will be required to create one in the very near
future. Virtually every classroom teacher around the
globe is being caught up in the development of this essential
communication tool. Most of the early birds to this
challenge went out and used providers such as Teacher Web. Now, more
and more districts are implementing a provider that the entire
district will use that provides continuity and uniformity. This
obviously will have its benefits for staff development but may stifle
creativity.
I started about 8 years ago with a
variety of services, but about two years ago my district settled on
one software host for us all to use. I dove in and decided to
embrace the challenge to develop a comprehensive site that would be
useful for students, parents, and teachers. Visit my classroom
website to see how I have put many of the following ideas into place:
The Borgeson Bunch.
I would like to share with you some of what I have learned during
that journey:
No comments:
Post a Comment