What if polls suggest
that Privacy is a major factor in this election? Colorado is looking
for a governor too.
I’ve occasionally
mentioned that in my opinion, Texas Attorney General Greg Abbott is
one of the most activist state AGs when it comes to consumer privacy
protection. He’s now running for Governor in Texas, and his
platform does include privacy. Aman Batheja reports on a speech he
gave:
In
the most detailed speech since launching his bid for governor earlier
this year, Attorney General Greg Abbott laid out a dozen new policy
proposals Monday evening, touching on ethics reform, privacy rights,
education, guns and Obamacare.
[...]
Abbott
also proposed changes to state privacy laws. He described his
proposals as pushing back against federal and state efforts to turn
government “into Big Brother.”
“Government
agencies like the NSA, like the IRS, like the EPA, are increasingly
using tools to look at our emails, to tap into our phone calls, to
look at our financial information or our health records,” Abbott
said.
He
said he wanted to bar state agencies from selling Texans’ personal
information without their consent. Abbott described the practice as
routine at agencies including the Texas Department of Motor Vehicles
and the Texas Department of Health Services.
He
also proposed creating “a personal property right for your DNA.”
“Your
DNA belongs to you, and no one else has the right to access that
information without your consent,” Abbott said. “But the reality
is that advances in technology are threatening that privacy right…
You should have control over how your information about your DNA is
used.”
He
next waded into the debate over red light cameras, one which he
acknowledged pits those arguing the safety value of the devices
against those with privacy concerns.
“I
believe it should be up to you, the people, to decide whether red
light cameras is right for a community,” Abbott said, explaining
that he would push to change state law to allow for voters to push
for a ballot initiative to repeal a local red light camera ordinance.
Read more on Texas
Tribune. The dozens of comments on him and his record under
the news story are mainly negative.
My students say, TL;DR
(too long; didn't read) I'm saying TL;NH (too logical; never happen)
In fact, looking back through my blog, I say it quite frequently.
But even if it did, it would only impact the back end, not the
collection.
Benjamin Wittes writes:
Over
at the Guardian today, Kenneth Roth—executive director of
Human Rights Watch—argues
for a a worldwide human right of privacy:
It’s
time for governments to come clean about their practices, and not
wait for the newest revelations. All should acknowledge a global
obligation to protect everyone’s privacy, clarify the limits
on their own surveillance practices (including surveillance of people
outside their own borders), and ensure they don’t trade mass
surveillance data to evade their own obligations. Of course it is
important to protect security, but western allies should agree that
mass, rather than narrowly targeted, surveillance is never a
normal or proportionate measure in a democracy.
Washington
is finally grappling with the Snowden revelations, holding hearings
and considering legislation that might help to rein in the NSA’s
seemingly unconstrained power. Some of these bills would limit or
end bulk data collection, institute greater transparency, and give
the secret court that oversees surveillance requests a more
adversarial character. These are important proposals, but none
include protection for non-Americans abroad. The US has the capacity
to routinely invade the digital lives of people the world over, but
it barely recognises any privacy interest of those outside the US
(emphasis added).
Roth’s
article echoes arguments made recently by David Cole on Just
Security (here
and here),
to which Orin Kerr responded (here
and here)
on Lawfare. I fully agree with Orin’s response to Cole,
which essentially posits that the US government’s obligation to
respect the privacy of its citizens and those within its territory
stems from a social contract not present with everyone else in the
world.
But
I’m hung up on an antecedent question in light of Roth’s and
Cole’s arguments: What if we were to accept, in Roth’s words,
that there is some “global obligation to protect everyone’s
privacy”?
Read more on Lawfare.
Of course they will
do it, here's were they will go wrong.
“Big
Data” for Educational Institutions: A Framework for Addressing
Privacy Compliance and Legal Considerations
David Navetta writes:
Educational
institutions at all levels have begun to realize that they hold a
treasure trove of student-related information, that if analyzed using
“Big
Data” techniques, could yield valuable
insights to further their educational missions.
Of
course, as one can imagine, Big Data projects using student-related
information can implicate significant privacy issues. Schools are
regulated under the Family Educational Rights and Privacy Acts
Statute, and depending on a school’s specific activities may be
subject to GLB and HIPAA. In addition, many educational institutions
have internal policy and public-facing privacy policies that apply
to, and may limit, the collection, use and disclosure of student
personal information. The impact of applicable privacy laws and
existing privacy-related policies should be taken into account well
before engaging in a Big Data project. We have looked at Big Data
privacy issues generally before, and the following is a framework
for analyzing high level legal considerations and action items for
educational institutions considering Big Data projects involving
student-related information.
I won’t say that I’m
tired, but I just read his first sentence as “to further their
educational mistakes.” Freud is having a field day…
You can read David’s
actual framework as he wrote it on InfoLawGroup.
Another example of
Educators thinking they know better than parents? Imagine being a
parent and finding out that your child's name is on this list.
Matthias Gafni reports
on another case where a school district cited FERPA as a reason for
not complying with a request to disclose information about alleged
assaults on students:
In
May, about a month into her investigation of molestation allegations
against a Woodside Elementary School teacher, a Concord police
detective hit a roadblock. A Mt. Diablo school district attorney
refused to turn over a key internal report on previous abuse
allegations against popular fourth- and fifth-grade teacher Joseph
Martin.
The
detective, as recorded in portions of a police report obtained by
this newspaper, was trying to identify potential victims of Martin
when she was told she would need a search warrant to get a version of
the 2006 report without key information blocked out. Detective Tamra
Roberts reminded Deputy District Counsel Deborah Cooksey that the
district was required by law to report child abuse suspicions and the
names of potential victims. Only then did the district hand over the
unredacted report.
Read more on Contra
Costa Times.
Why would a Police
Department pay for a tool, pay to have it installed, and then not use
it?
David Ham reports:
In
February, the Seattle Police Department announced it bought what’s
called a “mesh network,” that will be used as a dedicated
wireless network for emergency responders. What SPD did not say
is that the network is capable of tracking anyone with a device that
has a Wi-Fi connection. “They now own a piece of equipment that
has tracking capabilities so we think that they should be going to
City Council and presenting a protocol for the whole network that
says they won’t be using it for surveillance purposes,” said
Jamela Debelak of the American Civil Liberties Union.
A
spokesperson for Seattle Police said the network is not being used
right now. A draft policy is being reviewed by the city
attorney’s office and will eventually go before the City Council.
Read more on KIRO
TV.
[From
the article:
The network includes
160 wireless access points that are mounted on poles across Seattle.
Every time a device looks for a Wi-Fi signal and the access point
recognizes it, it can store that data. The manufacturer of the
network points out in a manual that the mesh network can store IP
addresses, device types, applications used by the devices, current
location, and historical location. This information can be stored
and connected for the last 1,000 times a person is connected with a
specific device. The network shows up online in public places
usually as intersections in the city such as, "4th&Pike,"
"4th&University" and "3rd&Union."
… Council member
Bruce Harrell pointed out the need for SPD to be able to collect some
of this information. "While I understand that a lot of people
have concerns about the government having access to this information,
when we have large public gatherings like the situation like in
Boston and something bad happens, the first thing we want to know is
how are we using technology to capture that information," said
Harrell. [It does no good to turn this on AFTER a
terrorist incident. Bob]
The network was bought
with a Homeland Security grant for $2.6 million. [Apparently,
DHS has a line called “Big Brother Tools” in their budget. Bob]
I enjoy reading about
lawyers analyzing other lawyers' little failures. Sorry, I'm just
built that way.
I splurged and
purchased a copy of the transcript of Thursday’s oral argument in
FTC v. Wyndham. You can download it here
(PDF, 561kB, 186 pp.). Consider it an early holiday gift from
PogoWasRight.org to you.
I look forward to
reading everyone’s reactions after we’ve all had time to read it.
I did a quick read, and here are my first impressions on some of the
issues:
Who, exactly, would
this advocate represent?
Introducing
a Public Advocate into the Foreign Intelligence Surveillance Act’s
Courts
by Sabrina
I. Pacifici on November 11, 2013
Introducing
a Public Advocate into the Foreign Intelligence Surveillance Act’s
Courts: - Select Legal Issues. Andrew Nolan, Legislative
Attorney; Richard M. Thompson II, Legislative Attorney; Vivian S.
Chu, Legislative Attorney, October 25, 2013.
“Recent revelations
about the size and scope of government
foreign surveillance efforts have prompted some to criticize the
level of scrutiny that the courts – established under the Foreign
Intelligence Surveillance Act of 1978 (FISA) – currently provide
with respect to the government’s applications to engage in such
surveillance. In response to concerns that the ex parte nature of
many of the proceedings before the FISA courts prevents an adequate
review of the government’s legal positions, some have proposed
establishing an office led by an attorney or “public advocate”
who would represent the civil liberties interests of
the general public and oppose the government’s
applications for foreign surveillance. The concept of a public
advocate is a novel one for the American legal system, and,
consequently the proposal raises several difficult questions of
constitutional law.”
An article for my
Ethical Hackers too consider. How much would it cost to encrypt
everything? Look at the list of hints and see if you can figure out
how to “guess” the password.
Adobe
credentials and the serious insecurity of password hints
Adobe had a little
issue the other day with the small matter of 150 million accounts
being breached and released to the public. Whoops. So what are we
talking about? A shed load of records containing an internal ID,
username, email, encrypted password and a password hint.
Naked Security did a very good write up on Adobe’s
giant-sized cryptographic blunder in terms of what they got wrong
with their password storage so I won’t try to replicate that,
rather I’d like to take a look at the password hints.
This is an interesting
one from an application security perspective and the rationale
basically goes like this: In order to help people remember their
passwords, you give them the ability to create a “hint” or in
other words, record a piece of information that will later help them
recall their password. Password hints are an absolutely
ridiculous security measure. The whole premise that the
secret that is the password can be unlocked by referring to a
retrievable user-generated piece of text is just completely
nonsensical.
The other thing that’s
completely nonsensical is this: Whilst Adobe encrypted their
passwords (even though done poorly), password hints had absolutely no
security whatsoever. Right, so protect the password but
don’t protect the data that helps you determine the password!
When you visit
“WebsiteX.com” what other sites (e.g. Advertisers) see that
connection?
– is a Firefox add-on
that enables you to see the first and third party sites you interact
with on the Web. Using interactive visualizations, Lightbeam shows
you the relationships between these third parties and the sites you
visit. As you browse, Lightbeam reveals the full depth of the Web
today, including parts that are not transparent to the average user.
Talking to my students,
perhaps this isn't as obvious as I thought. (They never heard how
Kennedy raised the minimum wage in Massachusetts and drove the shoe
industry out of the state.)
Wharton
– The Complex Economics of America’s Minimum Wage
by Sabrina
I. Pacifici on November 11, 2013
Wharton
Public Policy commentary – “One of the most powerful
arguments for raising the minimum wage is the notion of creating a
“livable wage” that enables people to have the dignity of working
a job that pays enough to live on and support their family. Today a
person working full-time for the entire year on minimum wage earns
roughly $15,000, which puts them below the poverty line for a
two-person household. Raising the minimum wage purely as a poverty
reduction strategy is not as straightforward as it seems, however,
observers note. For one, most working-age people who live in poverty
don’t have a job, and so consequently they would not benefit from
such an increase. Second, many people who earn the minimum wage live
in households above the poverty threshold, including high school
students earning extra pocket money, retirees supplementing their
Social Security and others working part-time to add to their family’s
income.”
Please God, don't let
my wife read my blog. Seriously, when this guy lists resources on
the Internet, he lists everything.
New
on LLRX – ShoppingBots and Online Shopping Resources 2014
by Sabrina
I. Pacifici on November 11, 2013
Via LLRX.com
- ShoppingBots
and Online Shopping Resources 2014 - Marcus
Zillman’s timely and information packed guide to ShoppingBots
and Online Shopping Resources is a comprehensive listing of
shoppingbot and online shopping/coupon resources and sites on the
Internet. Marcus also provides a value-added section of Notes and
Suggestions for Virtual Shopping to assist you with safe, effective
tools, techniques and sources to ensure your online shopping will be
successful in all its facets!
No comments:
Post a Comment