For those of you who missed the Privacy
Foundation seminar just because we here in Colorado were enjoying 75
degree weather, shame one you. When we bring really interesting
people from a variety of backgrounds together and drop them in a room
with 60 or 70 curious lawyers, it makes for some memorable (and not
always heated) discussions.
Just a taste of the topics we
discussed... (The author of this article could have been at the
seminar)
Everyone with an Android device should
know that your private information isn’t treated as private. For
example, making an app purchase may expose
personal contact information, including one’s
name, physical address and email address, to developers. Another
major debacle occurred when Path Inc. began
lifting contact information from its users’
phones. In response to these privacy breaches, some legislators
announced plans for legal action: California’s Attorney General,
Kamala Harris, recently
announced an agreement with major technology
firms to improve user privacy standards, particularly on handsets.
However, at present, few users know of
the potential security and privacy concerns. Few even know the
difference between Android and iOS’s security measures. For
example, the Android operating system’s security differs from the
iPhone OS in one major regard: Apple exercises very strict
quality control guidelines for apps, whereas Android permits a
broader range of software. Android apps request “permission”
from users to access your sensitive data. Unfortunately, Google
doesn’t fully explain the potential security risks that that some
permissions present users. What we don’t know can hurt
us, particularly when we install apps from the dark nether-regions of
the internet.
This article explains how seven
potentially deadly app permissions might hurt you and how
best to avoid such calamitous installations.
An article for my Ethical Hackers and
my Statistics students. Road trip, anyone?
Crooks
Spy on Casino Card Games With Hacked Security Cameras, Win $33M
A high-roller and hacker accomplices
made off with about $33 million after they gamed a casino in
Australia by hacking its surveillance cameras and gaining an
advantage in several rounds of high-stakes card games.
The Ocean’s Eleven-style
heist played out over eight hands of cards before the gambler was
caught, though not before the money was gone, according to the Herald
Sun.
… According to authorities,
accomplices gained remote access to the casino’s state-of-the-art,
high-resolution cameras to spy on card hands being played by the
house and other guests in the casino’s VIP high-roller’s room,
and fed the gambler signals based on the cards his opponents held.
The gambler was still staying in the
villa when the casino discovered the fraud and sent security to his
abode to boot him from the premises during the night. He’s
banned from ever returning. [But not arrested? Lack of evidence?
Bob]
U.S. gambling expert Barron
Stringfellow told ABC Melbourne that accessing a
casino’s internal video monitoring system is “not as hard as you
would think.”
“It’s very easy to intercept a
signal from many casinos that don’t take precautions,” he said.
Maybe you can't trust Doctors...
"At a Brazilian hospital,
doctors were required to check in with a fingerprint scanner to show
that they've showed up for work. Naturally, they developed
a system to bypass this requirement,
creating fake
fingers so that they could cover for one another when they took
unauthorized time off. Another good
example of how supposedly foolproof security tech can in fact be
fooled pretty easily."
A wise law professor once said that
Californua law leads the way, even if we didn't know we were moving
in that direction...
This almost calls for animated graphics
with fireworks. All right, nothing really calls for animated
graphics, but this is HUGE. Kim Zetter reports:
Ultra-secret
national security letters that come with a gag order on the recipient
are an unconstitutional impingement on free speech, a federal
judge in California ruled Friday.
U.S. District
Judge Susan Illston ordered the government to stop issuing so-called
NSLs across the board, in a stunning defeat for the Obama
administration’s surveillance practice. However, she also stayed
her order for 90 days to give the government a chance to appeal to
the Ninth Circuit Court of Appeals.
Read her excellent reporting on Threat
Level.
(Related) Another judge finds
government arguments absurd. (I picked the article with the best
“quotes”)
Federal
court rejects CIA's denial of drone strikes as 'fiction'
WASHINGTON—A federal appeals court said Friday that it will no
longer accept the “fiction” from the Obama
administration’s lawyers that the CIA
has no interest or documents that describe drone strikes.
“It is neither logical nor plausible
for the CIA to maintain that it would reveal anything not already in
the public domain to say the Agency at least has an intelligence
interest in such strikes,” said Chief Judge Merrick Garland. “The
defendant is, after all, the Central Intelligence Agency.”
The decision gave a partial victory to the American
Civil Liberties Union in a Freedom
of Information Act lawsuit that seeks documents
on the government’s still-secret policy on drone strikes. The
three judges did not say any particular documents must be released,
but they rejected the administration’s position that it could
simply refuse to “confirm or deny” that it had any such
documents.
A federal judge had rejected the ACLU’s
suit entirely, but the three-judge appeals court revived the suit.
The agency’s non-response does not pass the “straight face”
test, Garland concluded.
He cited public statements from President Obama, new CIA Director
John
Brennan and former Defense Secretary Leon
Panetta that discussed the use of drone strikes
abroad. In the past, the courts have sometimes allowed government
agencies in sensitive cases to refuse to say whether they have
certain documents in their files.
“In this case, the CIA has asked
the courts to stretch that doctrine too far — to give their
imprimatur to a fiction of deniability that no reasonable person
would regard as plausible,” Garland wrote in ACLU vs. CIA.
ACLU attorney Jameel Jaffer called the
decision a victory. “It requires the government to retire the
absurd claim that the CIA’s interest in targeted killing is a
secret,” he said. “It also means that the CIA will have to
explain what records it is withholding and on what grounds it is
withholding them.
“We hope that this ruling will
encourage the Obama administration to fundamentally reconsider the
secrecy surrounding the drones program,” said Jaffer, a deputy
legal director for the ACLU.
(Related)
U.N.
Drone Inquisitor Says It’s Time to End Robot War in Pakistan
After days of meeting with Pakistani
officials, the United Nations official investigating Washington’s
global campaign of drone strikes attacked the legal and strategic
basis for the robotic war in its biggest battlefield. And he raised
doubts over whether Americans operating the drones can actually
distinguish terrorists from average Pakistanis.
I can see that I have some reading to
do. Fortunately, it's finals week and I get a couple of weeks off
after that.
We should call it “Collected Speech”
Is Data Speech?
Jane Bambauer University of Arizona –
James E. Rogers College of Law March 11, 2013
Stanford Law Review,
Forthcoming Arizona Legal Studies Discussion Paper No. 13-19
Abstract:
Privacy laws rely
on the unexamined assumption that the collection of data is not
speech. That assumption is incorrect. Privacy scholars, recognizing
an imminent clash between this long-held assumption and First
Amendment protections of information, argue that data
is different from the sort of speech the Constitution intended to
protect. But they fail to articulate a meaningful distinction
between data and other, more traditional forms of expression.
Meanwhile, First Amendment scholars have not paid sufficient
attention to new technologies that automatically capture data. These
technologies reopen challenging questions about what “speech” is.
This Article makes
two bold and overdue contributions to the First Amendment literature.
First, it argues that when the scope of First
Amendment coverage is ambiguous, courts should analyze the
government’s motive for regulating. Second, it
highlights and strengthens the strands of First Amendment theory that
protect the right to create knowledge. Whenever the
state regulates in order to interfere with knowledge, that regulation
should draw First Amendment scrutiny.
In combination,
these theories show clearly why data must receive First Amendment
protection. When the collection or distribution of data troubles
lawmakers, it does so because data has the potential to inform, and
to inspire new opinions. Data privacy laws regulate minds, not
technology. Thus, for all practical purposes, and in every context
relevant to the privacy debates, data is speech.
You can download the full article from
SSRN.
Do we have anything similar in the US?
Perhaps someone could translate it?
Christopher Parsons writes:
Last year I was
invited to submit a brief to the Canadian Parliament’s Access to
Information, Privacy and Ethics Committee. For my
submission (.pdf), I tried to capture some of
of the preliminary research findings that have been derived from
social media and surveillance project I’m co-investigating with
Colin Bennett. Specifically, the brief focuses on questions of
jurisdiction, data retention, and data disclosure in the context of
social media use in Canada. The ultimate aim of the submission
was to give the committee members insight into the problems that
Canadians experience when accessing the records held by social
networking companies.
Read more on Technology,
Thoughts, & Trinkets
(Related) Apparently the Brief (above)
grew a bit...
Real and Substantial Connections:
Enforcing Canadian Privacy Laws Against American Social Networking
Companies
Colin Bennett University of Victoria
Christopher A. Parsons University of Victoria – Political Science
Adam Molnar University of Victoria, Department of Political
Science February 28, 2013
Abstract:
Any
organization that captures personal data in Canada for processing is
deemed to have a “real and substantial connection” to Canada
and fall within the jurisdiction of the Personal Information
Protection and Electronic Documents Act (PIPEDA) and of the Office of
the Privacy Commissioner of Canada. What has been the experience of
enforcing Canadian privacy protection law on US-based social
networking services? We analyze some of the high-profile enforcement
actions by the Privacy Commissioner. We also test compliance through
an analysis of the privacy policies of the top 23 SNSs operating in
Canada with the use of access to personal information requests. Most
of these companies have failed to implement some of the most
elementary requirements of data protection law. We conclude that
an institutionalization of non-compliance is widespread, explained by
the countervailing conceptions of jurisdiction inherent in corporate
policy and technical system design.
You can download the full article from
SSRN.
(Related) even more thinking!
Forgetting, Non-Forgetting and
Quasi-Forgetting in Social Networking: Canadian Policy and Corporate
Practice
Colin Bennett University of Victoria
Adam Molnar University of Victoria, Department of Political Science
Christopher A. Parsons University of Victoria – Political Science
January 28, 2013
Abstract:
In this paper we
analyze some of the practical realities around deleting personal data
on social networks with respect to the Canadian regime of privacy
protection. We first discuss the extent to which Canadian privacy
law imposes access, deletion, and retention requirements on data
brokers. After this discussion we turn to corporate organizational
practices. Our analyses of social networking sites’ privacy
policies reveal how poorly companies recognize the right to have
one’s personal information deleted in their existing privacy
commitments and practices. Next, we turn to Law Enforcement
Authorities (LEAs) and how their practices challenge the deletion
requirements because of LEAs’ own capture, processing, and
retention of social networking information. We conclude by
identifying lessons from the Canadian experience and raising them
against the intense transatlantic struggle over the scope of the
deletion of data stored in cloud-based computing infrastructures.
You can download the full article from
SSRN.
And one from south of the (Canadian)
border...
March 15, 2013
Much
Ado about Mosaics: How Original Principles Apply to Evolving
Technology in United States v. Jones
Much
Ado about Mosaics: How Original Principles Apply to Evolving
Technology in United States v. Jones, by
Priscilla J. Smith. Yale University - Information Society Project.
March 14, 2013. North Carolina Journal of Law and Technology, Vol.
14, 2013 Yale Law School, Public Law Working Paper
- "This paper argues that supporters and detractors of the concurring opinions in United States v. Jones have overemphasized the role of the “mosaic” or “aggregation” theory in the concurrences. This has led to a misreading of those opinions, an overly narrow view of the Justices’ privacy concerns, and has obscured two limiting principles that are vital to their analysis. This paper provides a path forward by revealing the analysis of reasonable expectation of privacy concerns that is common to both concurrences. The endpoint is a rule both more limited and broader than a simple application of a “mosaic theory.” It is more limited in the sense that the rule applies only to surveillance using technology that operates outside of individual human control and is thus susceptible to overuse and abuse. It is broader in the sense that it finds surveillance intrusive not just where the technology will collect a mosaic of information that reveals more than each one tile of information itself, but where the technology will chill expression of constitutionally protected behavior, behavior that can take place “in public,” with other people, but is shared with a limited group."
Just because I don't think doing away
with telecommuters will always solve your problems.
How
WordPress Thrives with a 100% Remote Workforce
Always amusing...
… Legislation was introduced in the
California Senate this week that, if passed, could
drastically reshape public higher education as we
know it. SB520, authored by President Pro Tem Darrell
Steinberg, will require the state’s public colleges and
universities to accept credit for certain online classes if a student
is unable to get into the class on-campus. The state will
identify some 50 introductory classes, available from any online
provider, including unaccredited ones. While the proposal is being
hailed in some quarters as making higher education more accessible,
it’s hard not to see this being a dangerous spiral, where
for-profit providers (Straighterline, Coursera, Udacity, etc etc etc
etc) lobby the state legislature to limit higher education funding.
See
e-Literate for the most complete coverage on the bill.