When I say, repeatedly,
that Intelligence services target everything, did you think I was
talking only about the NSA? Perhaps if I say, “Everyone wants to
know Everything about Everyone,” you'll get the picture. (This is
not only logical, it should be obvious.)
The Department of
Energy hack noted
previously on this blog may be part of a larger and longer
campaign against government agencies by members of Anonymous who
exploited an Adobe vulnerability. At least that’s what an FBI memo
seen by Reuters seems to suggest:
The
hackers exploited a flaw in Adobe Systems Inc’s software to launch
a rash of electronic break-ins that began last December, then left
“back doors” to return to many of the machines as recently as
last month, the Federal Bureau of Investigation said in a memo seen
by Reuters.
The
memo, distributed on Thursday, described the attacks as “a
widespread problem that should be addressed.” It said the breach
affected the U.S. Army, Department of Energy, Department of Health
and Human Services, and perhaps many more agencies.
Read more on Reuters.
(Related)
Increasingly, “everyone” includes parents, girlfriends, and
employers.
Tracked
Since Birth: The Rise Of Extreme Baby Monitoring
Think of it as knowing
you visited certain pages on site vs. knowing everything you did on
that site.
Richard Feloni reports:
Google,
Microsoft, Apple, and Facebook all have their own tracking
systems that may signal impending
doom for the traditional cookie. First-party tracking
can provide advertisers with much more accurate results than
cookies, due to the access these companies have to user data.
Online
radio service Pandora recently adopted its own cookie replacement,
and it has been pitching its data to ad exchanges for the past few
weeks, according to AdAge.
When
a user registers for a Pandora account, the (sic) provides his or her
age, gender, and zip code. The Internet radio company plans to go
through its data and develop demographics it believes advertisers
will find more attractive than the imperfect browsing habits
collected by cookies.
Pandora
has 70
million active users, which places it far ahead of rookie
competitor iTunes Radio.
Read more on Business
Insider.
Taking photos (or
recording video) in public is not the issue. Posting those photos on
a website is not an issue. Suggesting that something bad (like Tony
Soprano will pay you a visit) will happen to you if your photo is on
that website IS an issue.
The Canadian Press
reports:
The
Supreme Court of Canada on Friday struck down Alberta’s privacy law
as unconstitutional in a case where a union photographed and
videotaped people crossing a picket line during a long strike.
[...]
The
United Food and Commercial Workers local representing employees at
the Palace Casino at West Edmonton Mall was involved in a 305-day
strike in 2006.
The
union posted signs near the picket line saying images of people
crossing the line might be posted on a website.
Read more on
GlobalPost.
One of my Computer
Security students was ranting about this just last week. Anyone want
to mine that rant for legislative tips?
From the highlights of
a GAO report issued in September and just posted today on GAO’s
site:
No
overarching federal privacy law governs the collection and sale of
personal information among private-sector companies, including
information resellers. Instead, a variety of laws tailored to
specific purposes, situations, or entities governs the use, sharing,
and protection of personal information. For example, the Fair Credit
Reporting Act limits the use and distribution of personal information
collected or used to help determine eligibility for such things as
credit or employment, but does not apply to information used for
marketing. Other laws apply specifically to health care providers,
financial institutions, videotape service providers, or to the online
collection of information about children.
The
current statutory framework for consumer privacy does not fully
address new technologies–such as the tracking of online
behavior or mobile devices–and the vastly increased marketplace for
personal information, including the proliferation of information
sharing among third parties. With regard to data used for marketing,
no federal statute provides consumers the right to learn what
information is held about them and who holds it. In many
circumstances, consumers also do not have the legal right to control
the collection or sharing with third parties of sensitive personal
information (such as their shopping habits and health interests) for
marketing purposes. As a result, although some industry participants
have stated that current privacy laws are adequate–particularly in
light of self-regulatory measures under way–GAO found that gaps
exist in the current statutory framework for privacy. And that the
framework does not fully reflect the Fair Information Practice
Principles, widely accepted principles for protecting the privacy and
security of personal information that have served as a basis for many
of the privacy recommendations federal agencies have made.
Views
differ on the approach that any new privacy legislation or regulation
should take. Some privacy advocates generally have argued that a
comprehensive overarching privacy law would provide greater
consistency and address gaps in law left by the current
sector-specific approach. Other stakeholders have stated that a
comprehensive, one-size-fits-all approach to privacy would be
burdensome and inflexible. In addition, some privacy advocates
have cited the need for legislation that would provide consumers with
greater ability to access, control the use of, and correct
information about them, particularly with respect to data used for
purposes other than those for which they originally were provided.
At the same time, industry representatives have asserted that
restrictions on the collection and use of personal data would impose
compliance costs, inhibit innovation and efficiency, and reduce
consumer benefits, such as more relevant advertising and beneficial
products and services. Nonetheless, the rapid increase in the amount
and type of personal information that is collected and resold
warrants reconsideration of how well the current privacy framework
protects personal information. The challenge will be providing
appropriate privacy protections without unduly inhibiting the
benefits to consumers, commerce, and innovation that data sharing can
accord. [Or perhaps informing consumers and allowing them to
select a level of privacy they are comfortable with? Bob]
You can download
the full report (pdf, 61 pp)
(Related) Perhaps a
law review article on “Silly Technology Laws?”
Absurd:
The Very Basic Thing It's Still Illegal to Do With Your Mobile Phone
Do you own a smart
phone? Do you know how easy it is to break the law using
only that smartphone?
It’s this easy: After
your current contract with your wireless provider (perhaps Verizon)
expires, change the software on your phone such that you can use it
to make calls with a different provider (say, T-Mobile). There, you
just broke the law.
Attention Ethical
Hackers: No ethical concerns here, move along.
– If you’ve ever
found yourself trying to try a product online which required a credit
card, even when you just want to take a look, then you will know why
this site is invaluable. It generates random lists of “valid”
credit card numbers, but since there is no other corresponding
information, they are useless for fraud purposes.
For my students who
actually want to learn...
– is a course catalog
for online learning. The site helps you find courses for subjects
you want to learn and enables you to compare those choices easily and
pick the best one for you. They find college courses from all the
providers out there and put them in one place. They list all the
courses from Massive Open Online Courses (MOOCs) such as Coursera,
Udacity, edX, etc.
For my Business
Students
Another question for my
Statistics Class...