Search


  • Categories


  • Archives

    As biometrics use expands, privacy questions continue to fester

    April 19th, 2016

    As the costs of the technologies fall, biometric identification tools — such as fingerprint, iris or voice-recognition scanners — are increasingly being used in everyday life. There are significant privacy questions that arise as biometric data is collected and used, sometimes without the knowledge or consent of the individuals being scanned.

    Biometrics use has become more commonplace. Many smartphones, including iPhones, have fingerprint “touch” ID scanners that people can use instead of numeric passcodes. And law enforcement personnel have been using fingerprint scanners for years, both domestically and internationally. In the past few years, we’ve see banks capturing customers’ voice prints in order, the institutions say, to fight fraud. Or gyms asking members to identify themselves using their fingerprints. Reuters recently reported that companies are seeking to expand fingerprint-identification systems to credit cards and railway commuters.

    And the voluntariness of a person submitting his or her biometric has also been questioned. Do you realize when you’re calling your bank that you’re handing over your voice print? Another situation a few years ago in Washington, D.C., also raised at the issue of voluntariness. The District considered requiring that all visitors to its jail “have their fingerprints scanned and checked against law enforcement databases for outstanding warrants.” So if you wanted to visit a friend or relative who was in the D.C. jail, you would have to volunteer to submit your biometric data. The plan was dropped after strong criticism from the public and civil rights groups.

    Your biometric data can be gathered for any number of innocuous reasons. For example, I had to submit my fingerprints to obtain my law license, not because of a crime. Family members, roommates and business colleagues of crime victims have submitted fingerprints in order to rule out “innocent” fingerprints at a crime scene in a home or workplace. Some “trusted traveler” airport programs gather iris scans. Some companies use iris-recognition technology for their security systems. Read more »

    Who sees your health-app data? It’s hard to know.

    March 24th, 2016

    Lots of people use personal health devices, such as Fitbits, or mobile health or wellness apps (there are a variety offered through Apple’s and Google’s app stores). There are important privacy and security questions about the devices and apps, because the data that they can gather can be sensitive — disease status, medication usage, glucose levels, fertility data, or location information as the devices track your every step on the way to your 10,000 steps-per-day goal. And the medical diagnoses drawn from such information can surprise people, especially the individuals using the apps and devices.

    For example, one man was concerned after reviewing his wife’s Fitbit data. He “noticed her heart rate was well above normal.” He thought the device might be malfunctioning, so he posted the data on message-board site Reddit and asked for analyses. One person theorized that his wife would be pregnant. The couple made a doctor’s appointment and confirmed the pregnancy.

    This case illustrates the sensitive medical data gathered by personal medical devices and apps that a person might not even realize is possible. Did you know that heart-rate changes could signal a pregnancy?

    And this isn’t the first time that sensitive information of Fitbit users has been inadvertently revealed. Five years ago, there was an uproar over Fitbit’s privacy settings when people who were logging their sexual activity as a form of exercise learned that the data was showing up in Google searches. Read more »

    Obama’s new federal privacy council long overdue, but Americans need more protections

    February 24th, 2016

    Recently, President Obama released a package of cybersecurity reform proposals. Along with these proposals, Obama also unveiled a new executive order: “Establishment of the Federal Privacy Council.” The council will be composed of senior privacy officials from at least 24 federal agencies, including Cabinet-level departments and NASA and the Office of Personnel Management, and “may also include other officials from agencies and offices, as the Chair may designate.”

    The new council is tasked with developing, coordinating and sharing ideas and best practices for federal programs to protect privacy and implement “appropriate privacy safeguards” throughout the administration.

    Although the council’s mission is important, this move seems incomplete. First, such a concerted effort to improve privacy protections throughout the federal government should have begun years ago. If privacy and security protections for sensitive personal data had been prioritized, there might not have been the problems caused by the hacker attack last year against the Office of Personnel Management, which did not use encryption or other such security technology to protect the information (including fingerprints) of the millions of current and former federal employees affected. Read more »

    Happy International Data Privacy Day 2016

    January 28th, 2016

    International Data Privacy Day is today. Take the time to think about how privacy is important in your life and how you can protect your rights from being infringed upon. Please also take the time to donate to any number of organizations out there trying to protect your privacy rights. Visit the official site to find events near your area.

    Organizations Must Protect Against Insider Threats to Security

    January 21st, 2016

    As personal information becomes more accessible and shareable through massive databases there is the question of security. Agencies and companies build protections against threats, but there is a unique problem with insider threats: Often, people are misusing or abusing their access privileges to private data rather than attempting to illegally gain access to the information.

    We’ve seen the problems that arise when insiders abuse or misuse their access privileges to individuals’ data and violate the individuals’ privacy rights. Last week, the Florida Times-Union reported that Jacksonville and a Highway Patrol trooper reached a settlement after she sued, accusing police of misusing their access to a driver’s license database to gather information on her and harass her.

    A similar situation is said to have occurred in Minnesota, where 104 officers from 18 agencies in the state accessed one woman’s “driver’s license record 425 times in what could be one of the largest private data breaches by law enforcement in history.” A state report later found such misuse was common.

    Federal databases also have the problem of insiders misusing or abusing their data-access privileges. A recent ProPublica investigation found a variety of privacy violations at Department of Veterans Affairs facilities. “Some VA employees have used their access to medical records as a weapon in disputes or for personal gain, incident reports show,” such as one case where health data was improperly accessed and used in a divorce proceeding. Other individuals misused their authority to access medical information after suicides or suicide attempts by fellow employees. Read more »

    As Our Devices Increasingly Talk to Others, Privacy Questions Arise

    December 17th, 2015

    As technology continues to evolve and become integrated into our lives, there are significant questions about privacy and security. We’ve discussed before the “Internet of Things,” which is a computerized network of physical objects. In IoT, sensors and data-storage devices embedded in objects interact with Web services. Such connected televisions, refrigerators and other devices can raise privacy and security questions.

    For example, consider the “smart” or “connected” car. People buy such vehicles for the benefits of integrating technology into something where they can be for hours at a time. Your car or truck knows where you go and when. It knows how fast you drive and how quickly or slowly you brake. Your car knows if you’re wearing a seatbelt.

    Privacy experts have noted that unclear or vague privacy or usage policies could allow companies that collect drivers’ sensitive data to share or sell that information with others, creating databases that may invade the privacy of consumers. For example, the locations where individuals drive to could reveal deeply personal information. Do you go to a church or mosque at the same time every week? Have you visited an adoption or fertility organization? Did you join a protest or demonstration? Did you recently start going to a building that includes the offices of several psychotherapists or one that houses a drug addiction clinic?

    One privacy issue recently arose with connected automobiles — and it caught many people off-guard. ABC25 in West Palm Beach, Fla., reported that a Ford car with opt-in 911 Assist allegedly ratted out a hit-and-run driver in Florida. Read more »