Search


Intersection: Sidewalks & Public Space

Chapter by Melissa Ngo

"The Myth of Security Under Camera Surveillance"


  • Categories


  • Archives

    Hill: Tech giants demand vote on email privacy bill

    September 12th, 2014

    The Hill reports that technology companies including Google, Microsoft and Yahoo are pushing for Congress to vote on the E-mail Privacy Act, which would update the 1986 Electronic Communications Privacy Act (“ECPA,” also known as Title 18 § 2511 of the United States Code).

    Google, Microsoft, AOL, Yahoo and scores of other technology titans are demanding congressional leaders allow a vote on a bill to grant new privacy protections to people’s emails.

    The companies want a vote on the Email Privacy Act, a bill that counts more than half of the House as co-sponsors. The bill has yet to move since it was introduced last summer, and a companion measure in the Senate is also awaiting action.

    The legislation would update the 1986 Electronic Communications Privacy Act, which allows police to conduct warrantless searches of people’s emails and other information stored on the “cloud” that are more than 180 days old. Critics on both sides of the aisle say the law is antiquated and undermines people’s privacy. [...] Read more »

    New York Times: With Apple Pay and Smartwatch, a Privacy Challenge

    September 11th, 2014

    On Tuesday, computing company Apple announced several new products and services, including a smart watch (dubbed Apple Watch) and an electronic payment system (called Apple Pay). Because of the sensitive data involved (there’s financial data with Apple Pay and the smart watch has much of the personal data that a cellphone would have, and it can also use Apple’s HealthKit to gather medical information while a person exercises, such as heart rate), there are privacy questions to consider. The New York Times reports:

    For years, Apple has offered Internet services like email and online calendars. But Tuesday, with the introduction of health-monitoring technology and a new service that will allow people to buy things wirelessly with some Apple devices, the Cupertino, Calif., company positioned itself as a caretaker of valuable personal information, like credit card numbers and heart rates.

    Talk about unfortunate timing. Just last week, a number of celebrities, including the Oscar-winning actress Jennifer Lawrence, discovered that hackers broke into their Apple accounts, stole nude or provocative photos, and posted those photos on the Internet. [...]

    Against that background, Apple faces two threats to its new services: one from hackers always looking for clever ways to steal financial information, and another from regulators increasingly interested in ensuring that information gleaned from health monitoring devices stays private.  Read more »

    Government Technology: California Protects Student Data Privacy with Two Bills

    September 10th, 2014

    Government Technology reports on student-privacy legislation in California — SB 1177 (pdf) and AB 1584 (pdf).

    California sent two bills to Gov. Jerry Brown last week that deal with two sides of the same coin. SB 1177 lays out privacy guidelines for operators of Internet websites, online services, online applications and mobile applications. Meanwhile, AB 1584 deals with contracts between local educational agencies and third-party technology vendors.

    These bills address a growing problem of mismanagement of student data. Federal student privacy legislation including FERPA and COPPA do address student data privacy, but educators, privacy advocates, legislators and industry members are split on whether that legislation does enough to protect privacy in the Digital Age we live in. While new federal legislation was introduced in late July, states have been stepping up to deal with the issue, with at least 83 bills in 32 states being considered this year as of April, according to the Data Quality Campaign. [...] Read more »

    Home Depot Confirms Massive Breach of Customers’ Financial Data

    September 9th, 2014

    KrebsOnSecurity reported last week that retailer Home Depot suffered a massive security breach that affected the privacy of millions of customers’ financial information. On Monday, the site reported: “The apparent credit and debit card breach uncovered last week at Home Depot was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December, according to sources close to the investigation.” Now, the New York Times is reporting that Home Depot has confirmed the security breach affecting U.S. and Canadian customers:

    Home Depot confirmed on Monday that hackers had broken into its in-store payments systems, in what could be the largest known breach of a retail company’s computer network.

    The retailer said the exact number of customers affected was still not clear. But a person briefed on the investigation said the total number of credit card numbers stolen at Home Depot could top 60 million. By comparison, the breach last year at Target, the largest known attack to date, affected 40 million cardholders.

    The breach may have affected any customer at Home Depot stores in the United States and Canada from April to early last week, said Paula Drake, a company spokeswoman. [...] Read more »

    IDG News Service: Instagram, Grindr, and more popular Android apps put user privacy at risk, researcher says

    September 9th, 2014

    IDG News Service reports on research from the University of New Haven’s Cyber Forensics Research and Education Group concerning privacy and security problems with popular apps on Google’s Android mobile devices:

    Instagram, Grindr, OkCupid and many other Android applications fail to take basic precautions to protect their users’ data, putting their privacy at risk, according to new study.

    The findings comes from the University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG), which earlier this year found vulnerabilities in the messaging applications WhatsApp and Viber.

    This time, they expanded their analysis to a broader range of Android applications, looking for weaknesses that could put data at risk of interception. The group will release one video a day this week on their YouTube channel highlighting their findings, which they say could affect upwards of 1 billion users. [...] Read more »

    Atlantic: Why Privacy Policies Are So Inscrutable

    September 8th, 2014

    The Atlantic reviews the privacy policies of 50 of the most popular Web sites in an effort to determine “whether most popular websites respect your privacy as much as they claim to.”

    So we gathered up and analyzed the 145,641 words that make up the privacy policies of the 50 most popular American websites. (Collectively, they amount to a text that’s about as long as The Grapes of Wrath.) What we found was that these policies tell you very little about the data these websites have on you. And that’s the point.

    Today’s privacy policies don’t tell consumers the whole story for two main reasons. First, websites have adopted a kind of precautionary legalese to inoculate themselves against lawsuits and fines. The vaguer and more elastic their language, the more risk reduced. Second, over the past ten years, a new industry of “data brokerage” has arisen to help sites learn more about the people like you and me on the other side of the screen. These firms cross-reference and synthesize data to create richly detailed profiles that can include purchasing habits, political affiliations, sexual orientation, religious beliefs, and medical history. Gathering and analyzing that data is big business, and it creates a strong financial incentive for the firms that collect it to make it as difficult as possible for you to opt out of their net. [...] Read more »