April 18th, 2014
The Christian Science Monitor considers the issue of privacy and Internet services giant Google:
Against a backdrop of growing privacy concerns, with every week bringing revelations of data breaches at government or corporate websites, online search behemoth Google quietly updated its terms of service Monday, spelling out just how much personal data it mines as part of its normal business model.
The new language states: “Our automated systems analyze your content (including e-mails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection.”
While corporate fine-tuning to an online policy that few users read closely – indeed, most don’t read at all – would not normally be news, Google is singular, say security and legal experts. Not only is the company in the midst of contentious lawsuits over both the spirit and letter of these privacy issues, but, more important, it dominates the online search space to such an extent that what happens at Google impacts the entire cyber-landscape. [...] Read more »
April 17th, 2014
TechCrunch reports on security and privacy problems with some mobile tax apps:
As the clock ticks toward midnight, putting an end to tax day 2014, Hewlett-Packard is warning consumers of mobile tax and finance apps that they may want to audit their own usage.
According to the HP Audit, more than 90 percent of the applications the company tested, including TurboTax, TaxACT and TaxSlayer, contained at least one potential privacy violation.
Those included accessing the phone’s address book, geo-location, storing sensitive data in clear-text, not setting cookie properties securely and insecurely transmitting data.
Another 50 percent of the applications use cryptographic methods that are known to have security weaknesses like md5 or SHA1. Other flaws included image caching from a Social Security number input screen, which could expose the information to malware installed on a device. [...]
“A lot of companies are looking at mobile apps as a fancy user interface, and they’re putting their protection on the back-end behind their firewall,” [said Maria Bledsoe, Senior Manager of Product Marketing at HP.] “But they’re not realizing yet that this is yet another attack vector and is an entry point for the hackers.”
April 16th, 2014
The Department of Homeland Security’s Privacy Office has released its first annual “Privacy and Civil Liberties Assessment Report” (DHS pdf; archive pdf). The office said, “Executive Order 13636, Improving Critical Infrastructure Cybersecurity, requires that senior agency officials for privacy and civil liberties assess the privacy and civil liberties impacts of the activities their respective departments and agencies have undertaken to implement the Executive Order, and to publish their assessments annually in a report compiled by the DHS Privacy Office and Office for Civil Rights and Civil Liberties. This is the first of the required annual reports. It includes the DHS Privacy Office’s and Office for Civil Rights and Civil Liberties’ assessments of certain DHS activities under Section 4 of the Executive Order (enhanced threat information sharing with the private sector) as well as assessments conducted independently by the Department of the Treasury and the Departments of Defense, Justice, Commerce, Health and Human Services, Transportation, and Energy, and by the Office of the Director of National Intelligence and the General Services Administration.”
April 15th, 2014
The Center for Investigative Reporting and KQED looked into emerging surveillance technologies that could have a significant impact on the privacy rights of individuals:
[Ross McNutt] and his Ohio-based company, Persistent Surveillance Systems, persuaded the Los Angeles County Sheriff’s Department to use his surveillance technology to monitor Compton’s streets from the air and track suspects from the moment the snatching occurred.
The system, known as wide-area surveillance, is something of a time machine – the entire city is filmed and recorded in real time. Imagine Google Earth with a rewind button and the ability to play back the movement of cars and people as they scurry about the city. [...]
McNutt who holds a doctorate in rapid product development, helped build wide-area surveillance to hunt down bombing suspects in Iraq and Afghanistan. He decided that clusters of high-powered surveillance cameras attached to the belly of small civilian aircraft could be a game-changer in U.S. law enforcement. [...]
The Center for Investigative Reporting and KQED teamed up to take an inside look at the emerging technologies that could revolutionize policing – and how intrusively the public is monitored by the government. The technology is forcing the public and law enforcement to answer a central question: When have police crossed the line from safer streets to expansive surveillance that threatens to undermine the nation’s constitutional values? Read more »
April 14th, 2014
The Associated Press reports on a privacy program at St. Michael School in suburban St. Louis. The program is based a privacy curriculum based on one released by the Fordham Law School’s Center for Law and Information Policy. AP reports:
CLAYTON, Mo. — In an age of increased online government surveillance and targeted social media ads, the notion of privacy as a classroom subject worthy of distinct study is gaining momentum far beyond the narrow niches of First Amendment lawyers and computer hackers.
Using a privacy curriculum developed at Fordham Law School in New York, educators there and at another dozen of the country’s top law schools want to equip adolescents growing up in a digital world with a user manual that has little to do with apps and pixel resolution.
At the St. Michael School in suburban St. Louis, middle-school students recently learned how to manage their digital reputations. Led by a law-student instructor from nearby Washington University, the preteens discussed how facial recognition software is used everywhere from Facebook to the local mall. As the cellphone increasingly becomes an early adolescent rite of passage, they debated the legal and ethical issues raised by spending hours each day online or texting with friends. […] Read more »
April 11th, 2014
The Government Accountability Office has released a new report, “IRS Needs to Address Control Weaknesses That Place Financial and Taxpayer Data at Risk (GAO-14-405￼￼),” concerning security problems that could affect the privacy of taxpayers. Here’s an excerpt detailing problems at the Internal Revenue Service:
Specifically, the agency had not always (1) installed appropriate patches on all databases and servers to protect against known vulnerabilities, (2) sufficiently monitored database and mainframe controls, or (3) appropriately restricted access to its mainframe environment. In addition, IRS had allowed individuals to make changes to mainframe data processing without requiring them to follow established change control procedures to ensure changes were authorized, and did not configure all applications to use strong encryption for authentication, increasing the potential for unauthorized access. Read more »