July 22nd, 2014
ProPublica and Mashable report on “canvas fingerprinting,” which is a new kind of online tracking tool. The report discusses a paper documenting canvas fingerprinting, “The Web never forgets: Persistent tracking mechanisms in the wild,” from researchers at Princeton University and KU Leuven University in Belgium. The researchers are: Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez1, Arvind Narayanan and Claudia Diaz. ProPublica and Mashable report:
[T]his type of tracking, called canvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it.
Like other tracking tools, canvas fingerprints are used to build profiles of users based on the websites they visit — profiles that shape which ads, news articles, or other types of content are displayed to them.
But fingerprints are unusually hard to block: They can’t be prevented by using standard Web browser privacy settings or using anti-tracking tools such as AdBlock Plus. Read more »
July 21st, 2014
In the latest issue of PLOS One, MIT researchers Yves-Alexandre de Montjoye,
Erez Shmueli, Samuel S. Wang, Alex Sandy Pentland announced a system that they say would give individuals more control over their privacy, allowing them to decide what data to share with Web sites and mobile apps. Here’s the abstract from the article, “openPDS: Protecting the Privacy of Metadata through SafeAnswers“:
The rise of smartphones and web services made possible the large-scale collection of personal metadata. Information about individuals’ location, phone call logs, or web-searches, is collected and used intensively by organizations and big data researchers. Metadata has however yet to realize its full potential. Privacy and legal concerns, as well as the lack of technical solutions for personal metadata management is preventing metadata from being shared and reconciled under the control of the individual. This lack of access and control is furthermore fueling growing concerns, as it prevents individuals from understanding and managing the risks associated with the collection and use of their data. Read more »
July 18th, 2014
CBS’s Chicago affiliate reports on statements by Illinois Attorney General Lisa Madigan concerning data security and privacy:
Illinois Attorney General Lisa Madigan on Wednesday called for the formation of a new federal agency to investigate data breaches in much the same way the National Transportation Safety Board investigates plane and train crashes.
WBBM Newsradio’s John Cody reports Madigan said the federal government lacks a single group to determine the extent of damage caused by a data breach, and come up with ways to fix them and prevent them in the future. [...]
Madigan said data thieves are more likely to make online purchases with stolen private information in Chicago than Los Angeles or Miami. [...]
She also said too many companies collect too much private information, and keep it too long, enhancing the risk of identity theft.
July 17th, 2014
The Hill reports that businesses are making moves now on data security and privacy rather than waiting for Congress to act:
Data breaches were thrust in the spotlight after hackers broke into the networks of retailers during last year’s holiday season. Lawmakers held a slew of hearings in the aftermath and many proposed legislation intended to ensure that consumers are warned promptly when their information is put at risk.
But a legislative solution has a long way to go, as bill dealing with privacy must travel through several committees with jurisdiction, including three in the House alone. [...]
With action in Congress unlikely to happen soon, the nation’s largest retailers and financial groups are taking it upon themselves to increase safeguards for consumer information. With their reputations and business on the line, both industries are determined to make progress. Read more »
July 16th, 2014
We’ve discussed the pitfalls of various anonymization or “de-identification” techniques and how the information can be “deanonymized” or re-identified, leading to privacy problems for individuals. In 2009, University of Colorado law professor Paul Ohm discussed “the surprising failure of anonymization,” and said, “Data can either be useful or perfectly anonymous but never both.” He said anonymization’s failure “should trigger a sea change in the law, because nearly every information privacy law or regulation grants a get-out-of-jail-free card to those who anonymize their data.”
Now, IT News reports on a research paper, “No silver bullet: De-identification still doesn’t work” (pdf), by Princeton’s Arvind Narayanan and Edward W. Felten concerning the continued privacy problems with de-identification of personal information. (Felten was chief technologist for the Federal Trade Commission and has been a consultant for various federal agencies.) The new paper is a response to one recently published by ITIF researcher Daniel Castro and Ontario privacy commissioner Ann Cavoukian, “Big Data and Innovation, Setting the Record Straight: De-identification Does Work” (pdf).
IT News reports:
Scholars at Princeton University have delivered a stinging rebuke to the ‘big data’ movement, insisting that today’s data de-identification tools are not sufficient to ensure privacy. [...] Read more »
July 15th, 2014
Information Age reports on a new survey from Voltage Security concerning the encryption of sensitive information:
Despite headline-making breaches that have called attention to the importance of data encryption, nearly 36% of IT security professionals admit to sending sensitive data outside of their organisations without using any form of encryption to protect it, a new survey from Voltage Security reveals. [...] Read more »