CNet News reports on the federal government’s cybersecurity review.

As the National Security Council works on its comprehensive review of federal cybersecurity programs for President Obama, it is going to great lengths to consider privacy and civil liberty issues, some Congress members said Thursday.

The House Cybersecurity Caucus on Thursday met with Melissa Hathaway, the acting senior director for cyberspace for the National Security and Homeland Security Councils, who is conducting for the administration a 60-day cybersecurity review.

Rep. James Langevin (D-R.I.), co-chair of the House Cybersecurity Caucus, said Hathaway has been meeting with privacy and civil liberties groups to receive their input on how to reform cybersecurity.

Those issues are “a forethought rather than an afterthought,” he said. “Because these are such powerful tools (to grant federal authorities to regulate cyberspace), we’re going to have to have the buy-in of the public and have their support.”

In his Wired column, security expert Bruce Schneier discusses the expectation of privacy test and how changing technology implicates this legal test.

Based on the 1967 Katz v. United States Supreme Court decision, this ["expectation of privacy"] test actually has two parts. First, the government’s action can’t contravene an individual’s subjective expectation of privacy; and second, that expectation of privacy must be one that society in general recognizes as reasonable. That second part isn’t based on anything like polling data; it is more of a normative idea of what level of privacy people should be allowed to expect, given the competing importance of personal privacy on one hand and the government’s interest in public safety on the other.

The problem is, in today’s information society, that definition test will rapidly leave us with no privacy at all. Read more »

TechCrunch.com reports on security problems with Google Docs that affect user privacy. This revelation comes soon after another Google Docs privacy problem, where some documents were shared without user knowledge. (For more on “cloud computing,” where user data is shared on remote servers accessible online, read an excellent recent report (pdf) from the World Privacy Forum, “Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing.”) TechCrunch.com reports: 

Security consultant Ade Barkah checked in with us to alert us to a couple of serious security issues associated to Google Docs, the web-based office software from the world’s most famous search engine company, giving a whole new meaning to its mission to make the world’s information universally accessible. On his blog on software, infrastructure and security, Barkah outlines no less than three issues that he discovered while investigating some potential security lapses.

Since he did the right thing by contacting Google about his findings (only to receive no response after five business days), we’re hoping that this article will help trigger the company’s engineering team to plug the holes asap. In case you missed it, earlier this month we uncovered some major privacy blunders going on with Google Docs, which the company later confirmed and fixed (we pinged them for this too). Read more »

ACLU Senior Legislative Counsel Tim Sparapani will soon begin working on privacy issues as Facebook’s new director of public policy, which is a newly created position. He has been working at the ACLU since 2005, focusing on privacy issues especially related to identification, data mining, watch lists and other security questions. I have worked closely with Tim for several years and greatly respect him. I hope that he will continue his strong fight for privacy rights in his new position at Facebook.

The Minneapolis Star Tribune has an interesting story about privacy in court records:

A dispute between Ramsey County prosecutors and a self-described “hard-nosed judge” involves a lot of legal terminology but, at its heart, comes down to the delicate balance between protecting the safety and privacy of alleged crime victims and the need to keep the court system open and transparent to the public.

Tariq Remtulla of Canadian law firm Blakes writes about Leduc v. Roman, in which “the Ontario Superior Court of Justice made an order permitting the defendant to cross-examine a plaintiff in a motor vehicle accident suit [...] regarding the kind of content he posted on his private Facebook profile.” Plaintiff Leduc claimed his enjoyment of life was reduced after the accident, and the defendant sought information on the plaintiff’s lifestyle post-accident. (There have been a number of privacy questions with Facebook, MySpace and other social networking sites. See my posts in the archives for more information.)

It was argued that the defendant was merely fishing for evidence, that the existence of plaintiff Leduc’s Facebook profile did not necessarily mean that the profile contained evidence relevant to Leduc’s lifestyle and the case. 

Justice Brown disagreed, stating: “With respect, I do not regard the defendant’s request as a fishing expedition. Mr. Leduc exercised control over a social networking and information site to which he allowed designated “friends” access. It is reasonable to infer that his social networking site likely contains some content relevant to the issue of how Mr. Leduc has been able to lead his life since the accident.” [para. 32]

Justice Brown also found that [there was an error] in dismissing the motion to produce without affording the defendant an opportunity to cross-examine Mr. Leduc [...] about the kind of content posted on his Facebook profile. Justice Brown felt that: “[t]o permit a party claiming very substantial damages for loss of enjoyment of life to hide behind self-set privacy controls on a website, the primary purpose of which is to enable people to share information about how they lead their social lives, risks depriving the opposite party of access to material that may be relevant to ensuring a fair trial.” [para. 35]

What does this mean for Facebook users in Canada? Read more »