Search


Intersection: Sidewalks & Public Space

Chapter by Melissa Ngo

"The Myth of Security Under Camera Surveillance"


  • Categories


  • Archives

    « Home

    Archive for the ‘Civil liberties’ Category

    Reuters: Flaws could expose users of privacy-protecting software, researchers say

    Friday, July 25th, 2014

    Reuters reports that researchers have found a flaw in privacy-protective system Invisible Internet Project:

    Researchers have found a flaw that could expose the identities of people using a privacy-oriented operating system touted by Edward Snowden, just two days after widely used anonymity service Tor acknowledged a similar problem.

    The most recent finding concerns a complex, heavily encrypted networking program called the Invisible Internet Project, or I2P. Used to send messages and run websites anonymously, I2P ships along with the specialized operating system “Tails,” which former U.S. spy contractor Snowden used to communicate with journalists in secret.

    Though a core purpose of I2P is to obscure the Internet Protocol addresses of its roughly 30,000 users, anyone who visits a booby-trapped website could have their true address revealed, making it likely that their name could be exposed as well, according to researchers at Exodus Intelligence. [...] Read more »

    IT News (Australia): Academics get personal over big data

    Wednesday, July 16th, 2014

    We’ve discussed the pitfalls of various anonymization or “de-identification” techniques and how the information can be “deanonymized” or re-identified, leading to privacy problems for individuals. In 2009, University of Colorado law professor Paul Ohm discussed “the surprising failure of anonymization,” and said, “Data can either be useful or perfectly anonymous but never both.” He said anonymization’s failure “should trigger a sea change in the law, because nearly every information privacy law or regulation grants a get-out-of-jail-free card to those who anonymize their data.”

    Now, IT News reports on a research paper, “No silver bullet: De-identification still doesn’t work” (pdf), by Princeton’s Arvind Narayanan and Edward W. Felten concerning the continued privacy problems with de-identification of personal information. (Felten was chief technologist for the Federal Trade Commission and has been a consultant for various federal agencies.) The new paper is a response to one recently published by ITIF researcher Daniel Castro and Ontario privacy commissioner Ann Cavoukian, “Big Data and Innovation, Setting the Record Straight: De-identification Does Work” (pdf).

    IT News reports:

    Scholars at Princeton University have delivered a stinging rebuke to the ‘big data’ movement, insisting that today’s data de-identification tools are not sufficient to ensure privacy. [...] Read more »

    InformationWeek: Florida Law Aims To Tighten Data Security

    Friday, July 11th, 2014

    InformationWeek reports on a new law in Florida that concerns information privacy and security:

    A new law designed to protect Floridians from identity theft could have far-reaching repercussions on healthcare organizations that reside or do business in the Sunshine State. Under the Florida Information Protection Act of 2014 (FIPA), any covered entity or third-party agent must now report breaches to the Florida Department of Legal Affairs and to consumers within 30 days (compared with the prior law’s 45 days). If they show good cause, organizations may get a 15-day extension or receive a law enforcement extension. Violators can be fined $1,000 per day for the first 30 days and $50,000 for each subsequent 30-day period under the Florida Deceptive and Unfair Trade Practices Act (FDUTPA); the fine is not to exceed $500,000.

    The state also expanded ”personal information” to include individuals’ first name or first initial and last name, in combination with any one of the following: passport number; medical history, mental or physical condition, or medical treatment or diagnosis by a healthcare professional; or health insurance policy number, subscriber identification number, or any unique identifier health insurers use to classify individuals. [...]

    The act, which passed unanimously, should slow the flood of data breaches, advocates said. Faster reporting times, an expanded collection of relevant data, and increased law enforcement involvement will encourage organizations to be more proactive and give law enforcement more opportunities to catch cybercriminals.

    Consortium for School Networking Issues Privacy Resources for K to 12 Grades

    Thursday, July 10th, 2014

    The Consortium for School Networking has announced the release of privacy resources for school districts:

    CoSN (Consortium for School Networking) today unveiled two freestanding resources to accompany its in-depth, step-by-step privacy toolkit. Designed to help school system leaders navigate the complex federal laws and related issues, the complementary resources include:

    •  “10 Steps Every District Should Take Today”; and

    •  “Security Questions to Ask of an Online Service Provider

    Launched in March through CoSN’s Protecting Privacy in Connected Learning initiative, the existing toolkit addresses compliance with laws such as the Family Education Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA) and offers smart practices to better protect student privacy and their data. The security questions for online service providers were included in the v.1 toolkit. [...]

    In the fall, CoSN will expand the toolkit with additional sections covering the Protection of Pupil Rights Amendment (PPRA) and the Health Insurance Portability & Accountability Act (HIPAA) – filling out the privacy guide with all four federal privacy laws applied to K-12 education.

    Businessweek: Hospitals Are Mining Patients’ Credit Card Data to Predict Who Will Get Sick

    Wednesday, July 9th, 2014

    Businessweek reports on a story about data mining that could affect the privacy of individuals’ medical information:

    Carolinas HealthCare, which runs more than 900 care centers, including hospitals, nursing homes, doctors’ offices, and surgical centers, has begun plugging consumer data on 2 million people into algorithms designed to identify high-risk patients so that doctors can intervene before they get sick. The company purchases the data from brokers who cull public records, store loyalty program transactions, and credit card purchases. [Carolinas operates the largest group of medical centers in North and South Carolina.]

    Information on consumer spending can provide a more complete picture than the glimpse doctors get during an office visit or through lab results, says Michael Dulin, chief clinical officer for analytics and outcomes research at Carolinas HealthCare. The Charlotte-based hospital chain is placing its data into predictive models that give risk scores to patients. Within two years, Dulin plans to regularly distribute those scores to doctors and nurses who can then reach out to high-risk patients and suggest changes before they fall ill. [...] Read more »

    Wired: ISPs File Legal Complaint in Europe Over Spying

    Monday, July 7th, 2014

    Wired reports that a group of Internet service providers and nonprofits in different countries have filed a legal complaint over allegations of spying by Britain’s GCHQ and the United States’s National Security Agency:

    Seven Internet service providers and non-profit groups from various countries have filed a legal complaint against the British spy agency GCHQ. Their issue: that the clandestine organization broke the law by hacking the computers of Internet companies to access their networks.

    The complaint, filed with the Investigatory Powers Tribunal, calls for an end to the spy agency’s targeting of system administrators in order to gain access to the networks of service providers and conduct mass surveillance. The legal action was filed in conjunction with Privacy International, and stems from reports last year that GCHQ hacked employees of the Belgian telecom Belgacom in order to access and compromise critical routers in the company’s infrastructure to monitor the communication of smartphone users that passed through the router. [...] Read more »