Search


  • Categories


  • Archives

    « Home

    Archive for the ‘First Amendment’ Category

    Uber Executives’ Comments, Actions Shine Spotlight on Privacy Risks for Consumers

    Monday, November 24th, 2014

    At a recent dinner, Uber Senior Vice President Emil Michael suggested that Uber could spend “a million dollars” to hire opposition researchers to dig up dirt on journalists who were critical of the company, a service for hailing taxis, private cars or ride-shares. According to BuzzFeed: ”That team could, he said, help Uber fight back against the press — they’d look into ‘your personal lives, your families,’ and give the media a taste of its own medicine.” He mentioned specifically focusing on the private details of the life of journalist Sarah Lacy. Lacy’s response is here. Michael has apologized for his comments, and Uber CEO Travis Kalanick has said Michael’s comments “were terrible and do not represent the company.” 

    If Uber were to investigate journalists or other critics, it would not be the first company to do so. Two cases involved Germany’s Deutsche Bank and Hewlett-Packard. In 2009, Deutsche Bank fired two executives because of a scandal in which bank executives hired investigators who spied on board members and a shareholder. In early 2006, then-Hewlett-Packard Chair Patricia Dunn hired private investigators that used “pretexting” to acquire the personal phone records of board members and journalists in an effort to locate the source of leaks to the media. (“Pretexting” is a fancy word for “pretending to be someone else in order to get his or her personal information” — in this case, phone records.) There were various criminal and Congressional investigations. Dunn said she didn’t know that the investigators were pretexting, and the charges against her were eventually dismissed. The scandal prompted Congress to pass the Telephone and Records Privacy Act of 2006, which prohibits pretexting to gather phone record data (with exceptions for law enforcement).

    BuzzFeed also reported that another Uber executive, the general manager of Uber NYC, did something that also raises privacy questions. During an e-mail exchange with a journalist, the Uber executive “accessed the profile of a BuzzFeed News reporter, Johana Bhuiyan, to make points in the course of a discussion of Uber policies. At no point in the email exchanges did she give him permission to do so.” This raises the specter of an insider misusing or abusing his data-access privileges to invade the privacy of an individual. We’ve talked before about the problems that arise when insiders abuse or misuse their access to individuals’ data. There have been many such cases. Read more »

    Opinion at Slate: Big Data and the Underground Railroad

    Tuesday, November 11th, 2014

    In a column at Slate, Alvaro M. Bedoya, the founding executive director of the Center on Privacy and Technology at Georgetown Law, writes about “big data” and what widespread data collection on individuals can mean for civil liberties:

    Most of the questions, however, focus on how our data should be used. There’s been far less attention to a growing effort to change how our data is collected.

    For years, efforts to protect privacy have focused on giving people the ability to choose what data is collected about them. Now, industry—with the support of some leaders in government—wants to shift that focus. Businesses say that in our data-saturated world, giving consumers meaningful control over data collection is next to impossible. They argue that we should ramp down efforts to give individuals control over the initial collection of their data, and instead let industry collect as much personal information as possible. Read more »

    Politico: Snail mail snooping safeguards not followed

    Wednesday, October 29th, 2014

    Politico reports on a privacy concerns with a surveillance program to track mail vial “mail covers” in the United States:

    Cutting-edge data-gathering techniques may have grabbed the spotlight lately, but it turns out the government has been playing fast and loose with a more old-school surveillance method: snail-mail snooping.

    The U.S. Postal Service failed to observe key safeguards on a mail surveillance program with a history of civil liberties abuses, according to a new internal watchdog report that USPS managers tried to keep secret, citing security concerns.

    The Office of Inspector General audit of so-called “mail covers” — orders to record addresses or copy the outside of all mail delivered to an individual or an address — found that about 20 percent of the orders implemented for outside law enforcement agencies were not properly approved, and 13 percent were either unjustified or not correctly documented. Read more »

    Update: DNI Releases Interim Progress Report on Implementing PPD-28

    Monday, October 20th, 2014

    To recap: There has been considerable controversy about the privacy and civil liberties implications of the bulk telephone data collection program revealed by former National Security Agency contractor Edward Snowden. (He revealed several surveillance programs by the agency.) The Review Group on Intelligence and Communications Technologies (created by President Obama in August after the Snowden revelations) issued a report (archive pdf) recommending against the telephone call record database. Recently, the Privacy and Civil Liberties Oversight Board (PCLOB), an independent oversight agency within the executive branch, released a report (archive pdf) on the NSA’s surveillance program that collects telephone records in bulk saying the NSA surveillance program is illegal and should be ended. Federal judges have issued conflicting rulings on the surveillance program. In January, Obama announced reforms and proposed changes to the NSA surveillance programs, including the call record database surveillance program. Obama also issued a “Presidential Policy Directive, PPD-28,” (pdf) concerning signals intelligence activities.

    Now, the Office of the Director of National Intelligence has issued an interim progress report (DNI pdf; archive pdf) on implementing PPD-28. In an announcement, Robert Litt, general counsel for the Office of the Director of National Intelligence, and Alexander W. Joel, civil liberties protection officer for the Office of the Director of National Intelligence, said the report “articulates key principles for agencies to incorporate in their policies and procedures, including some which afford protections that go beyond those explicitly outlined in PPD-28. These principles include the following: Ensuring that privacy and civil liberties are integral considerations in signals intelligence activities.”

    NSA Releases Second Transparency Report

    Thursday, October 9th, 2014

    The National Security Agency, which has faced considerable criticism from the public and lawmakers since revelations by former contractor Edward Snowden concerning the agency’s broad surveillance programs, recently released its second transparency report.

     The document focuses on the civil liberties and privacy protection practices of NSA in the course of targeted signals intelligence activities under Executive Order 12333. Fair Information Practice Principles (FIPPs), the widely accepted framework of defining principles used by federal agencies to evaluate how systems, processes, or programs impact individual privacy, were used as the basis for assesssment.

    The report details numerous efforts designed to protect civil liberties and privacy protections in six of the eight FIPPs (Purpose Specification; Data Minimization; Use Limitation; Data Quality and Integrity; Security; and Accountability and Auditing). These protections are underpinned by NSA’s enterprise activities, documented compliance program, and investments in people, training, tools and technology. Read more »

    Ars Technica: Adobe’s e-book reader sends your reading logs back to Adobe—in plain text

    Wednesday, October 8th, 2014

    Ars Technica reports on a privacy and security issue concerning ebooks and Adobe’s popular Digital Editions ebooks and PDF reader (which is used by many libraries):

    Adobe’s Digital Editions e-book and PDF reader—an application used by thousands of libraries to give patrons access to electronic lending libraries—actively logs and reports every document readers add to their local “library” along with what users do with those files. Even worse, the logs are transmitted over the Internet in the clear, allowing anyone who can monitor network traffic (such as the National Security Agency, Internet service providers and cable companies, or others sharing a public Wi-Fi network) to follow along over readers’ shoulders.

    Ars has independently verified the logging of e-reader activity with the use of a packet capture tool. The exposure of data was first discovered by Nate Hoffelder of The Digital Reader, who reported the issue to Adobe but received no reply. [...] Read more »