Search


  • Categories


  • Archives

    « Home

    Archive for the ‘Security’ Category

    Uber Executives’ Comments, Actions Shine Spotlight on Privacy Risks for Consumers

    Monday, November 24th, 2014

    At a recent dinner, Uber Senior Vice President Emil Michael suggested that Uber could spend “a million dollars” to hire opposition researchers to dig up dirt on journalists who were critical of the company, a service for hailing taxis, private cars or ride-shares. According to BuzzFeed: ”That team could, he said, help Uber fight back against the press — they’d look into ‘your personal lives, your families,’ and give the media a taste of its own medicine.” He mentioned specifically focusing on the private details of the life of journalist Sarah Lacy. Lacy’s response is here. Michael has apologized for his comments, and Uber CEO Travis Kalanick has said Michael’s comments “were terrible and do not represent the company.” 

    If Uber were to investigate journalists or other critics, it would not be the first company to do so. Two cases involved Germany’s Deutsche Bank and Hewlett-Packard. In 2009, Deutsche Bank fired two executives because of a scandal in which bank executives hired investigators who spied on board members and a shareholder. In early 2006, then-Hewlett-Packard Chair Patricia Dunn hired private investigators that used “pretexting” to acquire the personal phone records of board members and journalists in an effort to locate the source of leaks to the media. (“Pretexting” is a fancy word for “pretending to be someone else in order to get his or her personal information” — in this case, phone records.) There were various criminal and Congressional investigations. Dunn said she didn’t know that the investigators were pretexting, and the charges against her were eventually dismissed. The scandal prompted Congress to pass the Telephone and Records Privacy Act of 2006, which prohibits pretexting to gather phone record data (with exceptions for law enforcement).

    BuzzFeed also reported that another Uber executive, the general manager of Uber NYC, did something that also raises privacy questions. During an e-mail exchange with a journalist, the Uber executive “accessed the profile of a BuzzFeed News reporter, Johana Bhuiyan, to make points in the course of a discussion of Uber policies. At no point in the email exchanges did she give him permission to do so.” This raises the specter of an insider misusing or abusing his data-access privileges to invade the privacy of an individual. We’ve talked before about the problems that arise when insiders abuse or misuse their access to individuals’ data. There have been many such cases. Read more »

    Update: Senate Fails to Advance USA Freedom Act, a Bill to Reform NSA Surveillance

    Thursday, November 20th, 2014

    The Senate, by a vote of 58 to 42, failed to advance to debate on the USA Freedom Act, a bill to reform bulk data collection by the National Security Agency. The NSA has faced considerable criticism from the public and lawmakers since revelations by former contractor Edward Snowden concerning the agency’s broad surveillance programs. (He revealed several surveillance programs by the agency.) The USA Freedom Act, introduced by Sen. Patrick Leahy (D-Vermont), chairman of the Judiciary Committee, and a host of Democratic and Republican co-sponsors. The legislation was backed by the Obama administration, which called for reforms in January. The Washington Post reports:

    Congress and the administration face a June 1 expiration of a key provision of the USA Patriot Act that enables the intelligence community to gather data for counterterrorism purposes. Section 215 allows the government to obtain specific records relevant to particular investigations. But, as Snowden disclosed, it also was the authority cited by the government to enable the NSA to collect data in bulk. Reform advocates want to end that bulk collection but in general maintain the government’s ability to issue targeted orders for data.

    The 58-to-42 vote exposed fissures in the GOP over the legislation, with national security-oriented members and a vocal privacy proponent, Sen. Rand Paul (R-Ky.), voting to block the bill — but for different reasons. Read more »

    FTC Reaches Proposed Settlement With TRUSTe Over Privacy Seal Program

    Tuesday, November 18th, 2014

    The Federal Trade Commission announced that it has reached a proposed settlement with TRUSTe, a provider of privacy certifications for online businesses, over its privacy seal program. TRUSTe faced charges “that it deceived consumers about its recertification program for company’s privacy practices, as well as perpetuated its misrepresentation as a non-profit entity.” The FTC said:

    TRUSTe provides seals to businesses that meet specific requirements for consumer privacy programs that it administers.  TRUSTe seals assure consumers that businesses’ privacy practices are in compliance with specific privacy standards like the Children’s Online Privacy Protection Act (COPPA) and the U.S.-EU Safe Harbor Framework. [...]

    The FTC’s complaint alleges that from 2006 until January 2013, TRUSTe failed to conduct annual recertifications of companies holding TRUSTe privacy seals in over 1,000 incidences, despite providing information on its website that companies holding TRUSTe Certified Privacy Seals receive recertification every year. [...] Read more »

    Kojo Nnamdi Show: GPS Tracking And Law Enforcement

    Monday, November 17th, 2014

    The Kojo Nnamdi Show recently had a discussion with Chris Calabrese, Senior Policy Director at the Center for Democracy and Technology, and Mark Eckenwiler, Senior Counsel at Perkins Coie, about GPS tracking technology and its use by law enforcement officials. The discussion included privacy issues. Here’s the blurb:

    Last week, law enforcement officers used GPS tracking to locate a woman who had been abducted in Philadelphia. The vehicle of her alleged abductor had a GPS device installed by the dealer, which the police then used to find the suspect and the victim. We explore the legal issues around when and how police can use surveillance technology like GPS, and what a 2012 Supreme Court decision means for such cases.

    Update: AT&T stops using tracking ‘supercookies’ on cellphones — for now

    Monday, November 17th, 2014

    Recently, there were news reports that Verizon and AT&T were using tracking “supercookies” to keep tabs on their customers’ online activities. These supercookies were virtually impossible to get rid of. Now, ProPublica reports that AT&T has stopped using the supercookie tracking technology on mobile phones, but it may restart the use of the technology:

    AT&T says it has stopped its controversial practice of adding a hidden, undeletable tracking number to its mobile customers’ Internet activity. [...]

    The tracking numbers can be used by sites to build a dossier about a person’s behavior on mobile devices – including which apps they use, what sites they visit and for how long. Read more »

    Wall Street Journal: Americans’ Cellphones Targeted in Secret U.S. Spy Program

    Friday, November 14th, 2014

    The Wall Street Journal reports on a surveillance program gathering the data of thousands of mobile phones:

    WASHINGTON—The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations. [...]

    Planes are equipped with devices—some known as “dirtboxes” to law-enforcement officials because of the initials of the Boeing Co. unit that produces them—which mimic cell towers of large telecommunications firms and trick cellphones into reporting their unique registration information.

    The technology in the two-foot-square device enables investigators to scoop data from tens of thousands of cellphones in a single flight, collecting their identifying information and general location, these people said. [...] Read more »