Intersection: Sidewalks & Public Space

Chapter by Melissa Ngo

"The Myth of Security Under Camera Surveillance"

  • Categories

  • Archives

    « Home

    Archive for the ‘Security’ Category

    Article 29 Working Party Issues Opinion on Anonymization Techniques

    Thursday, April 24th, 2014

    The EU’s Article 29 Working Party on the Protection of Individuals with regard to the Processing of Personal Data has released “Opinion 05/2014 on Anonymisation Techniques” (Working Party pdf; archive pdf). We’ve discussed the pitfalls of various anonymization or “de-identification” techniques and how the information can be “deanonymized” or re-identified, leading to privacy problems for individuals. Here’s an excerpt from the executive summary of the Working Party’s opinion:

    The WP acknowledges the potential value of anonymisation in particular as a strategy to reap the benefits of ‘open data’ for individuals and society at large whilst mitigating the risks for the individuals concerned. However, case studies and research publications have shown how difficult it is to create a truly anonymous dataset whilst retaining as much of the underlying information as required for the task.

    In the light of Directive 95/46/EC and other relevant EU legal instruments, anonymisation results from processing personal data in order to irreversibly prevent identification. In doing so, several elements should be taken into account by data controllers, having regard to all the means “likely reasonably” to be used for identification (either by the controller or by any third party).

    Anonymisation constitutes a further processing of personal data; as such, it must satisfy the requirement of compatibility by having regard to the legal grounds and circumstances of the further processing. Additionally, anonymized data do fall out of the scope of data protection legislation, but data subjects may still be entitled to protection under other provisions (such as those protecting confidentiality of communications). Read more »

    Courthouse News Service: Class Claims College Hid Giant Data Breach

    Tuesday, April 22nd, 2014

    Courthouse News Service reports on a class-action lawsuit in Arizona concerning a security breach that affected the privacy of people connected with Maricopa County Community College District.

    PHOENIX (CN) – Maricopa County Community College District waited seven months to inform 2.5 million students, graduates, employees and vendors that its databases had been breached and their personal information made available for sale online, a class action claims in state court.

    Lead plaintiff Jason Liebich, a current student at Phoenix College, sued the college district in Maricopa County Court.

    Liebich claims the FBI warned the Maricopa County Community College District (MCCCD) in January 2011 that a number of its databases had been breached and made available for sale on the Internet. [...]

    But the district failed to make any changes to secure the databases, resulting in the breach of 14 databases on MCCCD servers in April 2013, according to the complaint. [...] Read more »

    Independent (UK): Vast network of roadside cameras pose ‘very real risk’ says surveillance regulator

    Monday, April 21st, 2014

    The Independent reports on privacy questions with camera surveillance on the roads in the United Kingdom:

    Members of the public face “a very real risk” to their privacy from the huge roadside surveillance network that captures millions of motorists every day, the Government’s Surveillance Commissioner has warned. In an interview with The Independent, Tony Porter urges that clear guidance be provided to ensure “innocent” people do not fall victim to roadside automatic number plate recognition (ANPR) cameras which have been the centre of concerns over the rise of surveillance in Britain.

    The regulator for Britain’s state-run security cameras has put police on notice over their use of personal data after a series of investigations into the ANPR system, which has been described by campaigners as the “biggest surveillance network that most people have never heard of”. [...]

    Local authorities control more than 50,000 cameras while thousands of roadside cameras collect owner information on more than 18 million car journeys every day, in a swift and unregulated expansion over the past 30 years. Read more »

    Christian Science Monitor: Privacy concerns? What Google now says it can do with your data (+video)

    Friday, April 18th, 2014

    The Christian Science Monitor considers the issue of privacy and Internet services giant Google:

    Against a backdrop of growing privacy concerns, with every week bringing revelations of data breaches at government or corporate websites, online search behemoth Google quietly updated its terms of service Monday, spelling out just how much personal data it mines as part of its normal business model.

    The new language states: “Our automated systems analyze your content (including e-mails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection.”

    While corporate fine-tuning to an online policy that few users read closely – indeed, most don’t read at all – would not normally be news, Google is singular, say security and legal experts. Not only is the company in the midst of contentious lawsuits over both the spirit and letter of these privacy issues, but, more important, it dominates the online search space to such an extent that what happens at Google impacts the entire cyber-landscape. [...] Read more »

    TechCrunch: HP Finds Mobile Tax Apps Lacking On Security, Privacy

    Thursday, April 17th, 2014

    TechCrunch reports on security and privacy problems with some mobile tax apps:

    As the clock ticks toward midnight, putting an end to tax day 2014, Hewlett-Packard is warning consumers of mobile tax and finance apps that they may want to audit their own usage.

    According to the HP Audit, more than 90 percent of the applications the company tested, including TurboTaxTaxACT and TaxSlayer, contained at least one potential privacy violation.

    Those included accessing the phone’s address book, geo-location, storing sensitive data in clear-text, not setting cookie properties securely and insecurely transmitting data.

    Another 50 percent of the applications use cryptographic methods that are known to have security weaknesses like md5 or SHA1. Other flaws included image caching from a Social Security number input screen, which could expose the information to malware installed on a device. [...]

    “A lot of companies are looking at mobile apps as a fancy user interface, and they’re putting their protection on the back-end behind their firewall,” [said Maria Bledsoe, Senior Manager of Product Marketing at HP.] “But they’re not realizing yet that this is yet another attack vector and is an entry point for the hackers.”

    DHS Releases First Annual Privacy and Civil Liberties Assessment Report

    Wednesday, April 16th, 2014

    The Department of Homeland Security’s Privacy Office has released its first annual “Privacy and Civil Liberties Assessment Report” (DHS pdf; archive pdf). The office said, “Executive Order 13636, Improving Critical Infrastructure Cybersecurity, requires that senior agency officials for privacy and civil liberties assess the privacy and civil liberties impacts of the activities their respective departments and agencies have undertaken to implement the Executive Order, and to publish their assessments annually in a report compiled by the DHS Privacy Office and Office for Civil Rights and Civil Liberties. This is the first of the required annual reports.  It includes the DHS Privacy Office’s and Office for Civil Rights and Civil Liberties’ assessments of certain DHS activities under Section 4 of the Executive Order (enhanced threat information sharing with the private sector) as well as assessments conducted independently by the Department of the Treasury and the Departments of Defense, Justice, Commerce, Health and Human Services, Transportation, and Energy, and by the Office of the Director of National Intelligence and the General Services Administration.”