The Court observes first of all that the data to be retained make it possible, in particular, (1) to know the identity of the person with whom a subscriber or registered user has communicated and by what means, (2) to identify the time of the communication as well as the place from which that communication took place and (3) to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. Those data, taken as a whole, may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented. Read more »
Archive for the ‘Technology’ Category
The Government Accountability Office has released a new report, “Federal Agencies Need to Enhance Responses to Data Breaches (GAO-14-487T),” detailing Congressional testimony by Gregory Wilshusen, the GAO’s director of information security issues, that finds that agencies need to do more to protect the privacy of personally identifiable information. Here’s an excerpt:
As GAO has previously reported, major federal agencies continue to face challenges in fully implementing all components of an agency-wide information security program, which is essential for securing agency systems and the information they contain—including PII. Specifically, agencies have had mixed results in addressing the eight components of an information security program called for by law, and most agencies had weaknesses in implementing specific security controls. GAO and inspectors general have continued to make recommendations to strengthen agency policies and practices. Read more »
The Washington Post reports on attempts by Internet services company Yahoo to better protect its users’ privacy:
On Wednesday, Yahoo’s freshly minted Chief Information Security Officer Alex Stamos announced the company had implemented a series of stronger security and privacy measures, including securing traffic that moves between their servers and encrypting most search queries automatically.
This is a major step for Yahoo which has been dogged by critics for years for lagging behind its competitors on some basic privacy and security measures. In a Tumblr post, the company proclaims its latest announcement is only the start of a broader mission “to not only make Yahoo secure, but improve the security of the overall web ecosystem.”
But although Yahoo, Google, and others have upped their security game in light of the revelations about National Security Agency spying over the last year, the tracking practices tech firms rely on for advertising also appear to have made some covert government operations easier. [...] Read more »
The Guardian reports onquestions of privacy concerning “smart” cities — where data is increasingly collected on the habits of citizens and residents:
Privacy must play an instrumental role in any smart city strategy otherwise citizens might fear the introduction of other innovative technology, according to an executive at one of the world’s largest infrastructure companies.
Wim Elfrink, executive vice president of industry solutions and chief globalisation officer of Cisco, heads up the company’s smart cities team and warned that if cities did not give citizens the choice of whether or not to allow the government to use their data, they might opt-out of future initiatives. [...]
A number of councils have already installed a number of sensors around London with the aim of creating a smarter city. This is done through collecting large amounts of data – from information about available parking spaces, electricity usage and even refuse levels – before then analysing it and understanding problems they may not know existed. Read more »
In an analyst brief, “Why Your Data Breach Is My Problem,” for NSS Labs, Stefan Frei and Bob Walder discuss the wider effect of data security breaches on the use of identifiers such as Social Security Numbers and birth dates. Here’s an excerpt from the overview:
For authentication, users typically rely on only a small number of unique personal information attributes. The same information attributes are used in several places and inevitably are lost, in large numbers, through data breaches. Cyber criminals have built comprehensive profiles of millions of users, which they constantly refine with each new data breach. Once lost, breached data cannot be taken back. This rapid erosion of security (and also privacy) presents huge challenges as this same information, which many still consider “private,” is used across diverse services, both online and offline, While users can change login and password information after a breach, social security numbers (SSNs) and date of birth (DOB) information cannot be changed after such an event. Read more »
The Wall Street Journal reports that federal law enforcement officials have been able to find their way around some tools that individuals use to go online anonymously:
WASHINGTON—Law-enforcement agencies are increasingly finding ways to unmask users of a popular Web browser designed to hide identities and allow individuals to exist online anonymously.
To keep their identities secret, users and administrators of a recently shuttered child-pornography website used a browser called Tor that obscures the source of Web traffic, authorities said in March. Agents from Homeland Security Investigations tracked many of them down anyway, largely because of mistakes that even some of the most sophisticated users eventually make.
Tor and other programs designed to hide users’ identity online have grown in popularity as people try to protect their privacy in an age of digital surveillance. When paired with bitcoin or other virtual currencies that don’t use the banking system, Tor can help hide the identities of people behind financial transactions. Such programs also have become a tool for those seeking to evade the law, including child-pornography traders, hackers and other criminals, creating challenges for law enforcement. [...] Read more »