The National Institute of Standards and Technology has released a “Discussion Draft of the Preliminary Cybersecurity Framework” (pdf). A February executive order, “Improving Critical Infrastructure Cybersecurity,” included instructions to NIST “to lead the development of a framework to reduce cyber risks to critical infrastructure (the “Cybersecurity Framework”). The Cybersecurity Framework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks.” (Read the full executive order to learn more details about what President Obama required of NIST.) Such technological requirements could affect individuals’ privacy rights.
Archive for the ‘Uncategorized’ Category
The Associated Press reports that, in the aftermath of the shootings at Sandy Hook in Connecticut and Navy Yard in D.C., Montana lawmakers are considering background checks for the mentally ill.
HELENA, Mont. — Mass shootings such as the recent Washington Navy Yard killings have prompted Montana lawmakers to examine whether the state should turn over mental illness records to the federal government for background checks in gun purchases.
The Montana Department of Justice fielded calls from the public and lawmakers about how the state handles background checks for the mentally ill after the deaths of 26 children and adults at Sandy Hook Elementary School in Newtown, Conn., in December, Deputy Attorney General Jon Bennion told a legislative panel Thursday.
Monday’s shootings that killed 12 people and the gunman at the Navy Yard only increased that scrutiny. [...] Read more »
I’ve written about the privacy and civil liberty issues connected with the use of license-plate-scanner recognition technology to gather and record drivers’ movements. Often, we don’t know what the restrictions are on the collection and use of the data. (See a previous post for more information on the camera surveillance technology.) The American Civil Liberties Union has released a new report(pdf) on license-plate readers and how they are used as surveillance devices. The ACLU says in its press release: “The study found that not only are license plate scanners widely deployed, but few police departments place any substantial restrictions on how they can be used. The approach in Pittsburg, Calif., is typical: a police policy document there says that license plate readers can be used for ‘any routine patrol operation or criminal investigation,’ adding, ‘reasonable suspicion or probable cause is not required.’ While many police departments do prohibit police officers from using license plate readers for personal uses such as tracking friends, these are the only restrictions. As New York’s Scarsdale Police Department put it in one document, the use of license plate readers ‘is only limited by the officer’s imagination.’”
The ACLU says its report “has over a dozen specific recommendations for government use of license plate scanner systems, including: police must have reasonable suspicion that a crime has occurred before examining the data; unless there are legitimate reasons to retain records, they should be deleted within days or weeks at most; and, people should be able to find out if their cars’ location history is in a law enforcement database.”
Here’s an excerpt from “You Are Being Tracked: How License Plate Readers Are Being Used to Record Americans’ Movements.” Read more »
To recap: In 2009, Google came under fire for its Street View product, where the online services giant photographed homes and other buildings in numerous countries as part of its online mapping service, as individuals said the photos invaded their privacy. Then, in 2010, Google announced that, for more than three years — in more than 30 countries — it had been “mistakenly collecting” personal data from open WiFi networks as its vehicles roamed the streets taking photos for its Street View mapping service. Later, the company admitted the data collected — without individuals’ knowledge or consent — included entire e-mails and passwords. And it was revealed that “Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data available through Google.com.” In October 2010, the Federal Trade Commission announced that (pdf) it had closed an investigation into possible privacy breaches by Google’s Street View after the company pledged to stop gathering consumers’ e-mail, passwords and other personal data. In April, the Federal Communications Commission decided (redacted pdf) that it would not take enforcement action against the company over this data collection and retention, but it would fine Google $25,000 for impeding the agency’s investigation into the private data collected and retained via its Street View product.
The online services giant also faced questions from states over the data collection. Last month, the Washington Post reports that Google has reached a settlement (Connecticut pdf; archive pdf) with 38 states and the District of Columbia over the collection and retention of individuals’ personal data through its Street View product, but the company will only have to pay $7 million total and implement a privacy program.
AdWeek reports that new Federal Trade Commission Chairwoman Edith Ramirez is calling for a universal Do Not Track system rather than the self-regulatory system that advertisers have been pushing:
In her first speech before the advertising industry, newly minted Federal Trade Commission chairwoman Edith Ramirez called once again for a universal solution for Do Not Track. While Ramirez didn’t say the Digital Advertising Alliance’s self-regulatory program was not enough, it was implied in her remarks.
“Consumers await a functioning Do Not Track system, which is long overdue,” Ramirez said. “We advocated for a persistent Do Not Track mechanism that allows consumers to stop control of data across all sites, and not just for targeting ads.” [...]
Ramirez’s position on Do Not Track stunned the attendees at the American Advertising Federation’s annual advertising day on Capitol Hill, who thought they had responded to the FTC’s call two years ago to develop a program that allows consumers to opt-out of targeted ads. [...]
Microsoft and Mozilla have turned into a giant headache for the advertising industry, forcing the DAA to put out a policy statement last year that advertisers would not honor the Microsoft browser because its default setting did not give advertisers choice.
Laura Murphy, director of the Washington Legislative Office at the American Civil Liberties Union, and Grover Norquist, president of Americans for Tax Reform, announced the launch of a new effort to apply Fourth Amendment privacy and civil liberty protections to all digital content in an opinion column for Politico.
Imagine if federal agents, without a search warrant, listened to your telephone conversations, read your mail and seized private records you kept in a locked file cabinet. Imagine they did so without having probable cause to believe you were involved in a committed crime. Finally, imagine that the statutes they relied on were written in the days before most people even had telephones.
Living in the United States, these extraordinary invasions of privacy are prohibited by the Fourth Amendment to the Constitution, which protects Americans from “unreasonable searches and seizures” of their “persons, houses, papers and effects.” In many instances, this is true, so it is hard to believe that your digital life is not protected from federal agents by the Fourth Amendment.
In the age of the Internet, your privacy is not Fourth Amendment safe. [...] Read more »