August 21st, 2014
The Washington Post reports on security breaches of medical information, which can create privacy problems for patients:
The recent theft of 4.5 million medical records by Chinese hackers highlights one undeniable truth about health care data: it’s valuable, and bad people want it. In this latest incident, hackers reportedly stole personal data from Community Health Systems patients, including their Social Security numbers, which is an especially coveted piece of information if you want to steal someone’s identity. But it appears that patients’ medical data and credit card numbers were not stolen in this case.
Thanks to some tougher federal reporting requirements for health-care data breaches in recent years, we have a better sense of when patient information goes missing or might have been inappropriately accessed by someone. [...]
The numbers aren’t pretty. Since federal reporting requirements kicked in, the U.S. Department of Health and Human Services’ database of major breach reports (those affecting 500 people or more) has tracked 944 incidents affecting personal information from about 30.1 million people. A majority of those records are tied to theft (17.4 million people), followed by data loss (7.2 million people), hacking (3.6 million) and unauthorized access accounts (1.9 million people), according to a Washington Post analysis of HHS data. These numbers don’t include the Community Health Systems data breach.
August 20th, 2014
The Sydney Morning Herald reports on a privacy proposal concerning peer-to-peer technology by computer scientists from Saarland University and the Center for IT Security, Privacy and Accountability (CISPA), in Germany, and the Italian IMT Institute for Advanced Studies:
A unique approach to crunching website visitor data promises the best of both worlds between accuracy and privacy.
Data leaned from people’s behaviour online is an important tool in everything from marketing to social planning, but consumers lose control over their privacy the more data is collected about them. [...]
[The computer scientists'] technology, known as Privada, uses peer-to-peer file sharing as the inspiration to send parts of website visitor data to different servers for processing and storage.
When Privada collects a behavioural metric on visitors (women aged 35-45, for example) it sends it to a third-party server. Other metrics are sent to other servers, so no central database has the complete picture.
Each server then adds up to 10 per cent of data “noise” to their records, enough to keep any single user from being identified and leaving the reassembled data 90 per cent accurate. [...] Read more »
August 19th, 2014
MIT Technology Review talks about privacy and security with John C. Inglis, a former deputy director at the National Security Agency and a current advisor to Securonix, a company selling security and surveillance software. Inglis was at the NSA at the time of the leaks by former NSA contractor Edward Snowden, which have revealed surveillance programs that have raised significant privacy and civil liberty questions.
Could technology be used to make mass surveillance programs more respectful of privacy? Former NSA cryptographer William Binney says that he helped build a system with such safeguards but that it was rejected by the agency’s leaders.
It would be foolhardy for NSA to reject technology that would at once help us pursue national security and defend privacy and civil liberties. I know it ultimately didn’t pass muster. There is incidental collection, as there are two sides to every communication in the world, but you’re bound by law and policy to treat innocents as innocent until you have compelling information to treat them otherwise. If you asked [NSA employees] how they compromise between privacy and national security, they would say that the question is flawed because they’re expected to do both.
August 18th, 2014
Forbes reports that Thomas “T.K.” Kinsey and Dustin Hoffman of Exigent Systems, an IT company, were able to hack into the surveillance system of law enforcement in Redlands, Calif.:
Redlands has over 140 surveillance cameras around the 70,000-person town that have helped the police spot and stop drunk drivers, brawlers, vandals, and people illegally smoking in parks, according to a case study on the site of Leverage Information Systems, the company that provided the camera system. [...]
The cameras were deployed as a mesh network, with camera nodes popping up as “available wireless networks” dubbed with names that were far from stealth, such as “RPD – West End.” The cameras used a proprietary mesh protocol to communicate but were not password-protected. Hoffman and Kinsey said that the protocol was fairly easily reverse-engineered and that tapping into the network was then easy, requiring no specialized hardware, and allowing anyone to have a police-eye’s view of the town. “All you need is a little Linux knowledge and some $20 Wi-Fi hardware,” says Hoffman. He and Kinsey mapped what the cameras watched, including the entrance to an adult video store. Read more »
August 15th, 2014
The Federal Trade Commission announced that it “has approved the Safe Harbor Program of iKeepSafe, also known as the Internet Keep Safe Coalition, as a safe harbor oversight program under the Children’s Online Privacy Protection Act (COPPA) and the agency’s COPPA Rule.”
The Commission’s COPPA Rule requires operators of online sites and services directed at children under the age of 13 to provide notice and obtain permission from a child’s parents before collecting personal information from that child. The COPPA safe harbor provision promotes flexibility and efficiency by encouraging industry members and others to develop their own COPPA oversight programs, known as “safe harbor” programs. [...]
The COPPA law directs the Commission to review proposals to create new oversight programs. The Commission determined that the iKeepSafe safe harbor program provides “the same or greater protections for children” as those contained in the COPPA Rule; effective mechanisms to assess operators’ compliance; effective incentives for operators’ compliance with the guidelines; and an adequate means for resolving consumer complaints.
August 14th, 2014
The Los Angeles Times reports on privacy questions surrounding fitness technology such as health-monitoring wristbands:
Digital devices and smartphone apps that track what we eat, how much we exercise, our weight, blood glucose and blood pressure, among other things, are widespread. [...]
There’s no shortage of mobile health apps, either. According to Forrester Research, by the end of 2013, 40,000 health and wellness apps were available for download. And more are coming.
As consumers increasingly use mobile apps and devices to capture and store health-related information, they can release personal data that may not be as confidential as they thought.
“Most apps are created by independent app developers, and you, for the most part, don’t know what’s happening to the information” you input, says Paul Stephens, director of policy and advocacy with San Diego-based Privacy Rights Clearinghouse. Read more »