August 26th, 2014
At Yahoo Tech, columnist Dan Tynan discusses children’s privacy and how their data is used by schools:
Every student in every school district generates hundreds of data points each year — from their race and gender to their economic status, behavioral issues, biometric data, health status, and more. This tsunami of data is then absorbed and stored by school districts, state databases, educational service providers, websites, and app makers.
Of course, schools have been collecting data on students since there have been schools. In the past, though, this information was squirreled away in filing cabinets or just on computers used in district offices. Now it lives in the cloud, and it’s being accessed by non-educators who want to apply the principles of big data analysis to it.
What could go wrong? Plenty. Potentially damaging information about your child’s medical conditions or behavioral issues could accidentally leak or be exposed by hackers. Private companies could decide to use the information for commercial purposes. Potential employers, insurance companies, or other government agencies may someday lobby to get their hands on this data. [...] Read more »
August 25th, 2014
At Forbes, Evan Selinger (an associate professor of philosophy at Rochester Institute of Technology) has an opinion column about why privacy is important to philosophy and why he makes it part of his curriculum:
Not too long ago, a privacy course in the humanities would be of limited interest. Many students were predisposed to believe that privacy issues mostly concerned bad things that happened to indiscreet blabbermouths or anxiety experienced by folks with skeletons in the closet—you know, people with something to hide.
But since privacy became a headline-grabbing issue, things have changed. Edward Snowden’s revelations about NSA activity, fast-moving developments in surveillance and online information and communication technology, potent advances in data storage and analysis, and the emergence of powerful data brokers have all played a part in making privacy a matter of great daily concern for everyone. Read more »
August 24th, 2014
The Washington Post reports on technology that allows the global surveillance and secret tracking of cellphone users:
Makers of surveillance systems are offering governments across the world the ability to track the movements of almost anybody who carries a cellphone, whether they are blocks away or on another continent.
The technology works by exploiting an essential fact of all cellular networks: They must keep detailed, up-to-the-minute records on the locations of their customers to deliver calls and other services to them. Surveillance systems are secretly collecting these records to map people’s travels over days, weeks or longer, according to company marketing documents and experts in surveillance technology.
The world’s most powerful intelligence services, such as the National Security Agency and Britain’s GCHQ, long have used cellphone data to track targets around the globe. But experts say these new systems allow less technically advanced governments to track people in any nation — including the United States — with relative ease and precision. [...] Read more »
August 22nd, 2014
The National Association of Criminal Defense Lawyers has released a white paper, “What’s Old Is New Again: Retaining Fourth Amendment Protections in Warranted Digital Searches (Pre-Search Instructions and Post-Search Reasonableness),” concerning law enforcement officials’ searches of digital evidence. Here’s an excerpt from the introduction:
New technologies have challenged the jurisprudence of Fourth Amendment searches and seizures. Despite the disruptive and transformational changes that digital technologies have brought to our society, the constitutional prerequisites for searches and seizures of digital evidence should be no different than searching a physical place. Neither the technological sophistication nor the diminutive physical dimensions of a device to be searched are dispositive of the privacy interests in the information stored on the device.
The fact that computers, external file storage and cloud servers are employed does not require one to alter the high threshold that must be met to justify government intrusion. Each new technology that affords a different type of private place to preserve private communications does not require a different standard for the search and seizure of its contents than is constitutionally required for the search of a file cabinet or the search of a home. What is different is the amount of private information that can be improperly searched and the substantially greater intrusion upon privacy and Fourth Amendment interests that may result.
One must look to the Fourth Amendment to define the limits of such searches and then ask whether the existing policies, procedures and guidelines applied to the technologies of the day appropriately mirror our fundamental constitutional values. Currently, they do not. The starting point cannot be that everything is fair game. [...] Read more »
August 21st, 2014
The Washington Post reports on security breaches of medical information, which can create privacy problems for patients:
The recent theft of 4.5 million medical records by Chinese hackers highlights one undeniable truth about health care data: it’s valuable, and bad people want it. In this latest incident, hackers reportedly stole personal data from Community Health Systems patients, including their Social Security numbers, which is an especially coveted piece of information if you want to steal someone’s identity. But it appears that patients’ medical data and credit card numbers were not stolen in this case.
Thanks to some tougher federal reporting requirements for health-care data breaches in recent years, we have a better sense of when patient information goes missing or might have been inappropriately accessed by someone. [...]
The numbers aren’t pretty. Since federal reporting requirements kicked in, the U.S. Department of Health and Human Services’ database of major breach reports (those affecting 500 people or more) has tracked 944 incidents affecting personal information from about 30.1 million people. A majority of those records are tied to theft (17.4 million people), followed by data loss (7.2 million people), hacking (3.6 million) and unauthorized access accounts (1.9 million people), according to a Washington Post analysis of HHS data. These numbers don’t include the Community Health Systems data breach.
August 20th, 2014
The Sydney Morning Herald reports on a privacy proposal concerning peer-to-peer technology by computer scientists from Saarland University and the Center for IT Security, Privacy and Accountability (CISPA), in Germany, and the Italian IMT Institute for Advanced Studies:
A unique approach to crunching website visitor data promises the best of both worlds between accuracy and privacy.
Data leaned from people’s behaviour online is an important tool in everything from marketing to social planning, but consumers lose control over their privacy the more data is collected about them. [...]
[The computer scientists'] technology, known as Privada, uses peer-to-peer file sharing as the inspiration to send parts of website visitor data to different servers for processing and storage.
When Privada collects a behavioural metric on visitors (women aged 35-45, for example) it sends it to a third-party server. Other metrics are sent to other servers, so no central database has the complete picture.
Each server then adds up to 10 per cent of data “noise” to their records, enough to keep any single user from being identified and leaving the reassembled data 90 per cent accurate. [...] Read more »