April 8th, 2014
The Washington Post reports on attempts by Internet services company Yahoo to better protect its users’ privacy:
On Wednesday, Yahoo’s freshly minted Chief Information Security Officer Alex Stamos announced the company had implemented a series of stronger security and privacy measures, including securing traffic that moves between their servers and encrypting most search queries automatically.
This is a major step for Yahoo which has been dogged by critics for years for lagging behind its competitors on some basic privacy and security measures. In a Tumblr post, the company proclaims its latest announcement is only the start of a broader mission “to not only make Yahoo secure, but improve the security of the overall web ecosystem.”
But although Yahoo, Google, and others have upped their security game in light of the revelations about National Security Agency spying over the last year, the tracking practices tech firms rely on for advertising also appear to have made some covert government operations easier. [...] Read more »
April 8th, 2014
The Guardian reports onquestions of privacy concerning “smart” cities — where data is increasingly collected on the habits of citizens and residents:
Privacy must play an instrumental role in any smart city strategy otherwise citizens might fear the introduction of other innovative technology, according to an executive at one of the world’s largest infrastructure companies.
Wim Elfrink, executive vice president of industry solutions and chief globalisation officer of Cisco, heads up the company’s smart cities team and warned that if cities did not give citizens the choice of whether or not to allow the government to use their data, they might opt-out of future initiatives. [...]
A number of councils have already installed a number of sensors around London with the aim of creating a smarter city. This is done through collecting large amounts of data – from information about available parking spaces, electricity usage and even refuse levels – before then analysing it and understanding problems they may not know existed. Read more »
April 7th, 2014
The World Privacy Forum has released a new report, “The Scoring of America” (pdf), concerning new types of consumer scoring and how they can affect individuals. Here’s an excerpt from the introduction:
To score is human. Ranking individuals by grades and other performance numbers is as old as human society. Consumer scores — numbers given to individuals to describe or predict their characteristics, habits, or predilections — are a modern day numeric shorthand that ranks, separates, sifts, and otherwise categorizes individuals and also predicts their potential future actions.
Consumer scores abound today. Credit scores based on credit files receive much public attention, but many more types of consumer scores exist. They are used widely to predict behaviors like, spending, health, fraud, profitability, and much more. These scores rely on petabytes of information coming from newly available data streams. The information can be derived from many data sources and can contain financial, demographic, ethnic, racial, health, social, and other data. […]
Predictive scores bring varying benefits and drawbacks. Scores can be correct, or they can be wrong or misleading. Consumer scores – created by either the government or the private sector – threaten privacy, fairness, and due process because scores, particularly opaque scores with unknown ingredients or factors, can too easily evade the rules established to protect consumers. Read more »
April 4th, 2014
In an analyst brief, “Why Your Data Breach Is My Problem,” for NSS Labs, Stefan Frei and Bob Walder discuss the wider effect of data security breaches on the use of identifiers such as Social Security Numbers and birth dates. Here’s an excerpt from the overview:
For authentication, users typically rely on only a small number of unique personal information attributes. The same information attributes are used in several places and inevitably are lost, in large numbers, through data breaches. Cyber criminals have built comprehensive profiles of millions of users, which they constantly refine with each new data breach. Once lost, breached data cannot be taken back. This rapid erosion of security (and also privacy) presents huge challenges as this same information, which many still consider “private,” is used across diverse services, both online and offline, While users can change login and password information after a breach, social security numbers (SSNs) and date of birth (DOB) information cannot be changed after such an event. Read more »
April 3rd, 2014
The Wall Street Journal reports that federal law enforcement officials have been able to find their way around some tools that individuals use to go online anonymously:
WASHINGTON—Law-enforcement agencies are increasingly finding ways to unmask users of a popular Web browser designed to hide identities and allow individuals to exist online anonymously.
To keep their identities secret, users and administrators of a recently shuttered child-pornography website used a browser called Tor that obscures the source of Web traffic, authorities said in March. Agents from Homeland Security Investigations tracked many of them down anyway, largely because of mistakes that even some of the most sophisticated users eventually make.
Tor and other programs designed to hide users’ identity online have grown in popularity as people try to protect their privacy in an age of digital surveillance. When paired with bitcoin or other virtual currencies that don’t use the banking system, Tor can help hide the identities of people behind financial transactions. Such programs also have become a tool for those seeking to evade the law, including child-pornography traders, hackers and other criminals, creating challenges for law enforcement. [...] Read more »
April 2nd, 2014
The New York Times reports that Peter Hustinx, the European Data Protection Supervisor, is urging on changes to a European data privacy law:
BRUSSELS — The top data protection official for the European Union called Tuesday for member governments to restore public trust in the Internet by pressing ahead with an overhaul of the bloc’s electronic privacy laws by the end of this year.
The official, Peter Hustinx, the European data protection supervisor, also called on President Obama to stick to his pledge to review American privacy rules in the wake of disclosures that have exposed the vast reach of government surveillance that has shaken trans-Atlantic relations.
Legislation to revamp European digital privacy law has been in the works since November 2010, when the European Union’s justice commissioner, Vivian Reding, first proposed updating rules set during the mid-1990s in the early part of the Internet era. She presented her version of the legislation in January 2012. Read more »