September 15th, 2014
The New York Times reports that there are increasing concerns about student privacy nationwide:
At a New York state elementary school, teachers can use a behavior-monitoring app to compile information on which children have positive attitudes and which act out. In Georgia, some high school cafeterias are using a biometric identification system to let students pay for lunch by scanning the palms of their hands at the checkout line. [...]
Now California is poised to become the first state to comprehensively restrict how such information is exploited by the growing education technology industry.
Legislators in the state passed a law last month prohibiting educational sites, apps and cloud services used by schools from selling or disclosing personal information about students from kindergarten through high school; from using the children’s data to market to them; and from compiling dossiers on them. Read more »
September 12th, 2014
The Hill reports that technology companies including Google, Microsoft and Yahoo are pushing for Congress to vote on the E-mail Privacy Act, which would update the 1986 Electronic Communications Privacy Act (“ECPA,” also known as Title 18 § 2511 of the United States Code).
Google, Microsoft, AOL, Yahoo and scores of other technology titans are demanding congressional leaders allow a vote on a bill to grant new privacy protections to people’s emails.
The companies want a vote on the Email Privacy Act, a bill that counts more than half of the House as co-sponsors. The bill has yet to move since it was introduced last summer, and a companion measure in the Senate is also awaiting action.
The legislation would update the 1986 Electronic Communications Privacy Act, which allows police to conduct warrantless searches of people’s emails and other information stored on the “cloud” that are more than 180 days old. Critics on both sides of the aisle say the law is antiquated and undermines people’s privacy. [...] Read more »
September 11th, 2014
On Tuesday, computing company Apple announced several new products and services, including a smart watch (dubbed Apple Watch) and an electronic payment system (called Apple Pay). Because of the sensitive data involved (there’s financial data with Apple Pay and the smart watch has much of the personal data that a cellphone would have, and it can also use Apple’s HealthKit to gather medical information while a person exercises, such as heart rate), there are privacy questions to consider. The New York Times reports:
For years, Apple has offered Internet services like email and online calendars. But Tuesday, with the introduction of health-monitoring technology and a new service that will allow people to buy things wirelessly with some Apple devices, the Cupertino, Calif., company positioned itself as a caretaker of valuable personal information, like credit card numbers and heart rates.
Talk about unfortunate timing. Just last week, a number of celebrities, including the Oscar-winning actress Jennifer Lawrence, discovered that hackers broke into their Apple accounts, stole nude or provocative photos, and posted those photos on the Internet. [...]
Against that background, Apple faces two threats to its new services: one from hackers always looking for clever ways to steal financial information, and another from regulators increasingly interested in ensuring that information gleaned from health monitoring devices stays private. Read more »
September 10th, 2014
Government Technology reports on student-privacy legislation in California — SB 1177 (pdf) and AB 1584 (pdf).
California sent two bills to Gov. Jerry Brown last week that deal with two sides of the same coin. SB 1177 lays out privacy guidelines for operators of Internet websites, online services, online applications and mobile applications. Meanwhile, AB 1584 deals with contracts between local educational agencies and third-party technology vendors.
These bills address a growing problem of mismanagement of student data. Federal student privacy legislation including FERPA and COPPA do address student data privacy, but educators, privacy advocates, legislators and industry members are split on whether that legislation does enough to protect privacy in the Digital Age we live in. While new federal legislation was introduced in late July, states have been stepping up to deal with the issue, with at least 83 bills in 32 states being considered this year as of April, according to the Data Quality Campaign. [...] Read more »
September 9th, 2014
KrebsOnSecurity reported last week that retailer Home Depot suffered a massive security breach that affected the privacy of millions of customers’ financial information. On Monday, the site reported: “The apparent credit and debit card breach uncovered last week at Home Depot was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December, according to sources close to the investigation.” Now, the New York Times is reporting that Home Depot has confirmed the security breach affecting U.S. and Canadian customers:
Home Depot confirmed on Monday that hackers had broken into its in-store payments systems, in what could be the largest known breach of a retail company’s computer network.
The retailer said the exact number of customers affected was still not clear. But a person briefed on the investigation said the total number of credit card numbers stolen at Home Depot could top 60 million. By comparison, the breach last year at Target, the largest known attack to date, affected 40 million cardholders.
The breach may have affected any customer at Home Depot stores in the United States and Canada from April to early last week, said Paula Drake, a company spokeswoman. [...] Read more »
September 9th, 2014
IDG News Service reports on research from the University of New Haven’s Cyber Forensics Research and Education Group concerning privacy and security problems with popular apps on Google’s Android mobile devices:
Instagram, Grindr, OkCupid and many other Android applications fail to take basic precautions to protect their users’ data, putting their privacy at risk, according to new study.
The findings comes from the University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG), which earlier this year found vulnerabilities in the messaging applications WhatsApp and Viber.
This time, they expanded their analysis to a broader range of Android applications, looking for weaknesses that could put data at risk of interception. The group will release one video a day this week on their YouTube channel highlighting their findings, which they say could affect upwards of 1 billion users. [...] Read more »