Privacy and technology

Jul 09

Theodoric Meyer (ProPublica) | US | No warrant, no problem - How the Government can get your digital data -

From the article:

"The government isn’t allowed to wiretap American citizens without a warrant from a judge. But there are plenty of legal ways for law enforcement, from the local sheriff to the FBI to the Internal Revenue Service, to snoop on the digital trails you create every day. […] Here’s a look at what the government can get from you and the legal framework behind its power: […]"

Jul 08

Chris Sonderby (Facebook) | US | Fighting bulk search warrants in Court -

From the blog post:

"Since last summer, we’ve been fighting hard against a set of sweeping search warrants issued by a court in New York that demanded we turn over nearly all data from the accounts of 381 people who use our service, including photos, private messages and other information. This unprecedented request is by far the largest we’ve ever received—by a magnitude of more than ten—and we have argued that it was unconstitutional from the start."

See also: Facebook’s opening brief, PDF.

Jul 07

FTC | US | Privacy & data security update (2014) [PDF linked from this page] -

From ‘Privacy’:

"The FTC has brought enforcement actions addressing a wide range of privacy issues, including spam, social networking, behavioral advertising, pretexting, spyware, peer-to-peer file sharing, and mobile. These matters include over 130 spam and spyware cases and more than 40 general privacy lawsuits."

See also: Full text, PDF.

(Source: epic.org)

Jul 06

Hunton & Williams LLP (Centre for Information Policy Leadership) | US | A risk-based approach to privacy - improving effectiveness in practice [PDF linked from this page] -

From the text:

"Principle-based data privacy laws often leave room for interpretation, leaving it both to organisations to make appropriate decisions on how to implement these principles and to regulators on how to interpret and enforce the law. The Privacy Risk Framework Project aims to bridge the gap between high-level privacy principles on one hand, and compliance on the ground on the other, by developing a methodology for organisations to apply, calibrate and implement abstract privacy obligations based on the actual risks and benefits of the proposed data processing. While certain types of risk assessments are already an integral part of accountable organisations’ privacy management programs, they require further development. This project seeks to build consensus on what is meant by privacy risks to individuals (and society) and to create a practical framework to identify, prioritise and mitigate such risks so that principle-based privacy obligations can be implemented appropriately and effectively."

See also: Full text, PDF.

(Source: huntonprivacyblog.com)

Jul 05

Symantec | Dragonfly - Cyberespionage attacks against energy suppliers [PDF linked from this page] -

From ‘Overview’:

"A cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to the energy supply in the affected countries. The Dragonfly group, which is also known by other vendors as Energetic Bear, are a capable group who are evolving over time and targeting primarily the energy sector and related industries. They have been in operation since at least 2011 but may have been active even longer than that. Dragonfly initially targeted defense and aviation companies in the US and Canada before shifting its focus to US and European energy firms in early 2013. More recent targets have included companies related to industrial control systems."

See also: Full text, PDF.

(Source: Ars Technica)

Jul 04

Adam D.I. Kramer, Jamie E. Guillory, and Jeffrey T. Hancock | Experimental evidence of massive-scale emotional contagion through social networks -

From the Abstract:

"Emotional states can be transferred to others via emotional contagion, leading people to experience the same emotions without their awareness. […] In an experiment with people who use Facebook, we test whether emotional contagion occurs outside of in-person interaction between individuals by reducing the amount of emotional content in the News Feed. When positive expressions were reduced, people produced fewer positive posts and more negative posts; when negative expressions were reduced, the opposite pattern occurred. These results indicate that emotions expressed by others on Facebook influence our own emotions, constituting experimental evidence for massive-scale contagion via social networks. This work also suggests that, in contrast to prevailing assumptions, in-person interaction and nonverbal cues are not strictly necessary for emotional contagion, and that the observation of others’ positive experiences constitutes a positive experience for people."

(Source: laboratorium.net)

Jul 03

Peter Bright (Ars Technica) | US | We don't need net neutrality; we need competition -

From ‘The real problem is competition’:

"All these questions, however, dance around the real issue. The reason that these ISP policies are so troublesome, and the concerns over network neutrality so grave, is that the ISP market in the US is remarkably uncompetitive. It wouldn’t be a big deal if Verizon’s Netflix performance were suffering so long as Verizon’s DSL and FiOS customers had abundant ISP alternatives offering similar performance. Indeed, such competitive pressure would probably prevent Verizon’s Netflix performance from dropping in the first place."

Jul 02

Robert McMillan (Wired) | US | What everyone gets wrong in the debate over net neutrality -

From the article:

"The concepts driving today’s net neutrality debate caught on because the internet used to operate differently—and because they were easy for consumers to understand. In many respects, these concepts were vitally important to the evolution of the internet over the past decades. But in today’s world, they don’t address the real issue with the country’s ISPs, and if we spend too much time worried about fast lanes, we could hurt the net’s progress rather than help it."

(Source: aclu.org)

Jul 01

EU Court of Justice | EU | Judgment of the Court (Fourth Chamber) [...] In Case C-360/13 -

From the judgment:

"63. […] the answer to the question referred is that Article 5 of Directive 2001/29 must be interpreted as meaning that the on-screen copies and the cached copies made by an end-user in the course of viewing a website satisfy the conditions that those copies must be temporary, that they must be transient or incidental in nature and that they must constitute an integral and essential part of a technological process, as well as the conditions laid down in Article 5(5) of that directive, and that they may therefore be made without the authorisation of the copyright holders."

(Source: Ars Technica)

Jun 30

Supreme Court of the United States | US | Syllabus, Riley v. California [PDF] -

From ‘Opinion of the Court’:

"Modern cell phones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans ‘the privacies of life,’ […]. The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of theprotection for which the Founders fought. Our answer to the question of what police must do before searching a cell phone seized incident to an arrest is accordingly simple - get a warrant."

(Source: Ars Technica)

Jun 29

Nathan Freed Wessler (Al Jazeera America) | US | Trickle down surveillance -

From the article:

"Cell site simulators, also known as ‘stingrays,’ are devices that trick cellphones into reporting their locations and identifying information. They do so by mimicking cellphone towers and sending out electronic cues that allow the police to enlist cellphones as tracking devices, thus revealing people’s movements with great precision. The equipment also sends intrusive electronic signals through the walls of private homes and offices, learning information about the locations and identities of phones inside."

See also: ACLU coverage of Stingray tracking devices.

Jun 28

Kim Zetter (Wired) | Researchers find and decode the spy tools governments use to hijack phones -

From the blog post:

"Newly uncovered components of a digital surveillance tool used by more than 60 governments worldwide provide a rare glimpse at the extensive ways law enforcement and intelligence agencies use the tool to surreptitiously record and steal data from mobile phones."

See also: Research by CitizenLabs, Research by Kapersky.

(Source: techdirt.com)

Jun 27

Alexandrine Pirlot (Privacy International) | Addressing the right to privacy at the United Nations -

From the blog post:

"What do Egypt, Kenya, Turkey, Guinea, and Sweden have in common? Despite having a Constitutional right to privacy, they are adopting and enforcing policies that directly challenge this human right. These states are also up for a Universal Periodic Review this year before the United Nations Human Rights Council. UPRs are a mechanism within the Council aimed at improving the human rights situation in all countries and address human rights violations wherever they occur. […] This year, we submitted reports on Egypt, Kenya, Guinea, Sweden, and Turkey, and will make a submission on the US and Belgium later in the year. We hope that the Human Rights Council within the UPR process will address the privacy concerns raised by Privacy International and its partners of the need to protect privacy rights in these countries."

Country reports, PDF: Egypt, Turkey, Guinea, Kenya, Sweden.

Jun 26

EMC | EMC privacy index -

From the overview page:

"The 2014 EMC Privacy Index surveyed 15,000 people in 15 countries to produce a ranking of nations based on consumer perceptions and attitudes about data privacy, and their willingness to trade privacy for greater convenience and benefits online."

See also: Global and in-depth country results, PDF.

(Source: nakedsecurity.sophos.com)

Jun 25

Sara M. Watson (Nextgov.com) | Data doppelgängers and the uncanny valley of personalization -

From the article:

"Google thinks I’m interested in parenting, superhero movies, and shooter games. The data broker Acxiom thinks I like driving trucks. My data doppelgänger is made up of my browsing history, my status updates, my GPS locations, my responses to marketing mail, my credit card transactions, and my public records.Still, it constantly gets me wrong, often to hilarious effect. I take some comfort that the system doesn’t know me too well, yet it is unnerving when something is misdirected at me. Why do I take it so personally when personalization gets it wrong?"

(Source: bof.nl)