NetFlix Cancels Recommendation Contest After Privacy Lawsuit: Via Threat Level.

Netflix is canceling its second $1 million Netflix Prize to settle a legal challenge that it breached customer privacy as part of the first contest’s race for a better movie-recommendation engine.

Friday’s announcement came five months after Netflix had announced a successor to its algorithm-improvement contest. The company at the time said it intended to expand the amount of information it gave to researchers in hopes that its recommendation system — a key part of Netflix’s customer retention strategy — would get even better. That was then followed with a warning by prominent data privacy lawyers that the new dataset was easily de-anonymized.

Those fears were highlighted in December, when an in-the-closet lesbian mother sued Netflix for privacy invasion, alleging the movie-rental company made it possible for her to be outed when it disclosed insufficiently anonymous information about nearly half-a-million customers as part of its $1 million contest. [ Read more ... ]

Best Practices for Government Datasets: Wrap-Up: Via Freedom to Tinker.

[This is the fifth and final post in a series on best practices for government datasets by Harlan Yu and me. (previous posts: 1, 2, 3, 4)]

For our final post in this series, we'll discuss several issues not touched on by earlier posts, including data signing and the use of certain non-text file formats. The relatively brief discussions of these topics should not be interpreted as an indicator of their importance. The topics simply did not fit cleanly into earlier posts.

One significant omission from earlier posts is the issue of data signing with digital signatures. Before discussing this issue, let's briefly discuss what a digital signature is. Suppose that you want to email me an IOU for $100. Later, I may want to prove that the IOU came from you—it's of little value if you can claim that I made it up. Conversely, you may want the ability to prove whether the document has been altered. Otherwise, I could claim that you owe me $100,000. [ Read more ... ]

TJX Hacking Conspirator Gets 4 Years: Via Threat Level.

Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking.

Zaman, a 33-year-old former network security manager at Barclays Bank, was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Payment Systems and numerous other companies to steal data on more than 100 million credit and debit card accounts.

Zaman pleaded guilty in April to one count of conspiracy. His sentence includes three years of supervised release with the condition that Zaman must disclose his conviction to any future employer. Upon release, Zaman will not be barred from using computers. [ Read more ... ]

The Beginning of the End of Data Retention: Via EFF.org Updates.

Last week, the German Constitutional Court issued a much-anticipated decision, striking down its data retention law as violating human rights. It was an important victory for Europe’s Freedom Not Fear movement, which was formed to oppose the EU Data Retention Directive. But it was also a reminder of the political work which remains to be done to defeat it.

When the European Union first passed the Data Retention Directive in 2006, despite a hard-fought campaign by European activists, it seemed like the beginning of the end for Internet privacy. The directive sought to require telecommunications service providers operating in Europe to retain a detailed history of each of their customers' activity for up to 2 years for possible use by law enforcement; including phone calls made and emails sent and received.

The response from European citizens was swift and outraged. Under the banner of Freedom Not Fear, mass protests were held in cities all across Europe and beyond. [ Read more ... ]

Feds: TSA Worker Tried to Sabotage Terror Database: Via Threat Level.

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network. [ Read more ... ]

Hi-tech governments growing keener on snooping, says report | Pinsent Masons LLP: Via Pinsent Masons LLP at Out-Law.com .

Western industrial countries are becoming more willing to spy on their citizens, according to an analysis of snooping that says that the UK is sixth in a world ranking for electronic state surveillance.

Privacy technology company CryptoHippie has produced its second annual report on surveillance trends and says in it that countries that previously showed restraint in their monitoring of individuals have lost some of that self-control.

"When we produced our first Electronic Police State report, the top ten nations were of two types: those that had the will to spy on every citizen, but lacked ability [and] those who had the ability, but were restrained in will," it said in its 2010 report. "This is changing: the able have become willing and their traditional restraints have failed." [ Read more ... ]

Classmates.com’s Facebook Mimicking Prompts Privacy Suit: Via Threat Level.

The long-lost pal locating site, Classmates.com, has been hit with a class action privacy lawsuit alleging the company violated the law when it decided to make user profiles public in order to compete with Facebook.

The suit alleges that Classmates.com duped its paying customers in late January when it sent them an e-mail saying that members would have to opt-out of new Facebook and iPhone apps to keep their data private. That’s a massive change to the site’s privacy policy and violates federal and Washington State privacy and fairness laws, according to the suit (.pdf) filed in a Washington State federal district court March 5.

Classmates.com has long kept user information non-public, and only paying members can read e-mails sent to them by others, see ‘old friends’ on a map, and see who has been looking at their profile. While the site has some 3 million paying users, it’s been eclipsed by sites like Facebook and MySpace, which have more members, more public profiles and don’t charge.

In order to keep up, Classmates.com decided to make “public Classmates content available to people using a variety of sites and devices, including Facebook and the iPhone,” according to a January 30 e-mail sent to users. [ Read more ... ]

Government No-Fly List Includes the Dead: Via Threat Level.

You may be dying, figuratively, to get off the government’s no-fly list, but death won’t guarantee removal.

The government’s no-fly list includes the names of dead suspects, according to government officials who spoke with the Associated Press, to help catch people who may try to assume the suspect’s identity.

The no-fly list has been shrouded in mystery since it was first developed after the 9/11 attacks. How people get on the list or get off it has been a closely guarded secret, with only bits of information made public during congressional hearings.

The AP has pieced together the broad steps it takes for someone to get on the list, and some of the changes the list has undergone since it was first created nine years ago. [ Read more ... ]

New "Smart Meters" for Energy Use Put Privacy at Risk: Via EFF.org Updates.

The ebb and flow of gas and electricity into your home contains surprisingly detailed information about your daily life. Energy usage data, measured moment by moment, allows the reconstruction of a household's activities: when people wake up, when they come home, when they go on vacation, and maybe even when they take a hot bath.

California's PG&E is currently in the process of installing "smart meters" that will collect this moment by moment data—750 to 3000 data points per month per household—for every energy customer in the state. These meters are aimed at helping consumers monitor and control their energy usage, but right now, the program lacks critical privacy protections.

That's why EFF and other privacy groups filed comments with the California Public Utilities Commission Tuesday, asking for the adoption of strong rules to protect the privacy and security of customers' energy-usage information. Without strong protections, this information can and will be repurposed by interested parties. It's not hard to imagine a divorce lawyer subpoenaing this information, an insurance company interpreting the data in a way that allows it to penalize customers, or criminals intercepting the information to plan a burglary. Marketing companies will also desperately want to access this data to get new intimate new insights into your family's day-to-day routine–not to mention the government, which wants to mine the data for law enforcement and other purposes. [ Read more ... ]

The N.Y.P.D. Is Watching Certain People: Via NYTimes.com .

From 2004 through 2009, in a policy that has gotten completely out of control, New York City police officers stopped people on the street and checked them out nearly three million times, frisking and otherwise humiliating many of them.

Upward of 90 percent of the people stopped are completely innocent of any wrongdoing. And yet the New York Police Department is compounding this intolerable indignity by compiling an enormous and permanent computerized database of these encounters between innocent New Yorkers and the police.

Not only are most of the people innocent, but a vast majority are either black or Hispanic. There is no defense for this policy. It’s a gruesome, racist practice that should offend all New Yorkers, and it should cease. [ Read more ... ]

Supreme Court Takes ‘Informational Privacy’ Case: Via Threat Level.

The U.S. Supreme Court is agreeing to decide how much personal information the federal bureaucracy may acquire on its workers.

The justices, without comment, decided Monday to review a lower-court decision surrounding the concept of so-called “informational privacy.” The 9th U.S. Circuit Court of Appeals in San Francisco struck down intrusive background checks last year on nearly three dozen National Aeronautics and Space Administration contractors as being too invasive — calling them an unconstitutional, “broad inquisition.”

The checks sought information from any source surrounding their sex lives, finances and even drug use. The contractors being investigated were not privy to classified information. [ Read more ... ]

Major ISPs Help Fund BitTorrent User Tracking Research: Via Slashdot YRO.

An anonymous reader writes "I was scanning conference proceedings to come up with ideas for a reading group I run at my workplace, and I noticed an interesting paper from the new IEEE WIFS forensics conference. Researchers from the University of Colorado have published a technique for tracking BitTorrent users (PDF) by joining and actively probing torrent swarms using low-cost cloud computing services. They claim their methods allowed them to monitor the entire Pirate Bay torrent set for as little as $13/mo using EC2. But that's not even the interesting part. Their work appears to have been 'funded in part through gifts from PolyCipher' — a broadband ISP consortium. That's right; three major national ISPs funded this round of BitTorrent tracking research, not the MPAA/RIAA. Could this be evidence of ISP support for ACTA and a global three-strikes law?"

Read Original Article:(Via Slashdot.)

Worker ID Card at Center of Immigration Plan: Via Wall Street Journal.

Lawmakers working to craft a new comprehensive immigration bill have settled on a way to prevent employers from hiring illegal immigrants: a national biometric identification card all American workers would eventually be required to obtain.

Under the potentially controversial plan still taking shape in the Senate, all legal U.S. workers, including citizens and immigrants, would be issued an ID card with embedded information, such as fingerprints, to tie the card to the worker.

The ID card plan is one of several steps advocates of an immigration overhaul are taking to address concerns that have defeated similar bills in the past.

The uphill effort to pass a bill is being led by Sens. Chuck Schumer (D., N.Y.) and Lindsey Graham (R., S.C.), who plan to meet with President Barack Obama as soon as this week to update him on their work. An administration official said the White House had no position on the biometric card. [ Read more ... ]

"Your Papers, Please!" - Get Your Fingerprints Ready! Cross-Party Senate Alliance Pushing National ID Card: Via Lauren Weinstein's Blog.

Greetings. According to the Wall Street Journal, U.S. Senate immigration reform advocates Chuck Schumer and Lindsey Graham are proposing a mandatory biometric (e.g. fingerprint-based) National ID Card system, and are attempting to brush away privacy concerns as trivial and irrelevant.

Touted as "merely" a "right-to-work" card aimed at addressing illegal immigration concerns, there's simply no fast-talking around the fact that this plan will set in motion a massive national ID infrastructure that will ultimately penetrate every aspect of our lives. Anyone who suggests otherwise is -- sorry to say -- either a liar or a fool. [ Read more ... ]

The Cell Phone Network: Law Enforcement's Surveillance Dream: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Yesterday, WNYC's On the Media (OTM) profiled our cell phone tracking case. In this case, the ACLU, Center for Democracy and Technology and the Electronic Frontier Foundation (EFF) asked the court to require that the government at least show probable cause before it can ask a wireless provider to fork over information about your whereabouts using GPS or cell tower tracking via your cell phone. We won in the district court (PDF); the government appealed that decision to the 3rd Circuit. [ Read more ... ]

Correcting Errors and Making Changes: Via Freedom to Tinker.

[This is the fourth post in a series on best practices for government datasets by Harlan Yu and me. (previous posts: 1, 2, 3)]

Even cautiously edited datasets sometimes contain errors, and even meticulously produced schemas require refinement as circumstances change. While errors or changes create inconvenience for developers, most developers appreciate and prepare for their inevitability. Agencies should strive to do the same. A well-developed strategy for fixes and changes can ease their burden on both developers and agencies.

When agencies release data, developers ideally will interact with it in creative new ways. Given datasets containing megabytes to gigabytes of data, novel uses will reveal previously unnoticed errors. Knowledge of these errors benefits the agency as well as other developers using the data, so agencies should take steps to encourage error reporting. Labels in a dataset allow developers to specify errors efficiently and unambiguously. An easy-to-find channel for reporting errors, such as a prominently provided email address or web form, is also critical. Tracking down the contact information of the person responsible for a dataset can be difficult, and a well-known channel reduces this barrier to feedback. [ Read more ... ]

Breaching your online privacy to fight crime: Via The Ottawa Citizen.

The "mosaic effect" is an argument often put forward by governments and police to block access to sensitive information. It suggests even seemingly innocuous pieces of information can be fitted together like a puzzle to form a meaningful picture of something they want kept secret, typically a national security operation.

But when the tables are turned and it's police and government that want to piece together seemingly innocuous bits of your personal and digital information to form a picture of you, the "mosaic effect" is recast as "lawful access" and characterized as benign state intervention into the online lives of Canadians in the name of crime-fighting.

Your name, address, telephone number, e-mail address and Internet Protocol (IP) address can reveal your Internet habits, social network, personal interests, political views, secrets and more.

The government's new "lawful access" initiative, contained in bills C-46 and C-47, was tabled in the Commons in June. It's the latest attempt in a decade-long push by successive governments to give police and other agents of the state, such as the Canadian Security Intelligence Service and the Competition Bureau, modernized surveillance powers and technical capabilities to better patrol the dark side of the digital world.

But here's the rub: C-47 allows police and government agents to demand basic subscriber data from telecommunication and Internet service providers without a warrant. (Some companies routinely volunteer the data when asked, others don't, according to police.)

Technology Review: Massive Gene Database Planned in California: Via Technology Review(MIT) .

Plans for genetic analyses of 100,000 older Californians--the first time genetic data will be generated for such a large and diverse group--will accelerate research into environmental and genetic causes of disease, researchers say.

"This is a force multiplier with respect to genome-wide association studies," says Cathy Schaefer, a research scientist at Kaiser Permanente, a health-care provider based in Oakland, CA, whose patients will be involved. Researchers will be able to study the data and seek insights into the interplay between genes, the environment, and disease, thanks to access to detailed electronic health records, patient surveys, and even records of environmental conditions where the patients live and work. [ Read more ... ]

Corporations Hide Flight Records From Public View: Via Center for Media and Democracy - Publishers of PR Watch.

A federal district court ruled that the public interest journalism group ProPublica can obtain a list of corporate-owned airplanes whose flight information was blocked from public view. ProPublica first sought the list in 2008 under the Freedom of Information Act, after the CEOs of General Motors, Ford and Chrysler flew to Washington, D.C. on corporate jets to ask Congress to bail out their companies. Those flights became known because the Federal Aviation Administration (FAA) provides real-time flight information that the public could see. But the bad publicity over the flights led General Motors to try and stop the public from tracking its planes in the future. [ Read more ... ]

Government Datasets That Facilitate Innovation: Via Freedom to Tinker.

[This is the first post in a series on best practices for government datasets by Harlan Yu and me.]

There's a growing consensus that the government can increase its openness and transparency by publishing its raw data in bulk online. As several Freedom to Tinker contributors argued in Government Data and the Invisible Hand, publishing data empowers third party software developers to produce innovative new technologies that engage citizens and illuminate government's inner workings. With the establishment of Data.gov and the federal Open Government Initiative, federal agencies are quickly embracing a culture of machine-readable data release, and many states and municipalities are now following their lead.

But how usable are these datasets for developers? The answer lies primarily in the structure and contents of the datasets themselves. While all data in digital form is technically machine-readable in some sense, the ease of use for machine-readable datasets can vary widely. [ Read more ... ]

Redrawing the Route to Online Privacy: Via NYT > Privacy.

ON the Internet, things get old fast. One prime candidate for the digital dustbin, it seems, is the current approach to protecting privacy on the Internet.

It is an artifact of the 1990s, intended as a light-touch policy to nurture innovation in an emerging industry. And its central concept is “notice and choice,” in which Web sites post notices of their privacy policies and users can then make choices about sites they frequent and the levels of privacy they prefer.

But policy and privacy experts agree that the relentless rise of Internet data harvesting has overrun the old approach of using lengthy written notices to safeguard privacy. [ Read more ... ]

How To Manage (and Protect) Your Online Reputation: Via Forbes.com .

When Megan Maloney lost her job at a Detroit auto supplier last April, she made sure her online reputation was as strong as the image she would present in person to prospective employers. She Googled herself to check for unflattering links. Then she changed her Facebook privacy setting so no one could see beyond her profile picture. She updated her profile on LinkedIn.

Maloney's instinct was right: When she landed a job in September, her new bosses admitted they had researched her online. They told me that they had checked Facebook," says Maloney, 32, now a business development manager in Milwaukee. "I had posted a photo of me wearing a T-shirt that said 'Unemployed,' and they thought that I showed the right kind of personality for a sales job. They liked that I was on LinkedIn, because it's helpful for leads and networking."

Managing your online reputation is a critical step in landing a new job. According to a recent survey by business networking organization ExecuNet, 90% of recruiters used a search engine to learn more about candidates and 46% of recruiters had eliminated a candidate based on information they found online. Self-Googling isn't an act of narcissism; it's a smart way to determine whether your online personality jives with how you want the world to view you. [ Read more ... ]

I don't bleepin' believe it - Insurers may raise your home insurance premiums if you use social networking.: Via Network World on computerworld.

From the Backspin "I don't believe it" department comes this week's top story: Insurers may raise your home insurance premiums if you use social networking.

Yep, according to Legal and General, one of the United Kingdom's biggest home insurers: "The insurance industry is aware that, with increasing acceptance of social media, the standard risk indicators may need to be reviewed. New risks and patterns in crime and claims are continually monitored to ensure the implications do not impact viable business models …. This social networking trend is clearly one that is making home insurers sit up and take note."

The rationale behind the interest in social networking can be found in L&G's "Digital Criminal Report". This document, based on a survey of "more than 2,000 social media users," found that "38% of users of sites such as Facebook and Twitter have posted status updates detailing their holiday plans and ... 33% have posted status updates saying they are away for the weekend." [ Read more ... ]

Location Data Sensitive Like Medical Information, Says Congressional Witness: Via NYTimes.com .

"The writing is on the wall that there will be baseline privacy legislation introduced," said John Morris, general counsel for the Center for Democracy & Technology at a Congressional hearing on location data and privacy yesterday. "It will require location be treated as sensitive data, like medical data. You'll need to do more than just post a disclosure statement."

We're entering an era of location as platform but should that location data be as fundamentally private by default as medical information is?

Many users are concerned about their location being exposed in ways they don't control and that have adverse impacts on their safety and freedom. That's one side of the debate. [ Read more ... ]