NetFlix Cancels Recommendation Contest After Privacy Lawsuit: Via Threat Level.

Netflix is canceling its second $1 million Netflix Prize to settle a legal challenge that it breached customer privacy as part of the first contest’s race for a better movie-recommendation engine.

Friday’s announcement came five months after Netflix had announced a successor to its algorithm-improvement contest. The company at the time said it intended to expand the amount of information it gave to researchers in hopes that its recommendation system — a key part of Netflix’s customer retention strategy — would get even better. That was then followed with a warning by prominent data privacy lawyers that the new dataset was easily de-anonymized.

Those fears were highlighted in December, when an in-the-closet lesbian mother sued Netflix for privacy invasion, alleging the movie-rental company made it possible for her to be outed when it disclosed insufficiently anonymous information about nearly half-a-million customers as part of its $1 million contest. [ Read more ... ]

Classmates.com’s Facebook Mimicking Prompts Privacy Suit: Via Threat Level.

The long-lost pal locating site, Classmates.com, has been hit with a class action privacy lawsuit alleging the company violated the law when it decided to make user profiles public in order to compete with Facebook.

The suit alleges that Classmates.com duped its paying customers in late January when it sent them an e-mail saying that members would have to opt-out of new Facebook and iPhone apps to keep their data private. That’s a massive change to the site’s privacy policy and violates federal and Washington State privacy and fairness laws, according to the suit (.pdf) filed in a Washington State federal district court March 5.

Classmates.com has long kept user information non-public, and only paying members can read e-mails sent to them by others, see ‘old friends’ on a map, and see who has been looking at their profile. While the site has some 3 million paying users, it’s been eclipsed by sites like Facebook and MySpace, which have more members, more public profiles and don’t charge.

In order to keep up, Classmates.com decided to make “public Classmates content available to people using a variety of sites and devices, including Facebook and the iPhone,” according to a January 30 e-mail sent to users. [ Read more ... ]

Government No-Fly List Includes the Dead: Via Threat Level.

You may be dying, figuratively, to get off the government’s no-fly list, but death won’t guarantee removal.

The government’s no-fly list includes the names of dead suspects, according to government officials who spoke with the Associated Press, to help catch people who may try to assume the suspect’s identity.

The no-fly list has been shrouded in mystery since it was first developed after the 9/11 attacks. How people get on the list or get off it has been a closely guarded secret, with only bits of information made public during congressional hearings.

The AP has pieced together the broad steps it takes for someone to get on the list, and some of the changes the list has undergone since it was first created nine years ago. [ Read more ... ]

The Limits of Identity Cards: Via Schneier on Security.

Good legal paper on the limits of identity cards: Stephen Mason and Nick Bohm, "Identity and its Verification," in Computer Law & Security Review, Volume 26, Number 1, Jan 2010.

Those faced with the problem of how to verify a person's identity would be well advised to ask themselves the question, 'Identity with what?' An enquirer equipped with the answer to this question is in a position to tackle, on a rational basis, the task of deciding what evidence will be useful for the purpose. Without the answer to the question, the verification of identity becomes a sadly familiar exercise in blind compliance with arbitrary rules.

Read Original Article:(Via Schneier on Security.)

Supreme Court Takes ‘Informational Privacy’ Case: Via Threat Level.

The U.S. Supreme Court is agreeing to decide how much personal information the federal bureaucracy may acquire on its workers.

The justices, without comment, decided Monday to review a lower-court decision surrounding the concept of so-called “informational privacy.” The 9th U.S. Circuit Court of Appeals in San Francisco struck down intrusive background checks last year on nearly three dozen National Aeronautics and Space Administration contractors as being too invasive — calling them an unconstitutional, “broad inquisition.”

The checks sought information from any source surrounding their sex lives, finances and even drug use. The contractors being investigated were not privy to classified information. [ Read more ... ]

Worker ID Card at Center of Immigration Plan: Via Wall Street Journal.

Lawmakers working to craft a new comprehensive immigration bill have settled on a way to prevent employers from hiring illegal immigrants: a national biometric identification card all American workers would eventually be required to obtain.

Under the potentially controversial plan still taking shape in the Senate, all legal U.S. workers, including citizens and immigrants, would be issued an ID card with embedded information, such as fingerprints, to tie the card to the worker.

The ID card plan is one of several steps advocates of an immigration overhaul are taking to address concerns that have defeated similar bills in the past.

The uphill effort to pass a bill is being led by Sens. Chuck Schumer (D., N.Y.) and Lindsey Graham (R., S.C.), who plan to meet with President Barack Obama as soon as this week to update him on their work. An administration official said the White House had no position on the biometric card. [ Read more ... ]

"Your Papers, Please!" - Get Your Fingerprints Ready! Cross-Party Senate Alliance Pushing National ID Card: Via Lauren Weinstein's Blog.

Greetings. According to the Wall Street Journal, U.S. Senate immigration reform advocates Chuck Schumer and Lindsey Graham are proposing a mandatory biometric (e.g. fingerprint-based) National ID Card system, and are attempting to brush away privacy concerns as trivial and irrelevant.

Touted as "merely" a "right-to-work" card aimed at addressing illegal immigration concerns, there's simply no fast-talking around the fact that this plan will set in motion a massive national ID infrastructure that will ultimately penetrate every aspect of our lives. Anyone who suggests otherwise is -- sorry to say -- either a liar or a fool. [ Read more ... ]

Ubisoft's Authentication Servers Go Down: Via Slashdot.

ZuchinniOne writes "With Ubisoft's fantastically awful new DRM you must be online and logged in to their servers to play the games you buy. Not only was this DRM broken the very first day it was released, but now their authentication servers have failed so absolutely that no-one who legally bought their games can play them. 'At around 8am GMT, people began to complain in the Assassin's Creed 2 forum that they couldn't access the Ubisoft servers and were unable to play their games.' One can only hope that this utter failure will help to stem the tide of bad DRM."

Read Original Article:(Via Slashdot.)

Medical identity theft strikes 5.8% of U.S. adults: Via Network World at Computerworld Privacy News.

Identity thieves are not only interested in tapping financial resources, but are also after your medical identification data and services.

Medical identity theft typically involves stolen insurance card information, or costs related to medical care and equipment given to others using the victim's name. Roughly 5.8% of American adults have been victimized, according to a new survey from The Ponemon Institute. The cost per victim, on average, is $20,160.

Is your health privacy at risk?

"The National Study on Medical Identity Theft" is based on findings from 156,000 people who agreed to discuss identity theft in general. Among those surveyed, 5.8% provided specific details about how they had been hit by medical ID theft, in particular. [ Read more ... ]

CDT Issues Report Recommending Privacy Guidelines for Digital Signage Industry: Via CDT - Center for Democracy & Technology.

Washington -- On Monday, the Center for Democracy & Technology (CDT) released a report that includes a set of privacy recommendations for the rapidly growing digital signage industry.  The report focuses on the industry's adoption of identification and interactivity technologies such as facial recognition, mobile marketing, social networking, RFID tracking and license plate scanners.

The recommendations in CDT's report, "Building The Digital-Out-Of-Home Privacy Infrastructure," are based on the widely accepted Fair Information Practices (FIPs). [ Read more ... ]

Redrawing the Route to Online Privacy: Via NYT > Privacy.

ON the Internet, things get old fast. One prime candidate for the digital dustbin, it seems, is the current approach to protecting privacy on the Internet.

It is an artifact of the 1990s, intended as a light-touch policy to nurture innovation in an emerging industry. And its central concept is “notice and choice,” in which Web sites post notices of their privacy policies and users can then make choices about sites they frequent and the levels of privacy they prefer.

But policy and privacy experts agree that the relentless rise of Internet data harvesting has overrun the old approach of using lengthy written notices to safeguard privacy. [ Read more ... ]

How To Manage (and Protect) Your Online Reputation: Via Forbes.com .

When Megan Maloney lost her job at a Detroit auto supplier last April, she made sure her online reputation was as strong as the image she would present in person to prospective employers. She Googled herself to check for unflattering links. Then she changed her Facebook privacy setting so no one could see beyond her profile picture. She updated her profile on LinkedIn.

Maloney's instinct was right: When she landed a job in September, her new bosses admitted they had researched her online. They told me that they had checked Facebook," says Maloney, 32, now a business development manager in Milwaukee. "I had posted a photo of me wearing a T-shirt that said 'Unemployed,' and they thought that I showed the right kind of personality for a sales job. They liked that I was on LinkedIn, because it's helpful for leads and networking."

Managing your online reputation is a critical step in landing a new job. According to a recent survey by business networking organization ExecuNet, 90% of recruiters used a search engine to learn more about candidates and 46% of recruiters had eliminated a candidate based on information they found online. Self-Googling isn't an act of narcissism; it's a smart way to determine whether your online personality jives with how you want the world to view you. [ Read more ... ]

Location Data Sensitive Like Medical Information, Says Congressional Witness: Via NYTimes.com .

"The writing is on the wall that there will be baseline privacy legislation introduced," said John Morris, general counsel for the Center for Democracy & Technology at a Congressional hearing on location data and privacy yesterday. "It will require location be treated as sensitive data, like medical data. You'll need to do more than just post a disclosure statement."

We're entering an era of location as platform but should that location data be as fundamentally private by default as medical information is?

Many users are concerned about their location being exposed in ways they don't control and that have adverse impacts on their safety and freedom. That's one side of the debate. [ Read more ... ]

Wyndham hotels hacked again: Via Computerworld Cybercrime/Hacking News.

Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing sensitive customer data.

The break-in occurred between late October 2009 and January 2010, when it was finally discovered. It affected an undisclosed number of company franchisees and hotel properties that Wyndham manages. Wyndham has acknowledged the incident in a note posted to its Web site.

"A hacker intruded on our systems and accessed customers information from a limited number of franchised and managed properties," the company said. "The hacker was able to move some information to an off-site URL before we discovered the intrusion."

Hackers were able to steal data required for credit card fraud, the company said, including "guest names and card numbers, expiration dates and other data from the card's magnetic stripe." [ Read more ... ]

Wyndham Worldwide hacked and database breached, giving access to some payment card information: Via Wyndham Worldwide.

To our Wyndham Hotels and Resorts guests:

In late January, 2010, our company discovered that a sophisticated hacker penetrated the computer systems of one of the Wyndham Hotels and Resorts (WHR) data centers. By going through the centralized network connections, the hacker was then able to access and download information from several, but not all, of the WHR hotels and remove payment card information of a small percentage of our WHR customers. The incident did not affect any of the other branded hotels in the Wyndham Hotel Group system. We deeply regret that this incident occurred and are doing everything we can to notify our customers directly, to address and remedy the problem. CLICK HERE FOR FAQS ABOUT THE INCIDENT. [ Read more ... ]

FTC: Identity Theft Is No. 1 Consumer Complaint | Threat Level | Wired.com: Via Threat Level | Wired.com .

That’s because identity theft was the top consumer complaint for 2009, the Federal Trade Commission reported Wednesday.

It was also the top complaint from the year before, although 5 percent fewer consumers reported it in 2009, the commission said.

Overall, of the 1.3 million complaints the agency received last year, 21 percent were for identity theft. Debt collection agencies ranked second, with 9 percent of complaints, according to the Consumer Sentinel Network Data Book released Wednesday. [ Read more ... ]

Redefining privacy in the era of personal genomics: Via Ars Technica.

DNA, the storage bank of genetic information for all living organisms, is challenging scientists and policy makers to reconsider the issue of privacy. With the completion of the human genome and advancements in DNA sequencing technologies, a person’s DNA can potentially be tested for risks related to a number of genetic diseases. This progress is promising for personalized medicine, but ethical and policy issues are coming to the forefront as well. After all, can DNA data ever be truly private and anonymous when DNA itself can also act as a unique identifier? [ Read more ... ]

Technologists need to step up in privacy debate: Via Tom Mitchell: Computerworld Blogs.

Could a lack of privacy regulations in the U.S. and abusive practices lead to a backlash that negatively affects scientific research for the greater social good? That worries Tom Mitchell, a Carnegie Mellon professor and machine learning researcher, whose profile appears this week in the pages of Computerworld.

As smart phones diligently record people's locations, movements and other activities, machine learning and real time data mining can be used for the greater good. For example, real time positioning and movement data from you smart phone is already being used to track traffic congestion. Soon it could be used to change traffic light patterns in order to optimize traffic flows.

Machine learning algorithms feed on such data to make predictions for good -- or ill. Patient data could be analyzed to inform you that yesterday you came in contact with someone who has a contagious disease. But if you have the disease, do you want that information made public? What about entities that might use machine learning tools to identify you in random groups of photos that you or others have posted on the Web? How about identifying your mother or your child? [ Read more ... ]

Augmented Identity App Helps You Identify and Friend Perfect Strangers, Face to Face : Via Popular Science.

By this point, we're all familiar with augmented reality, but Swedish mobile software firm The Astonishing Tribe is taking information overload to the next logical step: augmented identity. Mashing up face recognition technology, computer vision, cloud computing, and augmented reality with the complex digital lives many of us lead on the Internet, TAT has created an app that allows you to gather information on a person and their social networking life simply by pointing your camera phone at their face.

Dubbed Recognizr, the app essentially works like this: the user points the camera at a person across the room. Face recognition software creates a 3-D model of the person's mug and sends it across a server where it's matched with an identity in the database. A cloud server conducts the facial recognition since and sends back the subject's name as well as links to any social networking sites the person has provided access to. [ Read more ... ]

Web Certification Fail: Bad Assumptions Lead to Bad Technology: Via Freedom to Tinker.

It should be abundantly clear, from two recent posts here, that the current model for certifying the identity of web sites is deeply flawed. When you connect to a web site, and your browser displays an https URL and a happy lock or key icon indicating a secure connection, the odds that you're connecting to an impostor site, despite your browser's best efforts, are uncomfortably high.

How did this happen? The last two posts unpacked some of the detailed problems with the current system. Today I want to explore the root cause: today's system is based on wildly unrealistic assumptions about organizations and trust.

The theory behind the system is simple. Browser vendors will identify a set of Certificate Authorities (CAs) who are trusted to certify identities. Browsers will automatically accept any identity certificate issued by any of the trusted CAs.

The first step in making this system work is identifying some CA who is trusted by everybody in the world.

If that last sentence didn't strike you as odd, go back and read it again. That's right, the system assumes that there is some party who is trusted by everyone in the world -- a spectacularly naive assumption. [ Read more ... ]

Privacy Requires Security, Not Abstinence: Via MIT's Technology Review - Subscription required.

Protecting an inalienable right in the age of Facebook.

I'd be a fool to include my Social Security number in this article: doing so would leave me vulnerable to all manner of credit fraud, scams, and even criminal arrest. All of this would surely happen because a few bad people would read the article, write down my SSN, and pretend to be me.

Read Original Article:(Via MIT's Technology Review.)

Another Debit Card Skimmer: Via Schneier on Security.

This one is installed inside gas pumps. There's nothing the customer can detect.

Read Original Article:(Via Schneier on Security.)

New York Police Databases Hold Identifying Clues: Via NYTimes.com .

The tattoo database is one of dozens kept by the Police Department in its technological information hub, the Real Time Crime Center, to jump-start criminal investigations by giving detectives more to go on than a person’s height and weight.

Aside from arrest data and the tattoo database, the center, which was created in 2005, breaks down information in all sorts of ways. There is a database for body marks, like birthmarks and scars. It keeps track of teeth, noting missing ones and gold ones. It keeps track of the way people walk: if there is a limp, it notes its severity. And it has a so-called blotchy database, of skin conditions.

The databases are fed, in part, by arrest reports; officers are instructed to take detailed notes and enter them into a computer program that moves the information to a large server.

Inspector Kenneth G. Mekeel, commanding officer of the crime center, said cadets were “taught in the academy to take down as much as they can.” [ Read more ... ]

Student slaps Google Buzz with privacy lawsuit: Via The Money Times .

Lawsuit against Google

Now a student at Harvard Law School has filed a class action suit against the company for making personal information of the users public.

Law firms in San Francisco and Washington, D.C. have sued Google on behalf of Eva Hibnick.

The 24-year-old law student filed the law suit against the search giant after finding herself automatically opted to the new networking service, without consent. [ Read more ... ]