Search
Satellite-Surveillance Program to Begin Despite Privacy Concerns - WSJ.com - Via Wall Street Journal / WSJ.com :
The Department of Homeland Security will proceed with the first phase of a controversial satellite-surveillance program, even though an independent review found the department hasn't yet ensured the program will comply with privacy laws.
Congress provided partial funding for the program in a little-debated $634 billion spending measure that will fund the government until early March. For the past year, the Bush administration had been fighting Democratic lawmakers over the spy program, known as the National Applications Office.
The program is designed to provide federal, state and local officials with extensive access to spy-satellite imagery -- but no eavesdropping -- to assist with emergency response and other domestic-security needs, such as identifying where ports or border areas are vulnerable to terrorism.
Since the department proposed the program a year ago, several Democratic lawmakers have said that turning the spy lens on America could violate Americans' privacy and civil liberties unless adequate safeguards were required. read more »
Lessons from the Fall of NebuAd - Via Freedom to Tinker:
With three Congressional hearings held within the past four months, U.S. legislators have expressed increased concern about the handling of private online information. As Paul Ohm mentioned yesterday, the recent scrutiny has focused mainly on the ability of ISPs to intercept and analyze the online traffic of its users-- in a word, surveillance. One of the goals of surveillance for ISPs is to yield new sources of revenue; so when a Silicon Valley startup called NebuAd approached ISPs last spring with its behavioral advertising technology, many were quick to sign on. But by summer's end, the company had lost all of its ISP partners, their CEO had resigned, and they announced their intention to pursue "more traditional" advertising channels.
How did this happen and what can we learn from this episode? read more »
I don't see anything on their site yet, but the closing comments on tonights Nightline says that Thursdays show will include interviews with ex-employees who listened to those wiretaps of phone calls that supposedly did not include innocent US citizens.
Freedom Not Fear 2008 - Via EFF.org Updates:
Freedom Not Fear is the world's ongoing demonstration against the encroachment of civil liberties by anti-terrorist laws -- particularly in the online world. This year the protests take place this Saturday, October 11th in nearly thirty countries, including the very first events in the Americas.
The origin of the campaign comes from Europeans' anger at the EU's 2006 data retention directive, a pan-European law that requires ISPs to log email and web traffic data for a minimum of six months, and often more. Terabytes of personal data on millions of innocent Europeans are now being collated, paid for by customers and taxpayers, and open for access by any criminal or civil investigation, no matter how trivial.
Freedom Not Fear has since evolved into a more general warning: showing how fundamental freedoms like privacy, freedom of expression, and democratic participation lose when reactionary surveillance systems penetrate our open networks, justified by a hyperbolic rhetoric of fear. read more »
Opting In (or Out) is Hard to Do - Via Freedom to Tinker:
Thanks to Ed and his fellow bloggers for welcoming me to the blog. I'm thrilled to have this opportunity, because as a law professor who writes about software as a regulator of behavior (most often through the substantive lenses of information privacy, computer crime, and criminal procedure), I often need to vet my theories and test my technical understanding with computer scientists and other techies, and this will be a great place to do it.
This past summer, I wrote an article (available for download online) about ISP surveillance, arguing that recent moves by NebuAd/Charter, Phorm, AT&T, and Comcast augur a coming wave of unprecedented, invasive deep-packet inspection. I won't reargue the entire paper here (the thesis is no doubt much less surprising to the average Freedom to Tinker reader than to the average lawyer) but you can read two bloggy summaries I wrote here and here or listen to a summary I gave in a radio interview. (For summaries by others, see [1] [2] [3] [4]).
Two weeks ago, Verizon and AT&T told Congress that they would monitor for marketing purposes only users who had opted in. According to Verizon VP Tom Tauke, "[B]efore a company captures certain Internet-usage data for targeted or customized advertising purposes, it should obtain meaningful, affirmative consent from consumers."
I applaud this announcement, but I'm curious how the ISPs will implement this promise. read more »
Facial Recognition Technology Is Here, But Privacy Lags - Via CDT - PolicyBeta:
The San Francisco Chronicle recently reported on the rapid development of facial recognition technology. While the increased availability of these robust features are something to celebrate, the privacy implications loom especially large. Combined with online photo storage services and a lack of meaningful limits on government or corporate access to data, facial recognition technology raises serious privacy concerns.
Last month, Google incorporated facial recognition technology in its online photo sharing service, Picasa. The new feature spares us the tedium of hand-tagging personal photos one by one. By analyzing the facial features of the people in your photos, Picasa identifies all the people in your photos for you. No one can deny the positive social benefits of these kinds of services— dozens of digital images filling our pictures folders are begging to be organized and shared. However, policymakers need to address the power of facial recognition technology in the hands of government or corporate snoopers.
What’s to stop a zealous prosecutor from searching the state’s digital database of driver’s license photos for people under 21 whose online Flickr photos show them engaged in underage drinking? What’s to stop an employer from doing the same with a photo taken by a video camera in the lobby of the building where you went for your job interview? read more »
Oregon Judge Says RIAA Made 'Honest Mistake,' Allows Subpoena - Via Slashdot :
NewYorkCountryLawyer writes "In Arista v. Does 1-17, the RIAA's case targeting students at the University of Oregon, the Oregon Attorney General's motion to quash the RIAA's subpoena — pending for about a year — has reached a perplexing conclusion. The Court agreed with the University that the subpoena, as worded, imposed an undue burden on the University by requiring it to produce 'sufficient information to identify alleged infringers,' which would have required the University to 'conduct an investigation,' but then allowed the RIAA to subpoena the identities of 'persons associated by dorm room occupancy or username with the 17 IP addresses listed' even though those people may be completely innocent. In his 8-page decision (PDF), the Judge also 'presumed' the RIAA lawyers' misrepresentations were an 'honest mistake,' made no reference at all to the fact, pointed out by the Attorney General, that the RIAA investigators (Safenet, formerly MediaSentry) were not licensed, rejected all of the AG's privacy arguments under both state and federal law, and rejected the AG's request for discovery into the RIAA's investigative tactics."
(Read Original Article - Via Slashdot .)
RFID Anti-Skimming Laws Approved - Via Threat Level:
California followed Washington State's footsteps this week to become the second U.S. state outlawing so-called Radio Frequency Identification Device skimming.
Skimmers can easily pilfer information from non-encrypted RFID tags that are growing commonplace. California's bill was adopted and signed by Gov. Arnold Schwarzenegger this week after a demonstration showed that personal information skimmed from entry-card badges from statehouse workers allowed hackers access to secured areas of government offices.
The legislation came a year after the hacking of the RFID-enabled Dutch passport, and the successful hacks of the Exxon Mobile key fob and the exposed VeriChip human RFID implant
Still, California's measure (.pdf) and the one Washington State adopted in March, don't mandate any RFID encryption. So the vulnerabilities of the Golden State statehouse's entry system remains.
(Read Original Article - Via Threat Level.)
Chinese Skype Client Hands Confidential Communications to Eavesdroppers - Via EFF.org Updates:
This Wednesday, Information Warfare Monitor published damning evidence showing that TOM-Skype, the version of the voice and chat program distributed in China not only blocks keywords from chat conversations, but also spies on and remotely reports the contents of Skype users' private text conversations. This directly contradicts Skype's previous assurances that "full end-to-end security is preserved and there is no compromise of people’s privacy", even on the customized Chinese client.
This special breached version of Skype, distributed by the Chinese portal company TOM Online, has long been known to block certain contentious phrases from instant message conversations. IWM's Nart Villeneuve's research shows that when these keywords are mentioned in conversations, the client software also sends an encrypted message to one of eight remote servers hosted in China.
Due to poor security on these servers, Villeneuve was able to uncover what was being sent: extensive logs on user activity, including archives of more than 166,000 censored messages from 44,000 users. read more »
On the “Anonymity” of the Facebook Dataset - Via michaelzimmer.org :
A group of researchers have released a dataset of Facebook profile information from a group of college students for research purposes, which I know a lot of people will find quite valuable. (Thanks to Fred Stutzman for bringing it to my attention.)
Here is the description from the Berkman Center’s announcement:
The dataset comprises machine-readable files of virtually all the information posted on approximately 1,700 FB profiles by an entire cohort of students at an anonymous, northeastern American university. Profiles were sampled at one-year intervals, beginning in 2006. This first wave covers first-year profiles, and three additional waves of data will be added over time, one for each year of the cohort’s college career. read more »
Commissioner Cavoukian outlines what will need to be done to protect privacy in the 21st century - Via CNW Group | OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER/ONTARIO:
TORONTO, Sept. 26 /CNW/ - Ontario Information and Privacy Commissioner Ann Cavoukian is unveiling a key white paper outlining what will need to be done to protect privacy in the future, at a special presentation at the University of Waterloo, on Monday, September 29, 2008.
"As a regulator, I have been called many things during my tenure," said the Commissioner, "but rarely have I been called a dreamer. But that is precisely the practice one must engage in if privacy is to not only survive, but thrive, well into the future. But dreaming is not enough. As a pragmatist, I must embed that dream into reality. One way of doing so is seeking to embed privacy into the design and architecture of all technologies, so that it may live well into the future. So you might call me a radical pragmatist, because I dream BIG - in technicolour; there is no black and white anymore." read more »
Palin Had a Third Private E-mail Account - Via Threat Level:
In addition to the two Yahoo accounts that were already known -- including one that was hacked earlier this month -- the Washington Post has learned that Alaska Governor Sarah Palin had a third private e-mail account on a closed network that she and her staff used to communicate outside of the government's official e-mail system.
The owner of ITS Alaska, a tech company based in Wasilla, told the Post that an e-mail system was set up last spring under the domain that Palin had used for her campaign for governor -- PalinForGovernor.com -- and that access to the system was confined to "her closest confidants and co-workers and advisers and the person she sleeps with." read more »
Privacy 2.0: No Privacy at All - Columns by PC Magazine - Via Columns by PC Magazine :
Google's limiting the length of time it keeps records on people? Big deal. Why the public puts up with any tracking whatsoever is a mystery to me.
When Google said it would limit the length of time it kept records on people, privacy advocates thought this was a step in the right direction. That the public puts up with any tracking whatsoever amazes me.
In the news this week, AT&T and Verizon said they won't track users unless users want to be tracked. I found this paragraph in this Washington Post article to be the best summary, and also quite revealing: read more »
Court Protects Privacy of Satellite Receiver Owners - Via EFF.org Updates:
Last month, EFF filed an amicus brief in Echostar v. Freetech, where Echostar sought the identities of every consumer who purchased a Freetech "CoolSat" free-to-air (FTA) satellite receiver during the past five years. EFF argued that this demand, issued in discovery in a lawsuit between Echostar and Freetech, represented an unwarranted intrusion into the privacy of individual consumers. Today, the court agreed, issuing an order blocking Echostar's subpoenas.
The ruling potentially sets an important precedent, as it represents the first time a federal court has explicitly rejected a third-party subpoena on the basis of the privacy interests of nonparty consumers. read more »
BT to kick off fresh Phorm trial - Via BBC NEWS | Technology :
Telecoms giant BT is about to start further trials of a controversial internet advertising technology.
Developed by Phorm, the Webwise system watches what people do online and shows adverts tuned to their interests.
From 30 September, a sample of BT's customers will be invited to "opt in" to a trial of the technology.
Early trials ran without the consent of customers which led to complaints from rights groups who said this broke laws governing the interception of data. read more »
Delicious
Digg
Reddit
Google
Yahoo
Technorati