NetFlix Cancels Recommendation Contest After Privacy Lawsuit: Via Threat Level.

Netflix is canceling its second $1 million Netflix Prize to settle a legal challenge that it breached customer privacy as part of the first contest’s race for a better movie-recommendation engine.

Friday’s announcement came five months after Netflix had announced a successor to its algorithm-improvement contest. The company at the time said it intended to expand the amount of information it gave to researchers in hopes that its recommendation system — a key part of Netflix’s customer retention strategy — would get even better. That was then followed with a warning by prominent data privacy lawyers that the new dataset was easily de-anonymized.

Those fears were highlighted in December, when an in-the-closet lesbian mother sued Netflix for privacy invasion, alleging the movie-rental company made it possible for her to be outed when it disclosed insufficiently anonymous information about nearly half-a-million customers as part of its $1 million contest. [ Read more ... ]

Classmates.com’s Facebook Mimicking Prompts Privacy Suit: Via Threat Level.

The long-lost pal locating site, Classmates.com, has been hit with a class action privacy lawsuit alleging the company violated the law when it decided to make user profiles public in order to compete with Facebook.

The suit alleges that Classmates.com duped its paying customers in late January when it sent them an e-mail saying that members would have to opt-out of new Facebook and iPhone apps to keep their data private. That’s a massive change to the site’s privacy policy and violates federal and Washington State privacy and fairness laws, according to the suit (.pdf) filed in a Washington State federal district court March 5.

Classmates.com has long kept user information non-public, and only paying members can read e-mails sent to them by others, see ‘old friends’ on a map, and see who has been looking at their profile. While the site has some 3 million paying users, it’s been eclipsed by sites like Facebook and MySpace, which have more members, more public profiles and don’t charge.

In order to keep up, Classmates.com decided to make “public Classmates content available to people using a variety of sites and devices, including Facebook and the iPhone,” according to a January 30 e-mail sent to users. [ Read more ... ]

Ninth Circuit addresses “actual damages” under the Privacy Act: Via Personal Health Information Privacy blog.

I posted this yesterday to PogoWasRight.org but then it dawned on me today that since this involved medical information, I should have posted it here, too:

A new ruling from the Ninth Circuit in Cooper v. FAA addresses the meaning of “actual damages” in the Privacy Act. The case arose when federal agencies shared information without consent in “Operation Safe Pilot:”

Read Original Article:(Via Personal Health Information Privacy blog.)

The Spy at Harriton High: Via Stryde Hax blog.

This investigation into the remote spying allegedly being conducted against students at Lower Merion represents an attempt to find proof of spying and a look into the toolchain used to accomplish spying. Taking a look at the LMSD Staff List, Mike Perbix is listed as a Network Tech at LMSD. Mr. Perbix has a large online web forum footprint as well as a personal blog, and a lot of his posts, attributed to his role at Lower Merion, provide insight into the tools, methods, and capabilities deployed against students at LMSD. Of the three network techs employed at LMSD, Mr. Perbix appears to have been the mastermind behind a massive, highly effective digital panopticon.
PanoMasterMind

The primary piece of evidence, already being reported on by a Fox affiliate, is this amazing promotional webcast for a remote monitoring product named LANRev. [ Read more ... ]

Copyright Undercover: ACTA & the Web: Via Internet Evolution - The Big Report .

Let's pause a moment to consider the nature of copyright, the Internet, and governance. Copyright law has historically been made by and for the entertainment industry's supply chain. Copyright rules were not envisioned as an adequate or desirable regulation-set for any other realm: We don't try to shoehorn labor law, finance, education, healthcare, election campaigns, or parenting matters into copyright.

But once you take those activities onto the Internet, copyright becomes the first line of regulation governing everything. It's impossible to do anything on the Internet without making copies (you made between 5 and 50 copies of this article just by following a link to it). And since copyright regulates copying, any rule that affects copyright will affect all those realms, too.

That's what makes ACTA's secrecy so troubling, even if you don't care about copyright, fair use, or other wonky subjects. [ Read more ... ]

Pa. schools spy on students using laptop webcams, claims lawsuit: Via Computerworld.

Class-action suit alleges schools remotely activate webcams on school-issued notebooks

Computerworld - A suburban Philadelphia school district remotely activates the cameras in school-provided laptops to spy on students in their homes, a lawsuit filed in federal court Tuesday alleged.

According to the lawsuit filed by a high school student and his parents, the Lower Merion School District of Ardmore, Pa. has spied on students and families by "indiscriminate use of and ability to remotely activate the webcams incorporated into each laptop issued to students by the School District."

Approximately 1,800 students at the district's two high schools have been given laptops as part of a state- and federally-funded "one-to-one" student-to-laptop initiative.

Michael and Holly Robbins of Penn Valley, Pa., said they first found out about the alleged spying last November after their son Blake was accused by a Harriton High School official of "improper behavior in his home" and shown a photograph taken by his laptop.

An assistant principal at Harriton later confirmed that the district could remotely activate the webcam in students' laptops. [ Read more ... ]

Facebook Denies ‘All Wrongdoing’ in ‘Beacon’ Data Breach: Via Threat Level.

Facebook is denying it illegally breached the privacy of its users in a proposed $9.5 million settlement to a class action challenging its program that monitored and published what users of the social-networking site were buying or renting from Blockbuster, Overstock and other locations.

To settle allegations that the social networking site’s “Beacon” program breached federal wiretap and video-rental privacy laws, Facebook is agreeing to seed what the agreement is calling a “Digital Trust Fund” that would issue more than $6 million in grants to organizations to study privacy. Facebook would have a seat on the fund’s three-member board — a move raising some eyebrows in the privacy community.

A fairness hearing on the issue is set for Feb. 26 in a San Jose, California, federal court. The judge presiding over the case, Richard Seeborg, gave preliminary approval to the deal three months ago. [ Read more ... ]

EFF Asks Court to Suppress Evidence Illegally Gathered From Password-Protected Phone: Via EFF.org Updates.

Our cell phones aren't just for calls anymore. They hold our address books, our calendars, our emails, and our grocery lists. They may even include things like a list of questions to ask your doctor, pictures of your girlfriend, or URLs of web sites you've visited. When can police search your phone and look at all this information?

That's the question that EFF is asking a court in California to consider. In People v. Taylor, police in Daly City, California seized a suspect's iPhone during his arrest. Hours later, investigators bypassed the password and searched through the data on the device without a search warrant. After the officers realized that the information was too extensive to write down, they finally obtained a warrant to search the phone. [ Read more ... ]

Know Before You Go: Tickets May Come at a Higher Price Than You Realize: Via EFF.org Updates.

As part of our Terms of Ab(use) project, we pay close attention to the fine print of online agreements for provisions that are potentially dangerous to consumers. We've noticed a troubling change in the way event planners restrict the rights of individuals who attend their shows. Where once these limitations had to fit on the back of a ticket, increasingly event organizers have moved their fine print online, where they are able to use even more contract law to avoid the limits of trademark and copyright law and actively control what ticket holders can say or do even after the event is over.

These burdensome terms can show up in some pretty unexpected places. Last year we noted how the Burning Man Organization (BMO) used online ticket terms to require participants to assign to BMO—in advance—the copyright to any pictures they took on the playa. Tickets for the 2010 event went on sale in mid-January, and we hoped the new terms would acknowledge the concerns we had expressed. Sadly, the new terms are just as onerous as before. [ Read more ... ]

Social Security numbers found lying in street: Via Chicago Tribune.

Hundreds of sensitive, intact documents — including W-2 forms, investment account balances and job applications — were inexplicably swirling around Touhy Avenue and Eastview Drive on Thursday afternoon. After being tipped to the airborne paper trail, the Tribune contacted some of the people and companies listed on the documents.

None of them knew how the papers could have ended up in the street.

"I am pretty much disgusted with this," said Cruz, 47, of Chicago, who was notified that at least 17 documents with her Social Security number (the apparent remnants of an old job application) had been retrieved. "All of that is sensitive information. You would think your stuff is secure." [ Read more ... ]

Courts, Congress Shun Addressing Legality of Warrantless Eavesdropping: Via Threat Level.

Heads spun four years ago this weekend, when AT&T was accused of funneling every one of its customers’ electronic communications to the National Security Agency — without warrants.

A Jan. 31, 2006, lawsuit alleged major violations of the Fourth Amendment right to be free from warrantless searches and seizures. Such a sweeping breach seemed far-fetched.

Yet months after the lawsuit was lodged, the Electronic Frontier Foundation produced internal AT&T documents allegedly outlining secret rooms in AT&T offices connected to the NSA, which was siphoning all internet traffic, from e-mails to Voice Over Internet Protocol phone conversations.

But four years and a mountain of court briefs and rulings later, the legal system has never addressed the merits of the allegations — and likely never will. Even Congress has weighed in and passed legislation to prevent the allegations from being heard.

And many — including the former AT&T technician who produced the documents in the case and the EFF — believe the alleged dragnet surveillance program continues unabated today.

“Nothing has stopped the dragnet,” said Cindy Cohn, the EFF’s legal director, whose case had grown to include all of the nation’s leading internet service providers. [ Read more ... ]

FBI Illegally Gathered Phone Records And Misused National Security Letters: Via American Civil Liberties Union.

Congress Must Curb NSL Abuse Through Patriot Act Revisions

FOR IMMEDIATE RELEASE
CONTACT: (202) 675-2312 or media@dcaclu.org 
               (212) 519-7829 or 549-2666 or media@aclu.org
 
WASHINGTON – According to a report in the Washington Post today, the FBI routinely claimed false terrorism emergencies to illegally collect the phone records of Americans for four years of the Bush administration by abusing an already expansive Patriot Act power. Using “exigent letters,” or emergency letters, to gain private records for investigations when no emergency existed, the FBI seemingly violated the Electronic Communications Privacy Act. The FBI also routinely issued National Security Letters (NSLs) after the fact in an attempt to legitimize the use of exigent letters. [ Read more ... ]

FBI, Telecoms Teamed to Breach Wiretap Laws: Via Threat Level.

The FBI and telecom companies collaborated to routinely violate federal wiretapping laws for four years, as agents got access to reporters’ and citizens’ phone records using fake emergency declarations or by simply asking for them.

The Justice Department’s Inspector General’s internal audit released Wednesday harshly criticized how the Federal Bureau of Investigation’s Communications Analysis Unit — a counterterrorism section founded after 9/11 — relied on so-called “exigent” letters to get carriers to turn over phone records immediately. The letters were a hangover from the investigation into the 9/11 attacks in New York and promised telecoms, falsely, that subpoenas would follow shortly.

“The FBI’s use of exigent letters and other informal requests for telephone toll billing records circumvented, and in many cases violated, the requirements of the Electronic Communications Protection Act statute,” according to the report, which was referencing a leading federal wiretap law. [ Read more ... ]

FBI Broke Law Spying on Americans’ Phone Records, Post Reports: Via Threat Level.

An internal audit found the FBI broke the law thousands of times when requesting Americans’ phone records using fake emergency letters that were never followed up on with true subpoenas — even though top officials knew the practice was illegal, according to The Washington Post.

The inspector general’s follow-up report on the so-called “exigent” letters — an investigation that started in 2007 — is due in a few months. E-mails obtained by the Post showed that responsible agency officials informed superiors in 2005, but the practice continued for two more years.

While it looks as if the nation’s top law enforcement agency routinely violated the nation’s wiretapping laws for years, it seems no one will actually be prosecuted since the violations are being judged as merely “technical.” [ Read more ... ]

Texas to Destroy Baby Blood Taken without Consent: Via CNSNews.com .

Austin, Texas (AP) - Texas health authorities will destroy more than five million blood samples taken from babies without parental consent and stored indefinitely for scientific research.
 
The Texas Department of State Health Services announced Tuesday it would destroy the samples after settling a federal lawsuit filed by the Texas Civil Rights Project. The project, acting on behalf of five plaintiffs, had sued the Texas Department of State Health Services and the Texas A&M University System.
 
The lawsuit alleged that the state's failure to ask parents for permission to store and possibly use the blood - originally collected to screen for birth defects - violated constitutional protections against unlawful search and seizure. The plaintiffs cited fears their children's private health data could be misused. [ Read more ... ]

Zuckerberg’s Remarks Aren’t Surprising, Nor New, Nor True: Via Michael Zimmer's blog.

There’s been quite a dust-up regarding Facebook founder Mark Zuckerberg’s recent proclamation that social norms on privacy have changed, and that Facebook, god bless ‘em, are merely reacting to these shifting norms.

Lots has already been said about Zuckerberg’s remarks, so I’m only going to add three thoughts to the conversation: What Zuckerberg said isn’t surprising, it isn’t new, and it isn’t true.

:::

That Zuckerberg believes social norms on privacy have changed comes as no surprise because he has to believe — and proclaim — that sentiment. His entire philosophy of information centers on the fundamental belief that information wants to be shared, and that the primary goal of Facebook has been to encourage people to overcome the “hurdle” of wanting to preserve some privacy online. [ Read more ... ]

TSA nominee misled Congress about accessing confidential records: Via washingtonpost.com .

The White House nominee to lead the Transportation Security Administration gave Congress misleading information about incidents in which he inappropriately accessed a federal database, possibly in violation of privacy laws, documents obtained by The Washington Post show.

The disclosure comes as pressure builds from Democrats on Capitol Hill for quick January confirmation of Erroll Southers, whose nomination has been held up by GOP opponents. In the aftermath of an attempted airline bombing on Christmas Day, calls have intensified for lawmakers to install permanent leadership at the TSA, a critical agency in enforcing airline security.

Southers, a former FBI agent, has described inconsistencies in his accounts to Congress as "inadvertent" and the result of poor memory of an incident that dates back 20 years. He said in a Nov. 20 letter to key senators obtained by The Post that he had accepted full responsibility long ago for a "grave error in judgment" in accessing confidential criminal records about his then-estranged wife's new boyfriend. [ Read more ... ]

Hospital keeps secret DNA file: Via Times Online (UK).

Children’s University hospital in Temple Street is under investigation by the Data Protection Commissioner

A DUBLIN hospital has built a database containing the DNA of almost every person born in the country since 1984 without their knowledge in an apparent breach of data protection laws.

The Children’s University hospital in Temple Street is under investigation by the Data Protection Commissioner (DPC) since The Sunday Times discovered it has a policy of indefinitely keeping blood samples taken to screen newborn babies for diseases.

Unknown to the DPC, the hospital has amassed 1,548,300 blood samples from “heel prick tests” on newborns which are sent to it for screening, creating, in effect, a secret national DNA database. The majority of hospitals act on implied or verbal consent and do not inform parents what happens to their child’s sample.

The blood samples are stored at room temperature on cards with information including the baby’s name, address, date of birth, hospital of birth and test result. The DPC said it was shocked at the discovery. [ Read more ... ]

Is Netflix "borking" lesbians with subscriber data releases?: Via Law & Disorder Section - Ars Technica.

It was really just a matter of time before Netflix was the target of a class-action lawsuit over its privacy policies; academics have pointed out for years how the company's release of "anonymized" movie rental data could actually be used to expose a particular user's viewing choices. And yesterday's Netflix lawsuit by "a lesbian who does not want her sexuality nor interests in gay and lesbian themed films broadcast to the world" covers all the usual bases. [ Read more ... ]

Netflix Spilled Your Brokeback Mountain Secret, Lawsuit Claims: Via Threat Level.

An in-the-closet lesbian mother is suing Netflix for privacy invasion, alleging the movie rental company made it possible for her to be outed when it disclosed insufficiently anonymous information about nearly half-a-million customers as part of its $1 million contest to improve its recommendation system.

The suit known as Doe v. Netflix (.pdf) was filed in federal court in California on Thursday, alleging that Netflix violated fair-trade laws and a federal privacy law protecting video rental records, when it launched its popular contest in September 2006. [ Read more ... ]

EFF Launches New "Terms of (Ab)Use" Page: Via EFF.org Updates.

One cannot go online today without eventually being asked to accept a set of so-called Terms of Service (or TOS). Such TOS agreements have become ubiquitous to websites and other online services in the same way End User License Agreements (EULAs) have become the mainstay of the software industry. Yet while we are often aware that such Terms of Service exist, very few of us know and understand what they actually say.

The time has come to shed light on what these Terms of Service agreements contain, and what it means for users. [ Read more ... ]

Facebook Launches “Friends of Connections” Ad Targeting: Via RyanSpoon.com .

One of the biggest stories not heavily discussed this week was Facebook’s new Ads Platform targeting of “Friends of Connections“:

“How do you find more fans for your Facebook Page, more people to interact with your Application, or more people to engage with your business? Target friends!

‘Friends of connection’ targeting is now available for Facebook Ads. Expand your audience reach by delivering your ads to the friends of people already connected with your Page, Application, Group or Event.” [ Read more ... ]

Police to continue to hold DNA of innocent people: Via Politics | The Guardian .

Profiles to be kept for six years under revised bill

Terror suspects' details could be held indefinitely

Chief constables are to carry on refusing requests to delete the DNA profiles of arrested people released without charge, while a fresh political battle is waged over how long the details should remain on the database.

Home Office ministers confirmed they want to see the DNA profiles of innocent people kept on the national database for six years, after failing to persuade parliament to back a longer period of up to 12 years for the most serious offences.

But senior Labour backbenchers, alongside Conservatives and Liberal Democrats, made clear tonight that they did not believe the government climbdown on DNA went far enough. [ Read more ... ]

Medical Records: Stored in the Cloud, Sold on the Open Market: Via Threat Level.

When patients visit a physician or hospital, they know that anyone involved in providing their health care can lawfully access their medical records.

But unknown to patients, an increasing number of outside vendors that manage electronic health records also have access to that data, and are reselling the information as a commodity.

The revelation comes in a recent New York Times article about how so-called “scrubbed” patient data isn’t as anonymous as people think. The piece focuses primarily on how anonymized data can be easily de-anonymized when cross-bred with other publicly available databases, such as voting records. But buried near the end of the article is the news that medical data is collected, anonymized and sold, not by insurance agencies and health-care providers, but by third party vendors who provide medical record storage in the cloud. [ Read more ... ]

Sneaky Microsoft plug-in puts Firefox users at risk: Via computerworld.

Patches critical bug, exploitable because of add-on silently slipped into Firefox last February

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.

One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."

The Microsoft engineers described the possible threat as a "browse-and-get-owned" situation that only requires attackers to lure Firefox users to a rigged Web site. [ Read more ... ]