Privacy Roundup #0038 • September 2009
September 2009 saw Facebook bury its Beacon tracker, courts and regulators press Google over books and voice data, and researchers show how location and friend lists quietly betray the people who generate them.
1. Facebook switches off Beacon and funds a privacy foundation
Facebook agreed to kill its much loathed Beacon advertising system, which had broadcast members' purchases on third party sites to their friends without real consent. The settlement of the year old class action also set up a 9.5 million dollar fund to promote online privacy.
2. The New York Times warns that locational privacy is slipping away
The Electronic Frontier Foundation highlighted a New York Times piece arguing that people have unwittingly surrendered the right to move about unobserved. As phones, cards and cameras log every journey, both companies and governments gain a record of where each of us has been.
3. The Cybersecurity Act returns with only cosmetic changes
A redrafted version of the Cybersecurity Act of 2009 circulated in Washington, but the EFF found the revisions skin deep. The bill still handed the President sweeping authority over Internet infrastructure and would let the Commerce Department demand "all relevant data" without privacy safeguards.
4. Google Books privacy policy called a good start but not enough
The EFF and its allies welcomed Google's first privacy policy for its book service while warning that it fell short. They objected that it offered no enforceable limits on law enforcement access to reading records and no firm promises on anonymity or data retention.
5. EFF backs the JUSTICE Act and an end to telecom immunity
The EFF endorsed the JUSTICE Act, introduced by Senators Feingold and Durbin, which would add checks to surveillance powers under the PATRIOT Act and the FISA Amendments Act. The bill would also strip the retroactive immunity that had shielded telecoms for assisting NSA warrantless wiretapping.
6. Google publishes its full Google Voice letter to the FCC
Google waived confidentiality so the FCC could release its complete response over Apple's rejection of the Google Voice iPhone application. The disclosure contradicted Apple's claim that it had not rejected the application and revealed how the decision was relayed.
7. EFF wins release of telecom lobbying records
A federal judge ordered the government to hand over records of how telecommunications companies lobbied for immunity from liability over NSA surveillance. The EFF called the ruling a major victory for transparency in its long running freedom of information fight.
8. States wade into the Google book settlement row
Several state attorneys general filed briefs opposing Google's settlement with authors and publishers over book digitisation. They argued that the proposed books rights registry would improperly hold unclaimed money rather than surrender it to state treasurers, adding to mounting objections to the deal.
9. Google launches Sidewiki annotations on every web page
Google released Sidewiki, a toolbar feature that let users attach comments to any web page and read others' notes in a sidebar. Site owners objected that they had no straightforward way to stop unsolicited, possibly defamatory annotations appearing alongside their content.
10. Heartland hacker Albert Gonzalez pleads guilty
Albert Gonzalez pleaded guilty in Boston to charges tied to the theft of more than 170 million payment card numbers from Heartland Payment Systems, TJX and other firms. The case underlined how a single intruder had driven the largest card breaches recorded to that point.
11. Express Scripts notifies 700,000 over extortion breach
The pharmacy benefits manager Express Scripts said it had told about 700,000 members that their data may have been exposed during an extortion attempt. The criminals had threatened to publish prescription records and personal details unless they were paid, and the company refused.
12. DHS reveals how rarely it searches laptops at the border
The Department of Homeland Security disclosed figures showing that only a tiny fraction of travellers had their laptops searched at the border. Critics noted that the rarity did not settle whether warrantless inspection of a person's digital life should be allowed at all.
13. Bruce Schneier on the impossibility of deleting cloud data
Schneier observed that once data moves to services such as Gmail and Facebook, users can no longer truly delete it, since copies linger in company backups. He pointed to Vanish, a research project that encrypts data with keys designed to disappear over time.
14. MIT study infers friendships from location data
Schneier flagged research in which scientists predicted friendships between people with high accuracy by analysing their phone location and calling patterns. The work showed how the data shadows cast by our devices can expose intimate relationships we never disclosed.
15. Why two factor authentication fails to stop bank fraud
Schneier argued that one time passwords and tokens do little against modern banking trojans and man in the middle attacks. He urged banks to authenticate transactions themselves, as card networks already do, rather than merely verifying who is logging in.
16. The case for making banks bear online fraud losses
Schneier made the economic argument that businesses, unlike consumers, lack legal protection when criminals drain their accounts through stolen online banking credentials. He contended that placing liability on banks would give them the incentive to build genuinely better security.
17. Sears spied on its own customers through "research" software
Schneier revisited the Sears and Kmart case, in which a so called community research application quietly captured prescription records, emails and bank statements. The episode showed how far retailers were willing to reach into customers' private lives under a thin veil of consent.
18. Texas Instruments signing keys factored and published
Researchers broke the 512 bit signing keys that Texas Instruments used to authenticate calculator firmware, then posted the private keys publicly. Despite legal threats, the keys spread widely and let owners run their own code, a reminder that short keys offer little real protection.
19. Software predicts personal traits from your friends list
Schneier described work in which students inferred a person's sexual orientation by analysing the characteristics of their Facebook friends. He used it to illustrate how automated, wholesale profiling of whole populations differs fundamentally from old fashioned observation of individuals.
20. Weighing subpoenas as a threat to cloud stored data
Schneier relayed Ed Felten's argument that treating legal subpoenas as the chief danger to data held in the cloud is misleading. He warned that rogue insiders and outside intruders pose a graver risk, and that fixating on subpoenas can distract from the threats that matter most.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: