Privacy Roundup #0041 • December 2009
Facebook rewrote its privacy settings to push people to share more, while leaks and lawsuits exposed how phone firms, web giants and governments handle our data.
1. Sprint gave police phone location data 8 million times in a year
A Sprint manager told a closed conference that the firm had handed customer GPS location data to law enforcement more than 8 million times in thirteen months. The figure, gathered by researcher Christopher Soghoian, showed how a quiet web portal let police track phones with little oversight.
2. EFF sues agencies for their social network spying rules
The Electronic Frontier Foundation and a Berkeley law clinic sued half a dozen federal agencies for refusing to release their policies on watching people through social networks. They wanted to know how bodies such as the FBI and Homeland Security mined Facebook and similar sites during investigations.
3. Yahoo tried to hide its surveillance price list
After Yahoo blocked a freedom of information request for its law enforcement price list, someone leaked the guide to Cryptome. Yahoo then sent a takedown notice, which only spread the document further and revealed it charged police set fees to read user email.
4. FTC opened its privacy roundtable series
The Federal Trade Commission held the first of its public roundtables on how firms collect and use personal data. Speakers examined behavioural advertising, data brokers and the gap between privacy promises and everyday practice.
5. Schneier rebuts Schmidt on "nothing to hide"
Bruce Schneier answered the Google chief's claim that people who want privacy must be hiding wrongdoing. He argued that privacy is a basic human need, that the real fight is liberty against control, and that constant watching changes how people behave.
6. Facebook's new privacy settings drew sharp criticism
Facebook rolled out fresh privacy controls for its 350 million users, claiming they gave people more choice. The EFF found that the changes pushed users to share more and stripped privacy options from data such as names, friend lists and the pages people followed.
7. Google chief says privacy worries imply wrongdoing
Google chief Eric Schmidt told CNBC that anyone who wants to keep something private perhaps should not be doing it. The remark drew heavy criticism for echoing the old argument that only the guilty fear surveillance.
8. TSA published its screening manual with weak redactions
The Transport Security Administration posted its airport screening manual online and tried to hide sensitive parts behind black boxes. The hidden text could be copied straight out, exposing screening exemptions, and five staff were placed on leave.
9. EFF warns Real ID and PASS ID build risky databases
The EFF criticised both the Real ID law and its proposed replacement, PASS ID, as the deadline for state compliance neared. It warned that scanning and storing birth certificates and other documents would create central stores of sensitive data ripe for theft.
10. RockYou breach exposed 32 million plaintext passwords
A SQL injection flaw let a hacker steal about 32 million accounts from RockYou, maker of social network widgets. The firm had stored every password as plain text, including credentials for linked Facebook, MySpace and webmail accounts.
11. EPIC filed an FTC complaint over Facebook changes
EPIC and nine other groups asked the Federal Trade Commission to investigate Facebook's revised settings. They argued the changes were unfair and deceptive because they made names, friend lists and other details public with no way to opt out.
12. The wider world reacts to the new Facebook
The backlash against Facebook's settings spread across the press and the civil liberties world. Newspapers, the ACLU and other groups joined the EFF in warning that the company had quietly turned private profiles public.
13. Hackers hijacked Twitter's domain records
A group calling itself the Iranian Cyber Army tampered with Twitter's domain name records and knocked the site offline. Visitors briefly saw a defacement page, and the attack was read as payback for Twitter's role during Iran's protests.
14. EFF graded the privacy of popular e-readers
The EFF published a buyer's guide comparing how the Kindle, the Nook, the Sony Reader and Google Books treated reader data. It found that connected readers could log which books and pages people viewed and for how long.
15. FBI looked into a reported Citigroup hack
The Wall Street Journal reported that the FBI was probing a breach at Citigroup tied to a Russian cyber gang, with losses said to run into tens of millions. Citigroup flatly denied any breach or customer loss.
16. Hackers broke into NASA-run websites
Intruders compromised two NASA websites belonging to the Instrument Systems and Technology unit and the Software Engineering division over a weekend. They exploited SQL injection flaws and weak access controls, then posted screenshots of their access on disclosure forums.
17. Study weighs why people give away their data
Schneier highlighted research by Alessandro Acquisti on the behavioural economics of personal information. The work examined why people share private details so readily even when they say they value privacy.
18. Schneier picks apart the post-Christmas security rush
After the failed Christmas Day airline bombing, Schneier criticised the rush to add new airport measures. He argued that guarding against the last attacker is magical thinking and that body scanners and watch lists offer little real safety.
19. EFF rebukes the Google chief over privacy
The EFF answered Eric Schmidt's dismissive remarks with its own response. It argued that his comment misread why privacy matters and showed how little a major data company grasped the issue.
20. RockYou hit with a class action over the breach
An Indiana man sued RockYou days after the firm admitted losing more than 30 million records. The suit said the company recklessly failed to take even basic steps by storing personal data in plain text.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: