Privacy Roundup #0066 • January 2012
January 2012 brought the SOPA blackout, the Megaupload takedown, Google's plan to merge user data and a string of breaches and surveillance disclosures.
1. Internet blackout day fires up digital rights activism around the world
On 18 January more than one hundred thousand websites, among them Wikipedia, Reddit and Google, went dark to protest the SOPA and PIPA copyright bills. The action drove millions of messages to legislators and reframed the bills as a threat to free expression and privacy online.
2. Google consolidates its privacy policy and will combine user data across services
On 24 January Google announced it would replace more than sixty separate privacy notices with one policy and combine information about signed-in users across Search, Gmail, YouTube and other products. Critics warned that the change tore down the walls that had kept search and video histories separate, with no way for users to opt out.
3. Zappos hacked, twenty-four million accounts at risk
On 16 January the shoe retailer Zappos disclosed that intruders had reached parts of its internal network and accessed data on more than twenty-four million customers. Names, email and postal addresses, phone numbers, scrambled passwords and the last four digits of payment cards were exposed, and the company reset every customer password.
4. EFF requests information from innocent Megaupload users
After the government seized Megaupload's servers on 19 January, the platform's lawful customers lost access to their own files with no notice and no clear path to recover them. EFF asked affected users to come forward as it pressed the court to give innocent people a fair process to retrieve their data.
5. Twitter will censor tweets country by country
On 27 January Twitter said it could withhold a tweet or account inside a single country while keeping it visible everywhere else, marking each removal with a notice. The company framed the move as a way to keep operating under different national laws, but activists feared it would help repressive governments silence speech.
6. Supreme Court rules GPS tracking requires a warrant
On 23 January the Supreme Court held in United States v. Jones that attaching a GPS device to a suspect's car and tracking it for twenty-eight days was a search under the Fourth Amendment. The unanimous judgment was a landmark for location privacy, even as the justices split over their reasoning.
7. Europe, data and the right to be forgotten
On 25 January the European Commission published a draft data protection regulation that introduced a right to be forgotten, data portability and fines tied to global turnover. The proposal aimed to give individuals more control over their personal data across the whole of the European Union.
8. Saudi hacker steals fifteen thousand Israeli credit card details
On 3 January a hacker using the name OxOmar broke into an Israeli sports website and posted a file claiming to hold hundreds of thousands of credit card numbers. Israeli card issuers said about fifteen thousand active cards were exposed and blocked them, promising customers would not bear the cost of any fraud.
9. DHS media monitoring could chill public dissent, EPIC warns
Documents released through an EPIC freedom of information request showed the Department of Homeland Security paid General Dynamics to monitor news outlets, blogs and social media. The records included instructions to flag reports that reflected adversely on the government, which EPIC warned could chill legitimate dissent.
10. Symantec investigates possible leak of Norton AntiVirus source code
On 5 January Symantec confirmed it was looking into claims by a hacker group that it held source code for Norton products. The company said the code was years old and had been taken from a third party rather than its own network, but the disclosure raised fears for customers still running affected software.
11. Data breach hits around two million New York utility customers
New York State Electric and Gas and Rochester Gas and Electric told customers that a contractor had gained unauthorised access to their records. Social Security numbers, dates of birth and some bank account details were exposed, prompting the state Public Service Commission to open an investigation.
12. Justice Department misdirection on cloud computing and privacy
EFF charged that the Justice Department was telling international audiences that hosting data in the United States created no extra privacy risk while arguing the opposite in court. In filings the government claimed cloud users had little protection against demands for their stored records.
13. United States shuts down Megaupload and Anonymous retaliates with attacks
Within minutes of the Megaupload indictments on 19 January, Anonymous launched a wave of denial of service attacks against the Justice Department, the FBI and entertainment industry sites. The group called the campaign its largest yet and tied it to anger over both the takedown and the copyright bills.
14. The EU and twenty-two member states sign the ACTA treaty
On 26 January the European Union and twenty-two of its members signed the Anti-Counterfeiting Trade Agreement at a ceremony in Tokyo. Opponents argued the pact could push internet providers to monitor users and hand over personal data, and the signing set off street protests across Europe.
15. Carrier IQ row prompts draft legislation on mobile privacy
On 30 January Representative Ed Markey released a draft Mobile Device Privacy Act in response to the Carrier IQ tracking controversy. The bill would force companies to disclose monitoring software on phones and obtain user consent before it could collect and transmit data.
16. College savings service settles FTC charges over a toolbar that grabbed personal data
The FTC settled with Upromise over a browser toolbar that quietly collected the websites people visited along with search terms, usernames and passwords. The data, sometimes including financial details, was sent in clear text, and the order required new disclosures and twenty years of security audits.
17. Hacker brings down Israeli websites
On 17 January the sites of El Al and the Tel Aviv Stock Exchange were knocked offline after the Saudi hacker OxOmar threatened to target them. The attacks marked an escalation of a tit for tat conflict in which each side dumped credit card and personal details of thousands of private citizens.
18. Who is flying unmanned aircraft in the United States?
On 10 January EFF sued the Department of Transportation for records on the certificates and authorisations issued for domestic drone flights. The group argued that drones gave the government a powerful new tool to gather intrusive data on people's movements, yet the public knew nothing about who was operating them.
19. PIPA and SOPA put on hold in the wake of protests
On 20 January, two days after the online blackout, congressional leaders shelved both anti-piracy bills. Senate leader Harry Reid postponed the PIPA vote and Representative Lamar Smith delayed SOPA, marking a rare defeat for legislation that critics said threatened privacy and free expression.
20. Google tells lawmakers it is changing privacy policies, not practices
On 31 January Google answered eight members of Congress who had demanded clarity about its plan to merge user data. The company insisted it was not changing what it collected, yet the response underscored that users could not opt out of having their information combined across services.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: