Privacy Roundup #0068 • March 2012
March 2012 saw Google merge its privacy policies, the FBI switch off thousands of GPS trackers after the Jones ruling, and governments from Mexico to Pakistan push fresh surveillance powers.
1. Google merges sixty privacy policies into one on 1 March
On 1 March Google switched on a single privacy policy that combined more than sixty earlier documents and let the company pool user data across search, YouTube, Gmail and other services. Regulators in Europe had asked for a delay, but the company went ahead and gave users no way to opt out.
2. FBI switches off three thousand GPS trackers after the Jones ruling
After the Supreme Court held in United States v. Jones that attaching a GPS device to a car is a search, the FBI told agents to turn off roughly three thousand trackers. Officials then had to work out how to retrieve devices they could no longer lawfully switch back on.
3. FBI arrests five hackers after LulzSec leader turns informant
On 6 March the FBI announced the arrest of five people tied to LulzSec and Anonymous, charged over intrusions at Sony, PBS and other targets. Court papers revealed that the group's leader, Hector Monsegur, known as Sabu, had been working as an informant since the previous summer.
4. NASA tells Congress a stolen laptop held unencrypted personal data
NASA's inspector general told Congress on 1 March that a laptop stolen from an agency vehicle had carried unencrypted personal records and sensitive command codes. He said dozens of mobile devices had gone missing over two years, and that the agency relied on staff to report the losses.
5. Microsoft seizes servers running Zeus and SpyEye botnets
On 26 March Microsoft and its partners won court permission to seize command servers in Pennsylvania and Illinois that ran several Zeus and SpyEye botnets. The banking trojans had stolen account credentials and more than one hundred million dollars from businesses.
6. Wired exposes the NSA data centre rising in Utah
On 15 March Wired published James Bamford's account of the vast NSA centre under construction at Bluffdale, Utah, built to intercept and store communications. One official told Bamford that everybody with communications was a target.
7. Pinterest faces a backlash over copyright and its terms of use
A viral post by a photographer and lawyer drew attention to a contradiction in Pinterest's rules, which discouraged people from pinning their own work yet held users liable for pinning anything they did not own. The co-founder admitted growing pains and promised changes to the terms of service.
8. Apple starts rejecting apps that read the iPhone's unique device ID
Apple began turning away app submissions that accessed the unique device identifier, a code that allowed developers to track a handset over time. The move followed mounting privacy worries and a congressional inquiry into how apps handled personal data.
9. Facebook warns employers not to demand workers' passwords
Facebook said on 23 March that employers who asked job applicants for their account passwords could be breaking the law and were violating its terms of service. The company reported a distressing rise in such demands and said it would consider going to court.
10. FTC issues its final report on consumer privacy
On 26 March the Federal Trade Commission published its final privacy report, built around privacy by design, transparency and consumer choice. It pressed for a workable Do Not Track system and called for new laws on data brokers and breach notification.
11. Global Payments breach exposes millions of card numbers
On 30 March card processor Global Payments confirmed that intruders had reached part of its system, after Visa and MasterCard warned banks of a major compromise. Sources called the breach massive, with estimates of more than ten million card numbers at risk.
12. Mexico's legislature grants warrantless access to phone location data
On 2 March the Mexican legislature passed a bill letting police obtain real-time mobile location data without a warrant, by an overwhelming margin. Human rights lawyers warned that the law lacked safeguards and signalled they would challenge its constitutionality.
13. Anonymous defaces Panda Security after the LulzSec arrests
On 7 March attackers tied to Anonymous defaced web pages belonging to Panda Security in revenge for the arrests of LulzSec members. They accused the firm of helping law enforcement and dumped email addresses and old passwords, though Panda said its internal network was untouched.
14. Senators ask the Justice Department to probe Facebook password demands
On 26 March Senators Charles Schumer and Richard Blumenthal asked the Justice Department and the Equal Employment Opportunity Commission to investigate whether employers demanding Facebook passwords broke federal law. The pair said they were also drafting legislation to close any gaps.
15. Reporters Without Borders names the internet's enemies
On 12 March, marking World Day Against Cyber-Censorship, Reporters Without Borders released its Enemies of the Internet report and moved Bahrain and Belarus into the worst category. It added India and Kazakhstan to a watch list, citing growing surveillance and pressure on service providers.
→ ifex.org
16. ACLU sues a Minnesota school that took a pupil's Facebook password
The American Civil Liberties Union of Minnesota sued the Minnewaska school district, alleging that officials forced a twelve-year-old to hand over her Facebook and email passwords and searched her accounts. The suit claimed violations of her free speech and her protection against unreasonable searches.
→ splc.org
17. EFF asks a court to return a Megaupload user's files
On 30 March the Electronic Frontier Foundation backed a request to the court on behalf of Kyle Goodwin, a sports reporter whose lawful videos were stranded on seized Megaupload servers. The group urged the judge to set up a process so innocent users could recover their data before it was deleted.
18. RockYou settles FTC charges over thirty-two million exposed passwords
On 27 March the Federal Trade Commission announced a settlement with RockYou over a breach that exposed about thirty-two million email addresses and passwords stored in plain text. The company agreed to a security programme, twenty years of audits and a penalty for collecting data from children.
19. Pakistan invites bids for a national filtering and blocking system
Pakistan's telecoms authority sought proposals for a national URL filtering system able to block up to fifty million web pages, modelled on China's approach. Free speech groups protested and several technology firms refused to take part, and the government later backed away from the plan.
20. EFF says Holder offers no real check on warrantless wiretapping
On 7 March the Electronic Frontier Foundation criticised a speech by Attorney General Eric Holder defending the government's surveillance authority under the FISA Amendments Act. The group argued that the Justice Department had blocked any judicial review by repeatedly invoking the state secrets privilege.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: