Privacy Roundup #0102 • January 2015
January 2015 opened the year with a wave of state surveillance disclosures, fresh breaches and a White House push to write privacy and breach rules into federal law.
1. Obama proposes a national data breach notification law
President Obama unveiled the Personal Data Notification and Protection Act, which would force firms to tell customers within thirty days of a hack. The plan aimed to replace the patchwork of state breach laws with a single federal standard.
2. Obama backs a Student Digital Privacy Act
The White House asked Congress to bar companies from selling pupils' data or using classroom information for advertising. The proposal followed worries that education technology was harvesting children's records.
3. Obama's cybersecurity plan would widen the hacking statute
The administration's cybersecurity package proposed information sharing between firms and government and harsher penalties under the Computer Fraud and Abuse Act. The EFF warned that the changes recycled old ideas and could turn password sharing into a felony.
4. David Cameron calls for a ban on strong encryption
The British prime minister said terrorists should have no safe space to communicate and floated outlawing messaging apps that police cannot read. Critics noted that banning open source encryption maintained worldwide would be close to impossible.
5. A Morgan Stanley adviser leaks data on hundreds of thousands of clients
The bank said a since fired financial adviser had taken account information on roughly 350,000 wealth management clients. A sample appeared on a file sharing site, prompting investigations by the FBI and regulators.
6. US Central Command's Twitter and YouTube accounts are hijacked
Attackers claiming sympathy with Islamic State seized the military command's social media feeds and posted threats. Officials called it vandalism, since operational networks were not breached, yet it exposed weak account security.
7. GCHQ swept up emails from journalists at major outlets
Documents from Edward Snowden showed the agency had collected emails from reporters at the BBC, Reuters, The Guardian and others during a test exercise. The files placed investigative journalists alongside terrorists and hackers in a threat assessment.
8. An ad firm revives deleted cookies using Verizon's hidden identifier
ProPublica found that the advertising company Turn was using Verizon's undeletable tracking header to respawn cookies that users had erased. Reporters dubbed the unkillable tracker a zombie cookie.
9. Verizon agrees to a full opt-out from its supercookie
After mounting criticism, Verizon Wireless said it would stop inserting its unique tracking identifier for customers who opt out. Until then the opt-out had only stopped tailored ads, not the underlying tracking.
10. The DEA's secret licence plate database is revealed
Documents obtained by the ACLU exposed a national programme that recorded the movements of millions of drivers through licence plate readers. The files showed hundreds of millions of records and plans to scan vehicles at gun shows.
11. Marriott abandons its bid to block guests' personal Wi-Fi
Under pressure from customers and the FCC, the hotel chain withdrew its petition to be allowed to jam guests' own wireless hotspots. The regulator warned that interfering with Wi-Fi was illegal and that other hotels would be fined.
12. The FTC urges privacy safeguards for the Internet of Things
A staff report recommended data minimisation, security by design and clearer consumer notice for connected devices. The agency warned that always on sensors and smart appliances created new privacy and security risks.
13. The FTC chair warns at CES that smart gadgets threaten privacy
Edith Ramirez told the consumer electronics show that the Internet of Things could expose intimate details of daily life. She singled out smart televisions that track viewing habits as a warning of where the data could flow.
→ time.com
14. Snowden files expose Canada's Levitation download dragnet
The Communications Security Establishment was found to sift through up to fifteen million file downloads each day in a hunt for extremists. The programme tapped internet cables directly and swept up records on ordinary users worldwide.
15. The Silk Road trial of Ross Ulbricht begins
The prosecution of the man accused of running the dark web marketplace opened in a Manhattan court. The case turned on digital evidence, anonymity tools and how far investigators tracked an alleged operator online.
16. HealthCare.gov is caught sending personal data to trackers
The EFF found that the federal insurance site passed sensitive details such as income, age and smoking status to at least fourteen third party domains. The data flowed even when users had switched on Do Not Track.
17. Park 'N Fly and OneStopParking confirm payment card breaches
The two airport parking firms admitted that hackers had stolen customers' card numbers, names and security codes through their websites. The stolen cards turned up for sale on the same market that handled the Target and Home Depot hauls.
18. Whisper's editor quits after the app's location scandal
The editor in chief of the anonymous confession app left following reports that Whisper tracked users' locations even after they had opted out. The departure underlined the gap between the app's promise of anonymity and its data practices.
19. Hackers drain about five million dollars from Bitstamp
The European bitcoin exchange suspended trading after attackers compromised its operational wallets and stole roughly nineteen thousand coins. An internal report blamed a weeks long phishing campaign that targeted several staff.
20. Blackphone launches a privacy-focused app store
The secure handset maker opened a curated store stocked with applications vetted for privacy and security. The company said it would screen apps to keep out the backdoors and trackers common in mainstream Android software.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: