The SDK: The Privacy Edition 2015.03.23

The SDK: The Privacy Edition 2015.03.23 includes stories about your current civic duties, a Hilton breach, a gene that could start a revolution, and our future in a technological wonderland.
Civic Duty
Request for Comment on Stakeholder Engagement on Cybersecurity in the Digital Ecosystem, NTIA, March 19, 2015
Docket Number: 150312253-5253-01 available here. “The Department of Commerce Internet Policy Task Force (IPTF) is requesting comment to identify substantive cybersecurity issues that affect the digital ecosystem and digital economic growth where broad consensus, coordinated action, and the development of best practices could substantially improve security for organizations and consumers. The IPTF invites public comment on these issues from all stakeholders with an interest in cybersecurity, including the commercial, academic and civil society sectors, and from relevant federal, state, local, and tribal entities. Comments are due on or before 5 p.m. Eastern Time, May 18, 2015.
Note: ready and willing to make your voice heard? This is the perfect opportunitiy. Docket Number: 150312253-5253-01 available here instructs those interested in submitting comments to send them to: or
National Telecommunications and
Information Administration, U.S.
Department of Commerce, 1401
Constitution Avenue NW., Room 4725,
Attn: Cybersecurity RFC 2015,
Washington, DC 20230
Also note that all comments are part of the public record, and “will generally be posted to without change.” So be sure to double check that you are not submitting any PII or Confidential Business Information by accident.

They Must Have Let Paris Intern Again
Hilton website flaw let hackers hijack any Honor member’s account, Ars Technica, March 23, 2015
“Once attackers were logged in, they had full access to any other member’s account.. . . Hilton Hotels & Resorts has patched a gaping hole in its website that let anyone with a Hilton Honors account hack another account simply by knowing or guessing its 9-digit number. All an attacker had to do, according to security experts Brandon Potter and JB Snyder of consulting and testing firm Bancsec, was log in to any Hilton Honors account, alter some of the HTML content, and reload the page.. . . Snyder said the problem stemmed from a common Web application weakness called a cross-site request forgery (CSRF) vulnerability, a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.”
Via @ArsTechnica @DanGoodin001
Note: This sounds very similar to URL modification. If you think of a URL as being the address of a house, URL modification is where you take one URL and modify just a piece of it to create a “new” URL, which takes you to a different location. So, say, knowing someone lives at 4 Rice Road, and changing the 4 to 8 because you know that someone else on Rice Road has way cooler stuff in their house. In the Hilton case, the HTML was modified. The HTML would make up how the house looks, and what’s inside the house, rather than just the address of the house. These moves are arguably against the Computer Fraud and Abuse Act (the reigning “Hacking” statute). But the modification on its own shouldn’t be there. The idiots at Hilton who wrote generic URLs and HTML such that the only difference between one account and another was the 9-digit number is just sloppy security. Learn to write some actual security, then we can start talking about what constitutes hacking. Not that these folks shouldn’t e punished for stealing, but let’s focus on that charge.

Protect The Children!
Should you download that app for your kid? It’s a hard question to answer., The Switch, March 20, 2015
“[M]obile games spending big bucks for prominent advertising, it may only be a matter of time before your kid pesters you about an app they want to download, before you get a chance to even understand if it’s appropriate for them.. . . Earlier this week, Google made two quiet changes to its Google Play store to address that problem.” 1) It is now going to “pre-screen[] apps before publishing them on the app store.” 2) As of May, Google will “adopt widely used video game ratings to offer more information to users — particularly to parents — about what’s actually in the apps they download.”
The history of the process, up until now, has looked like this:
Up until now, Google has allowed “developers assign their own vague ratings to apps, rating them as either high, medium or low maturity” unlike Apple, which gave “age ranges”. “Now, developers will be asked to answer a questionnaire when they submit an app that determine ratings based on the standards of several international industry and government rating groups.” These questionairres will then determine the “appropriate rating board’s grade will show up on the store, depending on where you download it.”
“Jim Steyer, chief executive and founder of the children’s advocacy group Common Sense Media . . . thinks Google has taken a good first step, but . . . hopes more will come on this front.” He contends that “[p]arents need more information than what ERSB provides, such as the way the apps will affect kids at certain social or developmental stages.”
Via @HTsuka @WashingtonPost @TheSwitch
Note: This sounds like a great step in the right direction. But it also sounds like no-more-loopholes for modern kids. I mean if there were no ratings on TV shows (I wasn’t super into video games), I could have watched way more content that I wanted to watch! But no, I wasn’t allowed. 😦
Scientists Call for a Summit on Gene-Edited Babies, MIT Technology Review, March 19, 2015
“Nobel Prize winners raise alarm over genetic engineering of humans. . . . A group of senior American scientists and ethics experts is calling for debate on the gene-engineering of humans, warning that technology able to change the DNA of future generations is now “imminent.”
The tech: CRISPR-Cas9, which is giving scientists the ability to easily alter the genome of living cells and animals (see “Genome Surgery”).
The ramifications: “Theoretically, germ line editing could correct genes that lead to lethal diseases before birth. For instance, if a person had Huntington’s disease, caused by a single faulty gene, CRISPR could be used to eliminate the mutation from that person’s children.”
Via @TechReview @AntonioRegalado
Note: My deepest consolences to those who need this technology, but we can’t keep experimenting with CRISPR until we fully understand its capabilities. And now I’ve put a damper on your morning. It could be because my window is being attacked hard core with rain and it’s very dreary. 

The Future of Privacy: My Journey Down the Rabbit Hole at SXSW, IAPP, March 20, 2015
“For a first-timer, SXSW is one overwhelming experience.. . . I had a chance to see some amazing people discuss amazing concepts. The future is here—. . . There were several sessions on Privacy by Design, for example. This was important because so many of the attendees were into coding and designing software, apps and new digital services.. . . I was even lucky enough to be on a panel with NYU’s Karen Levy, the CDT (@CenDemTech)’s Joseph Lorenzo Hall (@JoeBeOne) and CitizenMe (@ctznme) CEO StJohn Deakins (@StJohnDeakins) to discuss the protean line between innovative and creepy services.” Those included 1) the latest thinking around smart packaging. . . “Phygital” . . . can help brands know “the millisecond someone is holding my product.” and 2) “social robots [which] have the potential to act as life coaches—a sort of fitness tracker on steroids. The “obvious privacy concerns with this technology [include] Jibo[‘s] ability to . . . take photos, tag faces, stream video and connect to the Internet.. . . I could easily see a future Federal Trade Commission roundtable on the privacy, security and ethical uses of social robotics. Stay tuned.” Finally, the speaker that would have made me pinch myself, checking to make sure I wasn’t in a dream: “Martine Rothblatt [was there to] discuss her views on artificial intelligence, immortality and our future selves with New York Magazine’s Lisa Miller (here’s a more in-depth article written by Miller on Rothblatt).
For those of you who are still a bit confused as to what Ms. Rothblatt does, here’s the answer, straight up- brace yourself: “she is . . . for her beliefs in a transhumanist future, where we can upload our memories into cyber versions of ourselves.” Should be no big deal to pull off though. The woman did bring the world Sirius Satellite Radio.
The author concludes with a sentiment that regularly runs through my mind when studying Privacy and other Cyblerlaw issues:
“Unlike Alice in Wonderland, or science fiction novels featuring smart robots, this is no longer make believe. This is becoming real and brings with it all the privacy and ethical concerns for a future cadre of privacy professionals.”
But he & I can definitely agree on one thing: “It should be exciting, to say the least.”
Via @Privacypros, @jedbracy, @CenDemTech’s @JoeBeOne, @ctznme’s @StJohnDeakins
Note: The headliner itself did it for me. You aren’t passionate about what you do until you’ve fallen down the Rabbit Hole a few times J
mHealth technologies: What to do with all of the data they generate?, Slate, March 20, 2015
“What to do with all of the data generated by medical devices? . . . mobile health care technologies, known as mHealth, have to overcome some major challenges related to data collection and usage. . . researchers don’t know exactly what types of information they need. And consequently, so much data is collected that the gatherers don’t know how to use it all.. . . But to create that predictive future, scientists and medical researchers need copious amounts of granular data. And Euan Thomson, the CEO of AliveCor, a mobile electrocardiogram manufacturer and heart disease research company, says detailed data is not what researchers currently have.. . . The ideal scenario combines the two methods. First, use a qualitative algorithm to discover causal relationships among diseases and symptoms. Then, use that data in a quantitative algorithm to create now-accurate predictions and inferences. However, the problems of big data collection in health care aren’t solely limited to the algorithms. The doctor’s office also plays a big role (Does your doctor even have the ability to use the data? Is it protected by HIPAA?).. . . But with more data and time, these issues will solve themselves. If early adopters stay willing to offer their personal data, despite the risks, the future of medicine will be marvelous.”
Via @Slate @FutureTenseNow @Khellendos
Note: I love the idea of all of this – using mobile health care technologies to create a vast pool of medical data that will provide answers for all of us. But there are serious privacy concerns, and I can imagine only the patients who desperately need this information available are going to be willing to participate. mHealth data programs are extremely risks, but I truly hope that, in the near future, the regulators will have found a way for a utopian solution to the most basic of human ailments.
Apple’s new medical research platform could be a battery meter for your body, Fusion, March 19, 2015
Research Kit’s launch page available here. “Apple’s hope is that ResearchKit will make it easier for scientists to build apps that collect health data for research from volunteers by leveraging the iPhone’s sensors, as well as the many personal trackers that can be connected to it. At the same time, people will get feedback in real-time from the apps about their symptoms, which they can use to manage their conditions. It’s a new way to run clinical trials and develop tailored therapies—and a much-needed middle ground between the old-school medical establishment and the new-school DIY crowd.. . . To succeed in a big way, ResearchKit will have to reassure privacy-minded users that their data will be secure, and make nice with regulators like the FDA, who will have to sign off on any clinical trials resulting from the data collection. But already, health researchers are salivating at the idea of unlocking such a huge trove of data.. . . The ultimate step forward for health data collection would be a technology that allowed us to open-source our health data entirely, as other projects on the web, like OpenSNP and Harvard’s Personal Genome Project, are already doing. But Apple’s new research platform is a promising first step toward creating a more open, more democratic, and potentially more helpful medical research system—one that relies less on printed flyers tacked to bulletin boards, and more on the multi-sensor super-computers we all carry around every day.”
Via @Fusion @TheRealFuture @Danielas_bot
Note: Based on the Slate article above, we know that I love the idea of using high-tech to do medical research. I’m hesitant/have a healthy level of paranoia regarding the safekeeping of the data, but I would really like to see big data used for good (the same way Google Maps uses all of its traffic tracking for good and made predictive traffic maps). I would need Apple and its partners to be completely transparent, but I might just be willing to hear them out on this one.

Debug This!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s