The Good, the Bad, & The We’re Trying
Get a Warrant! Senate Committee Approves E-Privacy Bill, ACLU Northern California, March 24, 2014
On March 24, 2015 “[t]he California legislature today took an important step toward updating the laws that protect our electronic information when the state Senate’s Committee on Public Safety approved the California Electronic Privacy Act (CalECPA).”
Note: Shameless plug: sign on as a citizen cosponsor of the California Electronic Communications Privacy Act (CalECPA) here.
Via @ACLU_NorCal @NicoleOzer
Privacy Critics Go 0-2 With Congress’ Cybersecurity Bills, Wired, March 28, 2015
On March 26, 2015, “the House Intelligence Committee passed the Protecting Cyber Networks Act (PCNA) [available here], a near-mirror image of the cybersecurity data-sharing bill known as CISA [available here] that the Senate intelligence committee passed two weeks ago. The Protecting Cyber Networks Act, like CISA, would create new legal authorizations for companies to share cybersecurity threat information with government agencies, who would then be able to share that attack data with potential targets to help protect them. But critics say the two bills also create dangerous channels by which private companies could share users’ sensitive information with agencies like the NSA.”
Note: Both bills have passed, so the next course of action is to force private companies into transparency; preventing them from needlessly sharing our data with government agencies.
Via @Wired @A_Greenberg
Oregon AG Seeks Tougher State Breach Law, IAPP, March 24, 2015
This article is an interview with Oregon Attorney General Ellen Rosenblum. She discusses many privacy issues, including “[t]he dramatic increase in the retention of biometric information presents a particularly serious type of potential breach.”
Note: It was refreshing to see a government official take note of the fact that “[y]ou can change your username; you can change your password, but you cannot change your fingerprint.”
Going Once, Going Twice
British Airways frequent-flyer accounts hacked, Guardian Tech, March 29, 2015
“Hackers have accessed tens of thousands of British Airways frequent-flyer accounts. The airline said no personal information had been viewed or stolen and it had frozen affected accounts while it resolves the issue. It means top executive club flyers may not be able to use their points until the issue is resolved.”
Note: If I were a “top executive club flyer” I’d be p.o.’d!
Bankrupt RadioShack wants to sell off user data. But the bigger risk is if a Facebook or Google goes bust, March 26, 2015
“After filing for bankruptcy in early February, RadioShack is currently making its way through the painful process of figuring out how creditors will be paid back — auctioning off real estate and trademarks. Also on the list is more than 13 million e-mail addresses and 65 million customer names and physical addresses — as well as potential information about customers shopping habits.” What if Google or Facebook went bust? “‘If a Google or a Facebook were to fail, its data would be worth a lot more than information collected by RadioShack,’ said Ed Mierzwinski, the head of the Consumer Program at U.S. PIRG. “‘We’re constantly concerned that, particularly in the digital era, companies’ business models rely on collecting and selling customer information.'”
Via @WashingtonPost @TheSwitch @KansasAlps
Note: So, it’s just a matter of time before anyone who was a frequent Radio Shack buyer is breached. Consider this your heads up. And hopefully, both Google & Facebook are “too big to fail.”
A Privacy Engineer’s Analysis of Bitcoin, IAPP, March 26, 2015
This article gives a really solid breakdown of the privacy implications of Bitcoin, and the fact that Bitcoin is not completely anonymous.
Note: I especially encourage you to watch this video, embedded in the article. Or just this episode of the Good Wife (“Bit Coin for Dummies, Season 3, Episode 13). Whichever floats your boat.
One Cryptographer’s Solution to the Anonymity Paradox, IAPP, March 30, 2015
“During the humble beginnings of the Internet—long before cookies and private browsing—users could be completely anonymous online. Whatever you did on the Internet was your business. But in this era of big data and personalized services, that no longer holds true.”
Note: The article is essentially an ad for Identity Mixer and IBM Bluemix cloud, but it’s technology that appears worth trying out. And he makes a good point: “if the technology is available to “chang[e] the paradigm in favor of privacy . . . The question remains: Does society actually want it?” Plus, even though it’s an ad, he’s an IEEE (Institute of Electrical and Electronics Engineers) fellow. So he’s for real. 🙂
Blame It On the Privacy People
Ethics Rules Keep DeCode Genetics From Revealing Cancer Risks, MIT Technology Review, March 25, 2015
Kári Stefánsson, the CEO of [DeCode Genetics. . . owned by the U.S. biotechnology company Amgen,] an Icelandic gene-hunting company says he is able to identify everyone from that country who has a deadly cancer risk.” The CEO “has been unable to warn people of the danger because of ethics rules governing DNA research.” Darn ethics.
Note: My summary & commentary for this article was originally much longer, so I decided to make that its own separate post, available here.
The MIT Technology review article is 100% worth reading. If you have any interest, at all, in Medical Privacy, read this. MIT Technology Review makes their articles pretty readable. But fear not, this technology isn’t going to be applicable to the United States in the near future.