Rina Steenkamp - Privacy and technology

Weblog

2011

[January | February | March | April | May | June | July | August | September | October | November | December]

January

[[On] "A comprehensive approach on personal data protection in the European Union" | The slide from "self-regulation" to corporate censorship | The Federal Trade Commission and privacy - defining enforcement and encouraging the adoption of best practices - version 2.0 | DNA databases and human rights | Lessons learned [on combating Conficker] | A step-by-step approach on how to set up a CSIRT | Reducing systemic cybersecurity risk | Data breach notifications in the EU | Security and resilience in governmental clouds | The impact of eHealth on the quality and safety of health care - a systematic overview | Law, technology and shifting power relations | Global status report on the Governance of Enterprise IT (GEIT) - 2011 | Security threat report 2011 | Measuring bias in "organic" web search | Some skepticism about search neutrality | Piracy is the future of television | Annual report PandaLabs 2010 | Opinion 8/2010 on applicable law | The long arm of EU data protection law: Does the Data Protection Directive apply to processing of personal data of EU citizens by websites worldwide? | Distributed Denial of Service attacks against independent media and human rights sites | The "certicicate authority" trust model for SSL: a defective foundation for encrypted web traffic and a legal quagmire | Threat assessment (abridged), Internet facilitated organised crime | The state of the electronic identity market: technologies, infrastructure, services and policies | Monitoring and ensuring compliance with Regulation (EC) 45/2001 | Smartphones: Information security risks, opportunities and recommendations for users | How to shop safely online | Commercial data privacy and innovation in the internet economy: a dynamic policy framework]

February

[Bittersweet cookies. Some security and privacy considerations | How unique and traceable are usernames? | Re - Commercial data privacy and innovation in the internet economy - a dynamic policy framework | Reliably erasing data from flash-based solid state drives | The 2011 (ISC)2 Global information security workforce study | 2011 Web security report | Lost iPhone? Lost passwords! | W32.Stuxnet Dossier Version 1.4 (February 2011) | Digital signage privacy standards | Guidelines on security and privacy in public cloud computing | Inferring friendship network structure by using mobile phone data | The deidentification dilemma - A legislative and contractual proposal | A good decade for cybercrime | The next digital decade | Cybersecurity two years later | Corporate cyborgs and technology risks | European privacy and human rights | The true cost of compliance | Patterns of misconduct - FBI intelligence violations from 2001-2008 | Cisco 2010 annual security report | Cloud computing - A primer on legal issues, including privacy and data security | Relay attacks on passive keyless entry and start systems in modern cars | Privacy by design at Microsoft]

March

[Draft "Commercial Privacy Bill of Rights Act of 2011" | Misplaced confidences - privacy and the control paradox | Being vulnerable to the threat of confusing threats with vulnerabilities | The cloud - Understanding the security, privacy and trust challenges | ISSA-UK 5173 Information security for small and medium sized enterprises | Trust and security in the cloud - The myths and realities of hosted applications | Electricity grid modernization - Progress being made on cybersecurity guidelines, but key challenges remain to be addressed | 2010 Annual study - U.S. cost of a data breach | Consumer Sentinel Network data book for January - December 2010 | Identifying 'anonymous' email authors | Botnets - 10 tough questions | Solid state drives - the beginning of the end for current practice in digital forensics recovery? | Do not track | 2010 Internet crime report | System error - Fixing the flaws in government IT]

April

[Towards street-level client-independent IP geolocation | Bridging the gap between physical location and online social networks | Tragedy of the data commons | SANS Seventh annual log management survey report | Shadow evaluation report on the Data Retention Directive (2006/24/EC) | Evaluation report [official version] on the Data Retention Directive (Directive 2006/24/EC) | Evaluation report [leaked version] on the Data Retention Directive (Directive 2006/24/EC) | Working document 01/2011 on the current EU personal data breach framework and recommendations for future policy developments | Freedom on the Net 2011 | 2011 Data breach investigations report | In the dark - Crucial industries confront attacks | Cyber Europe 2010 - Evaluation report | Cyber security - the road ahead | Cyber-Ark snooping survey, April 2011 | Social networking, age and privacy | Anonymity loves company - usability and the network effect | National strategy for trusted identities in cyberspace | Brief of amicus curiae Professor Michael Carrier in support of defendants-appellees and urging affirmance [Google/YouTube] | Opinion 12/2011 on smart metering | Software on the witness stand - what should it take for us to trust it? | Social norms and intellectual property - Online norms and the European legal development | The failure of online social network privacy settings | Resillience of the Internet interconnection ecosystem | How to shop for free online - Security analysis of cashier-as-a-service based web stores | Tweets and trades - the information content of stock microblogs | Brief of amici curiae in support of objections of real parties in interest Jacob Appelbaum, Birgitta Jonsdottir and Rop Gonggrijp to March 11, 2011 order denying motion to vacate | 2010 full year top cyber security risks report | Resilience metrics and measurements | The weak password problem - chaos, criticality, and encrypted p-CAPTCHAs | One bad apple spoils the bunch - exploiting P2P applications to trace and profile Tor users | Can we fix the security economics of federated authentication?]

May

["You might also like:" Privacy risks of collaborative filtering | Phonotactic reconstruction of encrypted VoIP conversations - Hookt on fon-iks | Shadow [intellectual property rights] report | A single market for intellectual property rights | The future of cloud computing - Opportunities for European cloud computing beyond 2010 | Advancing cloud computing - what to do now? Priorities for industry and governments | Audit of information technology security included in health information technology standards | WikiLeaks would not qualify to claim federal reporter's privilege in any form | International strategy for cyberspace | Opinion 13/2011 on geolocation services on smart mobile devices | Digital opportunity - A review of intellectual property and growth | Security intelligence report | The story so far - What we know about the business of digital journalism | HTTPi for practical end-to-end web content integrity | ENISA ad hoc working group on national risk management preparedness | Securing personal information | Exposing the lack of privacy in file hosting services | Security of cloud computing, providers study | Security guidance for critical areas of focus in cloud computing v2.1 | Hyper-local, directions-based ranking of places | The Federal Bureau of Investigation's ability to address the national security cyber intrusion threat | Terror, security, and money - balancing the risks, benefits and costs of homeland security | Readers' copyright]

June

[Broadband and the economy | Implementation of the safer social networking for the EU | Annual Report to Parliament 2010 - Personal Information Protection and Electronic Documents Act | PCI Data Security Standard - PCI DSS Virtualization guidelines | Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue | WiFi positioning systems - beware of unintended consequences | Privacy leakage vs. protection measures - the growing disconnect | Cybersecurity, innovation and the Internet economy | The information needs of communities - the changing media landscape in a broadband age | Attitudes on data protection and electronic identity in the European Union | Country reports [on the "state of the art" in network and information security] | Big data - The next frontier for innovation, competition and productivity | A policy framework for the 21st century grid - enabling our secure energy future | Guide to developing a cyber security and risk mitigation plan | Information systems audit report | Social networking sites and our lives | Adolescents and cybercrime - navigating between freedom and control | [On] the evaluation report from the Commission to the Council and the European Parliament on the Data Retention Directive | Legal analysis of a single market for the information society | Hasta la vista privacy, or how technology terminated privacy | Click trajectories - End-to-end analysis of the spam value chain | Identity and its verification | Synthesis report on the stakeholder's dialogue on illegal up- and downloading | Twenty-second annual report of the Data Protection Commissioner 2010]

July

[Unauthorised tapping into or hacking of mobile communications | Government and IT - "a recipe for rip-offs" - time for a new approach | Security and privacy controls for federal information systems and organizations - Appendix J - privacy control catalog | Imperva's web application attack report, Edition #1 - July 2011 | If search neutrality is the answer, what's the question? | Pirates of the ISPs - Tactics for turning online crooks into international pariahs | The effect of piracy on the quality of information goods | Freedom of expression on the Internet | The anti-counterfeiting trade agreement (ACTA) - an assessment | Opinion 15/2011 on the definition of consent | Orientations for EU ICT R&D & innovation beyond 2013 - 10 key recommendations | Supplement to Authentication in an Internet banking environment | Social media risks and mitigation | ePrivacy Directive - circumstances, procedures and formats for personal data breach notifications | Do not track or right on track? The privacy implications of online behavioural advertising | Wiretap report 2010 | Perceptions about network security | The underground economy of fake antivirus software | Information is the currency of democracy | 2010-2011 Annual report | 2010 Annual report of the Interception of Communications Commissioner | 2011 CWE/SANS Top 25 most dangerous software errors | Resolution on privacy and security related to smart meters | The [Critical Infrastructure Protection] Program - Are we on the right path or at a precipice?]

August

[McAfee Threats report - second quarter 2011 | Flash cookies and privacy II - Now with HTML5 and ETag respawning | Trends in circumventing web-malware detection | A policy maker's dilemma - Preventing terrorism or preventing blame | Protecting information privacy | The PII problem - Privacy and a new concept of personally identifiable information | Why Net censorship in times of political unrest results in more violent uprisings - a social simulation experiment on the UK riots | Attitudes on data protection and electronic identity in the European Union | Mobile app security study - appWatchdog findings | Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade | A taxonomy of operational cyber security risks | ICT professional societies in Europe | Science fiction prototyping and security education - cultivating contextual and sociatal thinking in computer security education and beyond | The National Programme for IT in the NHS - an update on the delivery of detailed care records systems | Revealed - Operation shady RAT | A security analysis of next generation web standards | Security threat report - Mid-year 2011 | Wireless evolution | Social media - Federal agencies need policies and procedures for managing and protecting information they access and disseminate]

September

[Accountability as the basis for regulating privacy - can information security regulations inform privacy policy? | Against notice skepticism | The case for online obscurity | Dispelling the myths surrounding de-identification - anonymization remains a strong tool for protecting privacy | Regulating privacy by design | A breach of confidence | FireEye Advanced Threat Report - 1H 2011 | Interim report, September 5, 2011, DigiNotar Certificate Authority breach | Opinion on the compatibility of [ACTA] with the [ECHR] and the EU Charter of Fundamental Rights | Improved response to disasters and outbreaks by tracking population movements with mobile phone network data - A post-earthquake geospatial study in Haiti | Mining the Dutch National ICT Dashboard | Consumer behaviour in a digital environment | In the matter of an applicaton of the United States of America for an order authorizing the release of historical cell-site information | The evolving landscape of internet control | 2011 Canadians and privacy survey | W32.Xpaj.B - Making easy money from complex code | ACTA and access to medicines]

October

[WikiLeaks and the PROTECT-IP Act - A new public-private threat to the internet commons | Facial recognition technology - A survey of policy and implementation issues | Information security - Weakness continue amid new federal efforts to implement requirements | Security pros & "cons" - IT professionals on confidence, confidential data, and today's cyber-cons | PIAF - A privacy impact assessment framework for data protection and privacy rights, Deliverable D1 | Securing personal information - a self-assessment tool for organizations | Orientierungshilfe - Cloud computing | Mobile application privacy policy framework | [O]n net neutrality, traffic management and the protection of privacy and personal data | Many failures - a brief history of privacy self-regulation in the United States | To track or 'do not track' - advancing transparency and individual control in online behavioral advertising | Cooperative models for effective public private partnerschips - good practice guide | Best practices for reporting badware URLs | Data mining - DHS needs to improve executive oversight of systems supporting counterterrorism | Guide for conducting risk assessments | Microsoft Security Intelligence Report, volume 10 | Six provocations for big data | User perspectives on mobile privacy - Summary of research findings | The limits of tort privacy | Verizon 2011 Payment Card Industry compliance report | Account deactivation and content removal - guiding principles and practices for companies and users | The risk of social engineering on information security - a survey of IT professionals | A call to courage - reclaiming our liberties ten years after 9/11 | Cyber security and the UK's national infrastructure | Small business virtualization poll - Global results | The USA PATRIOT Act and the use of cloud services - Q&A | Discussion document - privacy design guidelines for mobile application development | Fostering digital citizenship]

November

[Free speech is only as strong as the weakest link | W3C announces first draft of standard for online privacy | Hacking away at the truth - Alan Rusbridger's Orwell lecture | Cyber war wil not take place | Privacy and security in the implementation of health information thechnology (electronic health records) - U.S. and EU compared | 2011 Global Information Security Survey | Text-based CAPTCHA strenghts and weaknesses | Why Johnny can't opt out - a usabilty evaluation of tools to limit online behavioral advertising | Social engineering capture the flag results - Defcon 19 | Why parents help their children lie to Facebook about age - Unintended consequences of the [COPPA] | The Socialbot Network - when bots socialize for fame and money | The role of government in commercial cybersecurity | Orwell's armchair | The law enforcement surveillance reporting gap | Symantec Intelligence Report - October 2011 | Europe versus Facebook]

December

[[...] on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) | "Police and criminal justice data protection directive" | Operation Black Tulip - certificate authorities lose authority | [O]n EASA/IAB best practice recommendation on online behavioural advertising | McAfee Threats report - third quarter 2011 | European disaster recovery survey 2011 | Life-logging risk assessment | Cyber-bullying and online grooming - helping to protect against the risks | Self-regulatory principles for multi-site data | Metaphors and norms - Understanding copyright law in a digital society | Raising the bar - 2011 TMT global security study - key findings | NIST Cloud computing standards roadmap - Version 1.0 | NHS breaches of data protection law - How patient confidentiality was compromised five times every week]