Rina Steenkamp - Privacy and technology
[So close, yet so far apart - The EU and U.S. visions of a new privacy framework | The dawn of a critical transparency right for the profiling era | Best practices for mobile application developers | Interdependence and predictability of human mobility and social interactions | What facial recognition technology means for privacy and civil liberties | How to increase visibility of government ICT projects for external stakeholders - A case of the Dutch government | Special Eurobarometer 390 - Cyber security | Smart grid security - Recommendations for Europe and member states | Web privacy census | Opinion 05/2012 on cloud computing | WhiteHat Security website statistics report - How does your website security stack up against your peers? | Dissecting Operation High Roller | [Proposed revisions to the draft General Data Protection Regulation] | Case C-173/11 | Incentives and barriers of the cyber insurance market in Europe | From fingerprints to DNA - Biometric data collection in U.S. immigrant communities and beyond | Data privacy - What the consumer really thinks]
An article by Christopher Wolf and Winston Maxwell.
From the article:
"The privacy frameworks recently proposed by the European Commission, the White House, and the FTC seek more protection of individuals, and are founded on the same underlying principles of fairness. However, despite a common foundation, the privacy regimes from opposite sides of the Atlantic exhibit fundamental differences in approach and substance."
Christopher Wolf and Winston Maxwell: So close, yet so far apart - The EU and U.S. visions of a new privacy framework (PDF)
[Open link in this window | Open link in new window]
HL: New article in ABA Antitrust Magazine contrasts EU-US proposals for new privacy framework
[Open link in this window | Open link in new window]
An article by Mireille Hildebrandt.
Abstract:
"Potential consumers are increasingly profiled to detect their habits and preferences in order to provide for targeted services. Both industry and the European Commission are investing huge sums of money into what they call Ambient Intelligence and the creation of an ‘Internet of Things’. Such intelligent networked environments will depend on real time monitoring and profiling, resulting in real time adaptations of the environment. In this contribution Mireille Hildebrandt will assess the threats and opportunities of such autonomic profiling in terms of its impact on individual autonomy and refined discrimination and indicate the extent to which traditional data protection is ineffective as regards profiling. She will then highlight the potential of the draft General Data Protection Regulation to provide a more adequate and effective level playing field for both the industry and individual citizens in the profiling era. The most revolutionary change she detects is not the right to be forgotten or the right to data portability but the right to be informed about the potential consequences of being profiled."
Mireille Hildebrandt: The dawn of a critical transparency right for the profiling era (PDF can be downloaded from this page)
[Open link in this window | Open link in new window]
Stas Verberkt: Gastpost - Privacy is dood, leve de identiteit!
[Open link in this window | Open link in new window]
A report by the Future of Privacy Forum and the Center for Democracy and Technology.
From the Introduction:
"Mobile apps are at the forefront of current consumer privacy concerns. High profile media attention and a series of class action lawsuits have prompted close scrutiny of app developer data practices from federal and state regulators. As a result, the U.S. the Federal Trade Commission (FTC) is actively enforcing consumer privacy rights against application developers that surreptitiously access or misuse user data. [...] The guidelines set forth in this document are intended to serve as a road map for you, the mobile app developer, to build privacy into your apps, better inform and empower end-users, and foster trust and confidence in the mobile app ecosystem."
Future of Privacy Forum and the Center for Democracy and Technology: Best practices for mobile application developers (PDF)
[Open link in this window | Open link in new window]
FPF: Best practices for mobile app developers
[Open link in this window | Open link in new window]
Government Health IT: 7 steps to building privacy into a health app
[Open link in this window | Open link in new window]
A paper by Manlio De Domenico, Antonio Lima and Mirco Musolesi.
From the Abstract:
"In this paper we discuss the results of our analysis of the NokiaMobile Data Challenge dataset showing that by means of multivariate nonlinear predictors it is possible to exploit mobility data of friends in order to improve user movement forecasting. This can be seen as a process of discovering correlation patterns in networks of linked social and geographic data. We also show how mutual information can be used to quantify this correlation. We demonstrate how to use this quantity to select individuals with correlated mobility patterns in order to improve movement prediction. We show that the exploitation of data related to friends improves dramatically the prediction with respect to the case of information of people that do not have social ties with the user. Finally, we discuss how movement correlation is linked to social interactions, in terms of colocation and number of phone calls between individuals."
Manlio De Domenico, Antonio Lima and Mirco Musolesi: Interdependence and predictability of human mobility and social interactions (PDF)
[Open link in this window | Open link in new window]
FrankWatching: Location based - leven in saaie voorspelbaarheid
[Open link in this window | Open link in new window]
Technology Review: A phone that knows where you're going
[Open link in this window | Open link in new window]
Written testimony to the Senate Committee on the Judiciary Subcommittee on Privacy, Technology, and the Law, by Jennifer Lynch.
From the testimony:
"Although the collection of biometrics - including face recognition-ready photographs - seems like science fiction; it is already a well-established part of our lives in the United States. The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) each have the largest biometrics databases in the world, and both agencies are working to add extensive facial recognition capabilities. The FBI has partnered with several states to collect face recognition-ready photographs of all suspects arrested and booked, and, in December 2011, DHS signed a $71 million dollar contract with Accenture to incorporate facial recognition and allow real-time biometrics sharing with the Department of Justice (DOJ) and Department of Defense (DOD). State and local lawenforcement agencies are also adopting and expanding their own biometrics databases to incorporate face recognition, and are using handheld mobile devices to allow biometrics collection in 'the field.' The scope of government-driven biometrics data collection is well-matched by privatesector collection. Facebook, which uses face recognition by default to scan all photos uploaded to its site, states that its users uploaded more than 300 million photos every day in the three months ending on March 31, 2012. And Face.com, which developed Facebook's face recognition tools and was recently acquired by the company, stated in March that it had indexed 31 billion face images."
Jennifer Lynch: What facial recognition technology means for privacy and civil liberties (PDF)
[Open link in this window | Open link in new window]
EFF: EFF urges Congress to protect privacy in face recognition
[Open link in this window | Open link in new window]
EPIC: EPIC recommends protections for use of commercial face recognition technology
[Open link in this window | Open link in new window]
NetworkWorld Ms. Smith: EFF - Americans may not realize it, but many are in a face recognition database now
[Open link in this window | Open link in new window]
A master's thesis in information management by Nadia Ahmad Awan.
From 1. Introduction:
"This thesis aims to propose an ICT investments disclosure mechanism that need not be limited to the cost, history and retrospective aspects of the investments; rather encompass benefits and focus on being pro-active, promote clear attribution of responsibility, establish a relationship between ICT performance and the institutional objective (Cunningham & Harris, 2005), and provide rich and credible information to external stakeholders."
Nadia Ahmad Awan: How to increase visibility of government ICT projects for external stakeholders - A case of the Dutch government (PDF)
[Open link in this window | Open link in new window]
Software Improvement Group: Een frisse blik op onze transparantie
[Open link in this window | Open link in new window]
Computable: Rijk krijgt nieuwe ideeën voor ICT-dashboard
[Open link in this window | Open link in new window]
Conducted at the request of the European Commission, Directorate-General Home Affairs, by TNS Opinion and Social.
From the Introduction:
"The aim of the survey is to understand EU citizens' experiences and perceptions of cyber security issues. The survey examines the frequency and type of internet use that EU citizens have; their confidence about internet transactions; their awareness and experience of cybercrimes; and the level of concern that they feel about this type of crime."
TNS Opinion and Social: Special Eurobarometer 390 - Cyber security (PDF)
[Open link in this window | Open link in new window]
European Commission: Eurobarometer special surveys - Cyber security
[Open link in this window | Open link in new window]
Europa: Cybercrime - EU citizens concerned by security of personal information and online payments
[Open link in this window | Open link in new window]
Nu.nl: Nederlanders passen wachtwoorden relatief vaak aan
[Open link in this window | Open link in new window]
A report by ENISA.
From the Executive Summary:
"This study makes 10 recommendations to the public and private sector involved in the definition and implementation of smart grids. These recommendations intend to provide useful and practical advice aimed at improving current initiatives, enhancing co-operation, raising awareness, developing new measures and good practices, and reducing barriers to information sharing. This guidance is based on the results of a thorough analysis of the opinions of the experts who participated in the study. Furthermore, important information coming from in-depth desktop research is also taken into consideration. All this data has been analysed and has provided almost 100 Key Findings."
ENISA: Smart grid security - Recommendations for Europe and member states (PDF linked from page)
[Open link in this window | Open link in new window]
ENISA: New ENISA study - 10 recommendations for making European smart grids safer
[Open link in this window | Open link in new window]
A research project by the Berkeley Center for Law and Technology.
From the page:
"Our goal is to define and quantify vectors for tracking consumers on the internet. By doing this, using consistent methods over time, we will be able to make empirical statements about the state of internet tracking and privacy."
Berkeley Center for Law and Technology: Web privacy census
[Open link in this window | Open link in new window]
InsidePrivacy: Two recent privacy reports on consumer confidence and website tracking practices
[Open link in this window | Open link in new window]
PrivacyLives: UC-Berkeley law school releases web privacy census
[Open link in this window | Open link in new window]
Security.nl: Top 100 websites plaatst 5.800 cookies op computer
[Open link in this window | Open link in new window]
A publication by the Article 29 data protection working party.
From the Executive Summary:
"A key conclusion of this Opinion is that businesses and administrations wishing to use cloud computing should conduct, as a first step, a comprehensive and thorough risk analysis. All cloud providers offering services in the EEA should provide the cloud client with all the information necessary to rightly assess the pros and cons of adopting such a service. Security, transparency and legal certainty for the clients should be key drivers behind the offer of cloud computing services."
Article 29 data protection working party: Opinion 05/2012 on cloud computing (PDF)
[Open link in this window | Open link in new window]
EPIC.org: European expert group affirms privacy rules for cloud service providers
[Open link in this window | Open link in new window]
HL: WP 29 opinion on cloud computing issued
[Open link in this window | Open link in new window]
IT en Recht: Opinion 05/2012 on cloud computing
[Open link in this window | Open link in new window]
SOLV: Opinie Artikel 29-werkgroep over cloud computing
[Open link in this window | Open link in new window]
A report by Jeremiah Grossman.
From 'At a glance - the current state of website security':
"There is a significant drop in the average number of serious vulnerabilities found per website per year — from 230 identified in 2010 to 79 in 2011. This is much reduced from over a thousand vulnerabilities back in 2007. While this vulnerability reduction trend is welcome news, there are several possible explanations that must be taken into consideration as the 'real' numbers may not be as rosy. [...] we routinely remind readers that this [...] report describes a best-case scenario. Websites are, at a minimum, THIS vulnerable. The same is true for any industry report of this kind."
Jeremiah Grossman: WhiteHat Security website statistics report - How does your website security stack up against your peers? (PDF)
[Open link in this window | Open link in new window]
WhiteHat Security: WhiteHat Security marks 2011 as the year of radical reduction in online vulnerabilities in twelfth edition of website security statistics report
[Open link in this window | Open link in new window]
Security.nl: Doorsnee website bevat 79 ernstige lekken
[Open link in this window | Open link in new window]
Tweakers.net: Onderzoek - vooral webwinkels bevatten veel beveiligingsgaten
[Open link in this window | Open link in new window]
WebWereld: Gemiddelde website telst 79 beveiligingslekken
[Open link in this window | Open link in new window]
A white paper by McAfee.
Summary on the front page:
"How the high-tech mantra of 'automation and innovation' helps a multi-tiered global fraud ring target high net worth businesses and individuals. Building on established Zeus and SpyEye tactics, this ring adds many breakthroughs: bypasses for physical 'chip and pin' authentication, automated mule account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 ($130,000 USD). Where Europe has been the primary target for this and other financial fraud rings in the past, our research found the thefts spreading outside Europe, including the United States and Colombia."
McAfee: Dissecting Operation High Roller (PDF)
[Open link in this window | Open link in new window]
AG: Team duikt op Nederlandse online-bankenfraude
[Open link in this window | Open link in new window]
Ars Technica: Sophisticated bank fraud attempted to steal at least $78 million
[Open link in this window | Open link in new window]
Computable: Digitale bankfraude treft Nederland hard
[Open link in this window | Open link in new window]
Nu.nl: Nederland getroffen door omvangrijke bankfraude
[Open link in this window | Open link in new window]
Nu.nl: Groot onderzoek naar mogelijke bankfraude
[Open link in this window | Open link in new window]
Security.nl: Nederlandse bedrijven doelwit digitale bankrover
[Open link in this window | Open link in new window]
Security.nl: PvdA bezorgd over acties cybercriminelen
[Open link in this window | Open link in new window]
Tweakers.net: 'Nederlandse bankklanten slachtoffer van miljoenenhack' - update
[Open link in this window | Open link in new window]
WebWereld: Sluwe ZeuS-mutant plundert ING- en Rabo-klanten
[Open link in this window | Open link in new window]
WebWereld: KLPD onderzoekt bankfraude door ZeuS-mutant
[Open link in this window | Open link in new window]
A document by the Council of the European Union.
From the front page of the document:
"Following the [Working Party on Data Protection and Exchange of Information] meetings of 23-34 February and 14-15 March 2012 and in the light of the written comments provided by Member States, the Presidency has revised the draft regulation proposed by the Commission. The proposed changes regard Articles 1-10 and 80(a) and 83. All delegations have a general scrutiny reservation on this proposal and the following delegations have a parliamentary scrutiny reservation: CZ, HU, NL and PL. Almost all delegations are of the opinion that the proposed regulation contains too many cases of delegated acts. Several delegations have a reservation on the chosen legal form of the proposed instrument and would prefer a Directive [BE, CZ, DE, SI."
Council of the European Union: [Proposed revisions to the draft General Data Protection Regulation] (PDF)
[Open link in this window | Open link in new window]
Out-law.com: Information should not be regarded as personal data if it is too burdensome to confirm its status, Council of Ministers says
[Open link in this window | Open link in new window]
An opinion by the EU Advocate General.
From the Conclusion:
"(1) Where a party uploads data from a database protected by sui generis right under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases onto that party's web server located in Member State A and, in response to requests from a user in another Member State B, the web server sends such data to the user's computer so that the data is stored in the memory of that computer and displayed on its screen, the act of sending the information constitutes an act of 're-utilisation' by that party.
(2) The act of re-utilisation performed by that party takes place both in Member State A and in Member State B."
EU Advocate General: Case C-173/11
[Open link in this window | Open link in new window]
Out-law.com: Internet publishing occurs where it is served from as well as where it is read, EU legal advisor says
[Open link in this window | Open link in new window]
A report by ENISA.
From the Executive Summary:
"Traditional coverage policies may not comprehensively address the risks faced by an organisation as part of the digital economy. In the UK, only a handful of insurers offer specialist cyber-insurance products, compared to 30-40 carriers in the United States (suggesting that a more mature market exists in the United States). The peculiarities of a cyber-incident, such as its location, severity and visibility, affect the related insurance market, raising different concerns. In light of this, ENISA conducted a study identifying possible causes inhibiting the cyber-insurance market and investigating incentives to kick –start its development."
ENISA: Incentives and barriers of the cyber insurance market in Europe (PDF linked from page)
[Open link in this window | Open link in new window]
ENISA: ENISA report calls for kick-start in cyber insurance market
[Open link in this window | Open link in new window]
A report by Jennifer Lynch.
From the Introduction:
"Both the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are in the process of expanding their biometrics databases to collect much more information, including face prints and iris scans. As of January 2012, the FBI has been working with several states to collect face recognition-ready photographs of all suspects arrested and booked. Once these federal biometrics systems are fully deployed, and once each of their approximately 100+ million records also includes photographs, it may become trivially easy to find and track people within the United States. Undocumented people living within the United States, as well as immigrant communities more broadly, are facing these issues more immediately than the rest of society and are uniquely affected by the expansion of biometrics collection programs. Under DHS's Secure Communities program, states are required to share their fingerprint data — via the FBI — with DHS, thus subjecting undocumented and even documented immigrants in the United States to heightened fears of deportation should they have any interaction with law enforcement. Further, under data-sharing agreements between the United States and other nations, refugees' biometric data may end up in the hands of the same repressive government they fled. Should they ever be deported or repatriated, they could face heightened risks from discrimination or even ethnic cleansing within their former home countries."
Jennifer Lynch: From fingerprints to DNA - Biometric data collection in U.S. immigrant communities and beyond (PDF)
[Open link in this window | Open link in new window]
EFF: From fingerprints to DNA - Biometric data collection U.S. immigrant communities and beyond
[Open link in this window | Open link in new window]
EFF: Biometric national IDs and passports - a false sense of security
[Open link in this window | Open link in new window]
InsidePrivacy: EFF and IPC - Biometric data collection in U.S. immigrant communities and beyond
[Open link in this window | Open link in new window]
InsidePrivacy: Biometric data under the privacy microscope
[Open link in this window | Open link in new window]
A report by the Direct Marketing Association.
From the Executive summary:
"Whilst the concept of privacy remains important to individuals - and one that they are still largely concerned to protect - this study confirms that notions of privacy continue to evolve in response to the spread of new digital technologies and the continuous growth of the consumer society. Two thirds of consumers surveyed agree that their definition of privacy is changing due to the internet and social media and four fifths agreed that disclosing personal information is an increasing part of modern life. Three quarters of the most connected, high-tech savvy consumers in the sample agree that being on social networks has changed their view of what is and is not private."
Direct Marketing Association: Data privacy - What the consumer really thinks (PDF)
[Open link in this window | Open link in new window]
DMA: Data privacy - What the consumer really thinks
[Open link in this window | Open link in new window]
Security.nl: Marketeers niet bang voor privacyfundamentalisten
[Open link in this window | Open link in new window]