Rina Steenkamp - Privacy and technology
[Russia's surveillance state | 2014 Data Breach Investigations Report | Heartbleed as metaphor | Heartbleed - Pointer-arithmetic considered harmful | Eternal vigilance is a solvable technical problem - A proposal for streamlined privacy alerts | U.S. views of technology and the future - Science in the next 50 years | FBI plans to have 52 million photos in its NGI face recognition database by next year | Opinion [...] on surveillance of electronic communications for intelligence and national security purposes | Status of location privacy legislation in the States | ABC4Trust - Attribute-based credentials for trust | Opinion [...] on anonymisation techniques | The password allocation problem - Strategies for reusing passwords effectively | Heartbleed - A wake-up call | Opinion [...] on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC | The Court of Justice declares the Data Retention Directive to be invalid | Privacy and competitiveness in the age of big data - The interplay between data protection, competition law and consumer protection in the Digital Economy | Cookies that give you away - Evaluating the surveillance implications of web tracking | Why your data breach is my problem - The risks of relying on "private" information that cannot be kept private | Have we become a "surveillance state"? A five-part test | ACLU comment on the proposed amendment to rule 41 concerning remote searches of electronic storage media | Medical privacy | Aftermarketfailure - Windows XP's end of support | "They know everything we do" - Telecom and internet surveillance in Ethiopia | The scoring of America - How secret consumer scores threaten your privacy and your future | Home location identification of Twitter users | ACLU comments on the White House Big Data Initiative | [Comments for the White House "Big Data review"] | OHCHR consultation in connection with General Assembly Resolution 68/167 "The right to privacy in the digital age" | Invasion of the data snatchers - Big Data and the Internet of Things means the surveillance of everything | The Internet of Things - the old problem squared | Markets voor cybercrime tools and stolen data - Hackers' Bazaar | Opinion [...] on personal data breach notification | Is data privacy an out of date concept? | Secure protocols for accountable warrant execution]
An article by Andrei Soldatov and Irina Borogan (World Policy Journal).
From the article:
"For years, Russian secret services have been busy tightening their hold over Internet users in their country, and now they're helping their counterparts in the rest of the former Soviet Union do the same. In the future, Russia may even succeed in splintering the web, breaking off from the global Internet a Russian intranet that's easier for it to control."
Read more:
A report by Verizon.
From 'Results and analysis':
"In the end, we identified nine patterns that together describe 94% of the confirmed data breaches we collected in 2013. But (using our best infomercial voice) that's not all! When we apply the same method to the last three years of breaches, 95% can be described by those same nine patterns. But wait — there's more! Act now, and we'll throw in all security incidents — not just breaches — from all partners and the VERIS Community Database (VCDB) over the last ten years — for free! Yes, all for the same price of nine patterns, you can describe 92% of 100K+ security incidents! Remember that promise from last year — 'We may be able to reduce the majority of attacks by focusing on a handful of attack patterns?' Consider it fulfilled. To us, this approach shows extreme promise as a way to drastically simplify the seemingly endless array of threats we must deal with to protect information assets."
Read more:
See also:
A blog post by Dan Geer (Lawfare).
From the blog post:
"One example of an effective monoculture, albeit within a domain that is almost but not quite Internet-scale, is the home and small business router market. Most on offer today are years out of date in software terms and there is NO upgrade path. Those routers can be taken over remotely and how to do so requires low skill. That they have been taken over does not diminish their usefulness to their owner nor is that takeover visible to their owner. The commandeered routers can be used immediately, which may be the case with an ongoing banking fraud now playing in Brazil, or they can be staged as a weapon for tomorrow, which may describe the worm called TheMoon that is now working its way through such devices. The router situation is as touchy as a gasoline spill in an enclosed shopping mall."
Read more:
A blog post by Robert Graham (Errata Security).
From the blog post:
"Heartbleed has encouraged people to look at the OpenSSL source code. Many have called it 'spaghetti code' -- tangled, fragile, and hard to maintain. While this characterization is accurate, it's unfair. OpenSSL is written according to standard programming practices. It's those practices which are at fault. If you get new engineers to rewrite the code, they'll follow the same practices, and end up with equally tangled code. Coding practices are out of date, laughably so. If you learn how to program in C in a university today, your textbook and your professor will teach you how to write code as if it were 1984 and not 2014. They will teach you to use 'strcpy()', a function prone to buffer-overflows that is widely banned in modern projects. There are fifty other issues with C that are just as important."
Read more:
A blog post by Arvind Narayanan (Freedom to Tinker).
From the blog post:
"There seem to be two problems with the status quo. First, there is no way to separate the articles on privacy that provide direct, actionable solutions from those that conclude 'this is an outrage!' or 'write to your congressperson today!' Second, only a small fraction of these stories affect any given user because they only affect specific demographics or users of a specific product. Here's how we could build a 'privacy alert' system that solves these problems. It has two components. The first is a privacy 'vulnerability tracker' similar to well-established security vulnerability trackers. Each privacy threat is tagged with severity, products or demographics affected, and includes a list of steps users can take. The second component is a user-facing privacy tool that knows the user's product choices, overall privacy preferences, etc., and uses this to filter the vulnerability database and generate alerts tailored to the user."
Read more:
A report by Aaron Smith, Lee Rainie and Michael Dimock (Pew Research Center and Smithsonian Magazine).
From the report:
"The legal and regulatory framework for operating non-military drones is currently the subject of much debate, but the public is largely unenthusiastic: 63% of Americans think it would be a change for the worse if 'personal and commercial drones are given permission to fly through most U.S. airspace,' while 22% think it would be a change for the better. Men and younger adults are a bit more excited about this prospect than are women and older adults. Some 27% of men (vs. 18% of women), and 30% of 18–29 year olds (vs. 16% of those 65 and older) think this would be a change for the better. But even among these groups, substantial majorities (60% of men and 61% of 18-29 year olds) think it would be a bad thing if commercial and personal drones become much more prevalent in future years."
Read more:
A blog post by Jennifer Lynch (EFF).
From the blog post:
"New documents released by the FBI show that the Bureau is well on its way toward its goal of a fully operational face recognition database by this summer. EFF received these records in response to our Freedom of Information Act lawsuit for information on Next Generation Identification (NGI)—the FBI's massive biometric database that may hold records on as much as one third of the U.S. population. [...] The records we received show that the face recognition component of NGI may include as many as 52 million face images by 2015. By 2012, NGI already contained 13.6 million images representing between 7 and 8 million individuals, and by the middle of 2013, the size of the database increased to 16 million images. The new records reveal that the database will be capable of processing 55,000 direct photo enrollments daily and of conducting tens of thousands of searches every day."
Read more:
See also:
Opinion by the Article 29 Data Protection Working Party (WP29).
From the Executive Summary:
"From its analysis, the Working Party concludes that secret, massive and indiscriminate surveillance programs are incompatible with our fundamental laws and cannot be justified by the fight against terrorism or other important threats to national security. Restrictions to the fundamental rights of all citizens could only be accepted if the measure is strictly necessary and proportionate in a democratic society. This is why the Working Party recommends several measures in order for the rule of law to be guaranteed and respected. [...]"
Read more:
A blog post by Allie Bohm (ACLU).
From the introduction to the blog post:
"In the wake of the NSA revelations, there has been an avalanche of state bills requiring law enforcement to obtain a probable cause warrant before tracking an individual’s location in an investigation. Most state legislators know they can’t control the NSA—but they can control their state and local law enforcement, which are engaging in some of the same invasive practices. [...] Working closely with our lobbyists in state capitols around the country, we’ve been tracking this activity and working hard to make sure these privacy-protective bills become law. The chart below shows the current status of state legislation as we understand it. We will keep this chart up-to-date as we receive new information."
Read more:
Official website of the ABC4Trust EU project.
From the press release:
"Pupils of Norrtullskolan secondary school in Soderhamn, Sweden, can exchange information online and discuss with a counsellor or a nurse while their privacy is protected via an anonymous authentication. In Greece, at the University of Athens, students can give their feedback on a course knowing they cannot be identified. At the same time, the university is able to confirm that a student is eligible to participate. These pilot applications allowing youngsters to express themselves freely are made possible by ABC4Trust. This project works on Attribute-based Credentials (ABC) which allow a holder to reveal just the minimal information required by an application, without giving away full identity information."
Read more:
Opinion by the Article 29 Data Protection Working Party (WP29).
From the Executive Summary:
"In this Opinion, the WP analyses the effectiveness and limits of existing anonymisation techniques against the EU legal background of data protection and provides recommendations to handle these techniques by taking account of the residual risk of identification inherent in each of them. [...] The main anonymisation techniques, namely randomization and generalization, are described in this opinion. In particular, the opinion discusses noise addition, permutation, differential privacy, aggregation, k-anonymity, l-diversity and t-closeness. It explains their principles, their strengths and weaknesses, as well as the common mistakes and failures related to the use of each technique."
Read more:
A paper by Rishab Nithyanand and Rob Johnson.
From the Abstract:
"Each Internet user has, on average, 25 password-protected accounts, but only 6.5 distinct passwords. Despite the advice of security experts, users are obviously re-using pass-words across multiple sites. So this paper asks the question: given that users are going to re-use passwords across multiple sites, how should they best allocate those passwords to sites so as to minimize their losses from accidental password disclosures?"
Read more:
See also:
A flash note by ENISA.
From the overview page:
"Last week the entire web discovered the existence of the so called 'Heartbleed' vulnerability affecting one of the most popular mechanisms used to secure communication with web sites: OpenSSL. The underlying problem is a programming error with fatal consequences. The technical background is analysed by ENISA in a new flash note."
Read more:
Opinion by the Article 29 Data Protection Working Party (WP29).
From the Executive Summary:
"This Opinion analyses the criteria set down in Article 7 of Directive 95/46/EC for making data processing legitimate. Focusing on the legitimate interests of the controller, it provides guidance on how to apply Article 7(f) under the current legal framework and makes recommendations for future improvements."
Read more:
A press release by the Court of Justice of the European Union.
From the press release:
"The Court observes first of all that the data to be retained make it possible, in particular, (1) to know the identity of the person with whom a subscriber or registered user has communicated and by what means, (2) to identify the time of the communication as well as the place from which that communication took place and (3) to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. Those data, taken as a whole, may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented. The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data. Furthermore, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance. [...] Although the retention of data required by the directive may be considered to be appropriate for attaining the objective pursued by it, the wide-ranging and particularly serious interference of the directive with the fundamental rights at issue is not sufficiently circumscribed to ensure that that interference is actually limited to what is strictly necessary."
Read more:
See also:
Preliminary Opinion by the European Data Protection Supervisor.
Summary:
"EU approaches to data protection, competition and consumer protection share common goals, including the promotion of growth, innovation and the welfare of individual consumers. In practice, however, collaboration between policy-makers in these respective fields is limited. Online services are driving the huge growth in the digital economy. Many of those services are marketed as 'free' but in effect require payment in the form of personal information from customers. An investigation into the costs and benefits of these exchanges for both consumers and businesses is now overdue. Closer dialogue between regulators and experts across policy boundaries can not only aid enforcement of rules on competition and consumer protection, but also stimulate the market for privacy-enhancing services."
Read more:
See also:
A paper by Dillon Reisman, Steven Englehardt, Christian Eubank, Peter Zimmerman, and Arvind Narayanan.
Abstract:
"We investigate the ability of a passive network observer to leverage third-party HTTP tracking cookies for mass surveillance. If two web pages embed the same tracker which emits a unique pseudonymous identifier, then the adversary can link visits to those pages from the same user (browser instance) even if the user's IP address varies. Using simulated browsing profiles, we cluster network traffic by transitively linking shared unique cookies and estimate that for typical users over 90% of web sites with embedded trackers are located in a single connected component. Furthermore, almost half of the most popular web pages will leak a logged-in user's real-world identity to an eavesdropper in unencrypted traffic. Together, these provide a novel method to link an identified individual to a large fraction of her entire web history. We discuss the privacy consequences of this attack and suggest mitigation strategies."
Read more:
An analyst brief by Stefan Frei, PhD and Bob Walder (NSS Labs).
From 'Overview':
"The continued loss of unique data, which should never be used for simple authentication purposes, threatens to erode confidence in the ecommerce system. As the realization dawns that not only are users not adequately protected by corporate security systems, but they are also at increasing risk of serious identity theft, there is the potential for backlash. Ecommerce enterprises that recognize the need to minimize the amount of truly unique personal data being held, and that work to improve the methods by which they authenticate users, could be in a position of advantage. Regardless, it is inevitable that enterprises wishing to continue to do business online will eventually be forced to change the way they enroll users to their services and subsequently authenticate them."
Read more:
A blog post by Jay Stanley (ACLU).
From the text:
"At a panel in Toronto recently I was asked whether I thought the United States had become a 'surveillance state.' How to answer that question? At first glance it's an impossibly fuzzy question, the answer to which is relative depending on whether one has in mind life in an 18th century American town, or the Stasi. At the same time, if we can impose some structure on how we approach the question, it is an opportunity to take stock of where we stand—probably a healthy exercise. Thinking it over, I came up with a five-part test by which we can consider the question: [...]"
Read more:
A memorandum by Nathan Freed Wessler, Christopher Soghoian, Alex Abdo and Rita Cant (ACLU).
From the introduction to the memorandum:
"The American Civil Liberties Union writes to offer its perspective on the proposed amendment to Rule 41 concerning remote searches of electronic storage media. [...] The proposed amendment would significantly expand the government's authority to conduct remote searches of electronic storage media. Those searches raise serious Fourth Amendment questions. It would also expand the government's power to engage in computer hacking in the course of criminal investigations, including through the use of malware and other techniques that pose a risk to internet security and that raise Fourth Amendment and policy concerns."
Read more:
See also:
A project by EFF.
From the project's main page:
"Some of the most sensitive information in the world—our prescription history, medical records, sexual history, drug usage information, and more—is entering the digital world. The digitization of medical records is being sold as an opportunity to revolutionize healthcare. But while digital medical records surely come with special benefits, this technological innovation also has huge ramifications for our privacy. EFF’s medical privacy project examines emerging issues in medical privacy, looking at how lagging medical privacy laws and swiftly advancing technological innovation leave patients vulnerable to having their medical data exposed, abused, or misconstrued."
Read more:
A paper by Andrew Tutt.
Abstract:
"After 12 years, support for Windows XP will end on April 8, 2014. Microsoft Windows XP’s end of support, combined with a collective action failure stemming from individual users’ failure to realize or internalize the costs of failing to migrate or upgrade their operating systems, could be catastrophic. The attached essay briefly sketches out the argument for why software monopolists should be legally required to help other companies provide ongoing support for their products. First, it describes the conceptual and economic theories that would support such a requirement. Second, it describes the conflicting law governing the intersection between intellectual property and antitrust. Third, it exhorts Microsoft to extend the support clock, release its sourcecode, or make clear to the world that should anyone else wish to take on the task of providing future security support for Windows XP, Microsoft will help them to do so."
Read more:
See also:
A report by Human Rights Watch.
From the Summary:
"The Ethiopian government has maintained strict control over Internet and mobile technologies so it can monitor their use and limit the type of information that is being communicated and accessed. Unlike most other African countries, Ethiopia has a complete monopoly over its rapidly growing telecommunications sector through the state-owned operator, Ethio Telecom. This monopoly ensures that Ethiopia can effectively limit access to information and curtail freedoms of expression and association without any oversight since independent legislative or judicial mechanisms that would ensure that surveillance capabilities are not misused do not exist in Ethiopia. All governments around the world engage in surveillance, but in most countries at least some judicial and legislative mechanisms are in place to protect privacy and other rights. In Ethiopia these mechanisms are largely absent. The government's actual control is exacerbated by the perception among Ethiopia’s population that government surveillance is omnipresent. This results in considerable self-censorship, with many Ethiopians refraining from openly communicating on a variety of topics across the telecom network."
Read more:
See also:
A report by Pam Dixon and Robert Gellman (World Privacy Forum).
From the Brief Summary of the Report:
"This report highlights the unexpected problems that arise from new types of predictive consumer scoring, which this report terms consumer scoring. [...] The report includes a roster of the types of consumer data used in predictive consumer scores today, as well as a roster of the consumer scores such as health risk scores, consumer prominence scores, identity and fraud scores, summarized credit statistics, among others. The report reviews the history of the credit score – which was secret for decades until legislation mandated consumer access -- and urges close examination of new consumer scores for fairness and transparency in their factors, methods, and accessibility to consumers."
Read more:
A paper by Jalal Mahmud, Jeffrey Nichols and Clemens Drews.
Abstract:
"We present a new algorithm for inferring the home location of Twitter users at different granularities, including city, state, time zone or geographic region, using the content of users' tweets and their tweeting behavior. Unlike existing approaches, our algorithm uses an ensemble of statistical and heuristic classifiers to predict locations and makes use of a geographic gazetteer dictionary to identify place-name entities. We find that a hierarchical classification approach, where time zone, state or geographic region is predicted first and city is predicted next, can improve prediction accuracy. We have also analyzed movement variations of Twitter users, built a classifier to predict whether a user was travelling in a certain period of time and use that to further improve the location detection accuracy. Experimental evidence suggests that our algorithm works well in practice and outperforms the best existing algorithms for predicting the home location of Twitter users."
Read more:
See also:
A document by Laura W. Murphy and Christopher Calabrese (ACLU).
From the introduction:
"[...] big data does not present wholly – or even mostly – new challenges. In reality these issues have been confronting policymakers since at least the 1970s, when the federal government developed the first version of the Fair Information Practice Principles. In fact, we already have solutions for some of the privacy issues that confront us today and there are specific actions the executive branch can take to improve Americans' privacy. With that goal in mind, the bulk of these comments will focus on two main areas. The first area is immediate actions the administration can and should take to improve how the federal government collects and uses personal information. The second area is a few specific subjects where sustained focus and attention could improve privacy knowledge and best practices in the future."
Read more:
Public comments by Jules Polonetsky, Christopher Wolf, Josh Harris and Joseph Jerome (Future of Privacy Forum).
From the introduction:
"Unlocking the value of data and instituting responsible data practices go hand-in-hand, and both have been an important focus of FPF's work since our founding in 2008. FPF recognizes the enormous potential benefits to consumers and to society from sophisticated data analytics, yet FPF also understands that taking advantage of big data may require evolving how we implement traditional privacy principles. Through our work on inter-connected devices and applications and the emerging Internet of Things, FPF has acquired experience with the technologies involved in data collection and use. FPF appreciates this opportunity to provide Comments and share its insights into how best to promote the benefits of big data while minimizing any resulting privacy risks or harms."
Read more:
Comments submitted by Privacy International, Access, Electronic Frontier Foundation, Article 19, Human Rights Watch, World Wide Web Foundation.
From the Executive Summary:
"Submissions and recommendations cover five main themes: the meaning of interferences with the right to privacy in the context of communications surveillance, the out-dated distinction between communications data and content, the conceptualisation of mass surveillance as inherently disproportionate, the extra-territorial application of the right to privacy, and the need or legal frameworks to provide protections for the right to privacy without discriminating on the basis of nationality."
Read more:
A blog post by Catherine Crump and Matthew Harwood (ACLU).
From the blog post:
"A future Internet of Things does have the potential to offer real benefits, but the dark side of that seemingly shiny coin is this: companies will increasingly know all there is to know about you. Most people are already aware that virtually everything a typical person does on the Internet is tracked. In the not-too-distant future, however, real space will be increasingly like cyberspace, thanks to our headlong rush toward that Internet of Things. With the rise of the networked device, what people do in their homes, in their cars, in stores, and within their communities will be monitored and analyzed in ever more intrusive ways by corporations and, by extension, the government."
Read more:
A blog post by Amy Collins, Adam J. Fleisher, Reed Freeman and Alistair Maughan (SCL).
From the blog post:
"Cisco estimates that some 25 billion devices will be connected in the IoT by 2015, and 50 billion by 2020. Analyst firm IDC makes an even bolder prediction: 212 billion connected devices by 2020. This massive increase in connectedness will drive a wave of innovation and could generate up to $19 trillion in savings over the next decade, according to Cisco's estimates. But the ingenuity and innovation which companies will apply to turn the IoT into practical reality is constrained by law and regulation. Existing issues may take on new dimensions and, as technologies combine, so will the legal consequences of those technologies. In this article, we look at the prospects for the IoT as well as the likely legal and regulatory factors that will affect the development and growth of IoT technology and the markets that such technology will create."
Read more:
A report by Lillian Ablon, Martin C. Libicki and Andrea A. Golay (RAND National Security Research Division, Juniper Networks).
From 'Preface':
"Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets in both the tools (e.g., exploit kits) and the take (e.g., credit card information). As with most things, intent is what can make something criminal or legitimate, and there are cases where goods or services can be used for altruistic or malicious purposes (e.g., bulletproof hosting and zero-day vulnerabilities). This report describes the fundamental characteristics of these markets and how they have grown into their current state in order to give insight into how their existence can harm the information security environment. Understanding the current and predicted landscape for these markets lays the groundwork for follow-on exploration of options that could minimize the potentially harmful influence these markets impart."
Read more:
An opinion by the Article 29 Data Protection Working Party.
From the Executive Summary:
"In this Opinion, the Article 29 Working Party provides guidance to controllers in order to help them to decide whether to notify data subjects in case of a “personal data breach”. Although this opinion considers the existing obligation of providers of electronic communications regarding Directive 2002/58/EC, it provides examples from multiple sectors, in the context of the draft data protection regulation, and presents good practices for all controllers."
Read more:
A blog post by John Bryan (Naked Security).
From 'So what am I saying?'
"It's not that I'm saying that data privacy is unimportant. Unfortunately in the real world not everyone one has evolved to the point where prejudices don't exist. The security reasons for some data privacy is more urgent now than ever before. But data privacy should not be done by rote, instead it should be done with thought and consideration. [...] There always will be someone who wants to use and abuse that information for profit and exploitation. So anyone who is a caretaker of personal data still needs to ensure that they leave decisions on what is no longer private to the data owner - the individual. But let's also keep our minds open that 'personal' is about being living, breathing people and not something to be imprisoned under lock and key."
Read more:
A paper by Joshua A. Kroll, Edward W. Felten and Dan Boneh.
Abstract:
"We describe cryptographic protocols for secure execution of warrants or legal orders authorizing access to data held by private parties. Using cryptography enables a better combination of security, privacy, and accountability properties than would otherwise be possible. We describe a series of protocols, based on different assumptions about trust and technical sophistication of the parties, and making use of wellstudied cryptographic tools. We report benchmark results from our prototype implementation of the tools involved in one such protocol, and show that the protocol's entire computational cost is easily feasible even for very large data sets, such as 'cloud' software service or telecommunications databases comprising billions of records."
Read more: