July

The web never forgets - Persistent tracking mechanisms in the wild

A draft paper by Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan and Claudia Diaz.

Abstract:

"We present the first large-scale studies of three advanced web tracking mechanisms - canvas fingerprinting, evercookies and use of 'cookie syncing' in conjunction with evercookies. Canvas fingerprinting, a recently developed form of browser fingerprinting, has not previously been reported in the wild; our results show that over 5% of the top 100,000 websites employ it. We then present the first automated study of evercookies and respawning and the discovery of a new evercookie vector, IndexedDB. Turning to cookie syncing, we present novel techniques for detection and analysing ID flows and we quantify the amplification of privacy-intrusive tracking practices due to cookie syncing. Our evaluation of the defensive techniques used by privacy-aware users finds that there exist subtle pitfalls - such as failing to clear state on multiple browsers at once - in which a single lapse in judgement can shatter privacy defenses. This suggests that even sophisticated users face great diculties in evading tracking techniques."

Read more:

• Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan and Claudia Diaz: The web never forgets - Persistent tracking mechanisms in the wild
  [Overview page with link to PDF | PDF]

See also:

• Julia Angwin (ProPublica): Meet the online tracking device that is virtually impossible to block
  [Full text]

[Permalink]

openPDS - Protecting the privacy of metadata through SafeAnswers

An article by Yves-Alexandre de Montjoye, Erez Shmueli, Samuel S. Wang and Alex Sandy Pentland (PLOS One).

From the Abstract:

"The rise of smartphones and web services made possible the large-scale collection of personal metadata. Information about individuals' location, phone call logs, or web-searches, is collected and used intensively by organizations and big data researchers. Metadata has however yet to realize its full potential. Privacy and legal concerns, as well as the lack of technical solutions for personal metadata management is preventing metadata from being shared and reconciled under the control of the individual. This lack of access and control is furthermore fueling growing concerns, as it prevents individuals from understanding and managing the risks associated with the collection and use of their data. Our contribution is two-fold: (1) we describe openPDS, a personal metadata management framework that allows individuals to collect, store, and give finegrained access to their metadata to third parties. It has been implemented in two field studies; (2) we introduce and analyze SafeAnswers, a new and practical way of protecting the privacy of metadata at an individual level."

Read more:

• Yves-Alexandre de Montjoye, Erez Shmueli, Samuel S. Wang and Alex Sandy Pentland (PLOS One): openPDS - Protecting the privacy of metadata through SafeAnswers
  [Overview page with link to PDF | PDF]

[Permalink]

Containment control for a social network with state-dependent connectivity

A paper by Zhen Kan, Justin Klotz, Eduardo L. Pasiliao Jr and Warren E. Dixon.

Abstract:

"Social interactions influence our thoughts, opinions and actions. In this paper, social interactions are studied within a group of individuals composed of influential social leaders and followers. Each person is assumed to maintain a social state, which can be an emotional state or an opinion. Followers update their social states based on the states of local neighbors, while social leaders maintain a constant desired state. Social interactions are modeled as a general directed graph where each directed edge represents an influence from one person to another. Motivated by the non-local property of fractional-order systems, the social response of individuals in the network are modeled by fractional-order dynamics whose states depend on influences from local neighbors and past experiences. A decentralized influence method is then developed to maintain existing social influence between individuals (i.e., without isolating peers in the group) and to influence the social group to a common desired state (i.e., within a convex hull spanned by social leaders). Mittag-Leffler stability methods are used to prove asymptotic stability of the networked fractional-order system."

Read more:

• Zhen Kan, Justin Klotz, Eduardo L. Pasiliao Jr and Warren E. Dixon: Containment control for a social network with state-dependent connectivity
  [PDF]

See also:

• Sean Gallagher (Ars Technica): Air Force research - How to use social media to control people like drones
  [Full text]

[Permalink]

Information Commissioner's annual report and financial statements 2013/14

A report by the Information Commissioner's Office.

From the Information Commissioner's foreword:

"We need to be able to audit any and all data controllers and public authorities for compliance with information rights laws. People who steal others' personal information need to face the prospect of a prison sentence. And private contractors undertaking public functions should be no less transparent and accountable than their public sector equivalents. [...] As well as having the powers and the resources to do the job that is needed in this 'Brave New World' of both digital opportunities and digital threats, the Information Commissioner needs the guarantee of independence that comes from a more formal relationship with Parliament than is the case at present. We value our involvement in Whitehall policy making, but to be an effective partner the ICO must be recognised as more than just another nondepartmental public body."

Read more:

• Information Commissioner's Office: Information Commissioner's annual report and financial statements 2013/14
  [PDF]

See also:

• Out-law.com: Record number of data protection complaints received and resolved by UK privacy watchdog
  [Full text]

[Permalink]

The right to privacy in the digital age

Report of the Office of the UN High Commissioner for Human Rights.

From 'Conclusions and recommendations':

"49. Effectively addressing the challenges related to the right to privacy in the context of modern communications technology will require an ongoing, concerted multi-stakeholder engagement. This process should include a dialogue involving all interested stakeholders, including Member States, civil society, scientific and technical communities, the business sector, academics and human rights experts. As communication technologies continue to evolve, leadership will be critical to ensuring that these technologies are used to deliver on their potential towards the improved enjoyment of the human rights enshrined in the international legal framework.
50. Bearing the above observations in mind, there is a clear and pressing need for vigilance in ensuring the compliance of any surveillance policy or practice with international human rights law, including the right to privacy, through the development of effective safeguards against abuses. As an immediate measure, States should review their own national laws, policies and practices to ensure full conformity with international human rights law. Where there are shortcomings, States should take steps to address them, including through the adoption of a clear, precise, accessible, comprehensive and non-discriminatory legislative framework. Steps should be taken to ensure that effective and independent oversight regimes and practices are in place, with attention to the right of victims to an effective remedy."

Read more:

• UN High Commissioner for Human Rights: The right to privacy in the digital age
  [Full text, PDF | News release]

See also:

• Parker Higgins and Katitza Rodriguez: UN Human rights report and the turning tide against mass spying
  [Full text]

[Permalink]

[...] briefing on the fast-track Data Retention and Investigatory Powers Bill

A publication by Liberty, Privacy International, Open Rights Group, Big Brother Watch, Article 19 and English PEN.

From the Conclusion:

"29. This fast track legislation contains sweeping surveillance powers that will affect every man, woman and child in the UK. The Bill contains the powers for Government to continue to mandate the blanket retention of the communications data of the whole population for 12 months. This is in direct contradiction of a Court judgment which held that blanket indiscriminate retention of communications data breached human rights. The Bill also contains new and unprecedented powers for the UK Government to require overseas companies to comply with interception warrants and communications data acquisition requests and mandate overseas companies to build interception capabilities in to their products and infrastructure. These provisions will expand interception powers currently being challenged in the British courts appearing to enable the Government to issue interception warrants mandating mass surveillance outside of the United Kingdom."

Read more:

• Liberty, Privacy International, Open Rights Group, Big Brother Watch, Article 19 and English PEN: [...] briefing on the fast-track Data Retention and Investigatory Powers Bill
  [Full text, PDF | Related blog post]

See also:

• Ray Corrigan (B2fxxx): Data Retention & Investigatory Powers (DRIP) Bill - a significant change in the law
  [Full text]
• Out-law.com: Emergency data retention law could fail same tests as the existing law
  [Full text]
• Mike Rispoli (Privacy International): No slow DRIP - Expansion of surveillance powers being rammed through Parliament
  [Full text]
• EDRi: UK - Emergency legislation on data retention pushed through
  [Full text]

[Permalink]

Digital life in 2025 - Net threats

A report by PewResearchCenter.

From the Summary:

"As Internet experts look to the future of the Web, they have a number of concerns. This is not to say they are pessimistic: The majority of respondents to this 2014 Future of the Internet canvassing say they hope that by 2025 there will not be significant changes for the worse and hindrances to the ways in which people get and share content online today. And they said they expect that technology innovation will continue to afford more new opportunities for people to connect. Still, some express wide levels of concern that this yearning for an open Internet will be challenged by trends that could sharply disrupt the way the Internet works for many users today as a source of largely unfettered content flows."

Read more:

• PewResearchCenter: Digital life in 2025 - Net threats
  [Overview page with link to PDF]

[Permalink]

Loopholes for circumventing the Constitution - warrantless bulk surveillance on Americans by collecting network traffic abroad

A paper by Axel Arnbak and Sharon Goldberg.

Abstract:

"In this multi-disciplinary paper, we reveal interdependent legal and technical loopholes that intelligence agencies of the U.S. government could use to circumvent constitutional and statutory safeguards for U.S. persons. We outline known and new circumvention techniques that can leave the Internet traffic of Americans as vulnerable to surveillance, and as unprotected by U.S. law, as the Internet traffic of foreigners."

Read more:

• Axel Arnbak and Sharon Goldberg: Loopholes for circumventing the Constitution - warrantless bulk surveillance on Americans by collecting network traffic abroad
  [Full text, SSRN | Related blog post]

[Permalink]

Data sharing between public bodies - a scoping report

A publication by the Law Commission.

From 'Anonymous information':

"6.31 Technology has developed apace since the 1995 Data Protection Directive and its transposition in the United Kingdom in the Data Protection Act 1998. Information can no longer be truly anonymous if it is shared. The law on anonymisation needs to be reviewed so as reflect a sliding scale of risk with regard to anonymous data. Thought should be given to whether similar balancing tests should be applied to anonymised or pseudonymised data as to personal data, and what other considerations should be applied where information is to be used for purposes not directly related to the individual concerned. Although much of this depends on legislation at the level of the European Union, a full law reform project could explore the scope for a more risk-based approach in dealing with data that are de-identified but may nevertheless remain within the definition of personal data."

Read more:

• The Law Commission: Data sharing between public bodies - a scoping report
  [Full text, PDF]

See also:

• Out-law.com: Law Commission - full-scale reform of law governing data sharing by public bodies needed
  [Full text]

[Permalink]

A 'right to be forgotten' procedure for Google; it appears to have difficulty in developing one

A blog post by HawkTalk.

From the blog post:

"It is well known Google does not like the ECJ judgment and the suspicion is that Google is removing links and telling journalists that their scoops are no longer accessible to the public. This provokes them to go ballistic, in print, and make wild claims of censorship; the last Sunday Times editorial on 'The right-to-be-forgotten law is an ass' is an example of the ill-informed outcome which, sadly, Google appears to be encouraging. Such gamesmanship explains why I have decided to devote this (very long) blog to draft a procedure for Google to follow; I think it covers most of the issues in a way that balances the conflicting interests. There might be nuances at the edges, but I think the approach is mainly correct. Anybody who can improve it, please make a comment."

Read more:

• HawkTalk: A 'right to be forgotten' procedure for Google; it appears to have difficulty in developing one
  [Full text]

See also:

• Mark Scott (NYT Bits): Google to tour Europe to discuss privacy
  [Full text]
• Robin Wilton (Robin Wilton's Esoterica): Google, The Guardian and the 'right to deletion'
  [Full text]

[Permalink]

Money walks - a human-centric study on the economics of personal mobile data

A paper by Jacopo Staiano, Nuria Oliver, Bruno Lepri, Rodrigo de Oliveira, Michele Caraviello and Nicu Sebe.

Abstract:

"In the context of a myriad of mobile apps which collect personally identifiable information (PII) and a prospective market place of personal data, we investigate a user-centric monetary valuation of mobile PII. During a 6-week long user study in a living lab deployment with 60 participants, we collected their daily valuations of 4 categories of mobile PII (communication, e.g. phonecalls made/received, applications, e.g. time spent on different apps, location and media, e.g. photos taken) at three levels of complexity (individual data points, aggregated statistics and processed, i.e. meaningful interpretations of the data). In order to obtain honest valuations, we employ a reverse second price auction mechanism. Our findings show that the most sensitive and valued category of personal information is location. We report statistically significant associations between actual mobile usage, personal dispositions, and bidding behavior. Finally, we outline key implications for the design of mobile services and future markets of personal data."

Read more:

• Jacopo Staiano, Nuria Oliver, Bruno Lepri, Rodrigo de Oliveira, Michele Caraviello and Nicu Sebe: Money walks - a human-centric study on the economics of personal mobile data
  [Full text, ARXIV | Full text, PDF]

See also:

• Tim Kraaijvanger (Scientias): Hoveel is jouw persoonlijke informatie waard?
  [Full text, in Dutch]

[Permalink]

The emperor's new password manager - Security analysis of web-based password managers

A paper by Zhiwei Li, Warren He, Devdatta Akhawe and Dawn Song.

Abstract:

"We conduct a security analysis of five popular web-based password managers. Unlike 'local' password managers, web-based password managers run in the browser. We identify four key security concerns for web-based password managers and, for each, identify representative vulnerabilities through our case studies. Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user's credentials for arbitrary websites. We find vulnerabilities in diverse features like one-time passwords, bookmarklets, and shared passwords. The root-causes of the vulnerabilities are also diverse: ranging from logic and authorization mistakes to misunderstandings about the web security model, in addition to the typical vulnerabilities like CSRF and XSS. Our study suggests that it remains to be a challenge for the password managers to be secure. To guide future development of password managers, we provide guidance for password managers. Given the diversity of vulnerabilities we identified, we advocate a defense-in-depth approach to ensure security of password managers."

Read more:

• Zhiwei Li, Warren He, Devdatta Akhawe and Dawn Song: The emperor's new password manager - Security analysis of web-based password managers
  [Full text | Related blog post by LastPass]

See also:

• Graham Cluley (WeLiveSecurity): LastPass security holes found by researcher, says password management firm - but no need to panic
  [Full text]

[Permalink]

Password portfolios and the finite-effort user - sustainably managing large numbers of accounts

A paper by Dinei Florencio, Cormac Herley and Paul C. van Oorschot.

Abstract:

"We explore how to manage a portfolio of passwords. We review why mandating exclusively strong passwords with no re-use gives users an impossible task as portfolio size grows. We find that approaches justified by loss-minimization alone, and those that ignore important attack vectors (e.g., vectors exploiting re-use), are amenable to analysis but unrealistic. In contrast, we propose, model and analyze portfolio management under a realistic attack suite, with an objective function costing both loss and user effort. Our findings directly challenge accepted wisdom and conventional advice. We find, for example, that a portfolio strategy ruling out weak passwords or password re-use is sub-optimal. We give an optimal solution for how to group accounts for re-use, and model-based principles for portfolio management."

Read more:

• Dinei Florencio, Cormac Herley and Paul C. van Oorschot: Password portfolios and the finite-effort user - sustainably managing large numbers of accounts
  [Full text, PDF]

See also:

• Alex Hern (The Guardian): Microsoft tells users to stop using strong passwords everywhere
  [Full text]

[Permalink]

In NSA-intercepted data, those not targeted far outnumber the foreigners who are

An article by Barton Gellman, Julie Tate and Ashkan Soltani (Washington Post).

From the article:

"Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post. Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else."

Read more:

• Barton Gellman, Julie Tate and Ashkan Soltani (Washington Post): In NSA-intercepted data, those not targeted far outnumber the foreigners who are
  [Full text]

See also:

• Julian Sanchez: Nine to one, baby, one in nine - surveillance by the numbers
  [Full text]

[Permalink]

No silver bullet - De-identification still doesn't work

An article by Arvind Narayanan and Edward W. Felten.

From the article:

"Paul Ohm's 2009 article 'Broken Promises of Privacy' spurred a debate in legal and policy circles on the appropriate response to computer science research on re-identification. In this debate, the empirical research has often been misunderstood or misrepresented. A new report by Ann Cavoukian and Daniel Castro is full of such inaccuracies, despite its claims of 'setting the record straight.' We point out eight of our most serious points of disagreement with Cavoukian and Castro. The thrust of our arguments is that (i) there is no evidence that de-identification works either in theory or in practice3 and (ii) attempts to quantify its efficacy are unscientific and promote a false sense of security by assuming unrealistic, artificially constrained models of what an adversary might do."

Read more:

• Arvind Narayanan and Edward W. Felten: No silver bullet - De-identification still doesn't work
  [Full text, PDF | Related blog post | Original report by Ann Cavoukian and Daniel Castro, PDF]

[Permalink]

Report on the surveillance program operated pursuant to Section 702 of the Foreign Intelligence Surveillance Act

A report by the Privacy and Civil Liberties Oversight Board.

From 'C. Policy analysis':

"Overall, the Board finds that the protections contained in the Section 702 minimization procedures are reasonably designed and implemented to ward against the exploitation of information acquired under the program for illegitimate purposes. The Board has seen no trace of any such illegitimate activity associated with the program, or any attempt to intentionally circumvent legal limits. But the applicable rules potentially allow a great deal of private information about U.S. persons to be acquired by the government. The Board therefore offers a series of policy recommendations to ensure that the program appropriately balances national security with privacy and civil liberties."

Read more:

• Privacy and Civil Liberties Oversight Board: Report on the surveillance program operated pursuant to Section 702 of the Foreign Intelligence Surveillance Act
  [Full text, PDF | Full text]

See also:

• Jennifer Granick (Just Security): Did PCLOB answer my eight questions about Section 702?
  [Full text]
• David Kravets (Ars Technica): Shocking! Obama's privacy board OKs massive NSA surveillance
  [Full text]
• Mike Masnick (Techdirt): Privacy and Civil Liberties Board mostly unconcerned about PRISM or backbone tapping by NSA
  [Full text]
• Julian Sanchez (Just Security): Cloud city - a Fourth Amendment thought experiment
  [Full text]

[Permalink]

Rights that are being forgotten - Google, the ECJ, and free expression

A blog post by Danny O'Brien and Jullian York (EFF).

From the text:

"The issue with the ECJ judgement isn't European privacy law, or the response by Google. The real problem is the impossibility of an accountable, transparent, and effective censorship regime in the digital age, and the inevitable collateral damage borne of any attempt to create one, even from the best intentions. The ECJ could have formulated a decision that would have placed Google under the jurisdiction of the EU's data protection law, and protected the free speech rights of publishers. Instead, the court has created a vague and unappealable model, where Internet intermediaries must censor their own references to publicly available information in the name of privacy, with little guidance or obligation to balance the needs of free expression. That won't work in keeping that information private, and will make matters worse in the global battle against state censorship."

Read more:

• Danny O'Brien and Jullian York (EFF): Rights that are being forgotten - Google, the ECJ, and free expression
  [Full text]

[Permalink]

ICANN's procedures and policies in the light of human rights, fundamental freedoms and democratic values

A report by Dr Monika Zalnieriute and Thomas Schneider (Council of Europe).

From the Executive Summary:

"As has been put forward by many experts in the field, public access to personal information in the WHOIS database is not fully consistent with international human rights law. National and international data protection instruments establish high standards for accessing and processing personal information by third parties. [Governmental Advisory Committee] members have the responsibility to protect the human rights of their citizens and should therefore make sure that ICANN includes provisions governing the disclosure and third party use of data."

Read more:

• Dr Monika Zalnieriute and Thomas Schneider (Council of Europe): ICANN's procedures and policies in the light of human rights, fundamental freedoms and democratic values
  [Overview page with link to PDF | Full text, PDF]

See also:

• Milton Mueller (Internet Governance Project): Does ICANN violate human rights? The Council of Europe report
  [Full text]

[Permalink]

Does your state protect your privacy in the digital age?

An interactive map by the ACLU.

From the related blog post:

"In the last few years, we've seen an unprecedented number of privacy battles being waged in state legislatures. Today we're launching an interactive web map that shows the privacy laws in place across the country on four of those issues: law enforcement access to electronic communications content, location tracking, automatic license plate readers, and domestic surveillance drones. If we can address these four key issue areas, we'll go a long way toward protecting privacy in the digital age. [...] In the meantime, here is our interactive state of the states privacy map. If you click on your state, you'll find links to the actual laws or court decisions there. We encourage you to review the text or check out our blog for more information on just how protective the laws are in your state."

Read more:

• ACLU: Does your state protect your privacy in the digital age?
  [Interactive map with links to related information | Related blog post]

[Permalink]

The Dao of privacy

An article by Laura A. Ballard (Masaryk University Journal of Law and Technology).

From '1. Introduction':

"As this article discusses, a wave of recent scholarship examining how privacy has been experienced in East Asian cultures makes readily apparent that the universal need for privacy is felt just as acutely in East Asian cultures as in Western cultures, with equally robust traditions and practices. Indeed, there is much in recent East Asian studies to suggest that Cohen's postmodernist notions of selfhood, as exemplified in East Asian culture and society, result in a more nuanced and thorough understanding of privacy. The East Asian experience also validates Altman's conception of privacy as a dynamic process of navigating one's interpersonal boundaries, a universal human need to which virtually anyone of any society can relate regardless of whether the society is more or less collectivistic than any other society. There is, quite simply, no discernible link between a culture's tendency toward individualism or collectivism and the value it places on privacy. The rub is that, while political liberalism is not necessary for an understanding of privacy, the East Asian experience suggests that the Kantian tradition is somewhat necessary for the rule of law, at least in the traditional Western sense of the term. East Asia has a tradition of privacy, but not privacy rights. What is novel to East Asia is Western legalism, i.e., 'the view that law and legal institutions can keep order and resolve policy disputes,' through a combination of 'powerful courts, a dominant class of lawyers, and reliance in legalistic procedures in policymaking bodies.'"

Read more:

• Laura A. Ballard (Masaryk University Journal of Law and Technology): The Dao of privacy
  [Overview page with link to PDF | Full text, PDF]

[Permalink]

United Nations e-government suvey 2014 - E-government for the future we want

A survey by United Nations Public Administration Country Studies.

From the Executive Summary:

"[...] it is clear that all governments are faced with a set of complex, multi-faceted and interdependent challenges. Global challenges including poverty, inequality, climate change, peace and security, are such that no single actor—let alone single government or single ministry—can effectively deal with them on their own. Effective collaboration among agencies across all levels of government is essential, as it is with non-governmental actors, to ensure good governance and good development outcomes. Collaborative governance, underpinned by a well-functioning public administration, is crucial to improving people’s lives. The public sector must deliver, equitably and efficiently, essential services that meet citizen needs, provide opportunities for economic growth, as well as facilitate citizen engagement and participation in public policymaking and service delivery, so as to promote the empowerment and well-being of all people. E-government and innovation can provide significant opportunities to transform public administration into an instrument of sustainable development. E-government is 'the use of ICT and its application by the government for the provision of information and public services to the people' (Global E-Government Readiness Report 2004). More broadly, e-government can be referred to as the use and application of information technologies in public administration to streamline and integrate workflows and processes, to effectively manage data and information, enhance public service delivery, as well as expand communication channels for engagement and empowerment of people."

Read more:

• United Nations Public Administration Country Studies: United Nations e-government suvey 2014 - E-government for the future we want
  [Overview page with links to PDF documents]

[Permalink]

Experimental evidence of massive-scale emotional contagion through social networks

A paper by Adam D.I. Kramer, Jamie E. Guillory, and Jeffrey T. Hancock.

From the Abstract:

"Emotional states can be transferred to others via emotional contagion, leading people to experience the same emotions without their awareness. [...] In an experiment with people who use Facebook, we test whether emotional contagion occurs outside of in-person interaction between individuals by reducing the amount of emotional content in the News Feed. When positive expressions were reduced, people produced fewer positive posts and more negative posts; when negative expressions were reduced, the opposite pattern occurred. These results indicate that emotions expressed by others on Facebook influence our own emotions, constituting experimental evidence for massive-scale contagion via social networks. This work also suggests that, in contrast to prevailing assumptions, in-person interaction and nonverbal cues are not strictly necessary for emotional contagion, and that the observation of others' positive experiences constitutes a positive experience for people."

Read more:

• Adam D.I. Kramer, Jamie E. Guillory, and Jeffrey T. Hancock: Experimental evidence of massive-scale emotional contagion through social networks
  [Full text]

See also:

• BBC News: Facebook emotion experiment sparks criticism
  [Full text]
• Ed Felten (Freedom to Tinker): Facebook's emotional manipulation study - when ethical worlds collide
  [Full text]
• Ed Felten (Freedom to Tinker): Privacy implications of social media manipulation
  [Full text]
• Kelly Fiveash (The Register): UK, Ireland push probe into possible Facebook feelings-furtle cockup
  [Full text]
• James Grimmelmann (The Laboratorium): As flies to wanton boys
  [Full text]
• Mike Masnick (Techdirt): Facebook messed with the emotions of 689,003 users... for science
  [Full text]
• Michelle N. Meyer (Wired): Everything you need to know about Facebook's controversial emotion experiment
  [Full text]
• Daniel Solove (LinkedIn): Facebook's psych experiment - consent, privacy and manipulation
  [Full text]
• Lisa Vaas (Naked Security): Facebook shrugs as 'emotional contagion' research outrages its users
  [Full text]

[Permalink]

Fighting bulk search warrants in Court

A blog post by Chris Sonderby (Facebook).

From the blog post:

"Since last summer, we've been fighting hard against a set of sweeping search warrants issued by a court in New York that demanded we turn over nearly all data from the accounts of 381 people who use our service, including photos, private messages and other information. This unprecedented request is by far the largest we’ve ever received—by a magnitude of more than ten—and we have argued that it was unconstitutional from the start."

Read more:

• Chris Sonderby (Facebook): Fighting bulk search warrants in Court
  [Full text | Facebook's opening brief, PDF]

See also:

• David Kravets (Ars Technica): Facebook threatened with contempt for fighting NY over user privacy
  [Full text]
• Kurt Opsahl (EFF): PRISM, local edition - NY DA employs 381 secret orders to gather complete digital dossiers from Facebook
  [Full text]
• Lisa Vaas (Naked Security): Facebook's facing a losing battle to protect users' privacy
  [Full text]

[Permalink]

No warrant, no problem - How the Government can get your digital data

An article by Theodoric Meyer (ProPublica).

From the article:

"The government isn't allowed to wiretap American citizens without a warrant from a judge. But there are plenty of legal ways for law enforcement, from the local sheriff to the FBI to the Internal Revenue Service, to snoop on the digital trails you create every day. [...] Here's a look at what the government can get from you and the legal framework behind its power: [...]"

Read more:

• Theodoric Meyer (ProPublica): No warrant, no problem - How the Government can get your digital data
  [Full text]

[Permalink]

What everyone gets wrong in the debate over net neutrality

An article by Robert McMillan (Wired).

From the article:

"The concepts driving today's net neutrality debate caught on because the internet used to operate differently—and because they were easy for consumers to understand. In many respects, these concepts were vitally important to the evolution of the internet over the past decades. But in today's world, they don't address the real issue with the country's ISPs, and if we spend too much time worried about fast lanes, we could hurt the net's progress rather than help it."

Read more:

• Robert McMillan (Wired): What everyone gets wrong in the debate over net neutrality
  [Full text]

See also:

• Matthijs van Bergen (ICT Recht): Wat (niet) iedereen verkeerd begrijpt over netneutraliteit
  [Full text, in Dutch]
• Jay Stanley (ACLU): We want internet providers to respond to internet demand, not shape it
  [Full text]

[Permalink]

We don't need net neutrality; we need competition

A blog post by Peter Bright (Ars Technica).

From 'The real problem is competition':

"All these questions, however, dance around the real issue. The reason that these ISP policies are so troublesome, and the concerns over network neutrality so grave, is that the ISP market in the US is remarkably uncompetitive. It wouldn't be a big deal if Verizon's Netflix performance were suffering so long as Verizon's DSL and FiOS customers had abundant ISP alternatives offering similar performance. Indeed, such competitive pressure would probably prevent Verizon's Netflix performance from dropping in the first place."

Read more:

• Peter Bright (Ars Technica): We don't need net neutrality; we need competition
  [Full text]

[Permalink]

A risk-based approach to privacy - improving effectiveness in practice

A publication by Hunton & Williams LLP (Centre for Information Policy Leadership).

From the text:

"Principle-based data privacy laws often leave room for interpretation, leaving it both to organisations to make appropriate decisions on how to implement these principles and to regulators on how to interpret and enforce the law. The Privacy Risk Framework Project aims to bridge the gap between high-level privacy principles on one hand, and compliance on the ground on the other, by developing a methodology for organisations to apply, calibrate and implement abstract privacy obligations based on the actual risks and benefits of the proposed data processing. While certain types of risk assessments are already an integral part of accountable organisations' privacy management programs, they require further development. This project seeks to build consensus on what is meant by privacy risks to individuals (and society) and to create a practical framework to identify, prioritise and mitigate such risks so that principle-based privacy obligations can be implemented appropriately and effectively."

Read more:

• Hunton & Williams LLP (Centre for Information Policy Leadership): A risk-based approach to privacy - improving effectiveness in practice
  [Overview page with link to PDF | Full text, PDF]

[Permalink]

Dragonfly - Cyberespionage attacks against energy suppliers

A report by Symantec.

From 'Overview':

"A cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to the energy supply in the affected countries. The Dragonfly group, which is also known by other vendors as Energetic Bear, are a capable group who are evolving over time and targeting primarily the energy sector and related industries. They have been in operation since at least 2011 but may have been active even longer than that. Dragonfly initially targeted defense and aviation companies in the US and Canada before shifting its focus to US and European energy firms in early 2013. More recent targets have included companies related to industrial control systems."

Read more:

• Symantec: Dragonfly - Cyberespionage attacks against energy suppliers
  [Blog post with link to PDF | Full text, PDF]

[Permalink]

Privacy & data security update (2014)

A report by the FTC.

From 'Privacy':

"The FTC has brought enforcement actions addressing a wide range of privacy issues, including spam, social networking, behavioral advertising, pretexting, spyware, peer-to-peer file sharing, and mobile. These matters include over 130 spam and spyware cases and more than 40 general privacy lawsuits."

Read more:

• FTC: Privacy & data security update (2014)
  [Overview page with link to PDF | Full text, PDF]

[Permalink]