Skip to content

U.S. House overwhelmingly passes cybersecurity research bill

February 4, 2010

The Cyber Security Research and Development Act of 2009, which passed by a vote of 422 to 5, authorizes the National Institute of Standards and Technology (NIST) to develop a cybersecurity education program that can help consumers, businesses, and government workers keep their computers secure.

“This bill will help improve the security of cyberspace by ensuring federal investments in cybersecurity are better focused, more effective, and that research into innovative, transformative security technologies is fully supported,” said Symantec CTO Mark Bregman. “HR 4061 represents a major step forward towards defining a clear research agenda that is necessary to stimulate investment in both the private and academic worlds, resulting in the creation of jobs in a badly understaffed industry.”

Article here

Search Giants Google & Microsoft Bing Compete on Privacy

January 20, 2010

In August 2008, Google cut the retention period of user search data to 9 months, down from 18 months. After 9 months it no longer retains the IP addresses that can be used to link a user search to an individual.

Recently Microsoft, not to be outdone, reduced the retention period of its users search data to a mere 6 months. Microsoft has accused Google of retaining a portion of the user’s IP address after it’s self-imposed 9 month retention period, while Microsoft claims it will remove the entire IP address.

“Quality of search won’t be reduced but privacy will be enhanced”
Brendon Lynch, Microsoft’s director of privacy policy

Microsoft’s actions appear to be in response to European Union data protection officials request that leading search engine makers respond to their privacy concerns by the end of this month over retaining IP address data.

I commend Microsoft for this move. We can only hope that increased competition will lead to improved privacy and data security by industry leaders, setting a course for others to follow.

Article here

Shedding Your Identity in the Digital Age

January 12, 2010

is the title of a new article in the December 2009 issue of Wired Magazine. For one month, Evan Ratliff shed his digital identity and tried to disappear. Wired offered $5000 to the first person who could locate him, say the password “fluke” and take his picture within the one month contest period. The premise of the contest was simple: “how hard is it to vanish in the digital age? The article chronicles his adventures on the run, and the phenomena it created on Twitter. Using the hashtag #vanish, contest participants were “tweeting” up to 600 tweets a day as they shared clues and personal information about Evan Ratliff (such as his middle name, a common question of private investigators).

I recommended you pick up the print edition of the article while still available, as it is better than the online version. Otherwise, check out the online version here.

Data Privacy Day 2010 is just around the corner

January 9, 2010

Data Privacy Day 2010 is occurring on January 28th. Data Privacy Day is an annual international celebration to raise awareness and generate discussion about information privacy. In 2009, both the U.S. Senate and House of Representatives recognized January 28th as National Data Privacy Day.

Over the past few years, privacy professionals, corporations, government officials and representatives, academics, and students in the United States, Canada, and 27 European countries have participated in a wide variety of privacy-focused events and educational initiatives in honor of Data Privacy Day. They have conducted discussions, examined materials and explored technologies in an effort to bring information privacy into our daily thoughts, conversations and actions.

“Despite all the benefits of new and innovative technologies, there are doubts and worries that persist about just how much personal information — our digital identity — is collected, stored, used, and shared to power these convenient and pervasive services.”

Richard Purcell, executive director of The Privacy Projects (www.theprivacyprojects.org), organizing sponsor of Data Privacy Day.

Data Privacy Day has also provided an opportunity to promote teen education and awareness about privacy challenges when using mobile devices, social networking sites and other online services.

Everyone is welcome to participate by sponsoring events, contributing writings and other educational resources, joining activities, and taking actions designed to raise privacy awareness.

More information can be found on the event website at: dataprivacyday2010.org.

Facebook App Maker (RockYou) Hit With Data-Breach Class Action

December 31, 2009

What is interesting about this story is not so much the SQL injection vulnerability that permitted this data breach, but rather the total disregard for the custodial care and privacy of user data by RockYou.

“RockYou, the popular provider of third-party apps for Facebook, MySpace and other social-networking services, is being hit with a proposed class-action accusing the company of having such poor data security that at least one hacker got away with 32 million e-mails and their passwords.”

It appears RockYou did not provide even a basic level of underlying security for this data:

“RockYou failed to use hashing, salting or any other common and reasonable method of data protection and therefore drastically exacerbated the consequences of a hacker bypassing its outer layer of web security,” according to the Monday complaint in San Francisco federal court.

Article here

Is (U.S. Homeland) security at the price of privacy worth it?

December 23, 2009

I’ve just finished watching a CBS News video: “Airport Dilemma: Security Vs. Privacy” where privacy advocates call for the removal of full-body imaging machines used at 19 major U.S. airports. These machines perform what in essence appears to be a virtual “strip search”. It raises the question: “Is (homeland) security at the price of privacy worth it?” To my thinking, the privacy of one’s own body is the most basic of privacy rights, and one often touted by pro-abortion rights advocates.

Watch the video and decide for yourself.

Wikipedia: Physical Privacy

Data Mining Spurs Innovation, Threatens Privacy

December 20, 2009

http://m.npr.org/story/121615586


posted from my iPhone

Mom’s tweet as son was dying stirs debate

December 20, 2009

http://usat.me/?37061602


posted from my iPhone

Should individuals/organizations be held accountable/liable for disclosing sensitive personal information on another person?

December 15, 2009

Kevin G. Coleman in his article The Intersection of Privacy, Confidentiality and Personal Data Protection raises that question. He goes on to list a variety of data types not necessarily considered PII.

Quoting Mr. Coleman, he lists:

  • Employment records;
  • Military ID and record;
  • Driver’s license numbers;
  • Protected health information;
  • Confidential resume information;
  • Educational information and records;
  • Garnishments, tax levies, wage assignments;
  • Digital signatures (ink signatures that have been digitized);
  • Beneficiaries, retirement account allocations and investments;
  • General personal information such as date of birth and mother’s maiden name, etc.;
  • Unique biometric data, including fingerprint, voice print, retina or iris image or any other unique physical representation;
  • Passwords, security codes, access codes, biometric codes, personal identification numbers, and other unique account identifiers;
  • Proprietary computer applications or source code to which someone or organization holds a license that restricts further or public distribution;
  • Trade secrets or other proprietary business information owned by a third party and provided and protected under the promise of confidentiality; and
  • Research, testing, or training done for financial benefit or in connection with a potential investment or development or transfer of technology.
  • The action item here is that we all need to examine the data entrusted to our care, and protect the privacy of other individuals data as we would our own. If we don’t, we may pay the legal consequences.

    Legal Guide for Bloggers

    December 14, 2009

    By the Electronic Frontier Foundation (EFF). Nice to have handy.

    You can find it here.