Skip to content

Do I want to be anonymous? Yes! Do I want to be authenticated? Yes!

March 2, 2010

Those of us who want to see more protections created for individual’s privacy rights are sometimes characterized as either troublemakers, nuts, or perhaps participating in some nefarious activity. As someone to whom privacy is important, I don’t fall into any of those categories.

As I write this, I am attending the 2010 RSA Security Conference in San Francisco. In his keynote address this morning Scott Charney, Corporate Vice President Trustworthy Computing (TwC), for Microsoft pointed out that there are times when we just want to be anonymous, such as for the purpose of encouraging free speech and the exchange of ideas. However, there are other times when we truly want to be authenticated, such as when we do online banking. When I am banking online I want to know it is truly my bank with whom I am interacting, and I want my bank to make sure they know who I am.

Privacy doesn’t have to be an all or nothing affair. In its simplest form, privacy is about balance.

Advertisements

U.S. House overwhelmingly passes cybersecurity research bill

February 4, 2010

The Cyber Security Research and Development Act of 2009, which passed by a vote of 422 to 5, authorizes the National Institute of Standards and Technology (NIST) to develop a cybersecurity education program that can help consumers, businesses, and government workers keep their computers secure.

“This bill will help improve the security of cyberspace by ensuring federal investments in cybersecurity are better focused, more effective, and that research into innovative, transformative security technologies is fully supported,” said Symantec CTO Mark Bregman. “HR 4061 represents a major step forward towards defining a clear research agenda that is necessary to stimulate investment in both the private and academic worlds, resulting in the creation of jobs in a badly understaffed industry.”

Article here

Search Giants Google & Microsoft Bing Compete on Privacy

January 20, 2010

In August 2008, Google cut the retention period of user search data to 9 months, down from 18 months. After 9 months it no longer retains the IP addresses that can be used to link a user search to an individual.

Recently Microsoft, not to be outdone, reduced the retention period of its users search data to a mere 6 months. Microsoft has accused Google of retaining a portion of the user’s IP address after it’s self-imposed 9 month retention period, while Microsoft claims it will remove the entire IP address.

“Quality of search won’t be reduced but privacy will be enhanced”
Brendon Lynch, Microsoft’s director of privacy policy

Microsoft’s actions appear to be in response to European Union data protection officials request that leading search engine makers respond to their privacy concerns by the end of this month over retaining IP address data.

I commend Microsoft for this move. We can only hope that increased competition will lead to improved privacy and data security by industry leaders, setting a course for others to follow.

Article here

Shedding Your Identity in the Digital Age

January 12, 2010

is the title of a new article in the December 2009 issue of Wired Magazine. For one month, Evan Ratliff shed his digital identity and tried to disappear. Wired offered $5000 to the first person who could locate him, say the password “fluke” and take his picture within the one month contest period. The premise of the contest was simple: “how hard is it to vanish in the digital age? The article chronicles his adventures on the run, and the phenomena it created on Twitter. Using the hashtag #vanish, contest participants were “tweeting” up to 600 tweets a day as they shared clues and personal information about Evan Ratliff (such as his middle name, a common question of private investigators).

I recommended you pick up the print edition of the article while still available, as it is better than the online version. Otherwise, check out the online version here.

Data Privacy Day 2010 is just around the corner

January 9, 2010

Data Privacy Day 2010 is occurring on January 28th. Data Privacy Day is an annual international celebration to raise awareness and generate discussion about information privacy. In 2009, both the U.S. Senate and House of Representatives recognized January 28th as National Data Privacy Day.

Over the past few years, privacy professionals, corporations, government officials and representatives, academics, and students in the United States, Canada, and 27 European countries have participated in a wide variety of privacy-focused events and educational initiatives in honor of Data Privacy Day. They have conducted discussions, examined materials and explored technologies in an effort to bring information privacy into our daily thoughts, conversations and actions.

“Despite all the benefits of new and innovative technologies, there are doubts and worries that persist about just how much personal information — our digital identity — is collected, stored, used, and shared to power these convenient and pervasive services.”

Richard Purcell, executive director of The Privacy Projects (www.theprivacyprojects.org), organizing sponsor of Data Privacy Day.

Data Privacy Day has also provided an opportunity to promote teen education and awareness about privacy challenges when using mobile devices, social networking sites and other online services.

Everyone is welcome to participate by sponsoring events, contributing writings and other educational resources, joining activities, and taking actions designed to raise privacy awareness.

More information can be found on the event website at: dataprivacyday2010.org.

Facebook App Maker (RockYou) Hit With Data-Breach Class Action

December 31, 2009

What is interesting about this story is not so much the SQL injection vulnerability that permitted this data breach, but rather the total disregard for the custodial care and privacy of user data by RockYou.

“RockYou, the popular provider of third-party apps for Facebook, MySpace and other social-networking services, is being hit with a proposed class-action accusing the company of having such poor data security that at least one hacker got away with 32 million e-mails and their passwords.”

It appears RockYou did not provide even a basic level of underlying security for this data:

“RockYou failed to use hashing, salting or any other common and reasonable method of data protection and therefore drastically exacerbated the consequences of a hacker bypassing its outer layer of web security,” according to the Monday complaint in San Francisco federal court.

Article here

Is (U.S. Homeland) security at the price of privacy worth it?

December 23, 2009

I’ve just finished watching a CBS News video: “Airport Dilemma: Security Vs. Privacy” where privacy advocates call for the removal of full-body imaging machines used at 19 major U.S. airports. These machines perform what in essence appears to be a virtual “strip search”. It raises the question: “Is (homeland) security at the price of privacy worth it?” To my thinking, the privacy of one’s own body is the most basic of privacy rights, and one often touted by pro-abortion rights advocates.

Watch the video and decide for yourself.

Wikipedia: Physical Privacy