Skip to content

Shedding Your Identity in the Digital Age

January 12, 2010

is the title of a new article in the December 2009 issue of Wired Magazine. For one month, Evan Ratliff shed his digital identity and tried to disappear. Wired offered $5000 to the first person who could locate him, say the password “fluke” and take his picture within the one month contest period. The premise of the contest was simple: “how hard is it to vanish in the digital age? The article chronicles his adventures on the run, and the phenomena it created on Twitter. Using the hashtag #vanish, contest participants were “tweeting” up to 600 tweets a day as they shared clues and personal information about Evan Ratliff (such as his middle name, a common question of private investigators).

I recommended you pick up the print edition of the article while still available, as it is better than the online version. Otherwise, check out the online version here.

Data Privacy Day 2010 is just around the corner

January 9, 2010

Data Privacy Day 2010 is occurring on January 28th. Data Privacy Day is an annual international celebration to raise awareness and generate discussion about information privacy. In 2009, both the U.S. Senate and House of Representatives recognized January 28th as National Data Privacy Day.

Over the past few years, privacy professionals, corporations, government officials and representatives, academics, and students in the United States, Canada, and 27 European countries have participated in a wide variety of privacy-focused events and educational initiatives in honor of Data Privacy Day. They have conducted discussions, examined materials and explored technologies in an effort to bring information privacy into our daily thoughts, conversations and actions.

“Despite all the benefits of new and innovative technologies, there are doubts and worries that persist about just how much personal information — our digital identity — is collected, stored, used, and shared to power these convenient and pervasive services.”

Richard Purcell, executive director of The Privacy Projects (, organizing sponsor of Data Privacy Day.

Data Privacy Day has also provided an opportunity to promote teen education and awareness about privacy challenges when using mobile devices, social networking sites and other online services.

Everyone is welcome to participate by sponsoring events, contributing writings and other educational resources, joining activities, and taking actions designed to raise privacy awareness.

More information can be found on the event website at:

Facebook App Maker (RockYou) Hit With Data-Breach Class Action

December 31, 2009

What is interesting about this story is not so much the SQL injection vulnerability that permitted this data breach, but rather the total disregard for the custodial care and privacy of user data by RockYou.

“RockYou, the popular provider of third-party apps for Facebook, MySpace and other social-networking services, is being hit with a proposed class-action accusing the company of having such poor data security that at least one hacker got away with 32 million e-mails and their passwords.”

It appears RockYou did not provide even a basic level of underlying security for this data:

“RockYou failed to use hashing, salting or any other common and reasonable method of data protection and therefore drastically exacerbated the consequences of a hacker bypassing its outer layer of web security,” according to the Monday complaint in San Francisco federal court.

Article here

Is (U.S. Homeland) security at the price of privacy worth it?

December 23, 2009

I’ve just finished watching a CBS News video: “Airport Dilemma: Security Vs. Privacy” where privacy advocates call for the removal of full-body imaging machines used at 19 major U.S. airports. These machines perform what in essence appears to be a virtual “strip search”. It raises the question: “Is (homeland) security at the price of privacy worth it?” To my thinking, the privacy of one’s own body is the most basic of privacy rights, and one often touted by pro-abortion rights advocates.

Watch the video and decide for yourself.

Wikipedia: Physical Privacy

Data Mining Spurs Innovation, Threatens Privacy

December 20, 2009

posted from my iPhone

Mom’s tweet as son was dying stirs debate

December 20, 2009

posted from my iPhone

Should individuals/organizations be held accountable/liable for disclosing sensitive personal information on another person?

December 15, 2009

Kevin G. Coleman in his article The Intersection of Privacy, Confidentiality and Personal Data Protection raises that question. He goes on to list a variety of data types not necessarily considered PII.

Quoting Mr. Coleman, he lists:

  • Employment records;
  • Military ID and record;
  • Driver’s license numbers;
  • Protected health information;
  • Confidential resume information;
  • Educational information and records;
  • Garnishments, tax levies, wage assignments;
  • Digital signatures (ink signatures that have been digitized);
  • Beneficiaries, retirement account allocations and investments;
  • General personal information such as date of birth and mother’s maiden name, etc.;
  • Unique biometric data, including fingerprint, voice print, retina or iris image or any other unique physical representation;
  • Passwords, security codes, access codes, biometric codes, personal identification numbers, and other unique account identifiers;
  • Proprietary computer applications or source code to which someone or organization holds a license that restricts further or public distribution;
  • Trade secrets or other proprietary business information owned by a third party and provided and protected under the promise of confidentiality; and
  • Research, testing, or training done for financial benefit or in connection with a potential investment or development or transfer of technology.
  • The action item here is that we all need to examine the data entrusted to our care, and protect the privacy of other individuals data as we would our own. If we don’t, we may pay the legal consequences.

    Legal Guide for Bloggers

    December 14, 2009

    By the Electronic Frontier Foundation (EFF). Nice to have handy.

    You can find it here.

    A Taxonomy of Social Networking Data

    December 14, 2009

    This is a very interesting categorization by Bruce Schneier of social networking data. This potentially allows for more granular assignment of rights for each data type.

    Bruce defines 5 basic data types in his taxonomy. To quote, they are:

  • Service data. Service data is the data you need to give to a social networking site in order to use it. It might include your legal name, your age, and your credit card number.
  • Disclosed data. This is what you post on your own pages: blog entries, photographs, messages, comments, and so on.
  • Entrusted data. This is what you post on other people’s pages. It’s basically the same stuff as disclosed data, but the difference is that you don’t have control over the data — someone else does.
  • Incidental data. Incidental data is data the other people post about you. Again, it’s basically the same stuff as disclosed data, but the difference is that 1) you don’t have control over it, and 2) you didn’t create it in the first place.
  • Behavioral data. This is data that the site collects about your habits by recording what you do and who you do it with.

  • Take some time to peruse the comments. Quite a discussion.

    Article here

    U.S. House Passes Data Breach Bill

    December 12, 2009

    Last week, U.S. House of Representatives legislators passed the H.R. 2221 the Data Accountability and Trust Act (DATA), which requires security policies for consumer information, regulates the information broker industry, and establishes a national breach notification law. The bill now moves to the U.S. Senate, which is also considering a similar measure.

    Article here