Week in Review : December 22-28, 2014

Top Privacy Stories from Last Week
Dec. 29, 2014

Overall, it was a quiet week for privacy, thanks in large part to the Christmas Holiday. Oracle Corp.’s most recent acquisition has some concerned, and Ireland officially threw its (qualified) support behind Microsoft in the months old battle over emails stored in Ireland and relevant to a U.S. criminal case. Also, it was revealed that everything the NSA knows may have come from Santa

On Monday, Dec. 22, computer technology giant Oracle Corp. acquired Datalogix,  a firm that connects both online and offline purchasing data to help companies with their marketing campaigns. The Center for Digital Democracy is concerned that this acquisition, as well as Oracle’s purchase of data broker BlueKai may present a data risk for users and is asking the FTC to carefully evaluate the purchase.

Several months ago, a U.S. court served a search warrant on U.S. company Microsoft, requiring that it divulge emails stored in an Irish server as part of a criminal drug trafficking case. Since that initial warrant, Microsoft has been fighting against producing the documents, saying that appropriate international processes were not followed, and that an American court does not have jurisdiction over documents and files stored in another country. Amicus curiae, or “friend of the court,” briefs have been filed in support of Microsoft by dozens organizations – including Apple, CNN, Fox News, Verizon, and individual members of the European Parliament. This week, the Irish government officially filed its own brief on behalf of Microsoft.

The NSA gave everyone an early Christmas gift, releasing a heavily redacted report of over a decades worth of agency privacy violations. The story did not get much traction, likely due to the Christmas holiday, and I expect more to be revealed in the coming weeks. The report covers employee violations of American citizen’s privacy from after the Sept. 11, 2001 terrorist attacks until mid-2013.

Posted in Privacy News | Leave a comment

Week in Review : December 15-21, 2014

Top Privacy Stories from Last Week
Dec. 22, 2014

Former Sony Employees Sue over Privacy Breach
At least 2 civil cases have been brought against Sony Pictures Entertainment, Inc. by former employees who allege that the company knew that it had inadequate measures in place to protect sensitive employee data such as SSNs and salary data. The Sony Hack, which occurred just under a month ago, resulted in the public release of personal information about 6,000+ current and former employees. Accusations that Sony should have been better prepared have existed since the beginning of December.

Uber Responds to Sen. Al Franken (D-Minn)
Private car service, Uber, responded to Senator Al Franken‘s request for information about the company’s privacy policies and practices. The inquiry is the result of recent revelations about Uber’s privacy practices and the existence of their God View tool. In the letter, Uber asserted that rider data can only be accessed for “legitimate business purposes” and that it has recently implemented additional safeguards to protect user data. Sen. Franken, however, was not impressed with the response, and has stated that he is concerned about the lack of detail in Uber’s response.

Dutch_FlagThe Dutch Data Protection Authority Flexes its Muscles
The Dutch Data Protection Authority, College Bescherming Persoongegevens (CBP) made waves this week with 2 big announcements. On Monday, it threatened to fine Google for its combined privacy policy and its practice of combining user data across products. Then, on Tuesday, the CBP targeted Facebook with a press release announcing an investigation into the social media giant’s new privacy policy. The CBP expresed concern about Facebook’s alleged use of photos and personal details for advertising purposes.

The Future of Privacy Discussed 
On Thursday, the Pew Research Internet Project and Elon University have released a new study, called the Future of Privacy, looks 10 years into the future to understand the challenges that consumers, governments, privacy professionals, and other IT works will face “in light of the technological change, ever-growing monetization of digital encounters, and shifting relationship of citizens and their governments” that will occur in the future. This study follows closely on the heels of the Pew Research study “Public Perceptions of Privacy and Security in the Post-Snowden Era” released at the beginning of November.


Posted in Privacy News | Leave a comment

What’s your privacy personality?

A little over a week ago, MSNBC.com ran a series of articles directed at 3 different groups, based on what I am calling their “privacy personality.” I’ve created a short (and very unscientific test) that allows you to find out what your privacy personality is and links you to the best article for you:

1. How many social networks do you belong to?
a) I lost count around a dozen.
b) Just 2 or 3 big ones – probably facebook and linkedin.
c) social networks? I have them over for dinner a couple times a month.

2. What do you think of when you see “HTTPS”?
a) I must have mistyped the website url.
b) It’s the first thing I look for when I bank online.
c) I’m not taking this test because your blog doesn’t support HTTPS.

3. How many different U.S. federal laws protect your privacy?
a) Isn’t is all covered in the Bill of Rights? 1st and 4th?
b) You’ve got HIPAA, COPPA, that one that protects my video rental history… there’s dozens of them, and probably dozens of loopholes.*
c) Privacy protection? I’m all there is, this is my Alamo.

4. Is it illegal for your financial institution to share or sell your personal information?
a) Of course its illegal, it has to be illegal. It is illegal, right?
b) It is illegal – because I opted out under Gramm-Leach-Bliley.
c) My money is stored in my mattress.

If you answered mostly A, read:
The big difference between ‘open’ and ‘at risk’

If you answered mostly B, read:
Why should I care about digital privacy?

If you answered mostly C, read:
Don’t freak out: Paranoids can go online too

As you may have realized by now, the first article addressed people who just do not seem concerned with privacy; they’ve never changed their Facebook privacy settings and they believe the existence of privacy policy, no matter what it actually says, protects them. The second group, which is where many Americans tend to fall, are “the people who say they care, but contradict themselves” with their actions. These are the people who may have their Facebook privacy settings on high, but still view their Facebook accounts using unsecured wireless connections at the local coffee shop. The final group are those people who are so worried about their privacy they have probably never been on MSNBC because they browse the Internet as little as possible. Their anxiety prevents them from joining Facebook and customer loyalty programs.

Which group did you fall in? What did reading the MSNBC series teach you?

* Peter Comstock, a Virigina resident, filed suit earlier this week against Netflix, Inc. alleging that their service violates the Video Privacy Protection Act by retaining customer information even after the service has been canceled.

Posted in Privacy Issues | Tagged , , | Leave a comment