• The Brandeis program: Harnessing technology to ensure online privacy

    In a seminal 1890 article in the Harvard Law Review, Louis Brandeis developed the concept of the “right to privacy.” DARPA the other day announced the Brandeis program – a project aiming to research and develop tools for online privacy, one of the most vexing problems facing the connected world as devices and data proliferate beyond a capacity to be managed responsibly.

  • Guaranteeing online anonymity

    Anonymity on the Internet is possible only up to a certain degree. Therefore, it is possible that others may see who is visiting an online advice site on sexual abuse, or who frequently looks up information about a certain disease, for example. Seeing that this kind of private information can be linked to their identity, users will often resort to special online anonymization services. One of the most popular tools is Tor. “The Tor network isn’t perfect, however,” says a researcher at the Research Center for IT Security (CISPA). CISPA researchers have developed a program that can provide an accurate assessment of the level of anonymity an individual user achieves, even while basing the estimate on the fluctuations of the Tor network.

  • Security risks, privacy issues too great for moving to Internet voting

    The view held by many election officials, legislators, and members of the public is that if people can shop and bank online in relative security, there is no reason they should not be able to vote on the Internet. Contrary to this popular belief, the fundamental security risks and privacy problems of Internet voting are too great to allow it to be used for public elections, and those problems will not be resolved any time soon, according to a researcher who has studied the issue for more than fifteen years. The security, privacy, reliability, availability, and authentication requirements for Internet voting are very different from, and far more demanding than, those required for e-commerce, and cannot be satisfied by any Internet voting system available today or in the foreseeable future. Such systems are susceptible to “attack” or manipulation by anyone with access to the system, including programmers and IT personnel, not to mention criminal syndicates and even nation states.

  • Government’s authority to protect consumer privacy questioned

    A case in the U.S. Court of Appeals for the Third Circuitin Philadelphia could determine what authority the federal government has in protecting consumer privacy on the Internet. Hotel giant Wyndham Worldwide Corp. argued in court that the Federal Trade Commission(FTC) unlawfully tried to enforce cybersecurity standards when the agency brought a case against Wyndham after hackers allegedly stole data from hundreds of thousands of customer accounts in a series of attacks between April 2008 and January 2010.

  • FISA court reauthorizes NSA’s bulk metadata collection until 1 June

    More than a year after President Barack Obama announced that he will work with Congress to curb the National Security Agency’s (NSA) dragnet surveillance program which collects large amounts of U.S. phone metadata, the Foreign Intelligence Surveillance Court approved last week a government request to continue allowing the agency to operate its bulk data collection until 1 June, when the legal authority for the program is set to expire. The required reauthorization of the program every ninety days has already been granted four other times — March, June, September, December — since Obama made his announcement in January 2014.

  • Obama’s cybersecurity initiative: a start but businesses – and individuals – need to do more

    The linchpin of President Obama’s recently launched cybersecurity initiative is to encourage the private sector to share information to better defend against cyberattacks. Yet U.S. companies have historically been wary of openly talking about their cybersecurity efforts with competitors and with government — for good reason. Many businesses fear that sharing threat-related information could expose them to liability and litigation, undermine shareholder or consumer confidence, or introduce the potential for leaks of proprietary information. For some companies, Edward Snowden’s revelations of sweeping government surveillance programs have reinforced the impulse to hold corporate cards close to the vest. Yet on the heels of a deluge of high-profile cyberattacks and breaches against numerous U.S. companies, we may finally have reached a tipping point, where potential harm to reputation and revenue now outweighs the downside of disclosure from a corporate perspective. Obama’s executive order is thus a spur to get the ball rolling but, frankly, there is a limit to what government alone can (and should) do in this area. Changes in attitudes and behaviors are needed across the board, right down to families and individuals.

  • School surveillance on the rise

    Invasive school surveillance practices are the norm in the United Kingdom and the United States, and according to an Australian criminologist, such practices are becoming increasingly popular in Australian schools. “An estimated 1.28 million students are fingerprinted in the United Kingdom, largely for daily registration purposes; there is an excess of 106,000 closed-circuit television (CCTV) cameras installed in English, Welsh and Scottish secondary schools; while students in a U.S. high school use pedometers to ensure that they meet their gym class’s physical activity requirement,” he says.

  • Surveillance blimps raise privacy concerns

    Some 10,000 feet in the air above the Aberdeen Proving Ground in Maryland, the Pentagon has been testing its Joint Land Attack Cruise Missile Elevated Netted Sensor System (JLENS), meant to identify low-flying cruise missiles within a few hundred miles. Supporters of the program say that as cruise missiles become more widely available to U.S. enemies, the aerostats will become a preferred defense option, providing long-range radar much more consistently and cheaply than systems mounted on planes.Privacy advocates question whether privacy rights are being violated in the process.

  • Obama signs cybersecurity executive order, promotes information-sharing hubs

    President Barack Obama, at last week’s White House Summit on Cybersecurity and Consumer Protection, reiterated the need for more companies to collaborate with each other as well as with the federal government to develop cybersecurity solutions that protect consumer privacy while keeping hackers out of network systems.One strategy Obama encouraged in his speech was the creation of information-sharing groups, called hubs, built around vertical industry sectors.

  • CEO responsibilities for data breach

    The job of a chief executive officer (CEO) is becoming more difficult every year. Today, in addition to being strategic visionaries and leaders, most CEOs must deal with complex legal issues surrounding their organizations. More often they are being held personally responsible for mistakes made by their organizations. Security breaches are one of the fastest growing legal issues facing many C-level executives. All C-level executives need to be prepared to handle a potential security crisis with the help of IT, legal, and PR (public relation) teams.Taking rapid countermeasures and openly communicating about breaches are key factors in effectively managing expectations of a company’s shareholders and customers.

  • Emergence of the Internet of Things significantly weakens privacy protection

    Researchers are urging consumers to take a proactive approach to ensure Internet privacy, particularly with companies that use and share Internet data to influence consumer behavior. They warn that privacy “approaches that rely exclusively on informing or ‘empowering’ the individual are unlikely to provide adequate protection against the risks posed by recent information technologies.”Those emerging risks include information compiled by Internet-connected appliances, cars, and health monitors.

  • The encryption debate is heating up

    The privacy vs. security debate is heating up. Should messages on private devices be encrypted to protect our privacy? Will this dangerously hamper national and international security efforts? If we go the encryption route, are technologies being implemented fast enough to protect sensitive data from criminals?

  • Privacy in the digital age essential to protecting basic liberties: Privacy law expert

    In our increasingly digital world, the balance between privacy and free speech is tenuous, at best. We often overlook, however, the important ways in which privacy is necessary to protect our cherished civil liberties of freedom of speech, thought, and belief, says Neil M. Richards, JD, a privacy law expert at Washington University in St. Louis and author of the new book, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age, published 2 February.

  • Individuals face privacy hurdles, pitfalls while navigating in the information age

    We leave a trail of data, both knowingly and unwittingly, with every swipe of a credit card, post on social media and query on a search engine. Researchers detail the privacy hurdles people face while navigating in the information age, and what should be done about privacy at a policy level. The researchers call for policies that seek to balance power between individuals and data holders.

  • The many problems with the DEA's bulk phone records collection program

    Think mass surveillance is just the wheelhouse of agencies like the NSA? Think again. One of the biggest concerns to come from the revelations about the NSA’s bulk collection of the phone records of millions of innocent Americans was that law enforcement agencies might be doing the same thing. It turns out this concern was valid, as last week the government let slip for the first time that the Drug Enforcement Agency (DEA) had also been collecting the phone records of Americans in bulk since the 1990s.