• Using Bitcoin to prevent identity theft

    A reaction to the 2008 financial crisis, Bitcoin is a digital-currency scheme designed to wrest control of the monetary system from central banks. With Bitcoin, anyone can mint money, provided he or she can complete a complex computation quickly enough. Through a set of clever protocols, that computational hurdle prevents the system from being coopted by malicious hackers. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory presented a new system that uses Bitcoin’s security machinery to defend against online identity theft. The system piggybacks on the digital currency’s security protocols to thwart hijacked servers.

  • Lawsuits filed about electronic privacy, profiling abuses at borders, airports

    Earlier this week, two lawsuits were filed in federal court to demand that the Department of Homeland Security (DHS) release information about how federal officials have treated travelers who are Muslim or who are perceived to be Muslim at United States borders, including airports. The lawsuits highlight the numerous recent reports of individuals who are or are perceived to be Muslim having their electronic devices searched while traveling or having their trusted traveler status revoked without explanation.

  • Driver privacy can be compromised in Usage-Based Insurance (UBI) systems

    Researchers have demonstrated that it is possible to compromise a driver’s private information stored in the cloud for Usage-Based Insurance (UBI) programs, based on only part of the data collected. UBI programs determine a consumer or fleet insurance premium rate based on several driving parameters that are collected, including total driving time, cornering and average speed. As part of the burgeoning Internet of Things (IoT) connected-device functionality in vehicles, driver data is gradually being stored in the cloud, rather than onboard a vehicle’s computer.

  • New technology helps protect biometric databases

    More and more people are leaving their fingerprints behind – in passports, when logging in to online banking or their mobile phones. Have you thought about where your fingerprint information is stored and who has access to it? Whether we store fingerprints on our mobile phone chip, with our server host or in the cloud, security is always a concern. Scientists are constantly searching for new and better security solutions to protect your information.

  • House kills web privacy protections; ISPs free to collect, sell customers’ information

    The House of Representative on Tuesday voted 215 to 205 kill the privacy rules, formulated by the FCC, which were aimed at preventing internet service providers (ISPs) from selling their customers’ web browsing histories and app usage to advertisers. Without these protections, Comcast, Verizon, AT&T, and other ISPs will have complete freedom to collect information about their customers’ browsing and app-usage behavior, then sell this information to advertisers.

  • Repealing FCC’s privacy rules: A serious blow to privacy, cybersecurity

    In the end, the cybersecurity implications of repealing the FCC’s privacy rules come from simple logic. If the privacy rules are repealed, Internet providers will resume and accelerate these dangerous practices with the aim of monetizing their customers’ browsing history and app usage. But in order to do that, Internet providers will need to record and store even more sensitive data on their customers, which will become a target for hackers. Internet providers will also be incentivized to break their customers’ security, so they can see all the valuable encrypted data their customers send. And when Internet providers break their customers’ security, you can be sure malicious hackers will be right on their heels. The net result is simple: repealing the FCC’s privacy rules won’t just be a disaster for Americans’ privacy. It will be a disaster for America’s cybersecurity, too.

  • Connected dolls, tell-tale teddy bears: Managing the Internet of Toys

    Large numbers of connected toys have been put on the market over the past few years, and the turnover is expected to reach €10 billion by 2020 – up from just €2.6 billion in 2015. Connected toys come in many different forms, from smart watches to teddy bears that interact with their users. They are connected to the internet and together with other connected appliances they form the Internet of Things, which is bringing technology into our daily lives more than ever. However, the toys’ ability to record, store and share information about their young users raises concerns about children’s safety, privacy and social development. Action is thus needed to monitor and control the emerging Internet of Toys.

  • Protecting web users’ privacy

    Most website visits these days entail a database query — to look up airline flights, for example, or to find the fastest driving route between two addresses. But online database queries can reveal a surprising amount of information about the people making them. And some travel sites have been known to jack up the prices on flights whose routes are drawing an unusually high volume of queries. MIT researchers next week will present a new encryption system that disguises users’ database queries so that they reveal no private information.

  • Border agents should obtain a warrant to search travelers’ phones, EFF tells court

    Border agents must obtain a warrant to search travelers’ phones, tablets, and laptops, which contain a vast trove of sensitive, highly personal information that is protected by the Fourth Amendment, the Electronic Frontier Foundation (EFF) told a federal appeals court the other day. The EFF says that searches of devices at the border have more than doubled since the inauguration of President Trump — from nearly 25,000 in all of 2016, to 5,000 in February alone. This increase, along with the increasing number of people who carry these devices when they travel, has heightened awareness of the need for stronger privacy rights while crossing the U.S. border.

  • YouTube users beware: Your viewing habits can be tracked

    Despite YouTube’s attempts to safeguard user anonymity, intelligence agencies, hackers, and online advertising companies can still determine which videos a user is watching. Researchers developed an algorithm to determine if someone had watched a specific video from a set of suspicious, terror-related videos. Intelligence agencies could access this technology for tracking terrorists or other suspicious individuals. Internet marketing companies could track the number and make-up of viewers watching an ad.

  • Vibrator maker to pay out $3 million for tracking users' sexual activity

    We-Vibe, the sex toy maker, has agreed to pay customers up to $7,600 each selling them a “smart vibrator” which tracked the customers’ sexual habits without their knowledge. A class-action lawsuit was filed against in an Illinois federal court against We-Vibe’s parent company, Standard Innovation. Standard Innovation has been ordered to pay a total of $3 million to owners of the vibrator who had also used the app associated with the vibrators (the tracking of customers was done by the app).

  • New guide helps travelers protect their digital information at the border

    Increasingly frequent and invasive searches at the U.S. border have raised questions for those who want to protect the private data on their computers, phones, and other digital devices. A new guide released last week by the Electronic Frontier Foundation (EFF) gives travelers the facts they need in order to prepare for border crossings while protecting their digital information.

  • If surveillance cameras are to be kept in line, the rules will have to keep pace with technology

    The growing prevalence of cameras and greater understanding of the many ways in which we are surveilled has led many – including the current commissioner, Tony Porter, to voice concern that Britain is “sleepwalking into a surveillance state”. This raises critical questions about whether we can be confident that all these cameras are being used in a way the public would approve of – and if not, whether regulation can force CCTV operators into line. In the future, surveillance camera processes will become more opaque, more sophisticated, and potentially integrated with data from a variety of sources, including social media, meaning decisions about who to survey and who determines intensive surveillance will be determined by big data and algorithms. Any regulatory framework that does not or cannot keep up with the pace of change will soon become worthless.

  • Building privacy right into software code

    It is the programmer’s job to enforce these privacy restrictions. Because privacy-related code is scattered throughout all the programs Facebook uses to run its systems, the programmer must be vigilant everywhere. To make sure nobody finds out where I am unless I want them to, the programmer must tell the system to check my privacy settings everywhere it uses my location value, directly or indirectly. The best way to avoid these problems is to take the task of privacy protection away from humans and entrust it to the computers themselves. We can – and should – develop programming models that allow us to more easily incorporate security and privacy into software. Prior research in what is called “language-based information flow” looks at how to automatically check programs to ensure that sloppy programming is not inadvertently violating privacy or other data-protection rules.

  • Tech coalition fights DHS proposal to collect social media passwords

    Earlier this week, the Center for Democracy & Technology announced the creation of a coalition of tech companies, NGOs, and privacy advocates to oppose efforts by DHS to collect social media passwords from individuals entering the United States. The coalition focuses on visa applicants who might be compelled to share their passwords under new DHS policies.