 |
|
Advertising Now Available!
After repeated requests from some exciting brands, we've decided to open Tips of the Month up to sponsors. If you're interested in reaching our readers (maybe you have an exciting new privacy product or service or an annual event just around the corner), the Tips email may be just the thing to help you communicate to more people!
We have a variety of advertising packages to meet every budget.
|
|
|
The Trouble with Snippets
The time each of devotes to consuming media is shrinking exponentially. It's the whole reason Twitter got its start.
To satisfy the demand for easy-to-digest content, traditional and social media publishers compress "news" to clickable snippets, a.k.a. click bait. All could be fine if the reader could distinguish between a flashy headline and real news, but not everyone can.
Professors and other teachers have begun to notice sources like 100percentfedup.com showing up in students' research papers. People formulate opinions on brands, organizations and other people based on false or exaggerated stories. And, voters rely on social "news" to formulate their decisions on election days.
Those of us in data security and privacy circles have observed the extension of the snippets trend to things like privacy policies and terms / conditions related to use of technology. To make content more digestible or technology more usable, providers are taking transparency shortcuts resulting in a lot of confusion and mistrust.
All of this is to say you should *trust, but verify.* Anytime you hear or see something that feels off, trust your gut. Dig in, do the research and come to your own conclusions. Sadly, the onus is on each of us to beware of what we "buy."
|
|
Data Security & Privacy Beacons
|
People and places making a difference**
Dr. Lance Eliot wrote
an in-depth article to raise awareness of the personal data collected by vehicles, in particular smart cars and rental cars... and even junked vehicles. Among the takeaways, the article explains how that data (everything from playlists to contacts) can be used to invade the privacy of drivers. Definitely worth a read!
The City of San Francisco is the first city, and likely not the last, writing legislative bills at the major municipal level to
prohibit the use of facial recognition until privacy risks have been appropriately addressed. In addition to offering real privacy protections, the efforts are raising awareness about the potential misuse of facial recognition. The city is the first in the nation to ban law enforcement use of facial recognition technology in the name of privacy. Federal lawmakers are also now writing bipartisan bills at the Federal level to strengthen consumer protections. They seek to prohibit companies that use facial recognition technology from collecting and re-sharing data for identifying or tracking consumers without their consent.
United Airlines passengers called for the airline to mitigate the privacy risks posed by on-board surveillance cameras in recently installed back-of-seat video monitors. Kudos to the passengers for voicing their concerns and to the airline for listening and responding by covering the devices. (Although, we would have liked to see them think about privacy *before* installing the monitors.)
Tenants of a Manhattan apartment building
sued their landlord for using smart lock technology to secure their homes. The residents were naturally upset by the smart lock company's
privacy policy, which said its app could collect location data and use it for marketing purposes. In a settlement, the landlord agreed to provide physical keys to tenants who don't want to use smart locks. The smart lock vendor also indicated they will update their privacy policy "to make things clearer." We will look forward to reading that updated privacy policy!
Human Rights Watch
exposed the widespread use of
illegal mass surveillance
in locations throughout China. Through reverse engineering of a policing mobile app, the organization was able to prove that law enforcement was
illegally gathering information about "people's completely lawful behavior and using it against them."
**P
rivacy beacon shout-outs do not necessarily indicate an organization or person is addressing every privacy protection perfectly throughout their organization (no one is). It simply highlights a noteworthy example that is, in most cases, worth emulating.
|
|
Repeating an Exhausting Pattern
|
|
Facebook co-founder shares 20-20 hindsight views
Having long since left the company, it's easy for him to have 20-20 hindsight on all the missteps the social giant has made.
That said, there were two points in the article that stood out to me. The first was Hughes' characterization of the way consumers, business leaders and others react to the often blatant disregard of data privacy and security protections when we learn of them:
...every time Facebook messes up, we repeat an exhausting pattern: first outrage, then disappointment and, finally, resignation.
And it's not just Facebook. We seem to repeat this "exhausting pattern" regardless of the violator or how royally they've messed up.
Plainly, that needs to stop.
The question is: How can we accomplish this?
The second part of the article I find interesting is the overall call on regulators in the U.S. to apply greater scrutiny to acquisitions in the digital space. Hughes argues that Facebook's takeover of WhatsApp and Instagram created a monopoly in the social networking category.
Here again, hindsight is 20-20.
But, that's
what has happened historically. A corporation grows
quickly
, acquiring others at a break-neck pace, and suddenly people realize they have a virtual monopoly in the space. The key at that point becomes determining what can be done
about it.
As humans and societies evolve, we have to be comfortable with retroactive protections. Bike-helmet requirements, no-smoking laws, facial-recognition bans... all of this comes as we learn of the dangers and respond appropriately.
|
|
|
The tool is great in theory, but what about...
I've been looking into Google Password Checker, and I have at least two concerns.
The recently launched Chrome extension offers to alert users if a password they enter into a site was
exposed in a data breach somewhere along the way.
Here's what concerns me...
Google says the passwords it collects for checking have been hashed and encrypted. Is there any objective validation of this claim? And how strong is the encryption being used? Many tech companies have claimed to have security in place, and then a breach or other incident proves they did not, in fact, have the proper protections in place.
If you are thinking about installing Google Password Checker, consider this: You have likely given Google substantial access to significant amounts of your data already. Do you really want to give them all of your passwords, too?
Until I see verifiable, objective proof of Google's encryption claims, I'm not going to use it. We've heard similar promises before only to find out, after a breach, that they were just that... promises. In this situation, I will verify first and then consider if I want to trust Google with the digital keys to my online accounts.
|
|
Be cautious before volunteering your cameras
One of the police departments near me recently launched what it calls a "Community Camera Program." Residents and businesses can register their security cameras with the department. Police will contact them if a crime occurs near their property and they believe the camera may have captured something helpful to the investigation.
The idea is certainly noble. But, have all the privacy risks been addressed?
Well-meaning citizens may want to exercise caution before volunteering to be a part of this or similar programs. Consider the following:
- You don't have to have your camera registered with the police to offer them a look at footage captured.
- How are police protecting the list of registered camera owners? What might a criminal (or a lawyer, a private investigator or an insurance company) do with that information if the list is compromised or shared?
- Video, especially that triggered by motion or light, can fail to capture important context. How might your sharing out-of-context footage with law enforcement aid in the misdirection of an investigation?
- Police could assume ownership of any video they collect. (In the case of the Community Camera Program, the Acknowledgement statement indicates ownership of the video is the property of the registrant "until it is requested" by police.) Once that happens, it's no longer in your control. How will they use it? With which entities will they share it?
I recently spoke about these concerns and others with the Wall Street Journal for their reporting on smart doorbells and the video they may capture. Check it out and let me know your thoughts.
The bottom line is police departments must think through the privacy of the security camera owners, as well as those captured on video. They must establish rules and procedures and be transparent with the public about their short- and long-term plans for using any footage collected through these and similar programs.
|
|
|
What Exactly is a 'Sophisticated' Attack
|
Hyperbolic adjectives attempt to shift blame
| | | | | | |
