Posts Tagged ‘Personal Data’

h1

More Demands on Cell Carriers

July 13, 2012

In the first public accounting of its kind, cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber information last year from law enforcement agencies seeking text messages, caller locations and other information in the course of investigations.

The cellphone carriers’ reports, which come in response to a Congressional inquiry, document an explosion in cellphone surveillance in the last five years, with the companies turning over records thousands of times a day in response to police emergencies, court orders, law enforcement subpoenas and other requests.

While the cell companies did not break down the types of law enforcement agencies collecting the data, they made clear that the widened cell surveillance cut across all levels of government — from run-of-the-mill street crimes handled by local police departments to financial crimes and intelligence investigations at the state and federal levels.

AT&T alone now responds to an average of more than 700 requests a day, with about 230 of them regarded as emergencies that do not require the normal court orders and subpoena. That is roughly triple the number it fielded in 2007, the company said. Law enforcement requests of all kinds have been rising among the other carriers as well, with annual increases of between 12 percent and 16 percent in the last five years. Sprint, which did not break down its figures in as much detail as other carriers, led all companies last year in reporting what amounted to at least 1,500 data requests on average a day.

With the rapid expansion of cell surveillance have come rising concerns — including among carriers — about what legal safeguards are in place to balance law enforcement agencies’ needs for quick data against the privacy rights of consumers.  Source

h1

Cloud Computing: Managing File Transfers in the Cloud: 10 Points to Demystify the Process

May 14, 2012

Managed file transfer is a well-accepted way for organizations to share business files point-to-point, quickly, reliably and securely. This is a subject that requires attention, especially when it comes to thorny issues, such as enterprise security and compliance. MFT uses different types of applications to securely transfer data from one computer to another. This small but important area of IT management earned attention in recent years after IBM bought Sterling Commerce for more than a $1 billion, and MFT specialist Ipswitch merged with Message Way. Over the years, despite having lost a bit of its novel cachet, MFT is as effective as ever. But now, due to greater demands for the secure transfer of data through cloud systems, MFT is being refreshed as it morphs and expands to play a critical role in moving large data sets (the so-called big data)—as well as traditional business files—through the cloud. Here, eWEEK offers some key data points about MFT, the cloud, and big data. Our expert source is Robert Fox, director of B2B/EAI Software Development at Liaison Technologies in Alpharetta, Ga. Liaison Technologies cleanses and validates business data for master data management purposes and securely integrates and manages complex business information on-premise or in the cloud. Read More

h1

The Winners of WSJ’s Data Transparency Weekend

April 17, 2012

magine installing a service on your cellphone that lets you see all the data – from location to address book info – transmitted by your phone. Or a simple website where you and your friends could have private chats that couldn’t be read by the most aggressive spying agencies. Or a service that lets you know how many tracking codes are on a site before you clicked on it.

Lam Thuy Vo
One of the coders at the Data Transparency Weekend models the official T-shirt from the event.

Over the weekend, more than 100 computer programmers built those tools and many more at the Wall Street Journal’s first-ever Data Transparency Weekend in New York.

The event was an outgrowth of the Journal’s extensive reporting about how companies and government’s are increasingly using technology to collect personal data. The event was designed to promote the creation of tools that let people see and control their personal data.

After a weekend of coding, nearly 20 projects were submitted for judging on Sunday. The entries were judged by Alessandro Acquisti, professor of information technology and public policy at Carnegie Mellon, Sid Stamm, Web security and privacy strategist at Mozilla and Andrew McLaughlin, former deputy chief technologist at the White House and vice president at Tumblr.

Danny Weitzner, the deputy chief technologist at the White House, handed out the certificates to the winning teams. The winners were:

Outstanding Scanning Project: TOSBack2 – a project to scan the Web to build a “living archive” of all privacy policies online.

Outstanding Education Project: PrivacyBucket – software that lets users of the Chrome Web browser view the type of demographic estimates that Web tracking companies make about them based on their Web browsing history.

Outstanding Control Project: Cryptocat – an instant messaging service that lets people engage in encrypted chats inside their Web browsers or on their phones. Extra bonus: the program lets people generate random numbers (which are needed for encryption) by shaking their phone – allowing the creators to say that their program is powered by dance moves.

Judge’s Choice Award: Site Scoper – a website that scans for tracking files and sensitive content on websites before you visit it.

“Ready for Primetime” Award: MobileScope – a service that lets people see what data is being transmitted without their knowledge by their cellphone. It also offers ad-blocking and do-not-track services for cellphones.

The judges also dreamed up their own three award categories:

The Zuckerberg/Systrom Memorial Award for Opportunistic Optimism Award: Pestagram, for its blatantly commercial mashup of hot Web technologies Instagram and Pinterest.

Best Listener Award: The Price of Free, for the fact that the project was generated by Professor Acquisti’s speech kicking off the weekend, in which he challenged participants to find ways to quantify how much people are paying with their data for free services.

And, finally, The Soup Cans and String Winner: Ostel, for its work on technology that allows people to make encrypted cellphone calls using voice-over-the-Internet technology.

Source: The Winners of WSJ’s Data Transparency Weekend

h1

Path caught storing users’ unencrypted data

February 8, 2012

Path is a 16 month old social network that acts as a personal journal and allows you to share photo, video, music, people, places, and text to a select network of 150 people. Since version 2 was released, Path has surged to just over 2 million users.

In the last few hours since Thampi posted his discovery online, Path users have been up in arms. They were never asked permission for Path to access their address book. The bigger worry? Though with most apps collected data is encrypted, it appears Path is storing the actual information so all of your contacts are now online.

Dave Morin, Co-Founder and CEO of Path, was quick to respond in the comments of Thampi’s post. We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval. When asked why an opt-in for them to collect your data wasn’t included from the very beginning, Morin responded that it was industry best practise.

 The App Store guidelines do not specifically discuss contact information. However we believe users need further transparency on how this works, so we’ve been proactively addressing this…We fundamentally believe that you as a user should always have control over your information and data and you can always email our service team and we will remove anything you’d like from our servers.

It is good to see such openness in response but it’s a naive one. Apple’s app store guidelines states “Apps cannot transmit data about a user without obtaining the user’s prior permission.”

h1

USA Supreme Court returns personal privacy

February 6, 2012

American Civil Liberties Union’s website after the Supreme Court’s unanimous Jan. 23 ruling on United States v. Jones: “Supreme Court GPS Ruling: Bringing the 4th Amendment Into the 21st Century,

And this dramatic praise from Marcia Hofmann, the senior staff attorney for leading digital civil liberties protector, the Electronic Frontier Foundation:

“The Supreme Court has unanimously confirmed that the Constitution prevents unbridled police use of new technologies to monitor our movements.”

h1

Google announces upcoming changes that affect your privacy

January 30, 2012

The main change is for users with Google Accounts. Their new Privacy Policy makes clear that, if you’re signed in, they may combine information you’ve provided from one service with information from other services. In short, they’ll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience.

h1

Verizon’s ICSA Labs Division Identifies Key Security Threats Aimed at Businesses

January 28, 2012

According to the Verizon “2011 Data Breach Investigations Report,” the number of data attacks has tripled in the past five years, making the need to balance security with risk an even greater priority for businesses and consumers. With this trend in mind, Verizon’s ICSA Labs division recommends that businesses and consumers guard against the following 13 security threats in 2012:

  1. Mobile Malware Is on the Rise. Malware targeting mobile devices will continue to increase, and enterprises will wrestle with how to protect users. Obvious targets will be smartphones and tablets, with the hardest hit likely to be Android-based devices, given that operating system’s large market share and open innovation platform. All mobile platforms will experience an increase in mobile attacks.
  2. Criminals Target and Infect App Stores. Infected applications, rather than browser-based downloads, will be the main sources of attack. Because they are not policed well, unauthorized application stores will be the predominant source of mobile malware. Cybercriminals will post their infected applications here to attempt to lure trusting users into downloading rogue applications. Cybercriminals also will find ways to get their applications posted into authorized application stores. And infections can easily spread beyond the smartphone and into a corporate network, upping the ante on risk.
  3. Application Scoring Systems Will be Developed and Implemented. To reassure users, organizations will want to have their application source code reviewed by third parties. Similarly, organizations will want to be sure that the applications approved for use on workers’ devices meet a certain standard. It is anticipated that the industry will develop a scoring system that helps ensure that users only download appropriate, corporate-sanctioned applications to business devices.
  4. Emergence of Bank-Friendly Applications with Built-in Security. Mobile devices will increasingly be used to view banking information, transfer money, donate to charities and make payments for goods and services, presenting an opportunity for cybercriminals, who will find ways to circumvent protections. To help ensure the security of online banking, the banking industry is likely to begin to offer applications that have strong, built-in security layers.
  5. Hyper-connectivity Leads to Growing Identity and Privacy Challenges. In today’s business environment, more users need to legitimately access more data from more places. This requires the protection of data at every access point by using stronger credentials, deploying more secure, partner-accessible systems, and improving log management and analysis. Compounding the issue are a new age of cross-platform malicious code, aimed at sabotage, and mounting concerns about privacy. Enterprises will no longer be able to ignore this problem in 2012, and will have to make some hard choices.
  6. New Risks Accompany Move to Digitized Health Records. In the U.S., health care reform and stimulus funding will continue to accelerate the adoption of electronic health records and related technologies throughout the industry. The American Recovery and Reinvestment Act calls for all medical records to be electronic by 2014, meaning that much work must be done in 2012 and 2013 to prepare.) New devices will be introduced that send sensitive information beyond the traditional boundaries of health care providers, and more and more health care providers are using mobile devices. Along with the need to secure newly implemented EHR systems, securing mobile devices and managing mobile clinical applications will continue to be an ever-increasing focus in the health care industry.
  7. Mobile and Medical Devices Will Begin to Merge. Mobile devices and health care apps will proliferate, making it easier, for example, to transform a smartphone, into a heart monitor or diabetes tester. As a result, some experts believe that industry health care groups will declare mobile devices to be medical devices in order to control and regulate them. As interoperability standards mature, more mobile devices and traditional medical devices will become nodes on an organization’s network. These devices also will share data with other devices and users and, as a result, be susceptible to the same threats and vulnerabilities that computers and other network-attached peripherals, such as printers and faxes, are susceptible to today.
  8. Smart Grid Security Standards Will Keep Evolving. In the U.S., public utility commissions, along with the National Institute of Standards and Technology, will continue to develop smart-grid standards. State PUCs will begin to agree on a standard in the coming year. The government will increasingly require utilities to demonstrate that their smart grid and advanced metering infrastructure solutions protect not only the privacy of consumers and consumer usage data but also the security of the AMI infrastructure. At some point, a single federal framework will supersede state regulations and requirements.
  9. New Concerns Will Surface About IPv6. The federal government is still struggling with the rollout of IPv6-enabled devices as organizations migrate from IPv4. This will be an ongoing concern and IPv6 specific vulnerabilities and threats will continue to cause trouble during 2012. In addition, the other two fundamental mechanisms of the Internet — Border Gateway Protocol and Domain Name System – also now offer a next-generation version. In 2012, many will start migrating to these newer versions, generating a new round of vulnerabilities and exploits.
  10. Social-Engineering Threats Resurface. More targeted spear-phishing — an e-mail-fraud attempt that targets a specific organization, seeking unauthorized access to confidential data – will be the major social-engineering threat of 2012. Efforts to educate user communities about safe computing practices, will continue to be a challenge as the user base of smart devices increases dramatically. Social networking sites will continue to implement protection for users from malware, spam and phishing, but sophisticated threats will continue to seduce users to visit a rogue Website or reveal personally identifiable information online.
  11. Security Certification Programs Will Increase in Popularity. Certifications will continue to increase, especially as the government accelerates IT mandates for its agencies in the areas of cloud and identity; and in turn, the private sector will follow suit. Internet threats will continue to affect business, government and user confidence and wreak havoc on computing devices in the office and at home. The challenge for all testing bodies will be to stay ahead of the ever-changing threat landscape and to evolve testing accordingly. Some testing bodies may suggest certifying the security of companies as a whole, not just their products or services, as a way to build trust online.
  12. ‘Big Data’ Will Get Bigger, and so Will Security Needs. ”Big data” — large data sets that can now be managed with the right tools — will be popular in 2012 as more companies derive greater value through analytics. Companies will use the data to create new business opportunities while empowering evidence-based decision making for greater success. However, companies will need to secure this data in order to achieve the gains they seek.
  13. Safeguarding Online Identities Will no Longer be Optional. With the rampant growth of online identity theft, consumers, businesses and government agencies are seeking ways to better protect their identities. These groups will look to the private sector to provide a cost-effective solution that helps to safeguard their identities and create greater online trust.

“The proliferation of Internet connectivity, mobile devices and Web applications are helping to enrich lives and advance global business opportunity in new meaningful ways,” said Roger Thompson, emerging threats researcher, ICSA Labs. “But in this new era of hyper-connectivity, which is compounded by the blurring of lines between our professional and personal lives, it’s everyone’s responsibility — whether as a business user or a consumer — to safeguard our online activities and interact with technology responsibly to protect our assets, identity and privacy.”