Privacy

Privacy / Featured Blogs

We Must Keep Track of How Countries Will Confront Cybercrime in a New UN Convention

As a designated committee of experts prepares to draft a new treaty to combat the use of information and communications technologies in cybercrime at the UN in January 2022, it is paramount that other stakeholders oversee these discussions to avoid violating human rights on the Internet. This initiative was kickstarted by a 2019 resolution led by Russia and endorsed by other countries considered by many to behavior controversially on cybersecurity matters, such as China, Venezuela, Cambodia, North Korea, and others.

Why Is the Client-Side Scanning a Concern for Encryption?

As today is the Global Encryption Day, I decided to make my first post here on this topic. About two months ago, Apple caused a controversy by announcing the adoption of a measure to combat the spread of Child Sexual Abuse Materials (CSAM). The controversy was so huge that, a month after its announcement, Apple decided to postpone its plans for the new features to have more time to gather information from the various stakeholders and implement improvements before releasing the measures originally announced.

Where Did “Data Shadow” Come From?

Anyone who works in privacy is familiar with the term "data shadow": the digital record created by our transactions, our travels, our online activities. But where did the phrase come from? Who used it first? A number of authors have attributed it to Alan Westin, whose seminal book Privacy and Freedom (largely a report on the work of the Committee on Science and Law of the Association of the Bar of the City of New York) set the stage for most modern discussions of privacy.

Privacy, Legal vs. Natural Persons, and the Never-Ending ICANN EPDP

It has been just over 3 years since the General Data Protection Regulation (GDPR) came into effect, and the work within ICANN (type "EPDP 2a" into your acronym decoder ring) to develop a permanent Registration Data policy is progressing at a snail's pace. At issue is a proposed mandatory requirement for Contracted Parties (really just Registrars), to differentiate between "legal persons" (a fancy way of saying corporations and similar organizations) and "natural persons" (the kind that eat and breathe and schedule Zoom calls).

Making the Platform Relationship Win-Win

CSC recently participated in an open discussion at the World Trademark Review's APAC WTR Connect, where we moderated a discussion with brand owners, Western Digital and PVH, and platform owner, Alibaba, on the topic: "Making the Platform Relationship Win-Win." How do brands define what a platform is? For the brand owners, a platform could be any distribution service of their products -- be it a traditional eCommerce marketplace like Alibaba or Amazon.com -- or other digital service enablers...

Notes from the DNS Privacy Workshop at NDSS 2021

For many years the consuming topic in DNS circles was that of the names themselves. If you wind the clock back twenty years or so, you will find much discussion about the nature of the Internet's namespace. Why were there both generic top-level labels and two-letter country codes? If we were going to persist with these extra-territorial generic country codes in the namespace, then how many should there be? Who could or should manage them? And so on.

Emergence, Rise and Fall of Surveillance Capitalism, Part 2: Rise and Fall

One of the consequences of the Jan 6th events is a renewed attention towards Surveillance Capitalism as a key doctrine undermining democracy.2 This part 2 of the 2 part series of discusses the rise and fall of Surveillance Capitalism under the premise that the better we understand the danger at the door, the better we are able to confront it.

3 Most Scary Attacks that Leaked Personally Identifiable Information (PII) of Millions of Users

Cybercriminals are increasingly targeting Personally Identifiable Information (PII). The reason being "data is the new gold" in this digital world, and the more sensitive some data is, the more value it has. There is no more sensitive data than personally identifiable information because it contains enough information to identify you digitally. Examples of personally identifiable information include name, email, contact number, address, social security number, tax file number, banking or financial information, and more such data that helps identify you.

The Netizen’s Guide to Reboot the Root (Part II)

The first part of this series explained how Amendment 35 to the NTIA-Verisign cooperative agreement is highly offensive to the public interest. But the reasons for saving the Internet are more fundamental to Western interests than a bad deal made under highly questionable circumstances. One of the world's foremost experts on conducting censorship at scale, the Chinese Communist Party's experience with the Great Firewall...

Emergence, Rise and Fall of Surveillance Capitalism, Part 1: Emergence

One of the consequences of the Jan 6th events is a renewed attention towards Surveillance Capitalism as a key doctrine undermining democracy. This 2-part series of articles discusses the emergence, rise, and fall of Surveillance Capitalism under the premise that the better we understand the danger at the door, the better we are able to confront it.