Privacy

Privacy / Featured Blogs

Comments on the National Strategy for Trusted Identities in Cyberspace

The White House has recently released a draft of the National Strategy for Trusted Identities in Cyberspace. Some of its ideas are good and some are bad. However, I fear it will be a large effort that will do little, and will pose a threat to our privacy. As I've written elsewhere, I may be willing to sacrifice some privacy to help the government protect the nation; I'm not willing to do so to help private companies track me when it's quite useless as a defense.

Tackling Cyber Security: Should We Trust the Libertarians? Part 2

A couple of months ago, I wrote a post posing the question of whether or not more government regulation is required in order to secure the Internet. On the one hand, anonymity is viewed in the west as a forum for freedom of speech. The anonymity of the Internet allows dissidents to speak up against unpopular governments. However, the anonymity afforded by the Internet is not so much by design as it is byproduct of its original designers not seeing how widespread it would eventually become.

Google’s “Deeply Disturbing Invasion of Privacy” Being Investigated by Connecticut AG

What happens to companies when they get too big for their own good? Do they inadvertently do things that potentially harm our privacy (think Facebook)? Or, do they simply make mistakes that violate our privacy? Well, last month Google revealed that its Street View cars "mistakenly" captured content flowing over wireless networks -- a potential invasion of privacy.

BP and Incident Response: How Well Do Oil and Security Mix?

BP and the Oil Industry are taking a lot of heat these days - much of it rightly so. Moving beyond the drama and evaluating the overall response of BP and others reinforces much of what is taught in incident response training and preparation... by showing the outcomes when one does not respond well. This is probably the most important incident that the responders involved will deal with in their professional lives. For those of us working to protect Internet Infrastructure and resources there are useful lessons as we consider what is happening in the Gulf of Mexico and their response effort.

Malware and Search Warrant

A recent decision from a federal district court addresses an issue I hadn't seen before: whether searching malware on the suspect's computer was outside the scope of the search warrant issued for that computer. It seems a narrow issue, and unfortunately the opinion issued in the case doesn't tell us a whole lot about what happened; but I thought the issue was worth writing about, if only to note that it arose.

Facebook, Privacy, and the Loss of Trust

Facebook sure is getting beaten up recently. There's even a crowd-funded initiative to replace it with something open, called Diaspora -- everyone on Facebook is talking about it. Yet it wasn't even two full years ago that Facebook was the darling of the ditherati. For a while it seemed as if nearly everything Facebook did was hailed as the future of messaging, perhaps the future of the Internet - or maybe the Internet didn't matter anymore, except for Facebook.

Tackling Cyber Security: Should We Trust the Libertarians?

One of the RSS feeds that I read is Reason magazine, which is a web site for libertarians. In general, libertarians want less government intervention both in our personal lives and in the economy. The idea behind libertarians is that today's Republicans want less government intervention in our economy but are perfectly fine to have them dictate some aspects of morality. Similarly, today's Democrats want less government intervention in our personal lives but are perfectly fine with creating government bureaucracy to deliver social services. That's an oversimplified summary, but is more or less correct. About two months ago I got an article in my RSS feed where Reason was commenting on the government's response to the cyber war threats.

Take That Down Right Now - and Give Me That Too

Google has released a government requests tool. It's highly illuminating and may end up being quite disruptive. That's what surprising data visualizations can do for us. ... The tool allows us to see the number of requests from different countries that Google received during the last six months of 2009. More than 3600 data requests from Brazil during those six months and more than 3500 from the US. But just 40 or so from Canada and 30 from Israel.

More Provocative Reasons for a Mandatory National Breach Disclosure

I read, with some small amount of discomfort, an article by Bill Brenner on CSO Online, wherein he interviewed several other CSOs and other "Security Execs" on their opinions on the firing of Pennsylvania CISO Robert Maley. For those who haven't heard about this, Mr. Maley was fired for talking about a security incident during the recent RSA conference without approval from his bosses.

Privacy Becoming Very Public Matter

At the round tables on privacy held by the Federal Trade Commission, Indiana University law school professor and member of the board of the Privacy Projects, Fred Cate said out loud what long has been silently known about consumer protections based on the notices web sites post to describe their data protection practices and the consumers' choice to click on or away. Cate said: "Choice is an illusion." There is more than a bit of substance behind the bumper sticker...