Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Privacy

Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis

CRS – Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis. N. Eric Weiss, Specialist in Financial Economics. December 11, 2014.

“Data breaches, such as those at Target, Home Depot, Neiman Marcus, and JPMorgan Chase, affecting financial records of tens of millions of households seem to occur regularly. Companies typically respond by trying to increase their cybersecurity by hiring consultants and purchasing new hardware and software. Policy analysts have suggested that sharing information about these breaches could be an effective and inexpensive part of improving cybersecurity. Firms share information directly on an ad hoc basis and through private-sector, nonprofit organizations such as Information Sharing and Analysis Centers (ISACs) that can analyze and disseminate information. Firms sometimes do not share information because of perceived legal risks, such as violating privacy or antitrust laws, and economic incentives, such as giving useful information to their competitors. A firm that has been attacked might prefer to keep such information private out of a worry that its sales or stock price will fall. Further, there are no existing mechanisms to reward firms for sharing information. Their competitors can take advantage of the information, but not contribute in turn. This lack of reciprocity, called “free riding” by economists, may discourage firms from sharing. In addition, the information shared may not be applicable to those receiving it, or it might be difficult to apply. Because firms are reluctant to share information, other firms suffer from vulnerabilities that could be corrected. Further, by not sharing information about effective cybersecurity products and techniques, the size and quality of the market for cybersecurity products suffer. Some industry leaders call for mandatory sharing of information concerning attacks. Other experts advocate a strictly voluntary approach, because they believe it could impose fewer regulatory costs on businesses and cost less for taxpayers. Several bills have been introduced in the 113th Congress to encourage information sharing. H.R. 624, the Cyber Intelligence Sharing and Protection Act, and S. 2588, the Cybersecurity Information Sharing Act of 2014, aim to increase information sharing by directing the Department of Homeland Security and the Department of Justice to develop procedures for receiving and sharing information and by providing liability protection for private entities acting in good faith for a cybersecurity purpose. H.R. 624 passed the House, and S. 2588 was reported out of the Senate Select Committee on Intelligence.”

Data Brokers and Your Privacy

Privacy Rights Clearinghouse, Posted September 2014, Revised September 2014: “Technological advances allow us to do many useful things and to simplify our daily tasks.  The flip-side of these advances in technology is the unprecedented ability to collect, store, manipulate, and disseminate virtually unlimited amounts of data about people.  Numerous companies known as data brokers have entered thisContinue Reading

Investigative Report Claims NSA Hacking of Cellphone Networks Is Global

Ryan Gallagher – The Intercept: “The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensureContinue Reading

CIGI-Ipsos Global Survey on Internet Security and Trust

“The CIGI-Ipsos Global Survey on Internet Security and Trust, undertaken by the Centre for International Governance Innovation (CIGI) and conducted by global research company Ipsos, reached 23,376 Internet users in 24 countries, and was carried out between October 7, 2014 and November 12, 2014. The countries included: Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain,Continue Reading

EPIC – Facebook Revises Privacy Policy

“Facebook has again revised its privacy policy. Despite the new graphics, Facebook continues to collect and disclose enormous amounts of user data without meaningful consent. The use of location data has expanded dramatically. “We collect information from or about the computers, phones, or other devices where you install or access our Services,” states Facebook. TheseContinue Reading

Unprecedented leak of Sony Pictures internal personal data

“After sifting through almost 40GB of leaked internal data, one thing is clear: Sony Pictures appears to have suffered the most embarrassing and all-encompassing hack of internal corporate data ever made public. The data dump, which was reviewed extensively by BuzzFeed News, includes employee criminal background checks, salary negotiations, and doctors’ letters explaining the medical rationaleContinue Reading

EPIC Uncovers DOD Student Data Collection Procedures

“The Department of Defense has released to EPIC documents on the “Joint Advertising and Market Research Studies” Recruiting Database. The database includes sensitive student information, including home address and grade point average. DOD obtains this information from high schools offering military aptitude tests, state DMVs, and commercial data brokers. The documents sought by EPIC shedContinue Reading

Semi-annual report prepared by Intelligence Community Inspector General

Steven Aftergood, Secrecy News: “The Intelligence Community Inspector General (IC IG) received a tip last year that the Intelligence Community might have assembled a database containing US person data in violation of law and policy. “A civilian employee with the Army Intelligence and Security Command made an IC IG Hotline complaint alleging an interagency data repository,Continue Reading

WaPo – Is Uber’s rider database a sitting duck for hackers?

Craig Timberg – Washington Post: “Before #Ubergate recedes entirely from the news, let’s pause on one aspect of the story that hasn’t gotten much attention so far: the cybersecurity risk of collecting massive troves of private travel information in online databases. Imagine for a second that your job is to gather intelligence on government officials in Washington, or financiersContinue Reading

Facebook collected data on what Americans were grateful for during holiday season

“Over the past few months, many people have been challenging one another to share on Facebook the things for which they are most grateful. So, for example, one friend might challenge another to “write 3 things you are thankful for over the next 5 days.” In the spirit of Thanksgiving, we thought we would seeContinue Reading

EPIC Uncovers DOD Student Recruiting Database Privacy Protections

“The Department of Defense has released to EPIC documents on the “Joint Advertising and Market Research Studies” Recruiting Database. The database includes sensitive student information, including home address and grade point average. DOD obtains this information from high schools offering military aptitude tests, state DMVs, and commercial data brokers. The documents sought by EPIC shedContinue Reading

FAA to rule soon on increasingly popular use of drones

WSJ – “Highly anticipated federal rules on commercial drones are expected to require operators to have a license and limit flights to daylight hours, below 400 feet and within sight of the person at the controls, according to people familiar with the rule-making process. The drone industry has awaited commercial rules for about six years, hopingContinue Reading