jm + privacy   246

Quad9
Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy. 

Security: Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against the IBM X-Force threat intelligence database of over 40 billion analyzed web pages and images. Quad9 also taps feeds from 18 additional threat intelligence partners to block a large portion of the threats that present risk to end users and businesses alike. 

Performance: Quad9 systems are distributed worldwide in more than 70 locations at launch, with more than 160 locations in total on schedule for 2018. These servers are located primarily at Internet Exchange points, meaning that the distance and time required to get answers is lower than almost any other solution. These systems are distributed worldwide, not just in high-population areas, meaning users in less well-served areas can see significant improvements in speed on DNS lookups. The systems are “anycast” meaning that queries will automatically be routed to the closest operational system. 

Privacy: No personally-identifiable information is collected by the system. IP addresses of end users are not stored to disk or distributed outside of the equipment answering the query in the local data center. Quad9 is a nonprofit organization dedicated only to the operation of DNS services. There are no other secondary revenue streams for personally-identifiable data, and the core charter of the organization is to provide secure, fast, private DNS


Awesome!
quad9  resolvers  dns  anycast  ip  networking  privacy  security 
4 days ago by jm
The naked truth about Facebook’s revenge porn tool
This is absolutely spot on.

If Facebook wanted to implement a truly trusted system for revenge porn victims, they could put the photo hashing on the user side of things -- so only the hash is transferred to Facebook. To verify the claim that the image is truly a revenge porn issue, the victim could have the images verified through a trusted revenge porn advocacy organization. Theoretically, the victim then would have a verified, privacy-safe version of the photo, and a hash that could be also sent to Google and other sites.
facebook  privacy  hashing  pictures  images  revenge-porn  abuse  via:jwz 
10 days ago by jm
How Facebook Figures Out Everyone You've Ever Met
Oh god this is so creepy.
Facebook’s machinery operates on a scale far beyond normal human interactions. And the results of its People You May Know algorithm are anything but obvious. In the months I’ve been writing about PYMK, as Facebook calls it, I’ve heard more than a hundred bewildering anecdotes:

A man who years ago donated sperm to a couple, secretly, so they could have a child—only to have Facebook recommend the child as a person he should know. He still knows the couple but is not friends with them on Facebook.
A social worker whose client called her by her nickname on their second visit, because she’d shown up in his People You May Know, despite their not having exchanged contact information.
A woman whose father left her family when she was six years old—and saw his then-mistress suggested to her as a Facebook friend 40 years later.
An attorney who wrote: “I deleted Facebook after it recommended as PYMK a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email.”
facebook  privacy  surveillance  security  creepy  phones  contacts  pymk 
13 days ago by jm
The Israeli Digital Rights Movement's campaign for privacy | Internet Policy Review
This study explores the persuasion techniques used by the Israeli Digital Rights Movement in its campaign against Israel’s biometric database. The research was based on analysing the movement's official publications and announcements and the journalistic discourse that surrounded their campaign within the political, judicial, and public arenas in 2009-2017. The results demonstrate how the organisation navigated three persuasion frames to achieve its goals: the unnecessity of a biometric database in democracy; the database’s ineffectiveness; and governmental incompetence in securing it. I conclude by discussing how analysing civil society privacy campaigns can shed light over different regimes of privacy governance. [....]

1. Why the database should be abolished: because it's not necessary - As the organisation highlighted repeatedly throughout the campaign with the backing of cyber experts, there is a significant difference between issuing smart documents and creating a database. Issuing smart documents effectively solves the problem of stealing and forging official documents, but does it necessarily entail the creation of a database? The activists’ answer is no: they declared that while they do support the transition to smart documents (passports and ID cards) for Israeli citizens, they object to the creation of a database due to its violation of citizens' privacy.

2. Why the database should be abolished: because it's ineffective; [...]

3. Why the database should be abolished: because it will be breached - The final argument was that the database should be abolished because the government would not be able to guarantee protection against security breaches, and hence possible identity theft.
digital-rights  privacy  databases  id-cards  israel  psc  drm  identity-theft  security 
7 weeks ago by jm
London police’s use of AFR facial recognition falls flat on its face
A “top-of-the-line” automated facial recognition (AFR) system trialled for the second year in a row at London’s Notting Hill Carnival couldn’t even tell the difference between a young woman and a balding man, according to a rights group worker invited to view it in action. Because yes, of course they did it again: London’s Met police used controversial, inaccurate, largely unregulated automated facial recognition (AFR) technology to spot troublemakers. And once again, it did more harm than good.

Last year, it proved useless. This year, it proved worse than useless: it blew up in their faces, with 35 false matches and one wrongful arrest of somebody erroneously tagged as being wanted on a warrant for a rioting offense.

[...] During a recent, scathing US House oversight committee hearing on the FBI’s use of the technology, it emerged that 80% of the people in the FBI database don’t have any sort of arrest record. Yet the system’s recognition algorithm inaccurately identifies them during criminal searches 15% of the time, with black women most often being misidentified.
face-recognition  afr  london  notting-hill-carnival  police  liberty  met-police  privacy  data-privacy  algorithms 
9 weeks ago by jm
'Let’s all survive the GDPR'
Simon McGarr and John Looney's slides from their SRECon '17 presentation
simon-mcgarr  data-privacy  privacy  data-protection  gdpr  slides  presentations 
10 weeks ago by jm
Comment: 'Mandatory but not compulsory' - what exactly is the justification for the Public Services Card? - Independent.ie
TJ McIntyre nails the problem here:
'Mandatory but not compulsory". This ill-judged hair-splitting seems likely to stick to Social Protection Minister Regina Doherty in the same way that "an Irish solution to an Irish problem" and "on mature recollection" did to politicians before her. The minister used that phrase to defend against the criticism that the public services card (PSC) is being rolled out as a national ID card by stealth, without any clear legal basis or public debate. She went on to say that the PSC is not compulsory as "nobody will drag you kicking and screaming to have a card".
This is correct, but irrelevant. The Government's strategy is one of making the PSC effectively rather than legally compulsory - by cutting off benefits such as pensions and refusing driving licences and passports unless a person registers.
Whether or not the PSC is required by law is immaterial if you cannot function in society without it.
psc  id-cards  ireland  social-welfare  id  privacy  data-protection 
11 weeks ago by jm
The data for the Irish theory driving test is stored in the US
Prometric is the company which adminsters the test and they appear to store it on US-based servers
prometric  data  privacy  data-protection  driving-test  ireland  theory-test 
12 weeks ago by jm
The Guardian view on patient data: we need a better approach | Editorial | Opinion | The Guardian

The use of privacy law to curb the tech giants in this instance, or of competition law in the case of the EU’s dispute with Google, both feel slightly maladapted. They do not address the real worry. It is not enough to say that the algorithms DeepMind develops will benefit patients and save lives. What matters is that they will belong to a private monopoly which developed them using public resources. If software promises to save lives on the scale that drugs now can, big data may be expected to behave as big pharma has done. We are still at the beginning of this revolution and small choices now may turn out to have gigantic consequences later. A long struggle will be needed to avoid a future of digital feudalism. Dame Elizabeth’s report is a welcome start.


Hear hear.
privacy  law  uk  nhs  data  google  deepmind  healthcare  tech  open-source 
july 2017 by jm
GDPR Advisors and Consultants - Data Compliance Europe
Simon McGarr's new consultancy:
Our consultancy helps our clients understand how EU privacy law applies to their organisations; delivers the practical and concrete steps needed to achieve legal compliance; and helps them manage their continuing obligations after GDPR comes into force. Our structured approach to GDPR provides a long-term data compliance framework to minimise the ongoing risk of potential fines for data protection breaches. Our continuing partnership provides regulator liaison, advisory consultancy, and external Data Protection Officer services.
gdpr  simon-mcgarr  law  privacy  eu  europe  data-protection  regulation  data 
may 2017 by jm
'I've Got Nothing to Hide' and Other Misunderstandings of Privacy by Daniel J. Solove :: SSRN
In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the nothing to hide argument. When asked about government surveillance and data mining, many people respond by declaring: "I've got nothing to hide." According to the nothing to hide argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The nothing to hide argument and its variants are quite prevalent, and thus are worth addressing. In this essay, Solove critiques the nothing to hide argument and exposes its faulty underpinnings.


Via Fred Logue
law  philosophy  privacy  security  essay  papers  daniel-solove  surveillance  snooping 
may 2017 by jm
Government urged to declare if it wants mandatory ID cards
“The move from a voluntary or small-scale project of Public Services Cards to requiring all passport and driving licence applicant to present these cards is very significant.” Dr TJ McIntyre, a UCD law lecturer and chairman of the privacy advocacy group Digital Rights Ireland said on Sunday these measures marked the introduction of a “national ID card by stealth” and he believed it was being done “in a way which appears to be illegal”.
privacy  government  ireland  id-cards  law 
may 2017 by jm
Quividi - Leader in Attention Analytics
more "Anonymous Video Analytics" which is currently deployed in Dublin on-street billboards by a company called Orb with cameras pointing into public spaces. I am very curious whether this is legal under Irish DPA law given that sensitive personal data (your face) is being, while not _stored_ per se, _processed_ by this system without any provision for opt-in/opt-out.
advertising  privacy  technology  tracking  opt-in  quividi  orb 
may 2017 by jm
Unroll.me sold your data to Uber
'Uber devoted teams to so-called competitive intelligence, purchasing data from Slice Intelligence, which collected customers' emailed Lyft receipts via Unroll.me and sold the data to Uber'.

Also: 'Unroll.me allegedly "kept a copy of every single email that you sent or received" in "poorly secured S3 buckets"': https://news.ycombinator.com/item?id=14180463

Unroll.me CEO: 'felt bad “to see that some of our users were upset to learn about how we monetise our free service”.'
https://www.theguardian.com/technology/2017/apr/24/unrollme-mail-unsubscription-service-heartbroken-sells-user-inbox-data-slice
uber  unroll.me  gmail  google  privacy  data-protection  lyft  scumbags  slice-intelligence 
april 2017 by jm
Australian Doctor on Twitter: "Outcry as MyHealthRecord default privacy setting left open to universal access"
Funnily enough, this is exactly what Ross Anderson warned about 10 years ago re patient record digitisation in the UK.

'Occupational therapists working for an employer, doctors working for insurance companies, a dietitian, an optometrist or a dentist or their staff can view the [patient] record and see if individuals have a sexually transmitted disease, a mental illness, have had an abortion or are using Viagra.'
privacy  heaith  australia  myhealthrecord  data-protection  data-privacy  healthcare  medicine 
april 2017 by jm
serviette/serviette.py at master · heathervm/serviette · GitHub
Delete tweets based on search terms. Wonder why you'd want that
twitter  tweets  delete  privacy  social-media 
april 2017 by jm
Research Blog: Federated Learning: Collaborative Machine Learning without Centralized Training Data
Great stuff from Google - this is really nifty stuff for large-scale privacy-preserving machine learning usage:

It works like this: your device downloads the current model, improves it by learning from data on your phone, and then summarizes the changes as a small focused update. Only this update to the model is sent to the cloud, using encrypted communication, where it is immediately averaged with other user updates to improve the shared model. All the training data remains on your device, and no individual updates are stored in the cloud.

Federated Learning allows for smarter models, lower latency, and less power consumption, all while ensuring privacy. And this approach has another immediate benefit: in addition to providing an update to the shared model, the improved model on your phone can also be used immediately, powering experiences personalized by the way you use your phone.

Papers:
https://arxiv.org/pdf/1602.05629.pdf , https://arxiv.org/pdf/1610.05492.pdf
google  ml  machine-learning  training  federated-learning  gboard  models  privacy  data-privacy  data-protection 
april 2017 by jm
UN privacy watchdog says 'little or no evidence' that mass surveillance works | ZDNet
The United Nations' special rapporteur on privacy has lambasted a spate of new surveillance laws across Europe and the US, saying that there is "little or no evidence" that mass monitoring of communications works. In a report published this week, Prof. Joseph Cannataci, the first privacy watchdog to take up the post, said he was neither convinced of the effectiveness or the proportionality "of some of the extremely privacy-intrusive measures that have been introduced by new surveillance laws."

He also said that bulk records collection, such as call and email metadata, runs the risk of "being hacked by hostile governments or organized crime."

Cannataci singled out recently-passed laws in France, Germany, the UK and the US, all of which have pushed through new legislation in the wake of the threat from the so-called Islamic State. He said that the passed laws amount to "gesture-politics," which in his words, "have seen politicians who wish to be seen to be doing something about security, legislating privacy-intrusive powers into being -- or legalize existing practices -- without in any way demonstrating that this is either a proportionate or indeed an effective way to tackle terrorism." A rise in public support of increased surveillance powers is "predicated on the psychology of fear," he said, referring to the perceived threat of terrorism.
surveillance  law  privacy  un  joseph-cannataci  watchdogs  terrorism  fear  fud 
march 2017 by jm
Minor Infractions — Real Life
When our son turned 12, we gave him a phone and allowed him to use social media, with a condition: He had no right to privacy. We would periodically and without warning read his texts and go through his messenger app. We would follow him on Facebook, Instagram and Twitter (though we wouldn’t comment or tag him — we’re not monsters). We wouldn’t ambush him about what we read and we wouldn’t attempt to embarrass him. Anything that wasn’t dangerous or illegal, we would ignore.


Food for thought. But not yet!
surveillance  family  kids  privacy  online  social-media  teenagers 
february 2017 by jm
What Vizio was doing behind the TV screen | Federal Trade Commission
This is awful:
Starting in 2014, Vizio made TVs that automatically tracked what consumers were watching and transmitted that data back to its servers. Vizio even retrofitted older models by installing its tracking software remotely. All of this, the FTC and AG allege, was done without clearly telling consumers or getting their consent.

What did Vizio know about what was going on in the privacy of consumers’ homes? On a second-by-second basis, Vizio collected a selection of pixels on the screen that it matched to a database of TV, movie, and commercial content. What’s more, Vizio identified viewing data from cable or broadband service providers, set-top boxes, streaming devices, DVD players, and over-the-air broadcasts. Add it all up and Vizio captured as many as 100 billion data points each day from millions of TVs.

Vizio then turned that mountain of data into cash by selling consumers’ viewing histories to advertisers and others. And let’s be clear: We’re not talking about summary information about national viewing trends. According to the complaint, Vizio got personal. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership.  And Vizio permitted these companies to track and target its consumers across devices.

That’s what Vizio was up to behind the screen, but what was the company telling consumers? Not much, according to the complaint.

Vizio put its tracking functionality behind a setting called “Smart Interactivity.”  But the FTC and New Jersey AG say that the generic way the company described that feature – for example, “enables program offers and suggestions” – didn’t give consumers the necessary heads-up to know that Vizio was tracking their TV’s every flicker. (Oh, and the “Smart Interactivity” feature didn’t even provide the promised “program offers and suggestions.”)
privacy  ftc  surveillance  tv  vizio  ads  advertising  smart-tvs 
february 2017 by jm
Data from pacemaker used to arrest man for arson, insurance fraud
Compton has medical conditions which include an artificial heart linked to an external pump. According to court documents, a cardiologist said that "it is highly improbable Mr. Compton would have been able to collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions."

After US law enforcement caught wind of this peculiar element to the story, police were able to secure a search warrant and collect the pacemaker's electronic records to scrutinize his heart rate, the demand on the pacemaker and heart rhythms prior to and at the time of the incident.
pacemakers  health  medicine  privacy  data  arson  insurance  fraud  heart 
february 2017 by jm
The hidden cost of QUIC and TOU
The recent movement to get all traffic encrypted has of course been great for the Internet. But the use of encryption in these protocols is different than in TLS. In TLS, the goal was to ensure the privacy and integrity of the payload. It's almost axiomatic that third parties should not be able to read or modify the web page you're loading over HTTPS. QUIC and TOU go further. They encrypt the control information, not just the payload. This provides no meaningful privacy or security benefits.

Instead the apparent goal is to break the back of middleboxes [0]. The idea is that TCP can't evolve due to middleboxes and is pretty much fully ossified. They interfere with connections in all kinds of ways, like stripping away unknown TCP options or dropping packets with unknown TCP options or with specific rare TCP flags set. The possibilities for breakage are endless, and any protocol extensions have to jump through a lot of hoops to try to minimize the damage.
quic  tou  protocols  http  tls  security  internet  crypto  privacy  firewalls  debugging  operability 
december 2016 by jm
IPBill ICRs are the perfect material for 21st-century blackmail
ICRs are the perfect material for blackmail, which makes them valuable in a way that traditional telephone records are not. And where potentially large sums of money are involved, corruption is sure to follow. Even if ICR databases are secured with the best available technology, they are still vulnerable to subversion by individuals whose jobs give them ready access.
This is no theoretical risk. Just one day ago, it emerged that corrupt insiders at offshore call centres used by Australian telecoms were offering to sell phone records, home addresses, and other private details of customers. Significantly, the price requested was more if the target was an Australian "VIP, politician, police [or] celebrity."
blackmail  privacy  uk-politics  uk  snooping  surveillance  icrs  australia  phone-records 
november 2016 by jm
Stealth Cell Tower
'an antagonistic GSM base station [disguised] in the form of an innocuous office printer. It brings the covert design practice of disguising cellular infrastructure as other things - like trees and lamp-posts - indoors, while mimicking technology used by police and intelligence agencies to surveil mobile phone users.'
gsm  hardware  art  privacy  surveillance  hacks  printers  mobile-phones 
november 2016 by jm
Remarks at the SASE Panel On The Moral Economy of Tech
Excellent talk. I love this analogy for ML applied to real-world data which affects people:
Treating the world as software promotes fantasies of control. And the best kind of control is control without responsibility. Our unique position as authors of software used by millions gives us power, but we don't accept that this should make us accountable. We're programmers—who else is going to write the software that runs the world? To put it plainly, we are surprised that people seem to get mad at us for trying to help. Fortunately we are smart people and have found a way out of this predicament. Instead of relying on algorithms, which we can be accused of manipulating for our benefit, we have turned to machine learning, an ingenious way of disclaiming responsibility for anything. Machine learning is like money laundering for bias. It's a clean, mathematical apparatus that gives the status quo the aura of logical inevitability. The numbers don't lie.


Particularly apposite today given Y Combinator's revelation that they use an AI bot to help 'sift admission applications', and don't know what criteria it's using: https://twitter.com/aprjoy/status/783032128653107200
culture  ethics  privacy  technology  surveillance  ml  machine-learning  bias  algorithms  software  control 
october 2016 by jm
Snooping powers saw 13 people wrongly held on child sex charges in the UK
Sorry, Daily Mail article --
Blunders in the use of controversial snooping powers meant 13 people were wrongly arrested last year on suspicion of being paedophiles. Another four individuals had their homes searched by detectives following errors in attempts to access communications data, a watchdog revealed yesterday.

Other mistakes also included people unconnected to an investigation being visited by police and delayed welfare checks on vulnerable people including children whose lives were at risk, said the Interception of Communications Commissioner. [....] A large proportion of the errors involved an internet address which was wrongly linked to an individual.

Of the 23 serious mistakes, 14 were human errors and the other nine ‘technical system errors’.
surveillance  ip-addresses  privacy  uk  daily-mail  snooping  interception  errors 
september 2016 by jm
The Internet Thinks I’m Still Pregnant - The New York Times
This is pretty awful -- an accidental, careless and brutal side effect of marketers passing on sensitive info to one another, without respect for their users' privacy:

'I hadn’t realized, however, that when I had entered my information into the pregnancy app, the company would then share it with marketing groups targeting new mothers. Although I logged my miscarriage into the app and stopped using it, that change in status apparently wasn’t passed along. Seven months after my miscarriage, mere weeks before my due date, I came home from work to find a package on my welcome mat. It was a box of baby formula bearing the note: “We may all do it differently, but the joy of parenthood is something we all share.”'
privacy  pregnancy  miscarriage  data-protection  apps  babies  parenthood 
september 2016 by jm
Sex toy tells manufacturer when you’re using it
the "We-Vibe 4 Plus" phones home with telemetry data including temperature, and when the user "changes the vibration level". wtf
wtf  privacy  sex-toys  telemetry  metrics  vibrators  we-vibe 
august 2016 by jm
Self-driving cars: overlooking data privacy is a car crash waiting to happen
Interesting point -- self-driving cars are likely to be awash in telemetry data, "phoned home"
self-driving  cars  vehicles  law  data  privacy  data-privacy  surveillance 
july 2016 by jm
Cops Use Stingray To Almost Track Down Suspected Fast Food Thief
Law enforcement spokespeople will often point to the handful of homicide or kidnapping investigations successfully closed with the assistance of cell site simulators, but they'll gloss over the hundreds of mundane deployments performed by officers who will use anything that makes their job easier -- even if it's a tool that's Constitutionally dubious.

Don't forget, when a cell site simulator is deployed, it gathers cell phone info from everyone in the surrounding area, including those whose chicken wings have been lawfully purchased. And all of this data goes... somewhere and is held onto for as long as the agency feels like it, because most agencies don't seem to have Stingray data retention policies in place until after they've been FOIA'ed/questioned by curious legislators.

Regular policework -- which seemed to function just fine without cell tracking devices -- now apparently can't be done without thousands of dollars of military equipment. And it's not just about the chicken wing thieves law enforcement can't locate. It's about the murder suspects who are caught but who walk away when the surveillance device wipes its feet on the Fourth Amendment as it serves up questionable, post-facto search warrants and pen register orders.
stingrays  mobile  surveillance  imsi-catchers  data-retention  privacy  chicken-wings  fast-food 
june 2016 by jm
Sample letter to refuse permission for a child's data to be transferred into POD - Tuppenceworth.ie blog
The Department of Education has issued a new circular accepting it cannot defund the education of children whose parents do not want their kid’s data to be in POD [the privacy-infringing database of all Irish primary-school children]. They’ll only accept a written request as the basis of that refusal, however. So, here’s one you can use that meets the requirements. Send or give it to your school.
pod  privacy  ireland  children  kids  school 
june 2016 by jm
Differential Privacy
Apple have announced they plan to use it; Google use a DP algorithm called RAPPOR in Chrome usage statistics. In summary: "novel privacy technology that allows inferring statistics about populations while preserving the privacy of individual users".
apple  privacy  anonymization  google  rappor  algorithms  sampling  populations  statistics  differential-privacy 
june 2016 by jm
Ireland goes Big Brother as police upgrade snooping abilities - The Register
The Garda Síochána has proposed to expand its surveillance on Irish citizens by swelling the amount of data it collects on them through an increase in its CCTV and ANPR set-ups, and will also introduce facial and body-in-a-crowd biometrics technologies. [...] The use of Automated Facial Recognition (AFR) technology is fairly troubled in the UK, with the independent biometrics commissioner warning the government that it was risking inviting a legal challenge back in March. It is no less of an issue in Ireland, where the Data Protection Commissioner (DPC) audited Facebook in 2011 and 2012, and scolded the Zuckerborg over its use of facial recognition technology.
afr  facial-recognition  minority-report  surveillance  ireland  gardai  cctv  anpr  biometrics  privacy 
june 2016 by jm
German Privacy Regulators Fined Adobe, Others Over U.S. Data Transfers
Adobe was fined 8,000 euros, Punica 9,000 euros and Unilever 11,000 euros. The regulator said they had put in place alternative legal mechanisms for transferring data to the United States following the fine. “The fact that the companies have eventually implemented a legal basis for the transfer had to be taken into account in a favorable way for the calculation of the fines,” said Johannes Caspar, the Hamburg Commissioner for Data Protection. “For future infringements, stricter measures have to be applied.”
data-protection  eu  fines  us  privacy  safe-harbor 
june 2016 by jm
MPs’ private emails are routinely accessed by GCHQ
65% of parliamentary emails are routed via Dublin or the Netherlands, so liable to access via Tempora; NSA's Prism program gives access to all Microsoft Office 365 docs; and MessageLabs, the anti-spam scanning system in use, has a GCHQ backdoor program called Haruspex, allegedly.
snowden  privacy  mps  uk  politics  gchq  nsa  haruspex  messagelabs  symantec  microsoft  parliament 
june 2016 by jm
Public preferences for electronic health data storage, access, and sharing – evidence from a pan-European survey | Journal of the American Medical Informatics Association
Results: We obtained 20 882 survey responses (94 606 preferences) from 27 EU member countries. Respondents recognized the benefits of storing electronic health information, with 75.5%, 63.9%, and 58.9% agreeing that storage was important for improving treatment quality, preventing epidemics, and reducing delays, respectively. Concerns about different levels of access by third parties were expressed by 48.9% to 60.6% of respondents. On average, compared to devices or systems that only store basic health status information, respondents preferred devices that also store identification data (coefficient/relative preference 95% CI = 0.04 [0.00-0.08], P = 0.034) and information on lifelong health conditions (coefficient = 0.13 [0.08 to 0.18], P < 0.001), but there was no evidence of this for devices with information on sensitive health conditions such as mental and sexual health and addictions (coefficient = −0.03 [−0.09 to 0.02], P = 0.24). Respondents were averse to their immediate family (coefficient = −0.05 [−0.05 to −0.01], P = 0.011) and home care nurses (coefficient = −0.06 [−0.11 to −0.02], P = 0.004) viewing this data, and strongly averse to health insurance companies (coefficient = −0.43 [−0.52 to 0.34], P < 0.001), private sector pharmaceutical companies (coefficient = −0.82 [−0.99 to −0.64], P < 0.001), and academic researchers (coefficient = −0.53 [−0.66 to −0.40], P < 0.001) viewing the data.

Conclusions: Storing more detailed electronic health data was generally preferred, but respondents were averse to wider access to and sharing of this information. When developing frameworks for the use of electronic health data, policy makers should consider approaches that both highlight the benefits to the individual and minimize the perception of privacy risks.


Via Antoin.
privacy  data  medicine  health  healthcare  papers  via:antoin 
april 2016 by jm
Primary Online Database: POD now (mostly) not compulsory (for now)
Ever since the introduction of the Primary Online Database of schoolchildren by the Department of Education, the Department and its Minister have been eager to point out that any parent who refused to allow a child’s data to be transferred would see that child’s education defunded.

Well, for all children other than this week’s crop of new Junior Infants, that threat has now collapsed. This is despite the Minister and her department having claimed that the drastic threat of defunding was because it simply wasn’t possible to give grants without a child’s full data being transferred. [...]

Oddly, as the prospect of defunding the education of 30% of the nation’s children in the run up to an election loomed large, the Department discovered it could, after all, pay for a child’s education without all its POD data.
pod  law  ireland  data-protection  privacy  children  school 
april 2016 by jm
Mass surveillance silences minority opinions, according to study - The Washington Post
This is excellent research, spot on.
Elizabeth Stoycheff, lead researcher of the study and assistant professor at Wayne State University, is disturbed by her findings. “So many people I've talked with say they don't care about online surveillance because they don't break any laws and don't have anything to hide. And I find these rationales deeply troubling,” she said.

She said that participants who shared the “nothing to hide” belief, those who tended to support mass surveillance as necessary for national security, were the most likely to silence their minority opinions.

“The fact that the 'nothing to hide' individuals experience a significant chilling effect speaks to how online privacy is much bigger than the mere lawfulness of one's actions. It's about a fundamental human right to have control over one's self-presentation and image, in private, and now, in search histories and metadata,” she said.
culture  privacy  psychology  surveillance  mass-surveillance  via:snowden  nothing-to-hide  spiral-of-silence  fear 
march 2016 by jm
Microsoft warns of risks to Irish operation in US search warrant case

“Our concern is that if we lose the case more countries across Europe or elsewhere are going to be concerned about having their data in Ireland, ” Mr Smith said, after testifying before the House judiciary committee.
Asked what would happen to its Irish unit if the company loses the case or doesn’t convince Congress to pass updated legislation governing cross-border data held by American companies, the Microsoft executive said: “We’ll certainly face a new set of risks that we don’t face today.”
He added that the issue could be resolved by an executive order by the White House or through international negotiations between the Irish Government or the European Union and the US.
microsoft  data  privacy  us-politics  surveillance  usa 
february 2016 by jm
Exclusive: Snowden intelligence docs reveal UK spooks' malware checklist / Boing Boing
This is an excellent essay from Cory Doctorow on mass surveillance in the post-Snowden era, and the difference between HUMINT and SIGINT. So much good stuff, including this (new to me) cite for, "Goodhart's law", on secrecy as it affects adversarial classification:
The problem with this is that once you accept this framing, and note the happy coincidence that your paymasters just happen to have found a way to spy on everyone, the conclusion is obvious: just mine all of the data, from everyone to everyone, and use an algorithm to figure out who’s guilty. The bad guys have a Modus Operandi, as anyone who’s watched a cop show knows. Find the MO, turn it into a data fingerprint, and you can just sort the firehose’s output into ”terrorist-ish” and ”unterrorist-ish.”

Once you accept this premise, then it’s equally obvious that the whole methodology has to be kept from scrutiny. If you’re depending on three ”tells” as indicators of terrorist planning, the terrorists will figure out how to plan their attacks without doing those three things.

This even has a name: Goodhart's law. "When a measure becomes a target, it ceases to be a good measure." Google started out by gauging a web page’s importance by counting the number of links they could find to it. This worked well before they told people what they were doing. Once getting a page ranked by Google became important, unscrupulous people set up dummy sites (“link-farms”) with lots of links pointing at their pages.
adversarial-classification  classification  surveillance  nsa  gchq  cory-doctorow  privacy  snooping  goodharts-law  google  anti-spam  filtering  spying  snowden 
february 2016 by jm
Journalists, this GSOC story isn’t all about you, you know
Karlin Lillington in the Irish Times, going through journos for a shortcut:
All the hand-wringing from journalists, unions and media companies – even politicians and ministers – over the GSOC’s accessing of journalist’s call records? Oh, please. What wilful ignorance, mixed with blatant hypocrisy. Where have you all been for the past decade and a half, as successive Irish governments and ministers for justice supported and then rammed through legislation for mandatory call data retention for one of the longest periods in the world, with some of the weakest legal constraints and oversight?
karlin-lillington  privacy  data-protection  dri  law  journalists  gsoc  surveillance  data-retention 
january 2016 by jm
EU counter-terror bill is 'indiscriminate' data sweep
"To identify if someone is travelling outside the EU, we don't need an EU PNR. This data are already easily available in the airline reservation system,” [Giovanni Buttarelli, the European data protection supervisor] said. EU governments want more information in the belief it will help law enforcement in tracking down terrorists and are demanding access to information, such as travel dates, travel itinerary, ticket information, contact details, baggage information, and payment information of anyone flying in or out of the EU. ... EU PNR data would be retained for up to five years
pnr  eu  law  privacy  data-protection  europe  counter-terrorism  travel  air-travel 
december 2015 by jm
One of the Largest Hacks Yet Exposes Data on Hundreds of Thousands of Kids | Motherboard
VTech got hacked, and millions of parents and 200,000 kids had their privacy breached as a result. Bottom line is summed up by this quote from one affected parent:
“Why do you need know my address, why do you need to know all this information just so I can download a couple of free books for my kid on this silly pad thing? Why did they have all this information?”


Quite. Better off simply not to have the data in the first place!
vtech  privacy  data-protection  data  hacks 
november 2015 by jm
Did you know that Dublin Airport is recording your phone's data? - Newstalk
Ugh. Queue tracking using secret MAC address tracking in Dublin Airport:
"I think the fundamental issue is one of consent. Dublin Airport have been tracking individual MAC addresses since 2012 and there doesn't appear to be anywhere in the airport where they warn passengers that this is this occurring. "If they have to signpost CCTV, then mobile phone tracking should at a very minimum be sign-posted for passengers," he continues.


And how long are MAC addresses retained for, I wonder?
mac-addresses  dublin-airport  travel  privacy  surveillance  tracking  wifi  phones  cctv  consent 
november 2015 by jm
No Harm, No Fowl: Chicken Farm Inappropriate Choice for Data Disposal
That’s a lesson that Spruce Manor Special Care Home in Saskatchewan had to learn the hard way (as surprising as that might sound). As a trustee with custody of personal health information, Spruce Manor was required under section 17(2) of the Saskatchewan Health Information Protection Act to dispose of its patient records in a way that protected patient privacy. So, when Spruce Manor chose a chicken farm for the job, it found itself the subject of an investigation by the Saskatchewan Information and Privacy Commissioner.  In what is probably one of the least surprising findings ever, the commissioner wrote in his final report that “I recommend that Spruce Manor […] no longer use [a] chicken farm to destroy records”, and then for good measure added “I find using a chicken farm to destroy records unacceptable.”
data  law  privacy  funny  chickens  farming  via:pinboard  data-protection  health  medical-records 
november 2015 by jm
User data plundering by Android and iOS apps is as rampant as you suspected
An app from Drugs.com, meanwhile, sent the medical search terms "herpes" and "interferon" to five domains, including doubleclick.net, googlesyndication.com, intellitxt.com, quantserve.com, and scorecardresearch.com, although those domains didn't receive other personal information.
privacy  security  google  tracking  mobile  phones  search  pii 
november 2015 by jm
Tesla Autopilot mode is learning
This is really impressive, but also a little scary. Drivers driving the Tesla Model S are "phoning home" training data as they drive:
A Model S owner by the username Khatsalano kept a count of how many times he had to “rescue” (meaning taking control after an alert) his Model S while using the Autopilot on his daily commute. He counted 6 “rescues” on his first day, by the fourth day of using the system on his 23.5 miles commute, he only had to take control over once. Musk said that Model S owners could add ~1 million miles of new data every day, which is helping the company create “high precision maps”.


Wonder if the data protection/privacy implications have been considered for EU use.
autopilot  tesla  maps  mapping  training  machine-learning  eu  privacy  data-protection 
november 2015 by jm
Your Relative's DNA Could Turn You Into A Suspect
Familial DNA searching has massive false positives, but is being used to tag suspects:
The bewildered Usry soon learned that he was a suspect in the 1996 murder of an Idaho Falls teenager named Angie Dodge. Though a man had been convicted of that crime after giving an iffy confession, his DNA didn’t match what was found at the crime scene. Detectives had focused on Usry after running a familial DNA search, a technique that allows investigators to identify suspects who don’t have DNA in a law enforcement database but whose close relatives have had their genetic profiles cataloged. In Usry’s case the crime scene DNA bore numerous similarities to that of Usry’s father, who years earlier had donated a DNA sample to a genealogy project through his Mormon church in Mississippi. That project’s database was later purchased by Ancestry, which made it publicly searchable—a decision that didn’t take into account the possibility that cops might someday use it to hunt for genetic leads.

Usry, whose story was first reported in The New Orleans Advocate, was finally cleared after a nerve-racking 33-day wait — the DNA extracted from his cheek cells didn’t match that of Dodge’s killer, whom detectives still seek. But the fact that he fell under suspicion in the first place is the latest sign that it’s time to set ground rules for familial DNA searching, before misuse of the imperfect technology starts ruining lives.
dna  familial-dna  false-positives  law  crime  idaho  murder  mormon  genealogy  ancestry.com  databases  biometrics  privacy  genes 
october 2015 by jm
How is NSA breaking so much crypto?
If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime.
How enormous a computation, you ask? Possibly a technical feat on a scale (relative to the state of computing at the time) not seen since the Enigma cryptanalysis during World War II. Even estimating the difficulty is tricky, due to the complexity of the algorithm involved, but our paper gives some conservative estimates. For the most common strength of Diffie-Hellman (1024 bits), it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.
Would this be worth it for an intelligence agency? Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous. Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.


(via Eric)
via:eric  encryption  privacy  security  nsa  crypto 
october 2015 by jm
After Bara: All your (Data)base are belong to us
Sounds like the CJEU's Bara decision may cause problems for the Irish government's wilful data-sharing:
Articles 10, 11 and 13 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, must be interpreted as precluding national measures, such as those at issue in the main proceedings, which allow a public administrative body of a Member State to transfer personal data to another public administrative body and their subsequent processing, without the data subjects having been informed of that transfer or processing.
data  databases  bara  cjeu  eu  law  privacy  data-protection 
october 2015 by jm
Tech companies like Facebook not above the law, says Max Schrems
“Big companies didn’t only rely on safe harbour: they also rely on binding corporate rules and standard contractual clauses. But it’s interesting that the court decided the case on fundamental rights grounds: so it doesn’t matter remotely what ground you transfer on, if that process is still illegal under 7 and 8 of charter, it can’t be done.”


Also:
“Ireland has no interest in doing its job, and will continue not to, forever. Clearly it’s an investment issue – but overall the policy is: we don’t regulate companies here. The cost of challenging any of this in the courts is prohibitive. And the people don’t seem to care.”


:(
ireland  guardian  max-schrems  privacy  surveillance  safe-harbor  eu  us  nsa  dpc  data-protection 
october 2015 by jm
net.wars: Unsafe harbor
Wendy Grossman on where the Safe Harbor decision is leading.
One clause would require European companies to tell their relevant data protection authorities if they are being compelled to turn over data - even if they have been forbidden to disclose this under US law. Sounds nice, but doesn't mobilize the rock or soften the hard place, since companies will still have to pick a law to violate. I imagine the internal discussions there revolving around two questions: which violation is less likely to land the CEO in jail and which set of fines can we afford?


(via Simon McGarr)
safe-harbor  privacy  law  us  eu  surveillance  wendy-grossman  via:tupp_ed 
october 2015 by jm
ECJ ruling on Irish privacy case has huge significance
The only current way to comply with EU law, the judgment indicates, is to keep EU data within the EU. Whether those data can be safely managed within facilities run by US companies will not be determined until the US rules on an ongoing Microsoft case.
Microsoft stands in contempt of court right now for refusing to hand over to US authorities, emails held in its Irish data centre. This case will surely go to the Supreme Court and will be an extremely important determination for the cloud business, and any company or individual using data centre storage. If Microsoft loses, US multinationals will be left scrambling to somehow, legally firewall off their EU-based data centres from US government reach.


(cough, Amazon)
aws  hosting  eu  privacy  surveillance  gchq  nsa  microsoft  ireland 
october 2015 by jm
The Surveillance Elephant in the Room…
Very perceptive post on the next steps for safe harbor, post-Schrems.
And behind that elephant there are other elephants: if US surveillance and surveillance law is a problem, then what about UK surveillance? Is GCHQ any less intrusive than the NSA? It does not seem so – and this puts even more pressure on the current reviews of UK surveillance law taking place. If, as many predict, the forthcoming Investigatory Powers Bill will be even more intrusive and extensive than current UK surveillance laws this will put the UK in a position that could rapidly become untenable. If the UK decides to leave the EU, will that mean that the UK is not considered a safe place for European data? Right now that seems the only logical conclusion – but the ramifications for UK businesses could be huge.

[....] What happens next, therefore, is hard to foresee. What cannot be done, however, is to ignore the elephant in the room. The issue of surveillance has to be taken on. The conflict between that surveillance and fundamental human rights is not a merely semantic one, or one for lawyers and academics, it’s a real one. In the words of historian and philosopher Quentin Skinner “the current situation seems to me untenable in a democratic society.” The conflict over Safe Harbor is in many ways just a symptom of that far bigger problem. The biggest elephant of all.
ec  cjeu  surveillance  safe-harbor  schrems  privacy  europe  us  uk  gchq  nsa 
october 2015 by jm
5 takeaways from the death of safe harbor – POLITICO
Reacting to the ruling, the [EC] stressed that data transfers between the U.S. and Europe can continue on the basis of other legal mechanisms.

A lot rides on what steps the Commission and national data protection supervisors take in response. “It is crucial for legal certainty that the EC sends a clear signal,” said Nauwelaerts.

That could involve providing a timeline for concluding an agreement with U.S. authorities, together with a commitment from national data protection authorities not to block data transfers while negotiations are on-going, he explained.
safe-harbor  data  privacy  eu  ec  snowden  law  us 
october 2015 by jm
Daragh O'Brien on the CJEU judgement on Safe Harbor
Many organisations I've spoken to have had the cunning plan of adopting model contract clauses as their fall back position to replace their reliance on Safe Harbor. [....] The best that can be said for Model Clauses is that they haven't been struck down by the CJEU. Yet.
model-clauses  cjeu  eu  europe  safe-harbor  us  nsa  surveillance  privacy  law 
october 2015 by jm
Schneier on Automatic Face Recognition and Surveillance
When we talk about surveillance, we tend to concentrate on the problems of data collection: CCTV cameras, tagged photos, purchasing habits, our writings on sites like Facebook and Twitter. We think much less about data analysis. But effective and pervasive surveillance is just as much about analysis. It's sustained by a combination of cheap and ubiquitous cameras, tagged photo databases, commercial databases of our actions that reveal our habits and personalities, and ­-- most of all ­-- fast and accurate face recognition software.

Don't expect to have access to this technology for yourself anytime soon. This is not facial recognition for all. It's just for those who can either demand or pay for access to the required technologies ­-- most importantly, the tagged photo databases. And while we can easily imagine how this might be misused in a totalitarian country, there are dangers in free societies as well. Without meaningful regulation, we're moving into a world where governments and corporations will be able to identify people both in real time and backwards in time, remotely and in secret, without consent or recourse.

Despite protests from industry, we need to regulate this budding industry. We need limitations on how our images can be collected without our knowledge or consent, and on how they can be used. The technologies aren't going away, and we can't uninvent these capabilities. But we can ensure that they're used ethically and responsibly, and not just as a mechanism to increase police and corporate power over us.
privacy  regulation  surveillance  bruce-schneier  faces  face-recognition  machine-learning  ai  cctv  photos 
october 2015 by jm
In China, Your Credit Score Is Now Affected By Your Political Opinions – And Your Friends’ Political Opinions
China just introduced a universal credit score, where everybody is measured as a number between 350 and 950. But this credit score isn’t just affected by how well you manage credit – it also reflects how well your political opinions are in line with Chinese official opinions, and whether your friends’ are, too.


Measuring using online mass surveillance, naturally. This may be the most dystopian thing I've heard in a while....
via:raycorrigan  dystopia  china  privacy  mass-surveillance  politics  credit  credit-score  loans  opinions 
october 2015 by jm
From Radio to Porn, British Spies Track Web Users’ Online Identities
Inside KARMA POLICE, GCHQ's mass-surveillance operation aimed to record the browsing habits of "every visible user on the internet", including UK-to-UK internal traffic. more details on the other GCHQ mass surveillance projects at https://theintercept.com/gchq-appendix/
surveillance  gchq  security  privacy  law  uk  ireland  karma-police  snooping 
september 2015 by jm
What Happens Next Will Amaze You
Maciej Ceglowski's latest talk, on ads, the web, Silicon Valley and government:
'I went to school with Bill. He's a nice guy. But making him immortal is not going to make life better for anyone in my city. It will just exacerbate the rent crisis.'
talks  slides  funny  ads  advertising  internet  web  privacy  surveillance  maciej  silicon-valley 
september 2015 by jm
EU court adviser: data-share deal with U.S. is invalid | Reuters
The Safe Harbor agreement does not do enough to protect EU citizen's private information when it reached the United States, Yves Bot, Advocate General at the European Court of Justice (ECJ), said. While his opinions are not binding, they tend to be followed by the court's judges, who are currently considering a complaint about the system in the wake of revelations from ex-National Security Agency contractor Edward Snowden of mass U.S. government surveillance.
safe-harbor  law  eu  ec  ecj  snowden  surveillance  privacy  us  data  max-schrems 
september 2015 by jm
Chinese scammers are now using Stingray tech to SMS-phish
A Stingray-style false GSM base station, hidden in a backpack; presumably they detect numbers in the vicinity, and SMS-spam those numbers with phishing messages. Reportedly the scammers used this trick in "Guangzhou, Zhuhai, Shenzhen, Changsha, Wuhan, Zhengzhou and other densely populated cities".

Dodgy machine translation:
March 26, Zhengzhou police telecommunications fraud cases together, for the first time seized a small backpack can hide pseudo station equipment, and arrested two suspects. Yesterday, the police informed of this case, to remind the general public to pay attention to prevention.

“I am the landlord, I changed number, please rent my wife hit the bank card, card number ×××, username ××.” Recently, Jiefang Road, Zhengzhou City Public Security Bureau police station received a number of cases for investigation brigade area of ​​the masses police said, frequently received similar phone scam messages. Alarm, the police investigators to determine: the suspect may be in the vicinity of twenty-seven square, large-scale use of mobile pseudo-base release fraudulent information. [...]

Yesterday afternoon, the Jiefang Road police station, the reporter saw the portable pseudo-base is made up of two batteries, a set-top box the size of the antenna box and a chassis, as well as a pocket computer composed together at most 5 kg.


(via t byfield and Danny O'Brien)
via:mala  via:tbyfield  privacy  scams  phishing  sms  gsm  stingray  base-stations  mobile  china 
august 2015 by jm
How your entire financial life will be stored in a new 'digital vault' - Telegraph
In a move to make it easier to open bank accounts and Isas, people will be asked to share all of their accounts, tax records and personal details with a central service.
To check someone's identity, a company would then ask potential customers a series of questions and check the answers against the information in the vault. The checks would replace the current system in which new customers must send by post copies of their passports, cross-signed by a friend, along with bank statements and utility bills.


hahahaha NO FUCKING WAY.
bills  banking  uk  tax  privacy  digital-vault  accounts  authentication  identity-theft  bad-ideas 
august 2015 by jm
Care.data and access to UK health records: patient privacy and public trust
'In 2013, the United Kingdom launched care.data, an NHS England initiative to combine patient records, stored in the machines of general practitioners (GPs), with information from social services and hospitals to make one centralized data archive. One aim of the initiative is to gain a picture of the care being delivered between different parts of the healthcare system and thus identify what is working in health care delivery, and what areas need greater attention and resources. This case study analyzes the complications around the launch of care.data. It explains the historical context of the program and the controversies that emerged in the course of the rollout. It explores problems in management and communications around the centralization effort, competing views on the safety of “anonymous” and “pseudonymous” health data, and the conflicting legal duties imposed on GPs with the introduction of the 2012 Health and Social Care Act. This paper also explores the power struggles in the battle over care.data and outlines the tensions among various stakeholders, including patients, GPs, the Health and Social Care Information Centre (HSCIC), the government, privacy experts and data purchasers. The predominant public policy question that emerges from this review centers on how best to utilize technological advances and simultaneously strike a balance between the many competing interests around health and personal privacy.'
care.data  privacy  healthcare  uk  nhs  trust  anonymity  anonymization  gps  medicine 
august 2015 by jm
That time the Internet sent a SWAT team to my mom's house - Boing Boing
The solution is for social media sites and the police to take threats or jokes about swatting, doxxing, and organized crime seriously. Tweeting about buying a gun and shooting up a school would be taken seriously, and so should the threat of raping, doxxing, swatting or killing someone. Privacy issues and online harassment are directly linked, and online harassment isn’t going anywhere. My fear is that, in reaction to online harassment, laws will be passed that will break down our civil freedoms and rights online, and that more surveillance will be sold to users under the guise of safety. More surveillance, however, would not have helped me or my mother. A platform that takes harassment and threats seriously instead of treating them like jokes would have.
twitter  gamergate  4chan  8chan  privacy  doxxing  swatting  harrassment  threats  social-media  facebook  law  feminism 
july 2015 by jm
"Customer data is a liability, not an asset."
Great turn of phrase from Matthew Green (@matthew_d_green). Emin Gün Sirer adds some detail: "well, an asset with bounded value, and an unbounded liability"
data  privacy  data-protection  ashleymadison  hacks  security  liability 
july 2015 by jm
Government forum to discuss increasing use of personal data
Mr Murphy said it was the Government’s objective for Ireland to be a leader on data protection and data-related issues.
The members of the forum include Data Protection Commissioner Helen Dixon, John Barron, chief technology officer with the Revenue Commissioners, Seamus Carroll, head of civil law reform division at the Department of Justice and Tim Duggan, assistant secretary with the Department of Social Protection.
Gary Davis, director of privacy and law enforcement requests with Apple, is also on the forum. Mr Davis is a former deputy data protection commissioner in Ireland.
There are also representatives from Google, Twitter, LinkedIn and Facebook, from the IDA, the Law Society and the National Statistics Board.
Chair of Digital Rights Ireland Dr TJ McIntyre and Dr Eoin O’Dell, associate professor, School of Law, Trinity College Dublin are also on the voluntary forum.
ireland  government  dri  law  privacy  data  data-protection  dpc 
july 2015 by jm
China’s Spies Hit the Blackmail Jackpot With Data on 4 Million Federal Workers
The Daily Beast is scathing re the OPM hack:
Here’s where things start to get scary. Whoever has OPM’s records knows an astonishing amount about millions of federal workers, members of the military, and security clearance holders. They can now target those Americans for recruitment or influence. After all, they know their vices, every last one—the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side—since all that is recorded in security clearance paperwork. (To get an idea of how detailed this gets, you can see the form, called an SF86, here.) Speaking as a former counterintelligence officer, it really doesn’t get much worse than this.
daily-beast  sf86  clearance  us-government  america  china  cyberwar  hacking  opm  privacy 
june 2015 by jm
The Violence of Algorithms: Why Big Data Is Only as Smart as Those Who Generate It
The modern state system is built on a bargain between governments and citizens. States provide collective social goods, and in turn, via a system of norms, institutions, regulations, and ethics to hold this power accountable, citizens give states legitimacy. This bargain created order and stability out of what was an increasingly chaotic global system. If algorithms represent a new ungoverned space, a hidden and potentially ever-evolving unknowable public good, then they are an affront to our democratic system, one that requires transparency and accountability in order to function. A node of power that exists outside of these bounds is a threat to the notion of collective governance itself. This, at its core, is a profoundly undemocratic notion—one that states will have to engage with seriously if they are going to remain relevant and legitimate to their digital citizenry who give them their power.
palantir  algorithms  big-data  government  democracy  transparency  accountability  analytics  surveillance  war  privacy  protest  rights 
june 2015 by jm
How the NSA Converts Spoken Words Into Searchable Text - The Intercept
This hits the nail on the head, IMO:
To Phillip Rogaway, a professor of computer science at the University of California, Davis, keyword-search is probably the “least of our problems.” In an email to The Intercept, Rogaway warned that “When the NSA identifies someone as ‘interesting’ based on contemporary NLP methods, it might be that there is no human-understandable explanation as to why beyond: ‘his corpus of discourse resembles those of others whom we thought interesting'; or the conceptual opposite: ‘his discourse looks or sounds different from most people’s.' If the algorithms NSA computers use to identify threats are too complex for humans to understand, it will be impossible to understand the contours of the surveillance apparatus by which one is judged.  All that people will be able to do is to try your best to behave just like everyone else.”
privacy  security  gchq  nsa  surveillance  machine-learning  liberty  future  speech  nlp  pattern-analysis  cs 
may 2015 by jm
In the privacy of your own home
I didn't know about this:
Last spring, as 41,000 runners made their way through the streets of Dublin in the city’s Women’s Mini Marathon, an unassuming redheaded man by the name of Candid Wueest stood on the sidelines with a scanner. He had built it in a couple of hours with $75 worth of parts, and he was using it to surreptitiously pick up data from activity trackers worn on the runners’ wrists. During the race, Wueest managed to collect personal info from 563 racers, including their names, addresses, and passwords, as well as the unique IDs of the devices they were carrying.
dublin  candid-wueest  privacy  data  marathon  running  iot  activity-trackers 
may 2015 by jm
Privacy Security Talk in TOG – 22nd April @ 7pm – FREE
Dublin is lucky enough to have great speakers pass through town on occasion and on Wednesday the 22nd April 2015, Runa A. Sandvik (@runasand) and Per Thorsheim (@thorsheim) have kindly offered to speak in TOG from 7pm. The format for the evening is a general meet and greet, but both speakers have offered to give a presentation on a topic of their choice. Anyone one interested in privacy, security, journalism, Tor and/or has previously attended a CryptoParty would be wise to attend. Doors are from 7pm and bring any projects with you you would like to share with other attendees. This is a free event, open to the public and no need to book. See you Wednesday.

Runa A. Sandvik is an independent privacy and security researcher, working at the intersection of technology, law and policy. She contributes to The Tor Project, writes for Forbes, and is a technical advisor to both the Freedom of the Press Foundation and the TrueCrypt Audit project.

Per Thorsheim as founder/organizer of PasswordsCon.org, his topic of choice is of course passwords, but in a much bigger context than most people imagine. Passwords, pins, biometrics, 2-factor authentication, security/usability and all the way into surveillance and protecting your health, kids and life itself.
privacy  security  runa-sandvik  per-thorsheim  passwords  tor  truecrypt  tog  via:oisin  events  dublin 
april 2015 by jm
Tim Bray on one year as an xoogler
Seems pretty insightful; particularly "I do think the In­ter­net econ­o­my would be bet­ter and more hu­mane if it didn’t have a sin­gle white-hot highly-overprivileged cen­ter. Al­so, soon­er or lat­er that’ll stop scal­ing. Can’t hap­pen too soon."
google  tim-bray  via:nelson  xoogler  funding  tech  privacy  ads  internet 
march 2015 by jm
EU-US data pact skewered in court hearing
A lawyer for the European Commission told an EU judge on Tuesday (24 March) he should close his Facebook page if he wants to stop the US snooping on him, in what amounts to an admission that Safe Harbour, an EU-US data protection pact, doesn’t work.
safe-harbour  privacy  data-protection  ecj  eu  ec  surveillance  facebook  nsa  gchq 
march 2015 by jm
ECJ case debates EU citizens' right to privacy
The US wields secretive and indiscriminate powers to collect data, he said, and had never offered Brussels any commitments to guarantee EU privacy standards for its citizens’ data. On the contrary, said [Max Schrems' counsel] Mr Hoffmann, “Safe Harbour” provisions could be overruled by US domestic law at any time.
Thus he asked the court for a full judicial review of the “illegal” Safe Harbour principles which, he said, violated the essence of privacy and left EU citizens “effectively stripped of any protection”.
[Irish] DPC counsel Paul Anthony McDermott SC suggested that Mr Schrems had not been harmed in any way by the status quo. “This is not surprising, given that the NSA isn’t currently interested in the essays of law students in Austria,” he said.
Mr Travers for Mr Schrems disagreed, saying “the breach of the right to privacy is itself the harm”.
ireland  dpc  data-protection  privacy  eu  ec  ecj  law  rights  safe-harbour 
march 2015 by jm
Meet the man whose utopian vision for the Internet conquered, and then warped, Silicon Valley - The Washington Post
Thought-provoking article looking back to John Perry Barlow's "A Declaration of the Independence of Cyberspace", published in 1996:
Barlow once wrote that “trusting the government with your privacy is like having a Peeping Tom install your window blinds.” But the Barlovian focus on government overreach leaves its author and other libertarians blind to the same encroachments on our autonomy from the private sector. The bold and romantic techno-utopian ideals of “A Declaration” no longer need to be fought for, because they’re already gone.
john-perry-barlow  1990s  history  cyberspace  internet  surveillance  privacy  data-protection  libertarianism  utopian  manifestos 
march 2015 by jm
Ireland accused of weakening data rules
Privacy campaign group Lobbyplag puts Ireland one of top three offenders in pushing for changes to EU privacy law
privacy  data-protection  lobbyplag  ireland  eu  germany  lobbying 
march 2015 by jm
« earlier      
per page:    204080120160

related tags

2fa  3g  4chan  8chan  23andme  1990s  a-b-testing  abuse  academia  accountability  accounts  accuracy  aclu  acs-law  activism  activity-trackers  ad-injection  adrian-weckler  ads  adversarial-classification  advertising  afr  aggregation  ai  air-travel  airport  algorithms  amazon  america  amesys  amicus-briefs  analytics  ancestry.com  android  andy-greenberg  anonymisation  anonymity  anonymization  anonymous  anpr  anti-spam  anycast  apis  apple  apps  arab-spring  ars-technica  arson  art  ashleymadison  attacks  australia  authentication  authoritarianism  autopilot  awards  aws  babies  backup  backups  bad-ideas  bahrain  banking  bara  base-stations  bbc  behavioral  belgacom  belgium  belle-du-jour  ben-goldacre  bias  big-brother  big-data  bill-davidow  bills  billy-hawkes  bins  biometrics  bitcoin  bittorrent  blackmail  blocking  blocklists  blogging  blogs  bloom-cookies  bloom-filters  borders  brendan-howlin  bridging  browser  browsers  bruce-schneier  brute-force  bugging  bull-sa  business  business-models  ca  cameras  candid-wueest  care.data  cars  cbp  ccpc  cctv  celebrities  cellphones  celtic-tiger  censorship  certificates  certification  cheap  chicago  chicken-wings  chickens  children  china  chris-andrews  cia  civil-liberties  civil-service  cjeu  classification  clearance  cloud  cloud-computing  cloud-services  colin-holder  comments  competition  consent  consumer  contacts  content-blocking  control  convictions  cookies  copyfight  copyright  cortana  cory-doctorow  counter-terrorism  courtventures  crackdown  crapware  credit  credit-cards  credit-score  creepy  crime  crypto  cs  css  culture  customs  cybercrime  cyberspace  cyberwar  daily-beast  daily-mail  dan-kaminsky  danah-boyd  daniel-solove  dara-murphy  daragh-obrien  dark-mail  darknet  data  data-aggregation  data-breaches  data-centers  data-dumps  data-leaks  data-mining  data-privacy  data-protection  data-retention  data-structures  database  databases  datamining  datap  david-cameron  david-simon  dea  debugging  deepmind  delete  democracy  depression  desfire  dhs  dianne-feinstein  differential-privacy  digital-natives  digital-rights  digital-vault  direct-marketing  directories  diseases  dna  dns  do-not-like  doh  dole  dorian-nakamoto  downloading  doxxing  dpa  dpa-section-4  dpc  dri  driving-test  drm  drones  dropcam  dublin  dublin-airport  dutch  dystopia  earthquakes  ec  ec2  ecj  ecuador  edri  edward-snowden  eff  egypt  eircode  email  embassies  emotion  encryption  ep  epic  epic-marketplace  equifax  eric-garner  errors  essay  ethan-zuckerberg  ethics  eu  eu-central-1  eu-council  europarl  europe  events  experian  experimentation  experiments  exploits  export  extradition  eyes  face-recognition  facebook  facebook-api  faces  facial-recognition  fail  false-positives  familial-dna  family  farce  farebot  farming  fast-food  fbi  fear  federated-learning  feelings  feminism  fergal-crehan  fianna-fail  filesharing  filtering  find-my-iphone  fines  finfisher  firefox  firewalls  fisa  fisaaa  five-eyes  flash  foi  forbes  forward-secrecy  france  fraud  fred-logue  free-trade  freedom  freedom-of-expression  ftc  fud  funding  funny  future  gadhafi  gamergate  gamma  gamma-international  gardai  gboard  gchq  gcsb  gdpr  gemalto  genealogy  genentech  genes  genomics  geotargeting  germany  gmail  goodharts-law  google  google-glass  googlewhack  goverment  government  gpg  gps  grep  grim  grim-meathook-future  groklaw  gsm  gsoc  gsocgate  guardian  hacking  hacks  hadopi  hardware  harrassment  haruspex  hashing  haystack  heaith  health  healthcare  heart  heathrow  henry-porter  high-court  history  history-stealing  holland  hospitals  hosting  hotmail  hscic  hse  http  https  human-rights  iab  iab-europe  icloud  ico  icrs  id  id-cards  id-numbers  idaho  identity  identity-theft  illiteracy  images  imsi  imsi-catcher  imsi-catchers  india  insurance  interception  international-law  internet  ios  iot  ip  ip-addresses  ipad  iphone  ireland  irish-times  irish-water  irma  isps  israel  jan-phillip-albrecht  jason-kottke  java  javascript  jawbone  jgc  john-lanchester  john-perry-barlow  jon-callas  joseph-cannataci  journalism  journalists  julian-assange  karlin-lillington  karma-police  kenya  key-management  key-ratcheting  key-rotation  keyloggers  keyservers  kids  kim-dotcom  kolab  komodia  korea  l2tp  laplace  lavabit  law  law-enforcement  leaks  legal  lenovo  liability  libertarianism  liberty  libya  license-fee  life  likes  linkedin  linx  loans  lobbying  lobbyplag  location-tracking  logistep  london  long-reads  loyaltybuild  lucid-intelligence  lyft  mac  mac-address  mac-addresses  machine-learning  maciej  mail  malcolm-hutty  malware  manifestos  mapping  maps  marathon  marketing  marks  mass-surveillance  massive-interception  max-schrems  medical  medical-records  medicine  megaupload  meps  messagelabs  messaging  met-police  metadata  metrics  mfa  michael-hayden  michael-mcdowell  micheal-martin  michelle-mulherin  microsoft  mifare  minority-report  miscarriage  misrepresentation  ml  mlat  mlats  mobile  mobile-phones  model-clauses  models  money  mormon  mozilla  mpn  mps  murder  myhealthrecord  nai  nat  nca  needle  neelie-kroes  network-traffic  networking  new-media  new-yorker  new-zealand  newspapers  newsweek  next  nhs  nlp  noise  northern-ireland  notaries  nothing-to-hide  notting-hill-carnival  nsa  nsls  nyc  nyms  o2  office-365  offshoring  okcupid  online  open-data  open-source  operability  opinions  opm  opt-in  opt-out  orb  org  ouch  outsourcing  overreach  oz  p2p  pacemakers  palantir  papers  parenthood  parkinsons  parliament  passwords  pathetic  patricia-cronin  pattern-analysis  per-thorsheim  personal-data  personality  personalization  pervasive-computing  pfs  pgp  phil-zimmermann  philosophy  phishing  phone-records  phones  photography  photos  pics  pictures  pii  piracy  pnr  pod  police  police-state  policing  policy  politics  polls  populations  porn  postcodes  ppsn  pr  prefetching  pregnancy  presentations  press-releases  primary-schools  printers  prism  privacy  privacy-international  probable-cause  profiling  prometric  protectionism  protest  protests  protocols  psc  psychology  public-data  pups  pymk  quad9  questions  quic  quividi  quotes  randomness  rappor  red-bull  redaction  reform  regin  regions  regulation  renew  resolvers  revenge  revenge-porn  rfid  rick-falkvinge  right-to-be-forgotten  rights  ripa  root-cas  rootkits  ross-anderson  routers  runa-sandvik  running  russia  s3  safe-harbor  safe-harbour  sampling  sanitisation  satoshi-nakamoto  sca  scams  scanners  scarlet  school  schools  schrems  scope-creep  scroogled  scumbags  sean-kelly  search  searching  secrecy  security  seizures  self-driving  selfies  servers  sex-toys  sf86  si336  silent-circle  silentcircle  silicon-valley  sim-cards  simon-davies  simon-mcgarr  siri  slice-intelligence  slides  smart-tvs  smartcards  smc8014  sms  smtp  snapchat  sniffing  snooping  snowden  social  social-media  social-publishing  social-welfare  society  software  south-africa  south-korea  spam  speech  spies  spinvox  spiral-of-silence  spying  spyware  sql  ssl  ssn  standards  state  state-control  statistics  stingray  stingrays  street-view  stupid  superfish  superget  surveillance  swatting  switzerland  symantec  syria  sysadmins  talks  tao  targeting  tax  taxis  tds  tech  technology  teenagers  teens  telemetry  terms-of-service  terrorism  tesla  testing  text-messaging  the-atlantic  the-journal  the-register  theory-test  threats  three-strikes  thunderbird  tim-berners-lee  tim-bray  timbl  time-warner  tj-mcintyre  tls  tog  tor  tor-bridges  torrents  tos  totalitarianism  tou  tracking  trade-secrets  training  transcription  transit  transparency  travel  truecrypt  trust  tsa  tunneling  turkey  turkmenistan  tv  tweets  twitpic  twitter  uber  ucas  uganda  ugh  uidh  uk  uk-politics  ukraine  un  universities  unroll.me  urls  us  us-government  us-law  us-politics  usa  user-tracking  users  utopian  vc  vehicles  verizon  via:adamshostack  via:anildash  via:antoin  via:boingboing  via:bruces  via:cjodea  via:dad  via:dobrien  via:eric  via:ethanz  via:hn  via:ioerror  via:irr  via:jordansissel  via:jwz  via:lhl  via:mala  via:mynosql  via:nelson  via:oisin  via:pinboard  via:raycorrigan  via:reddit  via:ronanlyons  via:snowden  via:tbyfield  via:tjmcintyre  via:tupp_ed  via:waxy  vibrators  victoria  video  videos  viviane-reding  vizio  vodafone  voice-recognition  vpn  vtech  war  watchdogs  we-vibe  wearables  web  web-of-trust  web-we-want  welfare  wendy-grossman  wickr  wifi  wikileaks  windows  wired  wireless  wiretapping  wtf  x-ray  xelerance  xkeyscore  xl2tpd  xoogler  yahoo  youth  youtube  zoom-and-enhance 

Copy this bookmark:



description:


tags: