Category: Privacy

Hackings in healthcare, education, and government

September 24, 2015 Abby Shulman Leave a comment Cybercrime, Education, Government, Health Justice, Privacy, Security

Recent hackings have been found to especially target three main platforms: healthcare, education, and government. This has compromised the security of healthcare provider Excellus BlueCross BlueShield, the Cal State University System, and the U.S. Department of Energy.

It was discovered last week that over 10 million people are at risk due to a Excellus computer system hacking that’s been occurring since December of 2013. It doesn’t appear that the hackers stole or utilized any important personal information, though they were able to access and view customer names, birth dates, social security numbers, and financial claims. The attack was one of the worst 20 breaches in healthcare of all time. The hacking also parallels recent incidences at Anthem, Office of personnel Management, Sony and Ashley Madison. In all cases, the attacks were committed by people disguised as employees, using stolen credentials to gain access to corporate networks.

Roughly 80,000 students from the Cal State University System lost general information after enrolling in a class on sexual harassment. Their names, numbers, emails, gender, race, and relationship status were provided to a contractor as part of a program on sexual harassment. The contractor, “We End Violence” was hacked, as reported in the Los Angeles Times earlier this month.

The U.S. Department of Energy’s computer systems were attacked 159 times between 2010 and 2014. Officials declined to comment, however, on the nature of what was accessed by hackers or whether any foreign governments were responsible.

Article via ECT News NetworkSeptember 16, 2015

Photo: Longmont Power and Communications-3 via You Belong in Longmont [Creative Commons Attribution-NonCommercial-NoDerivs]

Tech companies protect against government surveillance

September 13, 2015 Abby Shulman Leave a comment Business, Citizen Justice, Government, Privacy, Social Media, Tech

The best protection against widespread government surveillance now comes from major tech companies, including those accused of collecting mass amounts of data to sell to other companies seeking targeted advertising.

The FBI has accused Apple of aiding criminals by offering default encryption in the new iPhones it sells. Government reproach is also directed towards Google, which is offering the same encryption for its new Android phones. However, the majority of Americans are grateful for the tech companies’ new developments; a recent Pew survey found that 65 percent of people believe that there aren’t enough limits on government surveillance.

Smartphone encryption is not the only guard against surveillance, either. Google and Yahoo announced that they’re both working on end-to-end encryption in email, and Facebook was established on a Tor hidden services site so that people with access to network traffic can’t access user data.

Encryption tools are generally difficult to operate, and thus only tech-savvy users have been able to achieve full privacy. As a result, anyone using encryption tools was unique and therefore suspicious to government officials. With new integrated encryption, privacy will be more universal, and those previously using encryption systems will be better camouflaged.

Articles: The Center for Internet and Society, September 9, 2015

Photo: DC Ralley Against Mass Surveillance via Susan Melkisethian [Creative Commons Attribution-NonCommercial-NoDerivs]

Websites and apps breach children’s privacy

September 10, 2015 Abby Shulman Leave a comment Government, Privacy, Security

As the usage of apps and websites by kids increases, new conversations about children’s privacy must occur. The Global Privacy Enforcement Network (GPEN) did a recent study in which it found that of the 1,494 websites and apps samples, 41 percent compromised children’s privacy.

The data, collected form 29 protection regulators worldwide, found that 67 percent of the websites collected information from kids, and only 31 percent of sites had any controls to limit collection.

Many of the websites very popular with kids did have statements in their privacy policies indicating that the website was not intended for children. However, these websites generally did not have any further controls to prevent the collection of personal data. Of the total sample, 22 percent of sites had a category for kids to input phone numbers, and 23 percent had a place to upload photos or videos.

Furthermore, children’s information isn’t always contained on the original site. Kids were given the opportunity to be redirected to another site on 58 percent of sites; 50 percent of sites shared personal information with third parties.

Despite the holes in website security found, some websites did use recommended precautions like parental dashboards, pre-set avatars and usernames, just-in-time warnings before info is submitted, and chat filters.

Adam Stevens, the head of UK’s Information Commissioner’s Office, says that the ICO will be contacting problematic websites and apps, “making clear the changes we expect them to make. We wouldn’t rule out enforcement action in this area if required.”

Article via LegalTech News, September 3, 2015

Photo: Misi with a Phone via Balazs Koren [Creative Commons Attribution-NonCommercial-NoDerivs]

Internet of things and risky legal questions

September 9, 2015 Astrid Countee Leave a comment Privacy, Tech, Tech for Lawyers

The Internet of Things (IoT) is the next revolution in tech. It promises to take devices and connect them together via the internet. Once these devices live together in a network, they will then be able to communicate to each other, machine-to-machine. This level of complexity introduces a new level of legal risk.

As it is today, if something goes wrong with your appliance then you can report to the manufacturer about the faulty product. The Internet of Things will complicate this straightforward matter. In the future, it may be that all parties involved can be held accountable for a product failure. This includes not only the manufacturer, but the internet service provider, the web hosted servers, etc.

This brings up a related issue, user contracts. Due to the legal complications of connecting smart devices, will manufactures for the users to void their contract if their product is connected? At the heart of this concern is data. What will happen if there is a data or security breach? Products connected via Internet of Things will share data. In the event of an attack, who will be legally responsible for the data breach and the fallout?

“The privacy implications are potentially huge,”says Trey Hanbury , an attorney that was interviewed about the formation of Internet of Things ecosystem.

Juniper Research suggest that the internet of things will lead to a more robust security model precisely for this reason. The ideal model would be able to shut down part of the network where an attack is happening without effecting the devices connected to other parts of the network.

What is clear is that lawyers need to get ready for a new period of legal risk and uncertainty due to the IoT revolution. Companies are already heavily investing in building more connected devices. By the year 2020, there is expected to be an infrastructure running that will support a heavily connected world. It will be an exciting time to sort out how the next generation of security and liability will be legally accessed when property has gone digital.

 Article via LegalTechNews, 4 September 2015

Photo: Brooklyn Community Board via Bryan Bruchman[Creative Commons Attribution-NonCommercial-NoDerivs]

New regulations on cell-site simulators

September 7, 2015 Shelby Bice Leave a comment Government, Privacy, Tech

The Department of Justice has put stricter regulations on the use of cell-site simulators by requiring a warrant to be issued before one can be used, except in the case of “exigent” or “exceptional circumstances”, according to the CNN report covering the announcement. Cell-site simulators, which acquire locational data from cellphones by posing as cell towers, have not been regulated previously. The use of cell-site simulators have proven very helpful to law enforcement trying to locate kidnapping victims, terrorists, and other fugitives. While effective, these simulators also gather information about citizens who have not committed any crimes. This breach of privacy calls into question the ethics behind using cell-site simulators which in turn led to the announcement from the Department of Justice.

The new regulations have been praised as a step in the right direction for protecting citizen’s privacy after previous scandals of government agencies hiding their surveillance technology from the public. However, the Department of Justice’s announcement only applies to federal agencies, not local or state law enforcement. The staff attorney for the American Civil Liberties Union, Nathan Freed Wessler, stated that “Congress should act to pass more comprehensive legislation to ensure that Americans’ privacy is protected from these devices and other location tracking technologies” by including law enforcement agencies that purchased cell-site simulations with federal funding under the new regulations.

Articles via ABA Journal, September 4, 2015: CNN, September 3, 2015

Photo: Timelaps with Oneplus One Cellphone via Damien Thorne [Creative Commons Attribution-NonCommercial-NoDerivs]

Hacking Team’s clientele- corrupt governments

September 4, 2015 Abby Shulman Leave a comment Cybercrime, Economy, Government, Human Rights, Justice, News, Privacy, Security, Tech

In July of 2015, 400 gigabytes of documents outlining the dealings of spyware company Hacking Team were released. The for-profit surveillance firm was found to work with oppressive regimes across the globe, including those of Russia, Ethiopia, Azerbaijan, Kazakhstan, Vietnam, Saudi Arabia, and Sudan. Also benefiting from the company’s exploitive surveillance tools is the US Bureau of Investigation, which has spent $775,000 on Hacking Team tools since 2011.

Hacking Team’s abilities are expansive. The firm can steal pre-encrypted data and passwords typed in Web browsers, as well as activate the microphone and camera on a target device. Users of Google Play and Apple stores may also be activating surveillance malware coded by Hacking Team.

Privacy and human rights advocates are outraged by the lack of legislation regulating firms like Hacking Team and its rival Gamma International, but regulation can be tricky. Badly drafted export controls could create red tape for journalists to circumvent when trying to access communications mechanisms or antivirus software. Syrian activists, for example, have cited American export controls as one of the leading obstacles of installing anti-surveillance software on phones and computers to protect their communications from the Assad regime.

The discussion is subtle, as it must take into account the personal liberties of global citizens, the dynamic nature of the technology industry, and the diverse interests of country governments.

Article via Committee to Protect JournalistsJuly 13, 2015

Photo: On the Phone via Artform Canada [Creative Commons Attribution-NonCommercial-NoDerivs]