Q4 2014 & Q1 2015 Quick Links Part 1 (Privacy/Security)

Q4 2014 & Q1 2015 Quick Links Part 1 (Privacy/Security)

Photo credit: 3D Quick Link Crossword // ShutterStock

Photo credit: 3D Quick Link Crossword // ShutterStock

Sony

* Fusion: The Sony Pictures Hack Included Many Employees’ Detailed Medical Information

* WaPo: The cyberattack on Sony Pictures made employees collateral damage

Fusion: More from the Sony Pictures Hack: Budgets, Layoffs, HR Scripts and 3,800 Social Security Numbers

* “A concise history of recent Sony hacks

Security Breaches

* Another Snapchat security holeTechCrunch: The “Snappening” Had No Impact On Snapchat Growth, Usage Or Engagement. Why in the world does anyone trust Snapchat???

* World’s Biggest Data Breaches

* Zappos settles with some state AGs for its data breach for $106k. Prior blog post.

* NY Times: Secrecy on the Set: Hollywood Embraces Digital Security

Passwords

* NY Times Magazine: The Secret Life of Passwords. My favorite part:

Perhaps my favorite of these anecdotes came from Maria T. Allen, who wrote that in 1993, when she was 22, she used for her password a combination of the name of her summer crush, J. D., with an autumn month and the name of a mythological female deity (she wouldn’t tell me which) to whom he had compared her when they first met. The fling ended, and they went their separate ways. But the password endured. Eleven years later, out of the blue, Allen received a message through Classmates.com from J. D. himself. They dated for several years, then decided to marry. Before the wedding, J. D. asked Maria if she had ever thought of him during that interim decade. “About every time I logged in to my Yahoo account,” she replied, before recounting to him her secret. He had the password inscribed on the inside of his wedding ring.

* U.S. v. Buchanan, 2014 WL 6845402 (4th Cir. Dec. 5, 2014):

The record established that Buchanan used fraudulent password-reset requests, password-cracking software, and other methods to take control of other persons’ YouTube Channels and the videos contained therein, some of which had been made accessible only to friends of the persons who had uploaded them. The district court thus properly found that a preponderance of the evidence showed Buchanan’s offense involved an intent to obtain personal information within the meaning of § 2B1.1(b)(17)(A).

Tracking/Data Collection

* NY Times: Verizon Wireless Under Fire for Ad-Targeting Program. Kash Hill: The Privacy Lowdown On Smartphone ‘Permacookies’ That Make You Trackable On The Web. EFF.

* WSJ: Europe’s Web-Cookie Warnings Are a Waste, Report Says. Ronald E. Leenes & Eleni Kosta, Taming the Cookie Monster with Dutch Law – A Tale of Regulatory Failure (March 10, 2015).

* Microsoft will change its Do Not Track setting to off.

* San Jose Business Journal: Inside the 49ers’ fan data playbook: How catering to fans can make teams money

* Fox: Mobile apps still collect vast amounts of personal data on kids, despite FTC privacy rule

* Kash Hill: Michelle Obama, Reese Witherspoon and other celebs are leaking location information on Instagram

* Fusion: Beware, houseguests: cheap home surveillance cameras are everywhere now

Anonymity

* NY Times: Who Spewed That Abuse? Anonymous Yik Yak App Isn’t Telling. Interesting headline; the story gives examples of how Yik Yak posters were identified and found.

* Florida CS/HB 271, the “True Origin of Digital Goods Act.” The latest attempt by states to ban anonymous online content. Techdirt explains.

* Is increased access to and virality of public court filings good or bad? This NY Times article emphasizes the bad, even though court filings are crucial public records that have been (and all too often still are) hidden from public scrutiny for too long.

Norms

The Atlantic: By 2025, the Definition of ‘Privacy’ Will Have Changed

* Woody Hartzog,The Value of Modest Privacy Protections in a Hyper Social World, Colorado Technology Law Journal 2014.

* Science: Privacy and human behavior in the age of information

* From Orange: “67 percent of [European] respondents believe organisations benefit the most from the sharing of data, and just 6 percent believing the consumer benefits the most – illustrating a pronounced sense of imbalance in the data-sharing relationship between consumers and businesses.”

* Kirsten Martin, Privacy Notices as Tabula Rasa: An Empirical Investigation into How Complying with a Privacy Notice is Related to Meeting Privacy Expectations Online: “respondents perceived the privacy notice as offering greater protections than the actual privacy notice. Perhaps most problematic, respondents projected the important factors of their privacy expectations onto the privacy notice. In other words, privacy notices became a tabula rasa for users’ privacy expectations.”

Regulators/Prosecutors

* The Hill: President Obama’s cyber pitch misses mark in Silicon Valley

* Techdirt: Congressional Rep. John Carter Discovers Encryption; Worries It May One Day Be Used On Computers To Protect Your Data

* Daily Dot: Ron Wyden: The Internet’s Senator

* LA Times: New California Assembly privacy panel is ‘the key committee to watch’

* Techdirt: Research Shows Mass Surveillance Fails ‘Drastically’ In Striking Balance Between Costs And Benefits To Society

* The Intercept: How the FBI Created a Terrorist.

* The Intercept: TSA’s Secret Behavior Checklist to Spot Terrorists

* NY Times: Online ‘Swatting’ Becomes a Hazard for Popular Video Gamers and Police Responders

Others

* NY Times: Jay Edelson’s Class-Action Privacy Suits Could Make Him Tech’s Least Friended Man. Related article.

* IAPP Privacy Advisor: How To Advise Tech Start-Ups in Practice, Not Theory. The article’s answer: try to route around the regulation, or spend more money to outsource compliance to a reputable vendor. Either way, this article provides a textbook example of how privacy laws can hinder entrepreneurship.

Bloomberg Law: Uniform Law on Decedent’s Digital Assets Rejected in 3 States, Still Alive in 23 Others

* NY Times: For Guccifer, Hacking Was Easy. Prison Is Hard.