The top risk for individuals utilising life-logging devices and scenarios is the threat to privacy that accompany using them. Loss of control over this data might result in individuals being subjected to financial fraud or unauthorised access might result in reputational harm or discrimination and exclusion. This risk is compounded by the nature of life-logging in that apart from privacy threat to individuals coming from commercial entities and governmental agencies, there is also a threat of deliberate or accidental data collection about one person by other individuals.
Dependency on the availability of certain devices or services is also increasing the risks for individuals, as the mobile devices, sensors or services become more attractive targets for attackers. In this direction, it is particularly important the link between tangible and intangible assets, as we can also see in Future Internet scenarios; a related risk is the loss of autonomy.
Finally, we should consider risks such as psychological damage, related to discrimination, exclusion, harassing, cyberstalking, child grooming, feeling of being continuously under surveillance (paranoid behaviour), pressures related to work performance, peering into other peoples life etc.
Archive for the ‘Tech and Laws’ Category
Tool to plan for Cyberattack
October 29, 2011ComputerWorld / Nancy Gohring
The Small Biz Cyber Planner will ask a series of questions such as “Does your business use credit cards?” and “Does your business have a public website?” Based on the responses, it will generate a planning guide to help companies put in place basic policies to protect against cyberthreats.
Cyber Security Strategy
July 16, 2011Stefanie Hoffman / CRN
The 19-page document, called the “Department of Defense Strategy for Operating in Cyberspace,” establishes that cyber space be a domain protected by the U.S. military in the same way it defends land, sea and air.
In general, the strategy calls for new ways to bolster defenses of critical cyber infrastructure, such as the computer networks of the U.S. military and defense contractors, while developing new weapons and methods to retaliate against U.S. adversaries launching cyber attacks.
North Atlantic Cyber Security Organisation (?)
July 2, 2011Sounds like the right move…
This new security challenge was on the agenda at the June 8th-9th meeting of NATO defence ministers in Brussels. Ministers agreed on an action plan and on a revised cyber defence policy which will not only ensure a quicker and more effective protection of NATO’s own network, but also provide the Allies and Partners with more assistance in preventing the cyber attacks, coping with them and limiting their impact.
The new strategy requires that all NATO structures be brought under a centralised protection system, and that all of its networks be monitored round the clock as of 2012.
Why “security” keeps winning out over privacy
June 19, 2011Daniel Solove / Salon
But it is the job of the courts to balance privacy against security, and they can’t do this job if they refuse to evaluate whether the security measure is really worth the tradeoff. Deference is an abdication of the court’s role in ensuring that the government respects constitutional rights. The deference argument is one that impedes any effective balancing of interests.
Is loss of privacy really a gain in security?
February 16, 2011Are Privacy and Security are on the opposite sides of the weighing scale or are they orthogonal to each other? Are they really zero-sum or are they positive-sum (with other malicious factors working together to bring the sum down to zero)? Overall Julian has provided really good analogies on the topic but I am walking away with a head full of questions.
If we implicitly think of privacy and security as balanced on a scale, a loss of privacy is ipso facto a gain in security. It sounds silly when stated explicitly, but the power of frames is precisely that they shape our thinking without being stated explicitly.
Cybersecurity Two Years Later
February 3, 2011This is a follow up to the 2008 report “Securing Cyberspace for the 44th Presidency”, published by Center for Strategic and International Studies (CSIS), which included 25 recommendations for change. Now two years later, CSIS published this report to review where progress has been made on these recommendations and where action is necessary. The report identified 10 key areas where the nation must take action. The report starts with
2010 should have been the year of cybersecurity. It began with a major exfiltration of data from Google and other Fortune 500 companies, saw the Department of Defense describe how its classified networks had been compromised, watched the Stuxnet worm cut through industrial control systems, and ended with annoying denial of service attacks over Wikileaks.
and suggest cloud as one of the solutions -
Cloud computing has weaknesses, but it also offers the opportunity to aggregate and automate cyber defense. Much of the burden of security will shift from consumers and businesses to service providers that may be better equipped to meet advanced challenges.
which is correct but it’ll not come free – data security during transmission from end user to cloud and authentication will be two big ticket items that we need to pay for. The report ends with……and with what will not work.
Many of the solutions still advocated for cybersecurity are well past their sell-by date. Public-private partnerships, information sharing, and self-regulation, are remedies we have tried for more than a decade without success. We need new concepts and new strategies if we are to reduce the risks in cyberspace to the United States.
Security and Privacy in Public Cloud Computing
February 3, 2011NIST has published a Draft Special Publications (SP) “Guidelines on Security and Privacy in Public Cloud Computing”. NIST will accept comments on the draft until February 28, 2011.
NIST SP 800-144 provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.
Criminalizing Encryption
January 13, 2011Earlier this week, Steptoe & Johnson, an International law firm reported that New York was considering criminalizing Encryption.
Nevada and Massachusetts require the use of encryption in certain circumstances. But New York is thinking about taking the opposite approach – making it a crime to use encryption in some situations. A bill (S. 714) introduced in the New York Senate on January 5 would prohibit the “criminal use of encryption.” While the intent appears to be to make it a crime for criminals to use encryption to conceal evidence, the bill’s awkward wording could be read to prohibit the use of encryption – such as by a communications company – that has the effect of concealing the identity of a criminal or evidence of a crime.
The Bill S714 (aka National Criminal Justice Commission Act) was introduced in Senate on March 2009 by Senator Jim Webb (D-VA) and reported by the committee in Jan 2010 but it never became a law. I quickly scanned through the bill (pdf) but couldn’t find any references to “encryption” (or “unencryption”). There is no other information available about this bill being re-introduced.
Though, there are enough evidences to support that this has been discussed multiple times since 2001 -
The technology of scrambling data and messages has become a crucial element of computer security for businesses and consumers alike. Officials of law enforcement and intelligence agencies have long warned lawmakers that they were unable to break the strongest encryption products, and that crimes eventually would be committed that might otherwise have been prevented.
and as Mark Rasch (attorney and technology expert) said in his 2003 post -
The new legislative proposal would be counterproductive. It could stigmatize encryption as a criminal tool. People will grow wary of using crypto, consequently vendors will become wary of building it in to products, and ultimately the nation will become less secure.
….we shouldn’t stop manufacturing locks just because criminals may use them to lock doors.
Transfer of Personal Data from the EU/EEA to Third Countries
January 11, 2011FAQs (PDF) to clarify understanding of the legal framework in force in the EU with regard to transfers of personal data processed in the EU/EEA (European Union/Europian Economic Area) to third countries.
Answers to these FAQs have been prepared by the Data Protection Unit of the Directorate- General for Justice, Freedom and Security with a view to assisting EU/EEA entities, and more particularly SMEs, in understanding the EU legal framework applicable to transfers of personal data processed in the EU (and the EEA) to “third countries” (i.e. countries that are not members of the EU or the EEA).
Google’s Transparency Report
September 22, 2010Google has created a website, called Transparency Report, for Users to know if their local government has been making requests for the removal of any contents.
Transparency is a core value at Google. As a company we feel it is our responsibility to ensure that we maximize transparency around the flow of information related to our tools and services. We believe that more information means more choice, more freedom and ultimately more power for the individual.
What’s the trigger behind this effort…?
Technological Advances and Evolution of Privacy Laws
April 28, 2010
The linchpin in extending Fourth Amendment protection to the cloud rests with the reasonableness of society’s expectations governing privacy in the cloud. But societal expectations change over time, especially as technology and our uses of that technology change.
…….
This change in Internet usage seems to indicate that society might be prepared to recognize a reasonable expectation of privacy in the cloud, at least in some circumstances. Even if the Internet remains a public medium in some respects, taking a private object into public doesn’t necessarily destroy a person’s reasonable expectation of privacy in that object. But reasonable efforts to conceal that object must be present.
