Tag: #dataprivacy laws

a judge in DC gutted one of the most important US privacy laws

All technical problems of sufficient scope or impact are actually political problems first.

Protection is NOT based on its reason for storage of a file copy.

Orin Kerr

“Prof. Kerr has provided an excellent write-up of something that mostly escaped notice but that is really a big deal.

In order to service a laudable goal, supporting international justice in Myanmar, a judge in DC gutted one of the most important US privacy laws.”

Provider-deleted files and contents are not protected by the Stored Comm’s Act, DDC rules per MJ Faruqui. In effect, if a provider moderates contents, all private messages and e-mails deleted can be freely disclosed and are no longer private.

https://context-cdn.washingtonpost.com/notes/prod/default/documents/18062d2a-fee7-45a1-adc2-bbba351ada4d/note/1bf5c0fb-7aa9-4973-8c67-30674e2939a4.#page=1

First, some context. Back in 2018, Facebook deleted a bunch of accounts run by the Myanmar government because it was spreading disinformation on Facebook. Later, the Gambian government sued the Myanmar government in the International Court of Justice.

The Gambian govt is trying to get the contents of the accounts that Facebook deleted to show Myanmar’s disinformation campaign. It is using a federal statute that allows discovery from the US to aid in foreign litigation to get it.

Facebook has objected to the disclosure. FB is trying to protect the privacy of its accounts, as directed under the Stored Comm’s Act: 18 U.S.C. 2702, the non-disclosure rule, says that contents of accounts usually can’t be disclosed. FB is saying the non-disclosure applies.

In the new decision, MJ Faruqui concludes that the non-disclosure rule protecting account privacy doesn’t apply. The reasoning goes like this.

1) The SCA provides protections for messages in transit, and backups of those messages, as well as for storage and processing.

2) After a provider has decided to delete an account, the provider is no longer providing those services. The provider may keep copies of what it has deleted, but it’s no longer keeping the copies for purposes associated with the statute.

Therefore all privacy protections end.

This strikes me as a fairly astonishing interpretation of the statute. As a matter of law, it seems wrong: I don’t think SCA’s protections hinge on the provider’s motive, with a provider creating or eliminating statutory protection based on its reason for storage of a file copy.

Also, it’s a stunning interpretation in its consequences. Under the op, the most fundamental rule of Internet privacy — that your e-mails and messages are protected from disclosure — is largely meaningless. A provider can just delete your account and hand out your messages.

I was particularly disappointed in how Judge Faruqui responds to Facebook when it raised the policy consequences. His first reaction was to mock Facebook for trying to protect privacy.

NetHappenings: Privacy, Data, Your Rights

Want to mess with the surveillance state?
A new clothing line confuses automated license plate readers
https://www.technologyreview.com/f/614175/a-new-clothing-line-confuses-automated-license-plate-readers/

Join the Congressional Innovation Fellowship
TechCongress places computer scientists, engineers, and other technologists to serve as technology policy advisors to to Members of Congress through our one-year Congressional Innovation Fellowship. We bridge the divide of knowledge and experience between DC and Silicon Valley for better outcomes for both.

EU votes to create gigantic biometrics database
https://www.zdnet.com/article/eu-votes-to-create-gigantic-biometrics-database/

What Are Psychographics?
https://huffpost.com/us/entry/us_594be378e4b07cdb1933c05b

The vocabulary of BS. Where Wall Street is capitalism unvarnished, Silicon Valley is capitalism euphemized.
https://www.theguardian.com/us-news/2019/jun/26/how-to-speak-silicon-valley-decoding-tech-bros-from-microdosing-to-privacy

Hackers are stealing years of call records from hacked cell networks
https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/

Cellphone location data from T-Mobile, AT&T and Sprint was sold to bail bondsmen
https://www.fiercewireless.com/wireless/cell-phone-location-data-from-t-mobile-at-t-and-sprint-was-sold-to-bail-bondsmen

Verizon, AT&T, T-Mobile and Sprint suspend selling of customer location data after prison officials were caught misusing it
https://www.washingtonpost.com/news/the-switch/wp/2018/06/19/verizon-will-suspend-sales-of-customer-location-data-after-a-prison-phone-company-was-caught-misusing-it/

How a trivial cell phone hack is ruining lives
https://www.engadget.com/2019/06/28/cell-phone-hack-is-ruining-lives-identity-theft/

Former Equifax executive sentenced to prison for insider trading prior to data breach
https://www.theverge.com/2019/6/29/20056655/jun-ying-equifax-breach-jail-time-insider-trading-department-of-justice

Huawei Technicians Helped African Governments Spy on Political Opponents
Employees embedded with cybersecurity forces in Uganda and Zambia intercepted encrypted communications and used cell data to track opponents, according to a Wall Street Journal investigation
https://www.wsj.com/articles/huawei-technicians-helped-african-governments-spy-on-political-opponents-11565793017

Threat Groups Cards A THREAT ACTOR ENCYCLOPEDIA
https://www.dropbox.com/s/ds0ra0c8odwsv3m/Threat%20Group%20Cards.pdf

reCAPTCHA Usage Statistics
https://trends.builtwith.com/widgets/reCAPTCHA

Disrupting at the highest levels, its #CyberWar4Ever!
https://cybersquirrel1.com/

Why You Need a Password Manager. Yes, You.

https://thewirecutter.com/blog/why-you-need-a-password-manager-yes-you/

  • Privacy should not be not a one-off exercise by the legal division whenever a new law comes out. It needs to be a company-wide program with ongoing policies and clear accountability for each division.
  • If the service is free you are in fact the product being sold.
  • Not collecting the data in the first place is easier than protecting it.
  • Privacy: Once described by Supreme Court Justice Louis Brandeis as, “the right to be left alone,” privacy is now best described as the ability to control data we cannot stop generating, giving rise to inferences we can’t predict.
  • Dont reuse passwords. Ever.
  • One way to ensure your personal data remains private is never to give it*. Today, under #dataprivacy laws you can refuse to give that information.
  • Don’t use production data in pre-production environments.
  • Do not use Facebook, or WeChat
  • In addition to strong, unique passwords, use unique account usernames and sign-up email addresses.
  • Don’t reuse profile photos.
  • 99.98% of Americans would be correctly re-identified in any dataset using 15 demographic attributes.

The Illusion of Choice – Spread Awareness

Exclusive: For yrs ES&S, top voting machine maker in US, has been saying its vote tabulators and election-management systems are not connected to the internet. That appears not to be true. Researchers say they found what appear to be 35 online.
https://www.vice.com/en_us/article/3kxzk9/exclusive-critical-us-election-systems-have-been-left-exposed-online-despite-official-denials

A Researcher Found a Bunch of Voting Machine Passwords Online
https://www.motherjones.com/politics/2019/06/a-researcher-found-a-bunch-of-north-carolina-voting-machine-passwords-online/