tag:blogger.com,1999:blog-45636851632348753052024-03-05T03:28:45.310-08:00HackLawHackLaw is a blog dedicated to discussing the legal issues in information security and developments that may have an impack on information security law.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.comBlogger57125tag:blogger.com,1999:blog-4563685163234875305.post-38140364961478045252013-03-28T11:15:00.000-07:002013-03-28T11:15:09.732-07:00Extending CALEA to Cover the Cloud?There is a great discussion over on Slate about how the FBI sees it's ability to listen in via tapping phones as "going dark". Why use a landline or a cell phone when you can use your webcam to orchestrate your criminal enterprises?<br />
<br />
http://www.slate.com/blogs/future_tense/2013/03/26/andrew_weissmann_fbi_wants_real_time_gmail_dropbox_spying_power.html <br />
<br />
The blog suggests that the FBI is interested in extending CALEA, the <a href="http://Communications Assistance for Law Enforcement Act">Communications Assistance for Law Enforcement Act</a>, to cover Gmail, Google Voice, and other cloud services. This isn't a new thing exactly. Law enforcement has been working for some time now <a href="http://www.cybertelecom.org/voip/fcccalea.htm">to figure out how to apply CALEA to VoIP, for example</a>. It was only a matter of time before Instant Messaging fell under that same category.<br />
<br />
Kids today prefer texting to talking anyway.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-52870962753170053752013-03-18T08:19:00.000-07:002013-03-18T08:19:18.208-07:00Judicial Revolt Against Invasions of PrivacyLast week saw two major Judicial decisions related to privacy come out of the 9th Circuit, perhaps signaling a new offensive against warrantless wiretapping.<br />
<br />
First, a Federal Appeals court ruled that customs agents <a href="http://www.wired.com/threatlevel/2013/03/gadget-border-searches/">no longer have carte blanche to search electronic devices coming into the country</a>. The 9th Circuit decision has an impact on border crossings into
California and Arizona. That doesn't mean that Texas or New Mexico will
follow the same rules. The case comes from a California man who was flagged by agents because of prior convictions for child molestation. Agents found no incriminating evidence on his two laptops or three digital cameras, so they seized them and sent them away to a forensic lab. Pictures of pornographic pictures of children were allegedly found by the forensic team, but the judge threw the evidence out because the devices were removed from the border area. The 3 judge appeals panel upheld the ruling.<br />
<br />
<br />
On Friday, another Federal judge <a href="http://www.forbes.com/sites/andygreenberg/2013/03/15/heres-the-judges-order-banning-the-fbis-secret-requests-for-companies-user-data/">ruled that National Security Letters are an unconstitutional ban on companies First Amendment rights</a> in the case of a telecommunications company that sought to fight the gag order. The court refused to conform the order, as the 2nd Circuit did in a<a href="http://en.wikipedia.org/wiki/Doe_v._Gonzales"> prior case</a>.<br />
<br />
The battle in the courts over the balance between law enforcement and privacy continues. The Supreme Court last year rejected the case against warrantless wiretapping, but did so <a href="http://www.theverge.com/2013/2/26/4031840/supreme-court-rejects-case-against-warrantless-wiretapping-fisa-amendments-act">on the grounds that the individuals being tapped couldn't prove that their communications had been monitored</a>. If the gag order on NSLs is removed, then it's possible that a new case could go before the Supreme Court for them do decide whether the Executive Branch has the authority to issue NSLs without judicial review.<br />
<br />George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-48180134155277464212013-03-14T08:11:00.000-07:002013-03-14T08:11:06.023-07:00Privacy, Customs, and YouIf you are travelling to Mexico and you are a technophile, good news! The 9th Circuit now says that Customs agents no longer have carte blanche to search your devices.<br />
<br />
See more from the Wired article:<br />
<br />
http://www.wired.com/threatlevel/2013/03/gadget-border-searches/ <br />
<br />
The 9th Circuit decision has an impact on border crossings into California and Arizona. That doesn't mean that Texas or New Mexico will follow the same rules. George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-75241658172912221192013-03-11T09:56:00.000-07:002013-03-11T09:58:24.068-07:00Was Aaron Swartz the victim of Prosecutorial Overreach?After Aaron Swartz's tragic death in 2012, a lot of bloggers have started throwing around the term, Prosecutorial Overreach when talking about Federal prosecutors Carmen Ortiz or Stephen Heymann. The problem is that this is a new term, invented seemingly out of nowhere in 2012. It sounds like legalese, but it isn't a Legal term. It sounds like one. It sounds very similar to Prosecutorial Misconduct, which is a Legal term…this is what the prosecutor of the Duke Lacross case was found guilty of when he withheld evidence from the defense.<br />
<br />
Unfortunately, since Prosecutorial Overreach isn't a Legal term, people can use it in ways that they can't use Legal terms. People can say that the Prosecutor in this case is guilty of Prosecutorial Overreach. Usually, when we have a legal charge against someone, you say they are accused of, not guilty of, until they are tried in court. <br />
<br />
So what does Prosecutorial Overreach really mean? Here are some possible definitions:<br />
<ul>
<li>When a prosecutor should have better things to do, but spends their time going after small fish.</li>
<li>When a prosecutor throws a bunch of charges at a person that are frivolous.</li>
<li>When a prosecutor goes after a case for purely political or career motivated reasons.</li>
</ul>
Unfortunately, it's not clear what people are actually saying when they use this new term. There are protections built into the legal system from an overzealous prosecutor bringing frivolous charges against someone…in the Swartz case, this was the Grand Jury. In this case, the grand jury indictment was unsealed, and it showed that a jury of 24 of Swartz's peers found that there was enough evidence to proceed with further legal action against him.<br />
<br />
The danger of this term, Prosecutorial Overreach, is that it is a distraction from the battle that Swartz was fighting: The fight against copyright that didn't serve the interests of the public or the academic community.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com1tag:blogger.com,1999:blog-4563685163234875305.post-6564507117287402922013-03-07T12:37:00.002-08:002013-03-07T12:37:40.274-08:00Pentagon to use Nukes against Hackers?What's the latest weapon in the Cyber Arms race? Nuclear bombs, apparently.<br />
<br />
http://www.acq.osd.mil/dsb/reports/ResilientMilitarySystems.CyberThreat.pdf <br />
<br />
Okay, let's not over react. The report says that the U.S. would only use nukes under extreme circumstances. Hopefully that doesn't mean viagra related SPAM.<br />
<br />
Seems like, if anything, maybe an EMP would be a better alternative?George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-61526828591103081312013-03-05T11:52:00.001-08:002013-03-05T11:52:23.726-08:00Privacy is Dead: Now Where's My Inheritance - Part 3<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><br />
<!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
</style>
<![endif]-->
<br />
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">As
an American, when I picture the beginnings of civilization, I don't picture
Neanderthals huddling together in caves. I picture the pilgrims landing
on foreign soil, building log cabins to sustain themselves against the
winter. With the hope of a new frontier to explore.</span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">It
strikes me that we are in the same position when it comes to the
Internet. It's a wild and dangerous frontier that can hold vast wealth or
the dangers of identity theft. <a href="http://www.hacklaw.com/2013/02/privacy-is-dead-now-wheres-my.html">In Part 1 of </a></span><a href="http://www.hacklaw.com/2013/02/privacy-is-dead-now-wheres-my.html"><span style="font-family: "Helvetica","sans-serif";">Privacy is Dead: Now Where's MyInheritance</span></a><span style="font-family: "Helvetica","sans-serif";">, I
postulated that an individual's privacy is worth up to $10,000 per year. In <a href="http://www.hacklaw.com/2013/02/privacy-is-dead-now-wheres-my_20.html">Part 2</a>, I broke down each category of privacy related data and discussed how each
area is important to the individual's privacy as a whole.</span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">Individuals,
however, aren't the only ones venturing out into this new frontier. The
question is, how can companies benefit from the same benefits to sharing
private information as individuals? </span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">Some
companies have built sharing the personal data of their customers into their
business plan. Google does this through advertising. Facebook
benefits through the network effect: the more people and the more content, the
more valuable they are. In fact, any of the 10 domains of "Privacy
Property" I identified in Part 1 could be integrated into a company's
business plan.</span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">What's
interesting is that companies can reap similar benefits when they are willing
to share information about themselves. This is a little
counter-intuitive, but most organizations are already doing this without
knowing it. For example, when a Microsoft or Apple program crashes, the
first thing it does is ask you if you want to share information about the crash
with Microsoft or Apple in order to fix the program. The benefit is that
the individual gets a better, more stable version of software.</span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<u><span style="font-family: "Helvetica","sans-serif";">Security Through Obscurity vs. Security Through
Community</span></u></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">Security
Through Obscurity is an old concept. The idea is that you can protect the
security of your software by keeping the source code secret. The idea is
a tried and tested human concept. Think of buried treasure. A more
contemporary example would be a company's trade secrets, the secret formula to
Coca Cola or the Colonel's 11 herbs and spices. It makes sense to
businesses to keep their code secret because that what every other part of the
business already does.</span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">The
problem with this concept is that every day, thousands of evil hackers are
looking for vulnerabilities. Code sometimes gets leaked. Code can
be reverse engineered. Sometimes vulnerabilities can be found without
knowing the code at all. If security through obscurity worked, then
zero-day vulnerabilities wouldn't be worth <a href="http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/">hundreds of thousands of dollars on the black market</a>. Worse for businesses that use the software, no one
knows when zero-days are found until high enough profile breaches occur because
of them.</span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">Another
model is Open Source software, where thousands of good programmers have the ability
to look at the code and clean the vulnerabilities more quickly. And there
are a lot more good programmers out there than ones willing to commit
crimes. To borrow a phrase from the U.S. Supreme Court Justice Brandeis,
"Sunlight is the best disinfectant." (Brandeis, coincidentally,
is also the father of U.S. privacy law.) </span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">Companies
like BrightCloud and FireEye are creating a market by collecting data about
customer’s security related information. BrightCloud and FireEye both
gather user data in order to provide a reputation score for IP addresses, web
sites, or even specific files. FireEye, for example, will take a file and
load it into their cloud based sandbox to observe whether the file contains
malware. Subscribers to the service will all then share the benefits of
having shared that information with the community through fewer malware
infections. These services have the potential to save businesses hundreds
of hours of time to clean infected machines and lost productivity time from
employees.</span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">Similarly,
telecommunications providers like AT&T or Verizon, and to some extent
managed security providers have the ability to correlate attacks against all of
their customers. These providers have the visibility to see attacks in
real time against thousands of their customers. Managed Security
Providers can then prevent attacks from even entering their customer's
networks. This can help reduce the costs of bandwidth and loss of
reputation with customers.</span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">Organizations
can also partner with other organizations in their industry in order to
directly share their information about security. Most large organizations
have an Information Security Advisory Council internally that will help report
security threats, help refine policies, etc. Many industries have adopted
Councils of trusted practitioners who can share information across companies,
even competitors, because sharing information about threats protects the
industry as a whole. The </span><a href="https://www.pcisecuritystandards.org/"><span style="font-family: "Helvetica","sans-serif";">Payment
Card Industry Security Standards Council</span></a><span style="font-family: "Helvetica","sans-serif";"> is an example of this. The Department of
Homeland Security has a </span><a href="http://www.dhs.gov/chief-information-security-officers-ciso-advisory-councils"><span style="font-family: "Helvetica","sans-serif";">CISO Council for Federal security
leaders</span></a><span style="font-family: "Helvetica","sans-serif";">.
The Banking industry has the </span><a href="https://www.fsisac.com/"><span style="font-family: "Helvetica","sans-serif";">Financial Services Information
Sharing and Analysis Center</span></a><span style="font-family: "Helvetica","sans-serif";">.
The Power, Communications, Nuclear, Water, State, Public Transportation sectors
all have their own ISACs as well. There's even an </span><a href="http://www.isaccouncil.org/index.php?option=com_content&view=article&id=83&Itemid=195"><span style="font-family: "Helvetica","sans-serif";">ISAC of ISACs</span></a><span style="font-family: "Helvetica","sans-serif";">.</span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">Security
through Community is still immature, however, but the next big thing in
security may come from this concept. Just like with Anti-Virus, which
many companies now offer for free when they used to be expensive add-ons, these
services should also be free. Today, all of the communities mentioned
above require some cost to join, and most are very expensive. It is
precisely the network effect of having huge numbers of customers that makes
these communities have value. Cost is a barrier to entry, especially for
a service that requires your private information to exist. Imagine if
Facebook asked people to pay for their service?</span></div>
<div class="MsoNormal" style="text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="text-autospace: none;">
<span style="font-family: "Helvetica","sans-serif";">In
part 1, I postulated that to an individual, sharing private information could
be worth $10,000 per year. It is more difficult to measure, but sharing
some private data could be worth a lot more. </span></div>
<div class="MsoNormal">
<br /></div>
George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-59787637985028861052013-02-22T07:37:00.000-08:002013-02-22T07:37:59.566-08:00Diplomatic ImmunityThe White House this week released a plan to stop state sponsored hacking, <a href="http://thenextweb.com/asia/2013/02/19/security-firm-releases-screen-videos-of-chinese-hackers-at-work/?mod=wsjcio_hp_midLatest">like the one uncovered by Mandiant this week</a>, through the use of diplomatic pressure. The <a href="http://www.whitehouse.gov//sites/default/files/omb/IPEC/admin_strategy_on_mitigating_the_theft_of_u.s._trade_secrets.pdf">72 page report </a>details the measures that the White House is willing to use as leverage. The strategy stops short of threatening economic or other types of sanctions.<br />
<br />
No word yet from the hackers on whether they will lay down their compilers. A more likely response will be that they install malware into the PDF of the report. Sorry if you already clicked the link. I can picture the hackers learning to say "Diplomatic Immunity" a la Lethal Weapon 2.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-32824203708864444732013-02-20T10:03:00.001-08:002013-02-22T08:26:45.840-08:00Privacy is Dead: Now Where's My Inheritance - Part 2In <a href="http://www.hacklaw.com/2013/02/privacy-is-dead-now-wheres-my.html">Part 1 of my Post</a>, Privacy is Dead, I estimated that giving up Privacy in exchange for a number of benefits could be worth as much as $10,000 per year to an individual. While this isn't pocket change for most of us, for someone making minimum wage, this might represent 6 months of work. Let's take a deeper dive in where that $10,000 number is coming from.<br />
<br />
<span style="text-decoration: underline;">Privacy Property</span> <br />
<br />
Why should a company, either your phone company or a bank, be able to
share information about you? Because it creates a new type of
property…Privacy Property is the new Intellectual Property. Google and
Facebook have both been very successful at leveraging this Privacy
Property to create a new source of wealth. And we welcome it for the
same reasons that we wanted credit scores. There are scores of new
types of Privacy Property that have been created in the last 10 years,
and some that have been made even more valuable.<br />
<ul>
<li>Credit – $2,000/yr to $4,000/yr – Today, the average American has
approximately $200,000 in debt between mortgages, cars, student loans,
and credit cards. Just one percentage point of difference on a loan
could mean thousands of dollars per year in value that this sharing of
private information creates.</li>
<li>Book Reading – $100/yr – Librarians have a long tradition of
protecting what books their patrons are reading. They’ve fought and won
to protect the FBI or other groups from being able to find out who
checked out books like “Mein Kampf”. As it turns out, perhaps that
fight was all for nothing. With eBooks, retailers like Amazon and
Barnes and Noble have the ability to not just track what books you have
read, but they can provide detailed demographics back to the publishers,
who in turn can use this information to tailor books at their
audiences. In addition, they can figure out things that were impossible
before, like what pages or passages were most bookmarked, what chapter
caused people to lose interest and stop reading.</li>
<li>TV Viewing habits – $500/yr – Arthur C. Nielsen created a company
starting in the 1950s that tracked what television programs their
subscribers watched. Subscribers were paid for this information.
Today, this information can be gained without special tracking
equipment. TiVo has the ability to not only track what we watch, but
how we watch it…which became especially clear when they reported that
Janet Jackson’s wardrobe malfunction during the 2008 Super Bowl was the
most replayed video ever.</li>
<li>Driving History – $100/yr to $1,000/yr – For years, Insurance
companies have used driving history to help underwrite their insurance
practices. Today, they have begun using “black boxes” to track how
their customers are driving, whether they stop or speed, where they
drive and when they drive. Their customers love this, because they can
save hundreds or thousands of dollars per year. Loss of privacy creates
value.</li>
<li>Shopping Habits – $1,000/yr – For years, advertisers have tried to
figure out what makes a shopper tick. Now they don’t have to.
Companies like Amazon can figure out what you will like before you know
it.</li>
<li>Video Rental – $500/yr – Your movie watching history is critical to
figuring out what you’ll want to watch next. Netflix has come up with
their own algorithms that can predict better than their competitors what
movies you want to watch. If they know what you want, the more likely
you are to buy it, and buy it from them. The next Step for Netflix and
Hulu, Blockbuster, Amazon, and others is to let you tell your friends
about the great movie you just watched…but to do that in an automated
fashion, they need to get Congress to change the VPPA. Oh, wait,
Congress just passed that in January of 2013! Welcome to the future!</li>
<li>Location Information – $1,000/yr – Today, Google will customize your
search results based on where you are, so you get results in your city,
not just anywhere in the US. Your location information can be used to
better target advertising to you. This was naturally the case when
television advertisers bought airtime based on the region you lived in.
Google already knows where you are generally based on your IP address,
mobile technologies take this a step further.</li>
<li>Change of Life Predictors – $500/yr – Today, Credit Card companies
know enough about your daily habits that they can predict, for example,
when you are going to get divorced or have children. Not that those two
things are related. These major life events can have a large impact on
your risk profile, perhaps reducing or increasing your credit rating
profile.</li>
<li>Health Records – $1,000/yr HIPAA was originally enacted, not because
of Privacy concerns, but because there was a need to move from paper
health records to electronic ones. Just like any other business, this
was cost driven. Electronic insurance claims processing has helped
reduce health care costs. Just imagine how much more expensive health
care would be with only paper records. The future is complicated. <a href="http://www.nytimes.com/2011/11/17/health/policy/smokers-penalized-with-health-insurance-premiums.html?pagewanted=all&_r=0">Should individuals who smoke or drink have to pay more for health care?</a> Your employer says yes!</li>
<li>Free Stuff – $1,000/yr – Remember in the early 2000’s when you could
get free Internet Access or even a free computer if you signed up for a
service that would display a constant stream of advertising to you?
It’s possible in the future that a clever company could provide you a
cellular smart phone for free with no monthly fees. All you have to do
is let it track your every move, pop up location based advertising
wherever you go. Let it show you ads based on what you say in text
messages just like how Google advertises in their mail. Sell your
driving habits to insurance companies without the need for a black box.</li>
</ul>
Privacy Property is great when you live in a country where you aren’t
worried about government persecution. It becomes dangerous if this can
be used against you. Because of their history, this is why European
countries consider Privacy a “fundamental human right”. Other countries
with repressive control generally snoop on Facebook posts or text
messages in order to suppress the flow of information. There is a high
“Privacy Inheritance Tax” that can wipe out any benefit, and perhaps
cost people more than their money. And just like with other violations
of privacy, oversharing can enable stalking, which is why Congress is
considering passing Location privacy rules. In December of 2012, <a href="http://thehill.com/blogs/hillicon-valley/technology/272889-senate-panel-approves-frankens-location-privacy-bill">the Senate Judiciary Committee voted in favor</a> of Sen. Al Franken’s (D-Minn) Location Privacy Protection Act.<br />
<a href="http://thehill.com/blogs/hillicon-valley/technology/272557-facebook-unveils-new-privacy-features">Facebook’s Chief of Privacy was quoted</a>
as saying that they are working to get rid of surprises. That seems to
address privacy issues…so long as people aren’t surprised by what they
are sharing, then it’s okay. As long as we’re getting our Inheritance,
we’re happy. Hopefully we don’t find ourselves cut out of the will.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-27011158128469217422013-02-18T13:24:00.002-08:002013-02-20T10:04:26.405-08:00Privacy is Dead: Now where's my Inheritance - Part 1Privacy is Dead.<br />
It’s not the first time you’ve heard this, surely. A private
investigator, Sam Rambam was quoted as saying “Privacy is Dead – Get
Over it” in 2006. In 2012, Huffing Post contributor Miles Feldman posed
the question “Is Privacy Dead?”<br />
If it is, then we’ve been collecting our inheritance without knowing it for years.<br />
When did it die? It seemed to have contracted some terminal illness
sometime around the same time that the computer was invented. It
slipped away in the night somehow without anyone noticing. People worry
about privacy related to the Internet, but this was only the first time
we noticed that our attitudes about privacy were changing. There were
two major events that most likely started this – the first was the Phone
Book and the second was your credit rating.<br />
When the telephone was first invented, people needed a way of
reaching each other…in order to make the device useful, operators would
connect two people to each other. This was a costly way of doing
business, so phone companies published subscriber information in a
“Book” so that subscribers could directly connect with one another
without human intervention. In this way, we willingly gave up some of
our privacy in order for the value that connection gave us. Phonebooks
became a business model for phone companies – they began selling
advertising space in their phone books and now make billions. You could
get your privacy back by requesting an unlisted number, but this too
had its price.<br />
Before the early 1900s, when you needed credit to make a purchase, a
man from the bank would go around and ask your friends, relatives, and
neighbors what kind of person you were. Credit translated into
character. It was the best we could do at the time. After WWII, people
started needing more and more credit after coming back from a costly
war. In 1970, the Fair Credit Reporting Act was enacted to offer some
rules to govern this new model of collecting and distributing personal
information. Now, banks could share your information with each other,
which allowed them to know when someone had defaulted on or had
excessive amounts of loans with other organizations. This reduced the
risk of issuing a loan, which allowed banks to give loans at better
rates. Again, giving up privacy created real value for an individual.<br />
When you add it all up, my estimate is that the loss of Privacy, i.e.
all the private information that we give up every day to do business
actually has a significant tangible value. My estimate is that our
Privacy Inheritance is worth as much as $10,000 or more per year. For
most Americans, that’s like having a second part time job.<br />
<br />
Click here to read <a href="http://www.hacklaw.com/2013/02/privacy-is-dead-now-wheres-my_20.html">Part 2</a> of this post. George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-81123372743388588062012-12-18T12:33:00.001-08:002012-12-18T12:33:42.800-08:00Instagram Apocalypse 2013<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><br />
<!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
</style>
<![endif]-->
<br />
<div class="MsoNormal">
Everyone knows that the Mayans may or may not have predicted
that the world will end on December 21, 2012. Experts are now saying that
there is <a href="http://news.cnet.com/8301-13578_3-57559710-38/instagram-says-it-now-has-the-right-to-sell-your-photos/">another
major calamity</a> awaiting right around the corner for those of us who survive
on January 16, 2013. That's when Instagram's new privacy policy will take
effect.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
There are a number of reasons why this isn't the end of the
world.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<a href="https://www.eff.org/fa/deeplinks/2012/12/instagrams-new-terms-service-sell-your-photos">The
EFF is claiming</a> that by including language in the "Rights"
section of Instagram’s <a href="http://instagram.com/about/legal/terms/updated/">new
Terms of Use</a>, Instagram will now be able to sell your photos to other
companies. This is an accurate reading of the terms
"transferable" and "sub-licensable" that are added to the
license you grant Instagram in order for them to display their photos on the
site. This reading, however, discounts the rest of that sentence which
says the photos you post are still restricted to whatever privacy settings you
already have in place and that the use must comply with <a href="http://instagram.com/about/legal/privacy/updated/#section3">Instagram's
privacy policy</a>.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
There will probably be herds of Zombies after the Mayan
Apocalypse walking around with their smartphones, wondering if an equally
undead corporation might use their pictures of brains for their own purposes.
Like when Virgin Mobile of Australia took pictures <a href="http://www.switched.com/2007/09/21/virgin-mobile-steals-teens-flickr-photo-for-ad/">from
a 16 year old’s Flickr stream</a> to use on bus stops for its wireless phone
marketing campaign. It has happened, and that scenario is not
allowed by Flickr’s current Terms of Use…so there aren’t any guarantees even if
the Terms of Use are perfect.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
There is also another explanation for Instagram’s
change. The privacy policy has certain limited uses for what Instagram is
allowed to do with your content. In addition to requiring that they
respect your privacy settings, the privacy policy says that in case of a
merger, the content you upload might be a part of what is transferred to the
new company. The Terms of Use "transfer" language is very
common in software contracts and is typically used to protect in the event the
company is sold or acquired so that their customers can't run away kicking and
screaming. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Is Facebook considering selling off Instagram? Maybe
they just want to have their options open if the world does come to an end on
Friday?</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Perhaps they need the language in order to do what Facebook
is already doing when they let you "Like" news articles and other
pages on sites outside of Facebook. (Please feel free to "like" and/or "share"
this article.) Or maybe they have a new feature or product up their
sleeve that necessitated a change.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Or it could be that Facebook is just bringing Instagram's
Terms of Use into line with <a href="https://www.facebook.com/legal/terms">Facebook's
existing policy</a> that uses the same "transferrable" and
"sub-licensable" language. That’s probably it.</div>
George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-44137991192967319062012-12-04T14:37:00.001-08:002012-12-04T14:37:36.328-08:00Safe Web Act ReauthorizedSome laws are permanently on the books. Other laws have a sunset date...like the Bush Era Tax cuts. Sunsets have become popular these days as a way of keeping Congress honest so they have to renew the laws if they think they worked out well.<br />
<br />
The Safe Web Act was one of those laws. Safe Web was passed in 2006 and granted the FTC the ability to share online fraud related data with foreign law enforcement. In the last several years, the FTC has become the central clearinghouse in the US Federal government for all things identity theft related, so it's good to see this law renewed.<br />
<br />
Read more about the bill at the Hillicon Valley blog: <br />
<br />
http://thehill.com/blogs/hillicon-valley/technology/270943-obama-signs-safe-web-act-into-law <br />
<br />
The only catch is that there's another sunset. This time it's 2020.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-38266117396029589872012-11-30T11:32:00.002-08:002012-11-30T11:38:28.056-08:00Warrantless Wiretap-Dancing<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><br />
<!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
</style>
<![endif]-->
<br />
<div class="MsoNormal">
<span style="color: white;"><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt;"><a href="http://thehill.com/blogs/hillicon-valley/technology/270093-senate-panel-votes-to-require-warrant-for-police-email-searches">Yesterday
the Senate Judiciary Committee</a> voted to update a law, the <a href="http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act">Electronic
Communications Privacy Act</a>, (ECPA), to require law enforcement to obtain a
warrant before conducting searches of people’s online communications, including
email, Facebook posts, Twitter updates, and documents stored online. The
full Senate is not expected to vote on the changes to the law until 2013. As
written the ECPA is somewhat ironically named, since it currently allows law
enforcement to view any data stored online for more than six months without a
warrant.</span></span></div>
<div class="MsoNormal">
<span style="color: white;"><br /></span></div>
<div class="MsoNormal">
<span style="color: white;"><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt;">Online privacy is good, right? Which means warrantless
searches are bad? There is a lot of contention on the issue. Law
Enforcement’s chief argument is that the ECPA has been in place for 26 years,
and nothing has gone wrong. Privacy groups argue that the Internet is a
different place than it was 25 years ago, so the law should be updated to
reflect how people use it today. Senator Leahey’s bill <a href="https://www.eff.org/deeplinks/2012/09/ecpa-reform-may-require-warrants-email-hurt-video-privacy">also
weakens the privacy of video viewing history</a>, to the benefit of companies
like Hulu and Netflix, so overall any benefit to online privacy may be a wash.</span></span></div>
<div class="MsoNormal">
<span style="color: white;"><br /></span></div>
<div class="MsoNormal">
<span style="color: white;"><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt;">Congress is examining these issues at the same time that an FBI
investigation went to the heart of these issues. <a href="http://www.cbsnews.com/8301-18563_162-57548694/fbi-role-in-petraeus-investigation-questioned/">The
investigation into the affair</a> between CIA Chief David Petraeus and his
biographer, Paula Broadwell, presumably was done using some amount of
warrantless wiretapping to gather emails related to the affair and the
harassment of Jill Kelly by Broadwell. This investigation will be at the
forefront of the minds of the Congress when they take up the bill next year.</span></span></div>
<div class="MsoNormal">
<span style="color: white;"><br /></span></div>
<div class="MsoNormal">
<span style="color: white;"><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt;">CNET last week <a href="http://news.cnet.com/8301-13578_3-57552225-38/senate-bill-rewrite-lets-feds-read-your-e-mail-without-warrants/">discovered
an alternate version of the amendment last week</a> that would have instead
expanded warrantless access to multiple types of online communications of
private citizens, from email to Facebook posts, to 22 different federal
agencies. This would have been a reversal from Leahy’s earlier position,
and may just have been a part of negotiations between the two sides.
Despite pressure from multiple Law Enforcement groups, <a href="https://twitter.com/SenatorLeahy/status/270950457306914816">Leahy
released a statement denying that CNET’s reports were accurate</a>.</span></span></div>
<div class="MsoNormal">
<span style="color: white;"><br /></span></div>
<div class="MsoNormal">
<span style="color: white;"><u><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt;">Barriers</span></u></span></div>
<div class="MsoNormal">
<span style="color: white;"><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt;">Senator Chuck Grassley (R-Iowa), is the ranking Republican on
the Senate Judiciary Committee. Grassley has expressed Law Enforcement’s
perspective that creating new barriers for wiretaps could hamper
investigations. At least one amendment to the proposed legislation is
expected that would create an exception to the warrant process for cases
involving kidnapping, child pornography or violent crimes against women.</span></span></div>
<div class="MsoNormal">
<span style="color: white;"><br /></span></div>
<div class="MsoNormal">
<span style="color: white;"><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt;">This comes after a <a href="http://www.wired.com/threatlevel/2012/08/appeals-court-oks-wiretapping/">Federal
Appeals court okayed Warrantless Wiretapping in August</a>. A three judge
panel of the 9<sup>th</sup> U.S. Circuit Court of Appeals <a href="http://www.ca9.uscourts.gov/datastore/opinions/2012/08/07/11-15468.pdf">wrote
in their decision</a> that “This case effectively brings to an end the plaintiffs’
ongoing attempts to hold the Executive branch responsible for intercepting
telephone conversations without judicial authorization.” The case
involved two American attorneys who were spied on without warrants as a part of
President George W. Bush’s secret terrorist surveillance program.</span></span></div>
<div class="MsoNormal">
<span style="color: white;"><br /></span></div>
<div class="MsoNormal">
<span style="color: white;"><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt;">The case hinged on the issue of Sovereign Immunity. Even
though the United States was breaching its own wiretapping laws, the court
reasoned, the plaintiffs could not bring suit against the government for the
collection of the information itself. The court did leave room for the
plaintiffs to bring suit against the government if the information were used in
some way. The proposed changes to the ECPA wouldn’t affect the Sovereign
Immunity issue, which means citizens still have no real recourse if the
government doesn’t follow its own rules.</span></span></div>
<div class="MsoNormal">
<span style="color: white;"><br /></span></div>
<div class="MsoNormal">
<span style="color: white;"><u><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt;">Not so simple?</span></u></span></div>
<div class="MsoNormal">
<span style="color: white;"><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt;">It’s not surprising that wiretapping has increased as Law
Enforcement has evolved along with the digital age. The surprising part
is that a solution has not come along that helps streamline the warrant
requesting process. The intention behind a warrant isn’t to slow down the
searching process, or even to discourage it, but to ensure that a member of
another branch of government is available to ensure probable cause exists for
the search. According to the ACLU, <a href="http://www.wired.com/threatlevel/2012/09/warrantless-surveillance-stats/?utm_source=Contextly&utm_medium=RelatedLinks&utm_campaign=MoreRecently">warrantless
wiretapping has increased over 600%</a> in the last 10 years. If this
continues, by 2020, the Justice Department may request over 100,000 warrantless
wiretaps. I think a long term question should be whether the already
overburdened court system can handle even more requests in a timely fashion.</span></span></div>
<div class="MsoNormal">
<span style="color: white;"><br /></span></div>
<div class="MsoNormal">
<span style="color: white;"><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt;">No one is saying that the increase in wiretapping is the result
of more crime. Most crime statistics show that over the last decade,
crime rates are down. Why more wiretaps, then? Wiretaps represent
the way our world has changed to be more data driven. There is a longer
paper trail than there used to be, so Law Enforcement has to follow it.</span></span></div>
George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-81777555300297790632012-07-26T11:34:00.000-07:002012-11-30T11:38:51.401-08:00Controversial Cybersecurity Act Vote Coming Soon?<span style="color: #f3f3f3;">This week, House Majority Leader Harry Reid hopes to finally bring
the long awaited Cybersecurity Act of 2012 to the floor for debate.
Senator Joe Lieberman and the four co-sponsors of the Cybersecurity Act <a href="http://hsgac.senate.gov/download/?id=10fe9b7c-5cf4-4282-9170-e625c0f8db7e">introduced a revised version last week</a>,
which they indicate incorporates extensive negotiations with the bill’s
opponents. The Hill’s Technology Blog reports that Senators
Rockefeller and Feinstein are <a href="http://thehill.com/blogs/hillicon-valley/technology/239829-rockefeller-feinstein-canvass-tech-ceos-for-cybersecurity-support">reaching out to key technology CEOs to help lend their support to the bill</a>.</span><br />
<span style="color: #f3f3f3;"><br /></span>
<span style="color: #f3f3f3;">This is great, because if the bill doesn’t get voted on soon, it
won’t happen this year. President Obama has weighed in as well. <a href="http://online.wsj.com/article/SB10000872396390444330904577535492693044650.html?KEYWORDS=Obama+cybersecurity">The President wrote a rare op-ed piece in the Wall Street Journal</a>
to boost support. He writes, “The American people deserve to know that
companies running our critical infrastructure meet basic, commonsense
cybersecurity standards, just as they already meet other security
requirements.”</span><br />
<span style="color: #f3f3f3;"><br /></span>
<span style="color: #f3f3f3;">This is in response to the bill’s critics who have stated that they
would be concerned about the costs to businesses that would be imposed
by the new law. John McCain’s bill, in contrast, focuses on
strengthening the government’s Cybersecurity, but stops short of
mandating that businesses do the same.</span><br />
<span style="color: #f3f3f3;"><br /></span>
<span style="color: #f3f3f3;">All this should be read in light of the larger Cyber conflict that is currently going on. <a href="http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all">New York Times writer David Sanger wrote last month</a>
that an inside source had confirmed what many had suspected, that the
Obama administration had ordered a cyber attack against Iranian
enrichment facilities.</span><br />
<span style="color: #f3f3f3;">Maybe this was a good thing. There was no loss of life that we know
of, compared to a conventional military strike against Iranian
facilities. A Cyber retaliation from the Iranians or their allies would
have also been limited to computer infrastructure.</span><br />
<span style="color: #f3f3f3;"><br /></span>
<span style="color: #f3f3f3;">But the new Cybersecurity bill needs to be read in light of the fact
that the US government dropped the most sophisticated Cyberweapon on the
world that we have ever seen. It’s been analyzed and perhaps
reproduced by other countries. And unlike a physical war where
proximity to a conflict means greater risk, businesses are on the front
lines of a Cyber conflict. At a psychological level, most businesses
don’t have the same outlook that a business in a war torn country might
perceive their situation.</span><br />
<span style="color: #f3f3f3;"><br /></span>
<span style="color: #f3f3f3;">The reality of Cybersecurity in America is that it’s not just stolen
identity that businesses need to worry about. in November of 2011, for
the first time, Robert Bryant, U.S. National Counterintelligence
Executive <a href="http://www.odni.gov/reports/20111103_report_fecie.pdf">released a report naming China as the world’s leading source of economic espionage</a>,
with Russia coming in a close second. The reality is that by attacking
an economy is the equivalent of holding a government hostage, as the <a href="http://www.zdnet.com/blog/security/coordinated-russia-vs-georgia-cyber-attack-in-progress/1670">Russians did against Georgian banks in 2008</a>.</span><br />
<span style="color: #f3f3f3;"><br /></span>
<span style="color: #f3f3f3;">Cybersecurity laws need to play catch up to the current state of the
world where a rogue nation like Iran or North Korea with nothing to lose
economically could lanuch a terrorist like attack against small or
medium sized businesses with very weak defenses and wreak havoc.
Unfortunately, the news today indicates that the bill is being fought on
mostly partisan lines despite months of compromise that went into the
new bill. Senator McCain wants to delay the bill and <a href="http://heritageaction.com/2012/07/key-vote-alert-no-cybersecurity-act-2012/">Heritage
Action, a conservative advocacy group related to the Heritage
Foundation indicated it will track lawmakers votes on their key vote
scorecard</a>.</span>George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-25259070456198536692012-06-05T08:47:00.000-07:002012-06-05T11:09:12.058-07:00What happens when a public company has your private data?<h4>
<br /></h4>
<div class="MsoNormal" style="color: #eeeeee;">
<span style="font-family: "Arial","sans-serif"; font-size: 10pt; line-height: 115%;">What happens when a public company has your private data? It used to be that Facebook was owned and operated by a private citizen. Sure it was fun to question his motives. Those were the days. Maybe it wouldn’t
have changed if Facebook shares had started to skyrocket from the getgo,
but they didn’t. And now they have
shareholders to think about. So what
happens to Privacy when Facebook shares drop like an anchor? </span></div>
<div class="MsoNormal" style="color: #eeeeee;">
<br /></div>
<div class="MsoNormal" style="color: #eeeeee;">
<span style="font-family: "Arial","sans-serif"; font-size: 10pt; line-height: 115%;">The shareholders start to yank the leash. </span></div>
<div class="MsoNormal" style="color: #eeeeee;">
<br /></div>
<div class="MsoNormal" style="color: #eeeeee;">
<span style="font-family: "Arial","sans-serif"; font-size: 10pt; line-height: 115%;">This week, Facebook
announced they will start allowing individuals under the age of 13 to join its site. A bit of background here, most Internet
companies have policies against catering to kids younger than 13, not because
they care about the kids, but because they have to comply with a set of guidelines
called the <a href="http://en.wikipedia.org/wiki/Child_Online_Protection_Act">Children's Online Privacy Protection Act or COPPA</a>.
COPPA requires service providers to verify that they have their parent’s
consent, usually by taking a credit card number or having their parents call a
telephone number.</span></div>
<div class="MsoNormal" style="color: #eeeeee;">
</div>
<div class="MsoNormal" style="color: #eeeeee;">
<span style="font-family: "Arial","sans-serif"; font-size: 10pt; line-height: 115%;">To sweeten the IPO, look at the changes
they made in the final weeks before their IPO.
They announced <a href="https://www.facebook.com/note.php?note_id=10151726574510301">a major change to their privacy policy</a>. They will now “retain data for as long as
necessary to provide services to users and others”. This is after <a href="http://mashable.com/2011/10/21/facebook-deleted-data-fine/%20">FB was fined $138,000 in 2011 inIreland for keeping a deleted user’s data</a>.</span></div>
<div class="MsoNormal" style="color: #eeeeee;">
<br /></div>
<div class="MsoNormal" style="color: #eeeeee;">
<span style="font-family: "Arial","sans-serif"; font-size: 10pt; line-height: 115%;">Now back to children under 13. Zuckerberg was quoted in 2011 with saying
that kids should be allowed on Facebook.
Not for selfish reasons, of course, but because he thinks that it could
help with their education. Because they
can learn a lot from other students. And
why not allow kids on Facebook? Lots of
parents create accounts for their kids while they are still in the womb…like
the Superbowl commercial for Google where the parents create an account and
start emailing their child pictures and stories.</span></div>
<div class="MsoNormal" style="color: #eeeeee;">
<br /></div>
<div class="MsoNormal" style="color: #eeeeee;">
<span style="font-family: "Arial","sans-serif"; font-size: 10pt; line-height: 115%;"><a href="http://thehill.com/blogs/hillicon-valley/technology/230807-lawmakers-question-facebooks-membership-plans-for-children">Lawmakers are highly concerned </a>that
Facebook is opening up to children under 13 to create a whole new market of
potential advertises for themselves. You
can already sell targeted ads by age group, so why not start targeting kids
with more sugar cereals and toys and movies.
Because maybe kids don’t watch so many commercials anymore. Thanks TiVo!</span></div>
<div class="MsoNormal" style="color: #eeeeee;">
<span style="font-family: "Arial","sans-serif"; font-size: 10pt; line-height: 115%;"><br /></span></div>
<div class="MsoNormal" style="color: #eeeeee;">
<span style="font-family: "Arial","sans-serif"; font-size: 10pt; line-height: 115%;">Of course, Facebook also announced that they will allow their users to vote on the new change. To be binding on the company, whatever the vote turns out, 30% of the users or 270 million people need to click. US National voter turnout in 2010 was only about 37% and only 90 million people voted. Only Facebook knows how many of their 900+ million users are very active on the site, my guess is that it is probably less than 50%, but it would be astounding that enough people would vote, for or against, the privacy policy changes. So one might ask...is the vote just going through the motions?</span></div>George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-12878883991056361052012-06-05T07:34:00.001-07:002012-06-05T08:20:51.950-07:00Obama ordered StuxnetAccording to an upcoming book by New York Times chief Washington correspondent, David Sanger, <a href="https://www.securityweek.com/obama-ordered-use-stuxnet-acceleration-cyber-attacks-against-iran?goback=.gmp_3551517.gde_3551517_member_120539954">it was Obama who ordered the Stuxnet attack against Iran's nuclear program</a>. <br />
<br />
This isn't really a surprise, since most people believed the US to be behind the attack, but it does continue Obama's M.O. of preferring special forces over direct and prolonged engagements.<br />
<br />
If true, the real motivation for the attack was to prevent further escalation of a conflict. Had the virus not been discovered, perhaps the belief was that Iran would have assumed that the failures were accidental or that the virus wasn't targeted. After all, the world had never seen such a directed cyber attack before.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-83081567969476697932012-05-08T14:36:00.003-07:002012-05-08T14:36:59.208-07:00<a href="http://www.npr.org/2012/05/08/152219617/bill-would-have-businesses-foot-cost-of-cyber-war">Interesting article on NPR about whether businesses should foot the bill for a Cyber War</a>.<br /><br />The Lieberman-Collins bill before congress would help pay to secure the nation's critical infrastructure like the power grid, water treatment plants, and the financial system. Does the government have a duty to protect the rest of the country?<br /><br />I think it's a great question. One reason, the first sentance of this blog post - it's not "A" cyber war that we're talking about here...we can't talk about it like it isn't already happening. It's the current cyber war. If a city was hit by a tornado or hurricane, there is always disaster assistance that is available. It's important to a country, especially during a war to help rebuild so that the country can keep on functioning.<br /><br />Another reason - can a small business really protect itself from a cyber attack from a government?<br /><br />On the flip side of the issue of course, is risk tolerance. Businesses don't take security seriously largely because they don't need to. The only reason some companies have security programs is so they can comply with the Payment Card Industry Data Security Standards (PCI-DSS), and even then it is largely ignored (as we saw was the case with Sony last year). People are excellent judges of risk. As identity theft grows, they will tend to get better at creating passwords. Businesses, too, need to learn from these issues. But until the WAll Street Journal is covering a story about how a fortune 500 company closed it's doors because of a security breach, businesses won't invest what they need to to protect themselves. Despite Sony's breach last year, they are still in business and their stock seems to have been barely effected.<br /><br />If the government steps in, then, and prevents businesses from having to deal with the ramifications of a security threat, then businesses never will treat the issue seriously.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-36023119023528085882012-04-30T07:15:00.000-07:002012-04-30T07:16:39.793-07:00Facebook "Likes" Not Protected Speech?ArsTechnica has a great summary of the case of Bland v. Roberts, <a href="http://arstechnica.com/tech-policy/news/2012/04/facebook-likes-arent-speech-protected-by-the-first-amendment-rules-judge.ars">which has ruled that Facebook "Likes" are not protected speech under the 1st Amendment</a>. The case was decided in the Eastern District Court of Virginia, so it could be appealed a couple of times before hitting the Supreme Court... There have been lots of other cases where something didn't have to actually constitute speech to be protected under the 1st Amendment, so it isn't clear if this case would stand if appealed.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-21230478385908271632012-04-30T07:01:00.001-07:002012-04-30T07:16:11.005-07:00CISPA Defections BeginAn update on my last post, <a href="http://www.hacklaw.com/2012/04/cispa-governments-consolation-prize-for.html">CISPA - The Government's consolation prize for not passing SOPA,</a> it looks like the measure has already lost some of its original supporters. According to a story on TheHill.com, seven of the original cosponsors of the Cyber Information Sharing and Protection Act (CISPA) abandoned ship and voted "No" on the bill. <br />
<br />
http://thehill.com/blogs/hillicon-valley/technology/224339-six-cosponsors-of-cispa-cybersecurity-bill-voted-against-it<br />
<br />
<br />George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-3321558959685996752012-04-27T12:16:00.002-07:002012-04-27T12:18:57.034-07:00CISPA - The Government's consolation prize for not passing SOPAYesterday, the U.S. House of Representatives passed the <a href="http://www.gpo.gov/fdsys/pkg/BILLS-112hr3523rh/pdf/BILLS-112hr3523rh.pdf">Cyber Intelligence Sharing and Protection Act (CISPA)</a>. While the bill was introduced with bibartisan sponsors, the bill passed the house on mostly party lines...Republican "yes" votes were 206 and Democrat "No" votes were 140. Both sponsors were the ranking members of the House Intelligence Committee. 42 democrats supported the bill while 28 republicans were against it, including Republican U.S. representative and presidential candidate Ron Paul who called it "Big Brother writ large". President Obama has threatened to veto the legislation if it remains in its current form, but Obama waffled on his support of SOPA, so who know what could happen in an election year.<br />
<br />
Some questions:<br />
<br />
Why would this bill be fast-tracked while other data security bills or data privacy bills have been stymied for years?<br />
<br />
Does this bill simply legalize the warrantless wiretapping that is already being done throughout the country?<br />
<br />
Rather than being an attack on the first amendment like SOPA, CISPA attacks the fourth amendment to the constitution. The Fourth Amendment of the Constitution says:<br />
<br />
<blockquote class="tr_bq">
<blockquote class="tr_bq">
<blockquote class="tr_bq">
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.</blockquote>
</blockquote>
</blockquote>
<br />
A good question to ask might be what is an unreasonable search? For Law Enforcement, if you see someone in public committing a crime, they can act. Why is there an expectation of privacy for communications over Facebook? Over email? It is probably very reasonable to expect that Law Enforcement can look at all publicly available information on Facebook. Is it reasonable to let them look at information that a user has expressly defined as private? Keep in mind that no one is saying that Law Enforcement can't get a warrant to access the information.<br />
<br />
Of course, none of these questions are posed in the bill. Instead, CISPA purports to create a more secure Internet. How does it attempt to do this? <a href="http://paranoia.dubfire.net/2012/04/congressmen-pushing-awful-cybersecurity.html">One blogger site took Representatives Rogers and Ruppersberger to task</a> over their own lack of security on their congressional web pages, including broken certificates, lack of HTTPS and broken links. <br />
<br />
<a href="http://news.cnet.com/8301-31921_3-57422693-281/how-cispa-would-affect-you-faq/?tag=mncol;topStories">CNET has a great breakdown of how CISPA would impact an individual citizen.</a><br />
<br />
When asked about whether the government could use this private information to spy on its own citizens, one Representative, Dan Boren (D-Oklahoma) said: "The government is not the enemy." I don't think this would be comforting to most Americans, given the low approval rating of Congress right now.<br />
<br />
So why isn't there greater oposition from all the same organizations that were against SOPA? One answer might be that SOPA requred a lot of intervention on the part of search engines or payment processors (think Google, Yahoo, PayPal, etc.) They would have had to have dedicated people to respond to requests and to develop technology to help respond. CISPA would mostly impact ISPs, who in large part support the legislation.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-91915534033768676032012-03-29T07:00:00.001-07:002012-03-29T07:02:02.001-07:00America losing the Cybersecurity war?Interesting blog post on Computerworld today:<br /><br /><a href="http://blogs.computerworld.com/19951/cybersecurity_america_is_losing_the_war_china_hacked_every_major_us_company?source=CTWNLE_nlt_pm_2012-03-28">http://blogs.computerworld.com/19951/cybersecurity_america_is_losing_the_war_china_hacked_every_major_us_company?source=CTWNLE_nlt_pm_2012-03-28</a><br /><br />Lots of doom and gloom.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-8930276278386844552012-03-19T11:53:00.005-07:002012-03-19T11:59:29.139-07:00McCain vs. Lieberman - SecureIT vs. Cybersecurity Act of 2012Senator John McCain along with 5 other Republican senators released their counterproposal to the Lieberman-Collins <a href="http://www.google.com/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=4&ved=0CGEQFjAD&url=http%3A%2F%2Fwww.hsgac.senate.gov%2Fdownload%2Fthe-cybersecurity-act-of-2012-s-2105&ei=mXZnT6PbHLL_sQKgvsS3Dw&usg=AFQjCNFcINkBdUwgbIBbiJsbGRZNk6fXJg">Cybersecurity Act of 2012</a> released last month. The bill is called the <a href="http://commerce.senate.gov/public/?a=Files.Serve&File_id=e1244f6d-24ac-44b0-872e-61e1ce6509e6">Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology (Secure IT) Act</a>. Let me start by saying that when I see a bill that cleverly named so as to have an acronym that is readable, I immediately wonder how serious the authors of a bill are about its passage. I can't think of any bills off the top of my head that have actually passed that have been so named. HIPAA? Sarbanes Oxley? Digital Millenium Copyright Act?<br /><br />I'm not sure how long it took McCain and the other Senators to write their counterproposal bill. It isn't clear whether the bill was already in progress or whether they started last month after hearing about the competing legislation. In any event, McCain’s bill was introduced only a week after the Lieberman bill. <a href="http://www.wired.com/threatlevel/2012/02/cybersecurity-act-of-2012/">The Lieberman purports to have been the result of 3 years of negotiation and research.</a> Mostly, the McCain bill appears to be a hodgepodge of the Cybersecurty Act of 2012 and other preexisting bills, with a ton of deletions and insertions of partisan elements.<br /><br />Let’s look at the similarities and differences between the two bills:<br /><br />Both bills have some provision for a Federal Cyber Scholarship-for-service program. The McCain bill copies word for word the first paragraph of the Lieberman bill. Where the Lieberman bill has provisions for how many scholarships are to be given (1,000) and provides for full tuition, the McCain bill provides no guidance on how many scholarships will be given, and only provides for tuition for 2 years of study. The Lieberman bill requires students to enter into a commitment for the same amount of time they spent in school, while the McCain bill requires one and a half times.<br /><br />If I were a student, I’m not sure I’d be interested in the McCain offer. Less money for longer indentured servitude? Unfortunately, not many students would be able to sign up for the McCain proposal, since the McCain bill specifies that no additional funding will be allocated for Cybersecurity. This means that any money for scholarships would have to be carved out of departments individual budgets…presumably why the McCain bill doesn’t specify a specific number of scholarships. Presumably that number would be close to 0.<br /><br />No new funding is problematic where issues of national security and defense come into play. If the national air traffic control network, for example, needs to be completely scrapped and a new secure network needs to be deployed, how could that be accomplished under the McCain bill? The FAA would have to carve that out of its budget, and small upgrades would have to happen over a long period of time. This is perhaps why Lieberman and Rockefeller have been so outspoken in their criticism of the McCain bill since the counterproposal.<br /><br />The Lieberman bill has several sections that the McCain bill is missing entirely:<br /><br /><ul><br /><li>Information Sharing<br /></li><br /><li>Public Awareness Reports<br /></li><br /><li>International Cooperation<br /></li></ul>The Lieberman bill creates affirmative authorities to monitor and defend against cybersecurity threats and allows for coordination of cyber issues within the US government. It addresses FISMA and attempts to address Federal agency purchasing and planning for Information Security, and explicitly discusses savings. It has considerations of international coordination. Finally, it creates the notion of Federal and non-Federal Cybersecurity Exchanges which would allow for the sharing of both classified and non-classified information. The Lieberman bill seems to be attempting to address the issue with Federal agencies claims that they were not allowed to share information prior to September 11th, 2001, one of the main drivers behind the Patriot Act and the creation of the Department of Homeland Security.<br /><br />The McCain bill has several sections that the Lieberman bill is missing:<br /><br /><ul><br /><li>High Performance Computing</li><br /><li>Criminal Penalties</li></ul><br />The Lieberman bill only mentions High Performance Computing once to make one small amendment while the McCain bill focuses on it for several pages. My only thought here is why? McCain’s changes to the High Performance Computing act of 1991 don’t even really have anything to do with security. The changes mostly read as funding modifications, which make me think this whole bill is about pork, and not security.<br /><br />The Criminal Penalties section amends the Computer Fraud and Abuse Act, but mostly focuses on stiffening penalties and forfeiture of property directly or indirectly gained by said fraud and abuse. While these are okay goals of the act and could potentially be added to the Lieberman bill, the miss the point of the reality of hacking today. The most successful hackers operate internationally and are very difficult to capture. The McCain bill does nothing to address this new reality.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-55055709952323190752012-02-23T07:21:00.000-08:002012-02-23T07:33:19.221-08:00Obama proposes Privacy Bill of RightsToday, the White House <a href="http://www.whitehouse.gov/sites/default/files/privacy-final.pdf">released it's proposal for a Privacy Bill of Rights</a>. The press release is entitled "<a href="http://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rights">We Can't Wait</a>". Sound familiar? It's because <a href="http://www.hacklaw.com/2011/08/privacy-bill-of-rights.html">John Kerry and John McCain proposed this last summer</a>.<br /><br />Obama's proposal goes much further in terms of scope. The proposal includes several key principles:<br /><br /><strong>1. Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.</strong> Companies should provide consumers appropriate control over the personal data that consumers share with others and over how companies collect, use, or disclose personal data. Companies should enable these choices by providing consumers with easily used and accessible mechanisms that reflect the scale, scope, and sensitivity of the personal data that they collect, use, or disclose, as well as the sensitivity of the uses they make of personal data. Companies should offer consumers clear and simple choices, presented at times and in ways that enable consumers to make meaningful decisions about personal data collection, use, and disclosure. Companies should offer consumers means to withdraw or limit consent that are as accessible and easily used as the methods for granting consent in the first place.<br /><strong>2. Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.</strong> At times and in places that are most useful to enabling consumers to gain a meaningful understanding of privacy risks and the ability to exercise Individual Control,companies should provide clear descriptions of what personal data they collect, why they need the data, how they will use it, when they will delete the data or de-identify it from consumers, and whether and for what purposes they may share personal data with third parties.<br /><strong>3. Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data. </strong>Companies should limit their use and disclosure of personal data to those purposes that are consistent with both the relationship that they have with consumers and the context in which consumers originally disclosed the data, unless required by law to do otherwise. If companies will use or disclose personal data for other purposes, they should provide heightened Transparency and Individual Control by disclosing these other purposes in a manner that is prominent and easily actionable by consumers at the time of data collection. If, subsequent to collection, companies decide to use or disclose personal data for purposes that are inconsistent with the context in which the data was disclosed, they must provide heightened measures of Transparency and Individual Choice. Finally, the age and familiarity with technology of consumers who engage with a company are important elements of context. Companies should fulfill the obligations under this principle in ways that are appropriate for the age and sophistication of consumers. In particular, the principles in the Consumer Privacy Bill of Rights may require greater protections for personal data obtained from children and teenagers than for adults.<br /><strong>4. Security: Consumers have a right to secure and responsible handling of personal data.</strong> Companies should assess the privacy and security risks associated with their personal data practices and maintain reasonable safeguards to control risks such as loss; unauthorized access, use, destruction, or modification; and improper disclosure.<br /><strong>5. Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.</strong> Companies should use reasonable measures to ensure they maintain accurate personal data. Companies also should provide consumers with reasonable access to personal data that they collect or maintain about them, as well as the appropriate means and opportunity to correct inaccurate data or request its deletion or use limitation. Companies that handle personal data should construe this principle in a manner consistent with freedom of expression and freedom of the press. In determining what measures they may use to maintain accuracy and to provide access, correction, deletion, or suppression capabilities to consumers, companies may also consider the scale, scope, and sensitivity of the personal data that they collect or maintain and the likelihood that its use may expose consumers to financial, physical, or other material harm.<br /><strong>6. Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.</strong> Companies should collect only as much personal data as they need to accomplish purposes specified under the Respect for Context principle. Companies should securely dispose of or de-identify personal data once they no longer need it, unless they are under a legal obligation to do otherwise.<br /><strong>7. Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.</strong> Companies should be accountable to enforcement authorities and consumers for adhering to these principles. Companies also should hold employees responsible for adhering to these principles. To achieve this end, companies should train their employees as appropriate to handle personal data consistently with these principles and regularly evaluate their performance in this regard. Where appropriate, companies should conduct full audits. Companies that disclose personal data to third parties should at a minimum ensure that the recipients are under enforceable contractual obligations to adhere to these principles, unless they are required by law to do otherwise.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-43937977633862540942012-02-22T13:23:00.000-08:002012-02-22T13:46:11.776-08:00McCain Disses the Department of Homeland Security, Dashes Hopes for Security Bill in 2012Senator John McCain last week <a href="http://www.wired.com/threatlevel/2012/02/cybersecurity-act-of-2012/">dissed the Department of Homeland Security</a>, stating that the NSA is better suited to preventing cyberattacks. Wait, what? The NSA has tremendous cyber capabilities, don't get me wrong. But wasn't DHS formed to prevent the kinds of bureaucratic nightmares of sharing information between agencies. The DHS has a National Cybersecurity Center charged with protecting US Government communications networks.<br /><br />This comes after a bipartisan committee of Senators including Joe Lieberman, Jay Rockafeller, and Susanne Collins brought a new bill last week that, at least on paper, had a good chance of passing this year. McCain and 8 other Senators rushed to criticize the bill, potentially dashing any hopes of passing a Cybersecurity bill this year. This bill is purported to have incorporated many of the proposals on Cybersecurity over the past several years, so potentially it was on the fast track to passage...and maybe it still does.<br /><br />The Senator could have just as easily said that the FBI should be in charge of preventing cyberattacks. The issue of CyberSecurity is like a hot potato. Should the Department of Defense and the NSA have the ball? Or DHS and the NCS? Or the Department of Justice and the FBI? How do you determine whether an attack is coming from a government or an individual? A crime syndicate or a hacktivist group? Ultimately prevention and education, like this bill supports, are the best ways of keeping us all out of trouble...aside from unplugging our computers. Hopefully that doesn't get lost.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-35763781869556237512012-01-25T12:39:00.000-08:002012-01-25T13:05:40.635-08:00EU updates privacy policyYesterday, Google announced a major overhaul of <a href="http://www.npr.org/blogs/thetwo-way/2012/01/25/145830858/googles-new-privacy-policy-will-allow-tracking-across-services">it's privacy policy </a>to some loud criticism.<br /><br />It's nice to see today that the EU has come out with its own updates to <a href="http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf">its privacy policy</a>.<br /><br />Let's compare the new EU data privacy rules to the US ones being proposed throughout 2011 in both the House and the Senate, as well as the ones offered by the White House.<br /><br />Probably the biggest difference comes in fines. The EU rules define specific levels of fines for infractions, starting at 0.5% of a corporation's turnover going all the way up to 2%. Keep in mind that this is "turnover" not profit. But the difference here is sharp. The US laws all set caps on damages, from $500,000 to $15,000,000. The US laws don't have any regard to the size of the company...presumably this would be determined by the FTC when they settle a claim. The definitions of how to determine what infractions merit what damages don't exist in the proposed US laws.<br /><br />The EU has a host of other requirements. Every company with more than 250 people is required to have a Data Protection Officer, and there are strict rules around how this new position is to be treated. The position can only be fired for cause, for example. This presumably protects the position from being terminated if they take a hard line approach to privacy. The SAFE Data Act requires the appointment of "an officer as the point of contact with responsibility for the management of information security." In the US the position's tasks aren't defined. This person could be a janitor and still fulfill the requirements of the law. No offense to any janitors out there.<br /><br />The law requires mandatory security assessments and 24 hour turnarounds on breach notifications. It creates the right to be forgotten and creates erasure and data portablility standards. The US takes a different approach to security...it looks at security on an industry by industry basis. While the US has offered up an "<a href="http://www.hacklaw.com/2011/08/privacy-bill-of-rights.html">Online Privacy Bill of Rights</a>", but does nothing for changing the status quo on security assessments or breach notification. While the FTC has issued recent rulings requiring Facebook to have annual security assessments, the feeling seems to be you are assumed to be secure until proven insecure. The better model would be the other way around.George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0tag:blogger.com,1999:blog-4563685163234875305.post-28980239811933246942012-01-24T09:32:00.000-08:002012-01-24T09:40:09.849-08:005th Amendment = Encryption?A woman accused of bank fraud hopes to prevent the contents of her hard drive from being searched with encyrption.<br /><br /><a href="http://technolog.msnbc.msn.com/_news/2012/01/23/10219384-judge-orders-woman-to-give-up-password-to-hard-drive">http://technolog.msnbc.msn.com/_news/2012/01/23/10219384-judge-orders-woman-to-give-up-password-to-hard-drive</a><br /><br />If this were the case, it would quickly become impossible for the criminal justice system to prove a lot of their cases.<br /><br /><p>Interesting theory. The 5th amendment says:</p><br /><p><em>No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; <strong>nor shall be compelled in any criminal case to be a witness against himself</strong>, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.</em><a href="http://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_States_Constitution#cite_note-Bill_of_Rights_from_Cornell_University_Law_School-0"></a></p><br /><p>Looking at the parallel with the physical world, you can't refuse a valid search warrant for your house. Just because you have a safe in the house with a key, doesn't mean the police can't search it.</p><br /><p>Now, if your computer were an artifically intelligent computer, implanted with your memories...then maybe she would have a point.</p>George Finneyhttp://www.blogger.com/profile/10063598534981429001noreply@blogger.com0