Data Privacy Weather Report – News Roundup for 2011
Data privacy is on the firing line this year with Fortune 500 companies in the scope. It’s been a long shot year with the proliferation of organized crime, its merger with global communications, and further development of horizontal markets to sustain profitability.
Data Loss DB tells us that many of this years 197 issues were clearly involving third parties. Just ask Epsilion about hot water, with a media campaign that could ruin any Fortune company. It might be tough to recover from that hit, especially with a smeared web presence.
Dropbox is under the scope of Christopher Soghoian, a very noteworthy privacy advocate. He is closely associated with the FTC, hence the “Request for Investigation and Complaint for Injunctive Relief”. Dropbox tried to patch the hole by modifying its terms of services and I feel strongly about what they have reinforced. The service is primarily one that allows for online storage of data with a benefit to interact with it. How can the service preserve encryption but allow you to interact with it for core features and functionality. Chris basically points out that file deduplication and specific aspects of SAN storage expose data to perceivable forms of less secure conditions.
Round 1 is from Chris, with his Blog posting titled “How Dropbox sacrifices user privacy for Cost Savings”. Chris did make an effort to use Marcia Hoffman to notify Dropbox that a disclosure would take place in 11 days on April 12th. The day before on April 11th, an Attorney called to report that the Privacy terms were under reconstruction, which seems reasonable. The University of Indiana (Soghoian’s School) has quite a bit of Research that I’m fond of, check it out.
Round 2 is from Dropbox, A company founded by two MIT Grads named Drew Houston and Arash Ferdowsi.
“We believe that storing data in Dropbox is far more safe than the
alternatives. We’ve designed Dropbox to protect user data against
threats of all kinds, but we’ve focused on helping users avoid the most
common threats: not having current backups, not having any backups at
all, accidentally deleting or overwriting files, losing USB drives with
sensitive information, leaving files on the wrong computer, etc.”
All I know if that people are bloodthirsty for Data Leaks, and the blows are being thrown by Anonymous entities, and PHD Students with nothing but a blog.
If there is such great concern about Privacy and Standards, why did HR2221 fail to get voted on by the senate? This act would have standardized privacy accross all 50 states and allowed for Attorney Generals to enforce the penalties, just as always. Not all of the folks up at the Federal level are useless in the privacy effort. Just ask Circuit Chief Judge Alex Kozinski who did the coolest thing, pretty much ever. He openly accused his collegues of of being insensitive to the lives of the poor.
Kozinski’s latest salvos came in a dissent Thursday lamenting his court’s refusal to grant en banc review of an opinion finding that police did not violate the Fourth Amendment by sneaking into a suspect’s yard and planting a GPS tracking device on his car. Kozinski’s views on the issues and the vigor with which he expresses them are unusual for a judge who worked in President Ronald Reagan’s White House and was appointed to the court by Reagan as well. However, Kozinski is well known for his libertarian leanings.
Thats just part of his filing with the Ninth Circuit of Appeals which says things that I abosolutely love such as:
When you glide your BMW into your underground garage
or behind an electric gate, you don’t need to worry that somebody
might attach a tracking device to it while you sleep. But
the Constitution doesn’t prefer the rich over the poor; the man
who parks his car next to his trailer is entitled to the same privacy
and peace of mind as the man whose urban fortress is
guarded by the Bel Air Patrol. The panel’s breezy opinion is
troubling on a number of grounds, not least among them its
unselfconscious cultural elitism (shwing!).
Chris wins the award this week for unleashing this war on DropBox. I sincerely hope he is not associated with any large Remote Backup providers like Mozy, that would be spicy. I feel like we still owe him a pat on the back for his uncovering of a sliver of the Governments spying operations with US Cellular Phone Providers like Sprint PCS. At the government’s request, the phone company will send out a signal to any cell phone connected to its network, and give the police its location. Last year, law enforcement agents pinged users of just one service provider—Sprint—over eight million times.
See Christopher Soghoian, 8 Million Reasons for Real Surveillance Oversight, Slight Paranoia (Dec. 1, 2009). The volume of requests grew so large that the 110-member electronic surveillance team couldn’t keep up, so Sprint automated the process by developing a web interface that gives agents direct access to users’ location data.