7 Sources of Data Breaches You’ll Never Hear About: Your Browser
Posted by Titus in Data Breaches on March 17th, 2011
Your Stored Passwords: Not exactly secured. Licensed from Stock Exchange.
Laptops, desktop computers and smartphones all have built-in internet browsers. A typical browser can store hundreds of passwords and usernames, credit card numbers, contact information, and browsing history. Even though we use our smart phone browsers to do a significant number of online transactions, typical smart phone browsers do not allow users the same degree of privacy control as desktop browsers.
7 Sources of Data Breaches You’ll Never Hear About: Your Phone
Posted by Titus in Data Breaches on March 15th, 2011
Smart phones are now portable computers which just happen to make calls. Licensed from Stock Exchange.
Remember when cell phones were telephones? Those days are long gone. The current generation of smart phones are powerful computing devices which just happen to also make phone calls.
A Message From Walgreens
Posted by Titus in Data Breaches on December 12th, 2010
A friend of mine recently received the following email from Walgreens:
December 10, 2010
Dear Valued Customer,We recently became aware of unauthorized access to an email list of customers who receive special offers and newsletters from us. As a result, it is possible you may have received some spam email messages asking you to go to another site and enter personal data. We are sorry this has taken place and for any inconvenience to you.
Read the rest of this entry »
The Four Most Fundamental Challenges to Privacy of 2010
EPIC Privacy 2010 Election Campaign Comments
Wednesday October 13, 2010; 8:30 – 10:00 AM
The Mott House, 122 Maryland Avenue NE
Thank you for having me here today. My name is Aaron Titus. I am an attorney and the Privacy Director for the Liberty Coalition. The Liberty Coalition works with more than 80 partner organizations from across the political spectrum on transpartisan issues to preserve the Bill of Rights, personal autonomy and individual privacy. The Liberty Coalition works with, but does not speak on behalf of our partners.
We have heard about several substantial policy issues today. I would like to focus on some of the underlying reasons that Privacy has an uphill battle. The Four Most Fundamental Challenges to Privacy in 2010 are:
- The False Notion that one can “Own” Personal Information
- The Failed Notice and Consent Legal Regime
- Erosion of the Definition of Privacy
- The Two Mortal Enemies of Privacy: Convenience and Fear
PHP Code to Select an Option After a Form Post
I have a couple of php pages with $_POST[] forms which I validate (using PHP). If the form fails validation (ie, the user fails to enter an email address), then the user is brought back to the same page, where he is asked to re-submit the missing or incorrect information. The form also has radio buttons and drop-down forms, and I don’t want to make the user re-select those radio buttons or drop-down entries. So this is my solution: Read the rest of this entry »
General Conference Themes
I thought it would be interesting to do a series of Wordle tag clouds to analyze themes of the October 2010 General Conference of the Church of Jesus Christ of Latter-day Saints. I have posted word clouds here that will help visualize the major themes of each talk, session, and the conference as a whole: Read the rest of this entry »
Visualization of the Relief Society General Meeting
Here are the Wordle visualizations of the October 2010 Relief Society General Meeting talks. Visit the overview for the entire October 2010 General Conference Visualization by session. Read the rest of this entry »
NSTIC at a Crossroads
Updated January 11, 2011. After the January 7, 2011 NSTIC conference at Stanford, I revisited this blog, which originally posted after an October, 2010 conference call with representatives from the FTC, DHS and the White House cybersecurity staff. The topic was the emerging National Strategy for Trusted Identities in Cyberspace (NSTIC). They are a dedicated staff with a thankless job. My hat is off to them for reaching out to me and other privacy advocates.
NSTIC is a high-level national plan to in for trustworthy, virtual identities. The goals of NSTIC are ostensibly to:
- Secure online transactions.
- Provide high levels of identity assurance online
- Foster innovation and new services
- Improve Privacy
If done correctly, NSTIC could indeed improve privacy. If done incorrectly, NSTIC could have a devastating effect on privacy, create centralized Identity Reporting Agencies, analogous to today’s Credit Reporting Agencies, all without functionally improving security. Read the rest of this entry »
Online Ad Networks Should Give Periodic PII PSAs
Dear FTC,
I’d like to propose the following idea to regulate online and behavioral advertising and networks: Any ad network which collects user information across more than one website should be required to occasionally display a Public Service Announcement (PSA) instead of an advertisement. The PSA should be a standard format and include a notice something like this:
“XYZ Corp collects information about your computer as you visit websites within our advertising network. You have a right to know how we collect this information, a right to periodically inspect, amend, or delete the information. We use the following methods to collect information:
- Browser Fingerprinting [link to more information]
- Behavioral Analysis [link to more information]
- Cookies and Other Client-Side Object [link to more information]
- …etc.
We have collected the following information about this computer:
- Browser History [click to inspect] [click to delete]
- Screen Resolution
- Operating System
- Google search terms
- Website Visit Length
- …etc.
There is a world of personal information flowing beneath our feet. My identity is bought, sold, analyzed and re-analyzed across the world in milliseconds. Notwithstanding that my identity is an passive participant in this shadow world, my fleshy identity is actively kept out.
Perhaps a periodic Personal Information Public Service Announcement might be a step to allow me to re-take control of my identity.
Draft NSTIC Request
The White House and Department of Homeland Security have recently released a public draft of the National Strategy for Trusted Identity in Cyberspace (NSTIC). The NSTIC outlines an ambitious identity management strategy for the United States, but public discussion has been extremely limited. The NSTIC is a very significant policy document which may have an impact on internet commerce, online speech, identity management, identity trust frameworks, and online anonymity. We, the undersigned, are concerned that the current public comment period is insufficient for a policy document of this magnitude and request an extension of the public comment period in order to pursue public dialog.
A policy of this magnitude should be given at least a 90 day public comment period. However, public discussion has been limited and the discussion period is almost over. Therefore, we request that the public comment period be extended for at least 30 days to facilitate more robust public discussion. We also request that subsequent public comment periods on this topic extend for at least 90 days.
We are concerned that the NSTIC is silent on an implementation timeline and other significant details currently missing from the draft. We request clarification on the agency’s proposed timeline and process. We also request an opportunity to convene an in-person discussion with an appropriate White House or DHS official to discuss this important matter and engage in further public discussion.
We look forward to supporting your efforts to engage a robust public discussion on the NSTIC.