Privacy Ain't What it Used to Be

Posted on March 27, 2010 by Peter S. Vogel

A recent report that Web 2.0 (Facebook, Twiter, MySapce, et al) continues to encourage friends to share private information at an alarming rate is hardly a surprise. Research at a number of universities demonstrates that things are probably worse than most people image. For instance, the 2009 paper entitled “Predicting Social Security numbers from public data” from Carnegie Mellon explained how easy it is to predict patterns of data that leads to accurate predictions of Social Security numbers (SSNs) and birth dates from public data. Cyber thieves are taking advantage of the personal information on the Internet as we are well aware.

Electronic Health Records (EHRs)

To make matters more interesting the expansion of EHRs over the next four years will expose more personal medical information on the Internet. The US deadline of 2015 implementing all EHRs may sound great to some, but we should be concerned about how well that personal information is protected. Actually the EHRs may make the personal information a bigger target to cyber thieves. Recent warning about cyber threats from the FBI and DHS should make us all uneasy.

SSNs Used for Personal Identification

As many of us remember for many years health insurance companies used SSNs for their insureds’ account numbers and a number of states used SSNs for drivers’ license numbers.  So there are millions of historic records on US citizens that include SSNs. As a matter of fact, millions of Internet court records include divorce decrees, motions, and affidavits with SSNs, drivers’ license numbers, credit card numbers, and bank account numbers. Many states now limit posting of this personal information on the Internet, but records from the past abound with personal information. Given our open government view of open records laws which sprang forth after Watergate in 1972 most people think government and court records should be open, but a hidden danger lurks in protecting personal information within those court records.

Tags: , ,

China: Cyberterror or Academic Research?

Posted on March 22, 2010 by Peter S. Vogel

A Chinese graduate student’s “paper on how to attack a small U.S. power grid sub-network in a way that would cause a cascading failure of the entire U.S.” was recently reported to the US House Foreign Affairs Committee. The paper entitled “Cascade-Based Attack Vulnerability on the U.S. Power Grid” was published in Safety Science a year ago. American scientists who read the paper agreed that there was no way that the power grid could be taken down as explained in the paper. Famous last words! The US is barely managing Cybersecurity and this paper should give us all pause to consider the implications.

Google Set to Depart

China is demanding that Google obey Chinese law as it departs which seem imminent now. Since Google entered China in 2006 it has been censoring content just as “China routinely blocks Internet content, shutting off access to sites such as Facebook, YouTube and Twitter.” The dominant search engine in China, Baidu continues to be successful albeit with Chinese censorship. Time will tell about other US based Internet companies such as Microsoft and whether they will stay in China and participate in Chinese censorship.

Chinese Media Furor

A recent report about a Chinese provincial Governor’s response to a scandal led to “rare display of unity, journalists, lawyers, academics and activists posted a letter of protest on the Internet demanding the Governor’s resignation.” Li Hongzhong, the Governor of Hubei Province, was incensed that a reporter had the gall to question him about a waitress at a karaoke bar killed a government official in self-defense. The waitress was later released and the Governor got a lot of heat on the Internet. Given the economic power and population, the Internet will continue to impact China whether the Chinese government wants the Internet impact or not.

Tags: , , , ,

Web 2.0 Update - Facebook Surpasses Google

Posted on March 19, 2010 by Peter S. Vogel

Hitwise reports that Facebook became the most visited website in the US for the first time. Kind of takes your breath away that a social media site is getting more traffic than the largest search engine in the US. Since Facebook just went over 400 million users this was probably inevitable, but since Facebook is also starting its own email system, Titan, it’s likely Facebook traffic will continue to expand.

Internet Jurisdiction Makes Life Interesting

My friend Victoria Van Buren blogged about my Texas Bar Journal Article for March about Internet Jurisdiction, but the March 2010 issue is entitled “The Attorney and Social Media” and here are other articles of interest:

My friend John Browning organized these articles which I think are most timely and interesting.

3rd Circuit Bars Child Porn Prosecution of Teen in Sexting Photo

Some headline in the ABA Journal that “upheld an injunction that bars the child pornography prosecution of a teen girl in Pennsylvania who appeared topless in a photo that ended up on high school students’ cell phones.” The court did reach the question whether sexting photos are free speech protected under the First Amendment because the prosecutor over-reacted and threatened the teenager. Unfortunately we will continue to see more sexting cases as Web 2.0 grows whether we like it or not.

Tags: , , ,

Google Woes in the EU Include Conviction for Executives Over Video Posting

Posted on March 13, 2010 by Peter S. Vogel

The recent conviction of 3 Google executives in Italy for a video posted on Google which showed the bullying of a disable teenager captured many headlines. No question that the video was in poor taste and Google took the video down within 24 hours of its posting after Google got 2 complaints. The conviction of the Google’s global privacy counsel, Peter Fleischer and two other executives raises significant issues. A fourth Google executive was acquitted, and Google plans to appeal these convictions. Does it make sense that Google, or any other ISP (Internet Service Provider), be liable for content posted over which the ISP has no control? The US Communications Decency Act of 1996 protects ISPs from liability since they have no control over content posted. How Google fares with these convictions may have an interesting impact on ISPs around the world.

Google Street View May Breach EU Law

Only to make things more complicated recent reports that the Google’s Street View violates EU Data Protection laws since they retain the images for too long. As well it was reported that “Switzerland’s data-protection agency in November sued Google for allegedly failing to comply with proposals to make it harder to identify people and cars on Street View.” Of course disputes regarding Street View are not new since claims of breach of privacy have been under way since at least 2008 in Japan.

Google has More EU Antitrust Problems

ComScore recently reported that Google has about 79% of the searches in the EU and the EU renewed its investigation about Google anticompetitive behavior. Google claims that Microsoft may be the source of the investigation since Microsoft owns one of the companies that complained. It seems reasonable to assume that the search engine wars will continue, but how the EU ultimately rules may have a far reaching impact.

Tags: , , , , , ,

HEADLINE: FBI Director Warns of 'Rapidly Expanding' Cyberterrorism Threat

Posted on March 5, 2010 by Peter S. Vogel

The Robert S. Mueller III's (FBI Director) warning is not a surprise but how the IT community deals with these threats impact us all. Homeland Security Secretary Janet Napolitano “admitted there is an urgent need to step up efforts to protect Americans from cyber attacks.” Also Ms. Napolitano’s predecessor Michael Chertoff, former DHS secretary, under President George W Bush, agreed. "We are seeing in the intervening time the adversaries, whether they be criminals or nation states or terrorists, are not taking time off. So with each passing year, the need to move faster becomes greater." So far new the Cyber Czar as been low profile, but based on these presentations at the recent RSA Conference that low profile cannot continue.

Cyber Crime: A Clear and Present Danger

Deloitte’s recent white paper is the result of the 2010 CSO (Chief Security Officer) CyberSecurity Watch Survey in conjunction with the CSO Magazine, the US Secret Service, and the CERT Coordination Center at Carnegie Mellon. The white paper concludes that:

Data is more valuable than money. Once spent, money is gone, but data can be used and reused to produce more money. The ability to reuse data to access on-line banking applications, authorize and activate credit cards, or access organization networks has enable cyber criminals to create an extensive archive of data for ongoing illicit activities.

There is a clear message about how vulnerable businesses are and how every business must be vigilant or risk great damages.

Tweet this: Social Network Security is Risky Business

With the recent report of 50 million tweets a day it’s no wonder that a panel at the RSA Conference devoted a great deal of discussion to how vulnerable social networks are. Cybercrime is so easy because users of Facebook, Twitter, and MySpace are easy marks since the feel at ease communicating with their “friends.” However cybercriminals can more easily Web 2.0 commit cyber crime because most “…users are willing to click if they think, 'It's my friend. I'm OK, because I'm inside my network and that's Fred. Only it's not Fred, it's Fred's hijacked account." So all in all, things are becoming more dangerous and apparently businesses and web 2.0 social networkers are still not getting the scope of their risk!
 

Tags: , , , , , ,