Those of us who come to the privacy management arena from a computer security background tend take an extremely narrow and focused view of how technology can protect privacy. We love to debate each other on esoteric subjects cryptographic key strengths, the merits of strong two-factor authentication, trust models in networked systems and all sorts of deep technologies. As someone who worked in public key infrastructure technologies for several years and firewall technology before that, no one is a bigger fan of emerging security technology than I. These are all good and useful topics to be discussing and theses sorts of technologies are important foundations of a networked world.

Traditionally we think of privacy enhancing technologies has tools for hiding, obfuscating, and controlling disclosure. But in terms of an overall approach to privacy management we should also think about how technology can be used to creates visibility and awareness of informations security practices.

This point was made quite well recently by Harriet Pearson, VP of corporate affairs and Chief Privacy Office for IBM, in an interview with Computer World.

Read the rest of this entry »

Computerworld story reports that the employee was caught only after one of the owners of a property under foreclosure was called by the employee and the property owner subsequently complained. The ComputerWorld story is careful to note that “no actual hacking” took place. But more importantly, there was no internal business process or IT infrastructure in place to detect the “wrongful” accesses. The good news is that the actions taken by the employee were clearly against Progressive’s published information security policies and the employee was quickly fired.

The ComputerWorld article correctly points out, in my opinion, that this is an example of the rising problem of insider threats from rogue employees.

Read the rest of this entry »

No technology can replace a culture of respect for privacy. Arthur Riel, a former IT manager at Morgan Stanley found out the hard way. Information Week has done a good job covering the story. Seems that Mr. Riel was in charge of putting in place an e-mail archiving and searching solution at Morgan Stanley. Ironically enough, as a result of SOX findings that indicated that the company needed to do a better job of managing it’s e-mail.

Read the rest of this entry »

Ernst and Young is the latest company to fall into the data breach spotlight due to a lost laptop. An E&Y laptop was lost which had the personal information of over 38,000 British Petroleum employees. BP officials began notifying their employees that their personal information may have been exposed and may put them at risk of identity theft. In this particular case, social security numbers were among the personal information on the laptop.

The UK IT Trade web site, The Register, had the following headline:

40,000 BP workers exposed in Ernst & Young laptop loss

Read the rest of this entry »

In their enthusiastic charge to protect people from privacy invasion, privacy advocates sometimes get to focused on preventing the disclosure of information. He see bunches of client based tools, often browser plugins that warn people that they are about to submit personal information to web sites that don’t have published privacy policies. Some of the more sophisticated tools will compare an end-user’s preferences to a site’s published policy and inform the user if the site policy is consistent with the user’s preferences.

But focusing on preventing the disclosure of information isn’t enough because people _want_ to disclose their information to companies, both electronically and directly.

Read the rest of this entry »

The year 2005 was not only the year of the Rooster; it was also the year of privacy invasion and ID theft. On thinking about the last year, news flashes such as “ChoicePoint data theft widens to 145,000 people“, “Stolen laptop puts 98,000 at risk of ID theft” (UC Berkley), “Personal info on 310,000 people possibly stolen, 10 times more than what was disclosed last month” (Siesent), comes to mind.

This past year, more than 152 security breaches exposed at least 57.7 million Americans to ID theft ( 1 ) and privacy invasions, which suitably makes “privacy” the biggest concern of generic internet population, businesses and governing bodies. The result: legislatures being passed by the government and billions of dollars being invested by businesses to confirm to these legislatures. More than fifty bills were introduced in the first session of the 107th Congress to regulate online privacy, resulting in a national cost of complying to be approximately US$9-36 billion (Hahn 2001). With so much at stake it becomes important to measure not only the economic cost of privacy per person, but also the trade offs (for example convenience and rewards) that lure people to succumb and provide PII to organizations.

A peek into sociological research regarding user behavior clearly indicates that individuals perform a privacy calculus, assessing the cost and benefit of providing information ( 2 ). The calculus depends on factors such as self-ego, environmental stimuli, and interpersonal relationships (Laufer and Wolfe 1977; Stone and Stone 1990).

Studies indicate a huge deficit between the compliance expenditure and the net worth of privacy. This deficit may be owing to limited user awareness and the fact that privacy concerns are usually traded for environmental stimuli such as rewards and convenience.

Read the rest of this entry »

While doing a literature search, I ran across an interesting news article. According to this article, Representative Ed Markey (D-MA) is introducing a bill called “Eliminate Warehousing of Consumer Internet Data Act of 2006″. One of the more compelling notions behind this bill is that of deleting data after use. I wonder — could this be a key component to protecting privacy?

Think about it. Even if a company used your information, if they had to delete it afterwards, wouldn’t your privacy most likely be preserved? Furthermore, if they used it to transfer to someone else, and that person is bound by the same law, the same logic would follow. The recipient of the transfer could use your information for its intended purpose and then they must delete it. Granted, there would need to be stringent guidelines for what constitutes “intended use”.

If we were to accept this approach, we would no longer have the staggering number of ubiquitous data warehouses full of our private information, and companies such as ChoicePoint and Axiom would not be selling our information to other vendors.

This sounds like a nice idea, but would such a bill ever be passed? Would politicians be able to withstand the lobbying power of organizations seeking to bar such legislation from being passed?

This certainly isn’t a solution to our privacy woes, but it is a simple idea that may be a step in the right direction. Read more in Markey’s press realease.

We all are aware that our lives are practically becoming digital; so are hospitals. Major funding initiatives are underway to support the transition of hospitals into the digital age. In 2004, the US government spent $50 million to test computerization of health records and further proposed $125 million in related federal spending for the year 2005.

In April 2004, President Bush asked the IT industry to build a system that would provide every citizen of the United States with an electronic health record (EHR) that could be accessed from any location by 2014. He appointed Dr. Brailer (national coordinator for Health Information Technology for the Department of Health and Human Services) to coordinate this effort and establish the Nationwide Health Information Network (NHIN).

In December 2005, Dr. Brailer’s office awarded $18.6 million in contracts to four consortia led by IBM, Computer Science Corporation, Accenture and Northrop Grumman to develop prototype architectures for the NHIN. Each group consists of developers, hospitals, laboratories, pharmacies and physicians who must prove that EHRs can be exchanged across different health organizations.

In a similar effort to build such data interchange networks, Connecting for Health, a public-private collaborative led by the Markle Foundation, developed a prototype system (which will release in Spring 2006) that was successful in exchanging thousands of health records from three independently developed regional records systems (California, Massachusetts and Indiana). These three independently developed health systems had no common architecture but were able to apply the common framework developed by Connecting for Health for the exchange of records.

Seeing such successful projects, we can be rest assured that our federal money is being utilized efficiently and in the right direction.

That is the question that this blog post pontificates. According to a recent study by the Privacy Rights Clearinghouse, of 113 data breaches since February 2005, 55 of them took place at colleges, universities, and university-affiliated medical centers. A list of data breaches for 2005 have been posted by Neo Scale here, but a few noteworthy ones are Stanford University, UC-Berkeley, and Carnegie Mellon University.

One of the primary reasons cited for the disproportionate number of data breaches at universities is the decentralized environment — data being spread out in various locations on campus which makes it difficult to control the access to the data. To a degree, this doesn’t seem very intuitive and certainly contrary to the old saying ‘don’t put all your eggs in one basket’. Centralization not only serves as an even more enticing target for would-be hackers, but it also means the result of a successful breakin would be even more catastrophic. However, centralization is more cost effective, as it requires organizations to procure less hardware which results in cost savings.

Decentralization, on the other hand, means that if there were a breakin, consumers/students are less likely to have their information compromised. However, decentralization also means that it is possible that there are multiple copies of a person’s information floating around. The preferable and more secure approach is not entirely clear.

It seems that the largest problem facing decentralized environments is accountability, management, and standards. What can be done about this? Certainly, formalized, comprehensive privacy and security policies would be a step in the right direction. Adherence to these policies is essential. And continued research efforts into technologies and techniques to combat intrusions.

A full article on the Privacy Clearinghouse study can be found here on the UCSD Guardian Online.

Two years ago, the Supreme Court upheld an injunction blocking the enforcement of the 1998 Child Online Protection Act, a law allowing the operators of online pornography sites to be punished for making their content accessible to minors. The case was sent back to a district court, leaving the government responsible for proving that the law was needed and constitutional. As part of their effort to resurrect the law, the government sent subpoenas last year to three major search engines and one online provider: Google, Yahoo, MSN, and AOL. The subpoenas requested “all URLs that are available to be located through a search query on [company's] search engine as of July 31, 2005″, as well as a week’s worth of recorded queries. The subpoena specifically requested that none of this information was to be linked to individuals. Yahoo, MSN, and AOL complied. Google did not.

The San Jose Mercury News reported yesterday that Google is fighting the injunction, claiming that “the demand for the information is overreaching” and threatened their users’ privacy as well as the company’s trade secrets. But wait, you might say, if the records weren’t supposed to contain any information that might identify a particular user, where does privacy come in to the equation?

From The New York Times:

“Google’s acceding to the request would suggest that it is willing to reveal information about those who use its services,” it said in an October letter to the Justice Department. “This is not a perception Google can accept. And one can envision scenarios where queries alone could reveal identifying information about a specific Google user, which is another outcome that Google cannot accept.”

While this particular request does not ask for identifying information, the next one could, and there is a lot of identifying information to be had. (SearchEngineWatch has previously covered search engine privacy concerns.) Given the recent revelations of NSA domestic wiretapping and previous demands for information such as library records, it wouldn’t be surprising if they started asking for search engine user profiles as well. If Google ends up complying with the subpoena, they risk losing the public’s trust, and for a company that lives by the motto “Don’t be evil,” that’s a very grave risk indeed.

SearchEngineWatch also has some excellent posts on this story, including a summary of the court precedings as well as an ongoing commentary.