Sep 302012
 September 30, 2012  Posted by  Online

At least a few people are not buying Facebook’s denial of a recent report that private messages were exposed in Timeline.  The Wellington Scoop in New Zealand reports:

Facebook’s claims that it is impossible for private messages to appear on public Timelines are untrue, says Jack Yan, CEO of the Wellington-based Jack Yan & Associates, who has asked the Privacy Commissioner to investigate. He urges others to contact the Privacy Commissioner’s office (via if their Facebook private messages have been published without their consent.

You can read his reasons for disbelieving Facebook’s denial on Wellington Scoop.

If I’m understanding his analysis correctly, he seems to suggest that based on what he found in looking through his own records last year, Facebook made an error prior to now in how they grouped/coded messages which is why private messages are showing up in Timeline but Facebook claims that they were wall posts. See what you think of his argument.

Sep 302012
 September 30, 2012  Posted by  Court

John P. Mello Jr. writes:

The U.S. government will be taking a second crack Tuesday at overturning a lower court ruling that’s preventing police from obtaining cell phone location records from two wireless carriers without a search warrant.

Now before the U.S. Court of Appeals in New Orleans, the government’s attempt to obtain 60 days of records from the carriers as part of a “routine” law enforcement investigation was previously rebuffed by a magistrate judge in a federal district court in Texas.

Read more on TechHive.

Sep 302012
 September 30, 2012  Posted by  Breaches, Business, Non-U.S., Online

Michael Geist writes that the Privacy Commissioner of Canada should be more transparent and name the web sites that were leaking consumer information. Commissioner Stoddart had declined to do so:

The Privacy Commissioner has not exercised her discretion to publicly name the specific tested organizations at this time. The research was designed to offer a snapshot of the Canadian context and it is likely that a significant number of other Canadian sites may also be leaking personal information.

On some level, I appreciated the hat-tip to fairness: you’d be hurting the reputation of the firms whose sites you tested while many other sites would not get the bad press – but only because they weren’t tested. And while naming some names might alert consumers to risks on those sites, could it give a false sense of security about sites not named only because they weren’t tested?

But I also understand Michael’s position as I generally – and strongly – endorse the idea of transparency about breaches.

Michael writes:

The decision to keep the public in the dark about privacy leakage raises its own set of concerns. While the study may cause some embarrassment for the affected sites, the preliminary findings suggest that those sites are violating Canadian law. Moreover, by keeping the identities of the sites secret, Canadians are unable to take action to mitigate the risks they face due to the privacy leakage.

The secrecy approach is particularly surprising since Stoddart has publicly admitted that she is uncomfortable with the practice. In her first speech following the renewal of her mandate in January 2011, Stoddart acknowledged “to be candid, I have a growing discomfort with the secretive nature of how we work under PIPEDA.” She added that “it seems to me that not naming names is robbing the Canadian public of much of the educational value of our investigative findings.”

What do you think the Commissioner should have done under these circumstances? And what should she do now?

Read more in the Toronto Star.

Sep 292012
 September 29, 2012  Posted by  Misc

Simon Davies writes:

My friend and colleague Robert Ellis Smith was kind enough recently to reprint my “twenty privacy principles that they never taught you at school” blog in his excellent US publication Privacy Journal. I’ve subsequently received a few messages suggesting that I should consider writing about the new language of privacy.

This is a superb idea. The principles do touch briefly on the new vocabluary of privacy. For example they warn that privacy is under greatest threat whenever government says it wants to “modernise” privacy protections, while in the corporate world the expression “enhancing the user experience” is a euphemism for increased customer surveillance.

Read more on The Privacy Surgeon.