Feb 282015
 February 28, 2015  Posted by  Business

From the they-take-our-privacy-very-seriously dept.:

Swati Khandelwal writes:

Do you know that your Facebook account can be accessed by Facebook engineers and that too without entering your account credentials? Recent details provided by the social network giant show who can access your Facebook account and when.

No doubt, Facebook and other big tech companies including Google, Apple and Yahoo! are making their services out of reach from law enforcement and spies agencies, but at the same time they itself, at least some employees, have access to your personal data.

Read more on The Hacker News.

Feb 282015
 February 28, 2015  Posted by  Featured News, Govt

Libbie Canter writes:

As we reported earlier today, the long-awaited White House draft of privacy and data security legislation has been released. While the United States does not today have a comprehensive privacy and data security law, the proposed Consumer Privacy Bill of Rights would impose a suite of substantive privacy and data security obligations across sectors and industries. Our sense is that it would be uphill battle for this sort of sweeping privacy legislation to gain traction in Congress over the next two years.

We have answered your key questions about this proposed legislation below, including:

Who would the bill apply to?

How is “personal data” defined under the bill?

What are the substantive obligations?

Are there any safe harbors?

How would the bill be enforced?

Does the bill preempt state laws?

Read more on Covington & Burling InsidePrivacy

Expect to see a lot of news stories and commentaries on the draft bill, which was, after all, generated to promote discussion. I’m already seeing a lot of criticism over it having too many carve-outs, and problematic definitions of personal information.

Feb 282015
 February 28, 2015  Posted by  Govt, Surveillance

Privacy and security researcher Runa A. Sandvik writes:

I have my photograph taken and my fingerprints scanned every time I enter the United States. So do all other foreign nationals. The information is collected under the US-VISIT program. Information such as name, date of birth, gender, and travel document data is recorded as well. In response to a Freedom of Information Act request I filed in November 2014, the Department of Homeland Security released a document containing information collected about me under this program over the last four years.

Read more on Matter.

Feb 282015
 February 28, 2015  Posted by  Breaches, Govt, Online

Adam Steinbaugh, who has been all over this case from the get-go, writes:

Last month, the FTC announced it intends to enter into a consent agreement with Craig Brittain, the operator of revenge porn site “Is Anybody Down?”  Brittain pretended to be a woman on Craigslist to deceive women into sending him nude photos, mocked their pleas to remove the photos, then concocted an ‘independent’ but fake lawyer — “David Blade III” the “takedown hammer” — to extort them into paying $250 to remove the photos.

Since then, Brittain had the chutzpah to try to use copyright law — the same law he claimed didn’t apply to him — to try to get Google to delete references to the proposed settlement.

The FTC is currently soliciting comments from the public as to whether they should vote to accept the consent agreement.  They should not.  The FTC should proceed with litigation against Brittain for the reasons below.  While I am skeptical that the FTC will reverse course — the initial vote was unanimous — additional public pressure may sway the Commission.

Read more on AdamSteinbaugh.com. The opportunity to try to influence the Commission’s final action closes Monday, so don’t delay if you think you want to comment on the consent agreement.