Sep 252017

“How can a person’s privacy be invaded in this way when they are not accused or suspected of a crime?”

This is one of the most chilling stories you may read this month. Joe Cadillic sent along a link to this report by Ryan Gallagher:

It was not the first time Muhammad Rabbani had problems when returning to the United Kingdom from travels overseas. But on this occasion something was different — he was arrested, handcuffed, and hauled through London’s largest airport, then put into the back of a waiting police van.

Rabbani is the 36-year-old international director of Cage, a British group that was founded in 2003 to raise awareness about the plight of prisoners held at the U.S. government’s Guantánamo Bay detention site. Today, the organization has a broader focus and says it is working to highlight “the erosion of the rule of law in the context of the war on terror.” Due to its work campaigning for the legal rights of terrorism suspects, Cage has attracted controversy, and Rabbani has faced the government’s wrath.

Read more on The Intercept.

Sep 242017
 September 24, 2017  Announcements, Govt No Responses »

The Federal Trade Commission will host a workshop on informational injury on December 12, 2017.  The FTC’s three main goals for hosting the workshop are to:

  1. “Better identify the qualitatively different types of injury to consumers and businesses from privacy and data security incidents;”
  2. “Explore frameworks for how the FTC might approach quantitatively measuring such injuries and estimate the risk of their occurrence;” and
  3. “Better understand how consumers and businesses weigh these injuries and risks when evaluating the tradeoffs to sharing, collecting, storing and using information.”

FTC Acting Chairwoman Maureen Ohlhausen announced the workshop during her speech to the Federal Communications Bar Association, titled “Painting the Privacy Landscape: Informational Injury in FTC Privacy and Data Security Cases.”  The speech focused on the five different types of consumer informational injury alleged in the FTC’s body of privacy and data security case law: (1) deception injury or subverting consumer choice; (2) financial injury; (3) health or safety injury; (4) unwarranted intrusion injury and (5) reputational injury.

Acting Chairwoman Ohlhausen noted that the FTC initiates many of its cases under the agency’s deception authority, stating that “from an injury standpoint, a company’s false promise to provide certain privacy or data security protections harms consumers like any false material promise about a product.”  The Acting Chairwoman further highlighted that the most commonly alleged injuries in the FTC’s body of privacy and data security case law are financial injury and health and safety injury.  She also emphasized that the type of injury is not dispositive in the FTC’s decision of whether to bring a privacy or data security case.  The FTC also evaluates the strength of the evidence linked to the consumer injury, the magnitude of the injury (both to individuals and groups of consumers), and the likelihood of future consumer injury.  In closing her speech, Acting Chairwoman Ohlhausen rhetorically raised three questions: (1) whether the list of consumer informational injuries is representative, (2) whether these or other informational injuries require government intervention, and (3) how the list maps to the FTC’s statutory deception and unfairness standards.  Acting Chairwoman Ohlhausen plans to address these issues in depth at the December 12 workshop.


Sep 242017
 September 24, 2017  Featured News, Surveillance No Responses »

Joseph Menn reports:

An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.

In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them.

Read more on Reuters.

Sep 242017
 September 24, 2017  Breaches, Business, Non-U.S. No Responses »

I posted this one on DataBreaches.net, but think it’s also worth posting here as a reminder that bizarre events can result in your personal info going to total strangers. And if that did happen, what might be the consequences?

Richard McLeish reports:

Personal SMS messages of Telstra customers were sent to random recipients on competing networks across Australia on Thursday afternoon in a huge potential security breach for the telco.

Unwitting phone users across Australia took to Twitter to express confusion about receiving random SMS messages from about 3pm.

Read more on The Esperance Express.