Colin J. Bennett, writing in Policy Options, explains how Canadian political parties collect and use voters’ personal information. It’s a quick, and valuable, read; highly recommended.
Author: Christopher Parsons
Policy wonk. Torontonian. Photographer. Not necessarily in that order.
F-Secure has a good, quick, overview of the recent attacks against Facebook, Twitter, and (presumably) other mobile developers. Significantly, we’re seeing an uptick in attacks against developers rather than just against platform manufacturers. The significance? Even though the phone OS may be ‘secure’, the applications you’re loading onto those devices may have been compromised at inception.
Smartphones: the source of anxiety and worry for IT managers that keeps on going.
Grace Nasri has a good – if worrying – story that walks through how Facebook could soon use geolocational information to advance its digital platform. One item that she focuses on is Facebook’s existing terms of service, which are vague enough to permit the harvesting of such information already. As much as it’s non-scientific I think that the company’s focus on knowing where its users are is really, really creepy.
I left Facebook after seeing they’d added phone numbers to my Facebook contacts for people who’d never been on Facebook, who didn’t own computers, and for who I didn’t even have the phone numbers. Seeing that Facebook had the landline numbers for my 80+ year old grandparents was the straw that broke my back several years ago; I wonder if this degree of tracking will encourage other Facebook users to flee.
Categories
Judge, Jury, Executioner
As long as you’ve got executive privilege and secret interpretations of law, it’s legal, right?
Categories
2013.2.18
The [intelligence] professionals’ task is therefore to keep judgements anchored to what the intelligence actually reveals (or does not reveal) and keep in check any predisposition of policy-makers to pontificate … of trying to make nasty facts go away by the magical process of emitting loud noises in the opposite direction.
Sir David Omand, “Reflections on Secret Intelligence”
by UOIT
Now picture what happens when your firewall fails to stop the ‘friendly’ lioness
Categories
2013.2.17
You’ve had a busy play day – You’ve wiretapped Mom’s cell phone and e-mail without a warrant, you’ve indefinitely detained your little brother Timmy in the linen closet without trial, and you’ve confiscated all the Super-Soakers from the neighborhood children (after all, why does any kid – besides you, of course – even NEED a Super-Soaker for self-defense? A regular water pistol should be enough). What do you do for an encore?
That’s where the US Air Force Medium Altitude, Long Endurance, Unmanned Aerial Vehicle (UAV) RQ-1 Predator from Maisto comes in. Let’s say that Dad has been labeled a terrorist in secret through your disposition matrix. Rather than just arrest him and go through the hassle of trying and convicting him in a court of law, and having to fool with all those terrorist-loving Constitutional protections, you can just use one of these flying death robots to assassinate him! Remember, due process and oversight are for sissies. Plus, you get the added bonus of taking out potential terrorists before they’ve even done anything – estimates have determined that you can kill up to 49 potential future terrorists of any age for every confirmed terrorist you kill, and with the innovative ‘double-tap’ option, you can even kill a few terrorist first responders, preventing them from committing terrorist acts like helping the wounded and rescuing survivors trapped in the rubble. Don’t let Dad get away with anti-American activities! Show him who’s boss, whether he’s at a wedding, a funeral, or just having his morning coffee. Sow fear and carnage in your wake! Win a Nobel Peace Prize and be declared Time Magazine’s Person of the Year – Twice!
This goes well with the Maisto Extraordinary Rendition playset, by the way – which gives you all the tools you need to kidnap the family pet and take him for interrogation at a neighbor’s house, where the rules of the Geneva Convention may not apply. Loads of fun!
Review of a Diecast Predator Drone
Facebook and a few other large corporations understand just how serious contemporary data intrusions and exfiltrations are. They spend a lot of money preparing for attacks. Why, if private companies, are taking collected data so seriously do our governments seem to remain so cavalier with their data collection, retention, and security practices?
Categories
Policy Matters Too
Nadim Kobeissi recently wrote about Do Not Track, and effectively restated the engineering-based reasons why the proposed standard will fail. The standard, generally, would let users set their web browser to ask websites not to deposit tracking cookies on their computers. Specifically, Nadim wrote:
Do Not Track is not only ineffective: it’s dangerous, both to the users it lulls into a false belief of privacy, and towards the implementation of proper privacy engineering practice. Privacy isn’t achieved by asking those who have the power to violate your privacy to politely not do so — and thus sacrifice advertising revenue — it’s achieved by implementing client-side preventative measures. For browsers, these are available in examples such as EFF’s HTTPS Everywhere, Abine’s DoNotTrackMe, AdBlock, and so on. Those are proper measures from an engineering perspective, since they attempt to guard your privacy whether the website you’re visiting likes it or not.
He is writing as an engineer and, from that perspective, he’s not wrong. Unfortunately, as an engineer he’s entirely missing the broader implications of DNT: specifically, it lets users proactively inform a site that they do not give consent to being tracked. This proactive declaration can suddenly activate a whole host of privacy protections that are established under law; individuals don’t necessarily have to have their declarations respected for them to be legally actionable.
Now, will most users have any clue if their positions are being upheld? No, of course not. This is generally true of any number of laws. However, advocates, activists, academic researchers, and lawyers smelling class-action lawsuits will monitor to see if websites are intentionally dismissing users’ choice to refuse being tracked. As successful regulatory/legal challenges are mounted website owners will have to engage in a rational calculus: is the intelligence or monies gained from tracking worth the potential regulatory or legal risk? If initial punishments are high enough then major players may decide that it is economically rational to abide by DNT headers, whereas smaller sites (perhaps with less to lose/less knowledge of DNT) may continue to track regardless of what a browser declares to the web server. If we’re lucky, these large players will include analytics engine providers as well as advertiser networks.
Now, does this mean that DNT will necessarily succeed? No, not at all. The process is absolutely mired in confusion and problems – advertisers are trying to water down what DNT ‘means’, and some browser manufacturers are making things harder by trying to be ‘pro-privacy’ and designing DNT as a default setting for their browsers. Moreover, past efforts to technically demonstrate users’ privacy have failed (e.g. P3P), and chances are good that DNT will fail as well. However, simply because there are technical weaknesses associated with the standard does not mean that the protocol, more broadly, will fail: what is coded into standards can facilitate subsequent legal and regulatory defences of users’ privacy, and these defences may significantly improve users’ privacy online.
Excited Pixels 