Wednesday, May 24, 2017

Big Settlement in Privacy Case Involving 2 Patients, HIV Data; Gov Info Security, May 24, 2017

Marianne Kolbasuk McGee, Gov Info Security; Big Settlement in Privacy Case Involving 2 Patients, HIV Data


"Sensitive Health Information

The high settlement amount paid by St. Luke's in a case involving privacy incidents impacting only two individuals reflects the sensitive nature of information that was breached.

"There is no doubt that OCR felt compelled to act due to the sensitivity of the PHI disclosed, that the organization should have been aware of the enhanced safeguards surrounding this type of PHI and there had been repeated occurrences of similar unauthorized disclosures," says privacy attorney David Holtzman of security firm CynergisTek.

"The message here is fix your problems when they happen," notes privacy attorney Kirk Nahra of the law firm Wiley Rein. "This was obviously a particularly sensitive piece of information, and it is possible that this also implicates a request for confidential communication or request for restriction in the HIPAA individual rights. So, while the [settlement] number may seem a bit high, this is both a repeated problem, and one that was not fixed, as well as a particularly harmful step.""

WSJ Privacy Test: Who Can See Your Personal Data?; Wall Street Journal, May 24, 2017

[Video] Geoffrey A. Fowler, Wall Street Journal; 

WSJ Privacy Test: Who Can See Your Personal Data?


"People would care more about privacy if they knew how exposed they already are online, says WSJ Personal Tech columnist Geoffrey A. Fowler. In an experiment, he showed a handful of strangers their own personal info—and managed to shock every one."

Telco-Backed Politician Wants to Restore Privacy Rules She Helped Kill; Wired, May 24, 2017

Klint Finley, Wired; Telco-Backed Politician Wants to Restore Privacy Rules She Helped Kill

"...[L]ast week Representative Blackburn, Republican chair of the House Communications and Technology Subcommittee, introduced the BROWSER Act (yes, it’s an acronym: Balancing the Rights of Web Surfers Equally and Responsibly). Not only would the bill apparently reinstate the ban on internet providers selling data without opt-in permission; it would also subject “edge providers”—websites apps, in other words—to the same restrictions.

That’s right: The bill would require any internet company to get opt-in permission before sharing sensitive information such as health data, your social security number, or internet browsing history. Simply allowing users to opt out wouldn’t cut it. What’s more, companies wouldn’t be able to make opting in a requirement to use their services."

Why Scanning Your Fingerprint Could Cost You Your Privacy; Inc.com, May 23, 2017

Adam Levin, Inc.com; Why Scanning Your Fingerprint Could Cost You Your Privacy

"Scanning a fingerprint or even an eyeball to authenticate your identity is no longer the stuff of science fiction. Biometric identification has been in practical use for a while now, and the technology gets more sophisticated every day.

It should come as no surprise that security and privacy concerns have arisen along the way. And now the legal ramifications are rapidly getting more complicated.

Washington state lawmakers last month passed pioneering legislation that forbids companies from obtaining or selling biometric information without consent of the individual."

"What Would YOU Do?"; Go Comics, May 24, 2017

Lincoln Peirce, Big Nate, Go Comics; 
"What Would YOU Do?"

Tuesday, May 23, 2017

Privacy Concerns in Emerging Technologies; American Bar Association Webinar: Thursday, May 25, 2017

American Bar Association Webinar: Thursday, May 25, 2017Privacy Concerns in Emerging Technologies

ABA Value Pass
1.50 CLE
Format:
Webinar
Date:
May 25, 2017
Time:
12:00 PM - 1:30 PM ET
Add to Calendar
Credits:
1.50 General CLE Credit Hours
The rise in health information technology and wearable devices has brought innovative models of healthcare delivery, as well as increasing privacy risks and compliance concerns. Join our expert faculty as they discuss privacy issues confronting emerging technologies.

Topics will include:
  • Applicability of HIPAA to technology companies
  • Office for Civil Rights (OCR) guidance on HIPAA and cloud computing
  • Increasing Focus on Patient Right of Access
  • Recent enforcement settlements affecting emerging health care technologies and developers
  • Privacy considerations in the era of the Internet of Things (IoT)/Wearables

I’ve Created a Monster!; Slate, May 22, 2017

Cory Doctorow, Slate; 

I’ve Created a Monster!



"I’m a Facebook vegan. I won’t even use WhatsApp or Instagram because they’re owned by Facebook. That means I basically never get invited to parties; I can’t keep up with what’s going on in my daughter’s school; I can’t find my old school friends or participate in the online memorials when one of them dies. Unless everyone you know chooses along with you not to use Facebook, being a Facebook vegan is hard. But it also lets you see the casino for what it is and make a more informed choice about what technologies you depend on...

Your mobile device, your social media accounts, your search queries, and your Facebook posts— those juicy, detailed, revelatory Facebook posts—contain everything the NSA can possibly want to know about whole populations, and those populations foot the bill for its gathering of that information.

The adjacent possible made Facebook inevitable, but individual choices by technologists and entrepreneurs made Facebook into a force for mass surveillance. Opting out of Facebook is not a personal choice but a social one, one that you brave on your own at the cost of your social life and your ability to stay in touch with the people you love.

Frankenstein warns of a world where technology controls people instead of the other way around. Victor has choices to make about what he does with technology, and he gets those choices wrong again and again. But technology doesn’t control people: People wield technology to control other people."

Monday, May 22, 2017

America’s dangerous Internet delusion; Washington Post, May 21, 2017

Robert J. Samuelson, Washington Post; America’s dangerous Internet delusion

"We are addicted to the Internet and refuse to recognize how our addiction subtracts from our security. The more we connect our devices and instruments to the Internet, the more we create paths for others to use against us, either by shutting down websites or by controlling what they do. Put differently, we are — incredibly — inviting trouble. Our commercial interests and our national security diverge.

The latest example of this tension is the “Internet of things” or the “smart home.” It involves connecting various devices and gadgets (thermostats, lights, cameras, locks, ovens) to the Internet so they can be operated or monitored remotely."

ILLINOIS ADVANCES “RIGHT TO KNOW” DIGITAL PRIVACY BILLS; Electronic Frontier Foundation, May 22, 2017

Adam Schwartz, Electronic Frontier Foundation; ILLINOIS ADVANCES “RIGHT TO KNOW” DIGITAL PRIVACY BILLS

"EFF supports Illinois legislation (SB 1502 and HB 2774) that would empower people who visit commercial websites and online services to learn what personal information the site and service operators collected from them, and which third parties the operators shared it with. EFF has long supported such “right to know” legislation, which requires company transparency and thereby advances digital privacy."

How to Fight Back Against Revenge Porn; New York Times, May 18, 2017

Niraj Chokshi, New York Times; 

How to Fight Back Against Revenge Porn


"Consider criminal action

Despite increasing awareness about the issue, many officials may still be unaware of legal protections in place for victims of nonconsensual porn, according to the Cyber Civil Rights Initiative. So victims should researchstate laws targeting nonconsensual porn before approaching the authorities.

And while the decision to prosecute lies with the government, victims can help by providing documentation. “In order to have a successful prosecution, you’ve got to have evidence,” Ms. D’Amico said.

Victims may help to strengthen a case, and penalty, by highlighting violations of related laws, including those aimed at child pornography, harassment, stalking, extortion and copyright. The Initiative maintains a list of such laws and encourages victims to bring printed copies when filing a police report."

Monica Lewinsky: Roger Ailes’s Dream Was My Nightmare; New York Times, May 22, 2017

Monica Lewinsky, New York Times; 

Monica Lewinsky: Roger Ailes’s Dream Was My Nightmare


"Our world — of cyberbullying and chyrons, trolls and tweets — was forged in 1998. It is, as the historian Nicolaus Mills has put it, a “culture of humiliation,” in which those who prey on the vulnerable in the service of clicks and ratings are handsomely rewarded.

As the past year has revealed, thanks to brave women like Gretchen Carlson and Megyn Kelly, it is clear that at Fox, this culture of exploitation wasn’t limited to the screen. The irony of Mr. Ailes’s career at Fox — that he harnessed a sex scandal to build a cable juggernaut and then was brought down by his own — was not lost on anyone who has been paying attention...

None of this is to say that we shouldn’t have a credible conservative point of view in our media — quite the opposite. If we’ve learned nothing else from the 2016 presidential election, it’s that we must find a way to foster robust and healthy discussion and debate. Our news channels should be just such places.

So, farewell to the age of Ailes. The late Fox chief pledged Americans fair and balanced news. Maybe now we’ll get it."

How the Right and Left (and Everyone Else) Reacted to Roger Ailes’s Death; New York Times, May 18, 2017

Jonah Engel Bromwich, New York Times; 

How the Right and Left (and Everyone Else) Reacted to Roger Ailes’s Death


"Dr. Jeffrey Jones, the director of the Peabody Awards, which celebrate public service from media figures and organizations, was unsparing in his criticism of Mr. Ailes, saying that, “no single individual has done more harm to American democracy in the last generation.”

“He ushered in the post-truth society,” Dr. Jones wrote in an emailed statement. “Through a constant drumbeat of fear, anger, and hatred, he turned citizen-on-citizen. He helped craft an enormous gulf of distrust between people and news.”"

Sunday, May 21, 2017

Sir Harold Evans’ New Book Is a Master Class in How to Write; Daily Beast, May 20, 2017

Malcolm Jones, Daily Beast; Sir Harold Evans’ New Book Is a Master Class in How to Write

"Like George Orwell, Evans understands in his bones that words are not just pretty things, that in the wrong hands they can mislead, betray, and even cause great harm. Beginning on page one and running right through to the end of the book is an iron spine of fair play and honesty. “This book on clear writing is as concerned with how words confuse and mislead, with or without malice aforethought, as it is with literary expression,” he writes in the introduction, and then circles back on the last page of the book to drive home the point once more: “The fog that envelops English is not just a question of good taste, style, and esthetics. It is a moral issue.”"

"Magic Words"; FamilyCircus.com, May 21, 2017

Bil Keane, Family Circus.com; "Magic Words"

Saturday, May 20, 2017

HOW TO OPT OUT OF TWITTER'S NEW PRIVACY SETTINGS; Electronic Frontier Foundation, May 19, 2017

Gennie Gebhart, Electronic Frontier Foundation; 

HOW TO OPT OUT OF TWITTER'S NEW PRIVACY SETTINGS


"Since Wednesday night, Twitter users have been greeted by a pop-up notice about Twitter’s new privacy policy, which will come into effect June 18:
Contrary to the inviting “Sounds good” button to accept the new policy and get to tweeting, the changes Twitter has made around user tracking and data personalization do not sound good for user privacy. For example, the company will now record and store non-EU users’ off-Twitter web browsing history for up to 30 days, up from 10 days in the previous policy."

White House looking at using ethics rule to weaken special investigation: Sources; Reuters via CNBC, May 20, 2017

Reuters via CNBC; White House looking at using ethics rule to weaken special investigation: Sources

"The Trump administration is exploring whether it can use an obscure ethics rule to undermine the special counsel investigation into ties between President Donald Trump's campaign team and Russia, two people familiar with White House thinking said on Friday."

Justice Dept. to review possible ethics conflicts involving Mueller’s former law firm; Washington Post, May 18, 2017

Matea Gold and Rosalind S. Helderman, Washington Post; Justice Dept. to review possible ethics conflicts involving Mueller’s former law firm

"Newly appointed special counsel Robert S. Mueller III will undergo a Justice Department ethics review that will examine possible conflicts of interest regarding his former law firm, which represents several figures who could be caught up in the probe into Russian efforts to influence the 2016 election.

Justice Department spokeswoman Sarah Isgur Flores said Thursday that the agency will conduct a background investigation and detailed review of conflict-of-interest issues, a process outlined in the regulation governing special counsels under which he was appointed...

Ethics experts said they anticipate that the Justice Department will grant a waiver, noting that Deputy Attorney General Rod J. Rosenstein would have taken Mueller’s past employer into consideration when selecting him."

Friday, May 19, 2017

What Do Twitter’s Privacy Changes Mean For You?; CBS DFW, May 19, 2017

CBS DFW; What Do Twitter’s Privacy Changes Mean For You?


"“Twitter’s announcement is bad news for online privacy. The company dropped Do Not Track and gave advertisers access to more user data,” said Marc Rotenberg, president of the nonprofit Electronic Privacy Information Center. “Also, all of the settings now default to disclosure, which means users have to go in and change their privacy settings.”

YOUR OPTIONS
If you are in the U.S., move to Europe. Besides achieving your dreams of finally living in a tiny flat in Paris with a stray cat named Gaston and a mustached baker named Olivier, you will also have stronger online privacy protections."

Boy, 11, hacks cyber-security audience to give lesson on 'weaponisation' of toys; Agence France-Presse via Guardian, May 16, 2017

Agence France-Presse via Guardian; 

Boy, 11, hacks cyber-security audience to give lesson on 'weaponisation' of toys

"“Most internet-connected things have a Bluetooth functionality ... I basically showed how I could connect to it, and send commands to it, by recording audio and playing the light,” [Reuben Paul] told AFP later.

“IOT home appliances, things that can be used in our everyday lives, our cars, lights refrigerators, everything like this that is connected can be used and weaponised to spy on us or harm us.”
They could be used to steal private information such as passwords, as remote surveillance to spy on kids, or employ GPS to find out where a person is, he said. More chillingly, a toy could say “meet me at this location and I will pick you up”, Reuben said."

Gene pattern research prompts privacy concerns; Stanford Daily, May 19, 2017

Elise Most, Stanford Daily; 

Gene pattern research prompts privacy concerns


"Professor of Biology and senior author of the paper Noah Rosenberg was able to match over 90 percent of datasets comprised of 13 genetic markers to sets of 642,563 markers in which the sets of 13 were not included.
CODIS, or the what the Federal Bureau of Investigation (FBI) describes as its “program of support for criminal justice DNA databases,” formerly depended on these 13 markers before recently converting to a 20-marker system. The researchers reached 99 percent accuracy when they used datasets of 30 genetic markers.
Although these findings, published in Proceedings of the National Academy of Sciences, may assist wildlife researchers or archaeologists dealing with incomplete sets of DNA, Rosenberg told Stanford News that the results also have consequences for laws and practices surrounding genetic privacy."

Can You Copyright Your Dumb Joke? And How Can You Prove It's Yours?; NPR, May 17. 2017

Laurel Wamsley, NPR; 

Can You Copyright Your Dumb Joke? And How Can You Prove It's Yours?


"In 2008, law professors Dotan Oliar and Christopher Sprigman published a paper that explored the norms comics had established to protect their intellectual property: their jokes...

Can you really copyright a dumb joke?

"The question really focuses on originality, and there is no freestanding barrier to copyright extending to a joke on any topic ... so long as that joke meets the fairly minimal requirements for originality," says Perzanowski. "That means it has to demonstrate some low level of creativity and importantly that it not be copied from some other source."

"Copyright will give you protection for this specific arrangement of words," he says, but not for a whole subject matter.

When it comes to topical comedy, he says, the question is whether one can separate an idea (which can't be copyrighted) from its expression (which can).

Judge Sammartino agrees. "[T]here is little doubt that the jokes at issue merit copyright protection," she writes, citing the relevant case law, "noting originality requires only independent creation of a work that 'possess[es] some creative spark, "no matter how crude, humble or obvious" it might be.'"

However, she adds, the jokes here "are similarly constrained by their subject matter and the conventions of the two-line, setup-and-delivery paradigm."

The result is that for O'Brien's jokes to infringe on Kaseberg's copyright, they must be "virtually identical," one step below verbatim."

Americans Want More Say in the Privacy of Personal Data; Consumer Reports, May 18, 2017

Bree Fowler, Consumer Reports; Americans Want More Say in the Privacy of Personal Data

[Kip Currier: Take a look at Consumer Reports' latest survey data on U.S. consumers' concerns about privacy and their personal data: significant majorities want more control over what data is collected and more transparency (not less!) regarding what Internet service providers can and can't do with that personal data.

Then consider this May 18, 2017 disconnect: "The Federal Communications Commission (FCC), led by chairman Ajit Pai, voted two to one to start the formal process of dismantling “net neutrality” rules put in place in 2015."]

"The latest CR Consumer Voices survey reveals that people have been increasingly worried about the issue in 2017. Seventy percent of Americans lack confidence that their personal data is private and safe from distribution without their knowledge, according to the nationally representative survey of 1,007 adults conducted in April.

That number climbed from 65 percent since we first asked about the topic in January.

Respondents to the April survey also said they want more control over what data is collected. Ninety-two percent said that internet service providers, such as Comcast and Verizon, should be required to secure permission from users before selling or sharing their data. [Bold and larger font added for emphasis]

The same proportion thinks consumers should have the right to request a complete list of the data an internet service provider or website has collected about them.

Finally, respondents spoke out about how such data may be used to charge online shoppers different prices for the same goods and services—without consumers knowing about it. This kind of dynamic pricing can be based on factors from age to browsing history to home address. Sixty-five percent of respondents oppose the practice.

Though consumers say they want stronger privacy protections, federal actions are moving the rules in the opposite direction."

"Modern Life"; Bizarro, May 19, 2017

Dan Piraro, Bizarro; "Modern Life"

Wednesday, May 17, 2017

Deputy attorney general appoints special counsel to oversee probe of Russian interference in election; Washington Post, May 17, 2017

Devlin BarrettSari Horwitz and Matt Zapotosky, Washington Post; Deputy attorney general appoints special counsel to oversee probe of Russian interference in election

"The Justice Department has decided to appoint a special counsel to investigate possible coordination between Trump associates and Russian officials seeking to meddle in last year’s election, according to Deputy Attorney General Rod J. Rosenstein.

Robert Mueller, a former prosecutor who served as the FBI director from 2001 to 2013, has agreed to serve in the role, Rosenstein said."

Comey documented 'everything he could remember' after Trump conversations; CNN, May 16, 2017

Pamela Brown, CNN; Comey documented 'everything he could remember' after Trump conversations

[Kip Currier: In my Managing and Leading Information Services course, one week's module is devoted to "Managing Legal Issues". In that module I walk students through the importance of documenting and how to do it well. Former FBI Director James Comey's documenting practices, revealed yesterday, vividly illustrate why documenting is such an important skill set and responsibility. And how documenting can potentially serve as both offensive and defensive evidence for an individual and/or organization.]

"Former FBI Director James Comey wrote in a memo that President Donald Trump asked him to end the investigation of national security adviser Michael Flynn, according to a source familiar with the matter.
Comey was so appalled by the request that he wanted to document it, the source said. Comey shared it with FBI senior officials, according to the source.
Why did he do it?
    Comey would write down everything that happened -- the good and the bad.
    "Everything he could remember," the source said.
    "You realize something momentous has happened and memories fade so he wanted to memorialize it at the earliest time," the source said. The source said it was not common practice for Comey to document conversations with senior officials unless he thought it was significant."

    Trump’s Leaky Fate; New York Times, May 16, 2017

    Frank Bruni, New York Times; 

    Trump’s Leaky Fate


    "This much leaking this soon in an administration is a powerful indication of what kind of president we have. He is so unprepared, shows such bad judgment and has such an erratic temper that he’s not trusted by people who are paid to bolster him and who get the most intimate, unvarnished look at him. Some of them have decided that discretion isn’t always the keeping of secrets, not if it protects bad actors. They’re right. And they give me hope."

    The 25th Amendment Solution to Remove Trump; New York Times, May 16, 2017

    Ross Douthat, New York Times; 

    The 25th Amendment Solution to Remove Trump


    "One does not need to be a Marvel superhero or Nietzschean Ãœbermensch to rise to this responsibility. But one needs some basic attributes: a reasonable level of intellectual curiosity, a certain seriousness of purpose, a basic level of managerial competence, a decent attention span, a functional moral compass, a measure of restraint and self-control. And if a president is deficient in one or more of them, you can be sure it will be exposed.

    Trump is seemingly deficient in them all. Some he perhaps never had, others have presumably atrophied with age. He certainly has political talent — charisma, a raw cunning, an instinct for the jugular, a form of the common touch, a certain creativity that normal politicians lack. He would not have been elected without these qualities. But they are not enough, they cannot fill the void where other, very normal human gifts should be."

    Privacy concerns as China expands DNA database; BBC News, May 17, 2017

    BBC News; 

    Privacy concerns as China expands DNA database


    ""Mass DNA collection by the powerful Chinese police absent effective privacy protections or an independent judicial system is a perfect storm for abuses," Sophie Richardson, China director at Human Rights Watch said in a statement.

    DNA collection can have legitimate policing uses in investigating specific criminal cases, she explains. "But only in a context in which people have meaningful privacy protections."
    "Until that's the case in China, the mass collection of DNA and the expansion of databases needs to stop.""

    Consumer Reports: Your kid's online privacy: Connected toys; Consumer Reports via WSAW, May 16, 2017

    Consumer Reports via WSAW; 

    Consumer Reports: Your kid's online privacy: Connected toys


    "It’s no secret that sharing personal information online comes with risk. But what if toys were also making it possible for hackers to access both you and your children’s information? Consumer Reports has some stern warnings about a new generation of toys."

    Tuesday, May 16, 2017

    More CEOs are getting forced out for ethics violations; Washington Post, May 15, 2017

    Jena McGregor, Washington Post; More CEOs are getting forced out for ethics violations

    "If it seems like more CEOs are getting cast aside amid ethical blunders or corporate scandals, they are. According to a new report on CEO succession from Strategy&, PwC’s strategy consulting business, the percentage of CEOs getting pushed out for questionable behavior — lapses including environmental disasters,  insider trading, résumé fraud, accounting scandals and sexual misconduct — is up over the past five years."

    The experts were right: Trump isn’t fit to be president; Washington Post, May 16, 2017

    Anne Applebaum, Washington Post;

    The experts were right: Trump isn’t fit to be president

    "We live in an age that denigrates knowledge, dislikes expertise and demonizes experts. But now we have proof that experts are sometimes right...

    At the time, Trump dismissed this letter as “nothing more than the failed Washington elite looking to hold onto their power.” But the “elites” were right. The experts were right.  Next time maybe more people will heed them."

    Facebook Gets Slap on the Wrist from 2 European Privacy Regulators; New York Times, May 16, 2017

    Mark Scott, New York Times; 

    Facebook Gets Slap on the Wrist from 2 European Privacy Regulators


    "Facebook suffered a setback on Tuesday over how it uses the reams of information it collects about users worldwide, after two European privacy watchdogs said that the social network’s practices broke their countries’ data protection rules.

    The announcement by Dutch and French authorities was part of a growing pushback across the European Union about how Facebook collects data on the bloc’s roughly 500 million residents. Some European governments, notably in Germany, are considering hefty fines against the company and other social media giants if they fail to crack down on hate speech and misinformation on their networks.

    As part of their separate announcements on Tuesday, the Dutch and French officials said that Facebook had not provided people in their countries with sufficient control over how their details are used. They said that the social network had collected digital information on Facebook users as well as nonusers on third-party websites without their knowledge."

    A Twenty-First Century Framework for Digital Privacy; LAWFARE, May 15, 2017

    Jeffrey Rosen, LAWFARE; 

    A Twenty-First Century Framework for Digital Privacy

    "Editor's note: This is a crosspost from the National Constitution Center's website. Video of the Center's event on digital privacy is available below...

    Advances in technology raise numerous important (and difficult) legal questions:
    • How can we strike the right balance between security and privacy in the digital age?
    • How might we translate Fourth Amendment doctrine in light of technological advances and changing consumer expectations of privacy?
    • What constitutional and statutory protections should there be for data stored in the Cloud, and under what circumstances and with what constraints should the government get access to it?
    • Does the government have to tell consumers when it searches their email accounts or accesses their data?
    • And whose law should govern access to data in our borderless world—a world where data is often stored on servers in other countries and can be transferred across borders at the snap of a finger?
    The National Constitution Center, with the support of Microsoft, has assembled leading scholars and thought leaders to publish a series of five white papers, entitled A Twenty-First Century Framework for Digital Privacy.  We’ve asked these contributors to reflect on the challenges that new technologies pose to existing constitutional doctrine and statutory law and to propose solutions—doctrinal, legislative, and constitutional—that translate the Constitution and federal law in light of new technologies.  The overarching question we asked contributors to address is how best to balance privacy concerns against the need for security in the digital age.  These contributors represent diverse points of view and experiences and their papers reflect the Constitution Center’s commitment to presenting the best arguments on all sides of the constitutional issues at the center of American life."