Rina Steenkamp - Privacy and technology

Weblog

2013

[January | February | March | April | May | June | July | August | September | October | November | December]

January

[Draft report on the proposal for a [General Data Protection Regulation] | Government response to Justice Select Committee's opinion on the European Union Data Protection framework proposals | Fighting cyber crime and protecting privacy in the cloud | How the Nokia Browser decrypts SSL traffic - a "man in the client" | Finding a strategic voice - Insights from the 2012 IBM Chief Information Security Officer Assessment | Global risks 2013 | Third annual benchmark study on patient privacy and data security | Payment card fraud in the European Union | ENISA Threat landscape | Consumerization of IT - Risk mitigation strategies | Privacy on the go - recommendations for the mobile ecosystem | Defence and cyber-security]

February

[Proposed new EU General Data Protection Regulation - Article-by-article analysis paper | The European data protection reform in the light of cloud computing | Critical cloud computing - a [critical information infrastructure protection (CIIP)] perspective on cloud computing services | An executive's guide to data breach trends in 2012 | [Fifth interim report on a national study of credit report accuracy] | EU Cybersecurity plan to protect open internet and online freedom and opportunity | Improving critical infrastructure cybersecurity | The proposed General Data Protection Regulation - The consistency mechanism explained | Corporate tax 2.0 - Why France and the world need a new tax system for the digital age | PCI DSS Cloud computing guidelines | Data protection - The super-brief guide to the proposed Regulation | Working document 01/2013 - Input on the proposed implementing acts | How will surveillance and privacy technologies impact on the psychological notions of identity? | Security engineering - A guide to building dependable distributed systems | How certification systems fail - lessons from the Ware Report | Choosing a hosting provider - 10 questions to ask your provider | Mobile privacy disclosures - building trust through transparency | Privacy by design and third party access to customer energy usage data | Identity assurance - enabling trusted transactions | Privacy Amendment (Enhancing Privacy Protection) Bill 2012 | Corruption, proportionality and the prosecution of Aaron Swartz | The draft EU General Data Protection Regulation - costs and paradoxes of explicit consent | Social Media - Consumer compliance risk management guidance | Cloud computing security considerations]

March

[Unique in the crowd - The privacy bounds of human mobility | Discrimination in online ad delivery | Additional EDPS comments on the data protection reform package | The functions, powers and resources of the Information Commissioner | Assessment notices under de Data Protection Act 1998 - Extension of the Information Commissioner's powers | The Tallinn manual on the international law applicable to cyber warfare | Bound to fail - Why cyber security risk cannot simply be 'managed' away | Bound to fail - Why cyber security risk cannot simply be 'managed' away | Opinion 02/2013 on apps on smart devices | Using smartphones as a proxy for forensic evidence contained in cloud storage services | Silent listeners - The evolution of privacy and disclosure on Facebook | Everything we know about what data brokers know about you | Google, Facebook, Amazon, eBay - Is the internet driving competition or market monopolization? | Technology and the sovereignty of the individual | [Serious and Organised Crime Threat Assessment (SOCTA)] 2013 - Public version | Internet bad neighborhoods | Hacking appliances - Ironic exploits in security products | How bad is it? - A branching activity model to estimate the impact of information security breaches | The implausibility of secrecy | The web won't be safe or secure until we break it | Private traits and attributes are predictable from digital records of human behavior | Data protection in Europe | Paper, plastic... or mobile? An FTC workshop on mobile payments | Cyber-attacks - a new edge for old weapons | Stuxnet 0.5 - The missing link | Bring your own device (BYOD) | 2012 Data mining report to Congress | Quantifying the invisible audience in social networks | What privacy is for | Reforming the data protection package | Big data and analytics - seeking foundations for effective privacy guidance | Consumer Sentinel Network data book for January - December 2012 | Cybersecurity of smart grids | Opinion on [whether a hyperlink to content can be considered a communication to the public] | International compendium of data privacy laws | [Summary of the feedback on cybersecurity legislation from 'Fortune 500' companies] | Ransomware - next-generation fake antivirus | 2013 State of the endpoint | 2013 Cisco annual security report | Global audit committee survey | The UK cyber security strategy - Landscape review]

April

[The retention of the fingerprints of a person who had not been convicted breached his right to respect for his private life | The disconcerting details - How Facebook teams up with data brokers to show you targeted ads | 2013 Data breach investigations report | 2013 Information security breaches survey | 1Q 2013 security roundup - Zero-days hit users hard at the start of the year | "How old do you think I am?": A study of language and age in Twitter | Net neutrality in Europe | Clarifications regarding the U.S.-EU Safe Harbor framework and cloud computing | Can recent attacks really threaten Internet availability? | Microsoft security intelligence report - Volume 14 | Internet security threat report 2013 | Opinion 03/2013 on purpose limitation | Internet privacy - the right to be forgotten | Avoiding the hidden costs of the cloud | The modern malware review - Analysis of new and evasive malware in live enterprise networks | EU online trustmarks - Building digital confidence in Europe | Sleights of privacy - framing, disclosures, and the limits of transparency | The pursuit of privacy in a world where information control is falling | Privacy 101 - Skype leaks your location]

May

[Privacy self-management and the consent dilemma | Towards a positive theory of privacy law | The EU-U.S. privacy collision - a turn to institutions and procedures | A sober look at national security access to data in the cloud | Distributed denial of service actions and the challenge of civil disobedience on the internet | Law in the boardroom | Who has your back? - Which companies help protect your data from the government? | The economic importance of getting data protection right - protecting privacy, transmitting data, moving commerce | Implications of the European Commission's proposal for a general data protection regulation for business | Using malware analysis to evaluate botnet resilience | Digital surveillance - Why the Snooper's Charter is the wrong approach - A call for targeted and accountable investigatory powers | Insider threat control - Understanding Data Loss Prevention (DLP) and detection by correlating events from multiple sources | Public cloud service agreements - What to expect and what to negotiate | Lets cut through the Bitcoin hype - A hacker-entrepreneur's take | How Google lost the trust of Europe's data protection authorities]

June

[[Google Spain] v. [Spanish data protection authority] | Commission Regulation on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC [...] | Beyond location - data security in the 21st century | The law of the future and the future of law - Volume II | Needle in a datastack - the rise of big security data | Explanatory document on the Processor Binding Corporate Rules | A guide to FISA §1881a - The law behind it all | PRISM-Break list is dangerously misleading | Amendments [...] on the proposal for a directive of the European Parliament and of the Council on attacks against information systems [...] | Opinion on [the EU cyber security strategy and the proposed cybersecurity directive] | 'Something bad might happen' - Lawyers, anonymization and risk | Employers and schools that demand account passwords and the future of cloud privacy | What does Prism tell us about privacy protection? | Stop watching us | PRISM Break | 2013 Cost of data breach study - global analysis | McAfee threats report - first quarter 2013 | Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue | Transcripts from Bradley Manning's trial | Annual report 2012 | Facebook costing 16-34s jobs in tough economic climate | ESignature - Study on the supply side of EU e-signature market | The Canadian access to social media information project (CATSMI) | Teens, social media, and privacy | Cyber security and fraud - The impact on small businesses | National SME fraud segmentation 2012 | Electric grid vulnerability - Industry responses reveal security gaps | Anatomy of a hack - How crackers ransack passwords like "qeadzcwrsfxv1331"]

July

[What an IP address can reveal about you | 2012 Annual report of the Interception of Communications Commissioner | @metpoliceuk how twitter is changing modern policing | Online survival kit | Is your inseam a biometric? Evaluating the understandability of mobile privacy notice categories | The SANS 2013 help desk security and privacy survey | Exploring data-driven innovation as a new source of growth - Mapping the policy issues raised by 'big data' | Reconciling personal information in the United States and European Union | Data breach report 2012 | Global state of information security survey 2013 | Privacy auditing - an exploratory study | Children's online privacy protection rule | Apps for kids are data magnets; FTC rules to kick in | Patient privacy in a mobile world - a framework to address privay law issues in mobile health | Working paper on web tracking and privacy - Respect for context, transparency and control remains essential | [United States of America v. Andrew Auernheimer, Appellant's opening brief]]

August

[The privacy challenges of big data - a view from the lifeguard's chair | Judged by the tin man - individual rights in the age of big data | Protecting their own - fundamental rights implications for EU data sovereignty in the cloud | Information privacy in the cloud | How much will PRISM cost the U.S. cloud computing industry? | Rangzen - Circumventing government-imposed communication blackouts | Press suckered by anti-Google group's bogus claim that Gmail users can't expect privacy | Piaw@tch - the Privacy Impact Assessment observatory | Subject access code of practice | [Updated guidance on network attacks and malware] | Necessary and proportionate - International principles on the application of human rights to communications surveillance | Case of Youth Initiative for Human Rights v. Serbia | Biometric ID cybersurveillance | Privacy and safety on Facebook - a guide for survivors of abuse | Mobile health and fitness applications and information privacy | Report to the President - MIT and the prosecution of Aaron Swartz | Conducting privacy impact assessments code of practice | A case of collusion - a study of the interface between ad libraries and their apps | Browser security comparative analysis - Privacy settings | VERIS Community Database (VCDB) | Breach Watch | Global corporate IT security risks - 2013 | The economic impact of cybercrime and cyber espionage | Bradley Manning Espionage Act conviction a blow to both whistleblowers and journalists]

September

[The US [NSA] surveillance programmes (PRISM) and [FISA] activities and their impact on EU citizens' fundamental rights | Data broker giants hacked by ID theft service | Data and security breaches and cyber-security strategies in the EU and its international counterparts | Who commits virtual identity suicide? Differences in privacy concerns, internet addiction and personality between Facebook users and quitters | OECD Guidelines governing the protection of privacy and transborder flow of personal data | Privacy in the digital economy - requiem or renaissance? | Why privacy pros need to look beyond "detective" practices and embrace technology | Diluted privacy law | Mobile security - from risk to revenue | Direct marketing | Submission [...] on the surveillance activities of the United States and certain European States' national security and "intelligence" agencies | Just delete me | 2013 Data breach investigations report | Anonymity, privacy, and security online | Privacy and big data - Making ends meet | U.S. spy network's successes, failures and objectives detailed in 'black budget' summary | Cookieless monster - Exploring the ecosystem of web-based device fingerprinting | Users get routed - Traffic correlation on Tor by realistic adversaries | Looking inside the (Drop) box | Head in the digital sand - How the Obama Administration's NTIA-led multistakeholder effort doesn't deliver its promised privacy Bill of Rights | [ACLU v. James R. Clapper et al] Declaration of professor Edward W. Felten | The next generation Communications Privacy Act | The FTC and the new common law of privacy | Who is the more active privacy enforcer - FTC or OCR? | [August 13 letter to Commissioner Viviane Reding] | An analysis of service provider transparency reports on government requests for data | Decision notice [Appellant: Scottish Borders Council, Respondent: The Information Commissioner] | Case of Nagla v. Latvia | UK ISP Sky Broadband says no need to fear SessionCam snooping]

October

[[Vote on the data protection package, October 21st] | General Data Protection Regulation in 10 points | Data Protection Regulation - Leaked compromises | Leaked EU Data Protection Directive | Improving critical infrastructure cybersecurity Executive Order 13636 - Preliminary cybersecurity framework | Leaving out notification requirements for data collection orders? | Experian sold consumer data to ID theft service | On the acceptance of privacy-preserving authentication technology - the curious case of national identity cards | LIBE committee inquiry on electronic mass surveillance of EU citizens | FPDetective - Dusting the web for fingerprints | Working document [...] providing guidance on obtaining consent for cookies | How the Bible and YouTube are fueling the next frontier of password cracking | Piercing through WhatsApp's encryption | Routes for breaching and protecting genetic privacy | Case of Delfi AS v. Estonia | Competitive analysis of the UK cyber security sector | Easily obtained subpoenas turn your personal information against you | Attacking Tor - how the NSA targets users' online anonymity | EPIC online guide to practical privacy tools | Anonymous in context - the politics and power behind the mask | Personality, gender and age in the language of social media - the open-vocabulary approach | Auditing security measures - An overview of schemes for auditing security measures | Warsaw declaration on the "appification" of society | Mobile medical applications - Guidance for industry and Food and Drug Administration staff | Children's online games - report and consultation | Protecting vulnerable data subjects - Findings from a survey of EU data protection officials on the use of cloud services in organisations | Inferring trip destinations from driving habits data | A study of Whois privacy and proxy service abuse]

November

[Making sense of the NSA metadata collection program | Mass surveillance of personal data by EU member states and its compatibility with EU law | The aerial gaze: regulating domestic drones in the UK | [Unmanned aircraft systems integration roadmap] | The data surveillance state in the US and Europe | What the government does with Americans' data | Defining the surveillance state | Cyber liability & data breach insurance claims - A study of actual claim payouts | Recommended cryptographic measures - Securing personal data | Meet "badBIOS," the mysterious Mac and PC malware that jumps airgaps | Towards a more dynamic transatlantic area of growth and investment | Hands off encryption! Say new amici briefs in Lavabit case | Mobile location analytics code of conduct | Ten steps you can take right now against internet surveillance | Data brokers and the federal government - A new front in the battle for privacy opens | The real privacy problem | Algorithms, key sizes and parameters report - 2013 recommendations | EU legislative process updates]

December

[Memorandum Opinion [Klayman et al. v. Obama et al.] | Liberty and security in a changing world | What information do data brokers have on consumers, and how do they use it? | A review of the data broker industry - collection, use and sale of consumer data for marketing purposes | Ten commandments of internet law revisited - basic principles for internet lawyers | Biometrics - friend or foe of privacy? | Cryptography as a service in a cloud computing environment | Privacy-preserving charging for eMobility | Rolling plan for ICT standardisation (2013) | UK cyber security standards - Research report | 2013 Information security breaches survey - Technical report | According to the Advocate General [...] the Data Retention Directive is incompatible with the Charter of Fundamental Rights | How these 5 dirtbags radically advanced your digital rights | New documents show how the NSA infers relationships based on mobile location data | The FBI's next generation identification program - Big Brother's ID system? | Chilling effects - NSA surveillance drives U.S. writers to self-censor | "Small" breach, big harm. | View from the precipice - Mobile financial malware | Security threat report 2014 - Smarter, shadier, stealthier malware | ENISA threat landscape 2013 - Overview of current and emerging cyber-threats | How the Bitcoin protocol actually works | Digital evidence, digital investigations and e-disclosure - A guide to forensic readiness for organisations, security advisers and lawyers | Foreign surveillance and human rights | Digital activism and non-violent conflict | Mayority is not enough - Bitcoin mining is vulnerable | Serious security - How to store your users' passwords safely | Security of eGovernment systems | Cloud standards coordination - Final report | Security breach notification chart | Special Eurobarometer 404 - Cyber security | [...] on the functioning of the Safe Harbour from the perspective of EU citizens and companies established in the EU | Problems with the FISC's newly-declassified opinion on bulk collection of internet metadata | Our government has weaponized the internet. Here's how they did it | Eyes wide open | Information resellers - Consumer privacy framework needs to reflect changes in technology and the marketplace | Aiding surveillance - An exploration of how development and humanitarian aid initiatives are enabling surveillance in developing countries | An experiment in hiring discrimination via online social networks | LG Smart TVs logging USB filenames and viewing info to LG servers | Is UK college's RFID chip tracking of pupils an invasion of privacy? | Security certification practice in the EU | Good practice guide for securely deploying governmental clouds]