Category Archives: Law: Privacy

My Kind of Lolcat

lol-trans
Cheezburger, Inc. 2014 Transparency Report
.

Warrant Canary Statement:

As of February 5, 2015, Cheezburger has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information.

I will go missing if Cheezburger ever gets a classified National Security Letter. Something we cannot talk about.

What’s a Warrant Canary? Glad you asked.

Government Requests for User Information:

Total Requests:

Total Complied:

0

0

Breakdown:

Type

Requests

User Accounts Affected

 US Subpoenas from Government  Zero 0
 US Civil Subpoenas  Nil 0
 US Search Warrants  Zilch 0
 International Requests  Nothing 0
 Emergency Requests  Nada 0
 National Security Requests  Zip 0

Spotted via Cheezburger Network releases very clear transparency report at the Inq.

Posted in Law: Privacy | Leave a comment

Verizon and Turn Caught Cheating on Cookies (UPDATED)

How Verizon and Turn Defeat Browser Privacy Protections

Verizon advertising partner Turn has been caught using Verizon Wireless’s UIDH tracking header to resurrect deleted tracking cookies and share them with dozens of major websites and ad networks, forming a vast web of non-consensual online tracking. Explosive research from Stanford security expert Jonathan Mayer shows that, as we warned in November, Verizon’s UIDH header is being used as an undeletable perma-cookie that makes it impossible for customers to meaningfully control their online privacy.

Mayer’s research, described in ProPublica, shows that advertising network and Verizon partner Turn is using the UIDH header value to re-identify and re-cookie users who have taken careful steps to clear their cookies for privacy purposes. This contradicts standard browser privacy controls, users’ expectations, and Verizon’s own claims that the UIDH header won’t be used to track users because it changes periodically.

This spectacular violation of Verizon users’ privacy—made all the worse because of Verizon’s failure to allow even an opt-out—has already had far-reaching consequences.

For Shame.

UPDATE (1/17/15): Ad Network Turn Will Suspend Zombie Cookie Program. When Will Verizon?

Posted in Internet, Law: Privacy | Leave a comment

Unicorn Sighting: I Agree With Judge Silberman

Posted in Law: Privacy | Leave a comment

Tip of the Iceberg

The NYT has a great story today, Miss a Payment? Good Luck Moving That Car on sub-prime loans for cars requiring that buyer accept installation of an immobilizer that can be operated by remote control by the lender’s agents. The article concentrates on ways in which these are being abused, e.g. immobilizing cars in traffic, far from home, when payments are not in fact late, and more.

It also hints at a group of legal issues, notably privacy (the GPS technology on which the immobilizer relies makes cars trackable by the monitoring company), and whether state laws on repossession — which require more notice, or more time between a missed payment and authorized action by the lender — should apply to a ‘virtual repossession’ or not. (Attention: Student note topic seekers. Doing this analysis in just one state would be a fine topic, and a social good.)

Then there’s the sociological aspects,

Beyond the ability to disable a vehicle, the devices have tracking capabilities that allow lenders and others to know the movements of borrowers, a major concern for privacy advocates. And the warnings the devices emit — beeps that become more persistent as the due date for the loan payment approaches — are seen by some borrowers as more degrading than helpful.

“No middle-class person would ever be hounded for being a day late,” said Robert Swearingen, a lawyer with Legal Services of Eastern Missouri, in St. Louis. “But for poor people, there is a debt collector right there in the car with them.”

Missing, though, is the first thing that occurred to the cypherpunks when this technology first got mooted over a decade ago: How long until it is hacked? What happens when some bad guy starts war driving with a black box immobilizer causing accidents or other harms? And to what extent will the makers of the immobilizer be liable for those harms? Another good student note, at the very least.

[Note: Edited to add italicized line in second paragraph, which mysteriously got cut out before posting.]

Posted in Cryptography, Law: Privacy, Student Note Topics | Leave a comment

See How Your Bank’s Privacy Policies Compare

Lorrie Faith Cranor put me on to this new site she’s built, that allows you to compare banks according to their privacy policies.

It’s a great tool, but not a great reality. Here, for example, is what I got when I searched for large banks in Florida with adequate privacy policies (allowing opt-out from all categories of information sharing):

Search result

Posted in Econ & Money, Law: Privacy | Leave a comment

Debating Surveillance Next Monday

click for larger image

Click above for a larger image. Key facts are that it’s Monday March 31st, 12:30-1:50pm in the SAC-Law School Multipurpose room. And they’ll feed you lunch!

Posted in Law: Privacy, Talks & Conferences | 1 Comment

Early Returns: NSA Surveillance Reforms are Not Impressive

EFF tries to strike a note of cautious optimism about President Obama’s NSA reform package, Obama Takes First Steps Toward Reforming NSA Surveillance, but Leaves Many Issues Unaddressed, even though by my reading Obama’s reforms, such as they are, don’t do very well on yesterday’s EFF scorecarrd.

Simon Davis is more pessimistic:

US privacy advocates are right to conditionally welcome some of Obama’s reforms, but they should take into account two critically important implications that the President avoided.

The first of these is the NSA’s intimate operational partnership with Britain’s SIGINT agency, GCHQ. Nothing in his reform package indicates a brake on the current arrangements which allow GCHQ to collect information on US persons.

The second key element is that the proposals appear to merely shift the current collection and retention of metadata from a centralised NSA operation to more of a European-style communications data arrangement that requires commercial entities to maintain a distributed retention. That arrangement in Europe has been deemed unlawful, but there is every chance the US will adopt it.

All things considered, the prospects for genuine intelligence reform at the global level are more bleak than they were 24 hours ago.

Posted in Civil Liberties, Law: Privacy, National Security | 2 Comments