Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#data’

imrs

The Senate just voted to undo landmark rules covering your Internet privacy

March 23, 2017

Senate lawmakers voted Thursday to repeal a historic set of rules aimed at protecting consumers’ online data from their own Internet providers, in a move that could make it easier for broadband companies to sell and share their customers’ usage information for advertising purposes.

The rules, which prohibit providers from abusing the data they gather on their customers as they browse the Web on cellphones and computers, were approved last year over objections from Republicans who argued the regulations went too far.

U.S. senators voted 50 to 48 to approve a joint resolution from Sen. Jeff Flake (R-Ariz.) that would prevent the Federal Communications Commission’s privacy rules from going into effect. The resolution also would bar the FCC from ever enacting similar consumer protections. It now heads to the House.
Industry groups welcomed the vote.

“Our industry remains committed to offering services that protect the privacy and security of the personal information of our customers,” said NCTA — The Internet and Television Association, a trade group representing major cable providers. “We support this step toward reversing the FCC’s misguided approach and look forward to restoring a consistent approach to online privacy protection that consumers want and deserve.”

Consumer and privacy groups condemned the resolution.

“It is extremely disappointing that the Senate voted today to sacrifice the privacy rights of Americans in the interest of protecting the profits of major Internet companies, including Comcast, AT&T, and Verizon,” Neema Singh Giuliani, legislative counsel for the American Civil Liberties Union, said in a statement.

The FCC didn’t immediately respond to a request for comment.

The agency’s rules are being debated as Internet providers — no longer satisfied with simply offering Web access — race to become online advertising giants as large as Google and Facebook. To deliver consumers from one website to another, Internet providers must see and understand which online destinations their customers wish to visit, whether that’s Netflix, WebMD or PornHub.
With that data, Internet providers would like to sell targeted advertising or even share that information with third-party marketers. But the FCC’s regulations place certain limits on the type of data Internet providers can share and under what circumstances. Under the rules, consumers may forbid their providers from sharing what the FCC deems “sensitive” information, such as app usage history and mobile location data.

Opponents of the regulation argue the FCC’s definition of sensitive information is far too broad and that it creates an imbalance between what’s expected of Internet providers and what’s allowed for Web companies such as Google. Separately from Congress, critics of the measure have petitioned the FCC to reconsider letting the rules go into effect, and the agency’s new Republican leadership has partly complied. In February, President Trump’s FCC chairman, Ajit Pai, put a hold on a slice of the rules that would have forced Internet providers to better safeguard their customer data from hackers.
The congressional resolution could render unnecessary any further action by the FCC to review the rules; Flake’s measure aims to nullify the FCC’s privacy rules altogether. Republicans argue that even if the FCC’s power to make rules on Internet privacy is curtailed, state attorneys general and the Federal Trade Commission could still hold Internet providers accountable for future privacy abuses.

But Democrats say that preemptive rules are necessary to protect consumers before their information gets out against their will.

“At a time when our personal data is more vulnerable than ever, it’s baffling that Senate Republicans would eliminate the few privacy protections Americans have today,” said Rep. Frank Pallone Jr. (N.J.), the ranking Democrat on the House Energy and Commerce Committee. Pallone added in a statement Thursday that he hoped his House Republican colleagues “will exercise better judgment” when it becomes their turn to vote on the resolution.

On Wednesday, Senate Democrats challenged the idea that the FTC could take responsibility for regulating Internet providers’ privacy practices.
“The Federal Trade Commission does not have the rulemaking authority in data security, even though commissioners at the FTC have asked Congress for such authority in the past,” said Sen. Bill Nelson (Fla.), the top Democrat on the Senate Commerce Committee.

Tags: , , ,

shutterstock_104336624

Heartbeat could be used as password to access electronic health records

March 7, 2017

Researchers at Binghamton University, State University of New York have devised a new way to protect personal electronic health records using a patient’s own heartbeat.

“The cost and complexity of traditional encryption solutions prevent them being directly applied to telemedicine or mobile healthcare. Those systems are gradually replacing clinic-centered healthcare, and we wanted to find a unique solution to protect sensitive personal health data with something simple, available and cost-effective,” said Zhanpeng Jin, assistant professor in the Department of Electrical and Computer Engineering at the Thomas J. Watson School of Engineering and Applied Science at Binghamton University. Jin is the co-author of a new paper titled “A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems.”

Traditional security measures — like cryptography or encryption — can be expensive, time-consuming, and computing-intensive. Binghamton researchers encrypted patient data using a person’s unique electrocardiograph (ECG) — a measurement of the electrical activity of the heart measured by a biosensor attached to the skin — as the key to lock and unlock the files.

“The ECG signal is one of the most important and common physiological parameters collected and analyzed to understand a patient’s’ health,” said Jin. “While ECG signals are collected for clinical diagnosis and transmitted through networks to electronic health records, we strategically reused the ECG signals for the data encryption. Through this strategy, the security and privacy can be enhanced while minimum cost will be added.”

Essentially, the patient’s heartbeat is the password to access their electronic health records.

The identification scheme is a combination of previous work by Jin using a person’s unique brainprint instead of traditional passwords for access to computers and buildings combined with cyber-security work from Guo and Chen.

“This research will be very helpful and significant for next-generation secure, personalized healthcare,” said Jin.

Since an ECG may change due to age, illness or injury — or a patient may just want to change how their records are accessed — researchers are currently working out ways to incorporate those variables.

Assistant Professor Linke Guo and Associate Professor Yu Chen, along with PhD candidates Pei Huang and Borui Li, are co-authors of the paper.

The research was presented at The IEEE Global Communications Conference (GLOBECOM 2016) in Washington, D.C., in December 2016.

The work is supported by Binghamton University’s Interdisciplinary Collaboration Grant (ICG) program.

Tags: , , , , ,

fb featured image

US court may snatch privacy rights on Facebook, Google data

February 16, 2017

BERLIN: A Philadelphia court has made the unfortunate decision to reopen the legal debate on whether the US has the right to access e-mails stored on foreign servers if they belong to US companies. If Magistrate Thomas Rueter’s ruling stands, anyone using US based internet companies will have to live with the knowledge that, as far as the US government is concerned, it’s America wherever they operate.

That’s a dangerous approach that hurts the international expansion of US tech companies. Privacy-minded customers in Europe are already suspicious of the US government’s cooperation with the tech giants, revealed by National Security Agency leaker Edward Snowden. Nationalist politicians in some countries want to ban cross-border personal data transfers.

Last July, Microsoft won a landmark case against the US government, in which it argued it didn’t have to hand over e-mails stored on a server in Dublin to investigators working on a drug case. The US Court of Appeals for the Second Circuit agreed with the corporation, ruling that the US Congress never meant the Stored Communications Act to apply extra territorially.

Just two weeks ago, the court allowed the ruling to stand. US internet companies have assumed that if communications are stored abroad, they are out of the US authorities’ reach.

Acting on that understanding, Google refused to disclose two users’ data to the Federal Bureau of Investigation, and the FBI went to court in Philadelphia. Unlike Microsoft, Google doesn’t even know the physical location of a file: its artificial intelligencebased system constantly optimises storage.

Judge Rueter refused to be bound by the Microsoft precedent. In his ruling, he said : “When Google produces the electronic data in accordance with the search warrants and the Government views it, the actual invasion of the account holders’ privacy -the searches -will occur in the United States.“ Within that logic, any information, public or private, that the US government can locate using computers on US territory is fair game. And if the logic applies, the European Union wasted its time last year as it tried to establish an acceptable privacy standard for US companies operating in Europe.

A new framework for these companies became necessary after the European Court of Justice struck down the EU’s so-called safe harbour agreement with the US, which allowed internet companies to shuttle personal data back and forth between the two jurisdictions based on an understanding that the US provided adequate protection for users’ privacy.

The so-called Privacy Shield is still pretty permissive, allowing companies to self-certify their commitment to user privacy, but it simplifies redress and gives European data privacy authorities more power over cross-border communication.

US court may snatch privacy rights on Facebook, Google data

If, however, the US decides that it can just take the data from foreign servers, the new agreement will be rendered meaningless. For US companies, this will mean a need to invent new private arrangements. It appointed Deutsche Telekom “data trustee“ for two data centres in Germany, making it impossible for anyone to obtain any information from the servers without the permission of the trustee and, ultimately, the client.Such tricks, however, may not stand up in US courts, if other judges agree with Rueter.

The US Supreme Court will probably have to take a stand on the issue.

Waiting for a decision, millions of foreigners must decide whether to cut their losses in this front of the online privacy wars: It may no longer be OK to expose their lives to US corporations.

Tags: , , ,

08e4fdf7-1b6d-4784-8868-d224dc881485

Children’s Dallas docked $3.2 million over patient privacy breaches

February 2, 2017

Children’s Medical Center of Dallas has paid a penalty of more than $3.2 million to the federal government over privacy breaches dating back to 2007 that left the data for thousands of patients at risk.
The facility voluntarily reported potential disclosures of patient health information, but it did not implement strong safeguards to ensure that the breaches would not happen again, according to a statement issued Wednesday from the U.S. Department of Health and Human Services.
Ensuring security precautions to protect health information is essential, said Robinsue Frohboese, acting director of the Office for Civil Rights in the statement.

“A lack of risk management not only costs individuals the security of their data, but it can also cost covered entities a sizable fine,” she said.

Children’s Health responded Thursday saying that it has fully cooperated with the government’s investigation, and that it does not believe any patient or their family was affected by the incidents.
In 2010, the medical center reported that the personal information for about 3,800 patients had been accessible on an unencrypted, non-password protected BlackBerry device used at the Dallas-Fort Worth International Airport the previous year.
However, according to the federal investigation, they were aware of the potential risk of that kind of incident since at least 2007. A security analysis conducted by the healthcare consulting firm Strategic Management Systems over a 3-month period ending February 2007 uncovered gaps.
So did a separate analysis in 2008 from the consulting firm PwC. It said encryption should be a “high priority” for the medical center, as stolen devices could put patient data at risk.

Still, no security plan was established, and the encryption issue was not corrected on laptops, workstations and other devices distributed to the Children’s workforce until April 2013, the civil rights office investigation found.
That month a laptop was stolen in a separate breach that contained unencrypted data for nearly 2,500 people. Children’s reported the HIPAA (Health Insurance Portability and Accountability Act) violation to the Office of Civil Rights three months later.
In January, the medical center declined its right to request a hearing and challenge the fine, which totaled $3,217,000.
“We have decided to pay the imposed fine because efforts to formally contest the claims would be a long and costly distraction from our mission to make life better for children,” said Scott Summerall, a spokesperson for Children’s Health. “We remain committed to protecting the privacy of our patients.”

Tags: , , ,

snow1

Snowden’s email service of choice, Lavabit, lives again

January 25, 2017

Lavabit is back. Wait, what’s Lavabit?

It’s an encrypted email service most famous for its connection to Edward Snowden, the former NSA contractor who leaked classified documents to journalists in 2013. Lavabit shut down rather than comply with an order to allow the US government access to user emails in a bid to see Snowden’s communications.

The service relaunched Friday, also Inauguration Day, with a revamped approach to security.

“Regardless of one’s political disposition, today we acknowledge our shared values of Freedom, Justice, and Liberty as secured by our Constitution,” wrote company founder Ladar Levison on the Lavabit homepage. “This is the reason why I’ve chosen today to relaunch Lavabit.”

The email service comes with a variety of options that give users say over their data, but at its foundation, the idea is to scramble up emails so that only the sender and recipient can read them.

Encrypted Email And Lavabit
Lavabit chief predicts ‘long fight’ with feds (Q&A)
Lavabit founder says he fought feds to protect the Constitution
Hiding your tracks from Trump: Online privacy worries heat up
Encrypted email has been around for more than 20 years, but it’s notoriously user unfriendly. Lavabit’s most basic service will be email that’s encrypted automatically, requiring the least amount of technical expertise for users to keep their messages private. This level of service is called “trustful,” because it requires users to trust that Lavabit has this encryption thing under control.

Two other levels of service (“Cautious” and “Paranoid”) put more control in the hands of users, but also require more tech savvy. Lavabit allows users to download the source code for its email server and run their own servers at home.

New users can register now, but will have to wait until later this year to start using their Lavabit accounts. Users whose accounts were suspended can start them up again.

Levison didn’t immediately respond to a request for comment.

Tags: , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
privacy-coins-and-bitcoin-dominance-guide
9 Important Privacy Settings for Windows 10
June 3, 2019

Matt Powell On Jun 3, 2019 At first glance, the Digital Age may seem like a wonderful thing. And ...

Read more
apple
Apple exec dismisses Google CEO’s criticism over turning privacy into a ‘luxury good’
May 29, 2019

By Jacob Kastrenakes@jake_k May 27, 2019, 12:18pm EDT Apple’s software chief, Craig Federigh...

Read more
telegram-3m
Your Privacy Is Our Business
April 30, 2019

Let us reassure you: You’re worried only because you don’t understand anything about anything. ...

Read more
pr
Coffee with Privacy Pros: Three Constants of Privacy
April 23, 2019

A look behind the career and privacy theology of the law-lovin’ CPO of Uber, Ruby Zefo Jared Cose...

Read more
privacy-coins-and-bitcoin-dominance-guide
We’ve Stopped Talking And Searching About Privacy
April 15, 2019

Kalev Leetaru Contributor AI & Big Data I write about the broad intersection of data and soci...

Read more