Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘security’

privacy-coins-and-bitcoin-dominance-guide

Apple tied to new privacy website, suggesting future security marketing

March 6, 2019

The iPhone maker, which makes privacy a selling point for its devices, appears to be gearing up for another marketing push with PrivacyIsImportant.com.

BY
IAN SHERR
MARCH 5, 2019 6:35 PM PST

The tech industry’s already-boiling privacy debate may get even hotter soon.

Apple appears to have purchased the web address PrivacyIsImportant.com, which according to public registration records, was bought on March 4. Currently, the site is just a blank white page. MacRumors was fist to notice the domain purchase. Apple didn’t immediately respond to a request for comment.

If indeed Apple is planning something, it’d fall in line with the company’s ongoing marketing over its products like the iPhone and its Mac computers. During CES in Las Vegas in January, Apple put up a billboard promising “What happens on your iPhone, stays on your iPhone.”

Apple’s moves come at a time when privacy issues are squarely in the public debate. Governments are attempting to force, through potential legislation and court battles, access to encrypted messages on WhatsApp, Signal and other apps. They’ve argued, in effect, that privacy is not absolute. Meanwhile, Facebook’s poor handling of user data landed CEO Mark Zuckerberg and COO Sheryl Sandberg in congressional hearings.

The debate has divided the tech industry as well. On one side are companies like Google and Facebook, which make almost all their money from tracking users and showing ads to them. On the other said are companies like Microsoft, whose CEO Satya Nadella says “privacy is a human right.”

Apple has gone up against Google and Facebook too. Last year, for example, the company said its Safari browser would prevent companies like Facebook from tracking users without their knowledge.

Apple CEO Tim Cook, in pushing on privacy issues, echoed Nadella’s sentiment when he spoke at Apple’s shareholder meeting last week.

“We’ve always viewed privacy as a human right,” Cook said. “And in this country, we view it that it’s ingrained in the Constitution.”

Originally published March 5, 2:32 p.m. PT.
Update, 3:47 p.m.: Includes more details.

5G and foldable phones go big at MWC 2019: With international intrigue and a 5G coming-out party, this show doesn’t need the boost of a Samsung event.

Galaxy S10 Plus review: No doubt about it, the Galaxy S10 Plus is going to be one of the best Android phones of 2019.

Tags: ,

images-1

US legal eagle: Well done, you bought privacy compliance tools. Doesn’t mean you comply with anything

February 25, 2019

From California state regs to Europe’s GDPR: It’s all just a ‘veneer of protection’

By Rebecca Hill 25 Feb 2019 at 14:44 13
Much-lauded privacy laws risk being undermined as compliance is outsourced to tech vendors and “toothless trainings, audits and paper trails” are confused for genuine protections, a New York Law School professor has said.

In a paper in the Washington Law Review, published online last week, Ari Ezra Waldman argued that recently strengthened privacy laws actually offer “false promises” for consumers.

He said that laws like the European Union’s GDPR or California’s state privacy rules are failing to deliver on their promised protections partly because of the “booming market” in tech vendors hawking privacy compliance tools.

“The responsibility for fulfilling legal obligations is being outsourced to engineers at third-party technology vendors who see privacy law through a corporate, rather than substantive, lens,” he wrote.

“Toothless trainings, audits, and paper trails, among other symbols, are being confused for actual adherence to privacy law, which has the effect of undermining the promise of greater privacy protection for consumers.”

The problem is heightened because, as they fear increasing fines under the new laws, organisations – particularly those without the cash to build tools in-house or hire in experts – are more likely to look for a quick fix.

However, Waldman warned that this could have knock-on effects for not only because organisations buying honky kit risk non-compliance, but also for both the long-term outlook of the vendors and consumers.

“Not all innovation is good innovation,” Waldman said. “Companies that develop shoddy products may lose out in the market in the long term, but in the short and medium term, they risk putting millions of persons’ data at risk.”

‘Symbols of compliance standing in for real protections’
The paper aimed to emphasise the importance of privacy laws by pointing to Facebook’s “cavalier” approach to data protection, mobile app platforms that “routinely sweep in user data” because they can, and even academics’ interest in hoovering up personal info as part of studies.

As the implications of such mass data hoarding, harvesting and hawking have come to light, a set of comprehensive international privacy laws have been drawn up – but Waldman said that, in reality, the law’s “veneer of protection is hiding the fact that it is built on a house of cards”.

He pins much of this on the burgeoning “privacy outsourcing market” and the idea that third-party tech vendors “instantiate their own vision of the law into their services” to fling at organisations desperate to avoid whopping fines.

The argument is based on a socio-legal principle of “legal endogeneity”, first mooted by academic Lauren Edelman. This is when the law is shaped by ideas emerging from the space it seeks to regulate, rather than constraining or guiding those organisations’ behaviour.

It occurs when “ambiguously worded legal requirements” allow compliance professionals on the ground to define what the law means in practice – and in the case of privacy laws, much of this comes down to tech vendors and compliance professionals.

Some of the law’s most important premises – like privacy by design or consent – “are so unclear that professionals on the ground have wide latitude to frame the law’s requirements, kicking endogeneity into high gear”.

Tech can’t save you – but everyone wants it to
Mixed in with this is the fact that both private and public bodies have (misplaced) faith in technology to solve their problems; meanwhile the threats of financial penalties make organisations “uniquely susceptible to promises that vendors can make their troubles disappear”.

This opens the door to vendors selling compliance, and Waldman said that there are 200-plus firms that “instantiate their own interpretations of privacy law into the designs of automated tools, often marketing themselves as one-stop compliance shops”.

The author – hoping to see off any “not all vendors!” comebacks – emphasised that he isn’t saying every firm is part of the problem, nor that they alone are responsible for undermining the promise of privacy law.

Instead, Waldman said that the impact of privacy tech vendors on the legal frameworks is “both significant and under-explored” – and aimed to probe this by assessing the claims made by 165 companies listed in a 2018 report (PDF) from the International Association of Privacy Professionals.

He found that, at some point, almost three-quarters had at some point positioned their products and services as achieving GDPR compliance – when most are designed to meet just two or three of the GDPR’s requirements, “if that”.

‘Privacy law can’t be broken down into code-able pieces’
A further issue described in the paper is that, by promoting these tools for compliance, vendors are attempting to reduce the law into “code-able pieces” when the law is about more than just paper trails and data maps.

“Such under-inclusive compliance technologies may then have the effect of increasing corporate exposure to administrative fines if in-house constituencies confuse purchasing a compliance technology that does a few things with actually solving a problem,” Waldman wrote.

He also posits the idea that this could lead to an imbalance between firms that have to outsource because they lack the money or time to recruit legal experts or build their own tools in-house, and those that can afford to do this.

Meanwhile, consumers are being disempowered because they are increasingly faced with tech-driven conversations about compliance based on black box algorithms. This also risks “erasing” traditional safeguards that sees the law interpreted in the open and on the public record.

Waldman proposed lawmakers edge away from “transactional visions of privacy law that are susceptible to symbolic structures”, as well as calling on the US Federal Trade Commission to be “more active vendor regulators” with better audits.

For vendors, he called for “more modest approaches” that include hiring lawyers and professionals and establishing a closer relationship with regulators, possibly including certification.

Possible products and services include summaries and comparisons of legislation, training courses and tools that scan the data a company has to seek out personal information.

He also called for further research that puts vendors in an ecosystem of social forces that influence the implementation of privacy law on the ground, as well as work on the problem of privacy education for engineers. ®

Tags: , ,

fb featured image

Privacy Problems Mount for Tech Giants

January 21, 2019

By Sam Schechner
Jan. 21, 2019 6:30 a.m. ET

Big tech companies have taken a public lashing in the past year over their handling of users’ personal information. But many of their biggest privacy battles have yet to be fought—and the results will help determine the fate of some of the world’s largest businesses.

So far, tech giants like Facebook Inc. and Alphabet Inc.’s Google have proved relatively resilient against a growing backlash over possible abuse of their users’ personal privacy. Tech companies’ stocks may have swooned, but advertisers are continuing to cut them checks, and their profits are still growing at double-digit rates that would earn most CEOs a standing ovation.

This year may be stormier. Growing discontent among users over privacy and other issues—such as the widespread feeling that mobile devices and social media are addictive—could damp profit growth, discourage employees or chase away ad dollars. In Europe, regulators are slated to make major rulings about tech companies’ privacy practices, likely setting off high-stakes litigation. In the U.S., revelations about allegedly lax privacy protections are raising political pressure for federal privacy regulation.

At risk are tens of billions of dollars that marketers spend every year in online advertisements targeted at users with the help of personal information about individuals’ web browsing, mobile-app usage, physical location and sometimes other data, like income levels.

The behavior of tech giants is likely to be a major topic at the World Economic Forum this week in Davos, Switzerland. While the yearly meeting of world leaders and company executives normally celebrates how businesses can solve the world’s problems, tech companies were on the defensive last year against complaints that ranged from fomenting political polarization to building artificial intelligence that will displace millions of workers.

Since then, the pressure has increased. Facebook executives have been dragged before legislators on both sides of the Atlantic, after the company said data related to as many as 87 million people may have been improperly shared with Cambridge Analytica, a political analytics firm. And in September, Facebook said hackers had gained access to nearly 50 million accounts.

Google, meanwhile, has faced criticism of its privacy practices from political leaders, including flak after The Wall Street Journal reported that the company had exposed the private data of hundreds of thousands of users of its Google+ social network and opted initially not to disclose it.

Some tech executives have raised alarms, too. Apple Inc. Chief Executive Tim Cook, speaking in October before a privacy conference organized by the European Union, called for tighter regulation in the U.S. along the lines of a strict new privacy law in the EU, saying that some companies had “weaponized” users’ personal information in what he described as a “data-industrial complex.”

Facebook and Google both say that they have been investing heavily in improving how they protect user privacy and that they welcome tighter privacy rules; both companies support passage of a U.S. federal privacy law. Tech-industry lobbyists say they are planning to support U.S. privacy legislation over the coming year, in part to avoid contending with a patchwork of laws like one passed last year in California.

“Our industry strongly supports stronger privacy protections for consumers,” says Josh Kallmer, executive vice president for policy at the Information Technology Industry Council, which represents Facebook, Google and other tech companies. Mr. Kallmer says consumers “benefit incredibly from these technological innovations,” but adds that “alongside that are some very legitimate concerns about how data is being handled.”

What impact will stricter privacy rules have? There are two theories.

One school of thought says that stricter rules and tighter enforcement will benefit big, incumbent companies that already have access to large amounts of user data and can spend more heavily on legal-compliance efforts. The other argues that rules like those in the EU’s new General Data Protection Regulation, if strictly applied, will force significant changes to how the biggest tech companies collect and analyze individuals’ personal information—undercutting their advertising businesses and weakening their advantage over existing or potential new competitors.

“Both are reasonable claims. But it is far too early to tell which will turn out to be true,” says Alessandro Acquisti, a professor at Carnegie Mellon University who studies the behavioral economics of privacy.

At issue, in part, is the distinction between short-term and long-term effects. There are signs that Google, for one, benefited at least initially from the transition to the GDPR in May, in part because advertisers shifted money to the bigger firms, which were able to show they had users’ consent to display targeted ads.

In Europe, Google saw a 0.9% increase in the share of websites that include its advertising trackers two months after the GDPR went into effect compared with two months before, according to Cliqz, which makes antitracking tools for consumers. Facebook’s share declined 6.7%. The share for the other top 50 online-ad businesses fell more than 20%.

The longer-term impact on big firms is harder to predict. One study of nearly 10,000 online display advertising campaigns showed that users’ intent to purchase products was diminished after earlier EU laws restricted advertisers’ ability to collect data in order to target those ad campaigns. But more research is needed to determine what impact tighter rules would have on consumer spending more broadly, Prof. Acquisti says.

How the laws are enforced by regulators and courts will play an important role. Ireland’s Data Protection Commission, which is the EU’s lead regulator for Facebook and Google, is investigating complaints from privacy activists that the consent companies sometimes request for the processing of individuals’ data is a condition of using a service and so is not “freely given,” as the law requires.

In Germany, the federal antitrust enforcer says it will issue early this year a final decision regarding its preliminary finding that Facebook uses its power as the most popular social network in the country to strong-arm users into allowing it to collect data about them from third-party sources. A German decision wouldn’t involve fines, but could include orders to change business practices.

Both Facebook and Google say they comply with privacy laws.

Initial decisions could come this year, but whichever way the watchdogs come down, their actions are likely to end up reviewed in court. Those cases will end up determining how new privacy standards will be applied. And that will determine how profound their impact is.

“There is active litigation in a couple of places that could become hugely important,” Mr. Kallmer says. “It’s uncertainty that our industry thinks it’s on the right side of.”

Mr. Schechner is a Wall Street Journal reporter in Paris. Email sam.schechner@wsj.com.

Tags: , ,

apple

Apple is portraying itself as the defender of privacy in the tech world, but it’s one slip away from embarrassment

January 10, 2019

Analysis: Apple has continued to ratchet up its criticism of competitors in a bid to differentiate itself as the “most secure” tech company.
The move is a risky one, as Apple is exposed on several fronts to possible privacy and security leaks and breaches, putting it one step removed from a significant reputation dent that could further hurt sales.
Kate Fazzini

CNBC.com
Tim Cook, Chief Executive Officer of Apple Inc., takes a selfie with a customer and her iPhone as he visits the Apple Store in Chicago, Illinois, U.S., March 27, 2018.
John Gress | Reuters
Tim Cook, Chief Executive Officer of Apple Inc., takes a selfie with a customer and her iPhone as he visits the Apple Store in Chicago, Illinois, U.S., March 27, 2018.
Apple ramped up its efforts this week to differentiate its business on the basis of privacy and security, a risky move given risks to its cloud-based backup service and a challenging privacy environment globally, particularly in China, where the company says it is struggling.

Apple took a high-profile swipe at Google, Amazon and Facebook at this year’s Computer Electronics Show, with a full-building ad touting “What happens on your iPhone, stays on your iPhone.” CEO Tim Cook has criticized competitors for their privacy practices and their willingness to share data with third parties.

Apple is now also reportedly hiring ex-Facebook engineer Sandy Parakilas, who called Facebook a “living, breathing crime scene” because of its misuse by Russian hackers in the 2016 election. (Parakilas is reportedly taking an internal spot as a privacy product manager at Apple, a role not likely to include public-facing statements like these in the future).

For sure, Apple’s core business is different from Facebook’s and Google’s. Apple makes the bulk of its money selling iPhones and other computing devices, and charging consumer subscriptions for things like Apple Music. That means Apple has little reason to compile detailed information about users, and even less incentive to sell that information to third parties. But Facebook and Google make the vast majority of their money from advertising.

But putting such a big stake in privacy as a differentiator may be a risky business move.

First, Apple is just one iCloud breach away from an embarrassing incident that could damage its “what happens on your iPhone, stays on your iPhone” claims.

Scandals in the past years involving major celebrities who have had nude photographs stolen from their iCloud archives have been dangerously close. Apple has said these incidents involved username and password theft, giving criminals access to iCloud files through the celebrities’ password information, not a breached iCloud database.

But iCloud relies on the same cloud-based network architecture most companies rely on, including Amazon Web Services, Google’s cloud platform and Microsoft Azure. No database is impenetrable, and that includes those iCloud uses. A single instance of leaked data or an insider theft could put the company at serious reputational risk.

Third-party applications are also a potential sticking point. From a security point of view, Apple’s app store has stringent safeguards in place that make it more resilient to security issues like application spoofing than competitors such as Google’s Play store.

But independent iPhone apps still have the capacity to misuse data. The company routinely removes applications from the store for providing user information to unauthorized third parties. The New York Times reported earlier this year that numerous free iOS apps track detailed user information and provide it to third parties.

So Apple may also be one data-tracking scandal away from significantly denting the idea that data necessarily “stays on your iPhone.”

Tags: , ,

privacy-coins-and-bitcoin-dominance-guide

Editorial: Privacy Lessons From Google

December 28, 2018

Thursday, December 27, 2018
Congress is eyeing a federal privacy framework for 2019. But what about the laws already on the books? Demands for an investigation into Google’s marketing of children’s apps in its mobile store could offer legislators some lessons.

Comprehensive privacy rules for the United States are necessary precisely because the current rules cover only information or populations deemed especially sensitive. One of those populations is children, and the Children’s Online Protection Privacy Act was passed in 1998 to prohibit sites from collecting their identifying data without parental consent.

But according to a filing to the Federal Trade Commission by 22 children’s and consumer organizations, many apps gather that data anyway — from ID numbers, to addresses, to location, to the photos on a game-player’s smartphone.

Google is not responsible under COPPA for the actions of untrustworthy apps; the apps themselves are the only ones breaking that law. (The tracking of children on YouTube, which is owned by Google, is another question.) But the complainants allege that, by labeling a section of its store child-friendly and then allowing COPPA violators to appear there, Google is misleading consumers.

They want the FTC to step in, and three Democratic senators have joined in the call. Google says it has removed thousands of noncompliant apps in the past year and has already begun removing those listed in last week’s filing.
This debate should be particularly interesting to lawmakers seeking to craft broader regulations for consumer protection. First, there is the question of Google’s role as a gatekeeper, particularly when its own ad platform is integrated with many of the apps in its stores. Making Google and other software companies, such as Apple, liable for all of the content they host would hurt more than help. But the companies’ conflicting interests are an argument for increased oversight of app stores. And companies should be held to account when they are demonstrably negligent in enforcing their standards.

Last week’s complaint also presents an enforcement issue. The FTC has taken some action against developers in the past for sharing children’s information with advertisers, but the problem persists, and at scale: A study in April found that a majority of the popular apps that researchers surveyed were potentially in violation of COPPA. The FTC has been granted the fining and rulemaking authority under COPPA that many legislators presumably would grant it under a federal privacy law. Still, its efforts so far have not been an effective deterrent, and Congress will have to ask why.

COPPA is two decades old, and it requires modernization that ought to occur alongside Congress’ broader privacy efforts next term. But its provisions nonetheless should remind lawmakers of an important reality: How companies are held to account for violating a law is as important as the law itself.

The Washington Post

Tags: ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
privacy-coins-and-bitcoin-dominance-guide
We’ve Stopped Talking And Searching About Privacy
April 15, 2019

Kalev Leetaru Contributor AI & Big Data I write about the broad intersection of data and soci...

Read more
private
Rebiton Allows You to Buy Bitcoin and Keep Your Privacy
April 8, 2019

by Kai Sedgwick Purchasing bitcoin ought to be quick and easy, but over the years, encroaching KY...

Read more
20190323_fbd001
Big tech faces competition and privacy concerns in Brussels
March 25, 2019

And the sector may be the better for it Print edition | Briefing Mar 23rd 2019 | PARIS Around 19 ...

Read more
telegram-3m
Telegram gets 3M new signups during Facebook apps’ outage
March 19, 2019

Natasha Lomas@riptari / 5 days ago Messaging platform Telegram claims to have had a surge in signup...

Read more
privacy-coins-and-bitcoin-dominance-guide
Apple tied to new privacy website, suggesting future security marketing
March 6, 2019

The iPhone maker, which makes privacy a selling point for its devices, appears to be gearing up for ...

Read more