Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘security’

60217341

What happens to Aadhaar, Section 377?

August 25, 2017

NEW DELHI: A nine-judge Supreme Court bench unanimously ruled on Thursday that privacy is a fundamental right+ , protected as an intrinsic part of the right to life and personal liberty and as part of the freedoms guaranteed by the Constitution+ .
Here is a citizen’s guide to the SC verdict:
Can I be forced to get an Aadhaar card? If I already have one, do I still have to link it with my bank account, PAN card, mobile number…
A 3-judge bench will examine if Aadhaar is still valid+ . Most likely, Aadhaar will stay, but there will be clear guidelines for its usage. Thursday’s ruling allows government to collate data without being accused of violating privacy if it is done for national security or for effective distribution of scarce national resources, food and other essential items.
Does the judgment decriminalise consensual sexual relations among members of the LGBT community?
The court has observed that one’s sexual orientation is undoubtedly an attribute of privacy. The right to privacy cannot be denied even if a small fraction of the population is affected. In an earlier judgment, a two-judge bench of the SC had upheld Section 377. On Thursday, the 9-member bench termed the earlier judgment as “completely flawed”. A pending petition may soon get decided along the lines indicated by the bench.
The SC recognises the challenge posed by sharing of personal data and firms collating them to create meta-data for commercial exploitation. It has asked the govt to provide a robust data protection regime. New law on data collection and usage are already in the making.
What about beef ban, prohibition and other such restrictions?
Most of these restrictions are enforced under existing laws. But anyone who has a problem with these laws can now challenge them directly in the SC, on the ground that these provisions violate his right to privacy and personal choice.

Get latest news & live updates on the go on your pc with News App. Download The Times of India news app for your device.

Tags: , ,

pr

Data-hucksters beware – online privacy is making a comeback

August 22, 2017

Next year, 25 May looks like being a significant date. That’s because it’s the day that the European Union’s general data protection regulation (GDPR) comes into force. This may not seem like a big deal to you, but it’s a date that is already keeping many corporate executives awake at night. And for those who are still sleeping soundly, perhaps it would be worth checking that their organisations are ready for what’s coming down the line.

First things first. Unlike much of the legislation that emerges from Brussels, the GDPR is a regulation rather than a directive. This means that it becomes law in all EU countries at the same time; a directive, in contrast, allows each country to decide how its requirements are to be incorporated in national laws.

Second, the purpose of the new regulation is to strengthen and rationalise data protection for all individuals within the EU. It also covers the export of personal data to outside the bloc. Its aims are to give control back to EU residents over their personal data and to simplify the regulatory environment for international business by unifying regulation, so that instead of having to deal with a range of data-protection issues in different jurisdictions, companies will effectively be able to obtain a “passport” for the entire region, much as financial services firms have been able to acquire.

Given that the use, abuse and exploitation of personal data has become the core business of the internet, anything that affects this is going to be a big deal. The GDPR extends EU data-protection law to all foreign companies that process the data of EU residents. So even if a company has no premises or presence within the EU, if it processes EU data it will be bound by the regulation. And the penalties for non-compliance or infringement are eye-watering, even by internet standards: fines up to €20m and/or 4% of global turnover.

Advertising Age concludes that the new regulation will ‘rip the global digital ecosystem apart’
The GDPR applies both to data “controllers” (who determine how and why personal data is processed) and “processors” (who handle the data on the controller’s behalf). The obligations on controllers are broadly similar to those imposed by current data-protection law. But if you’re a processor, then the regulation imposes specific legal obligations on you to maintain records of personal data and processing activities and you will have significantly more legal liability if you are responsible for a data breach. And any breach, no matter how small, has to be reported to the authorities within 72 hours.

More significantly, the GDPR extends the concept of “personal data” to bring it into line with the online world. The regulation stipulates, for example, that an online identifier, such as a device’s IP address, can now be personal data. So next year, a wide range of identifiers that had hitherto lain outside the law will be regarded as personal data, reflecting changes in technology and the way organisations collect information about people.

The regulation gives important new rights to citizens over the use of their personal information. They have the right, for example, to contest and fight decisions that have been made about them by algorithms processing their data. Valid consent has to be explicitly obtained for any data collected and for the uses to which it will be put. Consent for children’s data must be given by parents or guardians and data controllers must be able to prove that consent has been obtained.

Citizens will now have the right to request the deletion of personal information related to them – and companies will have to be able to prove that the offending data has been properly wiped (which may be more difficult than it sounds). And so on.

For many traditional companies – the ones that keep HR records, customer lists, contact details etc – the GDPR will probably make little practical difference, except for more onerous compliance requirements. But for organisations that have hitherto operated outside the reach of data-protection law, for example the hidden multitudes of data-hucksters, trackers, data-auctioneers and ad-targeters that operate behind the facade of websites, social media and Google, the GDPR represents an existential threat.

Facebook and Google should be OK, because they claim to have the “consent” of their users. But the data-broking crowd do not have that consent. As Advertising Age puts it: “Targeting and tracking companies will need to get user consent somehow. Everything that invisibly follows a user across the internet will, from May 2018, have to pop up and make itself known in order to seek express permission from individuals.” The new regulation will, it concludes, “rip the global digital ecosystem apart”.

Not before time, IMHO. In the meantime, three cheers for the EU. And – since you ask – the UK government has decided that the GDPR will apply here even after Brexit.

Tags: , , ,

2f211d498f833

Google’s new program to track shoppers sparks a federal privacy complaint

August 2, 2017

A prominent privacy rights watchdog is asking the Federal Trade Commission to investigate a new Google advertising program that ties consumers’ online behavior to their purchases in brick-and-mortar stores.

The legal complaint from the Electronic Privacy Information Center, to be filed with the FTC on Monday, alleges that Google is newly gaining access to a trove of highly sensitive information — the credit and debit card purchase records of the majority of U.S. consumers — without revealing how they got the information or giving consumers meaningful ways to opt out. Moreover, the group claims that the search giant is relying on a secretive technical method to protect the data — a method that should be audited by outsiders and is likely vulnerable to hacks or other data breaches.

“Google is seeking to extend its dominance from the online world to the real, offline world, and the FTC really needs to look at that,” said Marc Rotenberg, the organization’s executive director.
Google called its advertising approach “common” and said it had “invested in building a new, custom encryption technology that ensures users’ data remains private, secure and anonymous.”
The Washington Post detailed Google’s program, Store Sales Measurement, in May. Executives have hailed it as a “revolutionary” breakthrough in advertisers’ abilities to track consumer behavior. The company said that, for the first time, it would be able to prove, with a high degree of confidence, that clicks on online ads led to purchases at the cash register of physical stores.

To do this, Google said it had obtained access to the credit and debit card records of 70 percent of U.S. consumers. It had then developed a mathematical formula that would anonymize and encrypt the transaction data, and then automatically match the transactions to the millions of U.S. users of Google and Google-owned services such as Gmail, search, YouTube and maps. This approach prevents Google from accessing the credit or debit card data for individuals.

But the company did not disclose the mathematical formula it uses to protect consumers’ data. In a statement, Google said it had taken pains to build custom encryption technology that ensures the data the company receives remains private and anonymous.
The privacy organization is asking the government not to take Google’s word for it and to review the algorithm itself. In its complaint, the organization said the mathematical technique that Store Sales Measurement is based on, CryptDB, has known security
flaws. Researchers hacked into a CryptDB-protected health-care database in 2015, accessing more than 50 percent of the stored records.

Google also would not disclose which companies were providing it with the transaction records. When asked if users had consented to having their credit and debit transactions shared, Google would not specifically say. The company replied it requires that its unnamed partners have “the rights necessary” to use this data.

In its complaint, reviewed by The Washington Post, the privacy group alleges that if consumers don’t know how Google gets its purchase data, then they cannot make an informed decision about which cards not to use or where not to shop if they don’t want their purchases tracked. The organization points out that purchases can reveal medical conditions, religious beliefs and other intimate information.

Google also told The Post that it does not have access to the names or other personal information of the credit and debit card users, and that it does not share any information about individual Google users with partners.

Advertisers receive aggregate information. For example, for an ad campaign for sneakers that received 10,000 clicks, the advertiser learns that 12 percent of the clickers made a purchase.

Users can opt out anytime, Google says. To do so, users of Google’s products can go to their My Activity Page, click on Activity Controls, and uncheck “Web and Web Activity,” Google says.

The privacy group says the opt-out settings and the descriptions of what users are opting out of are confusing and opaque. The group says the company continues to store server and click data even when Web and App Activity is turned off, and that to opt out of everything requires a labyrinthine process of going to a number of third-party sites. Meanwhile, opting out of location-tracking requires going to a separate button and interface. None of the opt out descriptions specifically describes credit card data.
n 2011 and 2012, Google paid multi-million-dollar fines to settle FTC charges on privacy issues. In 2011, in response to a case brought by the Electronic Privacy Information Center, Google settled FTC charges that it used deceptive tactics and violated its own privacy promises when it launched its social network, Google Buzz. In the 2012 case, for $22.5 million, Google was charged with misrepresenting its privacy promises to users of Apple’s Safari browser, who were under the impression that they could opt out of ad tracking.

Tags: , , ,

_intro_imageUrl

Analysis | Why SC’s 9-Bench Hearing on Right to Privacy is Far-reaching

July 19, 2017

In August 2015, a three-judge bench had underlined the contradictory views of the Supreme Court on whether right to privacy is a fundamental right. The issue has cropped up against after petitioners against Aadhaar claimed collection of biometric information was a breach of “fundamental” right to privacy.
New Delhi: On July 22, 2015, the central government raised for the first time its contentions on status of the right to privacy under the Indian Constitution.

The then Attorney General, Mukul Rohatgi, created a flutter by stating that a nine-judge bench should reconsider all decisions of the Supreme Court in last six decades on this issue.

Almost two years later, the apex court on Tuesday accepted that a nine-judge bench should be constituted to scrutinise “correctness” of its judgments on the subject.

A five-judge bench, presided over by Chief Justice of India JS Khehar, said that it was opportune that a larger bench examine whether right to privacy is a fundamental right or not.

The Constitution doesn’t specify the right to privacy as a right but it is through judicial interpretations that several rights are read into the constitutional scheme. Right to privacy is sought to be read as a facet of fundamental rights relating to life and liberty (Article 21) or the right to free speech, movement and peaceful association (Article 19).

What necessitates setting up the nine-judge bench is a six decade old ruling by an eight-judge bench of the top court.

In ML Sharma case, the eight-judge bench ruled in 1954 that the right to privacy cannot be a fundamental right. That judgment held that when the Constitution-makers chose not to prescribe for constitutional limitations by recognising the fundamental right to privacy, “there is no justification for importing into it, a totally different fundamental right by some process of strained construction”.

Another SC judgment by a six-judge bench in 1963 held that “the right of privacy is not a guaranteed right under our Constitution”.

But the apex court sought to reverse this position in 1970s and carried on with the new proposition. In Maneka Gandhi’s case and in subsequent decisions, the SC emphasised that the right to privacy can be construed as a fundamental right subject to certain restrictions and circumstances.

But notably, all these judgments were by the smaller benches and therefore, legally, what the eight-judge and six-judge benches said about the right to privacy, per se, stood the good law.

In August 2015, a three-judge bench, while adjudicating a clutch of petitions relating to validity of Aadhaar scheme, underlined the dichotomy and said the contradictory views of the top court in these judgments required to be reconciled.

The issue cropped up after petitioners against Aadhaar claimed that collection and sharing of biometric information was a breach of their “fundamental” right to privacy. They argued that the Constitution has to be read as a dynamic document, requiring interpretations to suit modern times.

On Tuesday, Attorney General KK Venugopal told the five-judge bench that if the court wished to appreciate the petitioners’ arguments on right to privacy, it should either accept the eight-judge bench decision that it is not a fundamental right or to reopen the entire debate by having this issue examined by a nine-judge bench.

The court agreed with the second proposition, observing it was “essential” to examine if what the eight-judge bench held was “constitutionally correct”.

The CJI also clarified that the larger bench will lay down the law on right to privacy — not just for Aadhaar but as a constitutional principle in all cases for decades to come.

Once this issue is settled, the matter will come back to the five-judge bench to decide whether Aadhaar violates the right to privacy — whose contours will be authoritatively defined by that time

Tags: ,

_92023784_thinkstockphotos-482112104

CRA’s largest privacy breach happened in Western Canada

July 7, 2017

In what is officially the largest privacy breach in the Canada Revenue Agency’s history, an employee in Western Canada improperly accessed more than 1,200 records at a Prairie region tax office.

The CRA fired the employee involved in the breach, but it will not disclose which of the Prairie region offices it occurred at due to “confidentiality considerations,” said spokesperson Marie Tichborne via an emailed statement.

The Prairie region consists of offices in Saskatoon, Regina, Brandon, Winnipeg and locations in Alberta.

A security and internal affairs investigation into the incident was launched in March 2016, according to documents provided to The StarPhoenix following an Access to Information request. The documents did not reveal information about the employee who was responsible for the breach or the date the incident occurred.

The investigation found that a CRA employee looked at the accounts of 38 people in detail, as well as his or her own account. The employee also glanced at 1,264 accounts after using the search function, entering various surnames and postal codes.

The employee didn’t make changes to any of the accounts, but they were able to see the names, contact information, social insurance numbers, income and deductions and employment information for the taxpayers.

The investigation also found that the “risk of injury” to the 1,264 accounts were low because the information was on-screen for an estimated two seconds each and the employee didn’t access any of them directly.

Tichborne wrote that the CRA doesn’t track the statistics when it comes to the province of residence of the affected taxpayers.

Only the 38 taxpayers whose information was directly accessed were notified of the breach.

“However, it’s important to note that with respect to the 1,264 accounts improperly accessed by a single CRA employee, these accounts were viewed for approximately two seconds per account. Therefore, out of the 1,264 taxpayers, none were notified of the breach,” she said in the written statement.

The CRA issued a statement, saying it takes the protection of Canadians’ tax information “very seriously.” It went on to say in the statement that CRA employees are required to review the agency’s Code of Integrity and Professional Conduct and confirm they have read it, on an annual basis.

The agency employs more than 40,000 people nationwide.

This past March, the agency said it implemented a new technology that monitors its employees’ access to taxpayer information and “will flag accesses that appear inconsistent with the employees’ assigned workloads or duties.” The project cost $10.2 million.

Tags: , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
ph
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more
privacy-coins-and-bitcoin-dominance-guide
9 Important Privacy Settings for Windows 10
June 3, 2019

Matt Powell On Jun 3, 2019 At first glance, the Digital Age may seem like a wonderful thing. And ...

Read more