Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘security’


Snapchat moves to allay privacy concerns over new Snap Map feature

June 26, 2017

Snapchat wants to allay privacy concerns over its new Snap Map feature.

Launched last week, Snap Map lets users share their location with friends on a map. “It’s easy to get started – just pinch to zoom out and view the Map!” it explained, in a blog post.

Snap Map, however, has sparked concerns over users’ privacy, particularly when children are using the feature. Snapchat says users can control who, if anyone, sees them on Snap Map. “The safety of our community is very important to us and we want to make sure that all Snapchatters, parents and educators have accurate information about how the Snap Map works,” explained a Snapchat spokeswoman, in a statement emailed to Fox News.

The spokeswoman explained that with Snap Map, location-sharing is off by default for all users and is completely optional. “Snapchatters can choose exactly who they want to share their location with, if at all, and can change that setting at any time,” she added. “It’s also not possible to share your location with someone who isn’t already your friend on Snapchat, and the majority of interactions on Snapchat take place between close friends.”

Users can interact with Snap Map in three ways. The first, “Ghost Mode,” lets users enter into the map and look for content, without being visible on the map themselves. The second option, “Select Friends,” lets users choose their friends who they want to see their location. The third, “My Friends,” gives users the option of letting all their friends see their location.
Snapchat says that if users choose to share their location on the Map, the location is only updated when the Snapchat app is open — not in the background.

Nonetheless, fears about users’ privacy have prompted warnings about Snap Map. Rosenberg Police Department in Texas, for example, urged parents of children using Snap Map to pay close attention to the feature’s settings. “In order to prevent your child’s location from being shared, they should put the setting into “Ghost Mode”. To view the map and switch the mode, pinch the screen while you’re on the Snapchat camera. From there you can change the settings.In order to prevent your child’s location from being shared, they should put the setting in ‘Ghost Mode’,” it said, in a Facebook post. “To view the map and switch the mode, pinch the screen while you’re on the Snapchat camera. From there you can change the settings.”

Tags: , ,


Is Congress encroaching on Americans’ Internet privacy?

April 10, 2017

At a time when American politics is perhaps more divided than ever, one issue has emerged that the vast majority of people, regardless of their political affiliation, can agree on: Internet privacy.

On March 23, Republicans in the U.S. Senate voted along party lines — 50 to 48 — to eliminate proposed broadband privacy rules that would have required ISPs to receive explicit consent from consumers before selling or sharing their web browsing data, and other private information, with advertisers and other companies.

The Senate also used its power under the Congressional Review Act to ensure that the FCC rulemaking “shall have no force or effect” and to prevent the FCC from issuing similar regulations in the future.

The public reaction has not been positive. According to a recent YouGov survey, 80 percent of Democrats favored a veto by President Trump, but so did 69 percent of independents and 75 percent of Republicans.

The eliminated FCC broadband privacy rules, which had not yet taken effect, were set to require providers to get opt-in consent from customers before selling or sharing metadata and personal information such as geo-location, browsing activity, IP addresses and more. Opt-out requirements would have been required for less sensitive information such as email addresses.

The timing of such a change comes at a critical point in history where innovators and technologists are pushing the boundaries of what is possible using digital identity, profiles based on someone or something’s online presence and activity. Digital identity attributes, such as a Facebook profiles, are increasingly being used at border crossings, for fraud prevention, and customer onboarding at financial institutions. Combined with traditional identity attributes, such as a driver’s license, the number of digital identity use cases is increasing daily, along with it, the value of metadata and personal information.

The metadata capturing your personal information can come from any connected device. Desktop computers, laptop, mobile devices, cloud video recorders, home assistants, etc. are connected devices and collect metadata.

“Your home broadband provider can know when you wake up each day, either by knowing the time each morning that you log on to the Internet to check the weather (or) news of the morning, or through a connected device in your home,” Sen. Bill Nelson (D-Fla.) said during the Senate floor debate.

“This is a gold mine of data — the holy grail, so to speak,” Nelson said. “It’s no wonder that broadband providers want to be able to sell this information to the highest bidder, without consumers’ knowledge or consent. And they want to collect and use this information without providing transparency or being held accountable.”

Americans must now put blind faith in ISPs, such as Comcast and Verizon, to deny their shareholders and forego surefire profits in exchange for maintaining their customer’s personal privacy.

Few consumers have any choice of Internet provider. Thus, their only choice may be between “giving up their browsing history for an Internet provider to sell to the highest bidder, or having no Internet at all,” said Sen. Ron Wyden (D-Ore.). According to the FCC’s latest Internet Access Services report, which contains data through June 30, 2015, 78 percent of Americans have only one or no provider at the FCC’s standard 25Mbps download/3Mbps upload broadband standards.

Proponents of the bill argue that checks and balances between state and federal authorities will curb the fears dominating many Americans regarding this matter. One such example is surrounding federal and state wiretapping laws, such as the Wiretap Act, which currently limits only the interception of the contents of communications, as opposed to metadata, which includes geo-location and personally identifiable information.

Proponents also recommend the use of a Virtual Private Network (VPN) to enhance one’s privacy. At the average cost of $4 to $10 per month, a VPN is an excellent option for those Americans fortunate enough to have the discretionary spending. But should we require citizens to enforce the Fourth Amendment right of privacy for themselves?

Travis Jarae is the founder and CEO of One World Identity, an online platform that publishes events, publications, research and analysis, member services, and consumer news. Follow him on Twitter @TravisJarae.

Tags: , , ,


Aadhaar Act needs a relook from the security and privacy aspect, to avoid mistakes made with the IT Act

March 28, 2017

By Pavan Duggal

Indian authorities and agencies have been collecting information much before Aadhaar came into the picture. But most of the time, the information has been located in silos. For instance, the passport agency will only have your data for passport-related purposes, the local RTO will have your driving license information for their own need and so on. For the first time, we are coming across Aadhaar which is providing an interconnected ecosystem. That, from a consumer standpoint, is going to present a huge amount of data privacy issues.

Aadhaar is an executive order which only got legalised last year in the form of an Aadhaar Act. Also the Aadhaar Act does not do adequate justice to the issue of privacy. There are no distinctive provisions and safeguards that the consumer expects. It is weak when it comes to data privacy and personal privacy. Further, issues pertaining to cybersecurity have not been clearly addressed in the Aadhaar Act. So the perception that Aadhaar is safe is not completely true.

Where does the buck stop with the Aadhaar database

Take the fact that Aadhaar databases are getting increasingly compromised. You cannot bisect Aadhaar between the central registry and the ecosystem. So in a case where you ecosystem is getting compromised, you cannot say that your central registry is safe, but the issue is with the third party agencies who store Aadhaar data locally. That argument does not fly. Far more needs to be done as far as cybersecurity is concerned, than what is currently available.

Unfortunately, a lot of people are defending Aadhaar for the sake of defending it. For instance, last month UIDAI lodged complaints against Axis Bank Ltd, business correspondent Suvidhaa Inforserve and e-sign provider eMudhra, stating that they had allegedly attempted unauthorised authentication and impersonation by means of illegally storing Aadhaar biometrics. Similarly, last week there was a report which talked about how Aadhaar numbers were searchable on Google. So the Aadhaar numbers are floating in the open, which does not augur very well when it comes to increasing the confidence of the populace. If you have the Aadhaar number easily available with a Google search, the chances of potentially misusing it do exist.

The fears pertaining to misuse of Aadhaar data are real, because the concerns have not been adequately addressed. Another factor to consider is that since the Aadhaar Act was passed, there have been massive developments that have taken place in the field of cybersecurity. And we constantly need to relook at Aadhaar from the perspective of evolving the cybersecurity paradigm.

More significantly, Aadhaar constitutes a critical information infrastructure of our country. Aadhaar is linked to many services. So all it needs for criminals or non-state actors is to destabilise Aadhaar data and everything associated with it comes crumbling down.
Aadhaar is part of your life now, whether you like it or not

We have to accept the fact that Aadhaar is now a part of our life, so there is no point avoiding it. There are over 110 crore verified Aadhaar accounts. But at the same time, the information contained with Aadhaar isn’t regular information, but biometric information. The other thing to take into consideration is that a lot of these third-party service providers are now retaining a lot of your personal data, biometric data on their own systems, under the garb of Aadhaar authentication. Couple of these third party service providers are exploiting some loopholes in the Aadhaar Act 2016, and storing biometric information on their private systems. Once that happens, it will be a huge blow to the credibility of Aadhaar. This will also start eroding people’s confidence.

Aadhaar Act does not touch concretely on issues pertaining to data privacy, personal privacy. Consequently India does not even have a law on privacy. Under the current circumstances, if your Aadhaar information is misused, the law is very clear – you are the person who is responsible if you don’t report the issue. Now say if you are not aware that your Aadhaar data is being misused or wake up only after it is too late – according to the law, you are still liable as you have not reported the issue.

Interfacing with the IT Act

There is definite need to strengthen the Aadhar ecosystem. The concept of Aadhaar is very good, and good work is being done with benefits transfer for instance, no doubt about that. But at the same time, there is no clarity about how Aadhaar complies with the IT Act, because at the end of the day Aadhaar via the UIDAI has become an intermediary.

Everybody is harping on the central repository. But the repository is not Aadhaar, but just a core kernel of the Aadhaar ecosystem. The entire ecosystem needs to be more safe and secure and there isn’t any effective protection as such. So if your Aadhaar is compromised today, you don’t have effective remedies as a consumer. The offences under Aadhaar can only be registered after UIDAI reports. So people have been rendered remedy-less.

For instance, if you are one of those thousand people whose Aadhaar number is visible on Google, what option do you have? There is no effective remedy. Users want concrete effective remedies, which the Aadhaar Act does not provide.

It’s time we acknowledged the shortcomings in Aadhaar and work towards creating an effective framework around Aadhaar rather than saying it is the best. We need to adopt a more proactive approach. The law never envisaged that private parties are going to create their own databases of user data, under the garb of Aadhaar verification. So there are huge problems we need to acknowledge.

We need to revisit the Aadhaar Act 2016. The interplay between the IT Act and Aadhaar Act is a huge grey area. Aadhaar Act is only a subset of the IT Act, which is the mother legislation. There are many kinds of cybercrimes that have emerged post demonetisation, that need to be taken into account in the Aadhaar Act. The linking of Aadhaar with various government schemes without having done the legal homework could land India into a huge e-governance disaster. We should work on strengthening the ecosystem.

Need to avoid a repeat of the mistakes with IT Act

The current state of affairs shows a conflict between the executive and judiciary, which could go into a confrontational approach, which should be avoided. The Supreme Court had reiterated the order that Aadhaar should not be made mandatory after the notification of the Aadhaar Act.

Making it mandatory can effectively deprive people of their fundamental rights and could ultimately be unconstitutional. When you make Aadhaar mandatory, you are making a distinction between those who have it and those who don’t. This amounts to violation of rights to equality.

We should learn from the mistakes we did with the formulating and later amending the IT Act. It was first launched in 2000, and for years the government said that it was adequate. But eventually, we had to make a lot of amendments to it.

Tags: , , ,

SAN FRANCISCO - OCTOBER 24:  Dustin Moskovitz, co-founder of Facebook, delivers his keynote address at the CTIA WIRELESS I.T. & Entertainment 2007 conference October 24, 2007 in San Francisco, California. The confernence is showcasing the lastest in mobile technology and will run through October 25.  (Photo by Kimberly White/Getty Images)

Facebook tightens privacy, bans developers from harnessing data for surveillance

March 15, 2017

Facebook, saying it is “committed to building a community where people can feel safe making their voices heard,” updated its privacy policies on Monday to state unambiguously that developers are forbidden from using its data to create surveillance tools.

“Today we are adding language to our Facebook and Instagram platform policies to more clearly explain that developers cannot ‘use data obtained from us to provide tools that are used for surveillance,’ ” Rob Sherman, Facebook’s deputy chief privacy officer, posted on the company’s privacy page.
The policy clarification followed an ACLU report last October that Facebook, Twitter and Instagram “provided user data access to Geofeedia, a developer of a social media monitoring product that we have seen marketed to law enforcement as a tool to monitor activists and protesters.”

The Geofeedia tool, which monitors the locations and other personal information of social media users, was made available to 500 law enforcement and safety agencies, the ACLU said.
“Using Geofeedia’s analytics and search capabilities and following the recommendations in their marketing materials, law enforcement in places like Oakland, Denver, and Seattle could easily target neighborhoods where people of color live, monitor hashtags used by activists and allies, or target activist groups as ‘overt threats,’” the ACLU wrote. “We know for a fact that in Oakland and Baltimore, law enforcement has used Geofeedia to monitor protests.”

After the ACLU report, all three companies terminated Geofeedia’s data access, according to The Verge. Twitter updated its privacy policy in November, posting that “Using Twitter’s Public APIs or data products to track or profile protesters and activists is absolutely unacceptable and prohibited.”
“Our goal is to make our policy explicit,” Sherman wrote. “Over the past several months we have taken enforcement action against developers who created and marketed tools meant for surveillance, in violation of our existing policies; we want to be sure everyone understands the underlying policy and how to comply.”

Tags: , ,

City Lights series. Interplay of technological fractal textures on the subject of science, technology, design and imagination

SCOTUS Pick Neil Gorsuch Will Have Important Voice on Data Privacy

February 14, 2017

Neil Gorsuch has been nominated as the new president’s choice for the Supreme Court. He still has to go through Senate confirmation hearings before officially becoming the ninth Justice on the highest court, but some are already discussing his potential impact on cybersecurity and privacy law.

Data security expert Richard Stiennon, chief strategy officer at Blancco Technology Group, said that Gorsuch’s record indicates a preference for accountability in breaches and the like.

“SCOTUS pick Neil Gorsuch is a staunch conservative and is better known for ruling on cases related to religious liberty, criminal law, reproductive/contraception and administrative law,” he told us via email. “But in the few cases that involved technology and digital rights, he hasn’t been very lenient on businesses and held them to a higher standard of accountability.”

One such example is his ruling to uphold a Colorado law requiring retailers who don’t have a physical presence in the state to notify their customers what they owe in taxes. This seems to indicate that he holds businesses to a higher standard of accountability and places the burden of proof on them to demonstrate how they collect, store and manage customer data—and ensure customers’ data privacy isn’t unnecessarily compromised.

“If you look at this ruling, it would suggest that Gorsuch puts customers’ rights first ahead of businesses,” Stiennon said. “In future cases related to violations of the EU GDPR’s ‘right to be forgotten,’ it will be interesting to see whether he brings down a heavy gavel of accountability on businesses.”

Gorsuch, if confirmed, will have a part to play in ongoing privacy and cybersecurity issues. That includes the case of Microsoft v. United States of America, which began in 2013 when a federal judge in New York ordered Microsoft to produce emails associated with a user’s account. The context of the case is that the emails were stored on servers in Dublin, and Microsoft argued that the US courts don’t have authority over servers in other countries.

“If Microsoft loses and the case is sent up to the Supreme Court, it’ll be interesting to see how Gorsuch weighs in on if, when and how government should step in and demand tech companies to prove data is managed and erased properly,” Stiennon said.

Another issue may be net neutrality. Ajit Pai, the senior Republican on the Federal Communications Commission, was recently named chair of the regulators. He’s best-known for his opposition to net neutrality regulation, support for mega-mergers and opposition to data-privacy regulation for ISPs.

Working with his fellow Republican FCC commissioner Mike O’Rielly, Pai has indicated plans to revisit internet regulation.

In March 2015, the FCC voted in a 3-2 vote along party lines to reclassify broadband as a public utility—the result of a rocky year at the US’s top regulator. In January 2014, Verizon won its challenge of the Open Internet Order in the US Court of Appeals for the District of Columbia Circuit. Verizon argued that the FCC lacked the authority to enforce net neutrality because, it claimed, Congress did not grant the agency the ability to do so. And that’s because broadband is not classified as a public utility, the way telecoms are.

After a series of legal challenges, the US Court of Appeals for the DC Circuit in June 2016 broadly upheld the FCC’s reclassification of broadband as a Title II service. Justices Tatel and Srinivasan, writing for the majority, affirmed the FCC’s broad discretion to reclassify wired broadband service as a telecommunications service, and found that none of the challenges raised to FCC authority had merit.

With Pai at the top however, there are likely to be changes in policy and new legal challenges.

“With a new head of the FCC who does not support net neutrality this may be an issue in coming years. Judge Gorsuch, being the strict Consitutionalist that he is, may rule to strike down net neutrality regulations,” Stiennon added.

Tags: , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more