Group items tagged

Google has released a more detailed privacy policy for its Google Books product, a move demanded in recent weeks by several critics of its settlement with publishers and authors. The company announced the new policy in a blog post late Thursday afternoon, saying it developed the policy following conversations with the U.S. Federal Trade Commission. Google had previously said it was unable to release a detailed policy because the Google Books product was incomplete due to the fact that the settlement allowing its Book Search project to display certain types of books has yet to be formally approved. However, criticism of Google's lack of detailed information on the subject appears to have forced its hand. "To provide all users with a clear understanding of our practices, and in response to helpful comments about needing to be clearer about the Books product from the FTC and others, we wanted to highlight key provisions of the main Google Privacy Policy in the context of the Google Books service, as well as to describe privacy practices specific to the Google Books service," wrote Jane Horvath, general privacy counsel for Google, in a blog post.

Yesterday, CBC radio's morning show, the current, featured Lessons From The Identity Trail co-author, Ian Kerr, who discussed the book and a number of contemporary challenges that privacy faces in light of emerging technologies with guest host, Nancy Wilson. Below is the the text of Nancy Wilson's introduction and a link to the podcast of the full length interview in segment #3 of the show. To some people the Internet is the world's biggest commons ... a global public square. For others, it's a realm of shadowy, anonymous figures hiding behind online aliases. But anonymity is becoming less and less a feature of life online. We aired a clip with one perspective on that trend, posted last May on the website, Mobuzz.tv. Taking responsibility for your actions on line may be just one way you relinquish privacy. Every day, millions of Canadians hop on the Internet to check their e-mail, chat with their friends on social networking sites, book a vacation or buy a gift. And each time they click on a purchase or post a picture, they give up a little bit of their privacy. With this explosion of information technology - there are those who warn that our anonymity and our right to privacy is in jeopardy. That's the premise of a new book called On The Identity Trail: Anonymity, Privacy and Identity in a Networked Society. Academics, governments and private corporations around the world contributed to the book, which examines how technology is changing the nature of our private lives, and what it means to be "anonymous."

When the OCEG released Red Book version 1.0 back in 2005--it seems like a long time ago--the whole idea of GRC applications was still new. There was definitely a need for a COSO-like guide to internal GRC implementations. The focus back then was compliance and that is where the Red Book offered the most value. Four years later, the landscape has morphed a bit, and no one should be surprised that version 2.0 is concerned with the R and G as much as the C. The heart of the new version--a public exposure draft has been released--is something called the GRC Capability Model, which the OCEG markets as a "comprehensive guide for anyone implementing and managing a GRC system or some aspect of that system (e.g., compliance, training, hotline, investigations)." Eventually, OCEG members will be able to access the resource online to "create custom reports drawing from the Model and additional OCEG resources."

There are many websites that sell or provide for free, personal information about individuals. This information is gathered from many sources including white pages listings (directory assistance), publicly-available sources and public records. * Data vendors that offer an opt out policy * Data vendors that do not offer an opt out policy Directory Listings: To prevent the cross-referencing of your address with your phone number, you can choose to not have your information available in the phone book or through directory assistance. If your number is "unlisted," your name, address and phone number will not be printed in the phone book, but the information is available through both directory assistance and reverse directory assistance. If your number is "unpublished," your information will not be printed in the phone book and is not available through directory assistance or reverse directory assistance. Or you can list your name and phone number, but not your address. Telephone companies usually charge a monthly fee to be unlisted or unpublished. Public Records: Please note that public records are often that--public. Web sites that provided personal information gathered from various sources are not required to offer a way to have that information removed or suppressed, though many will as a courtesy. The table below notes many of the more common online providers of public and non-public information that do offer an opt out mechanism. The opt out notes below usually only apply to non-public information. Not all web sites that sell personal information allow individuals to have their information removed or suppressed. Check the privacy policy of the site to see if they offer an opt-out mechanism. If one is provided, ask the online data broker for clarification on whether opting out also applies to public records information they may maintain. Some online data vendors will request information from you (such as your Social Security number or date of birth) to proce

During the past decade, rapid developments in information and communications technology have transformed key social, commercial, and political realities. Within that same time period, working at something less than Internet speed, much of the academic and policy debate arising from these new and emerging technologies has been fragmented. There have been few examples of interdisciplinary dialogue about the importance and impact of anonymity and privacy in a networked society. Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society fills that gap, and examines key questions about anonymity, privacy, and identity in an environment that increasingly automates the collection of personal information and relies upon surveillance to promote private and public sector goals. This book has been informed by the results of a multi-million dollar research project that has brought together a distinguished array of philosophers, ethicists, feminists, cognitive scientists, lawyers, cryptographers, engineers, policy analysts, government policy makers, and privacy experts. Working collaboratively over a four-year period and participating in an iterative process designed to maximize the potential for interdisciplinary discussion and feedback through a series of workshops and peer review, the authors have integrated crucial public policy themes with the most recent research outcomes. The book is available for download under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Canada License by chapter below. Hard copies are available for purchase at Amazon & at Oxford University Press.

Consumer Watchdog has sent the U.S. Justice Department a Google document presenting the best corporate arguments for why Google should not be viewed as monopolistic, along with a duplicate of the presentation marked up with comments from an expert countering the claims. The nonprofit consumer group received both documents from an anonymous industry insider. In the presentation, Google seeks to deflate increasing criticism that it is too big and powerful by spin meant to minimize the notion its search and advertising businesses are virtual monopolies. Commentary surrounding the presentation in the second document delivered to Consumer Watchdog presents information countering Google's contentions in what is described as a "Charm Offensive." "As the Justice Department examines the Google book deal and other Google enterprises it deserves to see the play book Google has prepared to deflect scrutiny and insider commentary on how many Google myths lack a basis in reality," said Consumer Watchdog President Jamie Court. "Google's charm and spin should not be allowed to deter anti-trust regulators from seeing the real problems with Google's dominance and setting appropriate limits to protect users."

It's been repeatedly said that one of the biggest issues our culture is facing right now, and will continue to face in the years to come, is defining and coming to terms with the legality behind privacy issues. As our lives become increasingly wired, connected and monitored privacy becomes an increasingly pressing concern, especially since technology changes much faster than laws can keep up with. While privacy issues are important for adults to be aware of right now, from access to medical records to who can see into our houses, it's probably even more important for the next generation to know what the issues are and how it does and will affect them in the future. Prying Eyes: Privacy in the Twenty-First Century by Betsy Kuhn is a book written for teens and older kids about privacy issues today in America. It looks at new and developing technologies from cameras to RFID chips, the significant laws and court cases throughout our history that have dealt with privacy issues, and how it affects each of us. Kuhn does an excellent job of keeping her subject relevant, but not too focused. Kuhn manages to show how all of these issues matter and affect us without being scary. She never turns technology, corporations or even the government into something frightening. When this is a topic that could easily have been made scary, it's nice that Kuhn managed to walk that line and make this serious without being something to obsess over.

Visit the Amazon.com site to buy a book online and your welcome page will include recommendations for other books you might enjoy, including the latest from your favorite authors, all based on your history of purchases. Most customers appreciate these suggestions, much the way they would recommendations by a local librarian. But, what if you visited an investment site, only to find advertising messages suggesting therapies for your recently diagnosed heart condition? Chances are that you would experience what Fran Maier calls the "creepiness" factor, a sense that someone has been snooping into a part of your life that should remain private. Maier is the Executive Director of TrustE, a nonprofit that sets guidelines for online privacy and awards a seal of approval to companies meeting those guidelines. She was a speaker at the recent Supernova conference, an annual technology event in San Francisco organized by Wharton legal studies and business ethics professor Kevin Werbach in collaboration with Wharton. Creepiness Factor The creepiness factor is a risk inherent in so-called behavioral targeting. This practice is based on marketers anonymously observing a user's behavior on the Internet and compiling a personal profile based on interests and behavior -- sites visited, searches conducted, articles read, even emails written and received. Based on their profiles, users receive advertising targeted specifically to them, regardless of where they travel on the web. Consumer advocates worry that online data collection and tracking is going too far. Marketing executives counter that consumers benefit from seeing advertising relevant to their interests and contend that relinquishing some personal data is a reasonable trade-off for free access to Internet content, much of it supported by advertising.

Amazon.com: A New Host-Based Hybrid IDS Architecture - A Mind Of Its Own: The Know-how Of Host-Based Hybrid Intrusion Detection System Architecture Using Machine Learning Algorithms With Feature Selection (9783639172881): Murat Topallar: Books

The following is an excerpt from the book The Truth About Identity Theft. In this section of Chapter 11: Social Engineering (.pdf), author Jim Stickley explains how easy it really is to hack a password. People often ask me how hard it is to hack a password. In reality, it is rare that I ever need to hack someone's password. Though there are numerous ways to gain passwords on a network and hundreds, if not thousands, of tools available to crack encrypted passwords, in the end I have found that it is far easier to simply ask for them. A perfect example of this type of attack was a medium-sized bank that I was testing recently. The bank's concern was related to the new virtual private network (VPN) capabilities it had rolled out to a number of its staff. The VPN allowed staff to connect directly to their secured network while at home or on the road. There is no doubt that a VPN can increase productivity, but there are some pretty major risks that can come with that convenience. The bank explained that the VPN was tied into its Active Directory server. For people who are not technical, basically this just means that when employees log in via the VPN, they use the same credentials they use to log on to their computer at the office. So I went back to my office, sat down, and picked up the phone. The first call I made was to find out the name of an employee in the IT department. I called the company's main line to the bank, pressed 0, and asked to speak with someone in the IT department. I was asked what I was calling about, so I told the employee I was receiving emails from that bank that seemed malicious. I could have used a number of excuses, but I have found that if you tie in an unhappy customer with a potential security issue, your call gets further up the food chain. In this case, I reached a man who I will call Bill Smith. I made up a story about the email, and after a few minutes, he was able to explain to me that I had called the wrong bank and it was actuall

TSA terrorist watchlist changes affect travel industry, document coordination requirements, security & privacy concerns. Over-strengthening one set of regulations and ignoring others simply means that the terrorists will move to safer (for them) modes of attack.

The Transportation Security Administration is getting ready to take over responsibility from the airlines for checking passengers' names against terrorist watch lists, and is advising travelers to start booking airline tickets using their full name as it appears on their driver's license or passport.

"There's a known weakness in browsers which we wrote about in the book. Every time we talked with someone about it, they'd ask us why we didn't start a company that took advantage of the loophole, and the answer was, well, it's creepy. The loophole basically lets you see where else your visitors have been on the Internet. Well, it's now out in the open, in two forms: Beencounter, and Haveyourfriendsbeenthere. To be perfectly clear, the site won't show you everything your visitors surf-just whether or not they've been to a set of sites you define. Here's how it works:"

"It's one of the newest and most popular stops on the Washington, D.C. tour, and its artifacts of history leave clues for how information security professionals should approach their future. The International Spy Museum has just celebrated its 7th year and its 5 millionth visitor, says Executive Director Peter Earnest, a former CIA officer who's run the museum since its inception. In an exclusive interview, Earnest discusses: the museum's goals and growth plans; who visits the museum and what they get from the experience; lessons to be learned by today's information security professionals. Earnest is a 35-year veteran of the Central Intelligence Agency (CIA). He served 25 years as a case officer in its Clandestine Service, primarily in Europe and the Middle East. He ran intelligence collection and covert action operations against a range of targets including Soviet Bloc representatives and Communist front organizations. As Museum director, he has played a leading role in its extraordinary success as a Washington attraction. He edits the Museum's book ventures and has frequently been interviewed by the major media in radio, TV, and the press on current intelligence issues."

eBook: Compliance 2.0: Comprehensive, Scalable and Sustainable Systems http://go.techtarget.com/r/6705298/226727/1 Enterprises are moving towards a top-down approach to compliance that starts with risk assessment and prioritization, experts agree. In this expert e-book gain insight from senior IT and security officers who are taking a holistic approach to compliance for long-term sustainability and cost reduction. Learn which quantitative tools you can use to prioritize your efforts, maximize your investments and get key business executives to support your next project. Learn how to: ** Bring your data into governance ** Understand and manage your risk exposure ** Get the right people on board to support your strategy and policies Start building your true compliance infrastructure: http://go.techtarget.com/r/6705299/226727/2

Laws in Canada and other countries are increasingly helping technology force people to identify themselves where they never had to before, threatening privacy that allows people to function effectively in society, a new study has found. "What we're starting to see is a move toward making people more and more identifiable," University of Ottawa law professor Ian Kerr said Wednesday. His comments followed the launch of Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society, a book summing up the study's findings, at a public reading in downtown Ottawa hosted jointly with the Privacy Commissioner of Canada. Kerr led the study with University of Ottawa criminology professor Valerie Steeves. They collaborated with 35 other researchers in Canada, the U.S., the U.K., the Netherlands and Italy. The researchers reported that governments are choosing laws that require people to identify themselves and are lowering judicial thresholds defining when identity information must be disclosed to law enforcement officials. That is allowing the wider use of new technologies capable of making people identifiable, including smartcards, security cameras, GPS, tracking cookies and DNA sequencing. Consequently, governments and corporations are able to do things like: * Embrace technologies such as radio frequency identification tags that can be used to track people and merchandise to analyze behaviour. * Boost video surveillance in public places. * Pressure companies such as internet service providers to collect and maintain records of identification information about their customers. While Canada, the U.K., the Netherlands and Italy all have national laws protecting privacy - that is, laws that allow citizens to control access to their personal data - such legal protection does not exist for anonymity, Kerr said. "Canada is quite similar [to other countries] with respect to anonymity. Namely, it's shrinking here just as it is there.

Bruce Schneier is the chief security technology officer at BT and a celebrated writer and speaker on privacy, cryptography and security issues. Welcome to the future, where everything about you is saved. A future where your actions are recorded, your movements are tracked, and your conversations are no longer ephemeral. A future brought to you not by some 1984-like dystopia, but by the natural tendencies of computers to produce data. Data is the pollution of the information age. It's a natural byproduct of every computer-mediated interaction. It stays around forever, unless it's disposed of. It is valuable when reused, but it must be done carefully. Otherwise, its after effects are toxic. And just as 100 years ago people ignored pollution in our rush to build the Industrial Age, today we're ignoring data in our rush to build the Information Age. Increasingly, you leave a trail of digital footprints throughout your day. Once you walked into a bookstore and bought a book with cash. Now you visit Amazon, and all of your browsing and purchases are recorded. You used to buy a train ticket with coins; now your electronic fare card is tied to your bank account. Your store affinity cards give you discounts; merchants use the data on them to reveal detailed purchasing patterns.

Stunned applicants filling out immigration forms are now being warned their personal information can be shared with the RCMP, national security and intelligence agents, and even foreign cops. The immigrants, many who arrive here from brutal regimes, are being told that they must sign a consent form or their requests will not be dealt with by federal immigration officials. One form, which was obtained by Sun Media, said the data can be shared with the Canada Border Services Agency, RCMP, Canadian Security Intelligence Service and foreign police. TARGET FRIENDS The information can be used to target friends or family members of those who say negative things about their homelands, said Jamal Kaker, of the Afghan Association of Ontario. "This will impact a lot of immigrants in many communities," he said yesterday. "This is scary because the information will get back to Afghanistan in no time." Toronto lawyer Guidy Mamann said it can be deadly for immigrants who give information that may be negative to their governments and are then refused by Canada. "The rights of these immigrants are being trampled," Mamann said. "All this was done under the radar without an announcement." He said foreign police -- some working for the worst regimes -- will be able to find out where their nationals who fled to Canada live and allegations they have leveled against their homelands. "All this information will now be shared," Mamann said. "The lives of immigrants and some Canadian citizens will become an open book." SIGN FORMS He said Canadian citizens are affected if they sign forms to sponsor a spouse or loved ones. "It's another nail in the coffin for civil rights in Canada," Mamann said. "Negative information against governments will now be open for sharing." Toronto lawyer Mendel Green called the changes troubling. "This is a serious breach of our privacy laws," he said. "It appears to be an excess of authority. Big Brother wants to watch our visitors." Federal immig

IT practices such as identity management, email and URL filtering, virus scanning and electronic monitoring of employees can get companies that do business globally into a heap of trouble if deployed without an understanding of global data privacy laws. The warning was one of several alarms raised in a presentation on global privacy best practices by Gartner Inc. analysts Arabella Hallawell and Carsten Casper at the recent Gartner Risk Management and Compliance Summit in Chicago. Always a thorny issue, the protection of personally identifiable information (PII) is made more complicated in a world where there is limited agreement on how best to do that. According to the Gartner analysts, the world is divided into three parts when it comes to data privacy laws: countries with strong, moderate or inadequate legislation. The European Union, under the European Union Directive on Data Protection, possesses the strongest privacy regulations, followed by Canada and Argentina; Australia, Japan and South Africa have moderate to strong, recent legislation; laws in China, India and the Philippines are the least effective or laxly enforced. The United States has the dubious distinction of occupying two categories -- the strong column, due to the 45 state breach notification laws on the books, and the weak column, because of the lack of a federal law. Even among the three categories, nuances abound. Under the European Union Directive, member countries enact their own principles into legislation, and some laws (like Italy's) are more stringent than the directive's standards. Russia's very recent law is modeled after the strong EU laws, but how it will be enforced remains questionable. And in the U.S., state breach notification laws vary, with Nevada and Massachusetts proposing the most prescriptive data privacy legislation to date.

Raises some realistic questions about the American approach to privacy law & regulation. Unfortunately, the article tends to point at the misapplication of laws more heavily than offering the reader an account of the abuses that led us to where we are now. Businesses & government, including the medical industry, freely shared details - or spied on Americans with impunity for decades. The article reminds us that work needs to continue to balance our approach. A Federal law, that sets a floor for privacy requirements, could help reduce conflicting requirements caused by almost every state writing seperate laws because there was a lack of leadership from Washington. American privacy regulations are implemented sectorally - at the industry or State level for example. This leads to many different, and conflicting laws. Privacy is a difficult subject with complex considerations touching aspects of life that have not been questioned for years. This article provides more con than balance, but it reminds us that extreme positions rarely serve anyone well.

Special interest groups and lawyers claim they are defenders of individual privacy. But all that red tape is causing more harm to consumers than good. In a world of tight budgets and sacrificed programs, one sector has continued to grow with the speed and choking effectiveness of kudzu: regulations around privacy. More than 300 privacy-related laws are on the books, in both Washington, D.C. and state capitals. Privacy-related consulting services provided by law and accounting firms are a $500-million-a-year business and have been growing at double digits.

ACTA (Anti-Counterfeiting Trade Agreement) has concerned many consumer rights organizations for some time now. Given that it could easily affect criminal laws in many countries around the world, it's not hard to see why there is demand for public disclosure and allow public debate in the matters. Still, to this day, ACTA is being negotiated behind closed doors by many countries around the world and now consumer groups want to, at least, have the negotiations disclosed to them. When it comes to the privacy and surveillance debates, which are in various stages in different countries right now, many say that for national security concerns, further surveillance measures should be taken in the law books. Many policy makers want to know every detail of day-to-day communications of millions of people including who you talk to, when, how, where, and, with a warrant, what the contents of those messages are. Unsurprisingly, consumer rights groups have a problem with that. Meanwhile, when it comes to the highly secretive negotiations happening with ACTA, many consumer rights organizations want a clear indication on how the new international standard is forming and the contents of the legislation and to have such things disclosed to the public. Ironically, policy makers seem to have a problem with that.