Verizon issues its insecurity hall of fame…apt in light of the Sony experience

December 19, 2014

Verizon in its  The 2014 Data [In]Security Hall of Fame provides a (slightly) more light hearted look at the security issues over the last 12 months, more to the point the breaches and their consequences.  Given the catastrophic end to the year for Sony Read the rest of this entry »

Canadian Court fines Google for showing a woman’s cleavage on Streetview

November 2, 2014

In Google Loses Lawsuit For Posting Woman’s Cleavage the issue a Canadian Court dealt with was the liability of Google for taking a photograph of a woman sitting on her stoop.  The photograph showed Read the rest of this entry »

Cybersecurity and privacy issues

July 15, 2014

The current edition of the Economist has a special report on cybersecurity.  For those practising in privacy law it should be mandatory reading.  It gives a brilliant synopsis (as the Economist can do so well) of the key issues and future developments. For those just interested in cyber security it should also be mandatory reading.

In the series of articles:

Lifelock Wallet, a company whose business is to provide services to protect customers from identity theives, withdraws its app because its is not secure enough. Ouch!

May 20, 2014

Lifelock’s homepage says it all -Protecting Your Identity in an Always-Connected World Comprehensive identity theft protection from LifeLock helps safeguard your finances, credit and good name. In today’s always-connected world, that’s more important than ever.  The core of its business is data security.

In a post of 16 May Lifelock’s CEO explained that Lifelock’s mobile app is not secure.  Technically, it is not compliant with the payment card industry security standards.  The potential for a data breach was too great a threat to tolerate.  Accordingly the apps have been withdrawn and data deleted.

It is a salient example of why businesses must take as much care with developing their mobile apps as they do any other aspect of their data security architecture.  If anything the care should be greater given the additional potential threats in losing data, such as interception across unsecured wi fis.

In the Australian context a business, particularly a large operation whose core activity is data storage and protection, failing to be compliant with minimum industry standards relating to security would run the risk of breaching APP 11 at minimum.

The post provides

One thing I’ve learned in business and, for that matter, life is the importance of authenticity and transparency.

With that in mind, I want to make you aware of an issue that we identified related to our recently acquired LifeLock Wallet application. We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards. 

For that reason, we are removing the LifeLock Wallet application from the App Store, Amazon Apps, and Google Play, and when users open the LifeLock Wallet, their information will be deleted Read the rest of this entry »

Heigal sues Duane Reade for breach of privacy arising from a retweet

April 12, 2014

The Washington Post in  Can Katherine Heigl really sue Duane Reade for tweeting her photo? Yes, and here’s why reports on Heigl suing Duane Reade for violating her privacy and using her image without her permission.

It provides:

If Katherine Heigl makes a Duane Reade run and the drug store’s Twitter account proudly tweets a photo of her in the act (in a “celebrities run errands, too, and at our fine establishment!” kind of way), can she sue them for $6 million?

The answer: Yes, she can. And she did. And she has a case.

“Love a quick run? Even @KatieHeigl can’t resist shopping ‘s favorite drugstore ” the Duane Reade account tweeted on March 18 with a link to gossip site Just Jared, which ran a paparazzi photo of Heigl outside the store in New York City carrying two shopping bags.

It makes sense if you Read the rest of this entry »

Heartbleed causing significant heartburn for internet security

April 9, 2014

There has been a major alert and scare about a discovered flaw in OpenSSL cryptographic software library which is used by a large number of websites.  It is reported in Web security in doubt after discovery of ‘Heartbleed’ flaw and Newly discovered encryption flaw a ‘big deal’, say security experts.  It has also been reported in the Drum in somewhat apocalyptic terms in A civilisation built upon software isn’t safe, which provides:

Go onto the web to check your bank balance Read the rest of this entry »

Facebook page on sneak photos of women eating on the London Tube raises serious privacy concerns

April 8, 2014

The Washington Post reports, in A Facebook page of sneaky photos of women eating on the Tube creeps out London, on a strange Facebook Page which is devoted to surreptitious photographing of women eating on the London Tube and then posting them on Facebook (Women who eat on tubes). As idiotic as the concept is it is a page that has 19,000 followers.  The debate about the page revolves around mysogeny and eccentric and harmless fun or even art. One important issue is the privacy of those who have had their photos taken. In UK jurisprudence the Read the rest of this entry »

Drone allegedly makes an impact of the wrong sort

April 7, 2014

That drone technology has the potential to create problems almost as great as the significant benefits it brings to civilian use has been obvious for almost the outset.  In’River of blood’ after drone ‘hits’ Australian athlete the Age reports on a possible collision between a drone and an individual.  There are competing versions of events.  Whether someone was struck by a drone or not it matters little.  The reported incident highlights the increasing use of drones in the public space.  Drones purchased from hobby shops are inexpensive and operated by anyone who can stump up the cash. That is all it takes.  Putting a camera on a drone Read the rest of this entry »

Investigation of significant data breach at Experian

April 4, 2014

Itnews reports in Experian investigated over data breach on a serious data breach at Experian.  The scope of the breach involves access to social security numbers of up to 200 million people.  Interestingly the focus of the investigation goes to whether there has been complience with data protection laws.  While the law is not directly analogous in Australia the Privacy Commissioner now has significant powers to investigate data breaches.  What does not exist yet is mandatory data breach notification laws.  Such a law almost passed in 2013.

It provides:

US law enforcement teams are jointly investigating a serious data breach involing a subsidiary of credit reporting firm Experian that exposed the social security numbers of some 200 million people to potential criminal activity.

The focus of the Read the rest of this entry »

Kenneth Roth regarding mass surveillance

April 3, 2014

I had the pleasure of attending a public lecture hosted by the Castan Centre on Surveillance and the right to privacy in a digital age  (see here) by Kenneth Roth, the Executive Director of Human Rights Watch.  It was a very useful overview of one of the biggest public policy issues relating to privacy, mass and untargeted surveillance.

Mr Roth has been active in the media in the last week and published an opinion piece in the Fairfax press, Privacy: rationales governments use to claim mass snooping is legal, which is a very interesting overview of the developments in privacy protections since Read the rest of this entry »