Peter A Clarke

Pro publica has run a number of very important stories on internet privacy, in particular regarding on line tracking such as Why Online Tracking Is Getting Creepier, and It’s Complicated: Facebook’s History of Tracking You and Privacy Tools: How to Block Online Tracking.

Pro publica’s story Meet the Online Tracking Device That is Virtually Impossible to Block has caused something of a stir given the concerns about tracking tools.  As the article notes it has prompted at least one site to remove the program.

It provides:

Update: After this article was published, YouPorn contacted us to say it had removed AddThis technology from its website, saying that the website was “completely unaware that AddThis contained a tracking software that had the potential to jeopardize the privacy of our users.” A spokeswoman for the German digital marketer Ligatus also said that is no longer running its test of canvas fingerprinting, and that it has no plans to use it in the future.

…….

A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com.

First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it. Read the rest of this entry »

The ABC program Future Tense had a program titled 1984 and our modern surveillance society, which deals with privacy issues and surveillance.  It can be heard here – excerpt-how-far-from-1984

As an overview it is quite effective.

It provides:

Mass surveillance is now a part of our social, economic and political lives—governments and companies snoop on us like never before. But are we really heading toward an Orwellian future? Antony Funnell investigates.

 When George Orwell finished work on 1984 he was already a man without a future. Fading rapidly from tuberculosis, his most celebrated novel was to be his last.

He died shortly after its publication.

Yet more than half a century later, his dystopian vision of the future is alive and in rude good health. Read the rest of this entry »

“Facebook” and “privacy” are not too often found in the same sentence without a “trashes” or an “ignores” or the catch all “not”.  The Federal Trade Commission has entered into (the polite way for saying forced) an enforceable undertakings with Facebook.

Things may be changing at Fortress Facebook however.

In Facebook’s Privacy Pivot Slate reports on a possible change in attitude as well as practical action with developments which point to a more proactive and real privacy framework.  Of course the proof is always in the, private, pudding.  For most privacy practitioners Facebook will be on double secret probation for the long term. The concern is Read the rest of this entry »

The Office of the Australian Information Commissioner has published its most recent statistics relating to the last quarter.  They are found here.  The media release is found here.

Regarding privacy related work the OAIC made the following comments:

• Phone enquiries: handled 16,486 phone enquiries (18,238 in 2012–13) — a 9% increase in privacy phone enquiries, which are 71% of the total
• Written enquiries: answered 3742 written enquiries (3165 in 2012–13) — a 26% increase in privacy written enquiries, which are 64% of the total
• Privacy complaints: received 4243 complaints (184% increase), and completed 2616 (74% increase). The average closure rate was 7.2 privacy complaints per day (90% increase), and the average completion time was 86.7 days (44% decrease)
• Privacy audits: conducted 8 audits (60% increase)
• Data breach notifications (DBNs): handled 73 DBNs (55% increase)
• Privacy investigations: conducted 13 Commissioner-initiated investigations (32% decrease), and published 4 reports
• Advice, guidance and submissions: published 20 guideline items, conducted 22 consultations, provided 133 written policy advices, and made 17 submissions
• Website visits: received 1.51 million website visits (10% increase)

Read the rest of this entry »

The Conversation usually publishes insightful and well written pieces on subjects of public policy, law, science or the humanities (to name but a few topics covered).  Sometimes its offerings are not so good.  Like with Your life in their hands – privacy and your mobile device.  Something of a curate’s egg – good in parts.

It provides:

The explosive uptake of mobile devices including smartphones and tablets has us immersed in a complex, volatile soup of hyper-connected digital technologies, where not only is the perception of time being compressed, but privacy protections are being reshaped. Read the rest of this entry »

Ransomware is a particularly nasty tool in the hackers bag of tricks.  Once security has been breached the hackers use Onion ransomware to encrypt files on a device attached to a network and then demands a ransom.  And it is on the way according to The Australian’s Onion ransomware could take root here.  The usual route into a network is through a phishing attack.  Hence all the more reason for staff to receive proper privacy training and to develop proper programs and protocols in handling email communications and oral enquiries.  In my experience it remains hand slapped to forehead depressing how inadequate training in basic privacy protocols are and when businesses actually do some privacy training it is done as a one off event.  No repeat for, say, new staff or refreshers to deal with new systems.  And then businesses wonder how there is a breach a month or year down the track.  The Privacy Commissioner’s guidelines on data security makes it clear that Read the rest of this entry »

It is a core feature of most privacy and data legislation that organisations and governments should only retain personal information for the period required and for the purpose for which the information was collected.  It is common in cases of data breaches to find organisations who have had poor data security to also have hopeless data management practices; keeping records long after they have no utility, keeping old customer information and generally storing data in one place so as to make a hackers job much easier than would otherwise be the case.  In the UK Read the rest of this entry »

Itnews reports in Popular Android apps inherit bugs from recycled code that at least half of the 50 most popular Android apps have security problems.  That is hardly a surprise. Privacy regulators around the world have focused on deficiencies in app development.  Apps are notorious for poor privacy practices ranging from the software through to totally inadequate privacy policies.  Most privacy regulators have released guidances on apps, most recently being the New Zealand Privacy Commissioner with Need to Know or Nice to have which was released earlier in July.  In the Australian context the problem is that many app developers are small businesses as defined in the Privacy Act and are often not covered by its operations.
Read the rest of this entry »

On 24 July 2014 the Information Commissioner’s Office in the United Kingdom (the ICO) served on Think W3 a very substantial monetary penalty notice, of £150,000 after determining that personal details involving 1,163,996 credit and debit card records were accessed.

The ICO media notice provides:

Think W3 Limited, an online travel services company, has been served a £150,000 monetary penalty after a serious breach of the Data Protection Act revealed thousands of people’s details to a malicious hacker.

The company was hacked in December 2012 after using insecure coding on the website of a subsidiary business, Essential Travel Ltd. The hacker extracted a total of 1,163,996 credit and debit card records. Of these records 430,599 were identified as current and 733,397 as expired.

Cardholder details had not been deleted since 2006 and there had been no security checks or reviews since the system had been installed. Read the rest of this entry »

Last week Catch of the Day announced it had suffered a data breach where customer passwords and their credit card details were stolen….. 3 years ago.  Itnew covered the story in Catch of the Day reveals three-year old data breach.

There is no mandatory data breach notification laws in Australia.  It is a large gaping hole in the privacy regulation.  There is no good legal reason for this lapse beyond legislative lethargy.  Last years attempt to enact a fair to middling notification bill lapsed when parliament was porogued.  There is currently a bill in the Senate which aims to achieve the same result (being the same bill in all respects as the 2013 version) but because of political maneuvering is likely to fail.  At some stage such legislation will be introduced.  It is too large a a problem not to be addressed.  But as with most matters privacy related in Australia the response will likely to be slow in coming, reluctantly enacted and inadequate and probably half a cycle behind developments in the technology.

The story provides:

Delays advising customers of early 2011 “cyber intrusion”.

Read the rest of this entry »