Items tagged "security"

Post

As Congress Works Towards Federal Privacy Legislation, There Are Some Protections It Should Not Overlook

October 24, 2019 Data Portability , Data Protection , interoperability , Legislation , Privacy , Private Right of Action , security

Last year, Representative Suzan DelBene (D-WA) introduced a privacy bill, the Information Transparency & Personal Data Control Act (Data Control Act). Public Knowledge provided input to Rep. DelBene’s office on the development of its discussion draft. However, we were disappointed to see that, upon introduction, the substance of the bill had been watered down from […]

Read More
Post

App Store Control Is Less Important Than Human Rights, Actually 

October 11, 2019 Apple , Free Expression , Free Speech , Global , Human Rights , Privacy , security

I have written about app stores at length before but it is worth reiterating a few points given the recent news about Apple removing access to the Hkmap.live app (which helps people track police activity) and Google removing access to The Revolution of Our Times (a protest game).  First, Apple’s (and Google’s) explanations don’t pass […]

Read More
Post

Facebook Shows Why We Need Data Security and Breach Notification Requirements

March 25, 2019 Data Protection , Facebook , Legislation , Privacy , security

Last week, thanks to investigative reporting, we learned that Facebook discovered in January that it was storing millions of users’ passwords in plain text format, making them fully readable for thousands of its employees. Facebook has acknowledged that this was a serious security error and privacy breach on its side, as its systems, ideally, “are designed to mask passwords using techniques that make them unreadable”, and promised that it “will be notifying everyone whose passwords we have found were stored in this way.” There is no evidence that any of the thousand employees with access to these unencrypted passwords actually accessed them, but Facebook’s decision to remain mum reveals an important lesson for the overarching privacy and security policy debate. Importantly, data security incidents are a widespread problem that goes well beyond Facebook.

Read More
Post

We Don’t Have to Sacrifice User Safety and Convenience to Make App Stores Competitive

March 15, 2019 Competition , Platform Competition , Platform Regulation , Privacy , security

App stores, such as Google Play and Apple’s App Store, have been good for consumers and independent developers in a number of ways. When they work well, they provide consumers with a convenient way to find and buy software that is safe and functional. I remember when my non-technical friends would never install software on their PCs, assuming that it was all a scam or malware of some kind. Now these same people can confidently install, use, and uninstall apps without fearing that it will ruin their devices or steal their personal information. Again, this is when things are working right. There are always bad actors to be vigilant against, and different app store curators do their jobs more and less well.

Read More
Post

Our Thoughts on Facebook’s WhatsApp + Messenger + Instagram Integration

January 30, 2019 Competition , Data Protection , Platform Regulation , Privacy , security

Last week, the New York Times reported that Facebook has decided to integrate the back-end infrastructures of its three fully-owned messaging products: Facebook Messenger, WhatsApp, and Instagram. At Public Knowledge, aware of the different nature, features, and conditions of use of these three services, we are carefully following the possible privacy and security and competition implications of this market-changing move.

Read More
Post

The First Tangible Effects of the GDPR

May 10, 2018 Data Protection , European Union , GDPR , Priavcy , security

Over the past two weeks, you’ve probably received numerous privacy policy updates from online companies. For example, last week LinkedIn sent its users an e-mail informing them of changes to its Terms of Service and Privacy Policy, explaining, “[w]e now meet the high standard for data privacy introduced by the new European data protection law known as the General Data Protection Regulation (GDPR), which goes into effect later in May.”

Read More
Post

Is the GDPR Right for the United States?

April 9, 2018 Cybersecurity , Data Protection , GDPR , Privacy , security

Europe’s new privacy law, the General Data Protection Regulation (GDPR) will enter into force in May 2018. Understandably, given that data breaches and privacy violations have been in the headlines lately — and given that the GDPR will reshuffle privacy protection in Europe and beyond — many in the United States are looking to the GDPR for ideas of what to do – and what not to do. We think that it would be impractical and ineffective to copy and paste the GDPR to U.S. law — the institutions and legal systems are just too different.

Read More
Post

Here’s How Congress Should Respond to Facebook/Cambridge Analytica

March 23, 2018 Cybersecurity , Data Breach , Legislation , Privacy , security

Facebook and Cambridge Analytica. By now we know the basic facts: Aleksandr Kogan, purporting to be a researcher, developed an authorized Facebook application. As was Facebook’s practice at the time, when users connected the app to their Facebook accounts, the app scooped up not only the users’ personal information, but also their friends’ personal information. In this manner, Dr. Kogan was able to amass information about 50 million Facebook users – even though only 270,000 individuals used the app. Dr. Kogan then, exceeding his authorized use of the data, funneled that information to Cambridge Analytica, a firm that purported to engage in “psychographics” to influence voters on behalf of the Trump campaign.

Read More
Post

Analyzing Congress’ Response to Data Breaches: Do Proposed Bills Protect You?

January 26, 2018 Cybersecurity , Data Security , Equifax , Privacy , security

For nearly three months last summer, the sensitive personal data of more than 145 million American consumers was exposed to bad actors thanks to some “ham-fisted” behavior on the part of credit reporting giant, Equifax. Americans were outraged, and lawmakers began to scrutinize Equifax’s behavior during the breach, including three Equifax senior executives selling shares worth almost $1.8 million in the days after the company discovered the hack.

Read More
Post

Members of Congress Tackle Consumer Protection Failures from Equifax Breach

October 13, 2017 Consumer Privacy , Cybersecurity , Equifax , Privacy , security

Last week, Congress held four hearings to investigate the Equifax data breach, which jeopardized the highly sensitive data of 145 millions Americans. The exposed consumer information includes social security numbers, prior addresses, student loans, credit card numbers, and other pieces of private data compiled into credit reports that determine if a consumer qualifies for employment, loans, or new lines of credit. For days, members of Congress questioned former Equifax CEO Richard Smith as to how the breach could have occurred and what steps the company was taking to protect consumers. Mr. Smith resigned in September after the extent of the breach was fully disclosed. During the hearings, he offered little in terms of solutions on how to protect consumers going forward, but his answers revealed significant problems with our current data security regime that Congress must address.

Read More