Privacy News and Views for October 20

April 22, 2020 October 20, 2017 By Eric Stroshane 1 Comment

Featured

The KRACK Attacks and Libraries | Choose Privacy Week

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping | Ars Technica
Researchers uncover flaw that makes Wi-Fi vulnerable to hacks | Reuters
Why the Krack Wi-Fi mess will take decades to clean up| Wired
Falling Through the KRACKS | A Few Thoughts on Cryptographic Engineering (blog)

ALA files comments to Department of Homeland Security to protest plans to monitor and collect immigrants’ social media information | District Dispatch

Full Comments filed by ALA with the Department of Homeland Security

Government Surveillance

Senate Intelligence Committee to debate in secret a bill that would renew a powerful spy tool | Washington Post

Justices to Decide on Forcing Technology Firms to Provide Data Held Abroad | New York Times

A Primer on Microsoft Ireland, the Supreme Court’s Extraterritorial Warrant Case | Lawfare

Should Federal Prosecutors Be Able to Search Americans’ Emails Overseas? | The Atlantic

There’s No Good Decision in the Next Big Data Privacy Case | New York Times

Surveillance “Reform”: The Fourth Amendment’s Long, Slow, Goodbye | Just Security

Corporate Surveillance

It takes just $1,000 to track someone’s location with mobile ads | Wired

Libraries and Privacy

Protecting Your Online Privacy: Risks And Strategies – November 9 | Infopeople Webinar (FREE!)

Privacy Literacy Training for Librarians | Data Privacy Project, New York City

How these librarians are changing how we think about digital privacy| Christian Science Monitor

Students’ and Minors’ Privacy

U.S. Department of Education launches new student privacy website | Lexology

Commentary

How “Big Data” Went Bust | Slate

Encryption

Senior U.S. legal official meeting UK leaders to tackle online security issues | Reuters

Decrypting the Going Dark Debate | Lawfare

Apple removed several privacy apps in China — now two senators are demanding answers | CNBC

Cybersecurity

Facebook is struggling to meet the burden of securing itself, security chief says | Ars Technica

DHS To Order Agencies Implement Email, Website Encryption Tools | NextGov

Broadband Privacy

Internet giants contest proposed privacy laws | Bucks County Courier Times (PA)

Biometric Privacy

Apple answers Sen. Al Franken’s privacy concerns over Face ID | CNET

Law and Regulation

Equifax Hack Drives GOP Bill to Overhaul Credit Bureaus | Wall Street Journal
Legislation from Patrick McHenry would require big three credit-reporting firms to phase out use of Social Security numbers by 2020

Replacing Social Security Numbers won’t be easy, but It’s worth it | Wired

EU-U.S. data transfer pact passes first annual review | Reuters

Biometric barriers in Illinois: Developments with the Biometric Information Privacy Act | Lexology

This Week in Data Breaches

Pizza Hut Warns Customers That Hackers May Have Accessed Their Data | Fortune

Hyatt suffers second data breach in two years | Hotel Management

Filed Under: News and Updates

One reply to Privacy News and Views for October 20

Pingback: Intellectual Freedom News 10/20/17 - Intellectual Freedom Blog

Comments are closed.

Guidelines for Private Online Searching & Browsing Julie Oborny
There are few options for searching without being tracked. To search anonymously from home requires tech-savvy and money. This is something many people do not have. Libraries should help any user access information anonymously. Guidelines A group of library privacy experts created the following guidelines. Use them to bolster your efforts. Starting a Computer or Wi-Fi Session Offer Guest User Options: Allow users to log in to public computers and Wi-Fi without using their personal library card. This can be facilitated through the use of guest passes. Do not require identification or keep logs of users who check out a guest pass or sign in as a guest. Avoid Paper Sign-up Sheets: Do NOT have paper sign-up sheets for the computers. If there is no other option, practice the following: Staff should always be in control of these paper sign-up sheets Only require the minimum amount of data needed for reserving a computer. Shred paper sheets at the end of the day. Filtering Software No Logging: Filtering software should not log user activity. Ensure and verify that this is not happening on filtered computers. Guest Passes: If disabling logging is not possible, offer a guest pass at no charge. Age Data: Do not capture proof of age when removing filters. Just verify. Erasing Computer Sessions Public Computers: Set public computers to load a fresh computer image after each user session. Software example: Deep Freeze. End sessions automatically if the user forgets to log out at the end of a session. Circulated/Loaned Devices: Reset or reimage borrowed devices at point of check-in. Examples of devices: laptops, tablets, and other mobile devices. Session Logs: Do not store logs of users’ computer or Wi-Fi sessions for longer than 24 hours. Delete computer reservation and Wi-Fi session logs that contain personal information. Include this practice as a closing activity. Do not collect information about user activity during a public computer or Wi-Fi session. Activity examples: applications used and web browser activity. Printers: Clear the print queue for the print management system daily. Physical Protections Physical Space: Arrange the physical library space for privacy. People should be able to use personal technology without observation. If security cameras are required inside the buildings, optimize for privacy. Check to make sure they are not pointed toward screens or other places where they may record library use. Privacy Screens: Provide easily accessible privacy screens. These screens should be available for any user who needs one. If possible, install privacy screens on all public computers. Shredding: Shred print-outs left at the printer. Provide access to shredders for users. Browsers & Search Tools Default Search: Set DuckDuckGo as the default search for all browsers. Default Browsers: Set the default browser on computers to Brave or Firefox. Anonymous Search with Tor: Install the Tor browser on all public access computers. Provide guides for users about how to use Tor for anonymous searching. Training For Users Guides: Provide guides to users who wish to remain anonymous online. Examples: Personal Accounts: Do not log in to any personal accounts during the entire session. Examples: Google Amazon Facebook Learning Management Systems Private vs. Public: Treat school or work cloud-document services as public record. Don’t use these services to keep track of sensitive information. Search Tools: Use a privacy-focused search engine, such as DuckDuckGo. Mobile Browsers: Download privacy-focused browsers on mobile devices. Examples: Firefox Focus Brave Tor DuckDuckGo Tech Help: Assist users in installing encrypted messaging apps, such as Signal. Programs: Device Settings: Teach users how to turn off the following on their devices: Personalized advertising or ad tracking (iOS and Android) Location sharing Unused and unnecessary app permissions VPNs: Teach users about virtual private networks (VPNs): How to pick one. Refer to https://ssd.eff.org/en/module/choosing-vpn-thats-right-you How to install one. This depends on the VPN. How to use one. This depends on the VPN. Attendance: Allow people to attend these training programs anonymously. Alternatives: Provide digital and physical resources for those who are unable or unwilling to attend in person. Example: https://sec.eff.org/ For Staff New Hires: Include privacy training as part of new-hire onboarding. Ongoing: Have regular privacy training for library workers. State Laws: Review state laws on confidentiality of library use data. Do this with all library workers. Communication: Share updates on changes in privacy issues. Do this especially for state and national laws.
Data Privacy Week – January 24-28, 2022 Stacy Tomaszewski
This year, the National Cybersecurity Alliance (NCSA) has expanded its Data Privacy Day to a week! Data Privacy Day started in 2008 as a North American complement to Data Protection Day in Europe. The purpose of Data Privacy Week is to help “spread awareness about online privacy and [educate] citizens on how to manage their personal information and keep it secure” and to “ [encourage] businesses to respect data and be more transparent about how they collect and use customer data.”
Book review of ‘Cyber Privacy: Who Has Your Data and Why You Should Care’ Virginia Dressler
“Data, I’ve found, is becoming like the weather; it’s something that almost anyone can talk about.” Cyber Privacy by April Falcon Doss is a timely title on so many key issues around data privacy in the online world– And Doss is well-positioned to write on this topic, with her thirteen years working at the NSA and later working in a private sector practice focusing on cyber-security and privacy issues. I found this title to be a thoughtful and well-written perspective, primarily centered on the U.S.