Month: April 2020

Smart Homes Convenient, Rife With Data-Privacy Issues

By Christopher Adams

The convenience and novelty of smart homes are undeniable. However, the ability of these intelligent homes to undermine the privacy of homeowners is certainly real.

In 2018, 17 billion connected devices were in use globally, along with 7 billion IoT (internet of things) connected devices, according to IoT Analytics.

Security Today magazine also reported that more than 26 billion IoT devices were active worldwide last year.

Consumers should proceed with caution, according to VentureBeat, a digital publication that covers transformative technology.

Users needs to be aware of the risks in using such digital assistants as Google Assistant or Amazon Alexa, which manage your home’s smart devices.  

“All of these devices are gathering, in some cases, pretty intimate data about us — even something as simple as when you come home, when you leave, when you go to bed, when you wake up,” Adam Levin, chairman and co-founder of CyberScout, told Digital Privacy News.

“So, this is data that becomes very valuable to someone who’s either a burglar or a stalker,” he said.

Continue reading “Smart Homes Convenient, Rife With Data-Privacy Issues”

World Privacy Forum Raises Concerns With Student Data Under FERPA

By Samantha Cleaver

Last summer, when 50.8 million children enrolled in public school in the United States, and 14.7 million more students arrived at postsecondary schools, their data went with them.

Student data, from addresses to photographs, is protected under the U.S. Family Educational Rights Privacy Act (FERPA).

In compliance, students, or their parents, must consent before a school discloses any identifiable information.

But what students and parents may not know is that, unless they opt out, FERPA also allows for some of that data to be released.

In 1974, when FERPA was written, a directory information exemption was put in place. Under this exemption, schools can designate information that can be made public without explicit parental consent.

Continue reading “World Privacy Forum Raises Concerns With Student Data Under FERPA”

Q&A: ACLU’s Jay Stanley

‘Spy Plane’ Surveillance of Baltimore is a Gross Invasion of Privacy

By C.J. Thompson

Last of two parts.

Jay Stanley, senior policy analyst for the American Civil Liberties Union in Washington, warns that the Baltimore Police Department’s aerial surveillance program violates the U.S. Constitution. In today’s report, Stanley discusses the department’s covert test run in 2016 and the implications for other cities.

Did the Baltimore Police Department’s covert test of the surveillance program produce any evidence of effectiveness? 

I don’t think there was definitive evidence that it was a huge success. That’s why (Police Commissioner Michael Harrison) is selling this as a “test.”

They’re bringing in entities to do studies and are taking the pose that, ‘We don’t know whether it will work or not and we’ll make a judgment once the data is in.’

That’s undermined by the fact that they want to press forward during the COVID lockdown. If they really wanted to get representative data, they would wait until city life was (back to) normal.

It suggests that they’re not very serious about this just being a test.

They intend to press forward with it regardless.  

Continue reading “Q&A: ACLU’s Jay Stanley”

Health Data, Even at a Privacy Loss, Proves Invaluable in Emergency Rooms

By Samantha Stone

The global COVID-19 pandemic has brought thousands of people to hospital emergency rooms, where the urgent pace and the need for information are at odds.

After the first critical hours, patients are stabilized and doctors then can review health histories from electronic medical records (EMR).

But what is the nature of that information? How wide and how deep is the data reservoir that doctors can plumb for guidance? Is the patient’s full history stripped bare?

“If you’re part of a treatment team, legitimately, then you can have access to the record,” Dr. Eric Howell, chief operating officer at the Society of Hospital Medicine and a Johns Hopkins University clinician, told Digital Privacy News.

Continue reading “Health Data, Even at a Privacy Loss, Proves Invaluable in Emergency Rooms”

Q&A: ACLU’s Jay Stanley

Baltimore Police ‘Spy-Plane’ Program Greenlit to Record Citizens’ Every Move 

By C.J. Thompson

First of two parts.

The Baltimore Police Department will launch a privately funded aerial-surveillance program next week after a federal court in Maryland ruled Friday against local activists and the American Civil Liberties Union and its state affiliate.

The groups argued the continuous surveillance of citizens would violate the First and Fourth Amendments. The Washington-based ACLU will appeal the ruling.

Under the program, Persistent Surveillance Systems will fly three manned Cessna planes over Baltimore for up to 84 hours per week. The planes, equipped with cameras, will conduct military-grade surveillance — continuously recording all outdoor movements. The footage will be utilized to track crimes after the fact.

The program’s $3.7 million cost is being paid by a wealthy Texas couple, John and Laura Arnold.

Baltimore city officials voted earlier this month to formally implement the six-month test despite the public outrage over a similar program police conducted secretly in 2016.

ACLU Senior Policy Analyst Jay Stanley warns that Baltimore’s program could set a precedent that could potentially end privacy and freedom as Americans now know it.

Continue reading “Q&A: ACLU’s Jay Stanley”

IRS Stimulus Website Plagued by Privacy, Security Issues

By Rob Sabo

Linda Elkington Huotari was excited when she logged into the new IRS website “Get My Payment” and learned she was eligible for direct deposit of her coronavirus stimulus check.

Huotari, who lives in Sherwood, Ore., had already filed her 2018 and 2019 tax returns, so the Internal Revenue Service had her correct banking information.

Two weeks have passed, however, and Huotari has yet to see any funds under the Coronavirus Aid, Relief and Economic Security Act (CARES) deposited into her checking account.

She’s actually one of the lucky ones who successfully navigated Get My Payments to track the status of her payment.

“I’ve received my refunds from 2018 and 2019, but no stimulus funds — and there’s no reason why,” Huotari told Digital Privacy News.

Tens of millions of Americans have received stimulus checks via direct deposit, but millions more have encountered difficulty navigating Get My Payment.

The most-common issues are users receiving an error message stating “payment status not available” — and not having any way to provide correct banking information.

More alarming, security and data-privacy experts told Digital Privacy News, is the lack of safeguards and critical site vulnerabilities that potentially leave millions of consumers who accessed the site prone to data intrusion and cyberfraud.

“Get My Payment was launched a mere five days after the IRS announced it was being developed,” said Mandee Rose, editor at TheVPNShop.com. “Had efforts toward developing the site started sooner, the IRS would have had time to make sure cybersecurity and online privacy measures were properly implemented.”

Continue reading “IRS Stimulus Website Plagued by Privacy, Security Issues”

FBI Expects Surge in Romance Scams as COVID Puts More People Online

By Linda Childers

Carla Brennan (not her real name), a divorcee in San Francisco, wasn’t looking for love when she recently joined an over-40 singles group on Meetup.com, a platform that allows people to organize in-person events for those with shared interests.

Yet shortly after registering, Brennan heard from “Alan,” a structural engineer who claimed he had just moved to the Bay Area and was smitten by her photo and witty bio, she told Digital Privacy News.

Their messages soon turned to cellphone calls and e-mails. Alan, Brennan said, was articulate, attentive and thoughtful.

However, he soon became her worst nightmare: a romance scammer who swindled her out of more than $40,000.

“No one who knows me would ever believe I’d fall for a con, but my mom was very ill at the time and I was in a vulnerable place,” Brennan, in her early 60s, told Digital Privacy News. “Alan made me believe in him, and in us — and it all turned out to be a lie.”

Continue reading “FBI Expects Surge in Romance Scams as COVID Puts More People Online”

COVID Dilemma for Employers: Balancing Privacy While Keeping Workplaces Safe

By Joanne Cleaver

Last of two parts.

The coronavirus pandemic has created privacy issues for both employers and workers. Today’s report addresses the issues employers face in confirming the health of returning workers.

If any workspace should allow for social distancing, it should be a golf course.

That might explain why golf courses are among the first operations to re-open in the few states relaxing “safer-at-home” requirements, which put golf-course managers in the precedent-setting position of figuring out how to navigate tricky conversations with returning employees about their health.

The new rules of post-pandemic workplace health are starting to emerge — and human resources experts said that while standard employee-privacy rules remain the baseline, employers also must ask tough questions to ensure a safe workplace for all.

In Richmond, Ind., an hour east of Indianapolis, the city’s parks and recreation department opened its Highland Lake Golf Course on Tuesday, while keeping guests and staff at a club’s length.

“We’re following the CDC and Wayne County guidelines for re-opening all our amenities,” Parks Superintendent Denise C. Retz told Digital Privacy News.

Continue reading “COVID Dilemma for Employers: Balancing Privacy While Keeping Workplaces Safe”

Employee COVID Antics Online Could Erode Privacy When Back to Work

By Joanne Cleaver

First of two parts.

Lizet Ocampo is internet famous as the boss who recast herself as a potato for a Friday virtual office meeting and then couldn’t figure out how to un-potato herself for Monday’s staff teleconference.

After a staffer shared the images online earlier this month, gaining nearly a million likes, Ocampo made the most of her turn as a star tuber, joking about the unexpected downsides of working from home.

But the real test of her humor will come when she and her staff eventually return to on-site work for People for the American Way, a liberal advocacy group in Washington.

Will they let her live it down, or will her accidental acclaim take the starch out of her professional reputation?

Workplace privacy has been shredded as millions of Americans suddenly started working from the uneasy convenience of their homes, gaining unexpected glimpses into one another’s bedrooms and kitchens — not to mention pets, kids and spouses.

Privacy won’t snap back as onsite work resumes, however. Employees will need to reclaim their workplace privacy, if not remnants of dignity, as they start to filter back.

Human resources executives are figuring out how to combine standard guidance from existing government regulations with new instructions from public-health officials.

Continue reading “Employee COVID Antics Online Could Erode Privacy When Back to Work”

Zoom’s Problems Point to Pitfalls in Writing Your Own Encryption

By Shelley M. Johnson

Zoom’s video conferencing platform took off during the COVID-19 social distancing as millions of people stayed home — but it has faced a bevy of problems, from “Zoombombing” to sharing user information with Facebook and leaking data to LinkedIn.

The Zoombombing hacks exposed an inherent security flaw in Zoom Video Communications Inc.’s platform: Programmers in China wrote their own encryption code for the platform, using a security standard far more vulnerable than the widely accepted AES-256 encryption method approved by the U.S. government.

Zoom also had a weakness in its global transmission network that left its communications susceptible to intruders. 

These steps were not very wise, Michelle Hansen, a cybersecurity expert and professor at the University of Maryland Global Campus, told Digital Privacy News.

The comedy of security errors soon made Zoom users realize they had to take precautions into their own hands.

Continue reading “Zoom’s Problems Point to Pitfalls in Writing Your Own Encryption”

Q&A: Cyber-Rights Advocate Ari Ezra Waldman

Swatting Problem Spreading Beyond Celebrities

By C. J. Thompson

Swatting, the act of reporting a violent crime in progress to provoke an aggressive police response on an unsuspecting target, is affecting a growing number of everyday people.

While tech executives, politicians, gamers, Twitter personalities and celebrities continue to be the most-frequent victims, churches and universities also have been targeted.

Swatting wasn’t included in the FBI’s most recent crime-statistics report, but news reports have cited an estimate of more than 1,000 occurrences in 2019.

Ari Ezra Waldman, an attorney and board member of the Cyber Civil Rights Initiative in New York, says growing awareness by the public, and particularly by law enforcement, is necessary to gain ground against this harassment tactic.

A Columbia University Ph.D., Waldman also is the founding director of the Innovation Center for Law and Technology at New York Law School.

Continue reading “Q&A: Cyber-Rights Advocate Ari Ezra Waldman”

Telemedicine Necessary With COVID-19, But Not Without Privacy Risks

By Susan Kreimer

Image: Maryland ophthalmologist Dr. Renee Bovelle conducts a telehealth visit from her office.

Some of Dr. Renee Bovelle’s patients feared their pink eye and allergies could be signs of COVID-19. But the Maryland ophthalmologist could only treat them by video conferencing — “telemedicine” — because of mandatory social distancing.

The technology allows doctors to manage most health conditions remotely while reducing risk of exposure to coronavirus. The practice brings heightened concerns of patient confidentiality and digital privacy.

“Now that we’re in this digital age, the burden of responsibility to protect the patient’s healthcare data rests on the shoulders of physicians and healthcare organizations,” Bovelle, who also holds a master’s degree in cybersecurity, told Digital Privacy News.

The global pandemic compels doctors to eliminate most office appointments and conduct more virtual visits, even as telemedicine raises the potential for eavesdropping on conversations and tapping into electronic databases that contain patient information.

Computers and cellphones are prime targets for hackers seeking to capitalize on a new wave of unpredictability in these socially distant times, experts tell Digital Privacy News.

“The general public is obviously relying on their medical professionals,” said Robert Siciliano, a cybersecurity analyst at Protect Now in Boston. “It is ultimately up to that medical professional that they and their clients are going to be protected.”

Continue reading “Telemedicine Necessary With COVID-19, But Not Without Privacy Risks”

Tenants Don’t Have to Tell Landlords If They Got Stimulus Money

By Joanne Cleaver 

Your landlord can ask about the emergency income you might receive from the federal government to make it through the COVID-19 crisis, but you don’t have to tell. 

The pandemic doesn’t erase your privacy rights as a tenant or as an individual, Alice Kwong, co-chief counsel of housing law at Legal Services of New Jersey (LSNJ), told Digital Privacy News.

“Just because the landlord asks about your stimulus check, you have no legal requirement to answer that question,” she said.

LSNJ is a nonprofit that helps state residents with urgent legal matters, which often involve tenants’ rights. Most states have similar organizations, which can help local renters understand how the laws of their states might apply to their relationships with their landlords. 

As the coronavirus pandemic inflicts widespread unemployment, reduced working hours, massive small-business closures and other economic pain, governments at all levels have responded with economic help and expanded legal protection for tenants.

Many municipalities and states have suspended evictions, ensuring that even tenants who cannot pay their rent will not be homeless during a huge public-health crisis. 

By Thursday, more than 22 million Americans had filed for unemployment help, the U.S. Labor Department reported, and millions of businesses had reduced hours, paychecks, or both.

Continue reading “Tenants Don’t Have to Tell Landlords If They Got Stimulus Money”

Where Does Unacast’s Social Distancing Data Come From?

Company’s ‘Scoreboard’ Popular Amid COVID-19 Pandemic

By Jeff Benson

Since data company Unacast introduced its “Social Distancing Scoreboard” at the end of last month, seemingly every local news station has used it to gauge how their state and county is doing relative to other areas. (Nevada, for instance, is near the top with a B+, while North Carolina gets a D.)

You might think Unacast developed its rankings from a close analysis of the country’s myriad public cameras, which extend from the Vegas Strip to Fifth Avenue in New York.

However, though highly visible, surveillance cameras didn’t factor into Unacast’s scores. The cellphone in your pocket did.

Unacast is a Norwegian startup that’s now based in Manhattan. The company procures location data — the kind that smartphones are so good at collecting — and repackages it into insights for retailers who want foot-traffic data and marketers who want your money.

Its newest venture ostensibly isn’t a money-making exercise, but it’s certainly generating positive publicity for an industry that’s faced increased scrutiny since a December 2018 expose by The New York Times on location-tracking apps.

Unacast is now using location-tracking data to fight COVID-19 and “help public-health experts, policymakers, academics, community leaders and businesses in retail and real estate gain accurate insights into current public behavior,” according to a news release announcing the scoreboard.

It’s got a lot of info to play with.

Continue reading “Where Does Unacast’s Social Distancing Data Come From?”

5 Ways: Employees Can Protect Their Privacy While Working From Home

By Jessica Zimmer

As the world continues a large-scale trial of mass telecommuting, employers are using numerous tactics to avoid phishing scams, harden security and verify identification. 

Here are five tips for protecting privacy while working from home, according to Seth Schoen, senior staff technologist for the Electronic Frontier Foundation in San Francisco:

1. Avoid responding to emailed requests for information from unknown parties or opening their attachments, even if they claim to have some connection with an authoritative source. Go directly to health agencies’ websites, for instance, to receive official updates. 

Scammers seem to love exploiting current news and anxieties to create a sense of plausibility and urgency and influence people’s behavior.

Continue reading “5 Ways: Employees Can Protect Their Privacy While Working From Home”

Good News: Congress Is Ready for Privacy Laws. Bad News: Nothing Is Happening.

By Charles McDermid

Flash back six months ago to November and the U.S. government faced a stream of data privacy legislation.

Several heavyweight bills were before a Congress still calculating Washington’s relationship with Big Tech after the fiasco of the 2016 election.

In a Pew Research Center survey that month, more than 80% of Americans felt they had little or no control of their personal data after it was collected by the government. 

The momentum went nowhere.

The drumbeat for federal privacy legislation produced a logjam of proposed measures, most of which seemed derailed from the start by partisanship, timing or lack of scope.

The COVID-19 pandemic has only amplified cries for a data-regulation framework, making a crowded space even more noisy and complex. Yet national debate on this crucial issue appears to be going nowhere — even as the presidential race resurfaces above the health crisis.

Consider last November. Within a few weeks, several bills were introduced that might provide an outline of what will become the first comprehensive U.S. law on personal data protection. The Electronic Privacy Information Center (EPIC), an independent Washington-based nonprofit, has scored all the measures.

Continue reading “Good News: Congress Is Ready for Privacy Laws. Bad News: Nothing Is Happening.”

Privacy Safeguards in Apple-Google Platform Could Be Abused, Experts Say

By Jeff Benson

Google and Apple’s COVID-19 platform announced Friday may be privacy-centric — but that doesn’t mean it can’t be abused, experts tell Digital Privacy News.

The tech giants behind the world’s two largest mobile-phone operating systems, Android and iOS, said in a rare joint announcement that they would build a Bluetooth-based platform to trace coronavirus. 

The system would enable phones within Bluetooth range to share data and log interactions.

If someone using the system tests positive for COVID-19 and chooses to submit their diagnosis to the system, users they’ve come in contact with will receive a notification (if they’ve opted into the system).

Apple and Google are only creating the bones; developers and public-health agencies would create applications and solve logistical hurdles.

Cellphone users, Apple and Google say, would explicitly have to opt into the system and individual users’ test results would not be shared with other people or the companies.

Still, a lot of things could go wrong.

Continue reading “Privacy Safeguards in Apple-Google Platform Could Be Abused, Experts Say”

‘What a Nightmare’

Belongings, Privacy Issues Pile Up With COVID-19 Deaths

By Tammy Joyner

An elderly man died of COVID-19 in a New York City hospital last week. His ICU nurse then folded his sweater, gathered his loafers and other belonging and placed them in a plastic bag.

What took place next prompted the nurse, whom Digital Privacy News is not naming, to take to social media:

I asked where to put (his) things. A coworker opens the door to a locked room; labeled bags are piled to the ceiling. My heart drops. It’s all belongings of deceased (patients), waiting for a family member to someday claim them …

The post illustrates a grim scenario taking place postmortem in hospitals nationwide.

As coronavirus death tolls rise, so do privacy risks, particularly identity theft and fraud as purses, wallets, wedding rings, driver’s license, credit and insurance cards, and other personal effects of victims pile up. 

“Anytime we have large numbers of people displaced, injured, killed or die, identity theft becomes an issue, so does financial fraud,” Rob Douglas, a nationally recognized identity-theft expert in Steamboat Springs, Colo., told Digital Privacy News.

“Financial criminals sweep in and take advantage of the chaos to gather any information they can and impersonate the victims and steal their assets.”

Continue reading “‘What a Nightmare’”

Q&A: California Privacy Advocate Alastair Mactaggart

Privacy Should Be Protected by Law, No Matter the Cost

By Terry Collins

In three months, California will begin enforcing its closely followed California Consumer Privacy Act (CCPA), the complex law that gives residents the right to know what information companies collect on them and some control of their data.

As lawmakers, advisers and companies scramble to complete compliance guidelines, the man behind the 2018 voter-backed law, privacy advocate Alistar Mactaggart, is preparing another ballot initiative to strengthen the law for voters to decide this fall. 

Mactaggart, an affluent Bay Area real estate magnate, Harvard-educated chairman and founder of Californians for Consumer Privacy (CCP), told Digital Privacy News he wants to toughen the privacy rights and protections that the current law doesn’t offer. 

This interview was edited for clarity and length.

Continue reading “Q&A: California Privacy Advocate Alastair Mactaggart”

Saying ‘Yes’ to Privacy Can Mean ‘No’ to Voter Registration

By Andrea Collier

David Marcus comes from a long line of registered voters in Detroit, but he has never voted because he’s never registered.

“I worry about my privacy, and what people can do with the information they get when I register,” Marcus, 30, an IT professional, told Digital Privacy News.

Not registering has also saved Marcus from serving jury duty, amid other concerns he has about protecting “my digital footprint.”

“I don’t feel bad about passing up on my vote if I can protect my privacy,” he said.

Marcus is among the estimated 21.4% of Americans who are eligible to register but don’t out of privacy concerns, according to a 2017 study by the Pew Charitable Trusts.

Those privacy issues are now heightened by the COVID-19 pandemic, raising questions as to how many of the more than 200 million registered U.S. voters will show up for this year’s elections.

Continue reading “Saying ‘Yes’ to Privacy Can Mean ‘No’ to Voter Registration”