Privacy law often says (roughly) that personally identifiable information needs to be protected. But this research calls into question whether we can define personally identifiable information in a legally-meaningful way. All information related to a person can contribute to identifying the person.
Update on red-light camera controversy in Texas, in which some claim red light camera operators must be licensed as private investigators: The Texas Pivate Security Bureau has issued a legal opinion in favor of traffic camera operators. --Ben
A principle of the Information Age: Government is wise to organize itself and its records so it can swiftly and efficiently respond to freedom-of-information-act requests. Resistance to such requests is wasteful and makes government look out-of-touch. --Ben
Similar issues apply in state government. On account of Open Records Acts, state governments are wise to insist that employees (including governors) route all business e-mail through a central e-mail archive and to encourage employees to take all personal e-mail to personal accounts. --Ben
The world is different today compared to the past (compared to even just a year ago). The constant march of technology makes it possible for a smaller work force to do virtually the same job as a larger workforce. As white collar employees are handed pink slips, an employer like a bank or a brokerage may be prudent to generously retain their e-mail records. The records are a valuable asset to the employer, relating to intellectual property, project management, customer relationships and more. --Ben http://legal-beagle.typepad.com/wrights_legal_beagle/2008/10/retain-e-mail-of-former-employees.html
To release live mosquitoes in a crowded room is a surprising thing for a wealthy man to do. Theoretically, Mr. Gates is opening himself to legal liability (1) for assault on the people who don't want mosquitos biting or harassing them, and (2) for damaging the conference and the venue where it is being held. From a purely legal perspective, Mr. Gates would have been wise to obtain consent from all affected people (including the owner of the venue) before he unleashed this menace. [By the way, I fully acknowledge the value of the point Mr. Gates made. He should be congratulated for making such an important point so effectively. Such a display took great courage on his part.] --Ben
Mass re-issuance of cards may not be the best response. In the TJX experience, the cost of re-issuing cards far exceeded the actual risk. Alternatives to re-issuance include tighter monitoring of and restrictions on affected card accounts. --Ben
Most all data in commercial and government systems are "exposed" or "compromised" to one degree or another virtually all the time. So it is not surprising that as we focus more attention on breaches, we discover an ever-growing number of breaches. Under the presenting thinking, the growth will never stop. Should each citizen therefore be mailed 100 breach notices every day? Legally and ethically speaking, we do not have a competent definition of what is and is not a meaningful security breach. The result is confusion and excessive anxiety on the part of data holders, data subjects, legal authorities and the media. Ben
The world is different today compared to the past (compared to even just a year ago). The constant march of technology makes it possible for a smaller work force to do virtually the same job as a larger workforce. As white collar employees are handed pink slips, an employer like a Microsoft, a bank or a brokerage may be prudent to generously retain their e-mail records. The records are a valuable asset to the employer, relating to intellectual property, project management, customer relationships and more. --Ben
Lori Drew's case holds a lot of lessons for a lot of people. It is about cyberbullying, which is behavior for which society has little tolerance. Cyberbullying is poison for anyone it touches. An institution like Myspace -- or a library or a school, which provides patrons, students or guests access to the Internet -- has plentiful incentive to stamp out cyberbullying within its system and its PCs. Regardless of how the law says it (through a misdemeanor criminal conviction or otherwise), the law has made clear it wants to find a way to punish anyone involved with cyberbullying. --Ben
Lori Drew's case is about cyberbullying, which is behavior for which society has little tolerance. Cyberbullying is poison for anyone it touches. An institution like Myspace -- or a library or a school, which provides patrons, students or guests access to the Internet -- has plentiful incentive to stamp out cyberbullying within its system and its PCs. --Ben
To me, it is so obvious the doctored photo (bright, beautiful, shiny, crisp flag in background) is not the original, that this event is not a big deal. The photo feels like a public relations baseball card, with the poetic license normally granted for PR fluff. Still, to prevent arguments about manipulation, one way to preserve a file, such as a jpeg and its metadata, is to sign it with a voice signature. --Ben
Cyberbullying is poison for anyone it touches. An institution like a library or a school, which provides patrons, students or guests access to the Internet, has plentiful incentive to stamp out cyberbullying within its PCs. --Ben
The student might have been wiser to openly identify himself and his intentions before conducting his security analysis and then to identify himself fully in the e-mail disclosing what he found. See discussion of white hat hacking--Ben
This story illustrates the unprecedented transparency that technology is bringing to society. Just as (allegedly) Plumber Joe's privacy was breached, access logs in Ohio's information systems show when his data was accessed and from which particular government offices. That's powerful stuff. Data logs can probably enable a deeper investigation into precisely who made the access and whether it was legal. If people acted illegally, the digital evidence can lead to their punishment. Such transparency represents a big trend in society http://hack-igations.blogspot.com/2007/12/people-in-authority-sometimes-abuse.html --Ben
Although the law is motivating enterprises to keep e-mail in reliable archival systems, confidentiality concerns suggest a preference for record-retention systems to be in-house rather than in the cloud. On the topic of enterprise confidentiality in the cloud, stay tuned to commentary in the legal community. The topic merits careful review and more analysis. --Ben http://hack-igations.blogspot.com/2008/02/collaboration-e-discovery-and-record.html
A principle of the Information Age: Government is wise to organize itself and its records so it can swiftly and efficiently respond to freedom-of-information-act, open records and similar requests. Resistance to such requests is wasteful and makes government look out-of-touch. Hence, a government agency is prudent to tell employees (like governors) to send all business-related messages (e-mail, text and otherwise) through the agency's central IT system so they can be archived. --Ben
Slashdot Mirror
Privacy law often says (roughly) that personally identifiable information needs to be protected. But this research calls into question whether we can define personally identifiable information in a legally-meaningful way. All information related to a person can contribute to identifying the person.
This news gives parents of high schoolers an additional reason (at a minimum) to monitor and place time limits on social networking.
For many employers, a virus like StalkDaily is an additional reason to block Twitter. -Ben
Update on red-light camera controversy in Texas, in which some claim red light camera operators must be licensed as private investigators: The Texas Pivate Security Bureau has issued a legal opinion in favor of traffic camera operators. --Ben
A principle of the Information Age: Government is wise to organize itself and its records so it can swiftly and efficiently respond to freedom-of-information-act requests. Resistance to such requests is wasteful and makes government look out-of-touch. --Ben
Similar issues apply in state government. On account of Open Records Acts, state governments are wise to insist that employees (including governors) route all business e-mail through a central e-mail archive and to encourage employees to take all personal e-mail to personal accounts. --Ben
The world is different today compared to the past (compared to even just a year ago). The constant march of technology makes it possible for a smaller work force to do virtually the same job as a larger workforce. As white collar employees are handed pink slips, an employer like a bank or a brokerage may be prudent to generously retain their e-mail records. The records are a valuable asset to the employer, relating to intellectual property, project management, customer relationships and more. --Ben http://legal-beagle.typepad.com/wrights_legal_beagle/2008/10/retain-e-mail-of-former-employees.html
To release live mosquitoes in a crowded room is a surprising thing for a wealthy man to do. Theoretically, Mr. Gates is opening himself to legal liability (1) for assault on the people who don't want mosquitos biting or harassing them, and (2) for damaging the conference and the venue where it is being held. From a purely legal perspective, Mr. Gates would have been wise to obtain consent from all affected people (including the owner of the venue) before he unleashed this menace. [By the way, I fully acknowledge the value of the point Mr. Gates made. He should be congratulated for making such an important point so effectively. Such a display took great courage on his part.] --Ben
Mass re-issuance of cards may not be the best response. In the TJX experience, the cost of re-issuing cards far exceeded the actual risk. Alternatives to re-issuance include tighter monitoring of and restrictions on affected card accounts. --Ben
Most all data in commercial and government systems are "exposed" or "compromised" to one degree or another virtually all the time. So it is not surprising that as we focus more attention on breaches, we discover an ever-growing number of breaches. Under the presenting thinking, the growth will never stop. Should each citizen therefore be mailed 100 breach notices every day? Legally and ethically speaking, we do not have a competent definition of what is and is not a meaningful security breach. The result is confusion and excessive anxiety on the part of data holders, data subjects, legal authorities and the media. Ben
The world is different today compared to the past (compared to even just a year ago). The constant march of technology makes it possible for a smaller work force to do virtually the same job as a larger workforce. As white collar employees are handed pink slips, an employer like a Microsoft, a bank or a brokerage may be prudent to generously retain their e-mail records. The records are a valuable asset to the employer, relating to intellectual property, project management, customer relationships and more. --Ben
Texas private investigator legislation is causing problems for robo-cop traffic enforcement. A Texas judge said the company running a red-light camera was acting illegally because it did not have a private investigator license. On the basis of this ruling, motorists are challenging traffic tickets. The problem started when the legislature said computer forensics experts needed to be licensed like private eyes. See deails: http://legal-beagle.typepad.com/wrights_legal_beagle/2008/12/e-discovery-forensics-private-investigator-license-for-computer-data-collection-and-assessment.html --Ben
Lori Drew's case holds a lot of lessons for a lot of people. It is about cyberbullying, which is behavior for which society has little tolerance. Cyberbullying is poison for anyone it touches. An institution like Myspace -- or a library or a school, which provides patrons, students or guests access to the Internet -- has plentiful incentive to stamp out cyberbullying within its system and its PCs. Regardless of how the law says it (through a misdemeanor criminal conviction or otherwise), the law has made clear it wants to find a way to punish anyone involved with cyberbullying. --Ben
Data breach notices have a scalability problem. As the number of notices soars, we need to better define what is a serious breach and what is not. Otherwise, the public drowns in breach notices, many of which are insignificant. --Ben http://hack-igations.blogspot.com/2007/12/does-lost-tape-equate-to-lost-data.html
Lori Drew's case is about cyberbullying, which is behavior for which society has little tolerance. Cyberbullying is poison for anyone it touches. An institution like Myspace -- or a library or a school, which provides patrons, students or guests access to the Internet -- has plentiful incentive to stamp out cyberbullying within its system and its PCs. --Ben
To me, it is so obvious the doctored photo (bright, beautiful, shiny, crisp flag in background) is not the original, that this event is not a big deal. The photo feels like a public relations baseball card, with the poetic license normally granted for PR fluff. Still, to prevent arguments about manipulation, one way to preserve a file, such as a jpeg and its metadata, is to sign it with a voice signature. --Ben
Cyberbullying is poison for anyone it touches. An institution like a library or a school, which provides patrons, students or guests access to the Internet, has plentiful incentive to stamp out cyberbullying within its PCs. --Ben
A few months ago Google claimed it could impose its legal terms on the public just by publishing the terms. Maybe members of the public can impose their own terms of privacy protection on Google just by publishing those terms! A person might -- for example -- say in her published privacy terms that analytics engines cannot keep records of her activities longer than a week. --Ben http://hack-igations.blogspot.com/2008/05/google-privacy-policy-terms-of-service.html My ideas are not legal advice for any particular situation, just fodder for public discussion.
An employer might use software to monitor and limit social networking time, so employees don't spend it to excess. Detailed discussion --Ben
The student might have been wiser to openly identify himself and his intentions before conducting his security analysis and then to identify himself fully in the e-mail disclosing what he found. See discussion of white hat hacking--Ben
This story illustrates the unprecedented transparency that technology is bringing to society. Just as (allegedly) Plumber Joe's privacy was breached, access logs in Ohio's information systems show when his data was accessed and from which particular government offices. That's powerful stuff. Data logs can probably enable a deeper investigation into precisely who made the access and whether it was legal. If people acted illegally, the digital evidence can lead to their punishment. Such transparency represents a big trend in society http://hack-igations.blogspot.com/2007/12/people-in-authority-sometimes-abuse.html --Ben
There is some case law support for enforcement of web terms of service. It's a complex topic. For discussion, see http://hack-igations.blogspot.com/2008/05/google-privacy-policy-terms-of-service.html and http://hack-igations.blogspot.com/2008/02/contracts-for-patient-privacy.html -Ben
Although the law is motivating enterprises to keep e-mail in reliable archival systems, confidentiality concerns suggest a preference for record-retention systems to be in-house rather than in the cloud. On the topic of enterprise confidentiality in the cloud, stay tuned to commentary in the legal community. The topic merits careful review and more analysis. --Ben http://hack-igations.blogspot.com/2008/02/collaboration-e-discovery-and-record.html
A legislature is unwise to require a specific technology like "encryption." Legislatures are prone to make technical mistakes. --Benjamin Wright
A principle of the Information Age: Government is wise to organize itself and its records so it can swiftly and efficiently respond to freedom-of-information-act, open records and similar requests. Resistance to such requests is wasteful and makes government look out-of-touch. Hence, a government agency is prudent to tell employees (like governors) to send all business-related messages (e-mail, text and otherwise) through the agency's central IT system so they can be archived. --Ben