Legally speaking, what is "reasonable security?" FTC fined TJX for not having it, but I disagree. Verizon says 9 of 10 data breaches could have been avoided if reasonable security were present. That implies 9 in 10 breach victims were in violation of law. The study's outlook is that the solution to identity theft is locking down corporate data. But a security consultant/solution provider like this Verizon unit naturally sets a high bar for what is reasonable. And when Verizon evaluates whether reasonable security could have prevented a break-in, it does so with the benefit of hindsight. Yet the study goes on to say that in modern systems knowing where all your data reside is "an extremely complex challenge." In other words, the shere problem of keeping up with the location of data (so you can apply security) is very expensive, and mistakes by data-holders who act in good faith are easy. The reasonable measures expected by FTC and Verizon are extravagantly hard to implement in practice. Hence, the portion of incidents preventable by FTC/Verizon's reasonable procedures is much lower than 90%. We need to focus more attention on other solutions to identity theft. --Ben http://hack-igations.blogspot.com/2008/03/ftc-treats-tjx-unfairly.html
We will come to encounter robots that interact with us in more ways than we can imagine. That interaction will be subject to the rule of law. One method for ruling robots will be legal contracts. --Ben
You and I share lots of common ground! I agree that many (maybe most . . . maybe even the overwhelming majority) of the new digital records technology makes available are for the good, not for the bad. Digital records promote justice and democracy, as well as honesty among public officials and authority figures.
My point in the posts above is simply that existing privacy law applies a bunch of regulatory burdens on machines making records about people. As robots become more common, these burdens will be an interesting issue. In my posts above I was simply describing a fact that has not yet been well debated in society. --Ben
Under the law of privacy, there is a big difference between a human memory and a "record". Under privacy law, the formation of a human memory (about personally identifiable info such as a person's name or medical condition) is subject to much less regulation than is the creation and storage of a "record". Humans store memories; machines and robots store "records". Privacy law will regulate robots (and red light cameras) very differently from people. Generally, robots will be regulated much more strictly (if present trends in privacy law continue).--Ben
Soon many types of robots will be walking, rolling and flying around us. They will collect information about us and do other things that affect our privacy, our safety and our commercial relationships. Although legislatures will probably enact a raft of laws to regulate them, an abundance of civil law already exists to regulate their behavior. For example, as we humans come in contact with robots, we can form contracts with their owners to limit what they can do or set the rules for interaction.
Legally, we are coming to a conflict between what companies like Phorm say consumers have agreed to give and what consumers say they have agreed to give. Tracking companies like Phorm will say consumers agreed to their terms of service that allow tracking. But consumers can publish their ownprivacy terms of use that legally forbid tracking. [This idea is not legal advice to anyone, just something to think about.]
Under the cited Popular Mechanics article, commentors talk about robots and war crimes. My view: Robotic and cybernetic systems will naturally be designed to keep and report extensive video and other records of their activities. Records can help prevent the commission of crime, and can aid investigation of allegations of crime.
Cybernetic systems like these goggles will raise interesting legal issues. The goggles can record audio. But in states like Pennsylvania and Michigan, it is often illegal to record voice conversations without the prior consent of all parties.
I have previously argued that the owner of a social networking page could post legal "terms of service" to prevent employers or prospective employers from viewing the page. http://hack-igations.blogspot.com/2007/11/privacy-advocates-such-as-nyu-professor.html By the same token, a student might post legal terms of service that forbid a professor or college administrator from observing the content of the page. This idea is privacy by contract. It's not legal advice for anyone (or a substitute for counselling by a lawyer), just something to think about. --Ben
Picture the future. As StCredZero suggests, the unleashing of robots into society will raise privacy and other legal questions. The questions can in part be answered with devices that resemble the end-user license agreements we see on software today. Robot "terms of service" will be one tool for regulating robot bad behavior or unwanted spying. http://hack-igations.blogspot.com/2008/01/robot-surveillance-contracts.html
The owners of robots will be subject to the rule of law, just as owners of guns and airplanes are. Contracts will be one tool for regulating robot bad behavior or unwanted spying and for allocating liability when someone gets hurt.
Slashdot Mirror
As part of a general security program, an information security policy can help to reduce exposure to legal liability for break-ins. . . . However, FTC did punish TJX (unfairly) even though it had a good faith security program. --Ben http://hack-igations.blogspot.com/2008/03/ftc-treats-tjx-unfairly.html
Legally speaking, what is "reasonable security?" FTC fined TJX for not having it, but I disagree. Verizon says 9 of 10 data breaches could have been avoided if reasonable security were present. That implies 9 in 10 breach victims were in violation of law. The study's outlook is that the solution to identity theft is locking down corporate data. But a security consultant/solution provider like this Verizon unit naturally sets a high bar for what is reasonable. And when Verizon evaluates whether reasonable security could have prevented a break-in, it does so with the benefit of hindsight. Yet the study goes on to say that in modern systems knowing where all your data reside is "an extremely complex challenge." In other words, the shere problem of keeping up with the location of data (so you can apply security) is very expensive, and mistakes by data-holders who act in good faith are easy. The reasonable measures expected by FTC and Verizon are extravagantly hard to implement in practice. Hence, the portion of incidents preventable by FTC/Verizon's reasonable procedures is much lower than 90%. We need to focus more attention on other solutions to identity theft. --Ben http://hack-igations.blogspot.com/2008/03/ftc-treats-tjx-unfairly.html
For enterprises, instant messaging raises record retention and e-discovery headaches, just as e-mail does. --Ben http://hack-igations.blogspot.com/2007/11/instant-message-retention-e-discovery.html
It is irresponsible for law and legal practice to bury consumers with an excessive number of data breach notices. The notices happen so frequently that their meaning is diluted. --Ben hack-igations.blogspot.com/2007/12/does-lost-tape-equate-to-lost-data.html
The law of signatures places more emphasis on the ceremonial aspect of signing than on security. --Ben http://hack-igations.blogspot.com/2008/04/text-message-investigations.html
Facebook users do not have to be passive about privacy. To deter employers from viewing social networking pages, employees might post terms of service under which employers agree to scram. This idea should not be taken as legal advice, just something to think about. --Ben http://hack-igations.blogspot.com/2007/11/privacy-advocates-such-as-nyu-professor.html
Maybe patients can bolster privacy by inserting legal terms of access (like an end-user license agreement) into the content of their electronic medical records. The idea is not legal advice, just something to think about. --Ben -- Sample terms for public discussion: http://hack-igations.blogspot.com/2008/02/some-fear-law-will-not-accord-adequate.html
We will come to encounter robots that interact with us in more ways than we can imagine. That interaction will be subject to the rule of law. One method for ruling robots will be legal contracts. --Ben
You and I share lots of common ground! I agree that many (maybe most . . . maybe even the overwhelming majority) of the new digital records technology makes available are for the good, not for the bad. Digital records promote justice and democracy, as well as honesty among public officials and authority figures. My point in the posts above is simply that existing privacy law applies a bunch of regulatory burdens on machines making records about people. As robots become more common, these burdens will be an interesting issue. In my posts above I was simply describing a fact that has not yet been well debated in society. --Ben
Under the law of privacy, there is a big difference between a human memory and a "record". Under privacy law, the formation of a human memory (about personally identifiable info such as a person's name or medical condition) is subject to much less regulation than is the creation and storage of a "record". Humans store memories; machines and robots store "records". Privacy law will regulate robots (and red light cameras) very differently from people. Generally, robots will be regulated much more strictly (if present trends in privacy law continue).--Ben
Robots are information systems. Information systems raise privacy issues.
Soon many types of robots will be walking, rolling and flying around us. They will collect information about us and do other things that affect our privacy, our safety and our commercial relationships. Although legislatures will probably enact a raft of laws to regulate them, an abundance of civil law already exists to regulate their behavior. For example, as we humans come in contact with robots, we can form contracts with their owners to limit what they can do or set the rules for interaction.
Some precedence supports the proposition that an information service can post terms of use that forbid or regulate bots.
Legally, we are coming to a conflict between what companies like Phorm say consumers have agreed to give and what consumers say they have agreed to give. Tracking companies like Phorm will say consumers agreed to their terms of service that allow tracking. But consumers can publish their own privacy terms of use that legally forbid tracking. [This idea is not legal advice to anyone, just something to think about.]
Under the cited Popular Mechanics article, commentors talk about robots and war crimes. My view: Robotic and cybernetic systems will naturally be designed to keep and report extensive video and other records of their activities. Records can help prevent the commission of crime, and can aid investigation of allegations of crime.
While Europeans are coming to view IP address as protected personally identifiable information, they are also inventing more and more legal justifications for collection and use of IP addresses.
Cybernetic systems like these goggles will raise interesting legal issues. The goggles can record audio. But in states like Pennsylvania and Michigan, it is often illegal to record voice conversations without the prior consent of all parties.
Given the law as it stands today, surveillance with T-rays may not be as legally risky as other forms of surveillance. http://hack-igations.blogspot.com/2008/03/robots-as-keepers-of-legal-records.html
Information technology changes the balance of power with authority figures. It levels the playing field. See http://hack-igations.blogspot.com/2007/12/people-in-authority-sometimes-abuse.html
State law already enables individuals to achieve much of what the originator of this thread wants. The state law to which I refer is not constitutional law; it is contract law. See legal arguments at http://hack-igations.blogspot.com/2008/02/some-fear-law-will-not-accord-adequate.html and http://hack-igations.blogspot.com/2007/11/privacy-advocates-such-as-nyu-professor.html
If the robot makes video or audio records of people without getting their consent, the owner could have legal issues. http://hack-igations.blogspot.com/2008/03/robots-as-keepers-of-legal-records.html
If the robots are outfitted with video or audio recorders, then they will be subject to privacy issues. http://hack-igations.blogspot.com/2008/03/robots-as-keepers-of-legal-records.html
I have previously argued that the owner of a social networking page could post legal "terms of service" to prevent employers or prospective employers from viewing the page. http://hack-igations.blogspot.com/2007/11/privacy-advocates-such-as-nyu-professor.html By the same token, a student might post legal terms of service that forbid a professor or college administrator from observing the content of the page. This idea is privacy by contract. It's not legal advice for anyone (or a substitute for counselling by a lawyer), just something to think about. --Ben
Picture the future. As StCredZero suggests, the unleashing of robots into society will raise privacy and other legal questions. The questions can in part be answered with devices that resemble the end-user license agreements we see on software today. Robot "terms of service" will be one tool for regulating robot bad behavior or unwanted spying. http://hack-igations.blogspot.com/2008/01/robot-surveillance-contracts.html
The owners of robots will be subject to the rule of law, just as owners of guns and airplanes are. Contracts will be one tool for regulating robot bad behavior or unwanted spying and for allocating liability when someone gets hurt.