Wednesday, March 31, 2010
Tuesday, March 30, 2010
Mad as Hell...
This case of Phoebe Prince's harassment and the school's failure to respond to reports and witnessing of the harassment is troubling. It is also my new passion. I always defend schools, often forced to do Herculean tasks with minimsule budgets. But all evidence points to the fact that the school knew and did nothing to stop the harassment of this young teen.
Schools need ot know what to do, before we can blame them. But I understand that they had brought in Barbara Collaruso to advise them and do assemblies. They should have known what to do. Is it the popularity and the athletic success of the students charged with the harassment that kept them from acting?
The DA is doing a terrific job so far. She approached this using the latest methods of charging cyberbullying and bullying, civil rights claims, as well as those traditionally used. She is serious and it shows. I understand that she and many of the state police investigators had attended South Hadley schools when they were younger. I support her in approaching this. It is hard and troublesome. People will criticize her form both sides. But, as I learned in law school - if both sides are unhappy, you're probably being fair.
my 2 cents
Parry
Schools need ot know what to do, before we can blame them. But I understand that they had brought in Barbara Collaruso to advise them and do assemblies. They should have known what to do. Is it the popularity and the athletic success of the students charged with the harassment that kept them from acting?
The DA is doing a terrific job so far. She approached this using the latest methods of charging cyberbullying and bullying, civil rights claims, as well as those traditionally used. She is serious and it shows. I understand that she and many of the state police investigators had attended South Hadley schools when they were younger. I support her in approaching this. It is hard and troublesome. People will criticize her form both sides. But, as I learned in law school - if both sides are unhappy, you're probably being fair.
my 2 cents
Parry
Monday, March 29, 2010
Sunday, March 28, 2010
Saturday, March 27, 2010
South Florida - Broward, Palm Beach and Miami-Dade breaking news, sports, weather, traffic, hurricane coverage, restaurants, jobs, real estate, classifieds and consumer help -- South Florida Sun-Sentinel.com
South Florida - Broward, Palm Beach and Miami-Dade breaking news, sports, weather, traffic, hurricane coverage, restaurants, jobs, real estate, classifieds and consumer help -- South Florida Sun-Sentinel.commpther speak about her daughter's attack. gag order in effect on sheriff and defense counsel
Classmates at Deerfield Beach High School show sympathy for beating suspect - Sun Sentinel
Classmates at Deerfield Beach High School show sympathy for beating suspect - Sun Sentinelteen attacked after she sent text messages to a boy telling him he shouldn't be seeing her thirteen yr old friend and disparaging him and his familt - referencing his brother's suicide. Teen in critical condition.
Thursday, March 25, 2010
Social Networking: Be Careful What You Share - ABC News
Social Networking: Be Careful What You Share - ABC NewsParry talks about real life security risks of bloggin, tweeting or statusing too much.
Sunday, March 21, 2010
The Teaser – amFIX - CNN.com Blogs
The Teaser – amFIX - CNN.com BlogsParry and Law Professor discuss sexting law
Lawmakers Propose New Sexting Law For Ohio - Cincinnati breaking news, weather radar, traffic from 9News | Channel 9 WCPO.com
Lawmakers Propose New Sexting Law For Ohio - Cincinnati breaking news, weather radar, traffic from 9News | Channel 9 WCPO.comOhio has proposed a new approach to sexting cases. Parry Aftab supports the Ohio approach.
About.com: http://www.upi.com/Top_News/2009/04/01/Lawyer-wants-federal-sexting-law/UPI-79331238644351/
About.com: http://www.upi.com/Top_News/2009/04/01/Lawyer-wants-federal-sexting-law/UPI-79331238644351/Parry Aftab seeks common sense when consensual sexting is discovered but not used ot harass the person in the image.
US 3rd Circuit Ct of Appeals rules against prosecutor in sexting cases
to read the decision: http://www.ca3.uscourts.gov/opinarch/092144p.pdf
Parry Aftab to appear on CNN International March 22nd at 1:15pm est to discuss censorship online
What is the right role for governments when it comes to controlling information among their citizens? Is China's stance reasonable or realistic? Is Google's response to China's actions reasonable or effective?
Parry Aftab to appear on American Morning CNN 6:30am March 22nd on sexting and sexual exploitation laws
I have worked in this area for years and years, ever since 1995. The first sexting case I was aware of occurred in 1998, before cell phones could take or transmit images. We called it "sexing" in the days before cell phones and the term coined to combine sex and texting. A young teen in NY took a sexual video of herself and gave it to a boy she liked. He shared it with the world.
Now, as MTV and Associated Press polls show that 2/3's of sexting is coerced, and those involved in sexting are 4 times more likely to contemplate suicide, we have to make this a priority.
But how do we advised policymakers? Do we ask them to decriminalize all creation, sharing or possession of images that legally constitute child pornography? If not, what do we want them to do?
Sexting that occurs consensually between teens who are involved can be treated like consensual teen sex with another teen, by amending the child pornography laws to match the statutory rape exemptions for consensual teen to teen sex. But what about those who maliciously spread the images to others, either to get revenge for the teen in the image breaking up with them, or because they want to ruin the reputation of the teen in the image.
In Canada they give limited immunity for the teens involved in the taking and initial sharing of the image, those making up the intimate relationship. Once it moves beyond them, it becomes criminal.
But not all sexting is consensual. A ten year old I know was extorted into taking a sexual image for a few thirteen year olds, threatened with sexual assault if she didn't comply. That's not sexting. That is aggravated sexual assault.
Lawyers do this all the time, so do policymakers. We look at a problem and craft a solution when laws are needed. We can set parameters and help prosecutors understand when community service is best, or counsling is needed, or the teen being charged needs to be treated as a criminal.
Some people think that we shouldn't be ciminalizing "dumb" behavior by teens. But we do all the time. If the drink and drive, it's "dumb" and criminal. If they steal, use a weapon, sell drugs, etc. it's a crime.
What we need to do is remind them of this. Education, awareness, peer-advisors, getting the cell phone companies involved, the digital video and still camera companies involved and the online providers involved...they are all crucial. We need to train prosecutors, judges, law enforcement, etc.
We need to support programs such as MTV's athinline.org campaign. We need to join forces. WiredSafety, the charity I run, has created a coalition called the Stop Cyberbullying Coalition. It handles all aspects of cyberbullying, including sextbullying (when teens spread the images to hurt someone). Our KID team, "kids in danger" team will continue its 15 year quest to stop sexual exploitation of minors.
It isn't justice when one case results in a teen going to jail or having to register as a sex offender for 40+ years, while the same set of facts results in a slap pon the wrist somewhere else. So, we need ot chage the laws. But "decriminalizing" sexting as a blanket policy without looking at the circumstances, whether the actions were predatory, malicious or purely consensual isn't the way. Careful, thoughtful, smart people need to joint forces to find the right way. No kneejerk reactions. But creating exemptions to the law that allow for community service, mandated counseling or no charges under the right circumstances, while giving law enforcement the tools to stop predatory, threatening and true sexual exploitation is.
My 5 sexting tips for teens:
1. If you receive a sexual image of a minor, even if you know them, delete it.
2. Don't take an image you don't want your parents, the police, your principal or a predator to see.
3. What you post online stays online together.
4. If you think what you store on your cell phone is private and no one can access it - think again. How carefully do you guiard it? Do others ever use it? Are you sure your kid brother or your parents aren't "checking things out"?
5. If you love him, bake him cookies, don't send him a sext. And if you love her, don't ask for one.
Now, as MTV and Associated Press polls show that 2/3's of sexting is coerced, and those involved in sexting are 4 times more likely to contemplate suicide, we have to make this a priority.
But how do we advised policymakers? Do we ask them to decriminalize all creation, sharing or possession of images that legally constitute child pornography? If not, what do we want them to do?
Sexting that occurs consensually between teens who are involved can be treated like consensual teen sex with another teen, by amending the child pornography laws to match the statutory rape exemptions for consensual teen to teen sex. But what about those who maliciously spread the images to others, either to get revenge for the teen in the image breaking up with them, or because they want to ruin the reputation of the teen in the image.
In Canada they give limited immunity for the teens involved in the taking and initial sharing of the image, those making up the intimate relationship. Once it moves beyond them, it becomes criminal.
But not all sexting is consensual. A ten year old I know was extorted into taking a sexual image for a few thirteen year olds, threatened with sexual assault if she didn't comply. That's not sexting. That is aggravated sexual assault.
Lawyers do this all the time, so do policymakers. We look at a problem and craft a solution when laws are needed. We can set parameters and help prosecutors understand when community service is best, or counsling is needed, or the teen being charged needs to be treated as a criminal.
Some people think that we shouldn't be ciminalizing "dumb" behavior by teens. But we do all the time. If the drink and drive, it's "dumb" and criminal. If they steal, use a weapon, sell drugs, etc. it's a crime.
What we need to do is remind them of this. Education, awareness, peer-advisors, getting the cell phone companies involved, the digital video and still camera companies involved and the online providers involved...they are all crucial. We need to train prosecutors, judges, law enforcement, etc.
We need to support programs such as MTV's athinline.org campaign. We need to join forces. WiredSafety, the charity I run, has created a coalition called the Stop Cyberbullying Coalition. It handles all aspects of cyberbullying, including sextbullying (when teens spread the images to hurt someone). Our KID team, "kids in danger" team will continue its 15 year quest to stop sexual exploitation of minors.
It isn't justice when one case results in a teen going to jail or having to register as a sex offender for 40+ years, while the same set of facts results in a slap pon the wrist somewhere else. So, we need ot chage the laws. But "decriminalizing" sexting as a blanket policy without looking at the circumstances, whether the actions were predatory, malicious or purely consensual isn't the way. Careful, thoughtful, smart people need to joint forces to find the right way. No kneejerk reactions. But creating exemptions to the law that allow for community service, mandated counseling or no charges under the right circumstances, while giving law enforcement the tools to stop predatory, threatening and true sexual exploitation is.
My 5 sexting tips for teens:
1. If you receive a sexual image of a minor, even if you know them, delete it.
2. Don't take an image you don't want your parents, the police, your principal or a predator to see.
3. What you post online stays online together.
4. If you think what you store on your cell phone is private and no one can access it - think again. How carefully do you guiard it? Do others ever use it? Are you sure your kid brother or your parents aren't "checking things out"?
5. If you love him, bake him cookies, don't send him a sext. And if you love her, don't ask for one.
Saturday, March 20, 2010
Peeved Facebook Might Sue Brit Tabloid Over '14-Year-Old Girl' Headline Chaser
Peeved Facebook Might Sue Brit Tabloid Over '14-Year-Old Girl' Headline ChaserToo often journalists and others are looking to hype sitations. It sells papers and can get someone to "stay tuned." But when there are real risks to teens online, this headline was inexcusable. They used Facebook's name to get attention when it had nothing to do with the "investigation" this journalist conducted.
The problem? For this journalist, it's doing it form the UK where defamation laws are much stiffer than in the US. I hope Facebook does sue.
The problem? For this journalist, it's doing it form the UK where defamation laws are much stiffer than in the US. I hope Facebook does sue.
California Court Rules Cyber-Bullying Is Not Free Speech
California Court Rules Cyber-Bullying Is Not Free SpeechCyberbullying may prove costly to these kids and their parents. Private law suit by student who had been tormented online was allowed to continue, as the court ruled free speech is not a defense to harassment.
Friday, March 19, 2010
Facebook stands up to UK.gov's cyberbullying • The Register
Facebook stands up to UK.gov;s cyberbullying • The RegisterThis article articulates the issue better than I can. While I applaude the work CEOP does in tracking down and making sure sexual predators are arrested, when it comes to cybersafety there is not one voice, but many. The "panic" button, isn't a panic button at all. It links to cybersafety resources. It turns out that Ashleigh held most of her communications with her murderer on MSN, not Facebook. And MSN has the "panic" button. That ends the fingerpointing, hopefully.
Facebook has extensive reporting processes and report abuse buttons and trained professionals who receive those reports. I am not sure why one organization, even one as well respected as CEOP, should monopolize reporting and cybersafety messaging when Facebook already works with most leading experts in this field, including CEOP.
I suspect it has something to do with UK budget cuts and the need to remind people how important organizations such as CEOP can be. But that is a valid message in itself. Trying to strongarm Facebook in this poor teen's name isn't the right way to approach this.
my 2 cents,
Parry
Facebook has extensive reporting processes and report abuse buttons and trained professionals who receive those reports. I am not sure why one organization, even one as well respected as CEOP, should monopolize reporting and cybersafety messaging when Facebook already works with most leading experts in this field, including CEOP.
I suspect it has something to do with UK budget cuts and the need to remind people how important organizations such as CEOP can be. But that is a valid message in itself. Trying to strongarm Facebook in this poor teen's name isn't the right way to approach this.
my 2 cents,
Parry
Wednesday, March 17, 2010
FTC Privacy Briefings - Sensitive Data Parry Aftab to Join FTC Panel today
What is “sensitive data?”
“Sensitive Data” categorically includes but is not limited to data related to an individual’s health or medical condition, sexual behavior or orientation, or detailed personal finances, information that appears to relate to children under 13, racial or ethnic origin, political opinions, religious or philosophical opinions or beliefs and trade union membership.
Four common ways in which sensitive data is exposed
The first three listed are far less prevalent, combined, than the fourth.
1. Intrusion
• Intruders gain access to data through a weakness in the computer system or poor digital hygiene allowing access to computers, desktop and wireless devices
2. Phishing
• Involves a method of extracting sensitive data from unsuspecting individuals through fraudulent emails and communications from seemingly reputable companies and organizations
• Intruders obtain sensitive data by posing as representatives of a legitimate company or organization
3. Social Engineering
• Involves gathering public information that can be gleaned from social networks, online services and community sites, including games, and offline legal sources and combining it in such a way as to understand sensitive and otherwise personal information through de-anonymizing data.
4. Voluntary Sharing of PII
• Online community network users share a tremendous amount of PII all at once or in small portions with the public or with a broad user group
• Some is intentional, while others are shared through poor digital hygiene and failure to use privacy settings or the lack of privacy settings
• This information can be direct disclosure or available through profiling the user’s preferences, groups and surfing patterns, much of which is made publicly available by the user him or herself
• Children are often the source of public disclosures of sensitive data, not only about themselves, but about their friends and family. They may do this intentionally, to harass or torment the person whose information is being disclosed or they may do it without realizing the harm
• Some information is shared, unwittingly, by adults and businesses when disclosing communications, employee information and other sensitive data. In addition, adults, as well as children, share personal information about others either intentionally to harm them or without realizing the harm
Differing definitions of “sensitive data”
There has been a difference in what “sensitive data” means among marketers and privacy advocates in the current push to regulate online advertising. For the most part, the government has had a hands-off approach toward online marketing, giving companies relatively free rein in how they use tools that track what people do online and then use the data gathered to deliver tailored marketing messages.
On July 2, 2009, advertising/marketing industry groups proposed a set of guidelines for self-regulation (http://www.ana.net/news/content/1801) in which they proposed the following definition of “sensitive data”:
The Principle calls for entities not to collect financial account numbers, Social Security numbers, pharmaceutical prescriptions, or medical records about specific individuals for Online Behavioral Advertising purposes without Consent.
However, Pam Dixon of the World Privacy Forum argued that the definition was too broad and proposed this definition of “sensitive data”:
Advertisers should not collect, use, disclose, or otherwise process personally identifiable information about health, financial activities, sexual behavior or sexual orientation, social security numbers, insurance numbers, or any government-issued ID numbers for targeting or marketing.
The government has not yet shaped any regulation but should it do so, it will likely turn to the FTC to negotiate a compromise definition. The FTC is currently engaging in a series of roundtables focusing on privacy and behavioral advertising.
At the FTC's December 2009 privacy roundtable, panelists raised concerns that collection and third party use of browsing data invades private space by:
1. revealing a user's innermost thoughts, such as a search history that reflect a user's explorations of his sexual identity
2. taking away a user's control over her identity, such as by broadcasting compromising photos of a user at a Cancun Spring Break party to a potential employer
3. revealing sensitive identity or financial information that can be misused by third parties to perpetrate fraud
4. or intruding on a user's seclusion by serving targeted ads during a browsing session that reveal that outsiders are listening in.
These closely track the common law privacy rights available in several states. These include:
1. Intrusion on seclusion;
2. False light (true facts combined in such a way to lead other to a false conclusion);
3. Public disclosure of private facts; and
4. Right of publicity (or identity)
They were always recognized as the core privacy rights because of the likelihood of harm caused by their violation. They are a good place to start when considering sensitive data classifications and its treatment.
Parry Aftab, a privacy lawyer and Executive Director of the cybersafety charity, WiredSafety, identifies sensitive data in two different ways. She identifies sensitive data as “kids, cash and kidneys” meaning the three categories of data regulated within the US – children’s data, financial data and health data which data is most commonly abused commercially.
She also identifies sensitive data as relating to vulnerable groups whose data is most commonly abused by individuals in harassment, reputational attacks and in provocation of physical harm. These include gays, lesbians, bi-sexuals and trans-sexuals, victims of crime, medical patients and those with special medical or addiction issues, mental health patients or those suffering from mental health issues, those with special needs and physically- or mentally-challenged and disabled, children, religious and ethnic groups, racial and nationality classifications, litigants and those within the criminal justice system and, in certain cases, senior citizens.
In the former case, regulations already exist to handle the increased risk of disclosure of this information. However, individuals often carelessly or intentionally disclose this information about themselves and others. Once shared, that information is often gathered and used in social engineering, targeted marketing and in building dossiers for multiple purposes. The law typically only protects against the first disclosure and allows consensual disclosure that removes the information form special legal protection.
Vulnerable groups often do not understand their vulnerability online. They often seek support and help online in public forums, or forums that can be easily accessed by third parties. They tend to be less security savvy online and far more trusting of individuals and networks. They either do not use privacy settings, or use them ineffectively. And their information can be gathered, combined with offline and other online data to create risk-profiles or used by stalkers, harassers and hate groups to provoke them online and offline. Physical assaults, crimes against their persons or property and reputational attacks are common.
Aftab’s Socially Safe Seal™, offered through her new risk-management consulting firm, WiredTrust, requires seal holders to create special processes and policies to handle both sensitive data and better protect the vulnerable groups. Her holistic approach includes education, user tutorials and help and specially trained moderators and customer service professionals, and involves the charity, the consulting firm and industry working together to create awareness and implement the best practice standards she has developed over the years.
Sensitive Data & P2P Networks
Also, with the prominence of peer-to-peer network usage these days, the FTC has found that sensitive data such as financial records, SSNs, and driver’s license numbers are now becoming more available on various P2P networks. This happens when private and confidential files are mistakenly shared in “shared file” locations on an individual’s or company’s computer. WiredSafety has repeatedly conducted tests and found that income tax returns, credit applications and passwords and account information for online banking are inadvertently posted and shared through the P2P networks. Often these are shared inadvertently by preteens and teens who use these networks to download and share music, movies and online games on the family computer.
The FTC said that sensitive data about customers and employees have been shared from computer networks in over 100 firms and organizations to virtually anybody in the world connected to the Internet and P2P networks. However, this isn’t to suggest that rampant identity theft hacking is occurring, but merely that some cluelessness and carelessness among workers with access to this sort of data may be to blame.
In response to this, the FTC has released new educational materials to private and public entities explaining the risks of using P2P networks and suggestions on how to manage their use such as making sure that no unauthorized P2P programs can be downloaded and accessed and properly configuring and securing P2P programs that are authorized. WiredSafety has created its own educational programs on this and related issues, and posts an extensive library of resources on its WiredSafety.org and other websites.
Should All Sensitive Data Be Treated The Same?
Recent discussions have been conducted on whether all sensitive data should be treated the same. In particular, whether location information should be given the same privacy protections as medical data.
John Morris, general counsel for the Center for Democracy & Technology, at a recent Congressional hearing (The Collection and Use of Location Information for Commercial Purposes), express support that “location be treated as sensitive data, like medical data” given the meteoric rise in location based services and associated geolocation data. Morris goes on to testify that such location-based technology should be regulated by the FTC.
Many users have expressed concerns about their location being exposed in ways they don’t control and in effect, adversely impacting their safety and freedom. However, others believe that treating location data like medical data will only shroud it in complete privacy and present a detriment to the location service ecosystem. In addition, with GPS built-into most cell phones and many computers and games and other social networks using location to help pair users and locate on-the-ground stores, services and points of interest, how desirable is it to block access to and use of location data?
“Sensitive Data” categorically includes but is not limited to data related to an individual’s health or medical condition, sexual behavior or orientation, or detailed personal finances, information that appears to relate to children under 13, racial or ethnic origin, political opinions, religious or philosophical opinions or beliefs and trade union membership.
Four common ways in which sensitive data is exposed
The first three listed are far less prevalent, combined, than the fourth.
1. Intrusion
• Intruders gain access to data through a weakness in the computer system or poor digital hygiene allowing access to computers, desktop and wireless devices
2. Phishing
• Involves a method of extracting sensitive data from unsuspecting individuals through fraudulent emails and communications from seemingly reputable companies and organizations
• Intruders obtain sensitive data by posing as representatives of a legitimate company or organization
3. Social Engineering
• Involves gathering public information that can be gleaned from social networks, online services and community sites, including games, and offline legal sources and combining it in such a way as to understand sensitive and otherwise personal information through de-anonymizing data.
4. Voluntary Sharing of PII
• Online community network users share a tremendous amount of PII all at once or in small portions with the public or with a broad user group
• Some is intentional, while others are shared through poor digital hygiene and failure to use privacy settings or the lack of privacy settings
• This information can be direct disclosure or available through profiling the user’s preferences, groups and surfing patterns, much of which is made publicly available by the user him or herself
• Children are often the source of public disclosures of sensitive data, not only about themselves, but about their friends and family. They may do this intentionally, to harass or torment the person whose information is being disclosed or they may do it without realizing the harm
• Some information is shared, unwittingly, by adults and businesses when disclosing communications, employee information and other sensitive data. In addition, adults, as well as children, share personal information about others either intentionally to harm them or without realizing the harm
Differing definitions of “sensitive data”
There has been a difference in what “sensitive data” means among marketers and privacy advocates in the current push to regulate online advertising. For the most part, the government has had a hands-off approach toward online marketing, giving companies relatively free rein in how they use tools that track what people do online and then use the data gathered to deliver tailored marketing messages.
On July 2, 2009, advertising/marketing industry groups proposed a set of guidelines for self-regulation (http://www.ana.net/news/content/1801) in which they proposed the following definition of “sensitive data”:
The Principle calls for entities not to collect financial account numbers, Social Security numbers, pharmaceutical prescriptions, or medical records about specific individuals for Online Behavioral Advertising purposes without Consent.
However, Pam Dixon of the World Privacy Forum argued that the definition was too broad and proposed this definition of “sensitive data”:
Advertisers should not collect, use, disclose, or otherwise process personally identifiable information about health, financial activities, sexual behavior or sexual orientation, social security numbers, insurance numbers, or any government-issued ID numbers for targeting or marketing.
The government has not yet shaped any regulation but should it do so, it will likely turn to the FTC to negotiate a compromise definition. The FTC is currently engaging in a series of roundtables focusing on privacy and behavioral advertising.
At the FTC's December 2009 privacy roundtable, panelists raised concerns that collection and third party use of browsing data invades private space by:
1. revealing a user's innermost thoughts, such as a search history that reflect a user's explorations of his sexual identity
2. taking away a user's control over her identity, such as by broadcasting compromising photos of a user at a Cancun Spring Break party to a potential employer
3. revealing sensitive identity or financial information that can be misused by third parties to perpetrate fraud
4. or intruding on a user's seclusion by serving targeted ads during a browsing session that reveal that outsiders are listening in.
These closely track the common law privacy rights available in several states. These include:
1. Intrusion on seclusion;
2. False light (true facts combined in such a way to lead other to a false conclusion);
3. Public disclosure of private facts; and
4. Right of publicity (or identity)
They were always recognized as the core privacy rights because of the likelihood of harm caused by their violation. They are a good place to start when considering sensitive data classifications and its treatment.
Parry Aftab, a privacy lawyer and Executive Director of the cybersafety charity, WiredSafety, identifies sensitive data in two different ways. She identifies sensitive data as “kids, cash and kidneys” meaning the three categories of data regulated within the US – children’s data, financial data and health data which data is most commonly abused commercially.
She also identifies sensitive data as relating to vulnerable groups whose data is most commonly abused by individuals in harassment, reputational attacks and in provocation of physical harm. These include gays, lesbians, bi-sexuals and trans-sexuals, victims of crime, medical patients and those with special medical or addiction issues, mental health patients or those suffering from mental health issues, those with special needs and physically- or mentally-challenged and disabled, children, religious and ethnic groups, racial and nationality classifications, litigants and those within the criminal justice system and, in certain cases, senior citizens.
In the former case, regulations already exist to handle the increased risk of disclosure of this information. However, individuals often carelessly or intentionally disclose this information about themselves and others. Once shared, that information is often gathered and used in social engineering, targeted marketing and in building dossiers for multiple purposes. The law typically only protects against the first disclosure and allows consensual disclosure that removes the information form special legal protection.
Vulnerable groups often do not understand their vulnerability online. They often seek support and help online in public forums, or forums that can be easily accessed by third parties. They tend to be less security savvy online and far more trusting of individuals and networks. They either do not use privacy settings, or use them ineffectively. And their information can be gathered, combined with offline and other online data to create risk-profiles or used by stalkers, harassers and hate groups to provoke them online and offline. Physical assaults, crimes against their persons or property and reputational attacks are common.
Aftab’s Socially Safe Seal™, offered through her new risk-management consulting firm, WiredTrust, requires seal holders to create special processes and policies to handle both sensitive data and better protect the vulnerable groups. Her holistic approach includes education, user tutorials and help and specially trained moderators and customer service professionals, and involves the charity, the consulting firm and industry working together to create awareness and implement the best practice standards she has developed over the years.
Sensitive Data & P2P Networks
Also, with the prominence of peer-to-peer network usage these days, the FTC has found that sensitive data such as financial records, SSNs, and driver’s license numbers are now becoming more available on various P2P networks. This happens when private and confidential files are mistakenly shared in “shared file” locations on an individual’s or company’s computer. WiredSafety has repeatedly conducted tests and found that income tax returns, credit applications and passwords and account information for online banking are inadvertently posted and shared through the P2P networks. Often these are shared inadvertently by preteens and teens who use these networks to download and share music, movies and online games on the family computer.
The FTC said that sensitive data about customers and employees have been shared from computer networks in over 100 firms and organizations to virtually anybody in the world connected to the Internet and P2P networks. However, this isn’t to suggest that rampant identity theft hacking is occurring, but merely that some cluelessness and carelessness among workers with access to this sort of data may be to blame.
In response to this, the FTC has released new educational materials to private and public entities explaining the risks of using P2P networks and suggestions on how to manage their use such as making sure that no unauthorized P2P programs can be downloaded and accessed and properly configuring and securing P2P programs that are authorized. WiredSafety has created its own educational programs on this and related issues, and posts an extensive library of resources on its WiredSafety.org and other websites.
Should All Sensitive Data Be Treated The Same?
Recent discussions have been conducted on whether all sensitive data should be treated the same. In particular, whether location information should be given the same privacy protections as medical data.
John Morris, general counsel for the Center for Democracy & Technology, at a recent Congressional hearing (The Collection and Use of Location Information for Commercial Purposes), express support that “location be treated as sensitive data, like medical data” given the meteoric rise in location based services and associated geolocation data. Morris goes on to testify that such location-based technology should be regulated by the FTC.
Many users have expressed concerns about their location being exposed in ways they don’t control and in effect, adversely impacting their safety and freedom. However, others believe that treating location data like medical data will only shroud it in complete privacy and present a detriment to the location service ecosystem. In addition, with GPS built-into most cell phones and many computers and games and other social networks using location to help pair users and locate on-the-ground stores, services and points of interest, how desirable is it to block access to and use of location data?
Monday, March 15, 2010
SP0649, LD 1677, item 1, An Act To Protect Minors from Pharmaceutical Marketing Practices
SP0649, LD 1677, item 1, An Act To Protect Minors from Pharmaceutical Marketing PracticesWhen Maine adopted a law last year designed to prevent marketing to minors, it quickly came under attack from all sides. It was overly broad and didn't accomplish its intended purpose. After repeal, the law is back but defined to reach pharmaceutical marketing to minors only, and "minors" is defined to be at least 13, but under 17.
Thursday, March 11, 2010
A Cat Mask Won't Save You: Chatroulette Map Exposes Your Location
A Cat Mask Won't Save You: Chatroulette Map Exposes Your LocationIt only gets worse. but note that, unless you are a school or large corporation with your own static IP address, this mapping will not be accurate. it will map to your ISPs node location, not yours. But it may be within a 20 mile range of where you are connecting. the largest risk is what you share on webcam. you can give out your telephone number, address or email, or pose in the nude, or torture kittens, but getting a rough sense of where you are in the world takes away some of the perceived anonymity.
think about it!
think about it!
Wednesday, March 10, 2010
Check out this great MSN Video: Rapist ‘friended’ victim on Facebook
Check out this great MSN Video: Rapist ‘friended’ victim on FacebookI know this case is devastating and it should be a reminder that Internet sexual predators are real and are looking for our kids. But this can be avoided. No offline meeting is completely safe, no matter how old we are. If you insist on meeting someone in real life that you only know online, go with lots of friends, adult and preferably sumo wrestlers. Report creeps you encounter online so help save the next person who may not know as much as you do. Use privacy settings and carefully select friends.
This tragic death could have been avoided.
Let's try and do what we can to make sure it doesn't happen again on our watch.
Parry
This tragic death could have been avoided.
Let's try and do what we can to make sure it doesn't happen again on our watch.
Parry
Internet companies under fire in cyber-bullying cases: Google execs convicted in Italy over video
Internet companies under fire in cyber-bullying cases: Google execs convicted in Italy over videoInternet companies are facing liavility internationally for what their users post online. While I expect and hope this conviction will be overturned, it reflects a growing concern that there is no one that can be held liable when things go wrong online.
Tuesday, March 09, 2010
Facebook fears after sex offender logged on to murder - Crime, UK - The Independent
Facebook fears after sex offender logged on to murder - Crime, UK - The IndependentPeople shouldn't be afraid, they should be informed and use common sense to stay safe.
Sunday, March 07, 2010
Saturday, March 06, 2010
Wednesday, March 03, 2010
Tuesday, March 02, 2010
Subscribe to:
Posts (Atom)