New "Smart Meters" for Energy Use Put Privacy at Risk: Via EFF.org Updates.

The ebb and flow of gas and electricity into your home contains surprisingly detailed information about your daily life. Energy usage data, measured moment by moment, allows the reconstruction of a household's activities: when people wake up, when they come home, when they go on vacation, and maybe even when they take a hot bath.

California's PG&E is currently in the process of installing "smart meters" that will collect this moment by moment data—750 to 3000 data points per month per household—for every energy customer in the state. These meters are aimed at helping consumers monitor and control their energy usage, but right now, the program lacks critical privacy protections.

That's why EFF and other privacy groups filed comments with the California Public Utilities Commission Tuesday, asking for the adoption of strong rules to protect the privacy and security of customers' energy-usage information. Without strong protections, this information can and will be repurposed by interested parties. It's not hard to imagine a divorce lawyer subpoenaing this information, an insurance company interpreting the data in a way that allows it to penalize customers, or criminals intercepting the information to plan a burglary. Marketing companies will also desperately want to access this data to get new intimate new insights into your family's day-to-day routine–not to mention the government, which wants to mine the data for law enforcement and other purposes. [ Read more ... ]

Privacy Protection Needed as Smart Grid Arrives / Groups Urge California PUC to Adopt Rules to Protect Consumer Privacy: Via CDT.

SAN FRANCISCO – Privacy advocates are warning that "smart meters" intended to precisely measure and control home electrical consumption could erode the privacy of daily life unless regulators limit data collection and disclosure. In a joint filing yesterday, the Center for Democracy & Technology (CDT) and the Electronic Frontier Foundation (EFF) urged the California Public Utilities Commission (PUC) to adopt rules to protect the privacy and security of consumers’ energy-usage information. The Samuelson Law, Technology & Public Policy Clinic at UC Berkeley School of Law drafted the comments for CDT.

Joint CDT - EFF Comments to California Public Utilities Commission

More information about privacy and the smart grid

California’s Smart Grid Initiative

Read Original Article:(Via CDT.)

Technology Review: Massive Gene Database Planned in California: Via Technology Review(MIT) .

Plans for genetic analyses of 100,000 older Californians--the first time genetic data will be generated for such a large and diverse group--will accelerate research into environmental and genetic causes of disease, researchers say.

"This is a force multiplier with respect to genome-wide association studies," says Cathy Schaefer, a research scientist at Kaiser Permanente, a health-care provider based in Oakland, CA, whose patients will be involved. Researchers will be able to study the data and seek insights into the interplay between genes, the environment, and disease, thanks to access to detailed electronic health records, patient surveys, and even records of environmental conditions where the patients live and work. [ Read more ... ]

Facebook Adds Application Publisher Controls, But Application Privacy Holes Remain: Via ACLU of Northern California.

Facebook recently announced that it was rolling out tools that would give users more granular control over content posted via third-party applications. More flexible privacy controls are always a welcome step, but this move does not address the privacy flaws with Facebook’s third party application platform that are highlighted by our Facebook Privacy Quiz.  Please sign our petition and demand that Facebook protect your information from third party applications!

[...]

While these more granular controls are a positive step, it is important to remember that they do not address the fact that third party applications on Facebook can, by default, access almost all of the information on a user’s profile [ Read more ... ]

EFF Fights Illegal Search of Cell Phone in Thursday Hearing: Via EFF.org Updates.

Redwood City, Calif. - On Thursday, February 18, at 9:00 a.m., the Electronic Frontier Foundation (EFF) will urge a judge in Redwood City, California, to suppress evidence illegally gathered from an iPhone.

In People v. Taylor, police in Daly City, California, seized the suspect's phone during his arrest. Hours later, investigators searched through the data on the device -- including contacts, called phone numbers, emails, text messages, Internet search history, and photos -- without a search warrant. Police later obtained a search warrant for the phone, based in part on information gathered during the initial illegal search.

In Thursday's hearing, EFF Senior Staff Attorney Marcia Hofmann will ask the court to suppress the illegally gathered evidence and quash the warrant based on that improperly collected information. [ Read more ... ]

EFF Asks Court to Suppress Evidence Illegally Gathered From Password-Protected Phone: Via EFF.org Updates.

Our cell phones aren't just for calls anymore. They hold our address books, our calendars, our emails, and our grocery lists. They may even include things like a list of questions to ask your doctor, pictures of your girlfriend, or URLs of web sites you've visited. When can police search your phone and look at all this information?

That's the question that EFF is asking a court in California to consider. In People v. Taylor, police in Daly City, California seized a suspect's iPhone during his arrest. Hours later, investigators bypassed the password and searched through the data on the device without a search warrant. After the officers realized that the information was too extensive to write down, they finally obtained a warrant to search the phone. [ Read more ... ]

EFF Experts to Speak at FTC Privacy Roundtable: Via EFF.org Updates.

Berkeley, CA - On Thursday, January 28, the Federal Trade Commission (FTC) is hosting a day-long public roundtable in Berkeley, California, exploring the privacy challenges posted by new developments in technology. Three experts from the Electronic Frontier Foundation (EFF) are taking part.

Panels at Thursday's roundtable include "Technology and Privacy," where EFF Staff Technologist Peter Eckersley will discuss the arms race between tracking technologies and privacy-enhancing technologies. Also on the agenda is "Privacy Implications of Mobile Computing" with EFF Senior Staff Attorney Kevin Bankston addressing privacy issues of location-based services and "Technology and Policy" with EFF Senior Staff Attorney Lee Tien discussing how privacy can be designed into new products. Other panels will tackle social networking services and cloud computing.

For more information on attending the roundtable including a full agenda, visit http://www.ftc.gov/bcp/workshops/privacyroundtables/index.shtml [ Read more ... ]

Facebook Privacy in Transition - But Where Is It Heading?: Via ACLU of Northern California.

The next time you log onto Facebook, you'll be thinking about privacy: how private are your photos, friends, status updates, and personal details, and how public do you actually want them to be? 

In response to pressure about its privacy practices, including an ACLU petition signed by over 43,000 concerned Internet users, Facebook has released a new privacy policy, modified its profile and publication privacy controls, and rolled out a "Transition Tool" to guide all 350 million Facebook users through the process of choosing new privacy settings.

To learn more about today's changes and tips on the new privacy controls, visit our resource page, What Does Facebook's Privacy Transition Mean for You? [ Read more ... ]

USA Technologies Attempts to Out Anonymous Online Critics, Runs Into New California Fee Statute: Via EFF.org Updates.

A Pennsylvania publicly-traded company has become the latest corporate entity to use the legal system in an attempt to out an anonymous online critic, and EFF is defending the critic with the help of the First Amendment as well as an important new California statute. USA Technologies, based in Malvern, Pennsylvania, recently filed a federal lawsuit against two Yahoo! message board posters who roundly criticized what they claim is the consistently poor performance of USA Technologies' management. The criticism highlighted plummeting stock prices of the company as well as the high compensation rates for management of the company that has been consistently unprofitable. [ Read more ... ]

“Social Networking: The Challenges of Privacy and Openness” Video: Via CDT - PolicyBeta.

CDT and TRUSTe recently hosted “Social Networking: The Challenges of Privacy and Openness,” a discussion in their continuing Internet Policy Series. A five-minute video recapping the highlights of the event can be found here.

Held on the Google Campus in Mountain View, CA, on Oct. 7, the discussion was moderated by Fred Vogelstein of Wired Magazine and included a potent lineup of speakers: Chris Conley, Technology and Civil Liberties Fellow at ACLU Northern California; David Glazer, Engineering Director at Google and Board member of OpenSocial Foundation; and Tim Sparapani, Director of Public Policy at Facebook.

The speakers discussed the tensions that exist between privacy and openness in a social networking environment that is primarily intended for people to share information.

The discussion touched on trust between users and social networking sites, new definitions of privacy in the social networking world, the continuing evolution of users’ privacy expectations, and the limitations of giving users granular control of their personal information.

Read Original Article:(Via CDT - PolicyBeta.)

Massive Gene Database Planned in California: Via MIT's Technology Review.

The data will be compared against electronic health records and patients' personal information.

Plans for genetic analyses of 100,000 older Californians--the first time genetic data will be generated for such a large and diverse group--will accelerate research into environmental and genetic causes of disease, researchers say.

"This is a force multiplier with respect to genome-wide association studies," says Cathy Schaefer, a research scientist at Kaiser Permanente, a health-care provider based in Oakland, CA, whose patients will be involved. Researchers will be able to study the data and seek insights into the interplay between genes, the environment, and disease, thanks to access to detailed electronic health records, patient surveys, and even records of environmental conditions where the patients live and work.

"The importance of this project is that it will, almost overnight--well, in two years--produce a very large amount of genetic and phenotypic data that a large number of investigators and scientists can begin asking questions of, rather than having to gather data first," Schaefer says. [ Read more ... ]

ACLU Says Extracting DNA From Suspects Unconstitutional: Via Threat Level.

California’s law requiring the authorities to take a DNA sample from every person arrested on felony accusations was challenged in federal court Wednesday as an unconstitutional privacy breach.

A lawsuit (.pdf), filed by the American Civil Liberties Union on behalf of two Californians who were arrested and released, seeks to overturn a voter-approved law that became effective this year. Proposition 69 requires detainees to provide a saliva or sometimes a blood sample upon felony arrest. The sample is stored in state and FBI databases, even if the arrested person is never charged or convicted of a crime.

The challenge, if successful, threatens to derail similar laws in other states. According to DNAResource.com, 10 other states have such statutes. They are Alabama, Alaska, Colorado, Florida, Kansas, Louisiana, North Dakota, South Carolina, South Dakota and Vermont. [ Read more ... ]

Privacy Revolt!: The Emerging Privacy Threat Posed by Smart Meters (and their enormous potential): Via PrivacyRights.org .

There is a critically important debate emerging throughout the country regarding the privacy consequences, implications and challenges that smart grid or smart metering technologies pose and how they can most effectively be addressed.

I delved into this subject quite deeply a few months ago in a post entitled The Privacy Challenges and Implications of a "Smart Grid". Since that time I have become more deeply involved in this issue in hopes of ensuring that the corporate interests seeking to maximize profit are not successful in portraying themselves as environmentally conscious stewards of the planet - and that protecting consumer privacy would somehow threaten this great mission. [ Read more ... ]

Facebook faces (another) challenge over users’ privacy: Via Christian Science Monitor | csmonitor.com .

Five Facebook users this week sued the social networking giant, alleging it improperly used their private information or intellectual property.

As Facebook expands, with 250 million users posting 1 billion pieces of content every week, the site continues to draw sharp criticism from privacy advocates, lawyers, and governments over how it uses the data that members regularly – and often cavalierly – post onto the site.

This week five California Facebook users joined the chorus of critics. In a lawsuit filed Monday, they charge that Facebook – the Web’s dominant social networking ecosystem – unlawfully used their private information or intellectual property without consent.

What’s more, they claim, Facebook is merely a data mining and marketing machine that masquerades as a social networking service. [ Read more ... ]

Another Court Deals Major Blow to DVD Copying: Via Threat Level.

A California appeals court on Wednesday overturned a lower court ruling that had paved the way for a $10,000 DVD copying system called Kaleidescape and other products from the company with the same name.

The 6th District Court of Appeal in San Jose, California, was the second court in two days to rule that companies are bound (.pdf) by the entire Content Scramble System licensing regime, which prevents duplicating DVDs.

A San Francisco federal judge ruled late Tuesday that RealNetworks’ DVD-copying software was a breach of the Content Scramble System license, which is required for DVDs and computers to play DVDs. The license allows DVD players to descramble the encrypted code on a DVD, but the license prohibits the duplication of a DVD. Both RealNetworks and Kaleidescape claimed a loophole in the CSS license allowed the copying of DVDs. [ Read more ... ]

Use of Government Surveillance Cameras Expands in California Without Regulations or Public Debate, Says ACLU Report: SAN FRANCISCO -- California cities are moving quickly to install video surveillance cameras on public streets and plazas without regulations, with little or no public debate, and without an evaluation of their effectiveness, according to an American Civil Liberties Union report released today.

Even though 37 cities have some type of video surveillance program and 10 cities are considering expansive programs, no jurisdiction in California has conducted a comprehensive evaluation of the surveillance cameras' effectiveness, according to a public records survey conducted by the ACLU of Northern California, the ACLU of Southern California and the ACLU of San Diego & Imperial Counties. The ACLU sent Public Records Act requests to a total of 131 jurisdictions statewide and received responses from 119 cities. [ Read more ... ]

ES&S to be Rebuked, Fined and Possibly Banned in CA?: California announced today that it plans to hold an administrative hearing on September 20th to discuss the fate of Election Systems & Software for violating state election codes. ES&S, the top voting machine company in the country, is being accused of selling at least five CA counties a version of its AutoMark ballot marking system that hadn't yet been tested or certified for use in the state or the country.

ES&S apparently sold at least about 1,000 uncertified machines to San Francisco, Marin, Colusa, Solano and Merced counties. (The number of uncertified machines delivered to California was supplied by ES&S to the state; CA officials have yet to conduct their own inventory to determine if more machines are involved.)

Per CA law, ES&S could be fined $10,000 per uncertified voting system unit (or $9.72 million) and be required to give a complete refund to counties of all money spent on the machines -- the latter would amount to about $5 million. [ Read more ... ]

California Police Camera Surveillance Increasing: Editor: Interesting graphic removed. Go to original site for that [...]

Backed by millions in Homeland Security dollars, California law enforcement authorities are quickly expanding video surveillance camera spying in public rights of way, a move the American Civil Liberties Union says is stripping away privacy rights while failing to dent the intended purpose: crime. [ Read more ... ]

E-Voting Certification Gets Security Completely Backward: "The fact that major security vulnerabilities were found in California's electronic voting machines is a testament to how poorly they were designed, not the thoroughness of the analysis. Insecurity is the norm. If any system is ever built completely vulnerability-free, it'll be a first.

Over the past several months, the state of California conducted the most comprehensive security review yet of electronic voting machines. People who I consider to be security experts analyzed machines from three different manufacturers, performing both a red-team attack analysis and a detailed source-code review. Serious flaws were discovered in all machines, and as a result the machines were all decertified for use in California elections. [ Read more ... ]

More California E-Voting Reports Released; More Bad News: "

Yesterday the California Secretary of State released the reports of three source code study teams that analyzed the source code of e-voting systems from Diebold, Hart InterCivic, and Sequoia.

• Diebold systems
• Hart InterCivic systems
• Sequoia systems

All three reports found many serious vulnerabilities. It seems likely that computer viruses could be constructed that could infect any of the three systems, spread between voting machines, and steal votes on the infected machines. All three systems use central tabulators (machines at election headquarters that accumulate ballots and report election results) that can be penetrated without great effort.

It’s hard to convey the magnitude of the problems in a short blog post. You really have read through the reports — the shortest one is 78 pages — to appreciate the sheer volume and diversity of severe vulnerabilities.

It is interesting (at least to me as a computer security guy) to see how often the three companies made similar mistakes. They misuse cryptography in the same ways: using fixed unchangeable keys, using ciphers in ECB mode, using a cyclic redundancy code for data integrity, and so on. Their central tabulators use poorly protected database software. Their code suffers from buffer overflows, integer overflow errors, and format string vulnerabilities. They store votes in a way that compromises the secret ballot. [ Read more ... ]

California Study: Voting Machines Vulnerable; Worse to Come?: "

A major study of three e-voting systems, commissioned by the California Secretary of State’s office, reported Friday that all three had multiple serious vulnerabilities.

The study examined systems from Diebold, Hart InterCivic, and Sequoia; each system included a touch-screen machine, an optical-scan machine, and the associated backend control and tabulation machine. Each system was studied by three teams: a ‘red team’ did a hands-on study of the machines, a ‘source code team’ examined the software source code for the system, and a ‘documentation team’ examined documents associated with the system and its certification. (An additional team studied the accessibility of the three systems — an important topic but beyond the scope of this post.) [ Read more ... ]

CA Alert - Support Privacy Protections in State IDs!: "

A landmark bill that would require tough privacy and security safeguards for Radio Frequency Identification (RFID) tags in state-issued IDs sailed through the California Senate recently on a broad bipartisan vote. It's already over its first hurdle in the Assembly, and, if you live in California, we need your help to push it through. [ Read more ... ]

California Senate Clears Groundbreaking RFID Bill: "

Today, a landmark bill that would require tough privacy and security safeguards for Radio Frequency Identification tags in state-issued IDs sailed through the California Senate on a 33-2 bipartisan vote. [ Read more ... ]

CA Governor Shrinking From REAL ID?: "

While other states are courageously standing up to Congress' misguided national ID mandate, California's Governor Arnold Schwarzenegger is giving his constituents a rather indifferent message.

In response to a constituent's letter (sent through our Action Center) urging California to reject implementation of the REAL ID Act, the Governor's office simply replied: 'The issue you have written about is federal in nature and not under state jurisdiction. We suggest that you contact your United States Senator….' [ Read more ... ]

Department of Homeland Security to Conduct Town Hall Meeting at U.C. Davis May 1 on The Federal Real ID Act: The Department of Homeland Security (DHS) will conduct a national Town Hall meeting from 10 a.m. to 2 p.m., Tuesday, May 1, 2007 on the federal REAL ID Act, at Freeborn Hall on the campus of the University of California, Davis. The meeting is being facilitated by the state Department of Motor Vehicles at DHS' request, and is scheduled to be the nation's only open meeting on REAL ID.

The forum is designed to seek input from a wide range public and private constituencies from California and other states on issues and perspectives as they relate to the proposed REAL ID regulations, in particular California's motoring public, who are most impacted by the Act's licensing requirements. [ Read more ... ]