Wanted: Trust Detector: Via Schneier on Security.

It's good to dream:

IARPA's five-year plan aims to design experiments that can measure trust with high certainty -- a tricky proposition for a psychological study. Developing such experimental protocols could prove very useful for assessing levels of trust within one-on-one talks, or even during group interactions.

A second part of the IARPA proposal might involve using new types of sensors and software to gauge human facial, language or body signals that might help predict trustworthiness. Perhaps facial recognition technology that could deduce emotions or facial tics might help, not to mention better lie detectors.

IARPA is the Intelligence Advanced Research Projects Activity, the U.S. intelligence community's answer to DARPA.

Read Original Article:(Via Schneier on Security.)

Medical identity theft strikes 5.8% of U.S. adults: Via Network World at Computerworld Privacy News.

Identity thieves are not only interested in tapping financial resources, but are also after your medical identification data and services.

Medical identity theft typically involves stolen insurance card information, or costs related to medical care and equipment given to others using the victim's name. Roughly 5.8% of American adults have been victimized, according to a new survey from The Ponemon Institute. The cost per victim, on average, is $20,160.

Is your health privacy at risk?

"The National Study on Medical Identity Theft" is based on findings from 156,000 people who agreed to discuss identity theft in general. Among those surveyed, 5.8% provided specific details about how they had been hit by medical ID theft, in particular. [ Read more ... ]

Redefining privacy in the era of personal genomics: Via Ars Technica.

DNA, the storage bank of genetic information for all living organisms, is challenging scientists and policy makers to reconsider the issue of privacy. With the completion of the human genome and advancements in DNA sequencing technologies, a person’s DNA can potentially be tested for risks related to a number of genetic diseases. This progress is promising for personalized medicine, but ethical and policy issues are coming to the forefront as well. After all, can DNA data ever be truly private and anonymous when DNA itself can also act as a unique identifier? [ Read more ... ]

Cell phones show human movement predictable 93% of the time: Via Ars Technica.

We'd like to think of ourselves as dynamic, unpredictable individuals, but according to new research, that's not the case at all. In a study published in last week's Science, researchers looked at customer location data culled from cellular service providers. By looking at how customers moved around, the authors of the study found that it may be possible to predict human movement patterns and location up to 93 percent of the time. These findings may be useful in multiple fields, including city planning, mobile communication resource management, and anticipating the spread of viruses. [ Read more ... ]

Indiscrete web browsers assist de-anonymisation: Via The H Security: News and Features.

A test on browser fingerprinting by the Electronic Frontier Foundation (EFF) has shown how uniquely identifiable a user's browser is on the web. What that test is unable to do is to identify individual users. This, however, is the goal of an experiment by the International Secure Systems Lab (Isec Lab). Originally founded by the Vienna University of Technology (TUV), Isec Lab is now a collaborative venture between TUV, Eurécom and the University of California in Santa Barbara. The test makes use of Xing, a platform widely-used in Europe on which many millions of users have published profiles.
[...] [ Read more ... ]

Facebook Privacy, Security Fears Grow with Social Network Risks: Via Security from eWeek.

According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.

Businesses are growing more concerned about the use of social networks, starting with Facebook.

According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest social networking site. The statistics, which were included in Sophos' "Security Threat Report: 2010" (PDF), revealed that while 33 percent block Facebook for productivity reasons, businesses are also concerned with the prospect of spam, malware and data leakage on social networks. [ Read more ... ]

Future of Privacy Forum Release Behavioral Notices Study: Via Future of Privacy Forum.

Research Shows Transparency and Choice Significantly Increase Acceptance of Behavioral Ads

WASHINGTON – Today, the Future of Privacy Forum (FPF) released the results of a research study which tested the effectiveness of using new icons and key phrases to provide web surfers with more transparency and choice about behavioral advertising practices. FPF launched the notices initiative in May 2009 and partnered with a number of divisions at WPP, the global marketing communications company, to launch a consumer focused effort that would rely on the skill of advertising and communications professionals to engage users about efforts to provide relevant banner advertising. In February 2009, the Federal Trade Commission had expressed concern that privacy policies were not being read or understood, and urged the industry to develop new methods of providing notice to users about behavioral advertising practices.

The two phrases that performed significantly better than others in the 2600 internet user panel were, “Why did I get this ad?” and “Interest based ads.” [ Read more ... ]

Too much info on social media aids ID thieves: Via San Francisco Chronicle.

More than half of adults 45 and older who are on social networks like Facebook could be in danger of becoming victims of identity theft or other crimes because they share too much private information, according to a study released today.

In one example, the study commissioned by a unit of credit reporting services firm Experian found that 14 percent of adults - and 20 percent of those age 60 and over - listed their full home addresses in their social media profiles.

If they then post updates from a trip, that tells thieves "no one is watching your house," said Jennifer Leuer, general manager of Experian's ProtectMyID.com. [ Read more ... ]

Change Blindness: Via Schneier on Security.

Interesting video demonstrating change blindness: the human brain's tendency to ignore major visual changes. The implications for security are pretty serious.

Read Original Article:(Via Schneier on Security.) [ Read more ... ]

Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices: Via Threat Level.

Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIP products open to remote attack. Their administrative interfaces are viewable from anywhere on the internet and their owners have failed to change the manufacturer’s default password.

Linksys routers had the highest percent of vulnerable devices found in the United States — 45 percent of 2,729 routers that were publicly accessible still had a default password in place. Polycom VoIP units came in second, with default passwords lingering on about 29 percent of 585 devices accessible over the internet.

“You can reflash the firmware or install any software you wish on vulnerable devices,” said Salvatore Stolfo, a Columbia University computer science professor who is overseeing the research project aimed at uncovering vulnerable appliances on the internet. “These devices will be owned and used by bot herders and other miscreants.” [ Read more ... ]

Massive Gene Database Planned in California: Via MIT's Technology Review.

The data will be compared against electronic health records and patients' personal information.

Plans for genetic analyses of 100,000 older Californians--the first time genetic data will be generated for such a large and diverse group--will accelerate research into environmental and genetic causes of disease, researchers say.

"This is a force multiplier with respect to genome-wide association studies," says Cathy Schaefer, a research scientist at Kaiser Permanente, a health-care provider based in Oakland, CA, whose patients will be involved. Researchers will be able to study the data and seek insights into the interplay between genes, the environment, and disease, thanks to access to detailed electronic health records, patient surveys, and even records of environmental conditions where the patients live and work.

"The importance of this project is that it will, almost overnight--well, in two years--produce a very large amount of genetic and phenotypic data that a large number of investigators and scientists can begin asking questions of, rather than having to gather data first," Schaefer says. [ Read more ... ]

Project ‘Gaydar’: An MIT experiment raises new questions about online privacy: Via The Boston Globe.

At MIT, an experiment identifies which students are gay, raising new questions about online privacy

It started as a simple term project for an MIT class on ethics and law on the electronic frontier.

Two students partnered up to take on the latest Internet fad: the online social networks that were exploding into the mainstream. With people signing up in droves to reconnect with classmates and old crushes from high school, and even becoming online “friends” with their family members, the two wondered what the online masses were unknowingly telling the world about themselves. The pair weren’t interested in the embarrassing photos or overripe profiles that attract so much consternation from parents and potential employers. Instead, they wondered whether the basic currency of interactions on a social network - the simple act of “friending” someone online - might reveal something a person might rather keep hidden. [ Read more ... ]

Technology Review: Researchers Hijack a Drive-By Botnet: Via MIT's Technology Review.

The team gathered data on compromised pages and the would-be victims.

By infiltrating a criminal computer network aimed at infecting visitors to legitimate websites, university researchers have gained firsthand insight into the scale and scope of so-called "drive-by downloading." They found more than 6,500 websites hosting malicious code that redirected nearly 340,000 visitors to malicious sites.

Drive-by downloading involves hacking into a legitimate site to covertly install malicious software on visitors' machines or redirect them to another site.

In an unpublished paper, researchers at the University of California at Santa Barbara describe a four-month study in which they connected their servers to a collection of compromised computers known as the Mebroot botnet. [ Read more ... ]

Fact Check on FOX News' Misleading PATRIOT Act Reporting: Via EFF.org Updates.

Unfortunately, it appears that the only television news network that's been regularly covering the PATRIOT Act renewal process in Congress has been FOX News, and their coverage has seemed a lot more like pro-PATRIOT propaganda than unbiased news reporting. Fortunately, Julian Sanchez of The Cato Institute has been fact-checking them closely, in this detailed blog post and in this illuminating video: [ Read more ... ]

Andrew Patrick » Identity theft is usually an equal opportunity, unsophisticated crime: Via Andrew Patrick.

Identity theft, the misuse of someone’s personal identity to commit fraud, is a large and growing economic and legal problem. Identity theft has become the most prevalent form of fraud resulting in billions of dollars in losses.

ID theft is often considered a “white-collar” crime because it is committed during the course of normal employment duties (e.g., a bank employee gathering personal information), or the crime does not usually involve any physical harm. Identity thieves are often portrayed as sophisticated computer specialists, hackers, or organized networks. But, is this the reality?

A recent research report by Heith Copes (U Alabama at Birmingham) and Lynne Vieraitis (U Texas at Austin) has shed some light on this issue. [ Read more ... ]

ICANN studies secretive domain owners: Via Network World.

Approximately 15 percent to 25 percent of domain names have been registered in a manner that limits the amount of personal information available to the public through WHOIS queries, according to the preliminary results of a report from ICANN (Internet Corporation for Assigned Names and Numbers).

Domain owners who want to limit the amount of personal information available to the public generally use a privacy or a proxy service. A privacy service lets the registrant limit the amount of personal information available via a search in a WHOIS database, while proxy services register domain names on behalf of registrants. [ Read more ... ]

Americans to Advertisers: Stop spying on me!: Via CDT - PolicyBeta.

Researchers at UC Berkeley and the University of Pennsylvania’s Annenberg School of Communication recently released the results of a large-scale study of consumer attitudes toward behavioral targeting (also known as behavioral advertising). The report’s findings were astonishing in their simplicity: the majority of consumers do not want their information collected and used for the purpose of customizing targeted news or advertisements. Consumers also believe they have the right to access and control information that companies have collected about them.

Study authors reported a number of significant findings. Among them:

If given a choice, 68% of Americans “definitely would not” allow advertisers to follow them online even if their online activities would remain anonymous. 19% “probably” would not allow this tracking. [ Read more ... ]

SSRN-Americans Reject Tailored Advertising and Three Activities that Enable It by Joseph Turow, Jennifer King, Chris Hoofnagle, Amy Bleakley, Michael Hennessy: Via SSRN-Social Science Electronic Publishing.

This nationally representative telephone (wire-line and cell phone) survey explores Americans' opinions about behavioral targeting by marketers, a controversial issue currently before government policymakers. Behavioral targeting involves two types of activities: following users' actions and then tailoring advertisements for the users based on those actions. While privacy advocates have lambasted behavioral targeting for tracking and labeling people in ways they do not know or understand, marketers have defended the practice by insisting it gives Americans what they want: advertisements and other forms of content that are as relevant to their lives as possible. [ Read more ... ]

IT security breaches soar in 2009: Via The Globe and Mail.

Employees within business and government organizations are the fastest-growing threat

Information Technology departments in government and business organizations across Canada have seen the number and cost of security breaches soar this year, and the fastest-growing cause of such breaches is often employees within those organizations, according to a new study released Tuesday.

The 2009 joint study on Canadian IT security practices – conducted by TELUS and the Rotman School of Management at the University of Toronto – surveyed more than 600 Canadian IT security professionals.

According to the study, IT security breaches – everything from viruses to intellectual property theft to abuse by employees – cost the average Canadian organization $834,149 in 2009, almost double the amount reported in last year's study. [ Read more ... ]

Advertising - Two-Thirds of Americans Object to Online Tracking, Study Says: Via NYTimes.com .

ABOUT two-thirds of Americans object to online tracking by advertisers — and that number rises once they learn the different ways marketers are following their online movements, according to a new survey from professors at the University of Pennsylvania and the University of California, Berkeley.

The professors say they believe the study, scheduled for release on Wednesday, is the first independent, nationally representative telephone survey on behavioral advertising. [ Read more ... ]

Online Privacy: Industry Self-Regulation in Practice (Google Tech Talks): Via YouTube :: Videos by googletechtalks.

Online Privacy: Industry Self-Regulation in Practice


Google Tech Talk
September 17, 2009

ABSTRACT

Aleecia M. McDonald will speak about industry self-regulation for online privacy. After a brief overview of how we got here, we will explore the status quo through two studies. First, what is the user burden if people read online privacy policies? How long would it take to do so, and what is the economic value of that time? Second, how well can users understand privacy policies? We evaluated six privacy policies in three different presentation formats and found standardized formats do not help users as much as their proponents might like. Finally, we conclude with an overview of public policy options for online privacy. Bring your ideas, we could have a lively discussion. [ Read more ... ]

NSF Grant: Internet Research and Ethics 2.0: Via michaelzimmer.org.

Congratulations to Elizabeth Buchanan and Charles Ess for being awarded an NSF grant to create a much-needed repository and advisory board to address the challenges that emerging Internet and Web 2.0 platforms are placing on research ethics.

I’m thrilled to be among the senior personnel on this grant, and look forward to the collaboration and results.

Here is the summary of the research project: [ Read more ... ]

Consumers Accept Device Fingerprinting, Study Finds: Via InformationWeek.

To fight online fraud, consumers are warming to the idea of technology that identifies the device they're using

Computer users are willing to accept device profiling if it leads to improved security and less sharing of personal information, according to a study conducted by the Ponemon Institute, an independent privacy research organization.

The study, Online Consumers' Reaction to Device Fingerprinting, was sponsored by ThreatMetrix, a security company that sells device profiling software.

Device profiling involves the analysis of information about an Internet user's hardware, software, and network traffic to identify typical usage patterns and to raise a red flag, if, for instance, the user is suddenly accessing a Web site with a different operating system or from a different country. [ Read more ... ]

SANS: The Top Cyber Security Risks: Via SANS™ Institute .

Two risks dwarf all others, but organizations fail to mitigate them

Featuring attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members.

September 2009

Read Original Article:(Via SANS™ Institute .)