PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Start with Security: The FTC’s Data Security Guidance

FTC Start with Security 03

Recently, the FTC issued a short guide to what organizations can do to protect data security.  It is called Start with Security  (HTML) — a PDF version is here.  This document provides a very clear and straightforward discussion of 10 good information security measures.  It uses examples from FTC cases.

Continue Reading

Should the FTC Kill the Password? The Case for Better Authentication

title image

Co-authored by Professor Woodrow Hartzog.

Authentication presents one of the greatest security challenges organizations face. How do we accurately ensure that people seeking access to accounts or data are actually whom they say they are? People need to be able to access accounts and data conveniently, and access must often be provided remotely, without being able to see or hear the person seeking access.

Continue Reading

Mr. Robot: My Review of the New TV Series

Mr Robot 01by Daniel J. Solove

I’ve really been enjoying the new TV series Mr. Robot on USA. Network.  It presents highly-engaging depictions of hacking and social engineering, and it is great entertainment for privacy and security  geeks.

Mr Robot 05aThe protagonist is Elliot Alderson (played by Rami Malek), a tech who works at a cybersecurity firm in New York City.  The show is narrated with voiceover by Elliot, and we get a glimpse into the mind of this reclusive and quiet person.  Voiceover can often falter as a technique, but here it works wonderfully — and all the more impressive because Elliot speaks softly, often in monotone.  But Elliot is such a fascinating character and Malek delivers Elliot’s monologue so effectively, that it becomes surprisingly engaging.

Elliot is very smart and clever, and he sees many around him as idiots.  He suffers from severe bouts of depression, is a recluse who wants to be invisible, and he is very awkward around other people.  He lives most of his life inside his head.  The show presents the stark contrast between what he says to others and what he is thinking.  In one scene, we see him speaking to his psychiatrist, telling her hardly anything.  But we hear his thoughts and know that he is pondering quite a lot.
Continue Reading

Troublesome Password Practices and the Need for Data Security Training

login password on lcd screen macro

By Daniel J. Solove

A recent study by TeleSign revealed that many people engage in some troublesome password practices. Some of the most alarming findings from the report include:

— 73% of accounts use duplicate passwords.

— Nearly half of consumers have a password they haven’t changed in 5+ years

— “Consumers have an average of 24 online accounts, but use only 6 unique passwords.”

— “Only 30 percent of consumers are confident that their passwords will protect the security of their online accounts.”

These findings demonstrate why better authentication is needed. Enforcing good password practices is tremendously difficult. People have so many passwords that they must memorize, and if they must be long and complex, this compounds the challenge.  Alternative means of authentication — such as two-factor authentication — should be explored, as they can be affordable and efficient.

Continue Reading

Facebook Privacy Sherpas, the Internet of Things, and Other Privacy + Security Updates

p+s update image

By Daniel J. Solove and Paul M. Schwartz

This post is co-authored with Professor Paul M. Schwartz.

This post is part of a post series where we round up some of the interesting news and resources we’re finding.

For a PDF version of this post, and for archived issues of previous posts, click here.

Continue Reading