PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The M.D. Anderson Case and the Future of HIPAA Enforcement

HIPAA Enforcement MD Anderson Case 02

The U.S. Court of Appeals for the 5th Circuit just issued a blistering attack on HIPAA enforcement by the U.S. Department of Health and Human Services (HHS). In University of Texas M.D. Anderson Cancer v. Department of Health and Human Services (No. 19-60226, Jan. 14, 2021), the 5th Circuit struck down a fine and enforcement […]

The Mail Machine Ate My Thumb Drive

USB zDrive - Thumb Drive

In the annals of what must be one of the most ridiculous data security incidents, a law firm employee sent a client file on an unencrypted thumb drive in the mail.  The file contained Social Security information and other financial data. Seriously? The envelope arrived without the USB drive. The firm contacted the post office. […]

The Funniest Password Recovery Questions and Why Even These Don’t Work

Passwords

  A recent article in Wired argues that it is time to kill password recovery questions. Password recovery questions are those questions that you set up in case you forget your password. Common questions are: In what city were you born? What is your mother’s maiden name? Where did you go to high school?

Ransomware on a Rampage

Ransomware Training 01

Ransomware is on a rampage!  Attacks are happening with ever-increasing frequency, and ransomware is evolving and becoming more powerful. Several major media sites, such as the New York Times, BBC, AOL, and the NFL, were recently infected with malware that directed visitors to sites attempting to install ransomware on their computers. Ransomware has the potential […]

The Kafkaesque Sacrifice of Encryption Security in the Name of Security

Encryption Backdoors - Kafkaesque

By Daniel J. Solove Proponents for allowing government officials to have backdoors to encrypted communications need to read Franz Kafka.  Nearly a century ago, Kafka deftly captured the irony at the heart of their argument in his short story, “The Burrow.” After the Paris attacks, national security proponents in the US and abroad have been […]

OPM Data Breach Fallout, Fingerprints, and Other Privacy + Security Updates

By Daniel J. Solove Co-authored by Professor Paul Schwartz This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here. We cover health issues in a separate post. News […]

Security Experts Critique Government Backdoor Access to Encrypted Data

by Daniel J. Solove In a recent report (link no longer available), MIT security experts critiqued calls by government law enforcement for backdoor access to encrypted information.  As the experts aptly stated: “Political and law enforcement leaders in the United States and the United Kingdom have called for Internet systems to be redesigned to ensure […]

Cybersecurity: Leviathan vs. Low-Hanging Fruit

Data Security Training Low-Hanging Fruit

by Daniel J. Solove There are certainly many hackers with sophisticated technical skills and potent malicious technologies.  These threats can seem akin to Leviathan — all powerful and insurmountable. It can be easy to get caught up focusing on the Leviathan and miss the low-hanging fruit of cybersecurity.  This low-hanging fruit consists of rather simple […]

The OPM Data Breach: Harm Without End?

By Daniel J. Solove The recent breach of the Office of Personnel Management (OPM) network involved personal data on millions of federal employees, including data related to background checks. OPM is now offering 18 months of free credit monitoring and identity theft insurance to victims. But as experts note in a recent Washington Post article, […]

Use of Encryption Is Increasing — Albeit Slowly

by Daniel J. Solove According to a survey commissioned by Thales e-Security, the use of encryption by organizations is increasing.  Ten years ago, only 15% had an enterprise-wide encryption strategy. Now, 36% have such a strategy. Some other interesting findings from the survey also found, according to a ZDNet article: