By Daniel J. Solove
Co-authored with Professor Paul Schwartz
This post is part of a post series where we round up some of the interesting news and resources we’re finding. We have split the health/HIPAA material from our updates on other topics. To see our updates for other topics, click here.
For a PDF version of this post, and for archived issues of previous posts, click here.
by Daniel J. Solove
Although we are seeing increasingly more sophisticated attempts at phishing, it appears as though many phishers still haven’t been able to get their hands on a program with spell check. Why are we still seeing the $10 million lottery winning emails? Or the long lost relative of yours living in Fiji who is leaving you $4 million?
A recent article explains that for the phishers, it is all a numbers game:
“So, if 97 per cent of phishing attempts are unsuccessful, why is it such a large issue? Because there are 156 million phishing emails sent worldwide daily. . . . Of the 156 million phishing emails sent daily, 16 million get through filters. Another eight million are opened by recipients. 800,000 click on the link provided, and 80,000 provide the information requested.”
by Daniel J. Solove
In Sorrell vs. IMS Health, 131 S. Ct. 2653 (2011), the Supreme Court struck down Vermont’s Prescription Confidentiality Law as a violation of the First Amendment right to free speech. The Vermont law restricted the sale and marketing use of information that would identify prescribers without their consent. The Supreme Court reasoned that the Vermont law “enacts content- and speaker-based restrictions on the sale, disclosure, and use of prescriber-identifying information.” According to the Court, the statute made content-based restrictions because it singled out marketing, and the statute made speaker-based restrictions because it focused on pharmaceutical manufacturers. The Court stated: “The law on its face burdens disfavored speech by disfavored speakers.”
by Daniel J. Solove
Over at the website, Information Is Beautiful, is this amazing chart of the biggest data breaches in the world.
Who knew data breaches could be so beautiful? For those who have suffered from their data being lost in a data breach to those who have suffered because they had to clean up after a data breach, there is a larger meaning to all your pain — it was for art!
This chart is so cool that it would almost be worth all the pain.
By Daniel J. Solove
A recent study by TeleSign revealed that many people engage in some troublesome password practices. Some of the most alarming findings from the report include:
— 73% of accounts use duplicate passwords.
— Nearly half of consumers have a password they haven’t changed in 5+ years
— “Consumers have an average of 24 online accounts, but use only 6 unique passwords.”
— “Only 30 percent of consumers are confident that their passwords will protect the security of their online accounts.”
These findings demonstrate why better authentication is needed. Enforcing good password practices is tremendously difficult. People have so many passwords that they must memorize, and if they must be long and complex, this compounds the challenge. Alternative means of authentication — such as two-factor authentication — should be explored, as they can be affordable and efficient.
I am a lover of literature (I teach a class in law and literature), and I also love privacy and security, so I thought I’d list some of my favorite novels about privacy and security.
I’m also trying to compile a more comprehensive list of literary works about privacy and security, and I welcome your suggestions.
By Daniel J. Solove
Co-authored by Professor Paul Schwartz
This post is part of a post series where we round up some of the interesting news and resources we’re finding. This post includes developments from the first part of 2015. For a PDF version of this post, and for archived issues of previous posts, click here.
NOTE: Health privacy and security issues will now be covered in a separate update post.
By Daniel J. Solove
The U.S. Court of Appeals for the 2nd Circuit just issued a 97-page ruling limiting the NSA’s power to sweep up data about people’s phone calls. The case is ACLU v. Clapper, and the court held that the USA Patriot Act Section 215 doesn’t authorize the kind of sweeping collection of phone call metadata that the NSA has been engaging in. The court’s holding is limited to statutory interpretation — the scope of data collection authorized by Section 215. The court doesn’t base its holding on the Fourth Amendment, though it does note the uncertain status of current Fourth Amendment law.
The bottom line is that the NSA has been gathering a lot more data than it has been authorized to gather.
. . . the Empire would have won. A search of records would have revealed where Luke Skywalker was living on Tatooine. A more efficient collection and aggregation of Jawa records would have located the droids immediately. Simple data analysis would have revealed that Ben Kenobi was really Obi Wan Kenobi. A search of birth records would have revealed that Princess Leia was Luke’s sister. Had the Empire had anything like the NSA, it would have had all the data it needed, and it could have swept up the droids and everyone else, and that would have been that.
There is an important lesson to be learned from Star Wars: If you are trying to establish and maintain a ruthless Empire, you can greatly benefit from better data aggregation and analysis.
By Daniel J. Solove
Law firms are facing grave privacy and security risks. Although a number of firms are taking steps to address these risks, the industry as a whole needs to grasp the severity of the risk. For firms, privacy and security risks can be significantly higher than for other organizations. Incidents can be catastrophic. On a scale of 1 to 10, the risks law firms are facing are an 11.
This is not time for firms to keep calm and carry on. The proper response is to freak out.
Free newsletter with cartoons, writings, events, webinars, training, humor and whiteboards.
