PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Is the NSA’s Big Data Program Authorized? Key Quotes from a Major Court Ruling

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 14, 2015

title image

By Daniel J. Solove

The U.S. Court of Appeals for the 2nd Circuit just issued a 97-page ruling limiting the NSA’s power to sweep up data about people’s phone calls. The case is ACLU v. Clapper, and the court held that the USA Patriot Act Section 215 doesn’t authorize the kind of sweeping collection of phone call metadata that the NSA has been engaging in. The court’s holding is limited to statutory interpretation — the scope of data collection authorized by Section 215. The court doesn’t base its holding on the Fourth Amendment, though it does note the uncertain status of current Fourth Amendment law.

The bottom line is that the NSA has been gathering a lot more data than it has been authorized to gather.

Continue Reading

If the Empire in Star Wars Had Big Data

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 6, 2015

Star Wars Privacy and Security Awareness Darth Vader

. . . the Empire would have won. A search of records would have revealed where Luke Skywalker was living on Tatooine.  A more efficient collection and aggregation of Jawa records would have located the droids immediately.  Simple data analysis would have revealed that Ben Kenobi was really Obi Wan Kenobi. A search of birth records would have revealed that Princess Leia was Luke’s sister. Had the Empire had anything like the NSA, it would have had all the data it needed, and it could have swept up the droids and everyone else, and that would have been that.

There is an important lesson to be learned from Star Wars: If you are trying to establish and maintain a ruthless Empire, you can greatly benefit from better data aggregation and analysis.

Continue Reading

Law Firm Cyber Security and Privacy Risks

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 30, 2015

Title image

By Daniel J. Solove

Law firms are facing grave privacy and security risks. Although a number of firms are taking steps to address these risks, the industry as a whole needs to grasp the severity of the risk. For firms, privacy and security risks can be significantly higher than for other organizations. Incidents can be catastrophic. On a scale of 1 to 10, the risks law firms are facing are an 11.

This is not time for firms to keep calm and carry on. The proper response is to freak out.

Continue Reading

Why We Should Persuade and Train with Stories

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 27, 2015

title image

By Daniel J. Solove

 

Once upon a time, there was a teacher who wanted to train people. At first, the teacher stated a list of things to do and not do. But this had little effect. The teacher was upset and started to doubt whether he could ever get through to people. But then the teacher tried a new approach – using stories. People remembered the stories, and the training started to change people’s behavior. And the teacher and everyone he taught lived happily ever after.

Continue Reading

Privacy Law: From a National Dish to a Global Stew

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 15, 2015

title image

By Daniel J. Solove
This post is co-authored by Professor Neil Richards

The recent case of Google v. Vidal-Hall in the UK has generated quite a buzz, with Omer Tene calling it the “European privacy judicial decision of a decade.”

The case illustrates several fascinating aspects of the developing global law of privacy, with big implications for online marketing, Big Data, and the Internet of Things.

At first blush, it is easy to see the case as one more divergence between how privacy is protected in the EU and US, with a European Court once again showing how much eager it is to protect privacy than an American one. But the biggest takeaway from the case is not one of divergence; it is one of convergence!

Continue Reading

The Health Data Breach and ID Theft Epidemic

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 6, 2015

Title image

By Daniel J. Solove

When you go to the hospital, you might worry about catching a staph infection or pneumonia, but you should also worry about contracting a nasty case of medical identity theft. Most people suffer significant harm from medical ID theft, and few are completely cured. This ailment is spreading dramatically as data spurts out of healthcare organizations these days as if from a ruptured aorta.

In January of this year, an article citing U.S. Department of Health and Human Services (HHS) statistics noted that in the past 5 years, there have been roughly 120,000 reported data breaches involving HIPAA protected health information. These breaches have involved more than 31 million individuals.

Continue Reading

Does Scholarship Really Have an Impact? The Article that Revolutionized Privacy Law

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
March 30, 2015

Title image

 

By Daniel J. Solove

Does scholarship really have an impact? For a long time, naysayers have attacked scholarship, especially scholarship about law. U.S. Supreme Court Chief Justice Roberts once remarked: “Pick up a copy of any law review that you see, and the first article is likely to be, you know, the influence of Immanuel Kant on evidentiary approaches in 18th Century Bulgaria, or something.” He noted that when the academy addresses legal issues at “a particularly abstract, philosophical level . . . they shouldn’t expect that it would be of any particular help or even interest to the members of the practice of the bar or judges.” Judge Harry Edwards also has attacked legal scholarship as largely irrelevant.

Continue Reading

Surveillance Law in Dire Need of Reform: The Promise of the LEADS Act

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
March 24, 2015

title image

By Daniel J. Solove

The law regulating government surveillance and information gathering is in dire need of reform. This law, which consists of the Fourth Amendment and several statutes, was created largely in the 1970s and 1980s and has become woefully outdated. The result is that law enforcement officials and intelligence agencies can readily find ways to sidestep oversight and protections when engaging in surveillance and data collection.

Continue Reading

Burn Before You Learn or Learn Rather than Burn

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
March 20, 2015

title image

By Daniel J. Solove

It seems as though every week brings news of another batch of data breaches . . . and they’re getting bigger. Target. Home Depot. Sony. Anthem. The list goes on and on.

The costs of many of these breaches are devastatingly large. And yet most data breaches are readily preventable. After reviewing more than 1,000 data breaches from 2014, the Online Trust Alliance (OTA) found that more than 90% of them could have been avoided.

Continue Reading

Facebook Privacy Sherpas, the Internet of Things, and Other Privacy + Security Updates

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
March 9, 2015

p+s update image

By Daniel J. Solove and Paul M. Schwartz

This post is co-authored with Professor Paul M. Schwartz.

This post is part of a post series where we round up some of the interesting news and resources we’re finding.

For a PDF version of this post, and for archived issues of previous posts, click here.

Continue Reading