Public Policy programming at Lake Forest College for the 2022-23 academic year is focused on Privacy and the Internet, a topic that affects everyone of all ages.
Virtual banking, online shopping, electronic medical records, and social media are now woven into the fabric of our everyday experience. The ubiquitous nature of these technologies, however, has also enabled businesses and governments to access astonishing amounts of our personal information. We have chosen Privacy and the Internet to be our inaugural topic, because digital technology has become a routine presence in our lives, while our understanding of the costs often lag behind our understanding of the experience.
Our programming includes both a fall lecture series which is open for anyone to attend and the Public Policy Analysis Challenge for our students in the spring. This webpage is a repository of several documents that speak to the importance of privacy and the internet. Interested students and community members are invited to use the repository to further explore various aspects of online privacy. The page is organized into several important topics, including Individual Privacy, Cybersecurity, Government Oversight, Legislation, Global Perspectives, Cybercrime, Surveillance, Biometrics, Big Tech, Health, Data Brokerage, Mobile Apps, The Internet of Things and Artificial Intelligence, Research Tools, Privacy Policies, and Court Cases. Click on the according buttons on the right to see specific links on each sub-topic.
Individual Privacy
Data Privacy
Who should own your data? This question is examined through the example of smart tractors. Smart tractors collect data via GPS, which is then used to predict crop profitability. When farmers are faced with an incentive to sell GPS data, what are the consequences of doing so?
Who Owns Your Data? (Hint: It's not you)
In our world, data belongs to those who collect it. This video by PHD Comics, introduces concepts such as digital privacy, big data, and the internet of things.
Your Bosses Could Have a File on You, and They May Misinterpret It
Some employers rely on semi-automated tools, like monitoring software and behavioral analytics, to assess employees. The growth in private sector monitoring raises ethical questions.
FBI Conducted Potentially Millions of Searches of Americans' Data Last Year, Report Says
The Federal Bureau of Investigation (FBI) performed potentially millions of searches of American electronic data last year without a warrant, raising concerns about government surveillance and privacy.
I Scraped Millions of Venmo Payments. Your Data Is at Risk
Venmo is a useful app for transfering money. Beside aiding the transferring of funds, Venmo has made the sending and receiving of money a social affair. What can hackers glean about a person from innocuous transaction data? It turns out Venmo data can be used to facilitate cyberattacks.
It's Not That Hard to Unmask Real People in Anonymous Data, Researchers Warn
Data brokers claim to anonymize their data sets. While metadata is technically anonymous, de-anonymizing data is simple. This post highlights a tool which calculates how likely you'd be correctly identified in anonymous data sets.
Four Cents to Deanonymize: Companies Reverse Hashed Email Addresses
Your identifying information, such as an email address, travel online in a hashed, non-personally identifiable manner. However, as this post explains, emails can easily be unhashed. Some companies charge as little as four cents to reverse hash an email address.
Suicide Hotline Shares Data With For-Profit Spinoff, Raising Ethical Questions
Crisis Text Line has control of the largest mental health data set in the world. Read to learn why ethics and privacy experts were concerned when Crisis Text Line shared data with a for-profit partner, Loris.ai.
Digital Privacy
We all should care about privacy. Privacy is not only pertinent for individuals who have actions to hide.
The Battle for Digital Privacy Is Reshaping the Internet
Big Tech companies are changing rules around online data collection, yet advertising remains at the center of the internet.
How to Protect Your Digital Privacy
Explore this guide to make changes to protect yourself and your information online, and learn why you might want to make them.
Can Privacy, Security and Ease of Use Work Together?
In an interview with Washington state Chief Privacy Officer Katy Ruckle, the role of data privacy in providing government services is explored.
Explore the personal data Microsoft collects and how the company uses it in language that is easier to understand.
NFTs Are a Privacy and Security Nightmare
NFTs are unique, digital assets that represent real-world objects. However, today's NFT platforms lack fundamental security features. Read to learn why NFT’s are deemed low privacy.
Personal Information
Privacy, Protection of Personal Information and Reputation Rights
Explore the relationship between children’s rights, business and the internet in this series of discussion papers.
Attempts to Obsure Data Collection and Preserve Anonymity
The Pew Research Center surveyed Americans on their opinion of mass data collection and internet anonymity. Survey results concluded that most Americans support great limits on data collection and most express low levels of confidence in corporate data protection.
A majority of Americans believe their online and offline activities are being tracked and monitored by companies and the government.
Personal data is a financial commodity and is often exploited by individual firms. The question of data ownership is a central concern. Explore the arguments surrounding private and collective data ownership.
Yes, Your Personal Information Is for Sale. Here's What to Do About It
Data brokers are sites that legally gather and sell your information. These sites use automated software to harvest information from tech companies, telecommunication providers, credit bureaus, tax records, court records, and other public sources. Personal data is then unified and sold at a listing price of $20.
You Are Data: The Fight to Protect Online Privacy
As more and more personal information is being tracked online, data protection has become a growing concern. The state of Connecticut has created a data collection law, providing consumers with extended control over their digital privacy.
Online Tracking
The High Privacy Cost of a “Free” Website
Most web pages do not charge a monetary entrance fee, however, the website is not free: you pay with your privacy. This reading explores how online behaviors are tracked and how tracking persists, even when site operators disable such technologies.
Giving Web a Memory Cost Its Users Privacy
Many privacy concerns can be traced back to cookies. While most companies use them responsibly, apprehension remains as cookies are not going away.
How Cookies Work - Do I have to Accept?
“Some cookies aren’t delicious; they track your personal data.” This resource examines website cookies, differentiates between valid and malicious types, and concludes by reviewing privacy protection tools.
Norfolk County Council Bolsters Productivity with IdentityIQ
Norfolk County Council used Sailpoint IdentityIQ to manage identities of individuals working within their organization. In addition, self-service password management was implemented for employees to manage their identities and passwords independently.
Privacy Solutions
30-Second Privacy Fixes: Simple Ways to Protect Your Data
Privacy is more than just avoiding targeted ads, the personal information tech companies gather can affect our lives in unprecedented ways. Read to explore tips and techniques that will limit the way products and services collect, share, and make money off your data.
How to Use a Free Password Manager—and Make Your Logins Safer
Your usernames and password could be floating around the internet due to website data breaches. However, using a password manager can help protect your information as they can create strong passwords, store login credentials, autofill login information, protect your data, and export credentials to switch password managers.
How Everyone Can Get the Online Privacy They Want
“Cookie banners” appear on most websites due to a regulation requiring webpages to post their data collection policies. In reality, cookies are widely ineffective and do little to protect privacy. This article explores how technology could make it easier for consumers to gain control of their data.
Privacy-Enhancing Technologies and Building for the Future
Meta is working to use privacy-enhancing technologies that incorporate personalization, while becoming less reliant on individual third party data.
Every Step to Simple Online Security
Explore steps to increase your online security.
Worried About Personal Data Leaks? Here’s How to Lock Down Your Phone
Apps on your smartphone capture a plethora of personal information. Your phone is packed with GPS, camera, and sensitive data such as your contacts and health status. This article provides a checklist that will help you limit that amount of data you inadvertently share with your mobile apps.
The ‘Capital of Silicon Valley’ Is Ignoring Its Privacy Experts
In response to privacy concerns, San Jose created its Digital Privacy Advisory Taskforce. However, a series of emails obtained by Motherboard allude to clashes between Silicon Valley’s technologists and privacy experts.
Firefox Boosts Privacy by Giving ‘Total Cookie Protection’ to All Users by Default
Termed “Total Cookie Protection," Firefox has implemented a cookie restriction feature that protects against online tracking. Read to learn why blocking third party tracking is an immense privacy gain.
Why Data Ownership is the Wrong Approach to Protecting Privacy
Data ownership is an idea often expressed about information privacy. This article argues that viewing data as a commodity restricts the free flow of information and induces the trading of privacy rights.
Cybersecurity
Cyber Threats
Survey Says: IT Leaders on Their Biggest Data Privacy Challenges
Digital privacy legislation strives to license constituents a say in how their data is used and distributed. Learn how state and local government leaders respond in a survey about digital privacy.
On the Internet: Be Cautious When Connected
The FBI highlights how to exercise caution on the internet. The brief informatic emphasizes a need to protect your systems, data, connections, and information.
Now Cryptojacking Threatens Critical Infrastructure, Too
Cryptojacking was once confined to browsers, however, cybercriminals have now turned attention to the lucrative industrial networks. Learn how cryptojacking has become a threat to critical infrastructure.
Six Threats that Brought Digital Executive Protection into the Spotlight in 2021
Privacy concerns impact one's personal life and have entered the mainstream. Explore six trending threats that brought digital protection and privacy into the public eye.
Despite the Hype, iPhone Security is No Match for NSO Software
If you are an iPhone user, you may not be secure against malicious Pegasus installation. Pegasus spyware can collect emails, call records, sound recordings, and browsing histories. If you believe Apple products keep you safe from spyware, think again!
Ransomware is a form of malware that prevents users from accessing their systems, files, and data. Individual, business, or organization data is then held hostage until a ransom is paid ($600 - $700,000).
Starting in 2014, mobile ransomware attacks have been reported on a large scale. Mobile ransomware locks a device and demands a ransom for device and data restoration.
Mobile spyware is a hidden malware that steals information, records audio, takes pictures, and tracks device location. Read to learn about spyware’s infection method and device remediation.
Cyber Vulnerabilities
5 Reasons Your Endpoint Security Could be at Risk
IT cybersecurity professionals feel the hybrid-work arrangement leaves their organizations more compromised and exposed to security threats.
Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected
A surge in identity theft during the pandemic highlights how easily hackers can obtain people’s private data.
U.S. Cybersecurity Agency ‘Strongly Urges’ You Patch These 75 Actively Exploited Flaws
Learn about the most recent security vulnerabilities that impact Microsoft Windows, VMware, Cisco, and F5.
Teen's Tesla Hack Shows how Vulnerable Third-Party Apps may Make Cars
Cars have been hacked before, however, a German teenager became the first to hack a vehicle through an app. A 19 year old found a vulnerability in an app installed on some Teslas and was able to access the remote control of 35 vehicles.
Cyber Security Standards
Cybersecurity Laws & Regulations
The federal government has yet to pass a comprehensive cyber security law. In compensation, precursing internet regulations have expanded to include cyber security clauses. This article overviews federal, state, and international regulation as they relate to cyber security.
Cybersecurity standards are collections of best practices, fabricated to help improve the cybersecurity posture of any organization. This page details the common cybersecurity compliance archetypes.
The Cornerstone of Cybersecurity – Cryptographic Standards and a 50-Year Evolution
Cryptography is used to secure communications, protect information in transmission, and codify stored data. The National Institute of Standards and Technology (NIST) has released standards pertaining to data encryption, advanced encryption, and public-key cryptography.
How the NotPetya Attack is Reshaping Cyber Insurance
What are the insurance implications for companies who are at risk of cyber attack? The NotPetya malware attack caused $10 billion of damage globally, yet cyber insurance companies denied reparations. Read to explore the legality behind cybersecurity policy.
Space Force Rolls out Cybersecurity Standards for Commercial Providers of Satellite Services
The Infrastructure Asset Pre-Approval program (IA-Pre) was developed to combat the security risks which could impact a Department of Defense mission. This post explores the IA-Pre program and emphasizes the importance of cybersecurity in the space domain.
Cyber Law
How Congress Can Help Prevent Cyberattacks
Congress approved a federal law requiring companies to report cyberattacks to federal authorities. The aim of the law is to create a space where the government can work cohesively with private sector companies to address cyber instances.
Cyber Law: Everything You Need to Know
Cyber law provides legal protections to anyone using the internet or internet related technologies. Key components of cyber law are cybercrime, cybersecurity, intellectual property, and risk mitigation. Read to learn about these components and the recent trends in cyber law.
In 2021, hackers initiated a ransomware attack on the Colonial Pipeline. The attack drove up U.S. gasoline prices and infiltration ceased only after Colonial agreed to pay the hackers $5 million in compensation.
U.S. House Lawmakers Search for Open Source Security Fixes
On May 11, 2022, the U.S House Committee on Science, Space, and Technology convened to discuss improving open software cybersecurity. The government could play an active role in cybersecurity by encouraging a security focus.
FBI Announcement: Paying the Ransom is a Bad Idea
The FBI does not support paying the ransom in the aftermath of a ransomware attack. Read to learn why paying the ransom is not supported.
Security Solutions
Listen to a webcast that explores privacy implications and ways to protect your identity online.
A CFO Guide to ‘Zero Trust’ Cybersecurity
Traditionally, stakeholders using a company network would follow a “trust, but verify”, access approach. As cyberattacks continue to grow in volume, IT infrastructures shift to a “Zero Trust” security framework.
A Former Hacker's Guide to Boosting Your Online Security
Ngô Minh Hiếu, a hacker who was incarcerated in the U.S. for running an online store that sold the personal information of about 200 million Americans, now attempts to protect the world from the sorts of cybercriminals he once was.
What Is Cyber Insurance, and Why Is It In High Demand?
The demand for cyber insurance has skyrocketed. This influx of demand has created issues for cyber policy holders, as protection has become more costly and less comprehensive.
A Decentralized Verification System Could be the Key to Boosting Digital Security
A zero trust security approach is the current best digital security practice. However, in a zero trust system, absolute trust is placed in the verification method. Read to learn more about decentralizing trust.
Cybersecurity is the practice of protecting electronic data from unlawful use. This article breaks down cybersecurity into 5 subcategories and explains the practicality of each subtype.
How to Protect Your Digital Privacy in the Era of Public Shaming
View nine tips to foil hackers, ransomware, online trackers, data brokers, and other menaces.
Mission of the Cloud-centric CISO
Large organizations are embracing cloud computing as a foundation for their business strategies, often centered around digital transformation.
The 2021 DUO Trusted Access Report
The 2021 Duo Trusted Access Report considers the future of hybrid work and suggests methods to secure devices and applications.
Integrated Microsoft Cloud Solutions
Fisco, Texas, has taken steps to modernize its IT security tools. Implementing Microsoft’s suite of integrated solutions has helped the city automate security tasks, facilitate threat detection, and build a secure enterprise.
Token Raises $13 Million for Its Biometric Authentication Ring
Token, a company founded in 2014, has developed a wearable authentication ring. The smart ring offers a passwordless, biometric authentication solution.
Government Oversight
Digital Government
They’re Your IRS Records. Getting Them Means Giving Up Privacy
Taxpayers who want to access their IRS records online must submit copies of their driver’s license, social security card, and other documents to the ID.me as proof of identity.
National Cyber Investigative Joint Task Force
The National Cyber Investigative Joint Task Force (NCIJTF) was established to combat the evolving cyber landscape. Learn more about the multi-agency cyber center and its responsibilities.
Magnet Forensics Buys Tech to Help Cops Peer into Devices
Magnet Forensics, a tech firm, has made a $5 million deal with U.S law enforcement. The tech provider plans to equip police with data extraction tools to aid investigative efforts and combat cyber attacks.
Understanding Identity Systems Part 1: Why ID?
Modern identity systems are vast. They include our passwords, characteristics, and behaviors. Governments have been looking into implementing national identity systems to support administrative needs. Read to explore the motivations behind introducing ID systems.
Security & Innovation for Government Agencies
Many government agencies still struggle with outdated legacy technology. This resource is a complete guide to improving government services with Microsoft cloud technology.
Data Collection
So This Is What Vaccine Passports Were Leading To
During the pandemic, a plethora of digital tools were introduced, each embedded with questionable data collection features. We accepted these controversial tools (e.g. tracking apps) under the guise of COVID-19. Watch to learn how the government used and abused its citizens' personal data.
Calls Mount for Blocking Warrantless Mass Data Collection
The 4th amendment protections individual privacy by requiring law enforcement to obtain a warrant before searching individual personal records. However, state, federal, and local law enforcement have been sidestepping the amendment by purchasing sensitive data from brokers.
ACLU v. Department of Homeland Security
Mobile apps routinely sell user’s location data to government agencies. In December 2020, the ACLU and NYCLU filed a lawsuit seeking records from the Department of Homeland Security about the practice of purchasing cell phone location data.
Much Of Our Government Digital Surveillance Is Outsourced To Private Companies
Our nation’s digital surveillance is increasingly outsourced to private companies. These corporations aggregate, analyze, and deploy consumer data sets. Read to learn about the commercialized surveillance state and its privacy risks.
Google Bans Apps With Hidden Data-Harvesting Software
Measurement Systems, a Panamanian firm, wrote a data harvesting code that later infected many popular mobile apps. The intrusive code collected location data and personal identifiers.
Cellphones, Law Enforcement, and the Right to Privacy
This white paper explains how the government collects and utilizes your location data. Both the legal and the policy landscape of geolocation data privacy are explored.
The U.S Postal Inspection Service (USPIS), a subsidiary of the U.S Postal Service, is charged with law enforcement, crime prevention, and security. Recently, USPIS proposed a modification to its inspection filing system, seeking to aggregate more data from Postal Service customers. The Electronic Privacy Information Center (EPIC) has submitted comments to USPIS urging a reversal of the proposed data collection expansion.
Amazon says US Government Demands for Customer Data Went Up
According to Amazon’s transparency report, subpoenas and search warrants received by the government have increased. The data demanded by the government includes information collected from Echo, Kindle and Fire tables, and inputs from Amazon’s home security devices.
Local Initiatives
Why Your City Probably Needs a Local Privacy Commission
Cities are looking to ensure privacy in surveillance technology procedures and in data handling logistics. Explore the workings of Oakland, California's privacy advisory commission.
Which States Have Cybersecurity Task Forces?
Cyber security is a pressing concern for federal and state governments. More than 30 states have created a cyber task force or commision group to better address and understand cyber security threats.
Cities are Easy Prey for Cybercriminals. Here's How They Can Fight Back
Cyber attacks can disrupt a city's municipal stations, emergency call centers, and most other city services. Read to learn why cities are vulnerable for attack and how they can protect themselves from digital disruption.
Digital Counties 2022: Winners Innovate and Collaborate
The Digital Counties Survey provides the opportunity for local information technology organizations to highlight their past advancements and future goals. Read to learn which counties scored highest in the 2022 edition.
Data Security Laws | State Government
State databases, which hold a vast amount of personally identifiable data, have become an attractive target for cybercriminals. This tool explores the data security laws for each applicable state government.
Cybersecurity
The evolving cyber landscape has led the FBI to implement cyber solutions. Learn more about the FBI’s strategy and partnerships.
The U.S Government Accountability Office (GAO) has expressed concern over the excess of national cybersecurity shortcomings. Read about four major cybersecurity challenges and the 10 associated critical action steps the GAO recommends.
A New Approach to Security in a Cloud-Based World
Governance through identity-centric security can help governments protect data and applications. This article introduces identity-centric technology and its benefits.
U.S. Lacks Full Picture of Ransomware Attacks, Senate Panel Finds
The ransomware economy is growing: attacks have become more frequent and ransom payments have reached the billions. Alarmingly, the U.S. government lacks understanding of ransomware attacks.
Why We Can Expect More Hacking of Politicians’ Phones
There is no international legislation restricting spyware. Could this be a reason why discoveries of spyware on devices of politicians has become increasingly common? Explore the tradeoff between privacy and digital infrastructure.
Whole-of-State Cyber Approaches Are Sweeping the Country
Local governments are seeking to improve cybersecurity procedures. Learn how states like New York and Tennessee have extended cyber services to local governments.
Multifactor, Endpoint Protection Headline Texas Cyber Strategy
Texas CIO Amanda Crawford outlines a plan to implement multifactor authorization and endpoint protection software across the state government.
Legislation
Privacy Law
Fred Cate: Privacy and Consent
Privacy law states that individuals should have control over information concerning oneself. Dr. Fred Kate denotes seven reasons why privacy consent should not be the focus of privacy law.
Data Privacy Unlocked, A Conversation with Alaska State Representative Zack Fields
In this podcast episode, Alaska State Representative Zack Fields discusses the Alaska Consumer Data Privacy Act. The legislation seeks to protect customers and businesses who use data functionally, while targeting predatory data collection.
Data Privacy Unlocked, A Conversation with Maureen Mahoney of Consumer Reports
Maureen Mahoney of Consumer Reports, joins Husch Blackwell’s David Stauss to discuss consumer data privacy. This episode focuses on data protection policy from California, Colorado, and Virginia legislation.
Debate: Should the U.S Copy the EU's New Privacy Law?
Listen in on a debate between the advocates and the critics of the General Data Protection Regulation. The GDPR is aimed at regulating the way companies handle customer’s personal data.
Americans’ Attitudes and Experiences with Privacy Policies and Laws
97% of Americans say they have been asked to agree to a company's privacy policy, yet relatively few report reading and understanding these policies. This report by the Pew Research Centers explores the demographic differences in reading privacy policies and provides statistics encapsulating the American opinion of corporate data accountability.
Why the “Privacy” Wars Rage On
Does the right to privacy exist? This article overviews the history of legal privacy, provides conceptual definitions of privacy, and critiques Roe v. Wade with respect to personal autonomy.
A Review: The American Data Privacy and Protection Act
The American Data Privacy and Protection Act strives to be the first federal data privacy policy. Read to learn what the act proposes.
Questions Remain as Lawmakers Craft National Privacy Law
Lawmakers are crafting a comprehensive national privacy law. The law covers topics of data ownership and control, the right to consent and object, and data protection for children and minors. Read to explore the perspective of Industry experts and their opinion on the bill's success.
Aging 'Privacy' Law Leaves Cloud E-Mail Open to Cops
Without changes to the Electronic Communications Privacy Act (ECPA), the police will continue to be able to access Americans' e-mail, or documents stored online that are more than six months old, without having to acquire a judge's permission, if the authorities promise it is "relevant" to a criminal investigation.
The State of Consumer Data Privacy Laws in the US (And Why It Matters)
Due to an absence of federal privacy laws pertaining to data, the information collected is not regulated and there is no standardization for notifying users of data breaches. States determine their own privacy laws, allowing many companies to use, share, or sell data without notifying the individual it belongs to.
Cyber Law
The IT Act seeks to safeguard information and minimize vulnerabilities. This resource overviews the policy and introduces cyber law terminology.
U.S. House Lawmakers Search for Open Source Security Fixes
On May 11, 2022, the U.S House Committee on Science, Space, and Technology convened to discuss improving open software cybersecurity. The government could play an active role in cybersecurity by encouraging a security focus.
GOP-Led Legislation Would Force Breakup of Google’s Ad Business
The Competition and Transparency in Digital Advertising Act, a bipartisan bill co-sponsored by Sens. Ted Cruz (R., Texas), Amy Klobuchar (D., Minn.) and Richard Blumenthal (D., Conn.), aims to prohibit companies processing more than $20 billion in digital ad transactions annually from participating in more than one part of the digital advertising ecosystem. If passed, the legislation would directly impact Google.
How Congress Can Help Prevent Cyberattacks
Congress approved a federal law requiring companies to report cyberattacks to federal authorities. The aim of the law is to create a space where the government can work cohesively with private sector companies to address cyber instances.
Federal
Amy Klobuchar Leads her Final Assault on Big Tech's Power
Senator Amy Klobuchar (D-MN) is the co-sponsor of the American Innovation and Choice Online Act, which, if enacted, would ban dominant platforms from favoring their own products and services over those of their competitors. Another bill sponsored by Klobuchar waiting to receive final approval in the House would provide more funding for the Justice Department and Federal Trade Commission through larger merger filing fees. The hope of these bills, and other pending legislation, is to address the power of Big Tech so companies cannot give preference to their own products or copy the data of other companies.
Reform To Federal Internet Legislation Must Learn from Past Mistakes
Congress is considering revisions to Section 230 of the Communications Decency Act. Section 230 seeks to make the internet safer from hate speech, disinformation, criminal activity, and other harms.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Explore the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a federal law that protects sensitive patient health information from being disclosed without the patient’s consent or knowledge.
A Guessing Game: How Sen. Klobuchar’s Tech Bill will Impact Consumers
Critics of Sen. Amy Klobuchar’s antitrust legislation raise concerns that the bill could dramatically change consumer-favorite products, while supporters of the bill argue that the legislation targets self-preferencing practices by big tech. Despite the opposing views, the impact of the legislation and the consequences for consumers is uncertain.
HIPAA, the Health Privacy Law That’s More Limited Than you Think, Explained
Learn about what HIPAA does and doesn’t do.
Fair Credit Reporting Act (FCRA)
Learn about the Fair Credit Reporting Act (FCRA).
18 U.S. Code § 2710 - Wrongful Disclosure of Video Tape Rental or Sale Records
Learn about a section from the Video Privacy Protection Act.
Family Educational Rights and Privacy Act (FERPA)
Explore the Family Educational Rights and Privacy Act (FERPA), a federal law enacted to protect the privacy of student education records.
Learn about the Gramm-Leach-Bliley Act, which requires financial institutions to explain their information sharing practices to their customers and to safeguard sensitive data.
15 U.S. Code § 6801 - Protection of Nonpublic Personal Information
Learn about a section of the Gramm-Leach-Bliley Act.
Electronic Communications Privacy Act of 1986 (ECPA)
Explore the Electronic Communications Privacy Act of 1986 (ECPA), which protects wire, oral, and electronic communications.
Explore the USA PATRIOT Act, which arms law enforcement with new tools to detect and prevent terrorism.
Online Privacy Bill Gains Momentum, but Hurdles Remain
A federal data privacy law is in the works. The legislation aims to place limits on how tech companies can collect and use user data. Additionally, the bill includes antidiscrimination protections and restricts the transfer of sensitive data.
Modernizing the Electronic Communications Privacy Act (ECPA)
Learn about the Electronic Communications Privacy Act of 1986 (ECPA), which protects wire, oral, and electronic communications.
Children's Online Privacy Protection Rule ("COPPA")
Explore the Children's Online Privacy Protection Act (COPPA) of 1998.
Learn about the Children’s Online Privacy Protection Act (COPPA), which gives caregivers control over what information websites can collect from their kids.
Learn about the Federal Trade Commission Act.
Why Lawmakers Want to Rewrite Section 230
Section 230 is a law that says users and social media providers are not liable for any information posted on media platforms. This video explains the bill and the key issues surrounding the legislation.
State
California Consumer Privacy Act (CCPA)
Learn about the California Consumer Privacy Act of 2018 (CCPA), which gives California consumers more control over the personal information that businesses collect and guidance on how to implement the law.
Biometric Information Privacy Act (BIPA)
Biometric Information Privacy Act (BIPA) establishes biometric data standards, requires a notice and consent to data collection, and prohibits companies from selling biometric information.
AB-1490 California Privacy Rights Act of 2020: California Privacy Protection Agency.
Explore the California Privacy Rights Act of 2020 (CPRA).
California Privacy Protection Agency
The California Privacy Rights Act established a new agency, the California Privacy Protection Agency (CPPA) to implement and enforce the law.
HB 2307 Consumer Data Protection Act; Personal Data Rights of Consumer, Etc.
Explore the Consumer Data Protection Act, which establishes a framework for controlling and processing personal data in the Commonwealth.
The Fight Continues Over Texas’ Controversial Social Media Law
A Texas law allowing residents to sue social media companies for censoring their content was reinstated by a federal appeals court; however, many argue that the content moderation law is unconstitutional, raising First Amendment concerns.
Data Privacy: CT Senate votes to Regulate the Buying and Selling of You
The failure of congress to pass federal privacy legislation has prompted the Connecticut Senate to pass a bill protecting consumer data. Senate Bill 6 would allow consumers to be notified by companies collecting data and ability to opt out of sales or sharing of that information.
Virginia Set to Become Second State to Pass Data Privacy Law
Virginia may pass the Consumer Data Protection Act, which would grant consumers the right to determine whether their data is collected and processed and ask for a copy of their data, correct inaccuracies, ask for the deletion of personal data, and opt out of the processing of personal data that may be used for targeted advertising, sale, or consumer profiling.
Colorado Senate Bill 21-190: Protect Personal Data Privacy
Explore the Colorado Privacy Act (ColoPA).
Colorado Passes Privacy Bill: How Does it Stack Up Against California and Virginia?
Learn about the Colorado Privacy Act (ColoPA) and how it compares to California and Virginia legislation.
Kids Online Safety Act of 2022 (KOSA)
Explore the Kids Online Safety Act of 2022.
1.4 million Illinois residents received checks as compensation for a $650 million lawsuit against Facebook. Illinois lawyers were not pleased when the social media platform gathered biometric data without user consent.
How Illinois Is Winning in the Fight Against Big Tech
Illinois has strict legislation governing the use of biometric identifiers. This article explores the Biometric Information Privacy Act of Illinois. The Act set limits on the amount of data that can be collected, requires consumer consent, and encourages a private right of action.
State Laws Related to Digital Privacy
Explore state laws related to digital privacy.
Security Breach Notification Laws
Explore state laws related to security breach notifications.
Private Right of Action Proving Problematic for State Privacy Laws
Ten states are currently considering data privacy legislation similar to California’s Consumer Privacy Act (CCPA).
From Washington to Florida, Here are Big Tech’s Biggest Threats From States
States are taking action on privacy, taxes and content moderation quicker than Congress.
Big Tech Is Pushing States to Pass Privacy Laws, and Yes, You Should Be Suspicious
Big Tech is pushing to pass friendly, watered-down state privacy bills to avoid greater protections.
Companies must honor the Global Privacy Control (GPC), a browser-based data collection opt-out tool, under the California Consumer Privacy Act, according to California’s attorney general.
Global Perspectives
Biometric Data and Privacy Laws (GDPR, CCPA/CPRA)
There are practically no legal provisions specific to biometric data protection. Instead, legal texts rely on provisions relating to personal data protection and privacy.
U.S. President Biden Signs Law to Ban Huawei and ZTE From Receiving FCC Licences
The Secure Equipment Act of 2021 removed approval for Huawei or ZTE equipment to be purchased for American network operations. The Federal Communications Commission backed the law, designating Huawei and ZTE as national security threats.
The EU AI Act: What you Need to Know, How to Improve It
The European Union wants to Regulate artificial intelligence through the EU AI Act. Listen in on a conversation with Mozilla Foundation's Executive Director Mark Surman, as he describes the key facts of the EU AI Act.
Data Protection and Privacy Legislation Worldwide
Explore legislation pertaining to data protection and privacy around the globe.
Beyond GDPR: Data Protection Around the World
Learn about regions and countries that have implemented international privacy laws for data protection.
Global Issues and Perspectives
China
Twelve Days in Xinjiang: How China's Surveillance State Overwhelms Daily Life
Security checkpoints, facial scanners, hand-held devices to search smartphones, and swiping ID cards and staring into a camera are just a few ways in which people are surveilled in Urumqi, China.
Four Takeaways From a Times Investigation Into China’s Expanding Surveillance State
The Time’s investigation team analyzed government bidding documents, which call companies to bid on contracts to provide surveillance technology. Technologies include phone tracking devices, DNA databases, and facial recognition cameras. All of these systems are integral to China’s expanding surveillance state.
Chinese Economist Suggests China Spend More to Boost Its Birthrate—and Is Blocked From Social Media
China suspended Ren Zeping’s Weibo account days after he wrote an article suggesting that the country spend $314 billion to boost its fertility rate.
China Uses AI Software to Improve Its Surveillance Capabilities
Dozens of Chinese firms have built software that uses artificial intelligence (AI) to sort data collected on residents.
China to Keep up Scrutiny of Internet Sector - Xinhua
China’s technology industry minister, has been engaged in a campaign tasked with regulating the online economy and tackling issues of data security.
Internet Access in China — Wi-Fi and Internet Censorship
China has been increasing internet censorship year by year. For starters, access to Google is largely blocked. Read to learn about China’s internet limitations and the recommended steps to improve your online capabilities.
Chinese Company Installed Secret Backdoor on Hundreds of Thousands of Phones
In a software update, a Chinese company introduced a secret backdoor that collected personal data. Android BLU devices users had their phone number, location, and message data collected.
U.S. and China Relations
Team USA Advises Athletes Heading to Beijing Olympics to Leave Their Phones at Home
The United States Olympic & Paralympic Committee is encouraging Team USA to use disposable or “burner” phones instead of personal devices during the Beijing Winter Olympics due to surveillance and malicious software concerns. The Canadian Olympic Committee, British Olympic Association, and Dutch Olympic Committee/Dutch Sports Federation also informed their athletes of cybercrime threats and urged individuals to take precautions.
U.S. President Biden Signs Law to Ban Huawei and ZTE From Receiving FCC Licences
The Secure Equipment Act of 2021 removed approval for Huawei or ZTE equipment to be purchased for American network operations. The Federal Communications Commission backed the law, designating Huawei and ZTE as national security threats.
FCC Kicks China Telecom out of United States
In 2021, the Federal Communications Commision removed the permission of China telecom to operate in the United States. The company’s removal stemmed from fear that the telecon agency would aid the Chinese government to access and misroute U.S. communication.
Huawei Eyes Digital, Intelligent Future Despite U.S. Ban
The China based tech giant, Huawei, has plans for developing intelligent digital infrastructure. Additionally, Huawei's market share has been growing, as others realize the prospects of the company. However, the U.S has banned companies from using the tech provider. Will the U.S. come to regret its decision?
Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say
Android phones were recently discovered with pre-installed monitoring software. The software was installed without disclosure, and collected the contents of text messages, contact lists, call logs, and location information.
Europe
What is GDPR, the EU's New Data Protection Law?
Learn about the General Data Protection Regulation (GDPR), Europe’s data privacy and security law.
Explore information to help organizations achieve General Data Protection Regulation (GDPR) compliance.
General Data Protection Regulation Text
Explore the General Data Protection Regulation (GDPR) text.
G.D.P.R., a New Privacy Law, Makes Europe World’s Leading Tech Watchdog
G.D.P.R., Europe's new privacy law, allows people to reduce the trail of information left when online and grants individuals the ability to request the data that companies hold on them, and demand it be deleted.
Europeans' Data Shared 376 Times Daily in Advertising Sales, Report Says
As companies bid for online advertising slots, data about every internet user is shared hundreds of times each day.
U.S. and Europe Relations
Real-Time Bidding (RTB) tracks what you are looking at and it records where you go. Every day it broadcasts data to a host of companies, enabling them to profile users. This report presents the scale of this data breach.
Biometric Data and Privacy Laws (GDPR, CCPA/CPRA)
There are practically no legal provisions specific to biometric data protection. Instead, legal texts rely on provisions relating to personal data protection and privacy.
U.S. Joins 55 Nations to Set New Global Rules for the Internet
In April 2022, the U.S and 55 other nations signed the “Declaration for the Future of the Internet.” The political commitment aims to promote the free flow of information and ensure user privacy.
The Privacy Mindset Of The EU Vs. The US
Compare the digital privacy mindset in Europe and the U.S.
Why Is America So Far Behind Europe on Digital Privacy?
Europe implemented the General Data Protection Regulation (GDPR) in 2018, which establishes several privacy rights including a requirement for companies to inform users about their data practices and receive explicit permission before collecting any personal information, yet America lacks a comprehensive federal law to regulate digital privacy.
Russia
Russia: Growing Internet Isolation, Control, Censorship
Recent developments in Russian internet regulation have focused on tightening government control, content filtering, and the engineering of novel monitoring technology. This white page explains Russian internet regulations as they apply to the web, applications, and telecommunications.
Russia Takes Censorship to New Extremes, Stifling War Coverage
President Vladimir V. Putin, appears to see the internet as a new found threat. The President clamped down on news outlets, blocked access to Facebook, and enacted a law that criminalizes anyone spreading “false information” about Russia’s invasion of Ukraine.
Russia Intensifies Censorship Campaign, Pressuring Tech Giants
Russian authorities warned tech companies including Google, Meta, Apple, Twitter, and others that they must comply with a new law that requires them to set up legal entities in the country, making the companies and their employees more vulnerable to Russia’s legal system and government censors. Through the use of ultimatums, authorities are pushing tech companies to censor unfavorable material, while keeping pro-Kremlin media unfiltered.
Many Russian Cyberattacks Failed in First Months of Ukraine War, Study Says
A report from Microsoft revealed that the Russian government was succeeding in its disinformation campaign to establish a narrative of the war favorable to Russia, despite Moscow failing in more than two-thirds of the cyberattacks conducted.
Authoritarians Love Smart Cities, Russia is no Expectation
Moscow has been on a mission to become a smart city. While smart cities can increase efficiency and improve the quality of life, smart city technology in the hands of an authoritarian regime should raise safety concerns.
Latin America
Telegram Rolls out Group Monitoring in Brazil Ahead of Elections
The spread of disinformation, especially revolving around elections, could threaten a country's democracy. To combat false content, Telegram has announced an aim to monitor content and create fact-checking channels.
A Look-Back and Ahead on Data Protection in Latin America and Spain
Explore data protection laws in Latin American countries and Spain, some of which are GDPR-inspired.
Learn about how various Latin American countries address data privacy.
The Battle for Communications Privacy in Latin America: 2021 in Review
Government surveillance is a problem in Latin American countries, emphasizing the importance of human rights and the need to increase safeguards.
Going Digital: Privacy & Cybersecurity in Latin America
Listen to a webcast on how Latin American governments and those in the private sector can protect digital privacy and improve cybersecurity.
North Korea
What the North Korean Internet Really Looks Like
North Korea heavily restricts citizens' internet access. Read to learn what you may encounter on the North Korean internet.
North Korea, the Surveillance State
North Korea’s domestic internet, kwangmyong, only provides access to government approved websites. Additionally, phone, media, and communication activity are notoriously controlled.
North Koreans Want External Information, But Kim Jong-Un Seeks to Limit Access
The People's Republic of North Korea has established an information monopoly – Radio, television, cellphones, and media access are fully controlled by the president. This report focuses on the violation of internet freedom and details the techniques used to limit access to outside information.
How North Korea Used Crypto to Hack Its Way Through the Pandemic
North Korea’s economy has been heavily impacted by sanctions and the coronavirus pandemic, yet the nation continues to spend money. A key part of the mystery was figured out when North Korea was publicly accused of stealing millions of dollars in cryptocurrency to raise funds.
North Korea Cyber Threat Overview and Advisories
HIDDEN COBRA is the code name the U.S. Government uses in reference to the North Korean government’s malicious cyber activity. The North Korean government engages in cybercrime to collect intelligence, conduct attacks, and generate revenue.
One American Hacker Suddenly Took Down North Korea’s Internet—All Of It
In January 2022, an attack against North Korea resulted in a country wide internet blackout. Discover the motives behind the North Korean hack.
Global Issues
Global Survey on Internet Privacy and Freedom of Expression
Explore global challenges and opportunities and the legal and regulatory environment for privacy protection on the internet around the world.
The Era of Borderless Data Is Ending
As nations attempt to control digital data within their country or region, governments set new rules and standards in an attempt to gain “digital sovereignty.”
Edward Snowden: Leaks that Exposed US Spy Programme
Edward Snowden is a former CIA agent, who leaked details of the extensive internet and phone surveillance by American Intelligence. Leaked documents suggested that the National Security Agency (NSA) broke US privacy laws hundreds of times per year.
China’s COVID Surveillance State and Its Western Imitators
China, the world’s surveillance superpower, is often criticized by other nations for its authoritarian oversight. However, as COVID peaked, mass data collection and surveillance expanded globally.
Huawei Security Scandal: Everything You Need to Know
Huawei has recently joined the consumer smartphone market, now owning more than 16% of the industry. However, concerns have been sparked over Huawei's potential to be spying on behalf of the Chinese government.
Cybercrime
Dark Web
Dark Web Carding Platform UniCC Shuts up Shop After Making Millions
This article explores UniCC, a Dark Web credit card fraud and identity theft platform. After generating over $358 million in fraudulent purchase revenue, UniCC announced its shut-down.
He Predicted the Dark Side of the Internet 30 Years ago. Why did no one Listen?
In 1994, Philip Agre predicted that computers would facilitate the mass collection of data. Additionally, Agre foresaw the authoritative misuse of facial recognition technology and foretold that artificial intelligence would be put to dark uses.
The Black Market for Data is on the Rise
The black market for data is a multi-billion dollar industry where stolen information is bought and traded. Read to learn about the factors contributing to the growth of the dark web and why decentralized storage may be a solution to combat the black market.
Learn about the dark web and review a case study.
Malware
College Closing Another Sad Milestone for Ransomware Impact
Lincoln College closed after 157 years due to financial challenges from a 2021 ransomware attack and the coronavirus pandemic.
What Prescott, Ariz., Learned 'Dodging a [Ransomware] Bullet
Even one weak password can give hackers an advantage to intrude an entire city’s network. A successful cyber attack could disrupt airport, finance, public safety, and utility city-operations.
Android Malware that Steals Passwords puts Billions of Users at Risk
ERMAC 2.0 is a malware that targets Android devices. ERMAC 2.0 spreads via fake sites and the malware works to harvest user data.
Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks
Ransomware for IoT (R4IoT), is a new ransomware that targets an IoT device in an attempt to gain access to IT (information technology) and OT (operational technology) networks.
How Vulnerable Is U.S. Energy Infrastructure to Future Cyberattacks?
May 2021, the Colonial Pipeline shut down in response to a ransomware attack. As digital threats to energy infrastructure are becoming more frequent, why does cybersecurity regulation remains scarce?
SMS Trojan is malware that infects a mobile device and intercepts the SMS messaging system. Learn about SMS Trojans infection method and remediation steps.
Mobile Bank Trojan is a mobile banking malware that seeks to steal an individual's bank account credentials. Read to learn about Mobile Bank Trojan’s history, infection method, and remediation.
Scams and Frauds
Now Cryptojacking Threatens Critical Infrastructure, Too
Cryptojacking was once confined to browsers, however, cybercriminals have now turned attention to the lucrative industrial networks. Learn how cryptojacking has become a threat to critical infrastructure.
IRS Phone Scammers Double up Their Efforts for the Holidays
The IRS phone scam is a common scam technique used by cyber criminals. This article includes an excerpt from a conversation with a fake IRS agent.
Ashley Madison Hack Returns To ‘Haunt’ Its Victims: 32 Million Users Now Watch And Wait
Sextortion campaigns are on the rise. The attack strategy is simple: spice up a threatening email with some personal details, then claim to have photos or videos which will be emailed to friends, family, and colleagues unless a bitcoin ransom is paid.
Money Mules, If It Looks to Good to be True...
Money mules receive stolen funds and transfer them to cybercriminals. Read to learn how money mule recruiters trick individuals into becoming money launderers.
Help Prevent Disaster Donation Scams from Causing More Misery
Disaster donation scams ploy on tragedy and sympathy to hoax individuals. This blog describes the social engineering involved in fake disaster donation scams and offers methods to avoid such scams.
Ellen DeGeneres Giveaway Scam Spreading on Social Media
The Ellen DeGeneres giveaway scam spread on social media in 2015. Read to learn about this celebrity scam and why it failed.
Social Engineering is a method used by cybercriminals to get victims to breach security or disclose private information. Learn about the objectives of social engineering and the common types of online scams.
A robocall is any telephone call that delivers a pre-recorded message with the intention of stealing identifiable or financial information. Read to learn about the main types of scam calls and solutions for avoiding robocalls.
Hacks
T-Mobile Says Hack Exposed Personal Data of 40 Million People
A T-Mobile data breach exposed information including customers’ first and last names, social security numbers, driver’s license, and other information.
Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely
GhostTouch, is the first contactless cyber attack strategy. The strategy uses ‘electromagnetic interference to inject fake touch points into a touchscreen’ device.
DNA Testing Firm Data Breach Exposed Sensitive Information of More Than 2.1 Million People
A data breach associated with DNA Diagnostics Center (DDC), a national genetic and paternity testing organization, led to hackers accessing the personal information of more than 2.1 million people. While no genetic information was stolen and the breach was limited to the archived system, hackers accessed full names, social security numbers, credit and debit card numbers and CVV, financial account numbers, and the breached system’s password.
Hackers Can Now Trick USB Chargers To Destroy Your Devices -- This Is How It Works
Did you know that USB chargers are open to malicious compromise? Review how cyber criminals can take advantage of public chargers and install transmittable malware.
Russian Military Hackers — $10 Million Reward Offered By U.S.Government
Six Russian military hackers have been named by the U.S. Department of State as cybercriminals for their alleged involvement in computer fraud, aggravated identity theft, and other malicious cyber activity. Learn why the U.S. Department of State is willing to offer up to $10 million for information on these hackers.
One American Hacker Suddenly Took Down North Korea’s Internet—All Of It
In January 2022, an attack against North Korea resulted in a country wide internet blackout. Discover the motives behind the North Korean hack.
North Korean hackers have a new trick up their sleeves: posing as cybersecurity bloggers to attack reacherers in the field. Learn how the hackers created cybersecurity blogs, phished cyber researchers, and hoped to exploit them.
After This Week’s Hack, It Is Past Time for Twitter to End-to-End Encrypt Direct Messages
Hackers gained access to an internal admin tool and compromised high profile Twitter accounts (e.g. Elon Musk and Barack Obama). Learn how Twitter was at fault for this attack and how implementing end-to-end encryption could have safe guarded the social network company from the attack.
What Is Cryptocurrency Theft and How Does Crypto Theft Work
The astonishing return on cryptocurrency investment has lured cybercriminals into cryptocurrency theft. Learn about the forms of crypto theft and how antivirus software can prevent your crypto wallet from being hacked.
Why we can Expect More Hacking of Politicians’ Phones
There is no international legislation restricting spyware. Could this be a reason why discoveries of spyware on devices of politicians have become increasingly common? Explore the tradeoff between privacy and digital infrastructure.
Identity Theft
Mass Unemployment Is a Field Day for Identity Thieves
Job applications enrich a company's database, making an attack increasingly attractive to hackers. It is critical to protect your personal information when job hunting.
What To Know About Identity Theft
Identity theft occurs when someone impermissibly uses your personal (e.g. name, address) or financial (e.g. credit card, bank account) information. Read to learn how to protect yourself against identity theft.
‘Tough to Forge’ Digital Driver’s Licenses Are — Yep — Easy to Forge
In 2019, the government of New South Wales switched to a digital driver's license (DDL). DDL allowed citizens to use their cellphones to show proof of identification during roadside police checks and at bars. In theory, DDL was innovative. In reality, the digital ID was a field day for identity scammers.
LifeLockCEO's Identity Stolen 13 Times
LifeLock’s CEO, Todd Davis, displayed his social security number on the company's advertisements. In an effort to exhibit LifeLock’s security, Davis has ironically been a victim of identity theft.
Children are Targets for ID Theft. Here’s What Parents Need to Know.
Learn about what child identity theft looks like and how it can be prevented.
Cybercrime
The evolving cyber landscape has led the FBI to implement cyber solutions. Learn more about the FBI’s strategy and partnerships.
Real-Time Bidding (RTB) tracks what you are looking at and it records where you go. Every day it broadcasts data to a host of companies, enabling them to profile users. This report presents the scale of this data breach.
New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme
Andrew Yang wants people to get paid for the data they create on big tech platforms through his Data Dividend Project, which establishes data as property rights under privacy laws like the California Consumer Privacy Act (CCPA).
How Cambridge Analytica Sparked the Great Privacy Awakening
Cambridge Analytica purchased Facebook data on tens of millions of Americans, without users’ knowledge, and used their likes to create personality profiles for the 2016 U.S. election. The scandal showed how data can be misused.
Watch the trailer for a documentary film about the Cambridge Analytica data scandal.
US Lacks Full Picture of Ransomware Attacks, Senate Panel Finds
The ransomware economy is growing: attacks have become more frequent and ransom payments have reached the billions. Alarmingly, the U.S. government lacks understanding of ransomware attacks.
Surveillance
Surveillance Cameras
Northeast Ohio Cities Spend COVID Aid on Surveillance Cameras
Cities in Northeast Ohio spend millions of COVID-19 stimulus dollars on surveillance cameras for law enforcement, in an effort to fulfill various safety initiatives, yet critics argue that additional surveillance infringes upon civil rights in addition to questioning the efficacy of crime reduction.
Public Surveillance Cameras and Crime
Studies indicate that cameras can reduce crime, specifically property crimes and vehicle crimes in parking lots, yet gaps and inconsistencies remain in research. The current study analyzes different types of cameras and their impact on crimes and crime clearances.
Official Airbnb policy allows the use of cameras and recording devices given that the devices are installed visibly and the camera use is disclosed. Many Airbnb consumers were not aware of security camera permission until a Twitter threat went viral.
Ring Neighbors Is the Best and Worst Neighborhood Watch App
Amazon’s Ring service comes packaged with Neighbors, a neighborhood watch app. While the Neighbors app may be beneficial in alerting towns of criminal dangers, the app has sparked controversy following a partnership with law enforcement agencies. Read to explore the controversy surrounding Amazon’s home surveillance service: Ring Neighbors.
Aerial Surveillance
NYPD Settles Lawsuit After Illegally Spying on Muslims
The New York City Police Department illegally spied on Muslims, prompting a lawsuit that was settled.
U.S. Marshals Used Drones to Spy on Black Lives Matter Protests in Washington D.C.
Documents indicate U.S. Marshals Service flew unmanned drones over Washington, D.C., when nationwide protests against police brutality in the wake of George Floyd’s murder were at their height.
U.S. Watched George Floyd Protests in 15 Cities Using Aerial Surveillance
The Department of Homeland Security deployed helicopters, airplanes and drones over 15 cities where demonstrators protested the death of George Floyd, logging at least 270 hours of surveillance.
Customs and Border Protection Is Flying a Predator Drone Over Minneapolis
Customs and Border Protection (CBP) flew a Predator drone over Minneapolis while protesters demonstrated against police brutality.
Drones are Taking to the Skies in the U.S.
The Federal Aviation Administration has increased efforts to license surveillance drones for law enforcement and other uses in U.S. airspace.
New Documents Reveal U.S. Marshals’ Drones Experiment, Underscoring Need for Government Transparency
The U.S. Marshals Service has experimented with using drones for domestic surveillance.
Mass Surveillance
Networks of Control - A Report on Corporate Surveillance, Digital Tracking, Big Data & Privacy
A large number of companies engage in constant surveillance of the population without peoples’ knowledge, tracking, profiling, categorizing, rating, and collecting personal data.
A World With a Billion Cameras Watching You Is Just Around the Corner
Globally, more than 1 billion cameras are being used for surveillance purposes. The growth in the global security camera industry has triggered debate over the implications and regulation of mass surveillance.
Apple’s CEO, Tim Cook, critiqued tech companies for monitoring user data, claiming that large scale surveillance could become a problem for society. Read to learn how surveillance could change the way humans behave and interact with one another.
Tech Tool Offers Police ‘Mass Surveillance on a Budget’
Local law enforcement agencies across the U.S. have been using a cellphone tracking tool to follow billions of people’s movements. Supporters claim the technology’s use can fill the gaps found in understaffed and underfunded police departments, while adversaries argue the digital tool violates the Fourth Amendment.
Everyday lives of consumers are monitored and recorded. Pervasive digital tracking is used to make automated decisions and predictions about consumer behavior. Warning: your sensitive information is sold to promote corporate profitability!
The State Of Mass Surveillance
Learn about the state of mass surveillance by the U.S. government and where it could go in the future.
Edward Snowden, the NSA, and Mass Surveillance
In 2013, Edward Snowden gave journalists thousands of secret NSA documents, revealing mass surveillance of terrorist suspects and of innocent Americans. The leaks caused many people to criticize the previously secret NSA surveillance programs.
Technology
How Democracies Spy on Their Citizens
Pegasus, a spyware technology, has tools that extract the contacts of a phone, including texts and photos. The software has infiltrated the telephones of national leaders including Borris Johnson, the Prime Minister of the United Kingdom.
Should Companies Track Workers With Monitoring Technology?
Following the shift to remote work, employee monitoring technology has been adapted at an astonishing rate. Monitoring technology can capture the websites employees visit, their active and idle time, and even analyze employee facial expressions. This article features an excerpt of a conversation between three data-privacy experts, who discuss the privacy issues of employee monitoring technology.
China Uses AI Software to Improve its Surveillance Capabilities
Dozens of Chinese firms have built software that uses artificial intelligence (AI) to sort data collected on residents.
Facewatch: the Reality Behind the Marketing Discourse
Facewatch is a cloud based facial recognition system that strives to reduce shoplifting. Explore concerns over Facewatch’s controversial partnership with the police force.
Mobile spyware is a hidden malware that steals information, records audio, takes pictures, and tracks device location. Read to learn about spyware’s infection method and device remediation.
Pegasus Spyware and Citizen Surveillance: What You Need to Know
Pegasus is a spyware software intended to help governments pursue criminals and terrorists. Learn how Pegasus software operates and how such tools could be misused.
Visual Surveillance Technology
Surveillance cameras (also known as Closed-Circuit Television [CCTV]) are the main technology behind facial recognition processes. This brief article explains CCTVs, their uses, and subsequent concerns.
Government
The CDC Surveilled for Lockdown Compliance
The COVID-19 containment plan included a population-wide lockdown. To enforce an isolation policy, the CDC bought expensive access to mobile phone location data.
FBI Conducted Potentially Millions of Searches of Americans’ Data Last Year, Report Says
The Federal Bureau of Investigation (FBI) performed potentially millions of searches of American electronic data last year without a warrant, raising concerns about government surveillance and privacy.
Cute Videos, but Little Evidence: Police say Amazon Ring isn't Much of a Crime Fighter
While Ring promises to “make neighborhoods safer,” an NBC News Investigation found little evidence to support the company’s claim.
FAQ: What You Need to Know About the NSA's Surveillance Programs
Explore what the NSA collects and how it obtains information.
The State of Privacy in Post-Snowden America
After the 2013 Snowden leaks about the NSA, Pew Research Center explored people’s views and behaviors related to privacy by examining how people perceived government surveillance and commercial transactions involving the collection of personal information.
The Top Secret Rules that Allow NSA to use US Data Without a Warrant
Documents submitted to the secret Foreign Intelligence Surveillance Court, known as Fisa court, revealed procedures that the NSA is required to follow to target non-US persons and minimize data collection from US persons.
Biometrics
General
Biometrics describes the data gathered from human characteristics. Biometrics could be physiological data like fingerprints, facial, and retina patterns, or behavioral, like voice and gait profiles. Recently, there has been a global uptake in the development of biometric programs, however, such developments have often sidelined the creation of legal frameworks to regulate biometric data.
Looking to the Future of Biometric Data Privacy Laws
Failure to secure and document informed consent to use biometric information has resulted in a wave of litigation in Illinois due to the Biometric Information Privacy Act (BIPA).
Hacking Our Identity: the Emerging Threats From Biometric Technology
Biometric authentication is used for digital security, law enforcement, employee identification, and more. This article probes the policy and security challenges that are arising as we adopt biometric technology.
Behavioral Biometric vs Physical Biometric: Complete Guide
Learn about the difference between behavioral biometrics and physical biometrics, and the advantages and disadvantages of each.
Facial Recognition
Facial recognition refers to a technology that collects and processes biometric facial data. This short article explains facial recognition, offers examples of how the system is used, and concludes with warnings surrounding the technology.
Facial Recognition Is Everywhere. Here’s What We Can Do About It.
Learn about facial recognition, including the history of it, arguments for and against it, the future of facial recognition and regulation, and privacy tips for using everyday things with facial recognition.
IRS Plan to Scan Your Face Prompts Anger in Congress, Confusion Among Taxpayers
The IRS has arranged for the digitization of identity verification. Starting summer 2022, tax-filers will be required to submit an identity self-scan inorder to access personal records.
Your Face Is, or Will Be, Your Boarding Pass
Airports, airlines, tech companies and government agencies are investing in biometric advancements, amidst the need for social distancing due to the pandemic. Not only does such technology verify identity, but it shortens security procedures for those who wish to utilize such technological features.
Texas Sues Meta Over Facebook’s Facial-Recognition Practices
The Texas attorney general sued Facebook over its use of facial-recognition technology. Attorney Ken Paxton claimed the technology violated state privacy protection policy for personal biometric data.
Facewatch: the Reality Behind the Marketing Discourse
Facewatch is a cloud based facial recognition system that strives to reduce shoplifting. Explore concerns over Facewatch’s controversial partnership with the police force.
Facial Recognition Overkill: How Deputies Cracked a $12 Shoplifting Case
Facial recognition helps authorities solve investigations in hours instead of days.
Facebook to Shut Down Facial Recognition in Photos, Videos
Facebook used a facial recognition system that automatically identified people in video and other content. However, the company was found to be wrongfully using the technology and after being sued by Illinois, the social-media platform shut down its user-tagging feature.
Ohio’s Controversial Facial-Recognition Database to get $21.4 Million Update, AG Dave Yost Says
Ohio is spending $21.4 million to revamp its controversial facial-recognition software to better identify suspects and missing persons by matching their photos with updated driver’s license and mug-shot pictures.
Physical Biometrics
Hospitals Turn to Biometrics to Identify Patients
Record keeping is a challenge in hospitals, leading many medical centers to utilize biometric technology to correctly identify patients. Some ways in which hospitals are using biometrics is through iris and palm-vein scanning.
Hackers Claim ‘Any’ Smartphone Fingerprint Lock Can Be Broken In 20 Minutes
Security vulnerabilities have been identified in fingerprint scanning technologies. A Chinese security research team claims to be able to defeat fingerprint security within 20 minutes using inexpensive hardware and a mobile application.
Learn about how iris recognition works, what kinds of data are collected, who sells the technology, how law enforcement uses it, threats it poses, among other information.
Calling Your Bank? Be Prepared to Have Your Voice Biometrics Collected
The chances that you’ve had your voice’s unique biometric identifier recorded are high. JPMorgan Chase, Wells Fargo, Barclays, and U.S. Bancorp have all implemented biometric platforms to identify individuals via “voice print” authentication.
Huge Security Flaw Exposes Biometric Data of More Than a Million Users
Biostar 2 is a security system used globally to safeguard commercial buildings. In 2019, a system vulnerability led to a data breach. More than 1 million credentials, including biometric fingerprint identifiers were exposed.
FBI Must Not Sidestep Privacy Protections For Massive Collection of Biometric Data
The FBI has requested to be exempt from federal privacy provisions that protect individuals personal information from misuse and abuse. The Electronic Frontier Foundation calls for legislation that would allow individuals to learn what data the government has on them and how that information is used.
Behavioral Biometrics
Behavioral Biometrics – Types, Use Cases, Benefits
Traditional authentication methods like PIN and password are becoming largely inefficient. Advanced authentication methods like behavioral biometrics are a potential solution. This post explores the different types of behavioral biometrics and their use cases.
Banks and Retailers Are Tracking How You Type, Swipe and Tap
Behavioral biometrics, such as the way you press, scroll and type, can be used by banks and merchants to collect data on customers and verify that the user is who they claim to be.
Gait Recognition System: Deep Dive into This Future Tech
Gait is a behavioral indicator used to identify a person based on their walk. Gait recognition systems observe characteristics like the human skeleton, silhouette, height, speed, and walking characteristics. Read to learn more about gait recognition, and the advantages and disadvantages of the technology.
The ‘Seductive Surveillance’ of Voice Recognition
The voice recognition and voice profiling industry is rapidly expanding, giving companies unprecedented insight into the behavior and habits of their consumers. This Q&A style report features Joseph Turows, an expert in the ad-tech industry.
Behavioral Biometrics and Biometrics in Payment Cards: Beyond the PIN and Password
With the cyber threat landscape growing and consumers becoming weary of endless password authentication methods, financial institutions have begun to assess biometric identification methods. Explore how biometric technology can enable banks to innovate online user authentication.
Can Behavioral Biometrics Change the Future of Cybersecurity?
There are several behavioral biometric approaches on the market including typing biometrics, voice recognition, signing pressure, and gait biometrics, yet they are currently not accurate enough to be used for verification.
Big Tech
Facebook
Texas Sues Meta Over Facebook’s Facial-Recognition Practices
The Texas attorney general sued Facebook over its use of facial-recognition technology. Attorney Ken Paxton claimed the technology violated state privacy protection policy for personal biometric data.
Facebook’s Massive Crash Was a Wake-up Call. Don’t Let the Next Digital Crisis Catch You Unprepared
Facebook’s day-long crash revealed society's dependence on social platforms. The outage compromised marketing dependent businesses and posed connectivity risks.
Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: Leaked Document
Facebook has a fundamental problem, the company has no idea where its user data goes. According to a leaked internal document, Facebook privacy engineers admit to a lack of data control, and thus a struggle to respond to privacy policy commitments.
Could a Bank Deny Your Loan Based on Your Facebook Friends?
In August 2021, Facebook secured a U.S. patent allowing lenders to measure an individual’s creditworthiness based on a user's social networks. Will our Facebook friends soon be shaping our credit profiles?
Applied for Student Aid Online? Facebook Saw You
Any student who accessed the webpage “StudentAid.gov” after January 2022 may have had their personal information shared with Facebook. Learn how Facebook gathers data from external websites using Meta Pixel, a tracking technology.
Revealed: Facebook's Internal Rulebook on Sex, Terrorism and Violence
Facebook’s rules and guidelines for deciding what users can post on the site are revealed for the first time in a Guardian investigation, fueling debate about the ethics of the company, as many moderators have concerns about inconsistent policies.
Facebook (Still) Letting Housing Advertisers Exclude Users by Race
After ProPublica revealed that Facebook advertisers could target housing ads to whites only, the company announced it had built a system to spot and reject discriminatory ads, yet issues remain.
Facebook Executives Shut Down Efforts to Make the Site Less Divisive
Facebook executed an internal study in effort to understand how its platform shaped user behavior. The company concluded that its algorithms polarized users. Read to learn why Facebook no longer plans to combat platform divisiveness.
Facebook and Big Tobacco: Why Social Media Is (and Isn’t) Like Cigarettes
“Facebook is like Big Tobacco.” Members of congress seem to like this comparison, especially when describing social media’s impact on children. This video explores the similarities and differences Facebook shares with Big Tobacco.
All the Ways Facebook Tracks You — and How to Limit It
Facebook gathers a lot of data about you. This data is primarily used for ad-targeting. Learn how Facebook tracks you and the strategies you can implement to regain digital privacy.
Cambridge Analytica and Facebook: The Scandal and the Fallout So Far
Documents prove that Cambridge Analytica used data improperly obtained from Facebook to build voter profiles.
How to Find out What Facebook Knows About You
What does Facebook know about you? This tutorial walks you through the personal information Facebook has collected. For example, the platform knows your preferences, political alignment, and habits.
Google
Google Allows Removing Personal Info from Search Results
Earlier this year, Google recognized that policy and identity protections need to evolve. The data giant has agreed to broaden the scope of content removal from Google Search.
Data Privacy Concerns with Google
Google collects and stores a plethora of data. This resource reviews Google’s history of data leaks, cookie usage, user tracking, and more.
Google Proposes a New Way to Track People Around the Web. Again.
Google makes up more than 60% of the web-browsing market. Subsequently, a large portion of Google’s revenue can be attributed to the ad-tech industry. Following backlash from privacy advocates, Google proposed a new way to track web browsing. Read to explore the pro’s and con’s of Google’s proposed system.
Chrome’s Incognito Mode Isn’t Private, So What’s the Point?
Unlike its name, Chrome’s Incognito Mode isn't really private. Read to learn why Incognito Mode does not fully enable private browsing.
How to Find out What Google Knows About you and Limit the Data it Collects
If you use Google products, such as Gmail and Google Search, your data is being collected. This resource enables you to see what data Google collects. Learn how Google keeps tabs on your location history, Youtube searches, Youtube watch history and more.
Google Hit With More Privacy Complaints for “Deceptive” Sign-up Process
The Google sign up process is designed to allow data tracking. Consumer advocates and privacy regulators have argued against Google, calling for privacy friendly sign-up options.
Google Delays a Privacy Change to its Chrome Web Browser
Google intends to gradually block trackers, or cookies, from Chrome in mid-2023 and eliminate them altogether later that year.
Apple
Apple vs. Feds: Is iPhone Privacy a Basic Human Right?
Few corporations can steer away from the complex political and social issues of the day. This article examines the tech company Apple and how CEO Tim Cook championed customer data privacy.
Apple Adds 'BlastDoor' Security Feature to Fight iMessage Hacks
BlastDoor is a security service that will roll out with Apple’s iOS 14 update. The feature focuses on preventing zero-click, iMessage based hacks.
Apple Wants to End Passwords for Everything. Here’s How It Would Work
Passwords have been the online security standard, however, the use of passcodes poses many risks. To combat password insecurity, Apple plans to end passwords and replace them with passkeys. Passkeys include biometric authentication methods, security keys, or PINS.
Despite the Hype, iPhone Security is no Match for NSO Software
If you are an iPhone user, you may not be secure against malicious Pegasus installation. Pegasus spyware can collect emails, call records, sound recordings, and browsing histories. If you believe Apple products keep you safe from spyware, think again!
iOS 15.2 was rolled out in March of 2022. The headlined installment of Apple's update was its new privacy focused feature: App Privacy Reports.
To increase consumer privacy, Apple announced it would deprecate its Identifier for Advertisers (IDFA).
To Be Tracked or Not? Apple Is Now Giving Us the Choice.
iOS 14.5 includes a new privacy tool, App Tracking Transparency, which could give consumers more control over how data is shared.
Apple and Big Tech
Apple and Google Split with Startups Over Antitrust Bill
Big Tech opposes two two pieces of proposed legislation: The American Innovation and Choice Online Act, which prevents Big Tech from favoring their services over others, and the Open App Markets Act, which aims to promote competition on app stores.
How Apple and Google Formed One of Tech’s Most Powerful Partnerships
Apple and Google, two of the world's biggest companies, have formed a multi-billion dollar partnership. It is estimated that Google pays Apple $8-12 billion a year to make Google the default search engine of Apple devices. At the same time, 15-20% of Apple’s revenue comes from its deal with Google.
Apple's App Tracking Transparency Update Is Turning Out to Be the Worst-Case Scenario for Facebook
Apple’s transparency update enables users to opt out of tracking. When given a choice, most people choose not to have their personal data tracked. Read to learn why Facebook is troubled by Apple’s transparency update.
FCC Member Calls On Apple, Google to Banish TikTok
The Biden administration has decided to study TikTok and other foreign controlled apps to investigate potential national security risks. To the FCC, the president’s ordained investigation is not enough – The federal communication regulator calls on Apple and Google to remove TikTok from their app stores.
Facebook Takes the Gloves Off in Feud With Apple
Apple plans to start requiring iPhone owners to choose whether to allow companies to track them across different apps, yet the practice threatens Facebook as the company is reliant on it to target ads and charge advertisers more.
Amazon
Amazon’s Ring Gave Surveillance Footage to Authorities 11 Times This Year Without User Consent
Amazon bought its doorbell division, Ring, for over $1 billion in 2018. Learn how Amazon’s home surveillance device has raised privacy concerns and how the e-commerce company has a data sharing history with law enforcement agencies.
Amazon Slams Amy Klobuchar’s Big Tech Bill While Monopoly Critics Slam Amazon
The American Innovation and Choice Online Act would prohibit Amazon from giving preference to their own products and limiting the availability of competing products, making the company oppose the bill and claim that the target of “self-preferencing” practices would cost them billions of dollars in fines. However, anti-monopoly advocates do not buy the company’s argument.
Thousands of Amazon Workers Listen to Alexa Users' Conversations
Amazon employs an Alexa voice review team, whose job is to listen and transcribe voice recording captured by Alexa. Read to learn how Amazon is addressing the privacy concerns around the Alexa voice review process.
Amazon Can’t Get Out of Big Tech’s Meeting Hell
Amazon is a tempting target for shareholder proposals and Amazon shareholders have valid reasons for discontent.
Amazon Says US Government Demands for Customer Data Went Up
According to Amazon’s transparency report, subpoenas and search warrants received by the government have increased. The data demanded by the government includes information collected from Echo, Kindle and Fire tablets, and inputs from Amazon’s home security devices.
Big Tech
How Do Big Tech Giants Make Their Billions?
Explore where Big Tech companies make their money, specifically how they generate revenue and how it breaks down.
The American Innovation and Choice Online Act is a bill that targets Big Tech companies. While the need for tech regulation is widely agreed, the American Innovation and Choice Online Act will create more problems than it solves. Explore why WSJ authors are pessimistic about the bill.
Big Tech Is Pushing States to Pass Privacy Laws, and Yes, You Should Be Suspicious
Big Tech is pushing to pass friendly, watered-down state privacy bills to avoid greater protections.
Andrew Yang is Pushing Big Tech to Pay Users for Data
Andrew Yang wants people to get paid for the data they create on big tech platforms through his Data Dividend Project, which establishes data as property rights under privacy laws like the California Consumer Privacy Act (CCPA).
The ‘Capital of Silicon Valley’ Is Ignoring Its Privacy Experts
In response to privacy concerns, San Jose created its Digital Privacy Advisory Taskforce. However, a series of emails obtained by Motherboard allude to clashes between Silicon Valley’s technologists and privacy experts.
How Big Tech Turns Privacy Laws Into Privacy Theater
Big Tech whistleblowers are rare and many don’t realize how complicit they are in their employers’ efforts to undermine privacy.
If you use Google products, such as Gmail and Google Search, your data is being collected. This resource enables you to see what data Google collects. Learn how Google keeps tabs on your location history, Youtube searches, Youtube watch history and more.
How to Protect Children From Big Tech Companies
Congress is considering various rules to regulate Big Tech. One proposed solution is to set an age limit on social media sites.
Big Tech Is Getting Clobbered on Wall Street. It’s a Good Time for Them.
Facebook, Apple, Amazon, Microsoft and Google are expected to emerge from a downturn stronger and more powerful in their respective markets.
Health Privacy
Health Data
Facebook Is Receiving Sensitive Medical Information from Hospital Websites
The Markup tested the websites of America’s top 100 hospitals. 33 of them contained a tracker, called the Meta Pixel. Meta Pixel, a tool created and owned by Facebook, collects patients' sensitive health information.
Health Insurers Are Vacuuming Up Details About You — And It Could Raise Your Rates
Health insurers have been merging information from data brokers with individuals' health histories to predict patient outcomes. Aggregated information is then used to assess risk and determine profit maximizing price plans.
Can the Private Sector Help Regulate Health Data Privacy?
Many companies in the health tech sector have lax privacy practices, leading a group of nonprofits to call for a self-regulatory project to guard patients’ data when it’s outside the health care system.
Three Emerging Risks and Regulations Affecting Fitness Trackers and Wearable Devices
The most extensive protection for personal health information is derived from the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is not currently understood to apply to fitness wearable and such lack of clarity creates a gray area over the industry’s use of health information.
Fitness Wearables: Who's Tracking Who?
Fitness wearables collect an array of data including one's heart rate, sleep patterns, stress levels, location, and sexual activity. Users need to be more aware of how unprotected health data could facilitate identity theft, drive up insurance premiums, and affect job status.
Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would Be Patients
Facebook's user tracking code, Meta Pixel, has been found on the websites of crisis pregnacy and abortion centers. Read to learn about the advertising incentives and privacy concerns of storing health data.
Millions of Americans' Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek
Medical images, including X-rays, MRIs and CT scans, and health data belonging to millions of Americans, are unprotected on the internet and available to anyone with basic computer expertise.
Medical Cybersecurity
Congress is Finally Taking Medical Cybersecurity Seriously
Internet connected medical devices are often targeted by hackers, leaving both patient data and health in danger. In April 2022, senators proposed a new bill that would require the FDA to issue medical device security guidelines.
IDX's CEO Tom Kelly Talks Cybercrime and Health Organizations
Medical data transferred from a physician to a mobile app is no longer protected by HIPPA. IDX CEO, Tom Kelly, issues warnings and offers practical solutions to individuals who use mobile health apps.
Defending the Healthcare Security Landscape in the Age of Connected Devices
The average U.S. hospital bed contains 10 to 15 internet-connected devices and the medical device market is expected to grow. As the number of connected medical devices expands, hackers gain an increased attack surface. Read to learn how medical providers, device manufacturers, and regulators can work together to ensure the safety of medical devices.
FBI Blocked Planned Cyberattack on Children’s Hospital, Director Says
Iranian hackers planned a cyberattack on Boston Children's Hospital. The attack was thwarted, thanks to a partnership between the hospital and the FBI.
Medical Device Cybersecurity: What You Need to Know
Most medical devices connect to hospital networks, cell phones, or other devices to share information. As intertnet-connected devices become more widespread, it has become imperative to implement medical device cyber security. Learn about some tips from the Food and Drug Administration (FDA) to protect your device and personal information.
Congress is Finally Taking Medical Cybersecurity Seriously
A new bill proposed by Sens. Jacky Rosen (D-Nev.) and Todd Young (R-Ind.) would require the Food and Drug Administration (FDA) to issue cybersecurity guidelines more regularly and share information about vulnerable devices on its website, following concerns on the vulnerabilities of medical devices to cyberattacks.
Reproductive Health Data
Federal Patient Privacy Law Does Not Cover Most Period-Tracking Apps
The Health Insurance Portability and Accountability Act (HIPAA), a federal patient privacy policy, has not kept up with technological advancements. For instance, HIPAA does not cover health care apps, fitness trackers, or at home-tests.
With Roe v. Wade overturned, concerns over digital privacy and data safety have amplified. Such concerns are not without reason as law enforcement could use one's location data and browsing history as evidence.
Following the ruling to overturn Roe v. Wade, digital rights experts warn that search histories, location data, messages and other digital information could be used by law enforcement agencies investigating or prosecuting abortion-related cases.
With Roe v. Wade Overturned, Your Abortion Searches Could Be Used to Prosecute You
Out of the top 20 websites used for online aboriton pill purchase, 17 used unencrypted, non-secure, HTTP. This statistic sheds light to the ease of accessing online personal data concerning aboriton. Now that Roe v. Wade is overturned, such information can be demanded by law enforcement agencies to enforce anti-abortion laws.
Roe v. Wade Overturned: Here's how Tech Companies and Internet Users can Protect Privacy
The Supreme Court's decision to overturn Roe v. Wade raises questions about whether and how tech companies should protect the information of users seeking reproductive health care.
These Period Tracker Apps Say They Put Privacy First. Here’s What We Found.
Four period tracking apps, Drip, Euki, Lady Cycle, and Periodical, were evaluated on the basis of user security. CR’s Digital Lab tested how well products and services protected consumer privacy. With concerns growing over reproductive health privacy, period tracking apps are under pressure to improve privacy policies.
Genetics
The US Urgently Needs New Genetic Privacy Laws
DNA data laws are filled with loopholes, yet people continue to put their DNA on the internet, creating the need for new genetic privacy laws.
It’s Too Late to Protect Your Genetic Privacy. The Math Explaining Why.
The centiMorgan (cM) measures how much DNA we share with others, specifically the length of identical segments that two people share due to descent from a common ancestor. This makes it possible to be tracked down without ever personally submitting DNA.
5 Biggest Risks of Sharing Your DNA With Consumer Genetic-Testing Companies
Genetic testing companies, like Veritas Genetics, Ancestry and 23andMe, come with privacy risks that are not well understood by consumers.
The Privacy Problems of Direct-to-Consumer Genetic Testing
An investigation by Consumer Reports found that direct-to-consumer genetic testing companies employ policies and practices that may unnecessarily compromise consumers’ privacy. While these companies do a relatively decent job of protecting DNA data, the many types of non-DNA data they gather are not treated with the same care.
DNA Testing Firm Data Breach Exposed Sensitive Information of More Than 2.1 Million People
A data breach associated with DNA Diagnostics Center (DDC), a national genetic and paternity testing organization, led to hackers accessing the personal information of more than 2.1 million people. While no genetic information was stolen and the breach was limited to the archived system, hackers accessed full names, social security numbers, credit and debit card numbers and CVV, financial account numbers, and the breached system’s password.
Investigators used GEDmatch to pinpoint and arrest the Golden State Killer, yet many consumers utilize genetic testing companies without fully understanding the issue of genetic privacy.
COVID - 19
Covid-19 Vaccines Are Coming — So Are Hackers
Cybercriminals have discovered a massive profit opportunity in the midst of COVID-19. During the pandemic, hackers have targeted the vaccine distribution and supply chain.
So This Is What Vaccine Passports Were Leading To
During the pandemic, a plethora of digital tools were introduced, each embedded with questionable data collection features. A YouTuber accepted the controversial tools (e.g. tracking apps) under the guise of COVID-19. Watch to learn how the government used and abused its citizens' personal data.
Telehealth: A Quarter-Trillion-Dollar Post-COVID-19 Reality?
Explore how the increase in telehealth usage has remained relatively stable since June 2020.
How the Pandemic has Exacerbated Online Privacy Threats
Due to COVID-19, many individuals were forced to engage in online work, education, and activities, leading to increased tracking and data sharing with third parties.
How Americans See Digital Privacy Issues Amid the COVID-19 Outbreak
During the coronavirus outbreak, Pew Research Center surveyed Americans on their views related to privacy, personal data, and digital surveillance. Explore 10 takeaways from the research.
Open Science Sessions: How Flawed Data has Driven the Narrative
Norman Fenton is a Profession of Risk Management and specializes in risk management for critical systems. In this presentation, Dr. Fenton discusses the probabilistic models used during the COVID pandemic, and how those models inaccurately presented COVID data to the general public.
Police Deploy 'Pandemic Drone' to Detect Fevers and Enforce Social Distancing
In mid 2020, Connecticut police announced the use of “Pandemic Drones,” used to monitor the enforcement of covid rules. The drones were able to enforce social distancing and detect respiratory abnormalities.
Data Brokerage
The Data
Yes, Your Personal Information Is for Sale. Here’s What to Do About It
Data brokers are sites that legally gather and sell your information. These sites use automated software to harvest information from tech companies, telecommunication providers, credit bureaus, tax records, court records, and other public sources. Your personal data is then unified and sold at a listing price of $20.
A Data Broker Offers a Peek Behind the Curtain
The Acxiom Corporation, a marketing technology company that has collected details on many adults in the United States, released a free website where consumers can view some of the information the company has collected about them.
Data Brokers Know Where You Are — and Want to Sell That Intel
Data brokers, among selling other sensitive consumer information, have begun selling real-time location data. Information on the number of times and duration an individual visited a location can be purchased for a small fee or no cost at all. Read to learn how private companies intimately track American’s daily lives.
How to Keep Your Data From Brokers and Marketers
Privacy Rights Clearinghouse estimates that there are over 500 data brokers in the U.S. With a vast number of companies collecting and selling your personal information, it is crucial to combat data tracking. Explore how you can keep your data from brokers.
Everything We Know About What Data Brokers Know About You
Explore what we know and do not know about the consumer data industry, including how much companies know about individuals, where they get the information, buying and selling limits, and other findings.
How to Wrestle Your Data From Data Brokers, Silicon Valley — and Cambridge Analytica
Learn how you can obtain your data from Cambridge Analytica, ALC Digital, Facebook, Google, Experian, Epsilon, and Oracle, as well as what you may receive from each company.
The Brokers
Data Brokers: Last Week Tonight with John Oliver
The multibillion-dollar data broker industry collects your personal data and resells it to others. This unregulated, invasive industry has been mediating surveillance capitalism.
Here are the Data Brokers Quietly Buying and Selling Your Personal Information
The new Vermont law requires companies who buy and sell third-party data to register with the Secretary of State. The law has revealed 120 U.S. based data brokers.
Data Broker Profile: Timeline Example of Abuses
Data brokers have histories of breaches, hacks, and privacy complaints. This resource provides a timeline of activities and abuses of data brokers from 2000-2018.
Oracle is a preeminent databroker who specializes in marketing and ad-targeting. This research tool introduces the broker, and provides crosslinks to explore related news and updates.
Acxiom is a marketing broker who aggregates and links consumers information to provide highly personalized ads. This research tool introduces Acxiom and provides an overview of the company's activities.
Equifax Says Cyberattack May Have Affected 143 Million in the U.S.
Equifax endured a cyberattack where hackers gained access to information including social security numbers, driver’s license numbers, names, birth dates, and addresses.
Acxiom, the Quiet Giant of Consumer Database Marketing
In 2012, more than 23,000 computer servers were collecting, collating, and analyzing consumer data for the Acxiom Corporation. The company has amassed a large commercial database on consumers, collecting data points on individuals.
After Breach, Companies Warn of E-Mail Fraud
An Epsilon breach exposed the e-mail addresses, and some names, of customers of some of the largest companies in the country.
Data Brokers and Politics
The Little-Known Data Broker Industry Is Spending Big Bucks Lobbying Congress
Collectively, data broker spending on lobbying in 2020 rivaled the spending of individual Big Tech firms like Facebook and Google. This article explores how the data broker industry is spending money on lobbying, often in an attempt to avoid data security and privacy regulation.
The Real Problem Wasn’t Cambridge Analytica, But The Data Brokers That Outlived It
Cambridge Analytica was a political consulting firm that got caught in a scandal for misusing millions of users’ Facebook data. This post argues Cambridge Analytica failed to produce a proper legislative repose. Personal data is continuously exploited by data brokers who are hardly regulated.
Time to Build a National Data Broker Registry
Jordan Abbott, chief data ethics officer for Acxiom, believes that until the United States has a national privacy law, a national data broker registry should be implemented to help consumers differentiate good data actors and bad ones.
Data Brokers Are a Threat to Democracy
Federal privacy bills don't give sufficient attention to data brokers. This opinion piece claims data brokers are the “middlemen of surveillance capitalism” and a threat to democracy. Read to learn how data brokers purchase, aggregate, and repackage sensitive data, with virtually no restrictions.
Congress to Investigate Data Brokers and Period Tracking Apps
After Motherboard’s findings that data firms were offering information pertaining to visitors of Planned Parenthood abortion clinics, the House Oversight Committee began investigating the privacy of reproductive health data and demanding more information from data brokers and companies that manage period tracking apps.
Analysis: Vermont's Data Broker Regulation
Following the 2017 data breach of Equifax, Vermont enacted an unprecedented bill to regulate data brokers. Read to learn how Vermont’s regulation strives to improve consumer data protection.
Intel Executive: Rein In Data Brokers
Given how quickly personal data can be spread, sold, and shared, David Hoffman, associate general counsel and global privacy officer at Intel Corporation, advocates for congress to pass comprehensive federal privacy legislation to protect the privacy of individuals.
Privacy Concerns
99% of Executives Listed on More Than Three-Dozen Data Broker Websites
Data brokers pose problems to individuals and businesses alike. For starters, a leaked IP address could lead to network eavesdropping and communications hijacking.
How Data Brokers Threaten Your Privacy
Learn about what a data broker does and how they are legal.
Data Brokers: A Call For Transparency and Accountability
For decades, policy makers have expressed concern over the lack of transparency in the data broker industry. In this report, the Federal Trade Commission conducts an in-depth study of nine brokers and their practices.
Twelve Million Phones, One Dataset, Zero Privacy
A dataset revealed more than 50 billion location pings from the phones of more than 12 million Americans, with each piece of information illuminating the precise location of a smartphone. This information was alarming to many as the findings could easily be abused.
Data Brokers and Sensitive Data on U.S. Individuals
This report examines 10 major data brokers and the data they hold on individuals, as well as addresses the policy implications for the United States.
Mobile Apps
Spotify
All the Ways Spotify Tracks You — and How to Stop It
Everything you do on Spotify is tracked: every tap, track played, playlist created, and podcast listened to is fed to the app's big data machine.
Learn how Spotify Targets and delivers real-time advertisements.
Spotify and Tinder Need to Stop Being Creepy With Customer Data
Big tech is using personal data to creep on you. Learn how Tinder tracks your casual encounters, how Netflix analyzes your viewing trends, and how Spotify is creating increasingly targeted advertisements.
WPP’s Data Alliance Partners With Spotify
Spotify provides a unique data set for the marketing industry. For starters, musical attributes can be used to predict an individual's mood, resulting in the deliverance of more relevant ad targeting.
Twitter
A Bigger Picture on Elon & Twitter
Unlike other social platforms, Twitter is a place where politics and journalism live. Journalists and the media have large control over what people are feeling, thinking, and believing. While many consider Twitter solely as a platform for free speech, the app also has large control over the political and democratic landscape. Tune in to this episode of Your Undivided Attention to learn about the risks and opportunities Elon Musk faces as the new Twitter owner.
Elon Musk Says He Will Encrypt Twitter 2.0 Messages To Stop Spying
Elon Musk claims he will introduce end-to-end encryption for Twitter's direct message feature. While encryption is a step in the right direction, even when encoded, messages will not be 100% private.
Twitter Has a New Owner. Here’s What He Should Do.
When you send a direct message on Twitter, three people have access to that message: you, the recipient, and Twitter itself. Elon Musk plans to implement end-to-end encryption, disabling Twitter from accessing your private messages. Read to learn more about Musk’s plans and if experts agree with his platform renovation ideas.
After This Week’s Hack, It Is Past Time for Twitter to End-to-End Encrypt Direct Messages
Hackers gained access to an internal admin tool and compromised high profile Twitter accounts (e.g. Elon Musk and Barack Obama). Learn how Twitter was at fault for this attack and how implementing end-to-end encryption could have safe guarded the social network company from the attack.
Twitter Settings Changes That'll Help Keep Your Data Private
Learn about a few tweaks that you can make to stop Twitter from sharing your information.
TikTok
TikTok Faces Scrutiny in State Attorneys General Probe of Online Harms to Children
TikTok has an estimated 90 million U.S. users, many of whom are children. A coalition of state attorneys general are launching an investigation into TikTok to examine the psychological effects on young users.
U.S. Moving — Some Say Too Slowly — to Address TikTok Security Risk
The Biden Administration ordered a review of apps controlled by foreign adversaries. Of the apps reviewed, TikTok was highly scrutinized. Read to learn why TikTok was flagged as a security threat and what government officials are doing to address the data security problem.
Investigation: How TikTok's Algorithm Figures Out Your Deepest Desires
A Wall Street Journal investigation sought to uncover the processes that enables TikTok’s addictive algorithm. The analysis revealed that amount of time one lingers over a piece of content is the largest determinant of user engagement.
How the U.S-China Fight for TikTok Further Fractures the Internet
TikTok was labeled a national security threat by former President Donald Trump. While TikTok’s parent company is independent from the Chinese government, fears arose over the possibility that TikTok will be forced to share user data.
Parents of Two Children Sue TikTok After Alleging They Died From Doing ‘Blackout Challenge’
TikTok, the highly scrutinized social media app, faces yet another lawsuit. Two parents filed suit alleging the company’s algorithm motivated minors to participate in the deadly ‘blackout challenge’.
TikTok Videos Show What It’s Like Living With Dementia, and Raise Privacy Questions
Dementia-related hashtags have accumulated billions of views on TikTok, and are part of a growing category of posts related to medical conditions and disorders. The goal of these posts is to raise awareness and reduce stigma, yet controversy remains. There is debate about privacy and consent when caretakers post videos of those with dementia, at times when they are confused or acting out, to offer tips, provide education, vent frustrations, and find support online without permission of the individual battling the condition.
Dating Apps
Grindr User Data Was Sold Through Ad Network
Since 2017, Grinder has been collecting and selling user location data. In 2020, the dating app ceded sharing user information with ad partners.
How Safe is Online Dating? Data Privacy in Dating Apps
How safe is a user's personal data when provided to online dating sites? This article examines the types of demographic data collected by online dating apps, the associated privacy struggles, and suggested security improvements.
Tinder and OkCupid Could Soon Let You Background Check Your Date — for a Price
Match Group, which owns Tinder, Hinge, Match.com, OkCupid, PlentyofFish and others, is investing in Garbo, a startup that helps app users conduct background checks on prospective dates.
The Teens Slipping Through the Cracks on Dating Apps
While online dating is a common way for adults to find new relationships, the ease with which underage users can create profiles remains largely unaddressed, allowing many to lie about their birthday and begin interacting with others.
Instagram
Shedding More Light on How Instagram Works
Instagram uses a variety of algorithms to rank content. Each part of the app; feed, explore, and reels, are ranked based on user generated signals and statistical predictions. This post sheds light on how Instagram’s technology works.
Instagram Amid Rising Privacy Concerns is Working on a Cookies Data Permissions Section
Following rising privacy concerns, Instagram started to make cookies more user controllable. The social media platform plans to provide users with a cookies privacy section.
How to Protect Your Privacy on Instagram
An Instagram profile reveals an abundance of personal details. This article offers tips and tricks to protect your privacy on Instagram.
Instagram Vulnerability Allowed Hackers Access to Control Your Phone
A critical vulnerability was found in Instagram's code that allowed hackers to gain control of a user's social media account and mobile device. Read to learn how this vulnerability works and how to stay safe on Instagram.
Instagram Privacy Policy: What You Should Know?
Like most social media apps, Instagram makes money through advertising. Learn how Instagram uses your data for ad-targeting and the strategies you can implement to limit the platform's data collection.
Instagram Fumbles in Its Moderation of Abortion Content
Instagram has labeled several posts about aboortion rights as sensitive content. Following the censorship of abortion realted information, questions concerning the platform’s content moderation algorithm arose.
Snapchat
Learn All About Snapchat’s Privacy Policy
Snapchat is a mobile app used for chatting and video. This post analyzes Snapchat's privacy policy and proposes user data control strategies.
Is Snapchat Privacy-Friendly? [Analysis]
Snapchat gained its popularity through its “disappearing” photos feature. From the margins, this feature may allude to user privacy. In reality, snap memories are saved on Snapchat’s servers and deleted snapchats can easily be recovered.
Secret Service Chief James Murray Leaving Agency for Snapchat
Secret Service Director James Murray stepped down from his position and accepted a job as the chief security officer for Snap Inc., the owner of Snapchat.
The Human Problem at the Heart of Snapchat’s Employee Data Breach
A Snapchat data breach exposed payroll information, social security numbers, and names of roughly 700 employees. The attacker posed as the company’s chief executive and tricked an employee into emailing the sensitive information.
A Phishing Attack Scored Credentials for More Than 50,000 Snapchat Users
Thousands of Snapchat account credentials were available on a public website during a phishing attack that impacted over 55,000 accounts. The attack relied on a link sent to users that, when clicked, opened a website that mimicked the social media company’s login screen.
Miscellaneous
Following the mass shooting in Highland Park, Illinois, concerns about tech companies’ moderation efforts rise, especially since the shooter posted violent content on YouTube and other platforms prior to carrying out the massacre.
How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users
Despite Mark Zuckerberg’s assurance of secure WhatsApp messages, WhatsApp has more than 1,000 contract workers in Austin, Texas, Dublin and Singapore sifting through millions of private messages, images, and videos.
As Young Gunmen Turn Toward New Social Networks, Old Safeguards Fail
The gunmen from the Uvalde and Brooklyn shootings used a combination of apps including Snapchat, Instagram, Discord, and Yubo to meet people and share violent plans. These apps, designed to keep communication more-private, are ill-equipped to police such content.
The Internet of Things and Artifical Intelligence
The Internet of Things (IoT)
Alasdair Allan: The Coming Privacy Crisis on the Internet of Things | TED Talk
The content on the internet appears to be free. It’s not! We pay for it with our data. The Internet of Things consists of devices, like smart-phones and watches, that collect and sell our sensitive data.
What Is the Internet of Things (IoT)?
The Internet of Things allows connection to everyday objects: devices include kitchen appliances, cars, thermostats, and baby monitors. Learn about IoT and its industry-wide applications.
IoT's Importance is Growing Rapidly, But Its Security Is Still Weak
Unmanaged IoT devices are growing in number, creating an extended attack surface. As the attraction of IoT devices remains authentic, there is a pressing need to tighten device security. Read to learn about the risks of insecure IoT devices and the rewards to implementing IoT protection strategies.
Main Challenges of Implementing IoT Security Standards
Generic security protocols have been failing to secure IoT devices. This post describes the common problems associated with implementing IoT security standards and calls for an overarching system of regulations.
How Blockchain Will Solve Some of IoT's Biggest Security Problems
A blockchain is a series of distributed data records that are linked together to become an immutable digital ledger. As the number of IoT devices are forecasted to grow exponential, blockchain technology can provide much needed device security.
Consumer IoT Products
Three Emerging Risks and Regulations Affecting Fitness Trackers and Wearable Devices
The most extensive protection for personal health information is derived from the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is not currently understood to apply to fitness wearable and such lack of clarity creates a gray area over the industry’s use of health information.
Every Consumer IoT Device Should be Free
Smart devices, or IoT devices, are becoming more common and providing retailers with another data access point. Learn how IoT providers benefit from the influx of IoT generated user data, yet consumers pay for the device and risk losing sensitive data.
Alexa has Been Eavesdropping on You This Whole Time
Amazon keeps a copy of everything Alexa records after it hears its name.
Skill Squatting: The Next Consumer IoT Nightmare?
Smart speakers rely on voice commands to perform a task. Skill squatting occurs when bad actors expose users to risks by redirecting commands to malicious gateways. These malicious re-routes can grant hackers access to password information or a home network.
Peloton’s Leaky API let Anyone Grab Riders’ Private Account Data
Peloton is an exercise media and equipment company with more than 3 million subscribers. In 2021, a system bug exposed users' private data including a person's age, gender, city, weight, and workout history.
Fitness Wearables: Who's Tracking Who?
Fitness wearables collect an array of data including one's heart rate, sleep patterns, stress levels, location, and sexual activity. Users need to be more aware of how unprotected health data could facilitate identity theft, drive up insurance premiums, and affect job status.
The Metaverse
What Is the Metaverse, Exactly?
Meta and Microsoft are building technology to enable the metaverse. While the idea of a metaverse has been popular among tech companies, the constitutions of an immersive internet are largely vague and undefined. Read to learn what a metaverse is and what tech giants predict the metaverse will become.
The metaverse has gone mainstream and has a wide range of use cases from the consumer-facing level to the enterprise setting. This review details how different industry sectors envision the metaverse.
The Pew Research Center surveyed technology experts, asking their opinion about the trajectory and impact of the metaverse by 2040.
Digital rights advocates have sounded the privacy alarm following Big Tech’s plan to create immersive VR spaces. In a metaverse future, tech companies profit off of expanded data collection capabilities. VR headsets collect more data about us than traditional screens.
U.S. vs. China: The Rules and Design Shaping the Metaverse
The transition to the metaverse is expected to be more complication in China than the U.S. While the U.S. has loose tech regulation, China has established subcommittee to create specific standards for the metaverse.
What Is the Metaverse's Future in K-12 and Higher Ed?
The Business Research Company projects the Augmented Reality/Virtual Reality (AR/VR) education-technology market to reach $32 billion by 2026. K-12 schools and universities have already adopted AR/VR tools for hands-on science courses, career exploration, and skill development operations.
Smart Cities
Is There Privacy of Data in Smart Cities?
Smart city technology has opened up endless possibilities for surveillance monitoring. This report overviews the positive and negative aspects of big data and smart cities. When considering both benefits and downfalls, one thing remains clear: data privacy must remain central in policy making as the world transitions to smart cities.
Toronto Wants to Kill the Smart City Forever
In 2017, Toronto confirmed a smart city renovation guided by Sidewalk Labs, a Google owned urban development firm. However, the smart city plan failed. Experts argue that the city wasn't ready for a data rich future. Toronto’s residents could not tolerate private-sector control of their municipality.
Are Privacy Concerns Halting Smart Cities Indefinitely?
When creating digitally smarter cities, personal data privacy is often bypassed. This article considers arguments for and against creating smart, yet, privacy lacking cities.
We Need Smarter Cities Not Smart Cities
The term 'smart city,' has become synonymous with high-tech urbanization. This review calls for a more expansive concept of smart cities – a definition that encompasses a wide range of urban innovation and considers the interplay between the community, local government, and the private sector.
Redefining Smart Cities with Cloud Technologies
Cloud technologies play a central role in smart government applications. Smart cities integrate data, analytics, and security to produce beneficial business insights.
Securing Autonomous Vehicles Paves the Way for Smart Cities
Discussions of adopting autonomous vehicles (etc; the mass development and production of self-driving cars) have become more and more common. The advocates of personal use, autonomous vehicles, often ignore vehicle security, congestion, and emission issues. On the other hand, critics claim self-driving cars would be impractical in a city environment, especially following estimates of sustained population growth.
Artifical Intellegence (AI)
What Is The Artificial Intelligence Of Things? When AI Meets IoT
When artificial intelligence is added to the Internet of Things, you get the artificial intelligence of things (AIoT). AIoT allows devices to analyze data and make decisions without human involvement.
The EU AI Act: What you Need to Know, How to Improve It
The European Union wants to regulate artificial intelligence through the EU AI Act. Listen in on a conversation with Mozilla Foundation's Executive Director Mark Surman, as he describes the key facts of the EU AI Act.
The 7 Biggest Artificial Intelligence (AI) Trends In 2022
According to Google’s CEO, AI will have a greater impact on society than fire or electricity. Explore 7 AI trends that have been transforming technology in 2022.
Artificial Intelligence And Data Privacy – Turning A Risk Into A Benefit
Businesses love big data. When big data is fed to AI systems, companies gain unprecedented insights into their customer base. However, without a strong AI privacy policy, businesses can face significant financial loss and risk a company reputation.
Kira on GPT-3’s Pros + Cons – Privacy Is An Issue
GPT-3 is a language model that relies on algorithms to read and produce text. This article overview GPT-3, its strengths, and privacy weaknesses.
Research Tools
Web Tools
The National Institute of Standards and Technology (NIST) seeks to enable better privacy engineering practices that support privacy by design. Explore NIST’s Privacy Framework, a tool for improving privacy through enterprise risk management.
Interested in buying a smart device? Recently downloaded a mobile app? Mozilla’s Privacy Not Included will generate a privacy report to aid your purchase decision making.
US State Privacy Legislation Tracker
Explore a tool that tracks proposed and enacted comprehensive privacy bills.
2022 State Privacy Law Tracker: A Comprehensive Resource for Tracking U.S. State Privacy Legislation
Explore a state-by-state interactive map that tracks privacy legislation in the U.S.
2022 Consumer Privacy Legislation
Explore consumer privacy legislation across the United States.
This interactive site explores the top 902 most prevalent web trackers.
This resource is an interactive website privacy tracker. Enter in a link and see which user-tracking technologies are hosted on the site.
IT Governance Free Downloadable Green Papers
IT Governance has created a series of green papers to help organizations acknowledge incoming cyber threats, craft protective cybersecurity solutions, and comply with legal and industry regulations. Explore the green papers related to cyber security, data protection, security testing, and more.
A breach is an incident that exposes confidential, sensitive, or protected information to the public. Enter an email address or phone number and discover if your data has been exposed.
How to Find out What Google Knows About You and Limit the Data it Collects
If you use Google products, such as Gmail and Google Search, your data is being collected. This resource enables you to see what data Google collects. Learn how Google keeps tabs on your location history, YouTube searches, YouTube watch history, and more.
How to Find out What Facebook Knows About You
What does Facebook know about you? This tutorial walks you through the personal information Facebook has collected. For example, the platform knows your preferences, political alignment, and habits.
Google Ad Settings, Ad personalization
Google personalizes ads based on your personal information, data from third-party adversitizers, and search history. Explore the categories Google has created concerning you.
Changes in demographics, technology, student needs, and budgetary pressures have directed the education industry to digital transformation. Learn how the educational environment can use data to adapt to change.
Articles
The Mozilla foundation works to ensure internet accessibility and availability. Within this goal, Mozilla seeks to improve internet health and build trustworth AI systems. This page documents Moziall’s current movement.
Half of Americans Have Decided Not to Use a Product or Service Because of Privacy Concerns
52% of Americans have decided not to use a product of service due to privacy concerns. This report provides statistics encapsulating the American view of privacy and surveillance by companies and governments.
A majority of Americans report using YouTube and Facebook, while adults under 30 years old more commonly use Instagram, Snapchat and TikTok.
Smartphones can unobtrusively collect behavioral data including data pertaining to social interactions, daily activities, and mobility patterns.
Teens, Social Media and Technology 2018
Explore the change in the most popular online platform amongst teens and the mixed views youth have on the impact of social media on their lives.
Explore the patterns and trends of mobile ownership and dependency.
Case Studies in Government Digital Identity
Governments, banks and other enterprises are using iProov’s biometric identity authentication to verify individuals.
Trellix Threat Labs Research Report
The Trellix Threat Labs Research Report analyzes cyberattacks and threats, including ransomware and those that target Ukraine.
Explore the increasing malware rates.
Privacy Policies
General
These Companies Have the Best (And Worst) Privacy Policies
The Center for Plain Language ranked privacy policies on how easily they could be understood; those that ranked higher avoided jargon and confusing sentence structure, and were clearly organized.
We Read 150 Privacy Policies. They Were an Incomprehensible Disaster.
The length and readability of privacy policies from about 150 websites and apps were assessed using the Lexile test, revealing that most privacy policies exceed the college reading level.
Americans’ Attitudes and Experiences With Privacy Policies and Laws
97% of Americans say they have been asked to agree to a company's privacy policy, yet relatively few report reading and understanding these policies. This report by the Pew Research Center explores the demographic differences in reading privacy policies and provides statistics encapsulating the American opinion of corporate data accountability.
I Tried to Read All My App Privacy Policies. It Was 1 Million Words
When confronted with an app’s privacy statement, we habitually agree to its terms and give companies legal consent to use our data. Our incurious acceptance of privacy policies is often driven by the lengthy nature of privacy policies.
Big Tech
Explore Microsoft’s commitment to privacy.
Explore the information Google collects and how they use personal information.
Explore the personal data Microsoft collects, how it is used, and why the company shares it.
Explore how Apple collects, uses, and shares your personal data.
Explore what information Facebook collects and how it is used and shared.
Social Media
Explore what data LinkedIn collects, how it is used and shared, and your choices regarding the information.
Explore how Twitter collects, uses, and shares your personal data.
Explore what information Instagram collects, how it is used, and what is shared with others.
Explore the information that Snapchat collects, how it is used, whom it is shared with, and the controls the company gives users to access, update, and delete information.
Explore the information TikTok collects and how it's used.
Retail
Tiffany & Co. California Consumer Privacy Statement
California Consumer Privacy Statement applies solely to California consumers. Tiffany & Co. outlines personal information that may be collected.
Explore the personal information that Tiffany & Co. collects, how the company uses the data, who it is shared with, and the measures taken to protect the information.
Dick's Sporting Goods Privacy Policy
Explore the types of information Dick’s Sporting Goods collects, the choices you have surrounding such information, and how personal data is collected, used, shared, updated, and secured.
Communication
Explore the information WhatsApp collects, how it is used, and what personal data is shared.
Explore how Slack collects, uses and discloses information and what choices you have regarding personal data.
Explore the security and end-to-end encryption that Signal uses to provide private messaging, Internet calling, and other services to users.
Internet Service Providers
Explore how T-Mobile collects data, the personal data the company collects, how it is used and shared, how it is protected, and your personal data choices.
Explore the information Verizon collects, how it is used and shared, your choices about uses and sharing, and your rights under certain privacy laws.
Explore the information AT&T collects, and how it is collected, used, and shared.
Credit Cards
Explore the types of personal information Mastercard collects, why it is collected, the other parties with whom the company may share the information with, and the measures taken to protect the security of the data.
Explore how Visa collects, uses, and discloses personal information.
American Express Privacy Center
Explore how American Express collects, uses, and shares information.
Miscellaneous
Explore how Uber utilizes personal data.
Explore how Lyft collects, uses, and shares your personal information.
Explore how BP American processes your personal information.
Airbnb Privacy Policy for the United States
Explore what personal information Airbnb collects, how the information is used, and what is shared with others.
Explore the privacy practices that Fitbit implements for their devices, the information collected, how it is utilized, how it is shared, individual rights to control and access personal data, and the measures the company takes to keep data safe.
Privacy Policy for StudentAid.gov and the myStudentAid App
Explore the privacy implications of using the webpage StudentAid.gov and the myStudentAid app, both of which are operated by the U.S Department of Education.
The Walt Disney Privacy Center
Explore the types of information The Walt Disney Company collects, and how it is collected, used, and shared.
Court Cases
Big Tech
Amazon Hit With Another Class Action Lawsuit Over Alexa Voice Recordings
Amazon faces another class action lawsuit for allegations of its Alexa device recording users’ conversations without warning or consent.
Microsoft Class Action Alleges Company Violates Consumers’ Biometric Privacy
Microsoft faces a class action lawsuit for allegations of violating the Illinois Biometric Information Privacy Act (BIPA) by collecting facial biometric data of users of its Photos app on Windows 10 and Windows 11.
Lawsuits Say Siri and Google are Listening, Even When They’re Not Supposed To
Apple and Google face lawsuits for allegations of violation of privacy by voice assistants, including Siri and Google.
U.S. Appeals Court Voids Google 'Cookie' Privacy Settlement That Paid Users Nothing
The 3rd U.S. Circuit Court of Appeals in Philadelphia said it could not tell whether a $5.5 million settlement was fair in Google’s class-action lawsuit and said a lower court judge should revisit the case.
Big Tech and Social Media
Google and YouTube Will Pay Record $170 Million for Alleged Violations of Children’s Privacy Law
Google and YouTube will pay $136 million to the Federal Trade Commission (FTC) and $34 million to New York for violating the Children’s Online Privacy Protection Act (COPPA) Rule for YouTube illegally collecting personal information from children without parents’ consent.
Where Did Facebook and Instagram Filters Go? Why You May Not Be Able to Access Them
Meta turned off some augmented reality (AR) features on Facebook, Instagram, Messenger, Messenger Kids and Portal due to laws regarding privacy and facial recognition in Illinois and Texas.
Judge Approves $650M Facebook Privacy Lawsuit Settlement
A $650 million settlement was reached in a privacy lawsuit against Facebook for the company allegedly using photo face-tagging and collecting other biometric data without the permission of its users.
U.S. District Court Northern District of California Case 3:15-cv-03747-JD Document 537
Explore one of the court documents from the Facebook lawsuit resulting in a $650 million settlement.
Facebook Checks for $397 Hit Illinois Bank Accounts
After a Facebook class-action lawsuit, the company agreed to pay $650 million to end the litigation, allowing about 1.6 million Illinois residents to collect $397 by check or direct deposit. The lawsuit alleged that Facebook violated Illinois residents’ rights by collecting and storing digital face scans without permission. The state’s Biometric Information Privacy Act allows consumers to sue companies for privacy violations involving fingerprints, retina scans, facial geometry and similar data.
Facebook Content Moderator Details Trauma That Prompted Fight for $52 Million PTSD Settlement
Facebook agreed to pay $52 million to thousands of workers who suffered the psychological consequences from reviewing posts depicting acts of suicide, murder, child abuse and other disturbing content.
FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook
Facebook violated a 2012 Federal Trade Commission (FTC) order by deceiving users about their ability to control the privacy of their personal information and now has to pay a $5 billion penalty and make changes to increase accountability and transparency about users’ privacy.
Facebook to Delete 1 Billion People's 'Facial Recognition Templates'
Facebook said it would delete more than 1 billion users' facial templates following a settlement of a class action lawsuit in Illinois in which Facebook agreed to pay $650 million for allegedly using face-tagging and other biometric data without the permission of users.
Unique Illinois Privacy Law Leads to $550M Facebook Deal
A Facebook lawsuit that settled for $550 million alleged that Facebook broke Illinois’ Biometric Information Privacy Act, which allows people to sue companies that fail to get consent before harvesting users’ data, including through facial and fingerprint scanning.
Social Media
That TikTok Notification About a Settlement Payment Isn't a Scam. Here's What to Know.
TikTok’s parent company, ByteDance, agreed to pay $92 million as part of a class action lawsuit to settle allegations pertaining to harvesting personal data without consent.
Twitter Agrees to Pay Millions in Fines After US Government Alleges Privacy Violations
After Twitter failed to tell its users for years that it used their contact information to help marketers target their advertising, the company agreed to pay $150 million in fines.
FTC Charges Twitter with Deceptively Using Account Security Data to Sell Targeted Ads
The Federal Trade Commission (FTC) takes action against Twitter for deceptively using account security data for targeted advertising. The company faces a $150 million penalty and is banned from profiting from the data collected deceptively.
A lawsuit claims that Snapchat violated the Illinois Biometric Information Privacy Act (BIPA) by failing to collect a release from users authorizing the company’s collection of private information as the company stores and shares facial features and voices without providing required disclosures.
Miscellaneous
Shutterfly settled a class action lawsuit for $6.75 million after violating the Illinois Biometric Information Protection Act (BIPA) by collecting and storing Illinois residents’ biometric data without consent.
Clearview AI, a face surveillance company claiming to have captured more than 10 billion faceprints from peoples’ online photos, agreed to a new set of restrictions that ensure compliance with the Illinois Biometric Information Privacy Act (BIPA).
The developer of Flo Health, Inc. has settled Federal Trade Commission allegations that the company shared the health information of users with outside data analytics providers after promising that such information would be kept private.
FTC Requires Zoom to Enhance its Security Practices as Part of Settlement
The Federal Trade Commission announced a settlement with Zoom Video Communications, Inc. that will require the company to implement a information security program to settle allegations that the video conferencing provider engaged in a series of deceptive and unfair practices that undermined the security of its users.