This is an absolutely fascinating look at how the law behind the NSA Domestic spying program originated and it clearly demonstrates the frightening power of the so-called “law of unintended consequences”.
Certainly the origin of the legal concepts at play here make it clear how ridiculous the extremes to which they are now being carried by the likes of the NSA truly are. I would call it “insanity” but sadly it is, arguably, the law.
With the recent release of the iPhone 5s, a new privacy concern comes hand-in-hand with the new device. One of the features being debuted with the iPhone 5s is Apple’s Touch ID, which allows the iPhone user to, among other things, unlock their phone with their finger print, using an embedded fingerprint reader in the phone.
Although fingerprint readers in electronic devices is not a new thing, by any means, Touch ID appears to be among the first (if not the first) incorporation of this technology into an always connected mobile device. The concern with this new combination of technologies is over how the individual’s biometric data will be saved, who will have access to it, and how this may affect user’s privacy. These are questions which, based on the limited information which Apple has released about precisely how Touch ID works, remain unanswered.
It appears that the U.S. Drug Enforcement Agency is publicly taking the position that medical records provided to pharmacists are not private and can be obtained by the DEA without the need to show cause for the production of such records.
This position, while not specifically constituting new law, has also not received serious challenge in the Courts as of yet. Pending such a challenge the DEA continues to seek and obtain such medical records from pharmacies by way of subpoenas which require no advanced finding of probably cause.
It does appear, however, that the ACLU is preparing to step up to the plate to challenge this practice. How such a challenge shakes out in the end may have a profound impact on the privacy of individual’s medical records, unless Congress steps into the fray to either explicitly uphold the privacy of such medical records or to explicitly limit or eliminate any expectation of privacy in individual medical records.
Within just days of the release of the new iPhone 5s, it appreas that hackers have already found a way to break Apples new fingerprint-based biometric security feature, TouchID.
Apple indicates that it is working on fixes to this apparent vulnerability already, but in the meantime, it just goes to show that reliance on new security standards or features must be done cautiously until that system is thoroughly vetted.
RSA Security, a noted data security tool maker, is advising its customers to stop making use of its BSAFE toolkit and Data Protection Manager, as it apparently includes a back-door-type vulnerability in the underlying cryptographic standard, which was engineered with input from the National Security Agency (“NSA”).
In particular, the Dual EC_DRBG pseudo random number generation routines used in these tools were deliberately compromised and/or crippled, thus undermining the security of most, if not all, of the cyptography systems which make use of it.
These vulnerabilities potentially extend to such products the McAfee Firewall Enterprise Control Center and other products using BSAFE or other systems relying upon Dual EC_DRBG.
The concern arising from this intentionally introduced vulnerability is that, not only does it make any data protected using this standard potentially open to penetration by governmental agencies, but that it undermines the overall reliability of the encryption, thus also throwing encryption based on this technology open to hacking by either foreign governments or criminal hackers.
As of today, there are now a total of six states which have passed laws which specifically prohibit employers from demanding that employees provide the employer with their Facebook passwords: California, Illinois, Michigan, New Jersey, Maryland, and Delaware.
As more and more employers have begun demanding access to employees’ or potential employees’ personal, non-public social media data, these laws represent clearly developing trend towards greater protection of employee privacy. It is important to note, however, that none of the laws enacted to date prohibit employers from reviewing what employees or potential employees publicly post to social media sites.
With this kind of rapidly changing privacy landscape, it is increasingly important for employers to continuously review and update their hiring and other employment policies. What’s more, the most recent laws are most likely only the tip of the iceberg. Many other states are considering similar laws, some of them potentially even more far reaching than those enacted by these first six states. Likewise, the specter of increasing federal laws and regulations dealing with privacy both within and outside the workplace is also increasingly real.
And so, the $100,000 question: “Have you reviewed your company’s employment policies lately?” If not, now is a good time to do so!