Beacons And iBeacons Create A New Market – Business Insider

Beacons And iBeacons Create A New Market – Business Insider.

An upcoming trend for business to look out for is the “Beacon”. This is small device which businesses can place within their business to either gather information on its customers or push information to the customers by interacting with their smart phones (typically by a low-energy Bluetooth connection).

While this is not new technology, recent advances in the cost and power-efficiency of such beacons and the greater prevalence of smartphone users in general and smartphone users who use their devices while shopping, dining, or otherwise engaged in commerce in specific has made beacon deployment a far more attractive proposition for data-savvy businesses. Beacons allow businesses to not only engage in very accurate location tracking of customers, but to push messages directly to customers based upon their location (ex. As customer walks by a rack of clothing, a message can be pushed to them, letting them know that everything on that rack is 20% off for today only.). Likewise, businesses can track the flow of customer traffic, where they do and do not go, what order they visit places within an establishment, and even, potentially what items they stop an look at. This can, clearly, be powerful data for businesses to use, not only for interacting with customers, but in choosing layout of a business and other “customer experience” considerations.

On the downside, there are potential privacy and security implications of this technology, not only for the customers / consumers, but also for the businesses collecting this data. The more intrusive (and non-anonymous) the data a business collects on its customers, the greater the need for policies, procedures, and infrastructure for dealing with this data safely, securely, and withing the parameters of what the law requires. That having been said, this is very exiting technology that can open many new doors for businesses in terms of business intelligence and customer interaction.

Ford Exec: ‘We Know Everyone Who Breaks The Law’ Thanks To Our GPS In Your Car – Business Insider

Ford Exec: ‘We Know Everyone Who Breaks The Law’ Thanks To Our GPS In Your Car – Business Insider.

While Ford’s VP of Global Marketing and Sales has since tried to retract his statements, it is fairly obvious that his original assertion that “[Ford] know[s] everyone who breaks the law, we know when you’re doing it. We have GPS in your car, so we know what you’re doing.”  is, in fact, spot-on the truth. While Ford may not be currently doing nefarious things with the data is collects from the GPS devices is it now installing in all of its vehicles, it does highlight the fact that companies that create products we buy and own are now collecting data on us over which we, as consumers, have zero control or ownership.

Data collection of this scope and nature raises huge privacy concerns, and certainly offers even further potential in-roads for the government to collect surveillance data on individuals. As you may be aware, recent court decisions have held that law enforcement cannot palce GPS trackers on automobiles without first obtaining a warrant from a court to do so. With the collection of this kind of data by car companies such as Ford, there is now no deed for law enforcement to obtain a warrant to track a suspect. They can simply demand the records maintained by Ford, for which, based on current case law, there is no requirement for a warrant.

While I am neither a Luddite decrying the dangers of technology, nor a paranoiac assuming that either the Governement or “Big Business” are out to get us, this sort of widespread and pervasive data collection clearly points out the need for a robust public debate over the meaning and boundaries of privacy in the digital age. While there is immense good (economic, social, and otherwise) that we can do with all the data we are now capable of (and are in fact) collecting and analyzing, there comes with it significant dangers of destroying personal privacy altogether and eroding the civil rights accorded to U.S. citizens under the U.S. Constitution.

While this debate had begun to come to the forefront of many people’s consciousness with the revelations of the activities of the NSA by Snowden, it is increasingly clear that the definition of privacy and privacy rights of individuals (and even businesses) is something that requires wide ranging thought, analysis, robust public debate, and in the end decisive legal action. Both our economy and our personal freedoms depend the outcome of the process. We cannot simply afford to sit by and “see what happens”. The statekes are far to great.

Read more: http://www.businessinsider.com/ford-exec-gps-2014-1#ixzz2q0Y51SBy

The Lavabit Shutdown and IT Security

How Lavabit Melted Down : The New Yorker.

The New Yorker has an excellent piece online which discusses in detail the events leading up to the shutdown of Lavabit, a secure e-mail provider which was used by Edward Snowden.

 

The article details the pressure placed upon Lavabit and its owner not just to turn over information that would shed light on Edward Snowden’s activities, but rather, information which would give the government wholesale access to all email passing through the services.

 

This article raises serious issues for IT companies who have committed to safeguard the privacy and/or security of its customers. It also raises serious concerns regarding the extent to which the U.S. Government is willing to (and in fact does) compromise the privacy of innocent U.S. citizens as a routine matter.

 

Adobe says hackers accessed data for 2.9 million customers – Oct. 3, 2013

Adobe says hackers accessed data for 2.9 million customers – Oct. 3, 2013.

If you have purchased products directly from Adobe, you need to be aware of this and (i) be on the lookout for notification for Adobe about whether this affects you, and (ii) monitor your identity (particularly with respect to any card used to purchase the Adobe product), to ensure you are not a victim of identity theft.

As F.B.I. Pursued Snowden, an E-Mail Service Stood Firm – NYTimes.com

As F.B.I. Pursued Snowden, an E-Mail Service Stood Firm – NYTimes.com.

This is an interesting piece on the IT company Lavabit, which, before its shutdown, provided secure e-mail services to its customers. The story details the steps taken by the FBI to force Lavabit to turn over encryption keys and take other steps which would not only provide the FBI with access to Edward Snowden’s e-mail account on the service, but would render vulnerable the accounts of any individual or company making use of the service, without warrant and without court oversight.

In pressuring Lavabit to capitulate to its requests for “technical assistance” including divulging the private encryption keys used by the service, the owner of the company was pursued for contempt of court, fined $10,000.00, and then threatened with arrest when he publicly announced his intention to shutter the company.

The tale of Lavabit is something of a cautionary tail for companies that provide IT services. But even more, it should be a wake-up call to both users and providers of IT services regarding the boundaries of privacy and the lengths to which the government is willing to steamroll even legitimate businesses which seek to guard their customer’s privacy.

How a Purse Snatching Led to the Legal Justification for NSA Domestic Spying | Threat Level | Wired.com

How a Purse Snatching Led to the Legal Justification for NSA Domestic Spying | Threat Level | Wired.com.

This is an absolutely fascinating look at how the law behind the NSA Domestic spying program originated and it clearly demonstrates the frightening power of the so-called “law of unintended consequences”.

Certainly the origin of the legal concepts at play here make it clear how ridiculous the extremes to which they are now being carried by the likes of the NSA truly are. I would call it “insanity” but sadly it is, arguably, the law.

Medical records handed to pharmacies have no constitutionally protected privacy, says the DEA | The Verge

Medical records handed to pharmacies have no constitutionally protected privacy, says the DEA | The Verge.

It appears that the U.S. Drug Enforcement Agency is publicly taking the position that medical records provided to pharmacists are not private and can be obtained by the DEA without the need to show cause for the production of such records.

This position, while not specifically constituting new law, has also not received serious challenge in the Courts as of yet. Pending such a challenge the DEA continues to seek and obtain such medical records from pharmacies by way of subpoenas which require no advanced finding of probably cause.

It does appear, however, that the ACLU is preparing to step up to the plate to challenge this practice. How such a challenge shakes out in the end may have a profound impact on the privacy of individual’s medical records, unless Congress steps into the fray to either explicitly uphold the privacy of such medical records or to explicitly limit or eliminate any expectation of privacy in individual medical records.

German Hacker Group Says It’s Broken The iPhone’s TouchID Fingerprint Reader – Forbes

German Hacker Group Says It’s Broken The iPhone’s TouchID Fingerprint Reader – Forbes.

Within just days of the release of the new iPhone 5s, it appreas that hackers have already found a way to break Apples new fingerprint-based biometric security feature, TouchID.

Apple indicates that it is working on fixes to this apparent vulnerability already, but in the meantime, it just goes to show that reliance on new security standards or features must be done cautiously until that system is thoroughly vetted.

Forewarned, fore-armed.

6 States Bar Employers From Demanding Facebook Passwords | Threat Level | Wired.com

6 States Bar Employers From Demanding Facebook Passwords | Threat Level | Wired.com.

As of today, there are now a total of six states which have passed laws which specifically prohibit employers from demanding that employees provide the employer with their Facebook passwords: California, Illinois, Michigan, New Jersey, Maryland, and Delaware.

As more and more employers have begun demanding access to employees’ or potential employees’ personal, non-public social media data, these laws represent clearly developing trend towards greater protection of employee privacy. It is important to note, however, that none of the laws enacted to date prohibit employers from reviewing what employees or potential employees publicly post to social media sites.

With this kind of rapidly changing privacy landscape, it is increasingly important for employers to continuously review and update their hiring and other employment policies. What’s more, the most recent laws are most likely only the tip of the iceberg. Many other states are considering similar laws, some of them potentially even more far reaching than those enacted by these first six states. Likewise, the specter of increasing federal laws and regulations dealing with privacy both within and outside the workplace is also increasingly real.

And so, the $100,000 question: “Have you reviewed your company’s employment policies lately?” If not, now is a good time to do so!

Navigating the Legal Pitfalls of Augmented Reality

Navigating the Legal Pitfalls of Augmented Reality.

Mashable.com has published an interesting article on the legal implications of Augmented Reality as a marketing and advertising tool.

In the past year, AR has increasingly moved out of the “gee-whiz” phase of just being a technological marvel into becoming a legitimate and increasingly adopted tool in the marketing arsenal of a significant number of companies. (The Mashable article cites Ikea and Philips electronics as two examples, but there are many more, with new-comers jumping on board each day.)

There are, however, a number of significant legal implications that companies need to factor into their decision of whether or not AR is an appropriate tool to use and, if so, how to implement it.

These legal concerns include general privacy and data security issues, truth in advertising regulations, child protection (COPPA) issues, just to name a few.

The takeaway here is: if you are using AR in your marketing and product delivery process OR if you are thinking of adding AR to the mix, make sure that you have thought through and implemented policies and procedures that will keep you on the right side of the applicable laws and regulations that apply. Failing to do so can lead you into a ugly (and expensive) virtual dead-end.