Raj Goel is an Oracle and Solaris expert with over 25 years of experience in software development, systems, networks, communications and security for various industries. He is a regular speaker on topics like HIPAA, PCI compliance, disaster recovery and information security. Raj has appeared in over 30 magazine and newspaper articles worldwide and has presented at various conferences. He is listed as the CTO of Brainlink International with contact information provided.
This is a brief policy primer on Google's Privacy and Terms of Use details. Explained without dogma, instead with an insight into how their guidelines impact on your digital shadow online.
Frukostseminarium om molntjänster, 19 mars 2015, Rigoletto.
Talare: Erkan Kahraman, Projectplace och Geir Arild Engh-Hellesvik, Transcendent Group Norge.
Google's Effort to Fight Content Piracy. Google is ready to fulfil its commitment to downgrade the search rankings of ‘notorious’ piracy sites globally that often rank above legal and commercial sites.
3D's: Dating, Deception and Data Portability | Mozfest 2019Ian Forrester
Exploring how to request your personal data under GDPR, what a sample of dating data looks like practically and what can be done with the data?
Given at Mozfest 2019...
https://discourse.mozilla.org/t/3ds-dating-dataportability-deception-gdpr-edition/46717
This is a brief policy primer on Google's Privacy and Terms of Use details. Explained without dogma, instead with an insight into how their guidelines impact on your digital shadow online.
Frukostseminarium om molntjänster, 19 mars 2015, Rigoletto.
Talare: Erkan Kahraman, Projectplace och Geir Arild Engh-Hellesvik, Transcendent Group Norge.
Google's Effort to Fight Content Piracy. Google is ready to fulfil its commitment to downgrade the search rankings of ‘notorious’ piracy sites globally that often rank above legal and commercial sites.
3D's: Dating, Deception and Data Portability | Mozfest 2019Ian Forrester
Exploring how to request your personal data under GDPR, what a sample of dating data looks like practically and what can be done with the data?
Given at Mozfest 2019...
https://discourse.mozilla.org/t/3ds-dating-dataportability-deception-gdpr-edition/46717
Several companies may be well on the way to define how to handle GDPR compliance for structured data. But many companies still haven't come up with a good way to handle GDPR compliance for unstructured data..
This whitepaper provides the main information about unstructured data and the Xenit solution to manage documents under the regulation.
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
GDPR and personal data protection in EU research projectsLorenzo Mannella
This 20-minute presentation provides participants with a case study on data protection issues exposed by research partners awarded with a fictional Horizon 2020/Horizon Europe grant. Participants will follow the work of data controller and processors, committed to handle and store personal data of EU and Non-EU citizens for research purposes.
Participants will be engaged to evaluate the compliance of research activities with the General Data Protection Regulation (GDPR), which defines principles relating to processing of personal data, the lawfulness of such processing and modalities to ensure transparent information, communication and rights of the data subjects.
Rules and best practices in data processing are part of the essential toolbox for Research Managers and Administrators, answering the growing call of GDPR compliance along with Data Protection Officers. Beyond the understanding of accountability, privacy by design and by default principles, professionals are testing themselves with the constant update of data protection guidelines from the European Data Protection Board.
This session is targeted to an audience of intermediate level, aware of the topic of data protection/GDPR and willing to engage with other professionals on a case study analysis. The session will benefit from a short Q&A and a follow-up survey to gather best practices in data management put in place by participants in their day-to-day work.
EU GDPR Lesson 1 - What is the GDPR? Why do we need it?
EU GDPR Lesson 2 - Data Protection by Design and by Default
EU GDPR Lesson 3 - The Right To Be Forgotten
EU GDPR Lesson 4 - Who Does the EU GDPR Apply?
EU GDPR Lesson 5 - What Happens if I Don’t Comply with the EU GDPR?
EU GDPR Lesson 6 - Next Steps - How to Get There?
Over the past few years of monitoring the development of the EU General Data Protection Regulation (GDPR) and its effects on technology, we’ve distilled the parts of the regulation that most affect your business into this practical guide.
Guidance on complying with the new EU GDPR regulation. A look at GDPR definitions, what it entails and a roadmap to start your journey on compliance as well as some handy WordPress GDPR links to plugins.
Most businesses have valuable databases of information, such as client lists, customer lists, lists of prospects – as well as data about products, materials, financial, insurance and other information.
The introduction of GDPR has led more businesses to think about what rights they have in their data and in their databases. This area of law has changed significantly in recent years as a result of court decisions across Europe.
This short webinar provides you with the key information you need to identify, develop and protect these rights.
Our yearly INFOMAGAZINE features technical articles and covers the latest technology advancements, innovative projects, new products, service capabilities, business news and market developments covering all aspects of the IT protection, optimization and control.
In this issue we are FOCUSING ON GDPR COMPLIANCE, new technologies such us protection against cryptolocker, advanced threats, monitoring and optimization tools, cryptography trends and many more… all missing pieces of puzzle in user’s IT and idea to offer partners and costumers new technologies for successful planning.
How to protect the cookies once someone gets into the cookie jarJudgeEagle
A new and innovative software solution designed to protect sensitive data stored in a company's database from breaches that goes beyond mere data encryption and significantly increases the level of protection of their sensitive data.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
The REAL Impact of Big Data on PrivacyClaudiu Popa
The awesome promise of Big Data is tempered by the need to protect personal information. Data scientists must expertly navigate the legislative waters and acquire the skills to protect privacy and security. This talk provides enterprise leaders with answers and suggests questions to ask when the time comes to consider the vast opportunities offered by big data.
Due to the evolution of personalized, data-driven digital marketing, companies now have infinite amounts of personally identifiable information (PII) about their customers; and this stockpile of information continues to grow—at an exponential rate. In fact, according to the Pew Research Center, the volume of business data worldwide—across all industries—doubles every 1.2 years.
But how should you use this treasure trove of data? And at what point does the information known about your consumers—and the ways you use this information—risk consumer privacy? Is there such thing as too much data?
Attend this webinar to learn:
• What your responsibilities are in today’s ‘big data universe’
• How to use your data and meet compliance laws
• Tips for integrating data across channels and platforms
• How to implement the principles of ‘Privacy by Design’
Beyond GDPR Compliance - Role of Internal AuditOmo Osagiede
More than the requirement to comply with the regulation, GDPR encourages good practices for data privacy and data protection beyond May 2018. This slide deck shares examples of areas where Internal Audit can play a significant role in ensuring that the right controls are built-in at the front-end of the compliance journey. This is in-line with the increasing expectation from stakeholders for IA to add value to more strategic areas of risk to the business.
2011 10 19 Raj Goel Isc2 Secure Boston Cloud Computing Oversharing Over Colle...Raj Goel
Social Media has quickly woven itself into the very fabric of everyday life and computing. This boom in sharing, even the most banal of details, has had a resounding impact on how our profession manages
enterprise security. In this presentation we’ll explore strategies for managing the risks associated with:
Data Loss Prevention
Brand Protection
Privacy Erosion
Malware Protection
We'll examine the basic law that governs ALL internet activity in the US.
We'll further delve into KEY FTC decisions that impact online activity.
Using case studies from the US and around the world, we'll examine how people have lost jobs, college degrees, fortunes and freedom through social media.
We'll investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations.
And finally, we'll review success stories from the past 300 years, where lone individuals and committed groups have improved security, society and human life spans.
Several companies may be well on the way to define how to handle GDPR compliance for structured data. But many companies still haven't come up with a good way to handle GDPR compliance for unstructured data..
This whitepaper provides the main information about unstructured data and the Xenit solution to manage documents under the regulation.
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
GDPR and personal data protection in EU research projectsLorenzo Mannella
This 20-minute presentation provides participants with a case study on data protection issues exposed by research partners awarded with a fictional Horizon 2020/Horizon Europe grant. Participants will follow the work of data controller and processors, committed to handle and store personal data of EU and Non-EU citizens for research purposes.
Participants will be engaged to evaluate the compliance of research activities with the General Data Protection Regulation (GDPR), which defines principles relating to processing of personal data, the lawfulness of such processing and modalities to ensure transparent information, communication and rights of the data subjects.
Rules and best practices in data processing are part of the essential toolbox for Research Managers and Administrators, answering the growing call of GDPR compliance along with Data Protection Officers. Beyond the understanding of accountability, privacy by design and by default principles, professionals are testing themselves with the constant update of data protection guidelines from the European Data Protection Board.
This session is targeted to an audience of intermediate level, aware of the topic of data protection/GDPR and willing to engage with other professionals on a case study analysis. The session will benefit from a short Q&A and a follow-up survey to gather best practices in data management put in place by participants in their day-to-day work.
EU GDPR Lesson 1 - What is the GDPR? Why do we need it?
EU GDPR Lesson 2 - Data Protection by Design and by Default
EU GDPR Lesson 3 - The Right To Be Forgotten
EU GDPR Lesson 4 - Who Does the EU GDPR Apply?
EU GDPR Lesson 5 - What Happens if I Don’t Comply with the EU GDPR?
EU GDPR Lesson 6 - Next Steps - How to Get There?
Over the past few years of monitoring the development of the EU General Data Protection Regulation (GDPR) and its effects on technology, we’ve distilled the parts of the regulation that most affect your business into this practical guide.
Guidance on complying with the new EU GDPR regulation. A look at GDPR definitions, what it entails and a roadmap to start your journey on compliance as well as some handy WordPress GDPR links to plugins.
Most businesses have valuable databases of information, such as client lists, customer lists, lists of prospects – as well as data about products, materials, financial, insurance and other information.
The introduction of GDPR has led more businesses to think about what rights they have in their data and in their databases. This area of law has changed significantly in recent years as a result of court decisions across Europe.
This short webinar provides you with the key information you need to identify, develop and protect these rights.
Our yearly INFOMAGAZINE features technical articles and covers the latest technology advancements, innovative projects, new products, service capabilities, business news and market developments covering all aspects of the IT protection, optimization and control.
In this issue we are FOCUSING ON GDPR COMPLIANCE, new technologies such us protection against cryptolocker, advanced threats, monitoring and optimization tools, cryptography trends and many more… all missing pieces of puzzle in user’s IT and idea to offer partners and costumers new technologies for successful planning.
How to protect the cookies once someone gets into the cookie jarJudgeEagle
A new and innovative software solution designed to protect sensitive data stored in a company's database from breaches that goes beyond mere data encryption and significantly increases the level of protection of their sensitive data.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
The REAL Impact of Big Data on PrivacyClaudiu Popa
The awesome promise of Big Data is tempered by the need to protect personal information. Data scientists must expertly navigate the legislative waters and acquire the skills to protect privacy and security. This talk provides enterprise leaders with answers and suggests questions to ask when the time comes to consider the vast opportunities offered by big data.
Due to the evolution of personalized, data-driven digital marketing, companies now have infinite amounts of personally identifiable information (PII) about their customers; and this stockpile of information continues to grow—at an exponential rate. In fact, according to the Pew Research Center, the volume of business data worldwide—across all industries—doubles every 1.2 years.
But how should you use this treasure trove of data? And at what point does the information known about your consumers—and the ways you use this information—risk consumer privacy? Is there such thing as too much data?
Attend this webinar to learn:
• What your responsibilities are in today’s ‘big data universe’
• How to use your data and meet compliance laws
• Tips for integrating data across channels and platforms
• How to implement the principles of ‘Privacy by Design’
Beyond GDPR Compliance - Role of Internal AuditOmo Osagiede
More than the requirement to comply with the regulation, GDPR encourages good practices for data privacy and data protection beyond May 2018. This slide deck shares examples of areas where Internal Audit can play a significant role in ensuring that the right controls are built-in at the front-end of the compliance journey. This is in-line with the increasing expectation from stakeholders for IA to add value to more strategic areas of risk to the business.
2011 10 19 Raj Goel Isc2 Secure Boston Cloud Computing Oversharing Over Colle...Raj Goel
Social Media has quickly woven itself into the very fabric of everyday life and computing. This boom in sharing, even the most banal of details, has had a resounding impact on how our profession manages
enterprise security. In this presentation we’ll explore strategies for managing the risks associated with:
Data Loss Prevention
Brand Protection
Privacy Erosion
Malware Protection
We'll examine the basic law that governs ALL internet activity in the US.
We'll further delve into KEY FTC decisions that impact online activity.
Using case studies from the US and around the world, we'll examine how people have lost jobs, college degrees, fortunes and freedom through social media.
We'll investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations.
And finally, we'll review success stories from the past 300 years, where lone individuals and committed groups have improved security, society and human life spans.
Learn about threats to YOUR
Customer\'s privacy.
- Googling Your Corporate Privacy Away
- Tools and practices your users are already using that will compromise their privacy.
- Trends in Regulations
- Rules and regulations you need to know to stay current
- Trends in Financial Crimes - New crimes, old crimes with new tools and why your company is so attractive to attackers
- Effective Multicompliance - Tips, Techniques and lessons learned in staying compliant, while increasing profits and maintaining your sanity
The New York County Lawyers’ Association’s Cyberspace Law Committee
presents a Public Forum
Head in the Clouds? Head in the Clouds?
Implications of Cloud Computing Implications of Cloud Computing
Cloud computing, an Internet-based development and use of computer technology typically involving the provision of dynamically scalable resources, is fast becoming a part of our daily lives. Whether one is checking webmail, backing up data online or collaborating on documents, it is hard to ...
Raj Goel - Social Media & Cloud Computing Threats to Privacy, Security & Libe...Raj Goel
I presented this at the 2013 New York State CyberSecurity conference.
An earlier version was presented at the NCSC.NL 2013 conference at The Hague.
Updated versions will be presented at GBATA 2013 in Helsinki, ASIS 59 in Chicago and elsewhere.
(300-400 words)1- Watch anyone of the following documentarymovi.docxmayank272369
(300-400 words)
1- Watch anyone of the following documentary/movie:
· The Corporation (2005)
· Food Inc. (2009)
· An Inconvenient Truth (2006)
Share your understanding around
Who
THE PEOPLE INVOLVED
What
THE PROBLEMS, THINGS, IDEAS
When
PAST, PRESENT, FUTURE OF THE TOPIC
Where
THE PLACE INVOLVED
Why
THE CAUSES, REASONS, RESULTS, CONDITIONS.
How
HISTORY OR FUNCTION (HOW IT BEGAN OR OPERATES).
………………………………………………………………………………………………………………………………………….
2-
(a) Find a news article about an economic topic that you find interesting.
(b) Make a short bullet-list summary of the article.
(c) Write and illustrate with appropriate graphs an economic analysis of the key points in the article.
Hint: Use 5Ws and 1H in your explanation.
1. Who was involved?
1. What happened?
1. When did it happen?
1. Where did it happen?
1. Why did it happen?
1. How did it happen?
Smartphones Have Privacy Risks.docx
Smartphones Have Privacy Risks
Smartphones, 2013
Top of Form
Bottom of Form
Around the turn of the century, the FBI [Federal Bureau of Investigation] was pursuing a case against a suspect—rumored to be Las Vegas strip-club tycoon Michael Galardi, though documents in the case are still sealed—when it hit upon a novel surveillance strategy.
The suspect owned a luxury car equipped with an OnStar-like system that allowed customers to "phone home" to the manufacturer for roadside assistance. The system included an eavesdropping mode designed to help the police recover the vehicle if it was stolen, but the FBI realized this same antitheft capability could also be used to spy on the vehicle's owner.
When the bureau asked the manufacturer for help, however, the firm (whose identity is still secret) objected. They said switching on the device's microphone would render its other functions—such as the ability to contact emergency personnel in case of an accident—inoperable. A federal appeals court sided with the company; ruling the company could not be compelled to transform its product into a surveillance device if doing so would interfere with a product's primary functionality.
The specifics of that 2003 ruling seem quaint today [in 2012]. The smartphones most of us now carry in our pockets can easily be turned into surveillance and tracking devices without impairing their primary functions. And that's not the only privacy risk created as we shift to a mobile, cloud-based computing world. The cloud services we use to synchronize data between our devices increase the risk of our private data falling prey to snooping by the government, by private hackers, or by the cloud service provider itself. And we're packing ever more private data onto our mobile devices, which can create big headaches if we leave a cell phone in a taxicab.
What to do about it? In this [viewpoint], we'll explore the new privacy threats being created as the world shifts to an increasingly mobile, multi-device computing paradigm. Luckily, there are steps both device makers and lawmakers can take to ...
Possible cookie substitutions (cookieless tracking) - The Cookie CrumblesRobert Ressmann
Arms race on OnSite, AdTech and Publisher side. In times of Browser Tracking Prevention, DSGVO & Adblocking the question arises how the online industry can deal with the crumbling cookie or replace it with a substitute... Here are a few possibilities.
[cookie substitution, consent, GDPR, adblocking, tag, tracking, targeting, retargeting, fingerprinting, customer journey, dco, attribution, etag, cache, meta data, login alliance, itp, etp, walled garden, adid, werbeid, unifiedid, household graph, cdp, taxonomie, dmp, 1st party, segment, 3rd party, doh, programmatic, havas, havasmedia, ressmann, online media, display, advertising, martech, adtech, data driven, s2s]
The Identity of Things: Privacy & Security ConcernsSimon Moffatt
The 'Identity of Things' (IDoT) is fast becoming a critical component of the modern web.
Previously “dumb” devices are being upgraded with persistent network connectivity, enabling automatic data generation and facilitating interaction with other devices and people. Whilst this can bring significant benefits in form of personalised content and customised environmental and manufacturing settings, it also brings several concerns regarding data privacy, security and control.
Online spying Tools including , cookies, web bugs, spam & spyware , & other hacking methods & also about harming computer etc , its a complete description about Online spying tools , best of luck
Online spying including : Cookies, web bugs , spam & spyware , it also includes hacking methods & harming computer , a complete package for online spying tools
https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack
Statement of Michelle Richardson, Director, Privacy & Data
Center for Democracy & Technology
before the
United States Senate Committee on the Judiciary
GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation
March 12, 2019
On behalf of the Center for Democracy & Technology (CDT), thank you for the
opportunity to testify about the importance of crafting a federal consumer privacy law that
provides meaningful protections for Americans and clarity for entities of all sizes and sectors.
CDT is a nonpartisan, nonprofit 501(c)(3) charitable organization dedicated to advancing the
rights of the individual in the digital world. CDT is committed to protecting privacy as a
fundamental human and civil right and as a necessity for securing other rights such as access to
justice, equal protection, and freedom of expression. CDT has offices in Washington, D.C., and
Brussels, and has a diverse funding portfolio from foundation grants, corporate donations, and
individual donations.1
The United States should be leading the way in protecting digital civil rights. This hearing
is an opportunity to learn how Congress can improve upon the privacy frameworks offered in
the European Union via the General Data Protection Regulation (GDPR) and the California
Consumer Privacy Act (CCPA) to craft a comprehensive privacy law that works for the U.S. Our
digital future should be one in which technology supports human rights and human dignity. This
future cannot be realized if people are forced to choose between protecting their personal
information and using the technologies and services that enhance our lives. This future depends
on clear and meaningful rules governing data processing; rules that do not simply provide
1 All donations over $1,000 are disclosed in our annual report and are available online at:
https://cdt.org/financials/.
2
people with notices and check boxes but actually protect them from privacy and security
abuses and data-driven discrimination; protections that cannot be signed away.
Congress should resist the narratives that innovative technologies and strong privacy
protections are fundamentally at odds, and that a privacy law would necessarily cement the
market dominance of a few large companies. Clear and focused privacy rules can help
companies of all sizes gain certainty with respect to appropriate and inappropriate uses of data.
Clear rules will also empower engineers and product managers to design for privacy on the
front end, rather than having to wait for a public privacy scandal to force the rollback of a
product or data practice.
We understand that drafting comprehensive privacy legislation is a complex endeavor.
Over the past year we have worked with partners in civil societ.
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
Case 1
1. What exactly occurred?
Twitter is one of popular social media that targeted to be hacked.
The social network said in that approximately 250,000 user accounts were potentially compromised, with attackers gaining access to information including user names and email addresses. The company first detected signs of an attack earlier in the week, which led to an investigation and the discovery of a larger breach. The company detected unusual access patterns that led to identify unauthorized access attempts to Twitter user data. They discovered one live attack and were able to shut it down in process moments later. However, their investigation has thus far indicated that the attackers may have had access to limited user information. Twitter has reset the passwords and revoked session tokens, which allow user to stay logged into the service without reentering a password, for all of these accounts. Affected users will not be able to log in and will receive an e-mail instructing them to reset their password.
2. How was the company affected?
Twitter reports that 250,000 user accounts may have compromised. The company is able to detect the hacker immediately and send e-mail to the affected users instructing them to reset their passwords. They also recommend all users to create strong passwords and disable Java in their browsers.
3. What (if any) measures has the company taken since the breach to prevent future similar incidents?
The company offers tips for all of its users going forward, including using strong passwords that mix numbers and symbols with upper- and lowercase letters, not using the same password for multiple accounts, update and upgrade antivirus software and disabling Java. The company also provides tips to keep the account secure and also steps to take if your account has been compromised.
4. In your opinion, did the company have sufficient security safeguards in place prior to the breach?
In my opinion, Twitter has sufficient security safeguards in place prior to the breach. Twitter is able to detect the attacker before they get through all 200 million monthly active users. 250,000 accounts of affected users is a small amount comparing to the number of Twitter active users. After they notice the attack, the company have been reset the password of affected users and send them e-mail to change their password. I believed that after the breach Twitter would be more aware of the security protection.
Case 2
1. What exactly occurred?
Google detected a coordinated attempt by Chinese entities to compromise the accounts of Chinese dissidents. David Drummond, Google’s chief counsel, said, “A primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.” According to George Kurtz at McAfee, the attacks were part of a large-scale, well-organized operation called Aurora. As a result, Google has stopped censoring its search results in China, and has considered pulling out of the country entir ...
Data security is a critical component for all businesses. Business data protection helps to secure customer details, financial information, survey data and other key business data which are key company assets.
Many companies, including Sample Solutions, rely on the fact that data they have and work with is secure, encrypted and can not be breached. Losing the data in a natural catastrophe is one thing but losing it to a breach can lead to severe consequences. Not only do data breaches damage a company’s reputation and destroy consumer trust, breaching may also lead to lost business opportunities and financial consequences, along with disrupt safety and natural workflow.
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
The revelations of the Heartbleed vulnerability in April and the recent implementation of Australia’s new privacy regime in March have put data breaches firmly back in the limelight. Clare Coulson finds out more...
Fines in the Millions Levied Every Year Coming Soon! The Business Case for ...CA Technologies
As data becomes ever more central to daily operations, pressure is mounting on organizations to become fully secure. Legislation is becoming increasingly stringent throughout the world. The common practice of using production data in non-production environments will soon risk fines in the millions of dollars.
For more information, please visit http://cainc.to/Nv2VOe
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0ITCamp
The session will address GDPR compliance challenges in the context of industry 4.0 and will offer a deeper look into the convergence of data privacy with the digitalisation movement, where Big Data, IoT, AI and Cloud services are all depending on one thing: DATA.
Similar to 2013-06-26-Is_your_company_Googling_its_privacy_away_brightalk_format_1c (20)
4. Google's Privacy Policy
Google Search, Gmail,Trends, etc
ECPA
The future is already here
NSA’s PRISM
Suggestions, Next Steps
5.
6. Google's cookies do not expire until 2038.
All of Google's properties (Google, Gmail, Orkut, Google Desktop,
etc.) have deep-linked cookies that expire in 2038.
Each Google cookie has a unique GUID.
Every time you search, the search queries are tied back to your
cookie. Google does not delete anything.
Google response to John Battelle:
1) "Given a list of search terms, can Google produce a list of people
who searched for that term, identified by IP address and/or Google
cookie value?"
2) "Given an IP address or Google cookie value, can Google
produce a list of the terms searched by the user of that IP address
or cookie value?"
I put these to Google.To its credit, it rapidly replied that the
answer in both cases is "yes."
7. Google's cookies do not expire until 2038.
“Google will start issuing our users cookies that will be set to auto-
expire after 2 years, while auto-renewing the cookies of active
users during this time period. In other words, users who do not
return to Google will have their cookies auto-expire after 2 years.
Regular Google users will have their cookies auto-renew, so that
their preferences are not lost. And, as always, all users will still be
able to control their cookies at any time via their browsers.”
- http://googleblog.blogspot.com/2007/07/cookies-expiring-
sooner-to-improve.html
Translated into English:
The cookies expire 2 years AFTER complete inactivity.
If you use Google products/services, the 2 year period restarts
NOW!
8. One key risk is that because GMail gets your consent to be
more than an e-mail delivery service -- offering searching,
storage and shopping -- your mail there may not get the
legal protection the ECPA gives you on E-mail.
The storage of e-mail on 3rd party servers for more than
180 days almost certainly causes the loss of those
privileges.
This in turn creates a danger that we may redefine
whether e-mail has the "reasonable expectation of
privacy" needed for 4th amendment protection.
Correlation of search and mail has real risks.
- BradTempleton, Chairman of the Electronic Frontier
Foundation, http://www.templetons.com/brad/gmail.html
9. Knowing someone is using Gmail because their
email address is rajgoel@gmail.com is easy.
What if your business partner, client or prospect
uses raj@stanford.edu or raj@chinatech.com--
canYOU tell if it's hosted at Gmail?
The plans, proposals, research,
recommendations, etc. you email out – are they
being indexed at google?
10. Patent #20040059712 - “Serving advertisements using information associated
with e-mail” allows Google to create profiles based on the following data:
* Information about the sender, including information derived from previous
interactions with the sender
* Information about the recipient, including information derived from sender's
address book or from previous interactions with the sender
* Information about a recipient based on a profile or information about the
sender (the example from that patent is: "Sender is a wine enthusiast and has
recently searched for and/or browsed pages related to wine, suggesting that
recipient may also be interested in wine")
* Information from other e-mails sent by sender
* Information from other e-mails received by recipient
* Information from other e-mails having the same or similar subject text
* Information about recipient from sender's contact information
* Directory and file information based on the path name of attachments sent in
previous e-mails (e.g. building an index of filenames on sender or recipient's
computer)
- http://www.epic.org/privacy/gmail/faq.html
11. Google Alerts are email updates of the latest
relevant Google results (web, news, etc.) based
on your choice of query or topic.
Is someone at Citibank researching “windpower
in India”? “terrorism in Niger Delta”?
Google knows:
- who's researching it (GUID/email)
- How many people are doing it.
- Popularity of story or search
-Trend Activity
12. Chrome is google's browser, based on the
Webkit framework.
Dangers:
- Google knows every URL you searched (same
as every other browser)
- Google knows every character you type! Even
if you don't hit enter
- Google tracks every “auto suggestion”
http://coderrr.wordpress.com/2008/09/03/googl
e-chrome-privacy-worse-than-you-think/
13. Android apps security is worse thanWindows.
Free android wall paper app downloaded
millions of times. Sends collected user data to
China.
http://www.theregister.co.uk/2010/07/29/suspici
ous_android_app/
20% of testedAndroid apps allow developers
access to sensitive or private data
http://news.cnet.com/8301-27080_3-20008518-
245.html
14. The researchers found that two-thirds of the 30 apps
in the sample used sensitive data suspiciously, half
share location data with advertising or analytics
servers without requiring "implicit or explicit user
consent," and one-third expose the device ID,
sometimes with the phone number and the SIM card
serial number. In all, the researchers said they found
68 instances of potential misuse of users' private
information across 20 applications.
http://news.cnet.com/8301-27080_3-20018102-
245.html
15. Google FluTrends: Google automatically
analyzes the search queries for “flu”,
“influenza”, etc. Displays charts of aggregate
data.
Hmm – search terms are a good indicator of
flu infections!
Data corellates to CDC data. Google released
data for past 6 years.
16. Google admits to “accidentally” capturing
usernames, passwords, emails from open wifi
access points.
“in some instances entire emails and URLs were
captured, as well as passwords.“
-
http://googlepublicpolicy.blogspot.com/2010/10/
creating-stronger-privacy-controls.html
17. ECPA declared that e-mail was a private means of communication,
and that we might hope for the same level of privacy in it as we
have in phone calls and letters. Among other things, it means that
police need a wiretap warrant to read your e-mails, and that your
e-mail company's employees can't disclose your e-mails to others.
[...] E-mail in transit is protected, but those in law enforcement
advocate that once mail is processed and stored, it is no longer the
same private letter, but simply a database service.
GMail's big selling point is that they don't simply deliver your mail.
They store it for you, and they index it so you can search it.
- BradTempleton, Chairman of the Electronic Frontier Foundation,
http://www.templetons.com/brad/gmail.html
19. Compelled Disclosure Rules in 18 U.S.C. § 2703
Section 2703 mandates different standards the government must satisfy to compel different types of
communications.To compel a provider of ECS to disclose contents of communications in its possession that are
in temporary “electronic storage” for 180 days or less, the government must obtain a search warrant.67To
compel a provider of ECS to disclose contents in electronic storage for greater than 180 days or to compel a
provider of RCS to disclose contents, the government has three options.
First, the government can obtain a search warrant.
Alternatively,investigators can use less process than a warrant, as long as they combine that process with prior
notice.
Specifically, the government can use either a subpoena or a “specific and articulable facts” court order pursuant
to 18U.S.C. § 2703(d), combined with prior notice to the “subscriber or customer” (which can be delayed in some
circumstances).73 The court order found in § 2703(d), often referred to as a “2703(d)” order or simply a “d” order,
is something like a mix between a subpoena and a search warrant.To obtain the order, the government must
provide “specific and articulable facts showing that there are reasonable grounds to believe” that the
information to be compelled is “relevant and material to an ongoing criminal investigation.”74 If the judge finds
that the factual showing has been made, the judge signs the order.The order is then served like an ordinary
subpoena; investigators bring or fax the order to the ISP, and the ISP complies by turning over the information to
the investigators.
- http://papers.ssrn.com/sol3/papers.cfm?abstract_id=421860
Professor Orin Kerr, George Washington University - Law School
TRANSLATION:
After 180 days, Government access to your Gmail, Hotmail,Yahoo Mail, etc. becomes significantly easier.
20. CSO's and CPOs should know about ECPA
Employees are forwarding emails to GMAIL
because it is fast, easy to use and has copious
capacity. The opposite of most corporate
email systems.
How many of your employees are forwarding
emails to gmail/yahoo/hotmail right now?
21. US Gov't claims:
“users of ISPs don't have a reasonable expectation of privacy”
“Many employees are provided with e-mail and Internet services by their
employers. ...[Court] orders directed to the email of employees who have
waived any possible expectation of privacy do not violate the Fourth
Amendment.”
"some email accounts are abandoned, as when an account holder stops
paying for the service [or dies] and the account is cancelled."There "can
be no reasonable expectation of privacy in such accounts.
“... hackers may obtain internet services and email accounts using stolen
credit cards. Hackers maintain no reasonable expectation of privacy in
such accounts.”
- http://www.theregister.com/2007/11/04/4th-
amendment_email_privacy/
So,Where's your email hosted? Do theTOS' specify privacy and
ownership? What about your clients, partners or vendors?
26. Google uses a legal tax dodge called the
“Double Irish” and “Dutch Sandwich” to
avoid $ 1 BILLION in taxes per year.
Their effective tax rate is 2.4%
http://nymag.com/daily/intel/2010/10/google_uses_the_double_irish_a.html
Google: “Don’t be evil. That’s our job”
27. According to the AmericanAcademy of Matrimonial Lawyers, 81% have used
or faced evidence from Facebook, MySpace,WOW,Twitter, LinkedIn, etc. See
http://kotaku.com/5576262/farmville-world-of-warcraft-are-divorce-lawyers-
latest-weapons-in-court and http://www.usatoday.com/tech/news/2010-06-
29-facebook-divorce_N.htm?loc=interstitialskip
For example
▪ 1. Father seeks custody of the kids, claiming (among other things) that his ex-wife
never attends the events of their young ones. Subpoenaed evidence from the
gaming site World of Warcraft tracks her there with her boyfriend at the precise time
she was supposed to be out with the children.
▪ 2. Mom denies in court that she smokes marijuana but posts partying, pot-smoking
photos of herself on Facebook.
27
28. Adulterers, beware:Your cheatin' heart might be exposed by E-ZPass.
E-ZPass and other electronic toll collection systems are emerging as a
powerful means of proving infidelity.That's because when your spouse
doesn't know where you've been, E-ZPass does.
"E-ZPass is an E-ZPass to go directly to divorce court, because it's an
easy way to show you took the off-ramp to adultery," said Jacalyn
Barnett, a NewYork divorce lawyer who has used E-ZPass records a few
times.
Lynne Gold-Bikin, a Pennsylvania divorce lawyer, said E-ZPass helped
prove a client's husband was being unfaithful: "He claimed he was in a
business meeting in Pennsylvania.And I had records to show he went to
New Jersey that night.“
- http://www.msnbc.msn.com/id/20216302/
28
29. KapschTraffic Com AG, a transponder (i.e., E-Z Pass and
IPass) manufacturer, filed a patent for technology to
include an inward and outward pointing camera.
MSNBC reports that KapschTrafficCom AG, an Austrian
company that creates transponders like E-Z Pass, which
allows cars to breeze through tolls, filed a patent for
technology that would include cameras in such devices.
Cameras would point inside the car as well as out.
- http://www.theblaze.com/stories/could-your-freeway-pass-
soon-contain-a-camera-that-films-you/
29
30. “Dropbox employees aren’t able to access user files”.
BoingBoing.net, “Dropbox’s new security policy implies that
they lied about privacy from the start”
http://boingboing.net/2011/04/25/dropbox-cto-on-their.html
“DROPBOX: We’ll turn your files over to the government if
they ask us to”
- Business Insider, http://www.businessinsider.com/dropbox-
updates-security-terms-of-service-to-say-it-can-decrpyt-
files-if-the-government-asks-it-to-2011-4
30
38. Five German states have admitted using a controversial backdoorTrojan
to spy on criminal suspects.
Samples of the so-called R2D2 (AKA "0zapftis")Trojan came into the
possession of the ChaosComputer Club (CCC), which published an
analysis of the code last weekend.
German federal law allows the use of malware to eavesdrop on Skype
conversations. But the CCC analysis suggests that the specificTrojan it
wrote about is capable of a far wider range of functions than this –
including establishing a backdoor on compromised machines and
keystroke logging.
http://www.theregister.co.uk/2011/10/12/bundestrojaner/
38