SlideShare a Scribd company logo
Internet
                           Privacy & Security
                            Follies & Foibles
                                Jordan Jones
                         NGS Luncheon / RootsTech 2013




Saturday, March 23, 13                                   1
How Many of You Use?


                    Evernote        Pinterest

                    Dropbox         Amazon

                    Twitter         Tumblr

                    Google          Apple

                    Facebook        Microsoft




Saturday, March 23, 13                          2
How Privacy Can be Breached

              The Privacy Rights Clearinghouse categorizes privacy
              breaches as:

                         Unintended Disclosure   Portable Device

                         Hacking or Malware      Stationary Device

                         Payment Card Fraud      Unknown or Other

                         Insider

                         Physical Loss


Saturday, March 23, 13                                               3
Read It and Weep


             In 2011, it was revealed that the iOS and Android apps
             of Facebook and Dropbox were accessible to anyone
             with physical access to the mobile device ...

             ... the passwords were in unencrypted text files.

             Cause: Unintended Disclosure




Saturday, March 23, 13                                                4
4 Hour Free-for-All


                June 20, 2011 – Dropbox announced that during a four-
                hour period ...

                ... a bug in their authentication software would have
                allowed anyone access to any account, without a
                password.
                Cause: Unintended Disclosure




Saturday, March 23, 13                                                  5
E-mail Switcheroo


              August 1, 2012 – Dropbox revealed that someone
              hacked into an employee’s account and gained access to
              a list of customer e-mail addresses, which were then
              spammed.

             Additionally, “usernames and passwords stolen from
             other sites had also been used to sign in to” Dropbox
             accounts.
             Cause: Unintended Disclosure / Hacking or Malware



Saturday, March 23, 13                                                 6
The Zen of Hacking



             February 21, 2013 – Zendesk was hacked. Customer e-
             mail addresses, the subject lines of support e-mail (and
             possibly phone numbers) for users of Twitter, Pinterest,
             and Tumblr were stolen.
             Cause: Hacking or Malware




Saturday, March 23, 13                                                  7
Yes, Microsoft runs Mac OS


              February 22, 2013 – Microsoft was hacked. It is unclear
              what information if any was stolen. The method was
              similar to one recently used successfully against Apple,
              Facebook, and Twitter.

             A virus was placed on a legitimate website. This
             exploited a “zero day” (as yet unknown) security hole
             in Java for Mac OS X.
             Cause: Hacking or Malware



Saturday, March 23, 13                                                   8
Hacktopia


              March 3, 2013 – Evernote was hacked. “User names,
              email addresses, and encrypted passwords may have
              been exposed.”

              “A total of 50 million users were told to reset their
              passwords.”

             Cause: Hacking or Malware




Saturday, March 23, 13                                                9
Information Wants to Be Free




Saturday, March 23, 13                            10
Information Wants to be Free


              “On the one hand information wants to be expensive,
              because it’s so valuable. The right information in the
              right place just changes your life. On the other hand,
              information wants to be free, because the cost of getting
              it out is getting lower and lower all the time. So you
              have these two fighting against each other.”

                    — Stewart Brand, 1st Hackers Conference, 1984




Saturday, March 23, 13                                                    11
Two Kinds of Freedom




              1. Free as in beer

              2. Free as in speech




Saturday, March 23, 13                          12
Jones’s Corollary to Brand’s
                                    Law
              “Information is like water; information wants to flow
              free.” Thanks to Moore’s law and innovation, it is
              constantly getting cheaper and easier for:

                         You to share data with people

                         You accidentally to share information with people

                         Others to share information you gave them, wider
                         than you wanted

                         Someone to steal or leak your information

Saturday, March 23, 13                                                       13
Consequences for Records
                         Access of Jones’s Corollary




Saturday, March 23, 13                                 14
Open Access vs. Privacy

                    Especially since 9/11, federal and state agencies have
                    been tightening access to public records of interest to
                    genealogists.

                    The fact that information wants to flow like water
                    means anything private and divulged can be
                    disseminated further than prior to the Internet.

                    The most obvious example of government tightening
                    down access to electronic records is the SSDI.



Saturday, March 23, 13                                                        15
SSDI


                    The Social Security Death Index (SSDI) is based on
                    the Social Security Administration’s Master Death
                    File (MDF).

                    The MDF includes about 90 million names of people
                    who have died and whose deaths have been reported
                    to the SSA.




Saturday, March 23, 13                                                   16
Fraud Based on
                                  MDF Data
                    The MDF was released due to a Freedom-of-
                    Information ruling.

                    It was expected to help combat fraud.

                    Banks and other creditors could quickly determine
                    whether the person was dead according to the MDF.

                    The IRS was apparently not using this method to
                    check returns and several people had the identities of
                    their deceased children stolen.


Saturday, March 23, 13                                                       17
Removal of State Records


                    In the process of looking at the privacy implications
                    of the MDF / SSDI, the SSA noticed that some state
                    records were being improperly divulged. As a result:

                         SSA expunged 4 million records in Nov. 2011

                         SSA decreased the number of records added
                         annually by about 1/3 (from 2.8 to 1.8 million)




Saturday, March 23, 13                                                      18
What’s Happening Now


                    At least four federal bills have been introduced that
                    would limit access to the MDF / SSDI:
                         HR 295 “Protect and Save Act of 2013”

                         HR 466 “Social Security Death Master File Privacy Act of 2013”

                         HR 531 “Tax Crimes and Identity Theft Prevention”


                         HR 926 “Social Security Identity Defense Act of 2013”




Saturday, March 23, 13                                                                    19
Genealogy Partnerships


                    Records Preservation and Access Committee
                         Voting Members: The National Genealogical Society (NGS), the
                         Federation of Genealogical Societies (FGS) and the International
                         Association of Jewish Genealogical Societies (IAJGS)

                         Non-Voting Members: The Association of Professional Genealogists
                         (APG), the Board for Certification of Genealogists (BCG), the American
                         Society of Genealogists (ASG), ProQuest and Ancestry.com




Saturday, March 23, 13                                                                           20
Digital Due Process Coalition

                    RPAC has joined the Digital Due Process coalition,
                    along with

                         key technology leaders (Adobe, Apple, Dell,
                         Facebook, Google, HP, IBM, Intel, Microsoft,
                         Oracle, Twitter) as well as

                         leaders in content (Newspaper Association of
                         America, American Library Association,
                         Association of Research Libraries)



Saturday, March 23, 13                                                   21
Why This Matters


                    What we need is a balance between open access and
                    privacy

                    As members of the privacy community, we can reflect
                    our existing goals to maintain privacy while retaining
                    open records




Saturday, March 23, 13                                                       22
What Can You Do?




Saturday, March 23, 13                      23
Protect Your Data

                         Protect your data as much as you can.

                           Post wisely. Don’t post anything on the Internet
                           that would harm you if it were divulged

                           Encrypt your most sensitive data.

                           Clear browser cookies and cache periodically

                           Use private browsing when on public computers

                           Create strong, unique passwords


Saturday, March 23, 13                                                        24
Act Responsibly

                    Avoid sharing personally identifying information,
                    especially of living or recently deceased persons

                         Use privacy filtering and never publish
                         information on living persons without their
                         permission

                         Consider creating a public file and a private file if
                         sharing information in genealogical databases, as
                         the filters might not do what you expect.



Saturday, March 23, 13                                                         25
Advocate for a
                               Balanced Approach

                    Learn about the need for balance between privacy
                    and openness in genealogical data.

                    Share what you learn with your

                         genealogy society

                         genealogy software providers

                         legislators



Saturday, March 23, 13                                                 26
REFERENCES




Saturday, March 23, 13                27
References


                    Digital Data Breach Search Tool:
                    http://www.privacyrights.org/data-breach/new

                    FAQ Entry on the SSDI
                    https://www.privacyrights.org/fs/fs10-ssn.htm#death

                    Letter to the House Ways and Means Committee from Leslie Brinkley
                    Lawson, President, Council for the Advancement of Forensic Genealogy
                    http://waysandmeans.house.gov/uploadedfiles/sfr_cafg_ss_2_2_12.pdf




Saturday, March 23, 13                                                                     28
References


                    BBC, “Dropbox details security breach that caused spam attack” http://
                    www.bbc.co.uk/news/technology-19079353

                    New York Times, “Researchers Wring Hands as U.S. Clamps Down on Death
                    Record Access”
                    http://www.nytimes.com/2012/10/09/us/social-security-death-record-
                    limits-hinder-researchers.html

                    Wired, “Zendesk Security Breach Affects Twitter, Tumblr and Pinterest,”
                    http://www.wired.com/threatlevel/2013/02/twitter-tumblr-pinterest/




Saturday, March 23, 13                                                                        29
References


                    Records Preservation and Access Committee
                    A joint committee of FGS, NGS, and IAJGS
                    http://www.fgs.org/rpac/

                    Digital Due Process Coalition
                    http://www.digitaldueprocess.org/

                    Center for Democracy & Technology
                    https://www.cdt.org/




Saturday, March 23, 13                                          30
References


                    Genealogical Privacy blog
                    http://www.genealogicalprivacy.org/

                    Electronic Freedom Foundation
                    https://www.eff.org/

                    Electronic Privacy Information Center
                    http://epic.org/




Saturday, March 23, 13                                      31
Forthcoming




Saturday, March 23, 13                 32
Join us in Las Vegas




Saturday, March 23, 13                          33
These slides will be available at

                           genealogymedia.com/talks

                                       and

                         slideshare.net/genealogymedia




Saturday, March 23, 13                                       34

More Related Content

Similar to Internet Privacy and Security Follies and Foibles

Social Networks and the Patent Information Industry
Social Networks and the Patent Information IndustrySocial Networks and the Patent Information Industry
Social Networks and the Patent Information Industry
Arne Krueger
 
Data protection & government schemes
Data protection & government schemesData protection & government schemes
Data protection & government schemes
Mathew Thomas
 
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docx1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
RAJU852744
 
Open Data Bay Area (OBDA) | Kurt Bollacker: Public Metadata Commons
Open Data Bay Area (OBDA) | Kurt Bollacker: Public Metadata CommonsOpen Data Bay Area (OBDA) | Kurt Bollacker: Public Metadata Commons
Open Data Bay Area (OBDA) | Kurt Bollacker: Public Metadata Commons
Domino Data Lab
 
Authorship: Copyleft Basics
Authorship: Copyleft BasicsAuthorship: Copyleft Basics
Authorship: Copyleft Basics
Krista Kennedy
 
1- Read Chapter 3 of the textbook  Question 08What character.docx
1- Read Chapter 3 of the textbook  Question 08What character.docx1- Read Chapter 3 of the textbook  Question 08What character.docx
1- Read Chapter 3 of the textbook  Question 08What character.docx
karisariddell
 
Computer Crimes: An American Case Study
Computer Crimes: An American Case StudyComputer Crimes: An American Case Study
Computer Crimes: An American Case Study
Eddan Katz
 
The digital divide in the post-Snowden era
The digital divide in the post-Snowden eraThe digital divide in the post-Snowden era
The digital divide in the post-Snowden era
Ian Clark
 

Similar to Internet Privacy and Security Follies and Foibles (8)

Social Networks and the Patent Information Industry
Social Networks and the Patent Information IndustrySocial Networks and the Patent Information Industry
Social Networks and the Patent Information Industry
 
Data protection & government schemes
Data protection & government schemesData protection & government schemes
Data protection & government schemes
 
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docx1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
 
Open Data Bay Area (OBDA) | Kurt Bollacker: Public Metadata Commons
Open Data Bay Area (OBDA) | Kurt Bollacker: Public Metadata CommonsOpen Data Bay Area (OBDA) | Kurt Bollacker: Public Metadata Commons
Open Data Bay Area (OBDA) | Kurt Bollacker: Public Metadata Commons
 
Authorship: Copyleft Basics
Authorship: Copyleft BasicsAuthorship: Copyleft Basics
Authorship: Copyleft Basics
 
1- Read Chapter 3 of the textbook  Question 08What character.docx
1- Read Chapter 3 of the textbook  Question 08What character.docx1- Read Chapter 3 of the textbook  Question 08What character.docx
1- Read Chapter 3 of the textbook  Question 08What character.docx
 
Computer Crimes: An American Case Study
Computer Crimes: An American Case StudyComputer Crimes: An American Case Study
Computer Crimes: An American Case Study
 
The digital divide in the post-Snowden era
The digital divide in the post-Snowden eraThe digital divide in the post-Snowden era
The digital divide in the post-Snowden era
 

More from GenealogyMedia.com

Turbo Charge Your Research Planning with Trello.pdf
Turbo Charge Your Research Planning with Trello.pdfTurbo Charge Your Research Planning with Trello.pdf
Turbo Charge Your Research Planning with Trello.pdf
GenealogyMedia.com
 
Turbo Charge Your Research Planning with Trello.pptx
Turbo Charge Your Research Planning with Trello.pptxTurbo Charge Your Research Planning with Trello.pptx
Turbo Charge Your Research Planning with Trello.pptx
GenealogyMedia.com
 
Evernote for Genealogists
Evernote for GenealogistsEvernote for Genealogists
Evernote for Genealogists
GenealogyMedia.com
 
Beyond Google: The Evolution of Search - NGS 2017
Beyond Google: The Evolution of Search - NGS 2017Beyond Google: The Evolution of Search - NGS 2017
Beyond Google: The Evolution of Search - NGS 2017
GenealogyMedia.com
 
Researching Your Civil War Carolinian
Researching Your Civil War CarolinianResearching Your Civil War Carolinian
Researching Your Civil War Carolinian
GenealogyMedia.com
 
Genealogy in the Cloud - NGS 2015
Genealogy in the Cloud - NGS 2015Genealogy in the Cloud - NGS 2015
Genealogy in the Cloud - NGS 2015
GenealogyMedia.com
 
Evernote for Genealogists - NGS 2015
Evernote for Genealogists - NGS 2015Evernote for Genealogists - NGS 2015
Evernote for Genealogists - NGS 2015
GenealogyMedia.com
 
FGS 2014 - Electronic Publishing Fundamentals for Society Leaders
FGS 2014 - Electronic Publishing Fundamentals for Society LeadersFGS 2014 - Electronic Publishing Fundamentals for Society Leaders
FGS 2014 - Electronic Publishing Fundamentals for Society Leaders
GenealogyMedia.com
 
FGS 2015 - Strategic Planning for Society Leaders
FGS 2015 - Strategic Planning for Society LeadersFGS 2015 - Strategic Planning for Society Leaders
FGS 2015 - Strategic Planning for Society Leaders
GenealogyMedia.com
 
Beyond Google: Advanced Search
Beyond Google: Advanced SearchBeyond Google: Advanced Search
Beyond Google: Advanced Search
GenealogyMedia.com
 
Social Media: Share Your Genealogy
Social Media: Share Your GenealogySocial Media: Share Your Genealogy
Social Media: Share Your Genealogy
GenealogyMedia.com
 
Cloud Computing and Genealogical Collaboration
Cloud Computing and Genealogical CollaborationCloud Computing and Genealogical Collaboration
Cloud Computing and Genealogical Collaboration
GenealogyMedia.com
 
Building and Maintaining Genealogical Websites
Building and Maintaining Genealogical WebsitesBuilding and Maintaining Genealogical Websites
Building and Maintaining Genealogical Websites
GenealogyMedia.com
 
Blogs, Wikis, and Flickr: Oh My!: Syllabus
Blogs, Wikis, and Flickr: Oh My!: SyllabusBlogs, Wikis, and Flickr: Oh My!: Syllabus
Blogs, Wikis, and Flickr: Oh My!: Syllabus
GenealogyMedia.com
 
Beyond Google: Advanced Internet Search Tips and Tricks
Beyond Google: Advanced Internet Search Tips and TricksBeyond Google: Advanced Internet Search Tips and Tricks
Beyond Google: Advanced Internet Search Tips and Tricks
GenealogyMedia.com
 
Blogs, Wikis, & Flickr: Oh My!
Blogs, Wikis, & Flickr: Oh My!Blogs, Wikis, & Flickr: Oh My!
Blogs, Wikis, & Flickr: Oh My!
GenealogyMedia.com
 
Genealogy: Getting Started
Genealogy: Getting StartedGenealogy: Getting Started
Genealogy: Getting Started
GenealogyMedia.com
 
Smart Internet Searching for Genealogists
Smart Internet Searching for GenealogistsSmart Internet Searching for Genealogists
Smart Internet Searching for Genealogists
GenealogyMedia.com
 
Web 2.0 for Genealogists
Web 2.0 for GenealogistsWeb 2.0 for Genealogists
Web 2.0 for Genealogists
GenealogyMedia.com
 

More from GenealogyMedia.com (19)

Turbo Charge Your Research Planning with Trello.pdf
Turbo Charge Your Research Planning with Trello.pdfTurbo Charge Your Research Planning with Trello.pdf
Turbo Charge Your Research Planning with Trello.pdf
 
Turbo Charge Your Research Planning with Trello.pptx
Turbo Charge Your Research Planning with Trello.pptxTurbo Charge Your Research Planning with Trello.pptx
Turbo Charge Your Research Planning with Trello.pptx
 
Evernote for Genealogists
Evernote for GenealogistsEvernote for Genealogists
Evernote for Genealogists
 
Beyond Google: The Evolution of Search - NGS 2017
Beyond Google: The Evolution of Search - NGS 2017Beyond Google: The Evolution of Search - NGS 2017
Beyond Google: The Evolution of Search - NGS 2017
 
Researching Your Civil War Carolinian
Researching Your Civil War CarolinianResearching Your Civil War Carolinian
Researching Your Civil War Carolinian
 
Genealogy in the Cloud - NGS 2015
Genealogy in the Cloud - NGS 2015Genealogy in the Cloud - NGS 2015
Genealogy in the Cloud - NGS 2015
 
Evernote for Genealogists - NGS 2015
Evernote for Genealogists - NGS 2015Evernote for Genealogists - NGS 2015
Evernote for Genealogists - NGS 2015
 
FGS 2014 - Electronic Publishing Fundamentals for Society Leaders
FGS 2014 - Electronic Publishing Fundamentals for Society LeadersFGS 2014 - Electronic Publishing Fundamentals for Society Leaders
FGS 2014 - Electronic Publishing Fundamentals for Society Leaders
 
FGS 2015 - Strategic Planning for Society Leaders
FGS 2015 - Strategic Planning for Society LeadersFGS 2015 - Strategic Planning for Society Leaders
FGS 2015 - Strategic Planning for Society Leaders
 
Beyond Google: Advanced Search
Beyond Google: Advanced SearchBeyond Google: Advanced Search
Beyond Google: Advanced Search
 
Social Media: Share Your Genealogy
Social Media: Share Your GenealogySocial Media: Share Your Genealogy
Social Media: Share Your Genealogy
 
Cloud Computing and Genealogical Collaboration
Cloud Computing and Genealogical CollaborationCloud Computing and Genealogical Collaboration
Cloud Computing and Genealogical Collaboration
 
Building and Maintaining Genealogical Websites
Building and Maintaining Genealogical WebsitesBuilding and Maintaining Genealogical Websites
Building and Maintaining Genealogical Websites
 
Blogs, Wikis, and Flickr: Oh My!: Syllabus
Blogs, Wikis, and Flickr: Oh My!: SyllabusBlogs, Wikis, and Flickr: Oh My!: Syllabus
Blogs, Wikis, and Flickr: Oh My!: Syllabus
 
Beyond Google: Advanced Internet Search Tips and Tricks
Beyond Google: Advanced Internet Search Tips and TricksBeyond Google: Advanced Internet Search Tips and Tricks
Beyond Google: Advanced Internet Search Tips and Tricks
 
Blogs, Wikis, & Flickr: Oh My!
Blogs, Wikis, & Flickr: Oh My!Blogs, Wikis, & Flickr: Oh My!
Blogs, Wikis, & Flickr: Oh My!
 
Genealogy: Getting Started
Genealogy: Getting StartedGenealogy: Getting Started
Genealogy: Getting Started
 
Smart Internet Searching for Genealogists
Smart Internet Searching for GenealogistsSmart Internet Searching for Genealogists
Smart Internet Searching for Genealogists
 
Web 2.0 for Genealogists
Web 2.0 for GenealogistsWeb 2.0 for Genealogists
Web 2.0 for Genealogists
 

Recently uploaded

LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
RAHUL
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
Nicholas Montgomery
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Denish Jangid
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
Nguyen Thanh Tu Collection
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
haiqairshad
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
GeorgeMilliken2
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
Priyankaranawat4
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
PECB
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
adhitya5119
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
Diana Rendina
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
Celine George
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
S. Raj Kumar
 

Recently uploaded (20)

LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
Reimagining Your Library Space: How to Increase the Vibes in Your Library No ...
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
 

Internet Privacy and Security Follies and Foibles

  • 1. Internet Privacy & Security Follies & Foibles Jordan Jones NGS Luncheon / RootsTech 2013 Saturday, March 23, 13 1
  • 2. How Many of You Use? Evernote Pinterest Dropbox Amazon Twitter Tumblr Google Apple Facebook Microsoft Saturday, March 23, 13 2
  • 3. How Privacy Can be Breached The Privacy Rights Clearinghouse categorizes privacy breaches as: Unintended Disclosure Portable Device Hacking or Malware Stationary Device Payment Card Fraud Unknown or Other Insider Physical Loss Saturday, March 23, 13 3
  • 4. Read It and Weep In 2011, it was revealed that the iOS and Android apps of Facebook and Dropbox were accessible to anyone with physical access to the mobile device ... ... the passwords were in unencrypted text files. Cause: Unintended Disclosure Saturday, March 23, 13 4
  • 5. 4 Hour Free-for-All June 20, 2011 – Dropbox announced that during a four- hour period ... ... a bug in their authentication software would have allowed anyone access to any account, without a password. Cause: Unintended Disclosure Saturday, March 23, 13 5
  • 6. E-mail Switcheroo August 1, 2012 – Dropbox revealed that someone hacked into an employee’s account and gained access to a list of customer e-mail addresses, which were then spammed. Additionally, “usernames and passwords stolen from other sites had also been used to sign in to” Dropbox accounts. Cause: Unintended Disclosure / Hacking or Malware Saturday, March 23, 13 6
  • 7. The Zen of Hacking February 21, 2013 – Zendesk was hacked. Customer e- mail addresses, the subject lines of support e-mail (and possibly phone numbers) for users of Twitter, Pinterest, and Tumblr were stolen. Cause: Hacking or Malware Saturday, March 23, 13 7
  • 8. Yes, Microsoft runs Mac OS February 22, 2013 – Microsoft was hacked. It is unclear what information if any was stolen. The method was similar to one recently used successfully against Apple, Facebook, and Twitter. A virus was placed on a legitimate website. This exploited a “zero day” (as yet unknown) security hole in Java for Mac OS X. Cause: Hacking or Malware Saturday, March 23, 13 8
  • 9. Hacktopia March 3, 2013 – Evernote was hacked. “User names, email addresses, and encrypted passwords may have been exposed.” “A total of 50 million users were told to reset their passwords.” Cause: Hacking or Malware Saturday, March 23, 13 9
  • 10. Information Wants to Be Free Saturday, March 23, 13 10
  • 11. Information Wants to be Free “On the one hand information wants to be expensive, because it’s so valuable. The right information in the right place just changes your life. On the other hand, information wants to be free, because the cost of getting it out is getting lower and lower all the time. So you have these two fighting against each other.” — Stewart Brand, 1st Hackers Conference, 1984 Saturday, March 23, 13 11
  • 12. Two Kinds of Freedom 1. Free as in beer 2. Free as in speech Saturday, March 23, 13 12
  • 13. Jones’s Corollary to Brand’s Law “Information is like water; information wants to flow free.” Thanks to Moore’s law and innovation, it is constantly getting cheaper and easier for: You to share data with people You accidentally to share information with people Others to share information you gave them, wider than you wanted Someone to steal or leak your information Saturday, March 23, 13 13
  • 14. Consequences for Records Access of Jones’s Corollary Saturday, March 23, 13 14
  • 15. Open Access vs. Privacy Especially since 9/11, federal and state agencies have been tightening access to public records of interest to genealogists. The fact that information wants to flow like water means anything private and divulged can be disseminated further than prior to the Internet. The most obvious example of government tightening down access to electronic records is the SSDI. Saturday, March 23, 13 15
  • 16. SSDI The Social Security Death Index (SSDI) is based on the Social Security Administration’s Master Death File (MDF). The MDF includes about 90 million names of people who have died and whose deaths have been reported to the SSA. Saturday, March 23, 13 16
  • 17. Fraud Based on MDF Data The MDF was released due to a Freedom-of- Information ruling. It was expected to help combat fraud. Banks and other creditors could quickly determine whether the person was dead according to the MDF. The IRS was apparently not using this method to check returns and several people had the identities of their deceased children stolen. Saturday, March 23, 13 17
  • 18. Removal of State Records In the process of looking at the privacy implications of the MDF / SSDI, the SSA noticed that some state records were being improperly divulged. As a result: SSA expunged 4 million records in Nov. 2011 SSA decreased the number of records added annually by about 1/3 (from 2.8 to 1.8 million) Saturday, March 23, 13 18
  • 19. What’s Happening Now At least four federal bills have been introduced that would limit access to the MDF / SSDI: HR 295 “Protect and Save Act of 2013” HR 466 “Social Security Death Master File Privacy Act of 2013” HR 531 “Tax Crimes and Identity Theft Prevention” HR 926 “Social Security Identity Defense Act of 2013” Saturday, March 23, 13 19
  • 20. Genealogy Partnerships Records Preservation and Access Committee Voting Members: The National Genealogical Society (NGS), the Federation of Genealogical Societies (FGS) and the International Association of Jewish Genealogical Societies (IAJGS) Non-Voting Members: The Association of Professional Genealogists (APG), the Board for Certification of Genealogists (BCG), the American Society of Genealogists (ASG), ProQuest and Ancestry.com Saturday, March 23, 13 20
  • 21. Digital Due Process Coalition RPAC has joined the Digital Due Process coalition, along with key technology leaders (Adobe, Apple, Dell, Facebook, Google, HP, IBM, Intel, Microsoft, Oracle, Twitter) as well as leaders in content (Newspaper Association of America, American Library Association, Association of Research Libraries) Saturday, March 23, 13 21
  • 22. Why This Matters What we need is a balance between open access and privacy As members of the privacy community, we can reflect our existing goals to maintain privacy while retaining open records Saturday, March 23, 13 22
  • 23. What Can You Do? Saturday, March 23, 13 23
  • 24. Protect Your Data Protect your data as much as you can. Post wisely. Don’t post anything on the Internet that would harm you if it were divulged Encrypt your most sensitive data. Clear browser cookies and cache periodically Use private browsing when on public computers Create strong, unique passwords Saturday, March 23, 13 24
  • 25. Act Responsibly Avoid sharing personally identifying information, especially of living or recently deceased persons Use privacy filtering and never publish information on living persons without their permission Consider creating a public file and a private file if sharing information in genealogical databases, as the filters might not do what you expect. Saturday, March 23, 13 25
  • 26. Advocate for a Balanced Approach Learn about the need for balance between privacy and openness in genealogical data. Share what you learn with your genealogy society genealogy software providers legislators Saturday, March 23, 13 26
  • 28. References Digital Data Breach Search Tool: http://www.privacyrights.org/data-breach/new FAQ Entry on the SSDI https://www.privacyrights.org/fs/fs10-ssn.htm#death Letter to the House Ways and Means Committee from Leslie Brinkley Lawson, President, Council for the Advancement of Forensic Genealogy http://waysandmeans.house.gov/uploadedfiles/sfr_cafg_ss_2_2_12.pdf Saturday, March 23, 13 28
  • 29. References BBC, “Dropbox details security breach that caused spam attack” http:// www.bbc.co.uk/news/technology-19079353 New York Times, “Researchers Wring Hands as U.S. Clamps Down on Death Record Access” http://www.nytimes.com/2012/10/09/us/social-security-death-record- limits-hinder-researchers.html Wired, “Zendesk Security Breach Affects Twitter, Tumblr and Pinterest,” http://www.wired.com/threatlevel/2013/02/twitter-tumblr-pinterest/ Saturday, March 23, 13 29
  • 30. References Records Preservation and Access Committee A joint committee of FGS, NGS, and IAJGS http://www.fgs.org/rpac/ Digital Due Process Coalition http://www.digitaldueprocess.org/ Center for Democracy & Technology https://www.cdt.org/ Saturday, March 23, 13 30
  • 31. References Genealogical Privacy blog http://www.genealogicalprivacy.org/ Electronic Freedom Foundation https://www.eff.org/ Electronic Privacy Information Center http://epic.org/ Saturday, March 23, 13 31
  • 33. Join us in Las Vegas Saturday, March 23, 13 33
  • 34. These slides will be available at genealogymedia.com/talks and slideshare.net/genealogymedia Saturday, March 23, 13 34