“In some situations, a complex password can help you. But in others—like when the company holding your password stores it in plain text, without encrypting it—that complexity is meaningless. And some passwords may seem complex, when they’re actually pretty easy to guess. They can trip you up, even if they’re stored using cryptographic techniques, when someone hacks into the machines that they live on. The lesson here is that system administrators—the people who oversee all those password rules you have to follow—need to shoulder a bit more of the work. They need to better understand what makes a secure password—and how passwords should be stored. “Everyone is confused in this space,” says Cormac Herley, a Microsoft researcher who’s been studying passwords for years. System administrators will lay down rules for passwords but often, “we don’t know half of why we’re doing this stuff.,” says Herley. And they may not realize they should be spending their time securing systems in other ways.”
It turns out that all that de-identified data may not be so anonymous after all.
So argues Arvind Narayanan, a Princeton computer scientist who first made waves in the privacy community by co-authoring a 2006 paper showing that Netflix users and their entire rental histories could be identified by cross-referencing supposedly anonymous Netflix ratings with the Internet Movie Database. Narayanan and fellow Princeton professor Edward Felten delivered the latest blow to the case of de-identification proponents (those who maintain that de-identification is viable) with a July 9 paper that makes a serious case for data paranoia.
They argue that de-identification doesn’t work—in theory or in practice—and that those who say it does are promoting a “false sense of security” by naively underestimating the attackers who might try to deduce personal information from big data.
“The agency intercepts “millions of images per day” — including about 55,000 “facial recognition quality images” — which translate into “tremendous untapped potential,” according to 2011 documents obtained from the former agency contractor Edward J. Snowden. While once focused on written and oral communications, the N.S.A. now considers facial images, fingerprints and other identifiers just as important to its mission of tracking suspected terrorists and other intelligence targets, the documents show.”
“The high number of hacking victims is said to be due to two factors: the increasing dependency of Americans on online transactions and the sophistication of a new generation of hackers. “Now attackers are very focused,” Brendan Hannigan, the head of IBM’s security systems division, told CNN Money. “There are teams of them, and they create malware to attack specific organizations.””
“Maybe down the road our heartbeat, for example, becomes the main way we prove our identities," Sethi said. "And if we didn’t protect it 10 years ago, we don’t have a way of correcting it. So we have to treat it as serious now because we can’t predict the future.”
“Facebook created order out of chaos," Bader said in an interview with us. "But that order was very constricting. It trained us to share in a certain way, to curate our identities, to put forward things we wouldn’t be judged for. … It can be stressful after a while.”
“The records we received show that the face recognition component of NGI may include as many as 52 million face images by 2015. By 2012, NGI already contained 13.6 million images representing between 7 and 8 million individuals, and by the middle of 2013, the size of the database increased to 16 million images. The new records reveal that the database will be capable of processing 55,000 direct photo enrollments daily and of conducting tens of thousands of searches every day.”
““Plaintiff has shown that the geolocation software can provide a location for an infringing IP address; however, Plaintiff has not shown how this geolocation software can establish the identity of the Defendant,” Ungaro wrote in an order last week. “There is nothing that links the IP address location to the identity of the person actually downloading and viewing Plaintiff’s videos, and establishing whether that person lives in this district,” she adds.”
“Ten years ago, I would have judged people over the course of several conversations. Now I evaluate them based on a few snippets of their social media presence. Whether you portray yourself as a professional sex symbol or a morally upstanding member of the PTA, we all do this kind of self-branding now.”