Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

The Federal Government Offers a Case Study in Bad Email Tracking

EFF: “The U.S. government sends a lot of emails. Like any large, modern organization, it wants to “optimize” for “user engagement” using “analytics” and “big data.” In practice, that means tracking the people it communicates with—secretly, thoroughly, and often, insecurely. Granicus is a third-party contractor that builds communication tools to help governments engage constituents online. The company offers services for social media, websites, and email, and it boasts of serving over 4,000 federal, state, and local agencies, from the city of Oakland to the U.S. Veterans Administration to HealthCare.gov. In 2016, the company merged with GovDelivery, another government-services provider. It appears that parts of the federal government have been working with GovDelivery, now Granicus, since at least 2012. Last October, we took a closer look at some of the emails sent with Granicus’s platform, specifically those from the whitehouse.gov mailing list, which used the GovDelivery email service until very recently. The White House changed its email management platform shortly after we began our investigation for this article. However, several other agencies and many state and city governments still use Granicus as their mailing list distributors.

The emails we looked at, sent to subscribers of the Whitehouse.gov email list in October 2018, happen to be an exemplary case study of everything wrong with the email tracking landscape, from unintentional and intentional privacy leaks to a failure to adhere to basic security standards. Not only does Granicus know exactly who is opening which email and when, but in the emails we studied, all of that information is sent without encryption by default, so network observers can see it too. Ironically, even the White House’s Privacy Policy is hidden behind one of the tracking link…”

(Don’t) Return to Sender: How to Protect Yourself From Email Tracking

EFF: “There are a lot of different ways to track email, and different techniques can lie anywhere on the spectrum from marginally acceptable to atrocious. Responsible tracking should aggregate a minimal amount of anonymous data, similar to page hits: enough to let the sender get a sense of how well their campaign is doing without invading users’… Continue Reading

Shutdown: Dot-gov websites vulnerable to cyberattacks, certificates expiring amid funding pause

Netcraft – .gov security falters during U.S. shutdown: “Dozens of U.S. government websites have been rendered either insecure or inaccessible during the ongoing U.S. federal shutdown. These sites include sensitive government payment portals and remote access services, affecting the likes of NASA, the U.S. Department of Justice, and the Court of Appeals.  With around 400,000… Continue Reading

Our Cellphones Aren’t Safe

Opinion | Our Cellphones Aren’t Safe – The New York Times: “Security flaws threaten our privacy and bank accounts. So why aren’t we fixing them? America’s cellular network is as vital to society as the highway system and power grids. Vulnerabilities in the mobile phone infrastructure threaten not only personal privacy and security, but also… Continue Reading

Measuring the “Filter Bubble”: How Google is influencing what you click

DuckDuckGo Blog: “Over the years, there has been considerable discussion of Google’s “filter bubble” problem. Put simply, it’s the manipulation of your search results based on your personal data. In practice this means links are moved up or down or added to your Google search results, necessitating the filtering of other search results altogether. These… Continue Reading

How to Delete Online Accounts You No Longer Need

Consumer Reports – Having too many digital accounts raises your risk of data being misused or stolen. Here’s how to clean house. By Thomas Germain. December 27, 2018 [h/t Pete Weiss] “Deleting online accounts is one of the best ways to protect your data security and privacy. The less data you have stored on corporate databases… Continue Reading

Pete Recommends – Weekly highlights on cyber security issues December 2018

Before the end of 2018, please take some time to catch-up with the cyber related updates provided by Pete Weiss every week on LLRX. Pete Weiss highlights articles and information that focus on the increasingly complex and wide ranging ways technology is used to compromise and diminish our privacy and security, often without our situational… Continue Reading

Teaching Cybersecurity Law and Policy: Revised 62-Page Syllabus/Primer

Teaching Cybersecurity Law and Policy: My Revised 62-Page Syllabus/Primer (Bobby Chesney,  Charles I. Francis Professor in Law and Associate Dean for Academic Affairs at the University of Texas School of Law) – “Cybersecurity law and policy is a fun subject to teach. There is vast room for creativity in selecting topics, readings and learning objectives.… Continue Reading

DC slaps Facebook with latest suit targeting privacy lapses

WASHINGTON (AP) — The District of Columbia has fired the latest legal salvo against Facebook with a lawsuit seeking to punish the social networking company for allowing data-mining firm Cambridge Analytica to improperly access data from as many as 87 million users . “The complaint filed Wednesday by Washington, D.C., Attorney General Karl Racine alleges… Continue Reading

Essay – It’s Time for a Bill of Data Rights

“This essay argues that “data ownership” is a flawed, counterproductive way of thinking about data. It not only does not fix existing problems; it creates new ones. Instead, we need a framework that gives people rights to stipulate how their data is used without requiring them to take ownership of it themselves. The Data Care Act, a bill introduced… Continue Reading

Why the US Needs a National AI Strategy and What It Should Look Like

Joshua New, senior policy analyst at the Center for Data Innovation – “The United States is the global leader in developing and using artificial intelligence (AI), but it may not be for long. Succeeding in AI requires more than just having leading companies make investments. It requires a healthy ecosystem of AI companies, robust AI… Continue Reading

Computational Propaganda Project Report on Russia’s Internet Research Agency

The Computational Propaganda Project – Algorithms, Automation and Digital Politics. Philip N. Howard, Bharath Ganesh, Dimitra Liotsiou, John Kelly & Camille François, “The IRA, Social Media and Political Polarization in the United States, 2012-2018.” Working Paper 2018.2. Oxford, UK: Project on Computational Propaganda. comprop.oii.ox.ac.uk. 46 pp. “Russia’s Internet Research Agency (IRA) launched an extended attack… Continue Reading