Build engaged audiences through publishing by curation.
Sign up with Facebook
Sign up with Twitter
Sign up with Linkedin
I don't have a Facebook, a Twitter or a LinkedIn account
Start a free trial of Scoop.it Business
Research reveals that social networking and mobile are the biggest security concerns for UK enterprises...
Are you sure you want to delete this scoop?
Fordham School of Law’s Center on Law and Information Policy (CLIP), headed by Joel Reidenberg, has released an eye-opening and sobering study of how public schools are handling privacy issues with regard to cloud computing. The study is called "Privacy and Cloud Computing in Public Schools."
Although this report focuses on the use of cloud computing services by K-12 public schools, some of the recommendations for irmprovement could be used by institutions of higher education as they plan and coordinate campus cloud computing services.
When a group of students from Iowa State University (ISU) contacted us earlier this month about forming an ISU Digital Freedom group, they were facing an unexpected problem: despite their simple goal of fostering a healthy conversation around freedom-enhancing software, the university administration denied them official recognition. The university has since granted the Digital Freedom group the green-light to meet on campus, but under unduly restrictive conditions. These students’ story is instructive to students around the country and the world who are concerned about online privacy.
The administration initially denied the Digital Freedom Group's proposal because it did not want ISU students either to advocate for or participate in the “secrecy network” Tor, and would not permit the student group to use any “free software designed to enable online anonymity.” The students had not proposed that a Tor node be established on campus. Rather they asked that they be able to provide a forum to “discuss, learn and practice techniques to anonymize and protect digital communication.”
The students were told they had to gain clearance from the Iowa State University attorneys and security clearance from the university's Chief Information Officer. They were ultimately successful, and Iowa State University is now home to its very own Digital Freedom Group.
Related article from Inside Higher Ed: http://www.insidehighered.com/news/2013/12/10/digital-freedom-groups-road-recognition-sparks-legal-debate-iowa-state-u
A new study suggests bosses may use social-media data to discriminate against job seekers.
What’s the difference between a medical student and a convict? The answer: A convict doesn’t pay $50,000 a year for the privilege of being fingerprinted and patted down.
I am referring, of course, to the increasingly stringent security measures that have come to characterize modern educational testing. As student-evaluation techniques have migrated from face-to-face assessment to computer-based exams administered in dedicated testing centers, evaluators have become less and less likely to know examinees, leading to heightened precautions around exam security.
Stakeholders met in Washington, DC, on November 19 to explore and hash out the privacy and security implications of the Internet of Things (IoT). The rapidly emerging landscape of connected sensors and embedded technology has garnered the attention of the Federal Trade Commission (FTC) of late, but the complexity of the IoT ecosystem was readily apparent during the proceedings.
Called for and led by the FTC, the roundtable was broken into four main panels—the smart home, connected health and fitness, connected cars and connected privacy and security—and featured remarks from FTC Chairwoman Edith Ramirez, Commissioner Maureen Ohlhausen and Bureau of Consumer Protection Director Jessica Rich.
As long as federal and state-level authorities drag their feet on updating privacy standards, higher education institutions and their private sector partners have an opportunity to lead on the issue and drag governments to the negotiating table.
Privacy experts and IT officials delivered that call to action on Thursday during a roundtable discussion that also explored privacy issues in health care and K-12 education. Once the topic turned to higher education, however, panelists were quick to express their frustrations with the aging Family Educational Rights and Privacy Act and the concerns posed by technologies such as cloud storage solutions.
[ACLU's] new policy paper, Losing the Spotlight: A Study of California’s Shine the Light Law, takes a close look at California’s landmark transparency law, why its important and whether current law is doing enough to protect our personal information.
Companies are taking matters into their own hands with internal controls, open privacy policies, ethical codes and greater candor over how they're collecting and parsing personal data.
[Note: This article from The Chronicle of Higher Education is from October 2, 2011. However, it raises campus privacy issues that are still relevant today.]
Because campuses can be prime targets for large-scale acts of violence, they should use technology to identify threats.
LinkedIn released a new product today called Intro. They call it “doing the impossible”, but some might call it “hijacking email”. Why do we say this? Consider the following:
Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of your emails go through LinkedIn’s servers. You read that right. Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to…whatever they feel like.
“But that sounds like a man-in-the-middle attack!” I hear you cry. Yes. Yes it does. Because it is. That’s exactly what it is. And this is a bad thing. If your employees are checking their company email, it’s an especially bad thing.
Why is this so bad? Here’s a list of 10 reasons to start...
Headline after headline, the news is similar if not the same: PII lost, stolen or compromised through human error. And amidst October’s onslaught of breach reports from across the globe, the world’s premiere search engine is acknowledging just how devastating a breach of its data could be.
“If Google were to have a significant data breach today, of any kind, it would be terrible for the company,” Google Executive Chairman Eric Schmidt has said.
However, as The Wall Street Journal reports, he has also indicated Google CEO Larry Page “is ‘so wired’ to the risks that it is ‘inconceivable’ that a major data loss would occur.”
A Harvard task force this month will hold meetings to gather feedback as it develops recommendations on the university’s e-mail privacy policies in the wake of the recent revelation that administrators secretly searched about 14,000 e-mail accounts looking for a leak to the media about the school’s cheating scandal.
Schools across the country are looking at new online ways to integrate and analyze information about their students. But privacy advocates remain wary.
When Cynthia Stevenson, the superintendent of Jefferson County, Colo., public schools, heard about a data repository called inBloom, she thought it sounded like a technological fix for one of her bigger headaches. Over the years, the Jeffco school system, as it is known, which lies west of Denver, had invested in a couple of dozen student data systems, many of which were incompatible.
In fact, there were so many information systems — for things like contact information, grades and disciplinary data, test scores and curriculum planning for the district’s 86,000 students — that teachers had taken to scribbling the various passwords on sticky notes and posting them, insecurely, around classrooms and teachers’ rooms.
There must be a more effective way, Dr. Stevenson felt.
InBloom, a nonprofit corporation based in Atlanta, seemed to offer a solution: it could collect information from the district’s many databases and store it in the cloud, making access easier, and protect it with high-level encryption.
Iowa State’s wrestling with a student group that advocated the use of an anonymizing technology, Tor, is a model in how higher education can address the complex questions of technology, law and policy. Everyone involved in the event deserves a gold star: the students who formed the association, the administration that was willing to change its mind and the CIO and staff who provided solid information and facilitated the education. Athena – i.e. law, philosophy and justice – in the Internet Age does not materialize out of the head of Zeus, unless we deconstruct this myth to appreciate that balance and understanding of the issues will take effort, data, flexibility, patience, communication and good will (remember Athena won the competition with Poseidon to be the patron of Athens with an olive branch, not a sword). In short, Iowa State did exactly as the MIT Report suggested: educating the entire community on issues of technology, law and policy related to the Internet.
Twitter has implemented perfect forward secrecy on traffic to its website, in order to prevent communications from easily being captured and decrypted en masse. The new measure is one that clearly takes aim at the bulk data collection being done by the NSA.
Did you know that Data Privacy Month (January 28-February 28, 2014) is just 2 months away? Use our free resources to start planning your campus activities and events.
Tip: Save the date for a free webinar with special guest speaker Robert Ellis Smith on January 30, 2014 (1-2 pm ET).
Google's chief internet evangelist, Vint Cerf, suggests that privacy is a fairly new development that may not be sustainable. "Privacy may actually be an anomaly," Cerf said at an FTC event yesterday while taking questions. Elaborating, he explained that privacy wasn't even guaranteed a few decades ago: he used to live in a small town without home phones where the postmaster saw who everyone was getting mail from. "In a town of 3,000 people there is no privacy. Everybody knows what everybody is doing."
Rather than privacy being an inherent part of society that's been stripped away by new technology, Cerf says that technology actually created it in the first place. "It’s the industrial revolution and the growth of urban concentrations that led to a sense of anonymity," Cerf said. Cerf warned that he was simplifying his views — "I don't want you to go away thinking I am that shallow about it" — but overall, he believes "it will be increasingly difficult for us to achieve privacy."
Another viewpoint: "Vint Cerf is Wrong. Privacy Is Not An Anomaly"
People say they are responsible for their own online safety, yet do very little to protect the information they share on social media, which increases the risks to themselves and employers, a study shows.
iKeepSafe is pleased to present a new paper intended to spearhead conversation around the ever-growing challenges related to managing data privacy and security in schools.
In the world of digital and mobile product development for children, this has been the year of privacy. Federal Trade Commission scrutiny and new Children’s Online Privacy Protection Act (COPPA) regulations have put a spotlight on industry, and products are being examined and revamped to ensure that they are compliant. The concepts behind the law include minimization of data collected from children, parental consent and control over data that industry might want to collect, and transparency around data collection and handling practices. But what about data collected from and about children in schools?
Although this paper does not specifically address data privacy issues for institutions of higher education, colleges and universities often deal with COPPA, FERPA, and other privacy laws. This paper may provide another perspective as privacy officers host conversations about data privacy on campus.
In February of this year, President Obama issued an Executive Order on Improving Critical Infrastructure Cybersecurity. The Executive Order directed the National Institute of Standards and Technology (NIST) to develop a Cybersecurity Framework to assist owners and operators of critical infrastructure in addressing cybersecurity risks. On October 29, NIST published a preliminary version of the Framework (the “Preliminary Framework”), which is open for public comment through December 13. NIST intends to issue a final version in February 2014. The creation of the framework has, of course, been a major development in the information security community – according to NIST Director Patrick Gallagher, approximately three thousand individuals have been involved to date in the development of the Preliminary Framework. But privacy professionals should be paying attention to the framework as well.
The steady trickle of revelations of government snooping that continues to seep from the Edward Snowden documents is serving to keep attention riveted on how privacy in the digital age ought to be defined.
That' most probably not to the liking of Google and Facebook. In January 2010, Facebook founder and CEO Mark Zuckerberg infamously declared that the expectation of privacy was no longer a social norm, and, in October 2010, then Google chairman Eric Schmidt said "Google policy is to get right up to the creepy line and not cross it."
If you have been following the latest in news, you’ve probably heard a lot of stories talking about privacy, information leakage, espionage and such. Given that most of our communications nowadays take place online, or at the very least, via an electronic device, we should all be aware of how to protect our valuable information. This is not only applicable to large organizations, but for everyone that uses a computer on a regular basis. We all have information we want to keep private and protected and we all need to communicate online. With PGP, you can add a very strong yet easy to use layer of security to your online communications.
As Web companies and government agencies analyze ever more information about our lives, it’s tempting to respond by passing new privacy laws or creating mechanisms that pay us for our data.
You might call Ken Clupp a privacy professional by proxy. While he doesn’t draft privacy policies or model contracts, he’s certainly on the defensive line when it comes to protecting data. How does he protect it? He makes sure the important stuff is shredded into such tiny pieces it couldn’t ever be put back together again.
Clupp works for the Royal Canadian Mounted Police (RCMP) as its lead physical and technical security equipment evaluation engineer. Shorthand? He runs a shredder-testing program, amongst many other things. He’s tasked with ensuring that sensitive information stays safe, based on standards developed by the federal government.
“Canada is one of the few jurisdictions in the world that has a formal classifications and standards program for protecting sensitive information that’s not classified,” Clupp said. “It’s unique.”
EDUCAUSE Guest Blogger Joshua Wright (@joswr1ght) shares his thoughts on Touch ID, the Apple fingerprint authentication system.
Stay tuned for more guest blogs in honor of National Cyber Security Awareness Month (NCSAM) 2013.