Month: July 2014
-
Why were CERT researchers attacking Tor?
Yesterday the Tor Project issued an advisory describing a large-scale identification attack on Tor hidden services. The attack started on January 30 and ended when Tor ejected the attackers on July 4. It appears that this attack was the subject of a Black Hat talk that was canceled abruptly. These attacks raise serious questions about…
-
Are We Rushing to Judgment Against the Hidden Power of Algorithms?
Several recent news stories have highlighted the ways that online social platforms can subtly shape our lives. First came the news that Facebook has “manipulated” users’ emotions by tweaking the balance of happy and sad posts that it shows to some users. Then, this week, the popular online dating service OKCupid announced that it had…
-
A Scanner Darkly: Protecting User Privacy from Perceptual Applications
“A Scanner Darkly”, a dystopian 1977 Philip K. Dick novel (adapted to a 2006 film), describes a society with pervasive audio and video surveillance. Our paper “A Scanner Darkly”, which appeared in last year’s IEEE Symposium on Security and Privacy (Oakland) and has just received the 2014 PET Award for Outstanding Research in Privacy Enhancing Technologies, takes a closer look at…
-
"Loopholes for Circumventing the Constitution", the NSA Statement, and Our Response
CBS News and a host of other outlets have covered my new paper with Sharon Goldberg, Loopholes for Circumventing the Constitution: Warrantless Bulk Surveillance on Americans by Collecting Network Traffic Abroad. We’ll present the paper on July 18 at HotPETS [slides, pdf], right after a keynote by Bill Binney (the NSA whistleblower), and at TPRC…
-
Fair Use, Legal Databases, and Access to Litigation Inputs
In copyright-and-fair-use news, a significant case for the legal profession’s access to the inputs of judicial decision-making was decided last week in federal district court in New York. The case was brought against West Publishing Corp. (owner of the Westlaw database) and Reed Elsevier (owner of the LexisNexis database) by two lawyers who alleged that their…
-
No silver bullet: De-identification still doesn't work
Paul Ohm’s 2009 article Broken Promises of Privacy spurred a debate in legal and policy circles on the appropriate response to computer science research on re-identification techniques. In this debate, the empirical research has often been misunderstood or misrepresented. A new report by Ann Cavoukian and Daniel Castro is full of such inaccuracies, despite its claims of “setting…
-
On the Ethics of A/B Testing
The discussion triggered by Facebook’s mood manipulation experiment has been enlightening and frustrating at the same time. An enlightening aspect is how it has exposed divergent views on a practice called A/B testing, in which a company provides two versions of its service to randomly-chosen groups of users, and then measures how the users react.…
-
After the Facebook emotional contagion experiment: A proposal for a positive path forward
Now that some of the furor over the Facebook emotional contagion experiment has passed, it is time for us to decide what should happen next. The public backlash has the potential to drive a wedge between the tech industry and the social science research community. This would be a loss for everyone: tech companies, academia,…
-
"Privacy Comes at a Cost" – The U.S. Supreme Court’s Opinion in Riley v. California
In Riley v. California, a cell phone search-and-seizure opinion delivered by Chief Justice Roberts for a unanimous Court last month, the U.S. Supreme Court squarely recognized, and afforded special protection to, the ubiquitous use and storage of voluminous electronic data of many different types on mobile devices today. The opinion holds that, without a warrant,…
-
Privacy Implications of Social Media Manipulation
The ethical debate about Facebook’s mood manipulation experiment has rightly focused on Facebook’s manipulation of what users saw, rather than the “pure privacy” issue of which information was collected and how it was used. It’s tempting to conclude that because Facebook didn’t change their data collection procedures, the experiment couldn’t possibly have affected users’ privacy…