Category: Privacy & Security
-
Phone number recycling creates serious security and privacy risks to millions of people
By Kevin Lee and Arvind Narayanan 35 million phone numbers are disconnected every year in the U.S., according to the Federal Communications Commission. Most of these numbers are not disconnected forever; after a while, carriers reassign them to new subscribers. Through the years, these new subscribers have sometimes reported receiving calls and messages meant for…
-
New Research on Privacy and Security Risks of Remote Learning Software
This post and the paper is jointly authored by Shaanan Cohney, Ross Teixeira, Anne Kohlbrenner, Arvind Narayanan, Mihir Kshirsagar, Yan Shvartzshnaider, and Madelyn Sanfilippo. It emerged from a case study at CITP’s tech policy clinic. As universities rely on remote educational technology to facilitate the rapid shift to online learning, they expose themselves to new…
-
NJ agrees No Internet voting in July, vague about November
A formal settlement agreement has been submitted to the NJ Superior Court regarding online ballot access in the 2020 elections. On May 4, 2020, New Jersey’s Division of Elections was caught trying to adopt vote-by-Internet on the stealth, even though the law forbids it. That is, not only is Internet voting inherently insecurable, there’s a…
-
Vulnerability reporting is dysfunctional
By Kevin Lee, Ben Kaiser, Jonathan Mayer, and Arvind Narayanan In January, we released a study showing the ease of SIM swaps at five U.S. prepaid carriers. These attacks—in which an adversary tricks telecoms into moving the victim’s phone number to a new SIM card under the attacker’s control—divert calls and SMS text messages away…
-
The CheapBit of Fitness Trackers Apps
Yan Shvartzshnaider (@ynotez) and Madelyn Sanfilippo (@MrsMRS_PhD) Fitness trackers are “[devices] that you can wear that records your daily physical activity, as well as other information about your health, such as your heart rate” [Oxford Dictionary]. The increasing popularity of wearable devices offered by Apple, Google, Nike inadvertently led cheaper versions to flood the market,…
-
Improving Protections for Children’s Privacy Online
CITP’s Tech Policy Clinic submitted a Comment to the Federal Trade Commission in connection with its review of the COPPA Rule to protect children’s privacy online. Our Comment explains why it is important to update the COPPA Rule to keep it current with new privacy risks, especially as children spend increasing amounts of time online…
-
Every move you make, I’ll be watching you: Privacy implications of the Apple U1 chip and ultra-wideband
By Colleen Josephson and Yan Shvartzshnaider The concerning trend of tracking of user’s location through their mobile phones has very serious privacy implications. For many of us, phones have become an integral part of our daily routine. We don’t leave our homes without and take them everywhere we go. It has become alarmingly easy for services…
-
2020 Workshop on Technology and Consumer Protection
Christo Wilson and I are pleased to announce that the Workshop on Technology and Consumer Protection (ConPro ’20) is returning for a fourth year, co-located with the IEEE Symposium on Security and Privacy in May 2020. As in past years, ConPro seeks a diverse range of technical research with implications for consumer protection. Past talks…
-
Enhancing the Security of Data Breach Notifications and Settlement Notices
[This post was jointly written by Ryan Amos, Mihir Kshirsagar, Ed Felten, and Arvind Narayanan.] We couldn’t help noticing that the recent Yahoo and Equifax data breach settlement notifications look a lot like phishing emails. The notifications make it hard for users to distinguish real settlement notifications from scams. For example, they direct users to…
-
Content Moderation for End-to-End Encrypted Messaging
Thursday evening, the Attorney General, the Acting Homeland Security Secretary, and top law enforcement officials from the U.K. and Australia sent an open letter to Mark Zuckerberg. The letter emphasizes the scourge of child abuse content online, and the officials call on Facebook to press pause on end-to-end encryption for its messaging platforms. The letter…