Happy 4th of July Law Streeters! If you need help with your barbecue banter this Independence Day, look no further than Law Street’s top trending articles from last week. Beef up your small talk with facts on Britain’s historic Brexit vote, the integration of big data into women’s healthcare, and the Supreme Court’s decision to prevent domestic abusers from owning firearms. ICYMI–Check out the top stories below.

1. Brexit: What You Need to Know in the Aftermath of Britain’s Historic Vote

Britain voted on Thursday to end its 43-year membership in the European Union. The withdrawal process will be long–it will most likely be two years until Britain is entirely sovereign–and fraught with difficult decisions for the nation’s future, but the vote has sent tremors within the now-former EU member-state and beyond. Here is a briefing on Brexit and what it might mean for the future. Check out the full story here.

2. Big Data: A Revolution for Women’s Healthcare

Since 1990, the Society for Women’s Health Research (SWHR®) has been advocating for innovation in women’s healthcare. The organization is on the cutting edge of the newest research trends, and each year SWHR picks a different theme to highlight at its annual gala. At this year’s event, one message rang loud and true: we’re officially in the age of big data. Almost everything we do–from voting choices, to commercial purchases, to Netflix binge-watching, can be recorded and analyzed to glean patterns. But the incorporation of big data into healthcare is particularly exciting, and promises to revolutionize medical treatment for women. Read on for a sampling of how we’re now integrating big data into patient treatments, and what it means for women’s health. Check out the full story here.

3. Supreme Court Decision Prevents Domestic Abusers from Owning Firearms

The 6-2 ruling prevents anyone convicted of “reckless domestic assault” from being able to own firearms. This case involves two men from Maine, Stephen Voisine and William Armstrong III, who were convicted of unlawfully possessing firearms due to previous convictions for domestic assault. Under both state and federal law, anyone with a domestic violence conviction cannot possess firearms. Check out the full story here.

Alexis Evans

Alexis Evans is an Assistant Editor at Law Street and a Buckeye State native. She has a Bachelor’s Degree in Journalism and a minor in Business from Ohio University. Contact Alexis at aevans@LawStreetMedia.com.

The post ICYMI: Best of the Week appeared first on Law Street.

Sponsored Content

Since 1990, the Society for Women’s Health Research (SWHR®) has been advocating for innovation in women’s healthcare. The organization is on the cutting edge of the newest research trends, and each year SWHR picks a different theme to highlight at its annual gala. At this year’s event, one message rang loud and true: we’re officially in the age of big data. Almost everything we do–from voting choices, to commercial purchases, to Netflix binge-watching, can be recorded and analyzed to glean patterns. But the incorporation of big data into healthcare is particularly exciting, and promises to revolutionize medical treatment for women. Read on for a sampling of how we’re now integrating big data into patient treatments, and what it means for women’s health.

Big Data & Women’s Health

First Things First: What exactly is big data?

It’s a fair question. We hear the term thrown around a lot, but there’s certainly no cut and dry definition. Essentially, big data is the collection and use of large amounts of information that are naturally generated from our everyday activities. Big data and healthcare can include things like our use of smartphones (and other technology like FitBit or the Apple Watch) to track our fitness levels, the prescriptions we are given, the information generated by clinical trials, the analysis of our genetic material, and so much more.

So how can big data affect women’s health?

It’s no secret that there are sex differences in health. Medical research has only recently begun to recognize these differences and incorporate them into the diagnosis and treatment of illnesses. While our understanding of sex differences and how they affect health have improved, discoveries are still being made about the different ways that certain diseases and treatments affect women. The ability to collect data and pinpoint patterns specifically for women will help inform how to treat them moving forward.

Big Data in Action 

Take for example, a project at Baystate Medical Center, in Massachusetts–the Breast Cancer Registry. Researchers there are creating a large database based on data collected from 400 women who have had breast cancer. The data will help the researchers find patterns in how different women respond to treatments, by acknowledging factors like genetics, age, weight, lifestyle, and other aspects of health. According to Dr. Grace Makari-Judson, chair of the Baystate Health Breast Network and co-director of the Rays of Hope Center for Breast Cancer Research:

What’s nice about the experience with the registry, we have a diverse group of individuals participating and they aren’t the highly selected people in clinical trial. You get more meaningful data (looking at) what is the use of this drug like in the general population.

The inclusion of women (especially minority women) into clinical trials has been a long fought battle, so the ability to collect and analyze this kind of data in the real world is invaluable.

Electronic Health Records 

Electronic health records are another innovative way to use the data already at our disposal. To many, it probably seems archaic that until recently, almost all of our medical information was kept in file folders. We now have the technology to process and incorporate massive amounts of data on patients–from childhood illnesses and injuries to family histories and genetic information.

As electronic health records start being implemented, evidence has begun to show that these records help doctors more effectively manage women’s health. A report in the Journal of the Medical Informatics Association showed that the presence of electronic health records make it more likely that doctors order essential tests like pap smears and breast exams for their female patients–leading to an overall positive impact on women’s health.

Examples of Individual Applications

Genomics

Genomics is the practice of mapping an individual’s genetic material. It’s a data-intensive process that requires serious computing power. Genomics can help provide patients with a predictive and more individual picture of their health. For women, one of the most visible developments in the field of genomics is the ability to test BRCA1 and BRCA2. Certain genetic mutations in those genes greatly increase the risk of ovarian and breast cancer. According to the National Cancer Institute:

Together, BRCA1 and BRCA2 mutations account for about 20 to 25 percent of hereditary breast cancers and about 5 to 10 percent of all breast cancers. In addition, mutations in BRCA1 and BRCA2 account for around 15 percent of ovarian cancers overall. Breast and ovarian cancers associated with BRCA1 and BRCA2 mutations tend to develop at younger ages than their nonhereditary counterparts.

In cases where BRCA1 and BRCA2 mutations exist, steps like enhanced screening, chemoprevention (the use of drugs to reduce the likelihood of or delay the onset of cancer), or preventative surgery might be considered. For example, actress and filmmaker Angelina Jolie tested positive for a BRCA1 mutation, and as a result chose to get a double mastectomy in 2013.

Precision Medicine

Precision medicine is an exciting new development that ties a lot of the tenets of big data together. Precision medicine uses big data, as well as other tools like genomics, to create more individualized treatment for patients. The Obama Administration has spearheaded the precision medicine initiative, and explains the aim in a press release:

The future of precision medicine will enable health care providers to tailor treatment and prevention strategies to people’s unique characteristics, including their genome sequence, microbiome composition, health history, lifestyle, and diet. To get there, we need to incorporate many different types of data, from metabolomics (the chemicals in the body at a certain point in time), the microbiome (the collection of microorganisms in or on the body), and data about the patient collected by health care providers and the patients themselves. Success will require that health data is portable, that it can be easily shared between providers, researchers, and most importantly, patients and research participants.

Conclusion

The expanded use of data in healthcare is the future, and the developments that we’re seeing in the present are already incredibly exciting. As SWHR puts it:

Data initiatives are revolutionizing healthcare and helping to improve every aspect of medicine, from bench to bedside. This data, which is being collected and utilized by healthcare providers, pharmaceutical and medical device companies, insurance companies, hospitals, and researchers, provides a wealth of healthcare information that can be used to better inform healthcare decisions and delivery for every woman.

Resources

Primary

SWHR: SWHR’s 26th Annual Gala: “Revolutionizing Healthcare & Research Through Data”

National Cancer Institute: BRCA1 and BRCA2: Cancer Risk and Genetic Testing

The White House: The Precision Medicine Initiative

Additional

Law Street Media: Precision Medicine: The Future of Health Care?

CB Insights: 13 Startups Working in Women’s Reproductive Health

Forbes: How Big Data is Changing Healthcare

Boston Business Journal: Focus on Women’s Health: Big Data, Registries Help Docs Understand Cancer

Radar: Genomics and the Role of Big Data in Personalizing the Healthcare Experience

New York Times: Angelina Jolie; My Medical Choice

Modern Healthcare: EHR Use Tied to More Women’s Health Tests: Study

Society for Women’s Health Research

The Society for Women’s Health Research (SWHR®), is a national non-profit based in Washington D.C. that is widely recognized as the thought-leader in promoting research on biological differences in disease. SWHR is dedicated to transforming women’s health through science, advocacy, and education. Founded in 1990 by a group of physicians, medical researchers and health advocates, SWHR aims to bring attention to the variety of diseases and conditions that disproportionately or predominately affect women. For more information, please visit www.swhr.org. Follow us on Twitter at @SWHR. SWHR is a partner of Law Street Creative. The opinions expressed in this author’s articles do not necessarily reflect the views of Law Street.

The post Big Data: A Revolution for Women’s Healthcare appeared first on Law Street.

America is dealing with a hacking crisis. It seems that every other day we are bombarded with the latest hacking stories from both the private and public sectors. We are told to be cautious with all of our online activity and to remember all uploaded material remains in cyberspace forever. Almost all of us personally know someone who has dealt with identity theft and all the hassles that ensue. Some of the biggest companies in the world with the means to access the most anti-hacking software available aren’t immune to the problem. Even the national government recently made headlines concerning Chinese cyber attacks. So what can be done? In his 2015 State of the Union, President Obama addressed cybercrime. The Obama administration proposed new legislation and amendments to the Computer Fraud and Abuse Act. Will these proposals better protect Americans from hackers?

Case Study: Ashley Madison

Just last week, a new team of hackers were at it again. People are already discreet about dating websites and apps. A level of anonymity is essential for a high volume of users. This is even truer when a dating website revolves around married men and women cheating. Ashley Madison’s slogan is “Life is short. Have an affair.” Some may chalk it up to karma, but the invasion of privacy for these members is real.

The hackers call themselves “The Impact Team.” According to Brian Krebs, the blogger who initially reported the hack, they threatened to release stolen information unless the website shut down entirely. Apparently, the team gathered users’ nude photos, sexual fantasies, names, and credit card information. It also claims to have addresses from credit card transactions.

Members of the website can post basic information and use limited features without charge. The company rakes in money when members exchange messages, photographs, and gifts. The website even offers a feature to “collect gifts” for women to send and men to pay for later. The website also has a $19 deactivation fee. This happens to be one of the major qualms of the hacker team, who claim that information is never truly deleted from the website. The hackers’ manifesto published by Krebs stated, “Full Delete netted $1.7 million in revenue in 2014. It’s also a complete lie…Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.”

Ashley Madison boasts over 37 million members, making it the second largest dating website in the world, second to Match.com. Ashley Madison’s parent company, Avid Life Media, values itself at $1 billion and was looking to go public on the London market this year. Ashley Madison has done away with the deactivation fee, but has yet to comment on whether or not it will shut down.

Although the majority of people aren’t online dating in order to have an affair, the hack embodies everything scary about online interactions. Personal information and discreet activities on websites or social media applications can be made public in the blink of an eye. Just this past March, 3.5 million AdultFriendFinder users were hacked. The hackers exposed email addresses, usernames and passwords, birthdays, zip codes, and sexual preferences. Overall, the trend doesn’t look good.

Hacking Statistics

Verizon Data Breach Investigations Report

Verizon conducts an annual Data Breach Investigations Report (DBIR). The latest report shows that 96 percent of online security incidents fall into nine patterns: “miscellaneous errors, such as sending an email to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/privilege misuse; physical theft/loss; web app attacks; denial-of-service attacks; cyberespionage; point-of-sale intrusions; and payment card skimmers.” The 2015 report investigates more than 2,100 data breaches and roughly 80,000 reported security incidents. Over 70 organizations around the world help contribute to the report.

The 2015 DBIA reports a $400 million loss from approximately 700 million compromised records in 61 countries. The report shows that in 70 percent of the cases where the hacker’s motivation is known, there is a secondary victim. This is exemplified in the Ashley Madison case. Although the hackers are targeting the owners of the company, the users are violated as well. And in 60 percent of cases, hackers are able to infiltrate a company in a matter of minutes. The time of discovery falls significantly below that level.

The method of tricking people into divulging their information, like credit card numbers, is still around but is a much less effective method. Now, phishing campaigns are a primary source of attacks. A hacker usually phishes by sending an email with malware, usually included as an attachment. Today 23 percent of recipients open these types of email and 11 percent open the attachments. For over two years, more than two-thirds of cyber-espionage included phishing.

In more uplifting news, malware on cellphones doesn’t even account for 1 percent of the problem. Mobile devices are not the preferred medium for data breaches. Only about 0.03 percent of cell phones contained malicious materials.

U.S. Companies Hacked

According to a study conducted by the Ponemon Institute, the financial loss by cybercrime doubled from 2013 to 2014. Retailers lost approximately $8.6 billion in 2014 due to cyber crime. Furthermore, successful cyber attacks resulted in a $20.8 million loss in financial services, $14.5 million loss in the technology sector, and $12.7 million loss in the communications industries.

Last year was plagued by cyber attacks. In January, Target announced 70 million customers had contact information compromised, while 40 million customers had credit and debit card information compromised. In the same month, Neiman Marcus announced that 350,000 customers had credit card information stolen, resulting in fraudulent charges on 9,000 customers’ credits cards. In April, an AT&T worker hacked the system for two weeks and accessed personal information including social security numbers. In May, EBay asked all its customers to switch their passwords after a cyber attack accessed over 233 million EBay customers’ personal information. In August, over 60 UPS stores around the country were hacked, compromising financial data. The list continues…

The Computer Fraud and Abuse Act

In order to combat these cyber attacks, Congress passed the 1986 Computer Fraud and Abuse Act (CFAA). The act made accessing a protected computer a federal crime. Although it was initially established to protect government organizations and a few financial institutions, over the course of time, it eventually broadened. It was first amended in 1994 to allow private citizens to file civil suits against cyber attacks that resulted in loss or damages. It was again broadened in 1996 to encompass any computer used in interstate commerce. After 9/11, the Patriot Act amended the CFAA to permit the search and seizure of records from any Internet Service Providers (ISPs). Later in 2008, the CFAA was again amended to allow companies to file suits when the loss and/or damages did not surpass $5,000.

The CFAA has been subject to its fair share of criticism. Many believe the act to be too broad in scope. Opponents argue that computer policies are often “vague, confusing and arbitrary,” and breaking these policies shouldn’t be a federal violation. Institutions, like the Center for Democracy & Technology, Americans for Tax Reform, the Competitive Enterprise Institute, and the American Civil Liberties Union all have advocate against the CFFA.

The Ninth Circuit Court of Appeals agreed. In a 2012 case, United States vs. Nosal, the court ruled that “a person who violates an employer’s computer use policy is not criminally liable for federal penalties under the Act.” The court argued that the law was not enacted to federally punish smaller crimes. However, a strong dissent left the issue controversial, if not unresolved. The definition of “exceeds authorized access” left ample room for a Supreme Court review. The crime only becomes a felony if it is executed for profit, the gained information is worth over $5,000, and/or the act is committed to further a state or federal crime.

The White House’s New Proposals

The Cyber Security Legislative Proposals aim to enhance cybersecurity information sharing between the private sector and government, modernize law enforcement authorities to combat cyber crime with the appropriate tools and training, and streamline national data breach reporting requirements. Last December President Obama announced,

In this interconnected, digital world, there are going to be opportunities for hackers to engage in cyber assaults both in the private sector and the public sector. Now, our first order of business is making sure that we do everything to harden sites and prevent those kinds of attacks from taking place…But even as we get better, the hackers are going to get better, too. Some of them are going to be state actors; some of them are going to be non-state actors. All of them are going to be sophisticated and many of them can do some damage.

A main target of the proposal is a number of amendments to the already-controversial CFAA. First, the proposal would increase the penalty for “circumventing technical access barriers,” i.e. hacking into a computer by sidestepping security or guessing another’s password. Violators under the current law risk a misdemeanor to a three-year felony. The proposal advocates punishment to start as a three-year felony and maximize as a ten-year felony.

Second, for contract-based crimes, the proposal would officially end the aforementioned circuit split. It states that breaking written policies would be a federal crime and officially defines “exceeds authorized access.” A person would exceed authorized access if he or she accesses information “for a purpose that the accesser knows is not authorized by the computer owner.” Technically, this would include using a work computer for personal activities like Facebook; however, the government would limit criminal liability by requiring the violation fall under one of three conditions: the breach happened on a government computer, the breach results in over $5,000 worth of information, or “if the user violated the written condition in furtherance of a state or federal felony crime.” These changes, along with a variety of others, make up the administration’s proposal.

Conclusion

Whether these proposals will pass through Congress remains to be seen. Broadening the scope of hacking to allow more crimes to fall under federal jurisdiction has traditionally lacked support from the body. The proposals are controversial, with a lot of personal information and accessibility at stake. It will be interesting to see the reaction from the public if these proposals are enacted. Cyber crime is an ongoing problem that affects all citizens, regardless of demographics, and only seems to be exploding. If this isn’t the answer, then what is?

Resources

Primary

White House: Updated Administration Proposal

Additional

Verizon: The 2015 DBIR

CNN Money: Hackers threaten to release names from adultery website

The Heritage Foundation: Cyber Attacks on U.S. Companies in 2014

Jolt Digest: United States vs. Nosal

Tech Target: What is the Computer Fraud and Abuse Act?

The Washington Post: Obama’s proposed changes to the computer hacking statute

The White House: Securing Cyberspace

Verizon: Verizon 2015 Data Breach Investigations Report Finds Cyberthreats Are Increasing in Sophistication

Jessica McLaughlin

Jessica McLaughlin is a graduate of the University of Maryland with a degree in English Literature and Spanish. She works in the publishing industry and recently moved back to the DC area after living in NYC. Contact Jessica at staff@LawStreetMedia.com.

The post Combatting Cyber Attacks: Will Congress Adopt Obama’s Plans? appeared first on Law Street.

The 2015 Tribeca Film Festival kicks off its 14^th year of programming this week. Since its inception, the Festival has enabled directors and filmmakers from all over the world to showcase their independent movies and new projects.

Some of those projects include interactive elements. The Tribeca Film Festival’s Storyscapes program features five immersive projects vying for the 2015 Storyscapes Award. Two of the projects are particularly concerned with one overarching theme—access to personal data.

Is privacy a luxury in the age of the Internet? Corporations such as Google and Facebook often track consumers’ online behavior without their express consent. The data is collected and used to create specifically targeted advertisements under the guise of “personalization.” Businesses aggregate millions of dollars worth of information for free; they never compensate consumers for the info they provide.

Here’s a very mild example: Teen girl posts online status about coffee. Teen girl gets Facebook ads exclusively for Starbucks. Teen girl looks at ad, is reminded of the company, and gets her afternoon Frappucino. (Starbucks +1, Teen girl -$3.95)

The average Joe and/or suburban coffee addict can’t sue big companies for using their data because, usually, people sign contracts that they never read. (Case in point: when’s the last time you updated Flash? Did you read all the licensing copy before you clicked “I Agree” and continued? Didn’t think so.) In the fine print of many software or program updates, in extremely bombastic and verbose legalese, is a section that states that you allow the program to use any and all of your information free of charge if you sign on the dotted line.

Let’s take a look at the two Tribeca Storyscapes projects that address the commodification of personal information.

DO NOT TRACK

“Do Not Track” is a personalized documentary program that discusses the dangers of having an increasingly personalized online experience. If users are only shown ads that are relevant to them, will that make them intolerant of other advertising…or even other people?

Consumers have become accustomed to serving up their information online—it’s become a nasty little modern habit rather than a cultural annoyance. People have embraced the companies that use data mining to sell products…where’s the outrage? Perhaps you’ll find it at the live installation.

Check out dates/times to visit the installation here.

KAREN

The considerably less political (but just as provocative) project “Karen,” has been brought to Tribeca by Blast Theory, developed in partnership with National Theatre Wales. Karen is a life coach app who asks the user questions to determine his psychological profile. Blast Theory’s website claims that Karen “starts to identify things she shouldn’t know.” In trying to create a thrilling and personal experience, the creators of Karen looked into different methods of information aggregation.

We became fascinated with big data, and particularly how governments and large companies such as Facebook are collecting data on us secretly and using it without our consent.

Karen’s evaluation of your personality may reveal unsettling details about your cyber security. Want to hear Karen for yourself? Schedule your appointment here. (Bonus points if you recognize the performer who plays Karen, actress Claire Cage, from the British TV series Coronation Street.)

Wonder how much public information you can find about yourself online? Try conducting a search in a brand new window. Open Google Chrome, click File, and then select New Incognito Window. If you use this option, your new search won’t be tainted by your past search history. Happy Googling!

Corinne Fitamant

Corinne Fitamant is a graduate of Fordham College at Lincoln Center where she received a Bachelors degree in Communications and a minor in Theatre Arts. When she isn’t pondering issues of social justice and/or celebrity culture, she can be found playing the guitar and eating chocolate. Contact Corinne at staff@LawStreetMedia.com.

The post Tribeca Film Festival Storyscapes Examine Big Data & Confidentiality appeared first on Law Street.

For a long time fingerprints have been  the ubiquitous identifier. They allow us to solve crimes, track people, and as of recently, even unlock our iPhones. But what if there was something even more dependable than fingerprints? New developments in technology indicate that that’s the case — we’re now seeing the development of voiceprints.

Voiceprints — more scientifically known as voice biometrics — are as distinctive as fingerprints. Companies have begun taking advantage of voiceprints to provide an extra layer of security for their customers — after all, it’s possible to get someone’s password, but you can’t duplicate someone’s voice. Basically, there are two ways that voiceprints can be used — either you have a particular phrase that you say, like a password, or you give a long sample of your speech involving many different sounds, and then the computer program can recognize you. There are many different possible combinations for how this technology can be used.

John Buhl of Vanguard, a company that has really started making moves on voiceprint technology, stated:

We’ve done a lot of testing, and looked at siblings, even twins. Even people with colds, like I have today, we looked at that.

In addition to using voiceprints as possible password protection, banks and other companies that deal with secure information are taking voiceprints to help weed out fraud. They’re hoping to prevent criminals from making false calls authorizing payments.

Finally, law enforcement officials are also using voiceprints and other biometric data. In the United States, the police are able to use voiceprints to track people who are on parole. In other countries, the use of voiceprints has gotten even more extensive. The New Zealand government alone has amassed over one million voiceprints at this point.

This is yet another intersection of technology and privacy that is both fascinating and concerning. The databases that both private companies and the government are currently compiling of people’s voices are not regulated, and they’re growing fast. The Associated Press estimates that roughly 65 million voiceprints are being stored in some combination of private and government databases.

There are a lot of privacy concerns inherent in this issue. One is that it could rob people of anonymity in cases where they so desperately need it, such as anonymous tips or counseling services. People may be pushed away from calling say, a suicide hotline, because they are worried that their voice would be tracked back to them.

There’s also a concern over the fact that in general, corporations and governments are collecting way too much information on us. A privacy expert at the University of Pennsylvania, Professor Joseph Turow, stated:

Companies are using data drawn from our internet and purchasing [behavior] – and now our voices – and connecting it to the identities that they’ve created for us. Then they can lead us in a variety of different directions, based on their stereotype of us.

Because we often see technology progress more quickly than our laws governing it, the use and collection of voiceprints are essentially unsupervised. That right there is an important lesson to keep in mind — we have this great technology, but at some point we may need to question the uses for it. While I don’t think that voiceprints are going away anytime soon, activists’ concern may slow the progression of collection until we figure out exactly how we want to use this new resource.

—

Anneliese Mahoney (@AMahoney8672) is Lead Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

Featured image courtesy of [plantronicsgermany via Flickr]

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

The post Has Your Voiceprint Been Collected and Stored Without Your Knowledge? appeared first on Law Street.

Apple has done it again! No I’m not talking about their new ‘phablet’ {sidebar: how ridiculous is that word} as I’m sure everyone has heard plenty about it. However, the tech giant just announced new consumer protections from both government entities and the company itself, with its latest iOS 8 mobile operating system. Apple has created an encrypted operating system with passcodes inaccessible to the company. This means that if a government entity requests data concerning an iPhone user running the new operating system, Apple would be unable to provide the requested information. Although privacy concerns and requests for individual data by government entities is a huge point of contention for companies and individuals alike, we should expect the government to work slowly and incrementally to address these concerns. Although change will take considerable time, we should look at proposed legislation that will bring us a step closer to securing the privacy of our electronic communications with legislation like the Email Privacy Act.

Several tech companies, businesses, and civil liberties organizations have come together in support of the Email Privacy Act.  It’s rare that a policy is accepted by such a broad group, especially when those groups are normally on opposite sides of policy issues. It seems unlikely that any government would relinquish power over invasions of privacy, but the Email Privacy Act, which would reform the Electronic Communications Privacy Act (ECPA), aims to do just that. The ECPA, passed in 1986, allowed law enforcement and government entities the freedom to request electronic communications without a warrant from third-party service providers after the communication was more than 180 days old. The Email Privacy Act aims to eliminate this 180-day rule and increase electronic communication confidentiality.

Before explaining the reforms of the Email Privacy Act, I first want to provide context for the ECPA. As I stated, the ECPA was passed in 1986, before the invention of Internet or email. Based on the language of the law, it’s apparent that legislators couldn’t discern the immense popularity electronic communications would eventually have, let alone envision the various social media platforms we would become accustomed to. After realizing how outdated the ECPA is, Congress has put forth efforts to reform the law with H.R.1852 and a similar Senate bill S.607. Each bill intends to eliminate the 180-day clause (Title 18, section 2703 of the U.S. Code). In addition to this change, the bills would set standards for requesting warrants, set deadlines for notifying subscribers whose electronic communications are requested, and set guidelines for delaying notification to subscribers.

If passed, the Email Privacy Act will stop remote computing services and electronic communication services from divulging the contents of any communications to a government entity without a warrant. Government entities may still submit requests to service providers for information, only after approval of warrant. If a warrant is granted to law enforcement, they must notify the subscriber in no more than 10 days that their communications have been surrendered. If a government entity other than law enforcement produces a warrant for an individual’s electronic communications, they must notify the subscriber in no more than three days. The only time a subscriber will not be informed of their surrendered communications is in response to an administrative subpoena.

Although notification of surrendered electronic communications must take place in all cases where a warrant is granted, both government entities and law enforcement may be granted a delay. In the case of law enforcement, they may be granted one or more delays of 180 days and for a government entity a delay of 90 days. There are five instances where a delay of notification to subscribers will be granted:

1. If notification may endanger the life or physical safety of the individual;
2. if flight from prosecution is a concern;
3. if intimidation of potential witnesses is a concern;
4. if destruction of or tampering with evidence is a concern; and,
5. if jeopardizing investigation or unduly delaying trial is a concern.

Even if there is a delay, subscribers must eventually be notified. Each subscriber who has their communications surrendered will be sent a copy of the warrant; notice concerning why and how the information was obtained; notice of delay; information on the court authorizing the delay; and provision for why the delay was granted.

Privacy concerns dealing with technology, and especially electronic communications, will continue until policies are reformed and in some instances, new policies created.  We can’t be discouraged by the inability of  a slow-moving government to address our concerns as quickly as we would like, but we can support new legislation, whenever presented, to address the concerns we have.

__

Teerah Goodrum (@AisleNotes), is a recent Graduate of Howard University with a Masters degree in Public Administration and Public Policy. Her time on Capitol Hill as a Science and Technology Legislative Assistant has given her insight into the tech community. In her spare time she enjoys visiting her favorite city, Seattle, and playing fantasy football.

Featured image courtesy of [Ottox via Flickr]

Teerah Goodrum

Teerah Goodrum is a Graduate of Howard University with a Masters degree in Public Administration and Public Policy. Her time on Capitol Hill as a Science and Technology Legislative Assistant has given her insight into the tech community. In her spare time she enjoys visiting her favorite city, Seattle, and playing fantasy football. Contact Teerah at staff@LawStreetMedia.com.

The post Apple is Now a Step Ahead of the Government to Protect Your Privacy appeared first on Law Street.

You’re being tracked.

Surprise!

Well maybe that’s not a surprise since  Americans are pretty cynical on issues of spying. It may surprise people, however, that the things they enjoy, such as digital news articles, videos, wearable technologies, and wireless appliances are all tracking their behavior. Depending on the technology used, data detailing frequency of maintenance, a person’s interests or vital signs, and metadata like location and time is also collected. This information analyzes everything from potential consumer needs, to uncovering relationships and patterns that weren’t previously known. The benefits of big data are enormous but we must consider how else this information could be used? At what point could this become a privacy concern?  Also, what steps are being taken to prevent possible manipulation?

Click here to find out everything you need to know about the big business of Big Data.

The increased use of technology to record defense capabilities, healthcare needs, government practices, as well as maintenance and safety needs are all positive ways big data has affected society. One positive effect translates into saving lives of premature babies after sensors record an uptick in body temperature, which could be a sign of an impending infection. Watching the Centers of Medicare and Medicaid Services prevent and stop more than $100 million worth of fraud after implementing the Fraud Prevention System, is another example of the advantages of Big Data. These two incredible examples of how Big Data is used as a  positive resource don’t even begin to highlight the many significant contributions it makes to society.

From a business perspective, companies can use the information from data profiling to identify similar or related products, social issues, and events of interest to consumers. How products and events are marketed to consumers is directly related to an advertiser’s ability to collect data and complete a practice known as behavioral targeting. An example of online use that constantly collects data is the social media platform, Facebook.  Most people are unaware that on top of the information provided by their profile, something as simple as posting a picture on Facebook provides more data and other related metadata, such as time and location, to the platform. This information as outlined in the company’s Data Use Policy can be used as stated below.

Sometimes we get data from our affiliates or our advertising partners, customers and other .third parties that helps us (or them) deliver ads, understand online activity, and generally make Facebook better. For example, an advertiser may tell us information about you (like how you responded to an ad on Facebook or on another site) in order to measure the effectiveness of – and improve the quality of – ads.

I want to note the first line of the data use policy section provided above, which says, “sometimes we get data from our affiliates or our advertising partners.”  Now wait a second, how do their ad partners and affiliates have data that can be linked to specific people and why are they able to pass it on to others?  The data use policy explicitly tells us that those affiliates and partners have collected data through responses consumers have provided for other ads on other sites, which is then used to create a behaviorally targeted ad for Facebook and vice versa. In addition, cookies, web beacons, and IP addresses are all used to create an online profile able to frame our digital identities. At that point there’s no real need to have a name that identifies individuals. So when companies like Google, Facebook, Yahoo and others declare that the information they share is passed anonymously, they’re technically telling the truth.

But these capabilities, most of which are not visible or available to the average consumer, also create an asymmetry of power between those who hold the data and those who intentionally or inadvertently supply it. – May 2014 Big Data Report

The outlined intent as stated by the terms above is to improve the Facebook experience by making sure Facebook knows what is important to its users. By identifying what’s important to each individual, Facebook can ensure that users see more of the same information they’re most likely to be interested in on either their newsfeeds or in advertisements. This sounds great right? Modifications made to the information seen on the newsfeed and in advertisements are based on:

1. Interests
2. Location
3. How often you use Facebook
4. Books you like and/or have read
5. Movies you like and/or have seen
6. TV shows you like and/or watch
7. Gender
8. Online purchasing habits
9. Other information provided by Facebook affiliates/partners/third parties
10. Topics you post about
11. Your friends list
12. Clubs/social groups/schools you’re associated with

WAIT ONE MINUTE!

Oh my goodness, they know you in a way that has just gotten uncomfortably scary right?

Not only can your timeline be manipulated, but so can your perception of what is going on around you. Facebook received criticism after admitting that for one week, it intentionally tried to make 155,000 of its users sad for no other reason than just to see if they could do it.  Another example can be seen in how conversations concerning the social upheaval in Ferguson, Missouri was somehow missing from many Facebook newsfeeds while Ice Bucket Challenges were commonly seen. People wanted to know how life on this social media outlet could seem so out of the loop. That was until techies realized that a Facebook algorithm used to filter out posts Facebook feels users wouldn’t be interested in, figured its users were much more interested in Ice Bucket Challenges than discussions on social inequities, policing, race relations, civil liberties and so forth.

For all we know, Facebook may have gotten it right.  After being bombarded by 24-hour news cycles and other  social media outlets like Twitter, which were jammed with Ferguson discussions, it may have been nice for users to escape to a place where Ferguson wasn’t the only thing discussed.

Make no mistake, Facebook is not the only outlet that uses, collects, and has the ability to manipulate Big Data. Beyond Facebook is the general use of the internet and digital technology, all of which can collect big data. What must be done now, is to determine the proper use for this information and identify ways to protect the privacy of users. Several government agencies, departments, and branches of government are interested in discussing these topics. This can be noted by the FTC’s call to identify how data is categorized, used, and the applicable laws to protect consumers. Additionally, organizations like the Open Internet Institute, Common Cause, Free Press, and Public Knowledge have submitted comments to the National Telecommunications and Information Administration (NTIA) on the importance of protecting telecommunications metadata.

With more people, governments, and organizations identifying concerns, changes can be made and applicable laws can be clarified to protect consumers and avoid impositions of privacy.

Teerah Goodrum

Teerah Goodrum is a Graduate of Howard University with a Masters degree in Public Administration and Public Policy. Her time on Capitol Hill as a Science and Technology Legislative Assistant has given her insight into the tech community. In her spare time she enjoys visiting her favorite city, Seattle, and playing fantasy football. Contact Teerah at staff@LawStreetMedia.com.

The post Big Data, Little Privacy appeared first on Law Street.

“You may not know them, but data brokers know you,” Federal Trade Commission (FTC) chairwoman Edith Ramirez said at the release of an FTC report about the data broker industry. Data brokers know where you live, what you buy, what medical conditions you have, your background, interests, and even the names of your kids. It sounds like something out of a sci-fi movie, so it is no wonder most Americans have no idea the thriving market for their personal information even exists. Here’s everything you need to know about how data brokers collect your information, what it is used for, and what protection you have.

What are data brokers?

Data brokers are companies that compile and resell or share the personal data of consumers. The FTC released a report on May 27, 2014 examining nine companies in the industry: Acxiom, CoreLogic, Datalogix, eBureau, ID Analytics, Intelius, PeekYou, Rapleaf and Recorded Future. These companies derive a whopping $426 million in annual revenue from their products.

The information set held by these companies is massive. Acxiom estimates it holds roughly 1,500 pieces of data per consumer. Another broker dwarfs Acxiom with 3,000 data points for nearly every U.S. consumer. One broker is said to maintain about 700 billion aggregated data elements and adds more than 3 billion pieces of data each month. Another database has information on 1.4 billion consumer transactions alone, such as credit card purchases. Watch an in-depth look at data brokers by 60 Minutes below.

Where do data brokers find their information?

Contentions with the data broker industry arise from the fact that information gleaned does not come directly from consumers. Data brokers garner a lot of information from publicly available sites. A site relaying U.S. Census data can provide information regarding local demographics and real estate value. These firms get additional information from voter records, tax records, court records, mortgages and property information, driving records, and numerous other avenues. Companies can scour social media sites, such as LinkedIn, for any publicly-available information. Data brokers also gain a lot of information from card loyalty programs, credit cards, and advertising agencies that may follow a user’s online activities. If you recently bought a subscription to Forbes Magazine or purchased a new dress from a catalog sent to your home, these data brokers will know. By compiling all this information, brokers begin to paint a profile of you, including your age, race, income, social security number, religion, political affiliation, criminal history, movie preferences, gun-ownership, gym membership, and hobbies.

What is this data used for?

Individual data points are compiled to form a profile of potential consumers who can then be targeted for specific products. The information allows companies to more accurately target consumers for advertising campaigns and gain information about consumer preferences. The FTC report shows that data brokers usually package data into two forms:

1. Data elements: Age, family, and interests.
2. Data segments: Compilation of interests used to to create a list of people with similar characteristics. Here are some examples of these list segments: “African-American Professional;” “Allergy Sufferer;” “Bible Lifestyle;” “Biker/Hell’s Angels;” “Plus-Size Apparel;” “Twitter User with 250+ friends.” Other categories include people with high cholesterol or those interested in novelty Elvis items.

Data brokers then use this information to create various products in three different categories:

1. Marketing: This includes mail, email, telemarketing, mobile, and TV campaigns. To target consumers, marketers use a process called “onboarding.” Onboarding allows marketers to load offline information, such as magazine subscriptions or store loyalty cards, into cookies that digital advertisers use to target consumers. Cookies are stored in a computer’s browser and allow advertisers to promote their products on numerous Internet services.
2. Risk Mitigation: This includes identity verification. These products use analytics to help banks comply with “know your customer” identity verification requirements under the USA Patriot Act. Products also include fraud detection to track patterns of attempted fraud. For instance, these products can track how long an email address has been used or whether a delivery address matches a listed consumer.
3. People Search: This includes products generally intended for use by individuals. Products can search for someone’s criminal record, ancestry, phone number, telephone history, or social media information. Most come in the form of fee-based search products.

Does the data make our lives easier?

Many people would agree that products that help to verify one’s identity are a good thing. Companies that can link consumer purchases to personal information like an address, phone number, and email drastically reduce chances of fraud. Some also see personalized advertising as a good thing. Say you are a senior citizen. Rather than scrolling through the Internet and seeing ads for baby strollers or discounted student loans, you might see ads for healthcare services. Targeted advertising means you receive information and discounts for things you actually use instead of products with no relevance to your life. Ideally the more information data brokers have about you, the more they can target your individual tastes. While each individual piece of data has little benefit, the aggregation of this data by data brokers is immensely beneficial to companies doing market research to improve and tailor their products.

How are data brokers changing political campaigns?

The use of personal data is not limited to what you buy. In the 2012 elections, campaigns contracted with political data brokers to match voting records with cookies on computers. Voter registration lists have long been used to target voters. Combined with more information, these lists now take a powerful form in the digital arena. Political microtargeting allows campaigns to utilize information from data brokers to deliver a specific message to a target demographic. Data can help campaigns decide which voters are most likely to respond to a specific ad or which groups need to be targeted with a specific message. Candidates can target registered Democrat or Republican voters with online ads and can even target based on how much the individual has donated to campaigns before.

President Obama’s 2012 re-election campaign was among the first to use big data to its advantage. The 2012 team assembled an analytics department five times the size of that in its 2008 campaign. Some insights into the use of data in Obama’s 2012 campaign:

• As TIME describes, the team discovered that East Coast women between 40 and 50 were not donating as much as hoped. This demographic was the most likely to hand over cash for the chance to dine with a gravitational celebrity. The campaign’s solution? A fundraising drive with the prize being a dinner with Sarah Jessica Parker.
• The campaign used data to predict how much money they would get from each fundraising email. They also used demographics to determine which groups would be most responsive to an email signed by either Barack Obama, Michelle Obama, or Joe Biden.
• The campaign bought data from brokers regarding the television-viewing habits of Ohioans. The campaign was able to combine lists of voters with lists of cable subscribers and then coordinate the information of watching habits. Using this information, they targeted campaign ads to specific demographics at the exact time these niche voters were watching TV. This led to the campaign buying airtime in shows like Sons of Anarchy and the Walking Dead rather than traditional news programming. Watch for more on the use of big data during Obama’s reelection campaign below.

Little information is disclosed on just how much data campaigns can access. Inevitably the collection and effective use of data will play a huge role in the 2016 presidential election, but not all consumers are happy with that. The regulation of the use of data for political purposes raises questions of free speech and privacy. Others claim microtargeting actually offers more privacy, since the data does not include names or physical mailing addresses. It may be hard, however, for consumers to opt out of political advertising. Even lists like the National Do Not Call registry have exceptions for political campaign calls. According to a study by the University of Pennsylvania, 86 percent of Americans said they did not want political advertising tailored to their interests.

What are the problems with data brokers?

There is a certain “creepiness” factor to data collection without consumer consent. Target tried to market products to new parents by identifying them even before the baby was born. Data showed that pregnant women purchased products like cocoa butter and calcium tablets. Target began sending targeted mail to these women. But instead of finding it helpful, the women found the fact that Target knew they were pregnant to be unnerving.

Others worry about the effects of outdated data. Consumers have little access to immediately change what information that brokers have on them, such as an address change or marriage. This means people could potentially be prevented from making a purchase solely based on outdated information. Outdated information becomes more offensive when the deceased remain on data broker lists and continue to receive offers in the mail. Some women revealed stories of experiencing a miscarriage yet continuing to receive insensitive mailings from Gerber and American Baby Magazine.

Companies that have such specific information about segments of consumers may take advantage from the data. An example from the FTC looks at the case of a consumer labeled to be a biker enthusiast. This person might get more coupons for motorcycles and gear, but they could also see higher insurance rates if companies use this information to conclude this individual engages in risky behavior. Watch a Congressional hearing on the industry’s issues below.

An Acxiom presentation to the Consumer Marketing Organization in 2013 indicates further issues with potential discrimination. Acxiom placed customers into “customer value segments.” Data showed that while the top 30 percent of customers add 500 percent of value, the bottom 20 percent actually cost 400 percent of value. The bottom 20 percent call customer service numerous times and cost the company in returns. The company would be better off ignoring these customers altogether, and data brokers can help companies to identify these costly customers. These high-cost customers could then face higher prices or poor service without even being aware they are discriminated against.

Do people have any protection?

The problem most people have with the collection of data is that they have no say in it. They are not aware when information is being collected, nor are they in control of what it is used for or if it is correct. The resale and illegal use of the data is prohibited. Data brokers also suppress protected lists such as phone numbers on the Do Not Call Registry.

Some data brokers do try to protect consumers. Some voluntarily remove information regarding children and teens from their data. Others provide ways to edit and review what data the broker has on you. Acxiom uses aboutthedata.com for this very purpose. Epsilon allows consumers to review information, but reviewing the information costs $5 and requests can only be made by postal mail. Trying to review information collected by every broker is extremely time consuming. Watch for more on how to protect yourself below.

No laws require brokers to maintain the privacy of consumer data unless it is used for prohibited purposes. Federal law protects the confidentiality of medical records. The Fair Credit Reporting Act (FCRA) restricts the search of information when determining eligibility for employment, credit, or housing; however, most data does not fall under the scope of FCRA.

What is the FTC pushing for?

The FTC report recognizes the immense value of data brokers to both companies and consumers; however, the FTC has offered the following recommendations to improve the industry and bolster consumer protection:

• Create a central database where consumers can see what information about them was collected. The database should also allow consumers to opt out from the data collection.
• Require brokers to list their data sources.
• Increase industry visibility and consumer awareness.
• Comprehensive legislation to prevent the discriminatory use of data. For instance, some categories infer sensitive statistics. “Metro Parents” are single parents primarily high school-educated handling the stresses of urban life on a small budget. “Timeless Traditions” are immigrants who speak some English but generally prefer Spanish.
• Adopt a series of best practices, including better protection for minors, improving data security, preventing unlawful discrimination, and restricting collection to only needed data.

The Direct Marketing Association (DMA) and other groups attacked the FTC report. In an interview with the Washington Post, Stuart Ingis of the DMA said, “You’d think if there was a real problem, they’d be able to talk about something other than potential” abuses.

The data broker lobby is very powerful. Senators John D. Rockefeller (D-WV) and Edward Markey (D-MA) led the regulatory push by proposing the DATA bill on February 12, 2014, requiring data brokers to be transparent about the information they collect. But considering the fact that political campaigns benefit from data broker information when targeting voters, it is unlikely there will be new legislation on data brokers in the near future. In the meantime, expect data brokers to know much more about you than you know about them.

Resources

Primary

FTC: Data Brokers: A Call for Transparency and Accountability

Ed Markey: Markey, Rockefeller Introduce Data Broker Bill

White House: Big Data: Seizing Opportunities, Preserving Values

Senate: A Review of the Data Broker Industry

Additional

Yahoo: FTC Wants More Transparency for Data Brokers

Data Privacy Minitor: FTC Report Seeks Congressional Review

Privacy and Security Law Blog: “Getting to Know You, Getting to Know All About You”

Washington Post: Brokers Use Billions of Data Points to Profile Americans

ProPublica: Everything We Know About What Data Brokers Know About You

Slate: What Do Data Brokers Know About Me?

CNN: Why Big Companies Buy, Sell Your Data

New York Books: How Your Data are Being Deeply Mined

Pulitzer Center: Consumer Data Privacy in Politics

Time: Inside the Secret World of the Data Crunchers Who Helped Obama Win

ProPublica: Everything We Know So Far About Obama’s Big Data Operation

AdWeek: Confessions of a Data Broker

Alexandra Stembaugh

Alexandra Stembaugh graduated from the University of Notre Dame studying Economics and English. She plans to go on to law school in the future. Her interests include economic policy, criminal justice, and political dramas. Contact Alexandra at staff@LawStreetMedia.com.

The post The Big Business of Big Data appeared first on Law Street.