The Flowing Candy Bees

In our privacy ceiling paper, we discuss the inherent liability that comes from having an “architecture of monitoring or control” even if you opt not to use it. You may be compelled to hand over customer information, get sued for vicarious infringement, leak data through simple incompetence, or pass the reins of your company to someone more evil than yourself. You can consider this the privacy equivalent of Kerckhoffs’s Criterion: design under the assumption that you will one day monitor and control users to the full extent your software allows, whether you like it or not.

Well, Dan Lockton has a whole web site on architectures of control in design. In fact he has written a dissertation on this subject. More after the flip.
(more…)

I don’t necessarily agree this is the big one, but I’m glad that someone is at least using the language:

From: EFFector list
Date: August 8, 2006 6:02:41 PM EDT

AOL’s Data Valdez Violates Users’ Privacy

As recently reported by the blog TechCrunch and now the major media, AOL intentionally released three months of search queries by 658,000 AOL users. Though AOL has removed the data from its site and rightly apologized, the grave damage is already done. The data is available all over the Net, and AOL may have violated its own privacy policy as well as existing federal law. Congress should heed the lessons of this Data Valdez and enhance protections for your privacy.

A close friend of mine was about to get some of this search data from AOL—in fact, she needs it to do research developing privacy-enhancing technologies. Good on AOL to support this kind of research, but their execution was blunderous.

Anyway, this comes just before we present a paper on the economic limits of privacy violation, what we call the "privacy ceiling." Read on for more details.
(more…)

The Underhanded C Contest is a challenge to write innocent-looking C source code implementing nonobvious malicious behavior. From the site:

Every year, we will propose a challenge to coders to solve a simple data processing problem, but with covert malicious behavior. Examples include miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper. The main goal, however, is to write source code that easily passes visual inspection by other programmers.

Question for the reader (both of you): what, in your wildest imagination, is the worst, most sensational privacy-related disaster that can befall a single individual? I’m thinking of making this a homework problem for my security engineering class.

This was brought to my mind by a recent panel discussion on privacy at Princeton University.

(more…)