Anonymized Data Really Isn't Anonymous: Vehicle Data Can Easily Be Used To Identify You

Companies increasingly hoover up larger and larger oceans of consumer data, promising that security and privacy aren't much of a worry because data is "anonymized." But as research has shown time and time again, anonymous data isn't all that anonymous -- since it takes only a modicum of effort to either analyze the data -- or cross reference it with other data -- to ferret out personal identities. It doesn't really matter whether we're talking about NSA surveillance troves or social networking data: anonymous data just isn't anonymous.



As yet another example of this, researchers from the University of Washington and the University of California at San Diego have found that the data collected by a car's onboard computer can be surprisingly personal. In fact it's so personal, the researchers found that they could identify a driver -- from a possible list of fifteen drivers -- just by looking at data collected from the brake pedal alone:

"The research team found that 15 minutes' worth of data from the brake pedal - and only the brake pedal - could lead them to choose the right driver, out of 15 options, 90% of the time. Again, with just the brake pedal data, upping that collected data to 90 minutes' worth, allowed them to pick the correct driver 100% of the time. For a 100% hit rate with 15 minutes' worth of data, they just had to collect records from more than one car part.

By itself, especially with the fifteen person pool, this isn't really all that alarming. But as we shift toward self-driving automobiles or just highly connected vehicles, this data is going to increasingly find its way into the hands of insurance companies and others. Verizon, for example, is making a significant push toward selling a $15 per month subscription "Hum" service -- comprised of a device that plugs into the vehicle's OBD port and a Bluetooth-enabled device that is clipped to the vehicle visor. The service not only makes a dumb car smart by providing emergency and other services, it gives Verizon -- a company already awash in consumer cellular location and other behavior data -- a huge amount of additional data to ferret through and monetize.



Especially when cross-referenced with other datasets already in government or corporate collection piles, researchers warn that this opens up the door to allowing insurance companies to dictate rates based on everything from emerging medical problems to when you let your kid drive the car (warning: Wired's ad block blocker still doesn't work properly and may block all users):

"...the fingerprinting study, Enev argues, should serve as a more general warning to car owners about the sensitivity of the data that travels across their vehicles' internal networks. The same data that tells their insurance company when they've let their 16-year-old kid take their car to prom might just as easily be used to identify drunk driving or a medical condition that's altered someone's driving ability, tests Enev claims would actually be simpler than trying to distinguish a driver's identity."

Those examples are likely just the tip of the iceberg, as companies cooperate to use that data to their collective, coordinated advantage in ways we haven't even thought of yet -- while consumers are increasingly treated like criminals should they want to control or access much of this data. And given that the "internet of things" continues to have embedded security that's about as good as no security at all, it's inevitable that this collected data will increasingly find its way into the public domain.

Permalink | Comments | Email This Story

Lawmakers From The Great Theocracy Of Utah Looking To Block Porn On Cell Phones

When we've talked in the past about government attempting to outright block pornography sites, those efforts have typically been aimed at sites hosting child pornography. Blocking child porn is a goal that's impossible to rebel against, though the methods for achieving it are another matter entirely. Too often, these attempts task ISPs and mobile operators with the job of keeping this material out of the public eye, which is equal parts burdensome, difficult to do, and rife with collateral damage. Other nations, on the other hand, have gone to some lengths to outright block pornography in general, such as in Pakistan for religious reasons, or in the UK for save-the-children reasons. If the attempts to block child porn resulted in some collateral damage, the attempts to outright censor porn from the internet resulted in a deluge of such collateral damage. For this reason, and because we have that pesky First Amendment in America, these kinds of efforts attempted by the states have run into the problem of being unconstitutional in the past.

But, as they say, if at first you don't succeed, just try it in an even more conservatively prudish state again. Which brings us to Utah, where state Senator Todd Weiler is leading the effort to purge his state of any access to porn on mobile devices.

Utah Senator Todd Weiler has proposed a bill to rid the state of porn by adding Internet filters and anti-porn software on all cell phones and requiring citizens to opt-in before viewing porn online. It's to save the children, he says. Weiler successfully pushed an anti-porn resolution through the state Senate earlier this year, declaring porn a "public health crisis." He now hopes to take his movement a step further by making it harder for Utah citizens to have access to digital porn.

"A cell phone is basically a vending machine for pornography," Weiler told TechCrunch, using the example of cigarettes sold in vending machines and easily accessed by children decades ago.

This is where we'd usually talk about how this sort of thing is almost certainly unconstitutional, not to mention how easily circumvented the attempt would be. And both of those remain true for this case. But I would like to instead focus on the lazy analogies Weiler chooses to make and let them serve as an example of how easily twisted people's opinions can become if you simply add "saving the children" to the goals of a particular piece of legislation.

Let's start with the quote above, although I promise you there is more from Senator Weiler that we'll discuss. He claims that a cell phone is basically a porno vending machine, like a cigarette vending machine. The only problem with his analogy is how wildly untrue it is. A cigarette vending machine has no other purpose than, you know, vending smokes. A cell phone, on the other hand, has a few other purposes. Like playing video games, for instance. Or serving as a music device. Or making god damned phone calls. A claim that a phone is simply a vending machine for porn shows either a tragic misunderstanding of basic technology or, more likely, is simply a veiled hate-bomb at the internet itself. Regardless, it is not upon government to decide how our property is used lawfully. And it isn't on government to parent children. We have people for that. They're called parents.

But Weiler wasn't done.

The senator says England was successful in blocking porn on the Internet. Prime Minister David Cameron pushed legislation through in 2013 requiring U.K. Internet service providers to give citizen's the option to filter out porn.

The good Senator must have a strange definition for success, because the UK law is easily circumvented, has managed to censor all kinds of educational and informational non-pornography sites and material, and was created by a lovely chap who was later arrested on charges of child pornography himself. If one wishes to draw upon the success of something in order to push his own interests, that something probably shouldn't be a complete dumpster fire.

Local Utah ISPs are already calling the plan unrealistic and comparing it to censorious governments that I am certain Senator Weiler would recoil from. Not that this matters, I guess, since Senator Weiler fantastically admits that he has no idea how this will all work under his law.

Weiler says he doesn't know how it would work but just wants to put the idea out there and that his main concern is kids looking at porn.

"The average age of first exposure to hard-core pornography for boys is eleven years old," he said. "I'm not talking about seeing a naked woman. I'm talking about three men gang-raping a woman and pulling her hair and spitting on her face. I don't think that's the type of sex ed we want our kids to have."

Look, I usually like to back up my rebuttals to these types of things with facts and figures, but I just don't have them in this case. That isn't going to stop me from declaring that the average first exposure to pornography is an eleven year old boy seeing exactly three men gang-raping a woman is a line of bullshit so deep that the Utah Senate certainly must provision knee-high boots to its membership for such a thing to even be suggested. And this should tell you everything you need to know about Senator Weiler's plans: he doesn't know how successful its been elsewhere, he doesn't know how it works, and he's willing to sell it to the public on the basis of a scary lie.

Oh, and it's unconstitutional, so screw your law altogether.

Permalink | Comments | Email This Story

FBI Questions Veracity Of Emails It Released To FOIA Requester While Defending Refusal To Discuss Hacking Efforts

The FBI has entered its explanation for its declaration that it won't discuss the NIT (Network Investigative Technique) in open court or with the defense -- no matter what. Its decision to run a child porn website for two weeks while it deployed the NIT has backfired immensely, resulting in successful challenges of the warrant and the evidence obtained. For the most part, the NIT warrant used by the FBI has been declared invalid because it violates Rule 41's limitations on deployment: a warrant obtained in Virginia can't be used to search computers located in other jurisdictions.



The FBI says it will only discuss the NIT with the judge in an ex parte in camera proceeding, cutting the defense entirely out of the loop. It also argues against the defendant's portrayal of the agency as inherently untrustworthy, what with its long history of hiding information from the courts, starting with its Stingray NDAs.



While not directly related to the subject matter at hand, Jay Michaud's lawyer is buttressing his arguments against the agency's trustworthiness with a wealth of released documents showing the FBI routinely demanded law enforcement agencies hide Stingray-related information from defendants, judges -- even other prosecutors.



Michaud's defense also submitted emails obtained with a FOIA request that showed the agency even hid information on surveillance tech from other FBI agents and federal prosecutors. The choice to cut the latter out of the chain of evidence was based on a supposed trend of prosecutors examining FBI surveillance technology/methods before retiring to work as defense lawyers.



What's most hilarious about the FBI's arguments is the fact that it openly questions the legitimacy of documents it released to Brad Heath and USA Today.

The actual emails (assuming they are genuine) show no improper concealment.

This is an awfully strange thing to say about documents originating from its own offices and released, presumably after a review, to a FOIA requester. If the FBI is forced to assume the emails it released are genuine, it argues that they don't actually say what they appear to say -- which is that information about FBI surveillance techniques must be hidden from damn near everybody but especially those who might be called to testify in court.

Nothing in the email suggests that anyone should be deceived or misled. Rather, the email merely urges the common-sense practice of not disseminating sensitive information unless there is a reason to do so. This concept is called “need to know.” It is familiar to anyone who has worked in the military or law enforcement, and it is an entirely proper way to protect sensitive information.

The government says this shows the FBI does disseminate this info, but only on a "need to know" basis. But it says nothing as to why the "need to know" list doesn't include judges, defendants or prosecutors involved in these cases.



And its other arguments are just as terrible, but at least they don't include the FBI raising doubts as to the legitimacy of documents it generated itself. It claims -- as it has in the past -- that the restrictive NDAs it forces law enforcement to sign before using Stingray equipment aren't restrictive and don't heavily hint (if not state outright) that agencies are to let perps walk rather than introduce Stingray-related evidence in court.

[A] careful reading of this material shows no evidence that the FBI has deceived or misled courts or prosecutors.

Technically true. But plenty of law enforcement agencies have. And when these omissions are challenged, they tend to excuse them by citing the FBI's NDA. So, the FBI ties up agencies with NDAs in hopes of limiting disclosures. Then it throws them under the bus when disclosures aren't made.

[T]he FBI made no false or misleading statements to courts, prosecutors, or anybody else in the Andrews investigation. The pen/trap application and related statements in Andrews were made by local law enforcement and local prosecutors.

Yes, but only because they felt they needed to do so, or because they may have been explicitly told to do so after asking the FBI. The FBI cites only this case because Michaud's defense only cites this case. There are countless others where it's been made apparent evidence of Stingray use has been hidden from everyone but the agency deploying the device.



We don't know what the outcome will be yet, but it's apparent the FBI will not be discussing the details of its NIT in court -- even as it tries to make itself out as a paragon of transparency in this filing. It even says it would prefer to handle this in an adversarial fashion (in the "allow the defense to participate" sense of the word) but simply cannot because it would presumably allow any number of criminals to escape its NIT tentacles in the future.

Permalink | Comments | Email This Story

DailyDirt: Everyone Has Blindspots

A few years ago, there were some video demonstrations about perception and how when you're focused on looking for one thing, you can completely miss seeing obvious other things (like a gorilla or other monkey business). People tend to rely on vision a lot (unless you're Daredevil), but it's not always the most reliable sense.

• If a person who was born blind could be given eyesight, would he/she be able to understand a visual world based on past sensory (eg. tactile) experiences? This is called Molyneux's problem, and the answer appears to be "nope" -- based on several congenitally blind patients who gained vision by various surgeries (to remove cataracts, etc). People who gain vision can subsequently learn how to map their tactile knowledge to their new eyesight, but it takes some time. [url]



• Prosopagnosia is a different kind of blindness -- it's also called "face blindness" and gives people suffering from it the inability to recognize faces (and even facial expressions). This problem can also affect a person's ability to recognize animals and cars, as well as a sense of direction. This disorder might also not be that uncommon if about 2.5% of the population has it, and there's no cure, but maybe augmented reality glasses might help. [url]



• Blindsight may be a strange form of consciousness? Some people with healthy eyes can be blind if their brains don't recognize visual stimuli, but visual information may still make its way into a subconscious awareness. Blindsighted patients can sometimes recognize facial expressions, and blindsight can be induced in normally-sighted volunteers using transcranial magnetic stimulation. [url]

After you've finished checking out those links, take a look at our Daily Deals for cool gadgets and other awesome stuff.

Permalink | Comments | Email This Story

LogRhythm mashes up security and big data to give SMBs better defense in one tool

Security Intelligence Management (SIM) can even the playing field between IT and cybersecurity attackers. Here's how one of the leaders in the space offers a real-time battle strategy.

Daily Deal: Nut Mini Tracker

Keep tabs on your important objects with the Nut Mini Tracker. Attach the tiny tracker via an included strap or with the included 3M VHB tape and download the smartphone app. Whenever you stray too far from the Nut tracker, it will alert your phone. The Nut mini also notifies you when you leave your phone behind and the app even helps you track down lost items. It is less than 1.5 inches long and weighs in at a mere .35 ounces so you can attach it to anything and hardly notice it is even there. The tracker is available now for $15 for 1, or $25 for 2.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Permalink | Comments | Email This Story

Court To Film Director: You Must First Create An Infringing Work Before We Can Discuss Whether Or Not It's Actually Infringing

Is there anything more gloriously effed-up than IP law? I submit to you there is not. Here's the sub-headline for Eriq Gardner's Hollywood Reporter article, which deftly sums up the predicament facing a filmmaker looking to make a movie based on an old Buck Rogers novella.

Don Murphy can only clear rights if he potentially violates them first.

That's the ruling boiled down to a dozen words. The details, while enlightening, do nothing to change the underlying fact that Murphy may have to get sued for copyright infringement before he's allowed to prove he isn't infringing on anything.

That's not the only conundrum Murphy's facing. The other is this: no studio wants to touch the project until the rights have been sorted out. Murphy announced his plans to make a film based on "Armageddon 2419 A.D." at last year's Comic Con. The book was published in 1928. Murphy believes the copyright on the book and characters expired in 1956.

Quite obviously, the trust presiding over the original publisher's estate feels differently. The Dille Trust told Murphy the property must be licensed -- despite offering no proof that the copyright was still valid and despite one of the trust's beneficiaries (Robert Dille) being on board as a co-writer.

So, Murphy did what others have done: sued to have the work declared in the public domain. The problem is he hasn't infringed on the possibly uninfringeable work. The court, relying on a 2007 Supreme Court decision, basically tells Murphy he must start making this possibly-infringing work before it can start addressing his public domain claims.

Looking at the Buck Rogers case, Conti applies the Supreme Court's holding by questioning whether the dispute rises to an actual controversy from "immediacy" and "reality."

Regarding immediacy, Conti writes:

"In this case, the amended complaint does not contain specific, or even approximate, allegations about when plaintiff could begin film production, let alone release the allegedly infringing film, assuming a declaratory judgment is entered in plaintiff’s favor. A dispute 'lacks immediacy' where there are no allegations about 'when, if ever,' the product will be 'used in a manner that could potentially infringe' the intellectual property rights of another. Plaintiff’s nebulous allegations that 'development of the [film] is well underway' and that 'further production efforts could be undertaken in short order' are conclusory and insufficient to show the immediacy required by Article III."

Examining reality, Conti continues:

"At this early stage, the production and release of plaintiff’s film are 'contingent future event[s]' that may not occur 'as anticipated' or 'indeed may not occur at all.' As pleaded by plaintiff, the film project is still in an inchoate stage. Plaintiff does not allege it hired or entered into preliminary agreements with the parties 'integral to the commencement of production'—let alone the release—of a 'major motion picture.'... Plaintiff received 'preliminar[y,] . . . firm interest' in the project from Warner Brothers and Sony. Without allegations of actual commitment or intent to commit—through, for example, letters of intent—plaintiff’s vague, equivocal assertions fail to demonstrate the reality of this dispute. Plaintiff does not allege it entered into finalized, or even preliminary, financing, acquisition, licensing, or distribution agreements with these companies in connection with its potential film."

The Supreme Court decision being cited to put Murphy in the awkward position of having to roll the dice on copyright infringement has nothing to do with copyright. It's all about patents. And it's actually a good decision.

The latest ruling is in the MedImmune/Genentech case looking at whether or not licensing a patent means you can't challenge its validity. Genentech (and plenty of other patent holders) claimed that once you licensed a patent, you were basically saying that you agreed to its validity, and could no longer challenge it. The lower court agreed. This is problematic in a lot of ways, especially with the rise in patent extortion lawsuits, where it's often cheaper to just license the patent rather than fight it. MedImmune licensed the patent early on, rather than waste money fighting it, but challenged it later on when the patent in question became much more important (and the license much more expensive). With an 8 to 1 decision, the Supreme Court sided with MedImmune, saying that licensing a patent shouldn't preclude challenging that patent's validity. Another small step in the right direction.

And yet, here we are, looking at a director being asked to set himself for a lawsuit by the Dille Trust in order to prove he doesn't owe it anything. And in order to do that, he needs to convince a studio to walk across this IP minefield with him -- something no studio in its right mind would ever be willing to do.

The court has given him permission to file an amended complaint, but it's unclear what purpose that will serve under the Supreme Court's MedImmune decision. The only sensible response is to let the idea die. No studio will back a project based on a disputed property and no director is going to put the work in just to be hit with an injunction and statutory damages if the trust comes up with proof it still holds the copyright.

On the other hand, all the Dille Trust has to do is continue to insist it owns the property… even if it doesn't. That's it. Hail copyright.

Permalink | Comments | Email This Story