Thomas Fox-Brewster, Forbes, Tuesday, March 03, 2015
“In September, we announced that all new Lollipop devices would be encrypted by default. Due to performance issues on some Android partner devices we are not yet at encryption by default on every new Lollipop device. But that won’t counter the feeling of disappointment amongst pro-privacy types. “I’d hope mobile OS and handset vendors would all be moving as quickly as possible to default encryption – most users don’t realise how important this is, given the sensitivity of the data on their phones, and the ease with which they can be lost or stolen,” said Ian Brown, professor of information security and privacy at Oxford University.
Cameron F. Kerry, Brookings, Wednesday, February 25, 2015
Seeing cybersecurity and privacy take center stage in recent months has been a striking turn. A week ago, I joined some 800 government and industry leaders mixed with Stanford students at the White House Summit on Cybersecurity and Consumer Protection, where President Obama signed an executive order to improve cyber threat information-sharing. He and other members of his administration renewed calls for legislation to encourage such sharing by providing liability protection and guarding how personal information is shared; and corporate executives made up an amen chorus for use of the National Institute of Standards and Technology (NIST) to manage cyber risk.
Alistair Barr and Sam Schechner, WSJ Digits, Friday, February 20, 2015
J. Peter Bruzzese, InfoWorld, Wednesday, February 18, 2015
Microsoft recently announced it's the first major cloud provider to adopt the global cloud privacy standard developed by the International Organization for Standardization (ISO). Auditors verified that Microsoft Azure, Office 365, Dynamics CRM Online, and Intune conform to the standard (ISO 27018) designed to protect personally identifiable information (PII) in the cloud, addressing a fear that users and businesses share in many countries -- especially users, businesses, and governments in Europe. But what does that compliance really get you? ISO 27018 is a good starting point to protect personal data, as Microsoft has outlined. But Microsoft has to do whatever legal authorities tell it, so its protections are subject to governments' often secret and inconsistent interpretations of their authority.
Law Office of Bradley S. Shear
Tuesday, February 17, 2015
The passage of the LEADS Act is needed not only to better protect digital privacy, but also from a business perspective. According to The New York Times, the U.S. cloud computing industry may lose tens of billions of dollars in business because international companies and governments have lost confidence in U.S. technology companies due to the NSA surveillance programs that Edward Snowden exposed in 2013. Forrester Research has indicated that these losses could be as high as $180 billion dollars for U.S. based firms.
Sam Pfeifle, IAPP, Tuesday, February 17, 2015
Late last week, Max Schrems, the Austrian law student who began Europe-v-Facebook and has seen his suit against the Irish DPA regarding Facebook's handling of his data forwarded all the way to the European Court of Justice, posted a somewhat cryptic tweet... Contacted directly, Schrems could only say that he'd been given a "heads up" from the courts and that he's bound by court rules that don't allow for public statements that might be construed as trying to influence public opinion around the case. As a refresher, at issue is whether U.S. intelligence programs, such as PRISM, which involve sharing by U.S. companies of EU citizen data with organizations like the NSA, violate the fundamental rights of those EU citizens. If the ECJ finds that they do, then Safe Harbor could be invalidated as a program for cross-border data transfer between the EU and U.S.
Cory Bennett, The Hill, Tuesday, February 17, 2015
Google urged a small government rules committee to block a Department of Justice (DOJ) request that would expand the FBI’s ability to remotely collect electronic information in the U.S. and abroad. The DOJ filed its request last year to the little-known Advisory Committee on Criminal Rules. The department wants the committee to give judges the power to authorize warrants for electronic searches in multiple jurisdictions, or when investigators don’t know the physical location of a device. Such a move, Google said in comments filed to the committee, “substantively expands the government’s current authority,” and “raises a number of monumental and highly complex constitutional, legal and geopolitical concerns.” The tech giant’s comments put them on the side of civil liberties and privacy advocates, who appeared before the committee in November to strongly protest the proposal.
Business Cloud News, Monday, February 16, 2015
Google’s senior vice president communications and public policy Rachel Whetstone has defended the company’s evolving strategy on collecting and managing personal data, but said governments need to reform how they seek data from private firms and one another. She also said Google’s progressive policy on encryption “requires governments to go through the proper legal channels” for customer data, and hit out at how governments secure data from one another and private firms across borders for law enforcement purposes including surveillance. “The MLAT process is too slow, too complicated and in need of reform,” she said. “Europe is leading the way here. We now need the US to follow suit.”
Business Cloud News, Monday, February 16, 2015
Microsoft has adopted a relatively new ISO standard that specifies measures to protect Personally Identifiable Information (PII) in public cloud environments. The company claims it is the first public cloud provider to do so. Microsoft, a huge advocate of regulatory reform around data privacy rights in the US, is currently embroiled in a court case that has seen the IT giant repeatedly challenge US District Court rulings compelling it to hand over email and contact information stored in its cloud platform in Ireland as part of a drug-trafficking trial. The company is currently supporting a number of recently introduced laws that seek to limit the reach of US courts over data stored in cloud services located outside the US.
Youkyung Lee, AP/ABC News, Tuesday, February 10, 2015