Saving Brian's Privacy: the Perils of Privacy Exposure through Reverse DNS

Given the importance of privacy, many Internet protocols are nowadays designed with privacy in mind (e.g., using TLS for confidentiality). Foreseeing all privacy issues at the time of protocol design is, however, challenging and may become near impossible when interaction out of protocol bounds occurs. One demonstrably not well understood interaction occurs when DHCP exchanges are accompanied by automated changes to the global DNS (e.g., to dynamically add hostnames for allocated IP addresses). As we will substantiate, this is a privacy risk: one may be able to infer device presence and network dynamics from virtually anywhere on the Internet -- and even identify and track individuals -- even if other mechanisms to limit tracking by outsiders (e.g., blocking pings) are in place. We present a first of its kind study into this risk. We identify networks that expose client identifiers in reverse DNS records and study the relation between the presence of clients and said records. Our results show a strong link: in 9 out of 10 cases, records linger for at most an hour, for a selection of academic, enterprise and ISP networks alike. We also demonstrate how client patterns and network dynamics can be learned, by tracking devices owned by persons named Brian over time, revealing shifts in work patterns caused by COVID-19 related work-from-home measures, and by determining a good time to stage a heist

The perils of privacy and intelligence-sharing arrangements: The Australia–Israel case study

The aim of this analysis is to explore the governance frameworks and associated privacy and interrelated risks that stem from bilateral security arrangements such as the Australia–Israel intelligence relationship. In an era of expanding globalisation of intelligence, targeted oversight advances that are adaptive to global trends may serve to mitigate the potential costs and downsides of transnational intelligence exchange while respecting the privacy, rights and liberties of citizens and ensuring that sovereignty, human rights standards and rule of law remain protected

ANALYSIS OF GLOBAL DATA PRIVACY REGULATIONS AND HOW TRANSNATIONAL COMPANIES ARE IMPACTED

Privacy regulations are being developed and altered globally. An American company working transnationally will want to make sure to comply with the privacy regulations of each country in which the company either conducts business or otherwise utilizes that country’s citizens’ data. Currently, the GDPR has the strictest standards regarding data processing agreements between a primary organization and another data processor. While the CCPA/CPRA and the PDPA require DPAs, a company in compliance with the GDPR will likely comply with the CCPA/CPRA and the PDPA. Case law is evolving to address the extent of the reach of the extraterritorial legislation. However, if a company is engaged in extensive data collection, then the company should ensure compliance with all relevant privacy regulations. As new legislative responses emerge worldwide, it is crucial for companies engaged in international business transactions to ensure compliance with the different standards of that extraterritorial legislation

Responsible innovation for digital identity systems

Digital identity (eID) systems are a crucial piece in the digital services ecosystem. They connect individuals to a variety of socioeconomic opportunities but can also reinforce power asymmetries between organizations and individuals. Data collection practices can negatively impact an individual’s right to privacy, autonomy, and self-determination. Protecting individual rights, however, may be at odds with imperatives of profit maximization or national security. The use of eID technologies is hence highly contested. Current approaches to governing eID systems have been unable to fully address the trade-offs between the opportunities and risks associated with these systems. The responsible innovation (RI) literature provides a set of principles to govern disruptive innovations, such as eID systems, toward societally desirable outcomes. This article uses RI principles to develop a framework to govern eID systems in a more inclusive, responsible, and user-centered manner. The proposed framework seeks to complement existing practices for eID system governance by bringing forth principles of deliberation and democratic engagement to build trust amongst stakeholders of the eID system and deliver shared socioeconomic benefits

The Application of the Right to be Forgotten in the Machine Learning Context: From the Perspective of European Laws

The right to be forgotten has been evolving for decades along with the progress of different statutes and cases and, finally, independently enacted by the General Data Protection Regulation, making it widely applied across Europe. However, the related provisions in the regulation fail to enable machine learning systems to realistically forget the personal information which is stored and processed therein. This failure is not only because existing European rules do not stipulate standard codes of conduct and corresponding responsibilities for the parties involved, but they also cannot accommodate themselves to the new environment of machine learning, where specific information can hardly be removed from the entire cyberspace. There is also evidence in the technical, legal, and social spheres to elaborate on the mismatch between the rules of the right to be forgotten and the novel machinery background based on the above reasons. To mitigate these issues, this article will draw lessons from the cyberspace regulation theories and expound on their insights into realizing the right and the strategies they offered to reframe a new legal scheme of the right. This innovative framework entails a combination of technological, legal, and possibly social measures taken by online intermediaries which make critical decisions on the personal data given the so-called stewardship responsibilities. Therefore, the application of the right to be forgotten in the machinery landscape will plausibly be more effective

Fool\u27s Gold: An Illustrated Critique of Differential Privacy

Differential privacy has taken the privacy community by storm. Computer scientists developed this technique to allow researchers to submit queries to databases without being able to glean sensitive information about the individuals described in the data. Legal scholars champion differential privacy as a practical solution to the competing interests in research and confidentiality, and policymakers are poised to adopt it as the gold standard for data privacy. It would be a disastrous mistake. This Article provides an illustrated guide to the virtues and pitfalls of differential privacy. While the technique is suitable for a narrow set of research uses, the great majority of analyses would produce results that are beyond absurd--average income in the negative millions or correlations well above 1.0, for example. The legal community mistakenly believes that differential privacy can offer the benefits of data research without sacrificing privacy. In fact, differential privacy will usually produce either very wrong research results or very useless privacy protections. Policymakers and data stewards will have to rely on a mix of approaches--perhaps differential privacy where it is well suited to the task and other disclosure prevention techniques in the great majority of situations where it isn\u27t

The Hunt for Privacy Under the Big Sky

Watchdog: Kiss and Tell -- Making the Cut -- Capturing the Moment -- Digging on Deadline -- University Confidential -- Concealed Weapons -- The Birthday Loophole Secrets: Behind the Times -- No Place to Hide -- Privacy Betrayed -- Under the Needle -- Editorial Cartoon -- The Grind -- One Frame Every Day Made in Montana: Spying on Wildlife -- The Secret to YouTube Success -- Preaching to the Choir -- Gaps on the Map -- Native Secrets -- Secret Montana Fantasies -- Towner\u27s Gold -- Facebook Confessionals The Year Ahead: The Hit List -- J-School Confidential -- After Jaffe -- Expanding the Wild -- Behind the Curtain -- The Road to Ri

Girls and the Getaway: Cars, Culture, and the Predicament of Gendered Space

What is the legal significance of the social significance of things? How does the law comprehend, affect, reinforce, transform, and undermine the relations between persons and things? In this Essay I examine these questions by looking at connections between one particular thing – the automobile – and one particular group of persons – women. How is it that the automobile has come to serve women – as drivers, passengers, as purchasersless well than men? After all, in some sense a car is a gender neutral machine seemingly capable of taking drivers of either sex equal distances. But how long after the first one was welded together did it shed any pretense of such neutrality? How did that transformation come about and what has law made of the results