Privacy

The Most Read Terms And Services, How Age-Guessing Tool Tell Us About Our Uses Of Personal Information

In the last 48 hours, age became a hot topic on Facebook, thanks to Microsoft How-Old.net free age-guessing online tool. It proves age is still a contentious topic, regardless gender, race and obviously age. A marvelous marketing gimmick! As it always happens, once a story caught fire, a few risk aversive or investigating minds start …

The Most Read Terms And Services, How Age-Guessing Tool Tell Us About Our Uses Of Personal Information Read More »

No Single Prediction Is Perfect, So I Look At Four

As 2015 approaches, it is time for new year resolutions and wishes. For security industry, we are busy preparing for another eventful year!! Design A Hack Proof Password Storage When preparing for our budget and project portfolios, it maybe useful to look at predictions from leading security vendors.  Cyber security is an intelligence game. Can …

No Single Prediction Is Perfect, So I Look At Four Read More »

Soon will come the software defined transaction (SDT) age.

“It’s comforting to imagine that, in the end, the power of innovative technologies and business models will win out over status-quo thinking and entrenched interests, all for the public good.” From a security and risk management point of view, a central or using the author’s words “the powers that have traditionally controlled those transactions” provides …

Soon will come the software defined transaction (SDT) age. Read More »

Privacy Protection Principles, compare ISO29100, with Singapore and Hong Kong legislations

ISO 29100:2011 Privacy Framework is now a public available document and it offers a comprehensive framework. Hong Kong and Singapore Gov both enacted privacy regulations, I compare both regions’ privacy protection requirements with ISO29100. Below is a summary table. Will write more on each comparison later. ISO 29001:2011 Eleven Privacy Principles  Singapore Nine Data Privacy …

Privacy Protection Principles, compare ISO29100, with Singapore and Hong Kong legislations Read More »

Public available of ISO/IEC 29100:2011 Privacy framework

Last May, in ISO SC27 meeting held at Sophia Antipolis. WG5 Identity Management and Privacy Technologies voted to make ISO 29100 Privacy framework a public document. After JTC 1 Plenary endorsement in November 2013 meeting, the standard is now available at http://standards.iso.org/ittf/PubliclyAvailableStandards/index.html (search for 29100). Another document are listed is  ISO 27000 Information security management systems — Overview and vocabulary. For most …

Public available of ISO/IEC 29100:2011 Privacy framework Read More »

Car Rental is more promising than ever

When capturing and storing technology are so cheap, it is tempting for Gov to store everything. In this case, car plate images. I guess car rental business has another marketing theme to explore! Soon we will see computer rental and mobile phone rental. When trust is gone, people are willing to try extreme measures. There …

Car Rental is more promising than ever Read More »

Does FB have right to fix our privacy ?

that increasing privacy settings may actually produce what they call an “illusion of control” for social-network users.

WSJ runs a great article on issues with FB current privacy position. It seems FB position themselves as a repairing mechanics not as a professional architect when they work on privacy controls. 

The newspaper story started with an example of involuntary disclosure of sexuality when a teenage joined a chorus FB group. Her parents was informed about her sexuality via FB. The reporter Geoffrey A. FOWLER then explained some inevitable change to privacy: “For much of human history, personal information spread slowly, person-to-person if at all.”; “Personal worlds that previously could be partitioned—work, family, friendships, matters of sexuality—become harder to keep apart.” ;”Facebook is committed to the principle of one identity for its users.” ; “increasing privacy settings may actually produce what they call an “illusion of control” for social-network users.” 

After reading this article, I noticed that although FB is responsive in fixing the technical issue, they did not discuss how they design and verify privacy BEFORE launch. Millions of FB users do the test for FB for free. The largest software testing I ever know. FB improves their system after their user already suffered the misbehave of their system. 

Privacy settings affect every user and FB should design each new function or each disclosure with systematic impact analysis. There should be a clear document listing how each activities is displayed to friend and the public. FB should notify the user community what impact a new system feature will bring to such disclosure. 

The idea that we letting FB continuously fixing their system scares me. Privacy should start with impact analysis and robust testing before thing happen.