Related Posts

5 Takeaways from the New DHS Privacy Guidance

To comply with the executive order, DHS released new policy guidance on April 27. The new policy acknowledges that DHS can no longer extend statutory Privacy Act protections to non-U.S. persons, but it also explains what the agency must do to continue to protect the privacy of non-U.S. persons. It’s still early to tell how the policy will work in practice, but here are a few takeaways.

Read More

Another Invasive, Costly DHS Proposal Chilling Free Speech At the Border

Earlier this year, DHS proposed to begin requesting information pertaining to Chinese visitors’ social media identifiers. This is not the first time we have seen this type of proposal from DHS. In 2016, CDT and over 30 other organizations raised concerns that a DHS proposal asking people traveling to the U.S. through the Visa Waiver Program to volunteer information about their “online presence” and social media use amounted to an expansion of surveillance of U.S. visitors and residents alike. Last week, CDT argued that the new proposal would raise the same issues.

Read More

Three Core Security & Privacy Issues of Connected Vehicles

Connected vehicles have tremendous potential to reshape the transportation landscape – bringing important safety and efficiency benefits but also creating new security and privacy risks. In addition, there are long-standing security and privacy issues that, if not resolved, will be compounded with the continued trends towards greater use of software and connectivity in motor vehicles. Our comments focus on three main issues: the need for secure software, the increasing dependence on critical information infrastructures, and the need for greater transparency around data privacy.

Read More

Uber’s Fingerprinting Foibles and the Costs of Not Complying with Industry Self-Regulation

No stranger to privacy kerfuffles, Uber is once again in the news for its business practices and invasive use of technology. This time, the headlines are focused on Uber’s intentional circumvention of Apple’s developer rules, which prohibit apps from collecting certain technical identifiers from iPhones. The larger challenge this raises is determining whether Uber’s violation of Apple’s developer terms could or should raise regulatory ire. Sanctions should be tailored to fit the crime, but when it comes to privacy and security mishaps with technology, consumers and their advocates are left in the dark.

Read More

Serious Privacy Risks Lie in the Path of Vehicle Automation

Yesterday, CDT joined four top cryptography and security experts in raising serious privacy concerns with proposed next-generation vehicle-to-vehicle communication standards. We call for this system to be explicitly opt-in or for the design to be significantly reconsidered so as to avoid the problems we identify. There are some promising tools from applied cryptography that could be leveraged to design a system that would impact driver and passenger privacy to a much lesser extent.

Read More