Apple Inc. (Apple) and developers who make the applications for Apple mobile products are coming under scrutiny after it was discovered that certain applications have access to users’ photo albums. These applications ask users for permission to access the individual’s location information. According to app developers, after users give their permission, the application can copy their entire photo album without any additional notification. The fact that Apple devices also store the coordinates of where photos are taken creates another risk. According to the co-founder of Curio, an application development company, David E. Chen, “Conceivably, an app with access to location data could put together a history of where the user has been based on photo location….The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.” As Apple continues to grow its mobile business in the face of vigorous competition, some are worried the company will become less diligent about protecting users from risky applications.
New York Times: Apple Loophole Gives Developers Access to Photos (28 February 2012)
(Source: New York Times)
Watchdog Report Indicates Insufficient Info in Apps for Children’s Privacy
The US Federal Trade Commission (FTC) has made available Mobile Apps for Kids (February 2012), a report which provides the results of a survey of mobile applications for children. The report indicates that “neither the app stores nor the app developers provide the information parents need to determine what data is being collected from their children, how it is being shared, or who will have access to it”. FTC chairperson Jon Leibowitz has stated that companies must “provide easily accessible, basic information” about privacy policies, continuing that currently, “it is almost impossible to figure out which apps collect data and what they do with it”. The report states that “more should be done to identify the best way to convey data practices in plain language and in easily accessible ways on the small screens of mobile devices”. The FTC will be hosting a public workshop in 2012 regarding how to provide effective online disclosures. In the next 6 months, FTC staff will also be conducting an additional review to determine whether some mobile apps are violating the Children’s Online Privacy Protection Rule, which requires operators of online services, including interactive mobile apps, to provide notice and get parental consent prior to collecting information from children under 13.
FTC’s media release (16 February 2012)
Report Looks at Cyber Threats in 2012
Information Security Forum (ISF) has released Cyber Security Strategies: Achieving Cyber Resilience (member access only), a report which addresses the security issues that companies are facing today, and looks at the key trends in security for 2012. Key issues that companies may need to address in 2012 reportedly include the increasing development of Malspace, a marketplace for buying and selling tools and expertise to execute sophisticated attacks, the necessity to embrace uncertainty and develop cyber risk resilience, and the fact that cyberthreats can last a long time and results can be unpredictable.
Zdnet.com.au: Cybercrims form global business industry (14 February 2012)
Acting General Counsel Issues Second Social Media Report
In an effort to provide further guidance around the subject of social media, the National Labor Relations Board (NLRB) released a second report on the social media cases that have been reviewed by their office. A total of 14 cases are included in the report, half of which deal with corporate social media policies and the other half which deal with comments employees have posted on Facebook. According to the report, companies must ensure that their social media policies do not prohibit the type of behavior that could be protected by labor laws. The report also points out that employees’ comments on social media may not be protected if they are purely complaints not made in relation to group activity among employees.
National Labor Relations Board: Acting General Counsel issues second social media report (25 January 2012)
DoJ Charges File-sharing Firm with Copyright Offences and Money Laundering
The US Department of Justice (DoJ) has announced that it has charged two firms, Megaupload Ltd (Megaupload) and Vestor Ltd, along with seven individuals, with “running an international organised criminal enterprise allegedly responsible for massive worldwide online piracy of numerous types of copyrighted works”. The enterprise is alleged to have generated over US$175 million in criminal proceeds. According to the DoJ, Megaupload’s founder and director, Kim Dotcom, was arrested in New Zealand, along with three associates. 18 domain names associated with the enterprise and approximately US$50 million in assets have been seized. The indictment states that the defendants conspired to commit money laundering “by paying users through the sites’ uploader reward program and paying companies to host the infringing content”.
DoJ’s media release (19 January 2012)
Related media and news items:
New Zealand Police’s media release (20 January 2012)
The Wall Street Journal (WSJ): Hong Kong Freezes Megaupload Assets (21 January 2012)
New Zealand Herald: Dotcom in custody ahead of bail decision (23 January 2012)
(Source: DoJ; New Zealand Police; AFP; WSJ; New Zealand Herald)