Expectation of Privacy

This week, the Medical Identity Fraud Alliance (“MIFA”) released its 2014 Fifth Annual Study on Medical Identity Theft, finding that in the last year, medical identity theft incidents increased by 21.7% from 2013.  The study is annually conducted to determine the pervasiveness of medical identity theft in the United States, how it affects the lives of victims, and what steps should be taken by consumers, healthcare providers, and governments to reduce the incidence of this crime.  Medical identity theft is defined by the report as occuring “when someone uses an individual’s name and personal identity to fraudulently receive medical services, prescription drugs and/or goods, including attempts to commit fraudulent billing.”  In this study, medical identity theft also is deemed to occur when an individual shares his or her health insurance credentials with others.
Continue Reading Study Shows Increase in Medical Identity Theft

Researchers at Carnegie Mellon University have designed a website that doles out grades to Android apps based on their privacy practices. The website, privacygrade.org, assigns grades based on a model that measures the gap between people’s expectations of an app’s behavior and how the app actually behaves. The grades range from A+, representing no privacy concerns, to D, representing many concerns.

To determine its grades, the Carnegie Mellon model relies on both static analysis and crowdsourcing. In the static analysis component, Carnegie Mellon’s software analyzes what data an app uses, why it uses such data, and how that data is used. For example, the software assessed whether an app used location data, whether that location data was used to provide location features (such as a map app), or whether that location data was used to provide the user with targeted advertising (or for other purposes). In the crowdsourcing component, Carnegie Melon solicited user privacy expectations for certain apps. For example, researchers asked whether users were comfortable with or expected a certain app to collect geolocation information. Where an app collected certain information and users were surprised by that collection, the surprise was represented in the model as a penalty to the app’s overall privacy grade.
Continue Reading Carnegie Mellon Grades Privacy of Android Apps

On Tuesday, the Sixth Circuit Court of Appeals ruled in U.S. v. Warshak [PDF] that the government may not compel a commercial Internet service provider to turn over the contents of a subscriber’s e-mails without first obtaining a warrant based on probable cause.  The court recognized fundamental similarities between e-mail and more traditional

Continue Reading Sixth Circuit Finds Reasonable Expectation of Privacy in E-mails