Privacy: Federal Sites Leaked The Locations Of People Seeking AIDS Services For Years

A disturbing story follows.
Digital privacy is a dynamic entity. It comes from the web host/site owner as well as from the end user.
Vigilance and the monitoring of new potential problems and fixes is part of keeping what needs to be private, private with proper and approved methods and tools. However, this is just part of the solution. It’s crucial that the technology be implemented correctly and updated when needed.
Of course, as the story below illustrates, it’s also about having the proper policies and technology in place when (or before) a site goes live. No reason what’s reported below had to happen.
From The Washington Post:

Two federal government Web sites that help people find AIDS-related medical services have begun routinely encrypting user data after years in which they let sensitive information — including the real-world locations of site visitors – onto the Internet unprotected.
Until the change, these sites had risked exposing the identities of visitors when they used search boxes to find nearby facilities offering HIV testing, treatment and other services, such as substance abuse and mental health counseling, say security experts. Government smartphone apps associated with one of the Web sites, AIDS.gov, also transmitted the latitude and longitude of users seeking services, after collecting those details from the phones of users.
The sites and apps did not themselves track visitors, but their data was handled in ways that could have enabled monitoring by employers, universities or others with access to the data flowing between individual devices – such as computers and smartphones – and the Internet. Even using a public wifi signal, offered by a coffee shop or airport, could have allowed a nearby hacker to learn that an individual user, wielding a particular type of smartphone, was seeking treatment for HIV or drug addiction.

Read the Complete Article (1207 Words)
See Also: In these articles we comment on privacy and OPAC searching. Additionally, some of issues discussed can can also be applied to some subscription databases. While we focus on access to the data via wi-fi connection it’s also possible to access using a wired connection. Article #1 ||| Article #2
Hat Tip & Thanks: The Verge

Filed under: Data Files, News, Patrons and Users