Privacy laws are supposed to protect the rights of individual citizens. The advent of the information age has made privacy a bit of a challenge. Invasion of privacy is now much more common place as personal information on individuals is readily available and many organizations that collect certain bits of information on customers, employees, servants and officers don’t do enough to protect privacy.

Invasion of privacy laws are imperative because the loss of privacy can mean not only a small inconvenience but major loss of assets and/or opportunity. Loss of privacy can mean (among other things) identity theft, financial fraud or and inability to get a job.

Many first world and emerging technological countries must deal with this challenge. There are many invastion of privacy laws designed to protect common citizens:

United States, Privacy Act of 1974, designed to hold those that handle private information accountable for its protection.

* Health Information Privacy Accountability Act — Office for Civil Rights U.S. Department of Health and Human Services
* Financial Services Modernization Act (GLB), 15 U.S. Code §§ 6801-6810
* Final Rule on Privacy of Consumer Financial Information, 16 Code of Federal Regulations, Part 313
* Fair Credit Reporting Act (FCRA), 15 U.S. Code §§ 1681-1681u

Australia, Privacy Act of 1988, sets out principles in relation to the collection, use, disclosure, security and access to personal information.

Canada Privacy Law

Personal Information Protection and Electronic Documents Act governs the collection, use and disclosure of personal information in connection with commercial activities and personal information about employees of federal works, undertakings and businesses. Wiki

For all the viruses, malware, and exploits that crawl around the web, fundamental flaws in the system are supposed to be few and far between, but the last two months have proven to be an exception to the rule. In July, Dan Kaminsky revealed his discovery of a DNS flaw that could be exploited to direct unwitting users to malicious web addresses, Now, practically on the heels of that announcement, a hacker team that presented at DEFCON has demonstrated how a fundamental design error in the Internet’s border gateway protocol (BGP) can be used to invisibly eavesdrop on all traffic originating from a particular set of IP blocks.

Neither of these attack vectors are hacks in the typical sense of the word, as Wired’s own report explains. Instead of injecting malicious code into a system or systems, the DNS and BGP assaults take advantage of inherent structural weaknesses in the Internet itself. When the ARPANET was under development in the late 60s and early 70s, its designers chose to implement trust-based protocols. At the time, this made sense; ARPANET was a communications network between a relative handful of university and government institutions. The Internet of today has grown beyond the projected size of ARPANET by multiple orders of magnitude. The fact that it has scaled as well as it has is a testament to the engineers who built its foundation as well as those that came later, but the trust-based protocols that made sense in the 1970s don’t make sense today.

read more | digg story