In my last article, I touched on Washington State's Computer Spyware Act. That piece of legislation immediately caught my interest, so I decided to research it further and share the results of my research with all of our readers. Needless to say, I am definitely a fan of this kind of legislation. As I wrote in my last article, "Detailed, on-point legislation like this is a necessary first step for combating cyber-crime. It is a huge step up from the maze of fraud charges and consumer protection statutes that some jurisdictions must navigate to shut down cyber-criminals."

Now that I have had a chance to read the entire act, I think I am even a bigger fan of this piece of legislation. Simply put, it is tough legislation that is built around 21st century crime. And, the more I read it, the more I realize that it is flexible enough to adapt to the next phase of cybercrime.

The subject of social networking has come up several times on this blog. I have talked about how many researchers consider social networking to be one of the more vulnerable areas on the internet today (from a security perspective). I have also talked about some privacy concerns that affect social networking.

Today, I am going to cover a very interesting piece of research that was prepared by Joseph Bonneau and Sören Preibusch from the Computer Laboratory at the University of Cambridge. Entitled, "The Privacy Jungle: On the Market for Data Protection in Social Networks", this research took a sample of 45 social networking sites and analyzed each from a privacy perspective. This paper is relatively short and extraordinarily easy to read, so I suggest that you read the entire paper if you are interested in social networking and privacy.

More disturbing news came out of PandaLabs last week. According to their research, the number of computers infected with credential stealing malicious software has risen by 600% compared to this time last year! And, 71% of the new malicious software that PandaLabs receives are Trojans - and according to their press release, these are "mostly aimed at stealing bank details or credit card numbers."

In the press release promoting this research, Luis Corrons blamed the economic crisis and organized crime for this startling new trend. Mr. Corrons said, "this is in conjunction with organizations which have made a business out of selling personal information on the black market."

This story has not been around for long and, as yet, there is not a huge amount of information available about it. However, I have been talking about Facebook quite a lot lately and felt that this was a good story to share with all of you. Three adults and two minors filed a civil suit against Facebook, claiming that the popular social networking site violates California privacy laws.

Based on information taken from the Insurance Journal and the Marketing Pilgrim, this lawsuit alleges that Facebook violates California privacy law by sharing personal information with third parties (without adequate consent) and that Facebook engages in data mining/harvesting without fully informing users.

Last month, I wrote about a virus that may have stolen several thousand medical records from Alberta Health Services. Today, I stumbled across a very interested article by Infosecurity's Bureau Chief Danny Bradbury that I thought I should share with all of our readers.

The article, entitled, "Is Patient Data Privacy on its Sickbed?" takes a look at the plan to modernize the United States medical system. Bradbury poses some difficult questions about security, privacy and fair use of patient information.

About three weeks ago, I wrote an article about the Canadian Privacy Commissioner's findings against Facebook. I have some great news for you privacy fans out there - Facebook has announced that it is going to comply with the Privacy Commissioner's findings. In fact, it is going to file its plan by the end of today.

In case you don't remember, the Privacy Commissioner of Canada found four areas in which Facebook's policies were somewhat lacking. These areas include:

• Facebook give third party developers access to too much of your personal information.
• Facebook keeps information indefinitely in the event that you deactivate your account
• Facebook keeps deceased users' accounts active indefinitely as 'memorial accounts', though they do not have any information on this in their privacy policy.
• Facebook lets you add a non-user's personal information without that non-user's permission

The Office of the Privacy Commissioner of Canada recently completed an in-depth investigation into Facebook. This investigation was prompted by a very wide ranging complaint made by the Canadian Internet Policy and Public Interest Clinic (CIPPIC). CIPPIC complained that Facebook was in violation of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). The complaint made twenty four specific allegations, which covered twelve major subject areas.

The Privacy Commissioner rejected four of these are being not well founded. They argued that four others were well founded, but Facebook has already taken steps to fix them. And finally, four complaints were deemed well founded and outstanding - in the Privacy Commissioner's opinion, Facebook is technically violating Canadian law in these four areas. In this paper, I would like to analyze the four areas in which Facebook is 'violating' the spirit of PIPEDA.

Social networking sites have been under attack lately. In February, Facebook made a very controversial change to its privacy policy - this change resulted in a massive backlash. Twitter has been the victim of several high profile attacks. In their 2009 Midyear Security Report, Cisco cited social networking as one of the major vulnerabilities in the first half of 2009. Our blog has covered many stories about how criminals use social networking sites (like Facebook, Twitter, LinkedIn, and others) to spread malicious software and steal identities. However, we have not done an adequate job of talking about privacy (whatever that is) on these popular web services.

The social implications of privacy have been one of my favourite topics for several years. The first time I read George Orwell's beautiful 1984, I was struck by a strange dichotomy that I still have not resolved. True freedom lies in either having complete privacy or a complete lack of privacy (combined with a complete lack of judgement). However, advances in technology make a complete lack of privacy incredibly dangerous - crimes like identity theft, credit card fraud, etc are not so much financial attacks as they are attacks against privacy. And, as crimes like identity theft and credit card fraud become more common, people become more concerned with their privacy.