Report: Agency loss of personal information widespread
By Daniel Pulliam firstname.lastname@example.org October 13, 2006
The loss of personal data is a common occurrence across government, largely because of poor physical security and portable computers and disks that go missing, according to a new report from the House Government Reform Committee.
In many cases, agencies did not know precisely what information has been lost or how many people could be affected by a particular data breach, the report said. Many of the reported breaches were the responsibility of government contractors.
Only a small number described to the committee were caused by online hackers, according to the report.
The review came in response to the May 2006 Veterans Affairs Department data breach, in which a computer containing the personal information of about 26.5 million veterans and active duty military members was stolen from the home of an agency employee. It later was recovered.
More than a dozen other agencies have since revealed security breaches. On July 10, the Government Reform Committee asked agencies to provide details about each incident since 2003 involving the loss or compromise of any sensitive personal information they or their contractors held.
The report details nearly 50 incidents since Jan. 1, 2003, each with a brief summary, including the date, the circumstances of the breach, the information that was lost or compromised and the number of people affected. In total, agencies reported more than 700 incidents.
Agencies described a wide range of situations, including data loss or theft, privacy breaches and security incidents. Their responses to data losses also varied -- some notified all potentially affected individuals and others failed to make any notification.
Under legislation proposed by House Government Reform Committee Chairman Tom Davis, R-Va., agencies would be required to notify the public if sensitive personal information was compromised.
The language passed the House as part of a measure that would substantially alter the 2002 Federal Information Security Management Act and the Veterans Affairs Department's technology management structure. The measure is awaiting Senate action that would have to come in a November lame duck session after the elections.
In a separate development, Davis is asking agencies to submit summaries of how their Internet policies are enforced. The request came in response to a September report from the Interior Department's inspector general on the personal use of the Internet by agency employees. The IG found the agency's controls were ineffective and employees were accessing sexually explicit, gambling and auction Web sites.
[From the report: All 19 Departments and agencies reported at least one loss of personally identifiable information since January 2003. ]
Hey! It worked against Google! (This is one way to Balkinize your country... You can learn more about other countries than you can about your own!)
Update: MSN is latest target of Belgian copyright complaint
After Google win, Belgian publishers pursue MSN over the rights to publish content
By James Niccolai, IDG News Service October 13, 2006
Looking to avoid the kind of legal tangle that Google has found itself in, Microsoft's MSN division in Belgium is in talks with a group newspaper publishers over the rights to publish their content on its Web site.
The newspaper group, called Copiepresse, wrote a letter to MSN Belgium earlier this week, asking it to stop posting Belgian newspaper articles to its Web site without permission, said Margaret Boribon, the group's secretary general.
Copiepresse argues that search engine companies are profiting unfairly by posting content from its members' newspapers on their sites, where they often sell advertising. The search sites, such as Google News, typically post the first paragraph or two from the newspaper article and then a link to the publication's own Web site.
Copiepresse took Google to court over the matter. In September it won a ruling that required Google to remove the French and German language newspapers published in Belgium from its Web sites. Google complied, but has also appealed the ruling and is set to argue its case Nov. 24.
MSN is being more cooperative than Google, [perhaps letting Google fight their battle for them? Bob] according to Boribon. Representatives from MSN Belgium met with a lawyer from Copiepresse this week to discuss a compromise that would allow MSN to keep publishing the Belgian newspaper content, she said.
"MSN doesn't want to have a court case, that's for sure," she said. "We have met with them and they understand our point of view. We have to find a compromise ... that is a win-win situation for both sides."
Copiepresse has asked MSN to come up with some proposals for a compromise and will meet with the company again next week, Boribon said. Meanwhile, MSN has started to remove some Belgian newspaper content from its site, she said.
Nothing has been decided, but one possible solution would be for MSN Belgium to share a portion of its advertising revenue with the publishers. [Think of this as the equivalent of asking Rand-McNally to pay you if they put your street on their maps! (Can we get the patent on that?) Bob] "That is one option we are hoping for," Boribon said.
MSN, through its public relations agency in Europe, confirmed that it received a "cease and desist" letter from Copiepresse, which it is in the process of reviewing. It said it could not comment further on the matter.
The group, which represents some of Belgium's best known newspapers, including Le Soir and Le Libre, has been gathering more support for its cause. It was joined this week by separate groups that represent Belgian photographers, journalists, scientific authors and multimedia publishers, who plan to back its efforts.
Meanwhile, Copiepresse complains that Google is not complying fully with the court's order. Some stories by the Belgian publications still appear in cached pages of its Web site, Boribon said.
Google countered that it has complied fully with the court's order, going as far as to remove the Belgian newspaper stories from its Google News site worldwide, not just in Belgium. Google News does not have a separate cache, and the Google search engine will not provide links to cached pages if they have been removed from its search results, said a spokeswoman for Google in the U.K.
The moves by Copiepresse have been closely watched because of the wider implication they may have for the ability of Web sites to aggregate content from third parties. Critics have noted that search engines publish only a small portion of the publishers' contents, and that Google can help to drive substantial traffic to Web sites.
"That's true, and what we intend to do is to remain on Google and other search engines," Boribon said. "But it must be done in a way that is fair." [Sounds like every teenager, “That's not fair!” Bob]
Turns Out Bully Isn't A Public Nuisance After All...
from the no-one's-shooting-up-schools-because-of-it dept
Yesterday we wrote about how a Miami judge ordered Take Two to run through their new game Bully to see if it was "a public nuisance", as claimed by Jack Thompson. Apparently, it didn't take long to realize that (as every single reviewer has stated), the game is just a fun, amusing social satire, rather than anything really violent. With that in mind, the game has been cleared for release. Thompson is not happy. Even though he had said that if it turned out that the game really wasn't bad he would admit he was wrong, he's apparently now complaining that he didn't get enough of a chance to see the game himself. Either way, it looks like Jack Thompson continues to do his work at Take Two's best marketing executive. The game is getting plenty of publicity heading into its US release date on Tuesday.
Better reporting from the gamers...
Jack Thompson Ruling!
by DickMcVengeance on Oct 13, 2006 (-3348 seconds ago)
While Niero is at the courthouse, he’s asked me to blog this for you, so that we can get the information out as soon as humanly possible.
At 1:51, Niero called, saying that the judge will not prohibit the the sale of Bully. In the time that he played the game, the judge said that he did not see anything so violent that would require the game to be held from being shipped. The judge and Take Two employee used a cheat code in order to skip around in the game.
According to Niero, the courthouse got pretty heated, and at one point, the judge had to ask Mr. Thompson to sit down. Also, Mr. Thompson silenced his “expert witness” when he was going to say something.
That’s the immediate answer. Keep refreshing for updates.
Nothing in this article gives me that warm, fuzzy feeling of security.
Online brokerage account scams worry SEC
Fri Oct 13, 2006 2:47 PM ET
WASHINGTON (Reuters) - High-tech crooks are hijacking online brokerage accounts using spyware and operating from remote locations, sometimes in Eastern Europe, U.S. market regulators said on Friday.
The computer "incursions" are a growing problem, said Walter Ricciardi, deputy enforcement director at the U.S. Securities and Exchange Commission.
"It's something we're very concerned about," he said in remarks at a legal conference in Washington.
About 25 percent of U.S. retail stock trades are made by online investors through roughly 10 million online accounts, according to brokerages regulator NASD.
Crooks will load a victim's computer or a public PC with a spy program to monitor a user's activities and capture vital information, such as account numbers and passwords.
The program then e-mails the stolen information back to the thief, who can use it to open victim accounts.
Once inside, the thief may sell off an account's portfolio and take the proceeds. Or electronically hijacked accounts may be used for "pump-and-dump" schemes to manipulate stock prices for profit, Ricciardi said.
Public computers in such places as Internet cafes and hotel rooms are especially vulnerable to incursions. But home computers may also be hit as spyware can be imported simply by opening an e-mail attachment, said John Stark, chief of the SEC's Office of Internet Enforcement.
Incursion scams under SEC investigation are far-flung. "We're seeing these frauds in offshore entities and persons, including those located in Eastern Europe," Stark said.
The SEC is working to track down the hackers and to educate online investors, he said.
Steps to fight incursions include securing an online account by changing passwords frequently and never using an unfamiliar computer to enter an account number or password.
To fight a similar problem, U.S. banks are exploring new online banking security technologies since a study showed identity theft via online banking is a fast-growing crime.
Teen Questioned for Online Bush Threats
By DON THOMPSON Associated Press Writer Oct 14, 6:44 AM EDT
SACRAMENTO, Calif. (AP) -- Upset by the war in Iraq, Julia Wilson vented her frustrations with President Bush last spring on her Web page on MySpace.com. She posted a picture of the president, scrawled "Kill Bush" across the top and drew a dagger stabbing his outstretched hand. She later replaced her page on the social-networking site after learning in her eighth-grade history class that such threats are a federal offense.
It was too late.
Federal authorities had found the page and placed Wilson on their checklist. They finally reached her this week in her molecular biology class.
The 14-year-old freshman was taken out of class Wednesday and questioned for about 15 minutes by two Secret Service agents. The incident has upset her parents, who said the agents should have included them when they questioned their daughter. [Were they included in the posting? Bob]
On Friday, the teenager said the agents' questioning led her to tears.
"I wasn't dangerous. I mean, look at what's (stenciled) on my backpack - it's a heart. I'm a very peace-loving person," said Wilson, an honor student who describes herself as politically passionate. "I'm against the war in Iraq. I'm not going to kill the president."
Her mother, Kirstie Wilson, said two agents showed up at the family's home Wednesday afternoon, questioned her and promised to return once her daughter was home from school.
After they left, Kirstie Wilson sent a text message to her daughter's cell phone, telling her to come straight home: "There are two men from the secret service that want to talk with you. Apparently you made some death threats against president bush."
"Are you serious!?!? omg. Am I in a lot of trouble?" her daughter responded.
Moments later, Kirstie Wilson received another text message from her daughter saying agents had pulled her out of class.
Julia Wilson said the agents threatened her by saying she could be sent to juvenile hall for making the threat.
"They yelled at me a lot," she said. "They were unnecessarily mean."
Spokesmen for the Secret Service in Sacramento and Washington, D.C., said they could not comment on the case.
Wilson and her parents said the agents were justified in questioning her over her MySpace.com posting. But they said they believe agents went too far by not waiting until she was out of school.
They also said the agents should have more quickly figured out they weren't dealing with a real danger. Ultimately, the agents told the teen they would delete her investigation file. [Clearly not gonna happen. Bob]
EFF - miniLinks for 2006-10-13.
DVD Region Coding -- Now in HD!
In case you hoped your next-generation video media would be less crippled than DVDs.
Swedish Appeals Court Acquits Accused Filesharer
IP address insufficient identification.
Please Present Passport, 34 Pieces of Personal Information
U.S. and EU reach deal to share passenger data.
Norwegian ISP De-Neutralizes Network
And re-neutralizes it in response to customer outcry.
DVD Jon Selling Apple FairPlay Compatibility
Reverse-Engineering for fun and profit.
Homeland Security Monitoring Opinions in News
Parsing the press' prose for threats.
"If we can have a legal YouTube, we can have a legal P2P service."
Bob Lefsetz thinks the YouTube deals a switch to a "new guard" in the music business - one that might have understood Napster in time to work with it.
When Blacklisters get Blacklisted
Matthew Prince, anti-spammer and local attorney in Illinois, forecasts the next steps in the local Spamhaus case.
Everything You Want From A Store And A Little Bit Less Threatening
Retailers are using invisible infra-red monitors to track customers, because they're less likely to "freak out" than when other invasive techniques are used.
Not Enough of Cable Guy for Privacy Laws
Federal Appeals court declares Comcast can't be sued under Cable Act for keeping IP logs, because IP isn't *proper* cable.
Hand Over Your Keys, Says UK Government. Cheerio, says UK Finance Sector
New UK guidelines that could compel private keys to be handed over to the law are "hitting the reputation of the UK financial services industry and discouraging investment in the UK." Hello, Switzerland!
I suppose what he's asking is, “Has anyone figured out how to beat the rap?”
Floyd Landis Tries The Wikipedia Defense
from the wikis-against-doping dept
In his ongoing bid to retain his Tour De France title, alleged doper Floyd Landis has taken to the web. Earlier this week, he announced he would put his complete defense online for all to see and mull over. But simply posting some documents online isn't in itself all that impressive. What's interesting is that in addition to this, Landis has been engaging with online communities and message boards comprised of people who are interested in the case. These include avid cyclists, as well as people who are experts in forensic chemistry, law, statistics, and other fields that might relate. It's his hope that the internet will provide a mechanism for people with disparate knowledge to craft and articulate a strong defense for him. Landis himself calls it the "Wikipedia defense". Obviously, executing the Wikipedia defense might have some challenges, and online message boards might not be the best way for people to work together (perhaps he should actually put up a wiki). But it'll be an interesting experiment nonetheless into how an argument or legal defense can be a developed by a loose-knit group with a common interest.
No One Ever Would Have Planned To Put Voice, Video And Data On A Single Network Without A Patent
from the who-would-have-thought-of-that? dept
Another day, another incredibly broad and obvious patent claim. Broadband Reports points us to a patent awarded to Cisco earlier this year for a System and method for providing integrated voice, video and data to customer premises over a single network. Yes, that sounds like the commonly accepted definition of the "triple play," which until now no one had suggested was such a unique and non-obvious concept that it deserved a patent. Now, you might say that they could be explaining a very specific and non-obvious way of accomplishing this, but as the folks at Light Reading point out, the actual patent seems broadly worded to cover just about all triple play deployments. Once again, this highlights the need for an "obviousness" test, rather than just a prior art test. It may be true that there were no triple play offerings available in 2000, when the patent was filed, but that doesn't mean people weren't thinking about it. In fact, the bottleneck wasn't that people didn't know how to offer voice, video and data over a single network, but that the bandwidth just wasn't available yet.
The world continues to change... When do you suppose the last hitching post was removed from the streets of Denver?
Email Killing Off The Postal Service's Blue Street-Corner Mailboxes
from the the-decline-and-fall dept
For years, we've been hearing stories about how the rise of the mobile phone has helped kill off telephone booths. It seems that technology may be putting the hurt on another street corner icon: the blue post office mailbox. Apparently, with all this email stuff going on, the US Postal Service is removing thousands of the recognizable boxes (apparently they own a copyright on the design). Some have been removed out of worries over being terrorist targets, but most of the 42,000 boxes that have been removed have been due to lack of use. If a mailbox gets less than 25 pieces of mail per day, it's a candidate for removal. Of course, you have to give the Postal Service some credit, as they seem quite sensitive to the anger that removing these boxes seems to cause. They post a public notice, and it sounds like if enough people protest, they leave the box. While this may seem to conflict with recent stories that talk about how the internet has saved the Postal Service, that's a different situation. It's definitely built up the Postal Service's business in shipping packages. But, the street-corner mailboxes aren't used for packages -- but just first class envelope-mail. So, no more phone booths, and no more mailboxes. What's next to disappear from our sidewalks and street-corners?
I'm not a gamer. Is this kind of thing really useful?
vNES: play Nintendo games in your internet browser
posted by soulxtc in gaming
There's a great site called "vNES" that allows you to play NES Games from the comfort of your favorite internet browser. There's no need for pesky emulators or NES download packages, simply select the game from the scrollbar on the left hand side of your browser and then get ready to "lock and load."
... BELOW IS A LIST OF ALL THE AVAILABLE GAMES
This is interesting...
Geek to Live: Roll your own timeline
... So today I'll go over how to visualize a series of events using the open source dynamic widget called Timeline.
There are tons of ways to create a timeline - from a text file to an Excel spreadsheet to a weblog to a hosted webapp. While Timeline is more difficult to use than those other options, I chose it for a few reasons:
* It separates data from presentation. Timeline's event data is stored in an XML document that the view loads and renders. Unlike a spreadsheet or regular web page, the data is in an independent format that could very easily be used to create any number of different timeline formats.
Monkey Bites by Michael Calore Friday, 13 October 2006
Why Internet Explorer 7 Will Break the Web
Microsoft's next generation browser is due to arrive in a week or two (October 18 is the word on the street), so you'd better prepare yourself for the inevitable meltdown.
... The governing body of the web, the W3C (of which Microsoft is a member), dictates the standards that browsers must adhere to. That way, web developers can build their sites to comply with those standards and guarantee that any browser visiting their site will render the pages properly.
Of course, Microsoft has a history of dictating their own standards, and they have the power to do so because their browser is used by somewhere around 80-85% of the world's web surfing audience.
Microsoft's Internet Explorer 7 Readiness Toolkit offers "testing guidance and tips for isolating and identifying a particular compatibility problem." Identifying compatibility problems should be Microsoft's task, not the web developers' task.
To be fair, Internet Explorer 7 offers more support for web standards than previous versions.
Is Sony dying?
Sony's 3Ds: Downgraded, Delayed and Disrupted --What Went Wrong?
Sony Corp. was the great innovator in consumer electronics for 30 years, but you'd never know it reading the latest headlines or watching the stock:
Sony bonds Downgraded by Fitch in anticipation of further financial weakness
Sony's Walkmans have failed to crack Apple's dominant mp3-player market share