Saturday, November 04, 2006

Another story released on “hide the news day” (Friday) Obviously coffee does not keep you alert. (This story comes from the Privacy Foundation)

Starbucks Loses Laptops With Worker Data

Associated Press 11.03.06, 5:46 PM ET

Starbucks Corp. said Friday it had lost track of four laptop computers, two of which had private information on about 60,000 current and former U.S. employees and fewer than 80 Canadian workers and contractors.

The data, which includes names, addresses and Social Security numbers, is about three years old, dating prior to December 2003, said Valerie O'Neil, a spokeswoman for the Seattle-based coffee retailer.

... O'Neil said Starbucks was in the process of notifying those affected, including an estimated 8 percent of its current work force, which numbers about 135,000 worldwide.

Starbucks has been looking for the laptops since early September after discovering they were missing from a closet in the corporate support center at its south Seattle headquarters, O'Neil said.

Another Friday story...

IHC laptop donated to thrift store contained employee information

By Linda Fantin The Salt Lake Tribune Article Last Updated:11/03/2006 04:35:01 PM MST

Posted: 4:23 PM- Intermountain Healthcare will destroy the hard drives of all recycled computers after an old laptop containing the names, job titles, social security and telephone numbers of 6,200 employees was donated to second-hand store and sold for $20.

The customer who bought the laptop from Deseret Industries discovered a single spreadsheet on a laptop whose memory was otherwise erased, [Something fishy here... Bob] said LDS Hospital spokesman Jess Gomez.

... The DI customer took the machine to television station KUTV [proof you can't hide these incidents? Bob] which alerted Intermountain and returned the computer about two weeks ago.

"Keep in mind this is a 14-year-old computer that sat in storage until last month when it donated to DI," Gomez said. "We feel very confident that no information was compromised in any way."

Lot's fishy here...

VA reports two more data security lapses

By RICK MAZE November 03, 2006

The Veterans Affairs Department is dealing with two new data security lapses affecting about 3,000 people.

About 1,600 veterans who received pulmonary tests at the VA hospital in Manhattan are being provided free credit counseling after the Sept. 8 theft of a laptop computer from a lab.

VA officials said the stolen laptop, which contained names and Social Security numbers of veterans who had received tests, had been triple-locked — in a locked corridor inside a locked room and secured by a cable to a cart, said VA spokeswoman Jo Schuda.

Some 80 percent of VA-owned computers are now encrypted, but data on this laptop was not because a decision had been made not to encrypt data being used for medical purposes. [“We call it our 'HIPPA be damned' policy” Bob]

... While that investigation was under way, VA officials learned of more missing data when computer disks containing the names and personal data on about 1,400 Oklahoma veterans were lost in the mail.

The disks contained information about veterans who had been treated at a McAlester, Okla., community-based outpatient clinic.

The disks included information on current and deceased patients at the clinic.

It should not have been mailed, and they have promised to not mail anything like this again,” Schuda said.

Better customer service: “You don't have to steal our computers, we'll email the information directly to you!”

UVa Emails Personal Information

Michael Gorsegner November 3, 2006

Imagine having your social security number emailed to a complete stranger. That is the reality for over 600 UVa students.

... After refusing an on camera interview, spokesperson Carol Wood said, "We trust all the students will quickly and honorably dispose of the information eliminating any chance of a problem."

I'll have to think about this...

The Value of the Public Domain

I hadn’t seen this piece when it came out in July. The Value of the Public Domain by Rufus Pollock is an excellent analysis of how one might quantify the value of the public domain. It nicely introduces what otherwise strikes many as counter intuitive. Highly recommended.

If this had been a TV network, heads would roll and their stock would drop like a stone.

Friday, November 03, 2006

NBA Pulls Vids from Google Video

The NBA and Google Video have terminated their landmark partnership, which was announced to much ballyhoo earlier this year. All games, which had been previously available for a fee, have been pulled down from Google. [Not worth keeping even as an extra marketing channel? Bob] This includes last year's NBA Finals. If you follow the links on this page, you will note that all of the games are gone.

In the meantime, the NHL and Google yesterday announced that hockey games are now available for free [When they are done with the court, we turn it into an ice rink... Bob]on Google Video. Even better, you can download them for your iPod. That's wonderful for consumers, but it points to Google's bigger problems when it comes to video.

My gut is that Google is having a lot of difficulty selling content on Google Video. If the NBA were making money with Google, you can bet they would have stayed there. In fact, they probably would have used it as a platform to promote their new League Pass Broadband service - but they didn't.

Now, enter YouTube. If Google can't sell video content on its own video property you can bet they will have the same challenge on the newest addition to their family. The only way they will make up their $1.6B is in advertising - provided the copyright issues don't kill YouTube first. Possible? For sure. But Google better hope that the Transient Web doesn't take over.

A long article with lots of quotes, but I'd rather see the original document.

BLOGGED BY Rebecca Abrahams ON 11/2/2006 7:16PM


Long-Sought Document Finally Surfaces Showing America's Largest Voting Machine Company, MD State Election Director, Hid Major Flaws From State, Country!

Original 200-Page Security Report — Said to be 'The Pentagon Papers of Electronic Voting' — Previously Released Only in 38-Page Highly Redacted Form…Until Now…

Is this what Arnold means when he says, “I'll be back?” (This is the computerized version of the old Chicago “machine”)

California E-Voting Machines Let You Vote Early And Often

from the whoo-hoo dept

At what point do we wake up from this e-voting story nightmare and have someone reassure us it was only a dream? Every day, there's yet another story about how badly screwed up these machines are. Today, we've got a treat, as it's not actually about Diebold, but their competitor, Sequoia Voting Systems. It turns out that on the back of some of their machines used in California, there's a little yellow button. If you push it, you can vote multiple times by switching the machine to "manual" mode. In true geek fashion, Sequoia has responded with (I kid you not) their own version of "that's not a bug, that's a feature!" They claim it's "deliberate back-up feature to prevent the Edge from having a single point of failure." Hey, preventing single points of failure are great, but when they introduce a totally different point of failure, that's not so good. But, according to the company, this is the type of "flexibility" they've always provided. I didn't realize that "flexibility" was something desired in an e-voting system. Generally, you'd think people would prefer them to be pretty rigid, but to work right -- and not allow multiple votes. Sequoia claims that use of this feature emits a loud beeping noise, and they'll train poll workers to listen for that -- but that doesn't seem like the most reliable methods. We've heard so many stories of confused and technology illiterate voting officials that it's hard to believe they'll remember this or know what to do if it happens. The company says it will address the issue after next week's election -- but that any district using them can choose to simply turn off this "feature." So, if you're voting in California and you have an AVC Edge e-voting machine from Sequoia, and you have a bit of moral flexibility, apparently you can support your favorite candidate just that much more.

I don't normally report “pending” law or regulation since they rarely arrive in the form reported in the early articles, but this one interests me. Perhaps we should escape while we can? To where though...

We're All Prisoners, Now: US Citizens to be Required ''Clearance'' to Leave USA

International Politics October 26, 2006

Forget no-fly lists. If Uncle Sam gets its way, beginning on Jan. 14, 2007, we'll all be on no-fly lists, unless the government gives us permission to leave-or re-enter-the United States.

The U.S. Department of Homeland Security (HSA) has proposed that all airlines, cruise lines-even fishing boats-be required to obtain clearance for each passenger they propose taking into or out of the United States.

... Why might the HSA deny you permission to leave-or enter-the United States? No one knows, because the entire clearance procedure would be an administrative determination made secretly, with no right of appeal. Naturally, the decision would be made without a warrant, without probable cause and without even any particular degree of suspicion. Basically, if the HSA decides it doesn't like you, you're a prisoner - either outside, or inside, the United States, whether or not you hold a U.S. passport.

The U.S. Supreme Court has long recognized there is a constitutional right to travel internationally. Indeed, it has declared that the right to travel is "a virtually unconditional personal right." The United States has also signed treaties guaranteeing "freedom of travel." So if these regulations do go into effect, you can expect a lengthy court battle, both nationally and internationally.

... For more information on this proposed regulation, see

It's that time of year again. (Black Friday is the day after Thanksgiving) Retailers pretend to be shocked that their deals leak out early – as if the extra publicity was bad.

OfficeMax Black Friday Ad For 2006 Posted.

graphicsux submitted by graphicsux 1 day 6 hours ago (via )

Another ad leaked out. Some of the deals in the Office Max ad are a 20" Widescreen LCD Flat Panel Monitor for $199.99, an Averatec 2370 12" AMD Turion 64 X2 12" Laptop for $599.99, and a Sandisk Cruzer Micro 1GB Flash Drive for $13.

Friday, November 03, 2006

Oh man, I had this all figured out and now they confuse me with facts. Very interesting reading!

Employee privacy versus employer policy

By Mark Rasch, SecurityFocus Published Friday 3rd November 2006 11:17 GMT

Your organisation has a computer and internet use policy. Fine. It's been reviewed by corporate counsel, approved by senior management, and implemented over the years. The policy is comprehensive - it includes policies on expectations of privacy, employee monitoring, and the ownership of corporate electronic assets.

... However, there is a genuine divergence between what companies say and what they do. There is also a divergence between what employees regurgitate about their expectations of privacy (corporate mantra) and how they actually act. My own answer to the question, "do I have a reasonable expectation of privacy in the workplace?" – of course! What we really need to do is better define the scope of that reasonable expectation of privacy.

... The electronic workplace is no longer just the cubicle, desk or office. It now encompasses the coffee shop, the hotel room, the back of the taxi, the living room or bedroom.

... If nobody in the company has a privacy interest in electronic records, then how can the company resist a subpoena, search warrant, or even a warrantless search, since the courts only protect a reasonable interest in privacy?

... In effect, the court held that the actual policy of not monitoring content created, in the users, an expectation of privacy, which the court found to be reasonable.

Also consider...

Electronic snooping threatens US financial centres

It's official: the US leads the UK in compliance culture - but is it damaging New York as a financial centre?

Email monitoring? Tapped mobile calls? Switchboard snooping? It's all going on, according to a new survey which claims that New Yorkers are more aware of compliance breaches and monitored electronic communication - but they are also more likely to try to dodge communication controls.

The survey, conducted simultaneously in the financial districts of New York and London in October 2006, revealed a key difference in regulatory compliance culture: while Wall Street employees broadly support a firm's right to monitor their communication, they are also more likely to circumvent communication controls. A total of 300 people working in the Wall Street and City areas of New York and London, two of the world's busiest financial districts, were surveyed. The research discovered that:

- In New York more than 60% of respondents thought that it was right that their employer should monitor their e-mail. By contrast, in London less than half (38%) supported their firm's right to monitor e-mail.

- Employees in the New York finance sector are under heaviest scrutiny. In New York almost three quarters of respondents who worked in the finance sector thought their e-mail was already monitored (74%), compared to 62% of London finance workers. Only 28% of non-finance employees in New York believe their e-mail is monitored.

- New Yorkers are more likely to try to dodge e-mail monitoring:

- 60% admitted that they had sent something that they 'didn't want their employer to know about' using webmail. This compared to 42% of London respondents.

- More than seven out of ten New York-based finance workers admitted they had received an e-mail that broke corporate or regulatory policies, compared to just 36% of London City employees. Non-compliant communication is not just a problem in the finance sector; over half of non-finance workers in New York and London admitted to receiving e-mails that broke corporate policy (52% and 57% respectively).

Moreover, the survey confirmed that today's businesses rely heavily on e-mail as heir primary business communication channel.

Here's another one I thought had been resolved on the side of privacy...,0,1436618.story?coll=sns-ap-nationworld-headlines

Kansas AG Gets Abortion Clinic Records

By JOHN HANNA Associated Press Writer November 1, 2006, 12:31 AM EST

TOPEKA, Kan. -- The state attorney general said Tuesday night that his office has received the records of 90 patients from two abortion clinics and is reviewing them for possible crimes, the culmination of an effort that prompted concerns over patient privacy.

... Shawnee County District Judge Richard Anderson subpoenaed the records at Kline's request in September 2004, concluding there was probable cause to believe they contained evidence of crimes.

While Anderson didn't give Kline unfettered access to the records, the state Supreme Court imposed new guidelines for having them reviewed and edited before they were given to the district court. Under that process, neither Kline nor the judge saw the names of the patients.

Why else would we publish their addresses?

Attack on sex offender worries official

jeremy pawloski Published November 03, 2006

The beating of a registered offender by an alleged vigilante Tuesday night could spur calls to protect sex offenders' privacy, making it more difficult for law enforcement to track predators, an inspector with the Mason County Sheriff's Office fears.

... Dennis A. Clark, 51, remained at the Mason County Jail Thursday on suspicion of first-degree burglary [Not assault? Bob] and had his first court appearance Thursday.

... In Mason County, deputies also go out and give information about sex offenders to residents who live near them, Byrd said.

"We actually go to neighborhoods and knock on doors," he said.

RFID: Really Fast Identity-theft Device?

November 01, 2006

DHS Privacy Committee Recommends Against RFID Cards

The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security recommended against putting RFID chips in identity cards. It's only a draft report, but what it says is so controversial that a vote on the final report is being delayed.

Stolen laptop had personal data on 1,200 college students and staff

PHILADELPHIA, Pennsylvania (AP) -- A laptop computer stolen from an insurance brokerage firm contained the names, birth dates and driver's license numbers of more than 1,200 Villanova University students and staff members, the school said Thursday.

November 02, 2006

UK Report Reviews Surveillance in 2006 With Projections Through 2016

The UK Information Commissioner, Richard Thomas, today issued a press release and a publication titled, A Surveillance Society (102 pages, PDF), a report commissioned for the International Conference of Data Protection and Privacy Commissioners, currently underway. The report "looks at surveillance in 2006 and projects forward ten years to 2016. It describes a surveillance society as one where technology is extensively and routinely used to track and record our activities and movements. This includes systematic tracking and recording of travel and use of public services, automated use of CCTV, analysis of buying habits and financial transactions, and the work-place monitoring of telephone calls, email and internet use. This can often be in ways which are invisible or not obvious to ordinary individuals as they are watched and monitored, and the report shows how pervasive surveillance looks set to accelerate in the years to come."

I'm certain others are doing this. Next they may want to knock on your door for an examination of your National ID and a scan of your sub-cutaneous RFID chip, a DNA sample... Imagine the lengths they would go to if you wanted access to something involving National Security!

Posted on Thu, Nov. 02, 2006

Bud.TV site will check IDs at the door

ST. LOUIS (AP) -- Sorry kids. Bud.TV will be checking ID.

Anheuser-Busch Cos. is set to become the first major brewer to weed out underage visitors to its Web sites by hiring an outside firm to check their age.

... The screening process likely will ask visitors for a name, age and address, including zip code, Ponturo said. The data can be matched against public records such as driver's licenses and voter registration cards.

... Anheuser-Busch is walking a fine line between keeping minors off its Web sites without turning away too many people. [The more effort required to access a site, the larger the reward must be. Perhaps free beer? Bob] The company hopes to draw between 3 million and 5 million visitors to Bud.TV each month.

...On the Net: Anheuser-Busch: Center on Alcohol Marketing and Youth:

Definitely a project to follow.

MIT will train students to build a better Web

The Web Science Research Initiative plans interdisciplinary course addressing the growing amount of online information and the rules to moderate it

By Ben Ames, IDG News Service November 02, 2006

A group of professors has formed a research collaboration to train students how to design future versions of the World Wide Web.

One of their first lessons will be how to strike a balance between better access to data and stricter rules about its use, said researchers from the Massachusetts Institute of Technology (MIT) and England's University of Southampton at an MIT press conference Thursday.

The Web Science Research Initiative (WSRI) hopes to create a college degree program in "Web science" that combines disciplines including computer science, mathematics, neuroscience law and economics. It will also raise funding for doctorate students to study at MIT and the University of Southampton.

These guys are at Lackland (Texas). Perhaps they could attend a Privacy Foundation seminar an tell us what to watch out for in a CyberWar.

8th Air Force to become new cyber command

by Staff Sgt. C. Todd Lopez Air Force Print News

11/2/2006 - WASHINGTON (AFPN) -- During a media conference here Nov. 2, Secretary of the Air Force Michael W. Wynne said the 8th Air Force would become the new Air Force Cyberspace Command.

... Secretary Wynne said the 67th Network Warfare Wing, now under 8th Air Force, and other elements already within the 8th, would provide "the center of mass" for the nascent Cyberspace Command.

Ah the very symbol of prestige for executives...

Bluetooth cracking

Posted by Mikko @ 18:58 GMT Thursday, November 2, 2006

Last Friday Thierry Zoller and Kevin Finistere gave a presentation in the 2006 conference on Bluetooth issues. They also showed a demo of BTCrack, a Windows tool that can crack Bluetooth PIN and Linkkey in almost real-time (assuming it has sniffed the initial pairing).

I wonder what his Privacy Policy says...

Would You Take Investment Advice From A Spyware Distributor?

from the your-customers-are-gonna-love-that dept

It turns out that record labels and movie studios aren't the only companies that treat their customers like criminals. So do writers of investment newsletters. The investment newsletter industry is basically what it sounds like. A company or an individual writes up a regular (often monthly) report filled with forecasts and picks and then send it to clients, for what is typically a rather high fee. But they know content like this is easily copied and passed around, so some of them, even in this day and age, are sent on physical paper by mail, in an attempt to make it just a little more difficult to re-distribute it than forwarding an email. The writer of one newsletter, who does distribute it electronically, is suing one of its corporate customers for copying it and passing it around. And how did he find this out? Because through his website, he installed spyware on the computers of all his clients that tracks what happens to the document. Even if he successfully sues the company, you really have to wonder about whether this was a good idea. Now all of his corporate clients, of which there are many, know him as a distributor of spyware, so either they'll stop doing business with the guy -- or maybe they'll get someone from IT to just disable it.

Note that even if the machines are secure (a BIG if) you could intercept the results at several steps along the way...

Surprise! More Diebold Problems As They Expose Memory Cards To Viruses

from the didn't-see-that-coming dept

As if there haven't been enough problems with Diebold e-voting equipment (all of which they pretty much brush off or ignore). Ed Felten, who has been pointing out numerous security flaws with Diebold machines has found another one. It turns out that the memory cards that are used to store votes on some of the machines, the same memory cards that Felten showed was susceptible to viruses, are being placed into a variety of laptops that have not been checked to make sure they're free of spyware. Apparently, election workers are expected to put the memory cards into laptops in order to transfer the votes to CD-ROM (and, no I won't even start to get into why you should need to transfer votes to CD-ROM). The laptops in question, though, were either the election workers personal laptops or a bunch that were just "gathered from around the office." How many of those laptops (especially the personal ones) do you think are infected with spyware and viruses? Especially when you consider how many election workers are freaking out over the new machines because they're not at all technically savvy. What kind of e-voting company would think it's somehow "secure" to require people to transfer votes using their personal laptop? In the meantime, of course, we eagerly await Diebold's expected brushing off of this story, complete with insults directed at Felton (as per usual) and some sort of claim about how the whole thing isn't a problem at all due to some bogus "security" procedure they have in place.

Again the field of “virtual law” looks real.

Australia To Tax Money From Second Life, But Can Money Spent On Your Avatar Be A Write-Off?

from the H&R-Block-Next-To-Set-Up-In-Second-Life dept

There continues to be a lot of discussion about the real world implications of activity inside virtual worlds. One of the issues is how to deal with taxation, and it appears that Australia has taken the lead, announcing that they plan to tax money made in virtual worlds, specifically citing Second Life Linden Dollars. A spokesperson for the country's tax office said that if you're getting monetary benefit from the site, then it should be taxed like any other income. What's not clear is when the money is taxed. Do they tax you when you've cashed in your Linden Dollars for Australian Dollars? If they did this, the policy would make sense, as it's basically like a capital gains tax, which is levied after someone sells their stock. Or, do they tax the player based on their Linden Dollars even if they don't cash out. This would be a ridiculous policy as it would basically be taxing people for playing a game. Assuming it's the former, the taxation occurs after withdrawing the money, it could be a real boon for Second Life, as it would discourage people from taking money out of the in-game economy.

The business model that will replace those used by media industries are becoming clearer every day.

Writers, Directors, Actors Want Their Cut Of The Online Video Spoils

from the did-no-one-expect-this? dept

One of the important things in business is being able to be aware enough and flexible enough that you're rarely (if ever) caught by surprise. You can watch for trends and do scenario planning to help with these types of things -- but apparently some folks in the entertainment industry don't believe in that kind of planning ahead (if they'd only contacted us, we could have helped). So, now, it seems that they're running into all sorts of problems that were easily predictable five years ago. Take the TV industry, for example. Five years ago, they should have paid attention to the various disputes between musicians and the recording industry over digital rights. Contracts had been written in a time before the internet, and no one was exactly sure who got what cut in the royalties and whether or not it was really covered by existing contracts. That, of course, should have been the signal for those in the video business to start looking at their contracts and figuring it all out before it became a problem for them as well. And, of course, not very much happened. So, now, as we hear stories about Google negotiating to give entertainment companies a nice upfront lump of cash to allow their videos online, writers, directors and actors are suddenly wondering what it all means for them. They want to know what their cut will be. Considering that the industry execs have a long, long history of figuring out ways to take the money without paying the talent, they absolutely should be worried.

These are the type of legacy issues that should have been clear from years ago -- and which seem to have been ignored by the execs. Either that or they knew about them and figured they would have the leverage in the end anyway, so there was no reason to negotiate. Of course, these kinds of legacy issues don't just impact the content creation side of the business. Business Week is writing about the difficulties HBO is facing in designing its own online strategy -- since any such plan routes around the cable TV providers who pay good money (and make nice profits) being the only way to get HBO's sought after content. Again, this should have been clear years ago, but it sounds like everyone's just trying to figure out how to get around the legacy issues now.

...perhaps they should read this?

UK report: knowledge should be public good first, private right second

11/2/2006 9:36:09 AM, by Nate Anderson

The UK is awaiting the release of a report by the Gowers Review of Intellectual Property, a task force charged with suggesting changes to the country's intellectual property laws. The formation of the commission has inspired a flurry of private books and reports on IP designed to influence debate on the subject. While many of these are exactly as interesting as you'd expect, a new report from the Institute for Public Policy Research offers a fascinating look at the reasons behind intellectual property rights and suggests a new way forward for Britain: thinking about knowledge as a public resource first, and a private asset second. Is this idealistic, anti-business pinko blue-skying? The group says no.

Bogus arguments? I'm shocked!

FCC rebukes Logan, says Continental can offer WiFi

By Peter J. Howe, Globe Staff | November 2, 2006

A two-year effort by Logan International Airport officials to shut down private alternatives to the airport's $8-a-day wireless Internet service was decisively rejected yesterday by federal regulators, who blasted airport officials for raising bogus legal and technological arguments.

Thursday, November 02, 2006

Once again the media has called on Prof. John Soma to put some perspective on the Privacy implications of a recent story about theft of a computer with personal identity information... I'd like to see the whole list of things that might (should?) happen to managers who allow this to happen.

More than a million at risk for identity theft

written by: Anastasiya Bolton Reporter posted by: Jeffrey Wolf Web Producer Created: 10/31/2006 10:33 PM MST - Updated: 11/1/2006 6:55 PM MST

DENVER - A computer with sensitive information was stolen and now up to 1.4 million people across the country could be at risk of identity theft.

I'm sure there will be several jokes about who the bomber will be, but I suspect this site was protected better than your average airport. Could be interesting to follow...

EBay building bombed: Exclusive IMs from an eBayer inside the building

Firefighters rushed to eBay's San Jose headquarters last night after an explosion in a four-story eBay building. First thought to be a transformer, the cause is now being reported as a bomb.

A live TV report from last night is available at KRON 4. If you have any information, photos, or first-hand accounts, e-mail A reader sends the following IM conversation they had with an eBay employee in the building.

My friend was working late at eBay tonight when there was a large explosion within the building.

Here's the breaking news story: Firefighters Respond to Explosions within eBay Building

You known, I like the way this guy thinks...

Michael Porter Asks, and Answers: Why Do Good Managers Set Bad Strategies?

Published: November 01, 2006 in Knowledge@Wharton

Errors in corporate strategy are often self-inflicted, and a singular focus on shareholder value is the "Bermuda Triangle" of strategy, according to Michael E. Porter, director of Harvard's Institute for Strategy and Competitiveness.

... During his remarks, Porter stressed that managers get into trouble when they attempt to compete head-on with other companies. No one wins that kind of struggle, he said. Instead, managers need to develop a clear strategy around their company's unique place in the market.

... Managers who think there is one best company and one best set of processes set themselves up for destructive competition. "The worst error is to compete with your competition on the same things," Porter said. "That only leads to escalation, which leads to lower prices or higher costs unless the competitor is inept." Companies should strive to be unique, he added.

... Years ago, corporate strategy was considered a secret known only by top executives for fear competitors might use the information to their advantage, said Porter. Now it is important for everyone in the organization to understand the strategy and align everything they do with that strategy every day. Openness and clarity even help when coping with competition. "It's good for a competitor to know what the strategy is. The chances are better that the competitor will find something else to be unique at, instead of creating a zero-sum competition."

Is this how it's done?

Groups Call for Investigation of MS Ad Service

Posted by samzenpus on Wednesday November 01, @07:05PM from the learning-all-about-you dept. Microsoft

narramissic writes "The Center for Digital Democracy (CDD) and the U.S. Public Interest Research Group (US PIRG) have filed a complaint with the FTC, asking for an investigation into Microsoft's use of customer data collection in its adCenter Web advertising service. The groups claim that 'Microsoft has embarked on a wide-ranging data collection and targeting scheme that is deceptive and unfair to millions of users.' Microsoft, for its part, says the groups 'have got it all wrong.'"

I wonder if a collection (or searchable database) of campaign ads would result in screams from the candidates (or perhaps a new law banning “politician stalking”)

An Alternative Guide to Election 2006

By Erika Morphy TechNewsWorld 11/01/06 8:00 AM PT

Politicians and their operatives are no dummies. YouTube might have started out as a site for ordinary people to post their own videos, but it is now well seeded with videos produced by candidates -- both focusing on themselves and on their opponents.

... Call it "Election 2.0." Call it the revenge of voters tired of watching the increasingly negative 30-second ads on network television. Whatever the reason, it is clear that voters are going outside mainstream media -- far outside -- to learn more about the candidates and the issues.

Consider YouTube, says Robb Hecht, an adjunct marketing professor at the City University of New York's Baruch College and social tech media strategist.

"Its role in this year's elections cannot be underestimated," he tells the E-Commerce Times. "While people need to tune into CNN, they also need to check out YouTube's vault of political videos and sites like to find out where [the politicians] stand on issues."

What aspects of his job can he remember?

HP: Hurd can't recall probe meeting details

CEO says he wishes he could have been more "focused" during meetings with private investigators

By Robert Mullins, IDG News Service November 01, 2006

Hewlett-Packard Co. Chairman and Chief Executive Officer (CEO) Mark Hurd has an incomplete recollection of details of a crucial internal meeting on the HP board scandal, according to new information released Wednesday.

Automated stalking?

Looking for someone? Spock will track them down

November 1, 2006 3:49 PM PST

Spock, a start-up that wants to make it easier to find personal information about people on the web, has launched its private beta.

Type in a name, and Spock says it can serve up a picture, address, occupation, interests and other information. Conversely, you can type in an occupation and location ("Rodeo Clown, Lubbock") and it will spit up people that fit that category.

... Spock's public beta hasn't started, but the founders told VentureBeat that it will have 100 million profiles.

No word on whether Leonard Nimoy is filing suit against them yet. Oh, humans, you are so irrational.

Negotiating ploy? Perhaps they want to be treated like North Korea and have a Chinese pipeline supply them with fuel oil for those cold Seattle winters?

Microsoft considers China policy

By Darren Waters Technology editor, BBC News website, Athens

There is mounting pressure on tech firms for their dealings in China

A senior executive for Microsoft has said the firm could pull out of non-democratic countries such as China.

E-voting State By State

Posted by samzenpus on Wednesday November 01, @09:31PM from the make-them-count dept. United States Politics Technology

jcatcw writes "One-third of Americans will use voting machines next week that have never before served in a general election. provides an overview of e-voting in each of the 50 states and the District of Columbia — equipment, systems for voter registration, polling, significant legal challenges to the systems, previous media coverage, links to government watchdog sites, the vendors, technologies and laws that are important to the issue, and a review of 'Hacking Democracy.'"

We're number 30! We're number 30!

Canada #2 in maintaining personal privacy

KATIE FRETLAND Canadian Press and Associated Press

LONDON — Germany and Canada are the best defenders of privacy, and Malaysia and China the worst, an international rights group said in a report released Wednesday.

Britain was rated as an endemic surveillance society, at No. 33, just above Russia and Singapore on a ranking of 37 countries' privacy protections by London-based Privacy International.

The United States did only slightly better, at No. 30, ranked between Israel and Thailand, with few safeguards and widespread surveillance, the group said.

If your ass is uncovered, scream National Security!,72051-0.html?tw=rss.index

The Virus That Ate DHS

By Kevin Poulsen 02:00 AM Nov, 02, 2006

A Morocco-born computer virus that crashed the Department of Homeland Security's US-VISIT border screening system last year first passed though the backbone network of the Immigrations and Customs Enforcement bureau, according to newly released documents on the incident.

The documents were released by court order, following a yearlong battle by Wired News to obtain the pages under the Freedom of Information Act. They provide the first official acknowledgement that DHS erred by deliberately leaving more than 1,300 sensitive US-VISIT workstations vulnerable to attack, even as it mounted an all-out effort to patch routine desktop computers against the virulent Zotob worm.

... U.S. District Judge Susan Illston reviewed all the documents in chambers, and ordered an additional four documents to be released last month. The court also directed DHS to reveal much of what it had previously hidden beneath thick black pen strokes in the original five pages.

"Although defendant repeatedly asserts that this information would render the CBP computer system vulnerable, defendant has not articulated how this general information would do so," Illston wrote in her ruling (emphasis is lllston's).

A before-and-after comparison of those documents offers little to support CBP's security claims. Most of the now-revealed redactions document errors officials made handling the vulnerability, and the severity of the consequences, with no technical information about CBP's systems. (Decide for yourself with our interactive un-redaction tool.)

Must be simple if you can reduce it to a PowerPoint presentation...

November 01, 2006

Presentation on Deconstructing Information Warfare

K. A. Taipale, "Deconstructing Information Warfare," presented to the Committee on Policy Consequences and Legal/Ethical Implications of Offensive Information Warfare, The National Academies, Washington, DC (Oct. 30, 2006) [download presentation slides in PDF).

I like it! (Who says there are no innovators left in business...)

Innovative Funding Strategy: Steal Employees' IDs, Apply For Loans And Credit Cards In Their Names

from the nothing-to-it dept

It's one thing to be the victim of identity theft where the crook uses your identity to get loans, lines of credit and credit cards, but it's taken to an entirely different level when it's the CEO of a well-known company, and the victims are his employees. That's apparently what happened with Compulinx. Apparently, the company needed some money, and rather than raising it the old-fashioned way, the CEO and his nephew are accused of taking the data they had on file of some of the company's 50 employees, and using them to get loans, lines of credit and credit cards. The employees were apparently totally unaware that their CEO was pretending to be them, and sometimes claiming (falsely) that they were officers of the company.

Spam Scam Says You're Fired

from the well-that-sucks dept

In the last year or so, the concept of "spear phishing" has gained a lot of popularity. Rather than broadly phishing by sending out emails pretending to be from companies with huge numbers of users/customers such as eBay or Citibank, spear phishing is much more targeted, and sometimes much more devious. It is often sent directly to people at a certain organization, made to look like it comes from someone at that organization and designed to play on what that organization does. It seems that some phishing scammers went one step further last week, using a spear phishing attack on employees of the Dekalb Medical Center. The email itself appeared to come from the medical center and told the employees they were being laid off. It included a link to a website supposedly for "career-counseling information," but actually directing people to a website that automatically downloaded a keylogger program. Enough employees were freaked out enough by the notice that they didn't consider it might be a scam, and clicked on the link. Once again, it shows how the scammers continue to adjust and adapt, and how difficult it can be to spot some of these types of scams.

Wednesday, November 01, 2006

The program reads:

If vote=BUSH add 1 to BushTotal.

If vote=GORE add 1 to BushTotal.

Voting machines in Texas change "Democrat" votes to "Republican"

shark72 submitted by shark72 1 day 1 hour ago (via,%Y )

Friday night, KFDM reported about people who had cast straight Democratic ticket ballots, but the touch-screen machines indicated they had voted a straight Republican ticket.

Business models that work! This could work in other media as well...

Shocker: Radio Station That Gives Listeners What They Want Grows Its Audience

from the are-you-listening dept

The WSJ has an interesting story looking at the success a Los Angeles-based public radio station, KCRW, has had by embracing the internet and new media. It reads like the antithesis of super-sized commercial radio companies who, like their record-industry cousins, have been dragged kicking and screaming into the digital age. KCRW offers a large number of its shows as podcasts, the most popular of which attracts more than 1 million downloads per month. This has helped drive listeners to its online streams and -- would you look at that -- the number of listeners has shot up. So much, in fact, that it gets more online visitors than it does terrestrial listeners. Some are quick to say that public stations like KCRW can do things like this more easily than commercial stations, because they're under less pressure to turn a profit. [Larger audiences mean higher ad rates. What part of that don't they understand? Bob] "They have less to lose," as one analyst puts it, sounding a lot more like a big-radio exec, since it's really a matter of radio stations -- commercial or public -- having a lot to gain from the internet. While it's true that the likes of KCRW don't have the profitability demands of commercial stations, they still have costs to cover and a business model to support. KCRW relies on listener donations for about half its budget, and estimates that just about 6 percent of those come from online listeners. But it understands that a far better way to generate revenues from online listeners is from underwriting, or advertising, as it's called in the commercial world. And as its online audience grows not only in size, but in geographic scope, as well, it's turning its attention to securing national underwriters, rather than just local ones. The station's not resisting the internet, it's embracing it and realizing that growing its audience, even if listeners are outside its local market, is a good thing. And that seems like a lesson that could very easily translate to the realm of commercial radio.

Sony is demonstrating that they can screw up in multiple business areas at the same time!

Sony Under Investigation by DOJ

Posted by Zonk on Tuesday October 31, @10:31AM from the can't-a-megacorp-get-a-break dept. Sony The Courts Hardware

An anonymous reader writes "As the DOJ continues its investigation into RAM price fixing, it has started looking at Sony's operations. With all the negative press Sony has been getting, this couldn't come at a worse time."

From the article: "The Japanese company received a subpoena from the Justice Department's antitrust division seeking information about Sony's static random access memory, or SRAM, business, company spokesman Atsuo Omagari said. 'Sony intends to cooperate fully with the DOJ in what appears to be an industrywide inquiry,' the company said in a short statement."

Will these laws spread?

New York ID Theft Laws Become Active This Week

October 31, 2006 News Release

... About New York Identity Protection Laws (Active November 1, 2006)

  • The Security Freeze Law: Allows consumers, who are either identity theft victims or are concerned that they might be at risk of having their identities stolen, to cut off an identity thief's access to credit, loans, leases, goods and services by placing a "freeze" on their consumer credit report.

  • The Disposal of Personal Records Law: Requires any business to properly dispose of records containing personal information or risk a civil penalty of up to $5,000.

  • The Anti-Phishing Act of 2006: Prohibits the deceptive solicitation of personal information through electronic communications, including sending e-mails to Internet users, falsely claiming to be a legitimate enterprise in an attempt to scam the user into surrendering private information.

FTC's Game Teaches Social Networking Skills

Journal written by narramissic (997261) and posted by kdawson on Tuesday October 31, @05:59PM

from the just-say-no dept. The Internet United States User Journal Politics

narramissic writes, "Your tax dollars at work. The U.S. Federal Trade Commission has launched an online quiz-show style game called Buddy Builder to test young users' abilities to spot potential threats on social networking Web sites. Naturally, the teen audience this is intended to reach is not going to go near the game except as a joke."

[From the comments: It's more likely to be a how-to for perverts and pedophiles than anything else since children won't go near it. ]

Holiday Scammers' E-Greeting Card Tactics

By Jennifer LeClaire TechNewsWorld 11/01/06 4:00 AM PT

"Previous e-card attacks and resulting infections have been slanted more toward denial of service, spam relay and virus propagation -- this one is much more dangerous to users because their financial information is at risk," Minoo Hamilton, senior vulnerability researcher for nCircle, told TechNewsWorld.

... Researchers at Exploit Prevention Labs recently uncovered a major cyber criminal ring operating in Australia using what appear to be Yahoo Greetings e-cards to infect thousands of computer users with malicious keylogger malware. Attackers used the malware to steal credit card numbers, bank account usernames and passwords and other personal information.

Why was this computer connected to both the Water system control and the Internet at the same time? Could have been a Nuke plant...

Hackers break into water system network

Attackers believed to be operating outside the U.S. gain access to computers at a Pennsylvania water treatment plant

By Robert McMillan, IDG News Service November 01, 2006

An infected laptop gave hackers access to computer systems at a Harrisburg, Pennsylvania, water treatment plant earlier this month.

The plant's systems were accessed in early October after an employee's laptop computer was compromised via the Internet, and then used as an entry point to install a computer virus and spyware on the plant's computer system, according to a report by ABC News.

The incident is under investigation by the U.S. Federal Bureau of Investigation, but no arrests have been made in the matter, said Special Agent Jerri Williams of the FBI's Philadelphia office. The attackers are believed to have been operating outside of the U.S.

Williams said that the hackers do not appear to have targeted the plant. "We did not believe that they were doing it to compromise the actual water system, but just to use the computer as a resource for distributing e-mails or whatever electronic information they had planned," she said.

Still, the FBI is concerned that even without targeting the system itself, this malicious software could have interfered with the plant's operations, Williams said.

Had the breach targeted the water plant, it could have had grave consequences, according to Mike Snyder, security coordinator for the Pennsylvania section of the American Water Works Association. "It's a serious situation because they could possibly raise the level of chlorine being injected into the water... which would make the water dangerous to drink."

After the terrorist attacks of September 11, 2001, computer security at U.S. water systems was beefed up, but water systems may still be tied to administrative networks that are connected to the Internet, Snyder said. "Sometimes if a hacker is pretty good, he can get into the computer via the administrative network," he said.

In the Harrisburg case, a laptop computer was apparently the source of the intrusion. Synder said that laptops are used in the industry because water systems often have many different locations that need to be monitored. "Because of the way the water systems work, it is convenient to be able to use a laptop to check tank levels."

The U.S. Environmental Protection Agency knows of no other similar incidents occurring in the region, said Rick Rogers, the chief of the agency's drinking water branch for the mid-Atlantic region.

Rogers was not able to comment directly on the matter, since the breach is under investigation. "We are looking into it and working with the state and the water utility industry," he said. "But it is a concern that somebody was able to get into a system like this."

Includes some “Accessibility” guidelines too. Good source of non-copyright material.

October 31, 2006

HHS and GSA Announce Updated Web Design and Usability Guidelines to Improve Government Web Sites

Press release, October 30, 2006: "HHS Secretary Mike Leavitt today announced the publication of the 2006 edition of the popular Research-Based Web Design & Usability Guidelines. Based on the latest research, the Guidelines now include over 40 new or updated guidelines and have become a primary resource for government and other Web communicators. The updated guide is being published by HHS in partnership with the General Services Administration (GSA)."

See, even the government understands...

October 31, 2006

U.S. Intel Community Using Innovative Tech to Expand Homeland Security

U.S. News reports on a range of new programs sponsored by DHS that leverage innovative technology applications (wikis and blogs) and educational programs to expand and improve the effectiveness of homeland security goals and objectives.

More on the people we are trusting with our votes.

Diebold Trying To Stop Documentary On E-Voting Problems; Complains About Wrong Film

from the opening-the-dialog,-huh? dept

On Monday, we wrote about how it suddenly appeared that e-voting concerns were going mainstream, not even realizing that HBO was preparing to show a documentary called "Hacking Democracy." In that post, I linked to a Fortune article that is actually somewhat more encouraging about e-voting's number one target: Diebold. Beyond giving the history of the company, it suggested that the company more or less recognized that they had been both "stupid" and "naive" in getting into the e-voting business, without understanding anything about it. It also noted that almost all of the companies top execs have recently been replaced -- and even said that the company is considering getting out of the e-voting business altogether. All of these suggest that the company actually recognizes that they've screwed up big time. That's a big step forward, since every time a new problem comes up they react by brushing it off (often with outright lies), attacking their critics or simply cracking jokes about their security problems. And, by now, it should be clear that the security problems are very, very real.

So, with all of that, perhaps it was wishful thinking to hope that the new Diebold management would be a bit more willing to engage in discussion over issues, rather than just attack. Of course, given all of the recent problems the company has had, followed by the same old, same old response, it seems clear that the company hasn't learned a thing. To make that clear, rather than dealing with the problems, they're working hard behind the scenes (and failing) to convince HBO to cancel the documentary. They claim that the documentary is filled with false and inaccurate statements -- which would be more believable if (a) the company ever owned up to any of its mistakes and (b) they had actually seen the movie (which they haven't, apparently). In fact, the points that Diebold raised in their letter apparently refer to an entirely different film called Voter Gate, which has nothing to do with the documentary HBO will be showing. Diebold claims it's by the same people, but it's not. Now, isn't that a surprise? Diebold can't even accurately figure out who's involved in a movie about them.

Useful geek stuff?

The Windows File Shredder

digitalgopher submitted by digitalgopher 17 hours 10 minutes ago (via )

Here's a tip for creating a simple file shredder to permanently and securely delete files from your hard drive.

[If you want to wipe the entire drive...

What is Eraser?

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP, Windows 2003 Server and DOS.

Eraser is Free software and its source code is released under GNU General Public License.

No doubt people will be lining up to swim it...

Al-Jazeera to start English channel

Tue Oct 31, 2:00 PM ET

DOHA, Qatar - Qatar-based Al-Jazeera television announced Tuesday that it would launch its long-awaited English language channel Al-Jazeera International on Nov. 15.

If nothing else, some interesting quotes for your next sermon from the waterfountain...,1895,2041437,00.asp

Web 2.0: How High-Volume eBay Manages Its Storage

October 27, 2006 By Chris Preimesberger

... The site averages more than 1 billion page views per day.

... The site currently has about 600 million listings and about 204 million registered users.

... This one, in particular, is striking: 1.3 million people make all or part of their living selling on eBay.

... eBay's storage engineering team (numbering "in the teens," Strong said) utilizes 2 petabytes of raw digital space on a daily basis to run the site and store its data, yet has to add about 10 terabytes of new storage every week to cover new transactions, Strong said.

... eBay maintains four copies of most of its databases, according to Strong.

Perhaps there is one you can use?

October 31, 2006

50 Open Source success stories in Business, Education, and Government

... Today, we present a rundown of success stories from all spheres that open source touches. Whether through profit margins, spreading the technology to areas thought well outside its reach (check out stories regarding the open-source car project and the open-source film production), or just simply generating greater public awareness, the success of this truly world-changing technology is everywhere.

... An open-source course? Of course

Popular blogger Scott Granneman recently reported that those revolutionary folks over at University of California at Berkeley has begun a course entitled “Open Source Development and Distribution of Digital Information: Technical, Economic, Social and Legal Perspectives. The course is cross-listed for the Informatics Systems major as well as an elective for law. Granneman recommends checking out the syllabus’ book list, because “for those of you just interested in the open source movement as a whole, this is a great compendium of readings that'll keep you busy for a while.”