Saturday, December 02, 2006

Once again there is a lot of conflicting information about this computer theft. Was the information stored on these computers or wasn't it. (My guess: it was.) I suspect most organizations would be unable to determine what information was on a given computer at any time. Don't get me wrong. Pennsylvania's response seems better than average, still it would be fun to call them on some of the conflicting information.

Posted on Thu, Nov. 30, 2006

Computer theft closes license center

Police say burglars stole equipment from the Hanover Twp. site that may have contained personal info.


... Personal information isn’t kept at the local center [See next article Bob] and is downloaded [NIT: That would be an upload Bob] overnight to the Pennsylvania Department of Transportation’s headquarters in Harrisburg, Kelly said.

We’re not sure what time the burglary actually occurred so we don’t know if that process was completed in time,” [The HQ computer has no record? Bob] Kelly said. “There is some concern but we’re looking to see if any personal information was breached.”

Pennsylvania DOT Notifies Customers Affected by Data Theft

Dec 01, 2006 News Release

... The burglary occurred at about 11:30 p.m., Tuesday, Nov. 28, when thieves breached security at the driver license center and stole two computers, which contained the personal information of 11,384 customers who had their photos taken for a driver's license or photo identification card at the Wilkes-Barre Driver License Center between Aug. 30, 2006, and Nov. 28, 2006. Only those customers who had their photos taken at the Wilkes-Barre Driver License Center in that specific time period are affected by the theft. [We just missed the nightly data transfer for the last few nights... Bob]

The information stored on those computers included names, addresses, dates of birth, driver's license numbers and the last four digits of Social Security numbers. In the case of 5,348 of those customers, the personal information stored included complete Social Security numbers. [Why are these people different? Bob]

Perhaps we could convince managers to be at least as secure as these guys?

Jihadists publish cyber security magazine

Publication will cover issues such as concealing one's identity on the Internet and how to set up a jihadi Web site

By Robert McMillan, IDG News Service December 01, 2006

Jihadists now have their own security magazine.

"Technical Mujahid," a 64-page electronic magazine began circulating earlier this week on jihadist discussion forums, said Adam Raisman, an analyst with the SITE (Search for International Terrorist Entities) Institute, a terrorist tracking organization.

SITE, based in Washington, has published an analysis of the new publication.

... Like early hacking magazines, Technical Mujahid takes information that has already been published in discussion forums and Web sites and compiles it into one single source, Raisman said.

... The magazine shows that militants share many of the same security concerns as many IT professionals, said Marcus Sachs, deputy director with research group SRI International's Computer Science Laboratory.

"Western media only covers the story that the jihadists are out to destroy us," he said. "In fact they're just as worried about Internet security in the same way were are."

“Tell us who these malcontents are, we want to talk to them...”

UK: GPs angered by call to reveal names of NHS database rebels

Saturday, December 02 2006 @ 06:23 AM CST - Contributed by: PrivacyNews - Non-U.S. News

The Department of Health provoked uproar among doctors yesterday by asking GPs in England to send in correspondence from objectors who do not want their confidential medical records placed on the Spine, a national NHS database. Sir Liam Donaldson, the chief medical officer, said letters from patients who want to keep their private medical details out of the government's reach should be sent to Patricia Hewitt, the health secretary, for "full consideration".

Source - Guardian

At Invesco Field, they patted my (ample) tummy, but didn't check for my shoulder holster, ankle holster, small of the back holster, etc. If I thought the security was adequate, I wouldn't need all this equipment.

2 Seahawks fans file suit to halt Qwest pat-down

NFL security measure at stadium called unconstitutional, uneven

Friday, December 1, 2006


Two Seahawks season ticket holders have filed a lawsuit in federal court arguing that a policy requiring fans to be frisked before they enter Qwest Field is unconstitutional.

... Qwest Field officials follow an NFL policy that went into effect at the start of the 2005 season to tighten security and to prevent terrorism. It requires fans' arms, shoulders and torsos to be patted down as they enter games for any of the league's 32 teams.

... The lawsuit follows a legal challenge filed in 2005 against the Tampa Bay Sports Authority, the government agency that manages the Tampa Bay Buccaneers' stadium. There, a state and a federal judge agreed with a 60-year-old civics teacher who claimed that pat-downs were unconstitutional and granted a court order prohibiting them. The NFL and the sports authority are appealing, The Tampa Tribune reported.

... The lawsuit also argues that attendees entering other stadium events, such as soccer games or motocross races, are not patted down.


  • Qwest: Only Seattle major outdoor pro stadium to require security pat-downs.

  • Safeco Field: Ticket holders are subjected to bag searches, although neither the stadium nor Major League Baseball require pat-downs.

Stocking Stuffers?

30 Essential Pieces Of Free (and Open) Software for Windows

... 11. VLC Media Player

Replaces Windows Media Player, Quicktime, RealPlayer, etc.

If you get tired of having tons of media players on your computer, get this package that runs pretty much every media type you’ll run across without breaking a sweat.

Juice logo12. Juice

Unique but essential

Juice lets you effortlessly subscribe to podcasts, organize them, and listen to them at your convenience. In conjunction with PodNova, I find it easier to use Juice to organize podcasts than using iTunes itself.

13. Audacity

Unique but essential (for some)

If you’re interested in recording your own podcast (or just want to make your own voice recordings for whatever reason), Audacity and a microphone are pretty much all you need to get the job done. I’m not much for podcasting (let’s just say I don’t have a radio voice), but I use Audacity for other voice recording purposes.

Tools & Techniques (This technique has been published before, and a similar technique exists for landline phones...)

FBI taps cell phone mic as eavesdropping tool

By Declan McCullagh Story last modified Fri Dec 01 18:46:27 PST 2006

The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.

The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.

Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia.

The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.

Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years.

The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call."

... "If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone," Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added.

... U.S. District Judge Barbara Jones approved them in a series of orders in 2003 and 2004, and said she expected to "be advised of the locations" of the suspects when their conversations were recorded.

Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware.

One private investigator interviewed by CNET, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone.

"They had to have physical possession of the phone to do it," Porteous said. "There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by."

But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere "within the United States"--in other words, outside the range of a nearby FBI agent armed with a radio receiver.

... A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. "A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug," the article said, "enabling them to be activated at a later date to pick up sounds even when the receiver is down."

... In one case involving Nicodemo S. Scarfo, the alleged mastermind of a loan shark operation in New Jersey, the FBI found itself thwarted when Scarfo used Pretty Good Privacy software (PGP) to encode confidential business data.

So with a judge's approval, FBI agents repeatedly snuck into Scarfo's business to plant a keystroke logger and monitor its output. [Not “break the encryption” as originally reported. Bob]

... This week, Judge Kaplan in the southern district of New York concluded that the "roving bugs" were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn't work. [Interesting precedent! Bob]

The FBI's "applications made a sufficient case for electronic surveillance," Kaplan wrote. "They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance."

... Surreptitious activation of built-in microphones by the FBI has been done before. A 2003 lawsuit revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors' OnStar to snoop on passengers' conversations.

When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored.

Malicious hackers have followed suit. A report last year said Spanish authorities had detained a man who write a Trojan horse that secretly activated a computer's video camera and forwarded him the recordings.

Perspective on Offshoring...

How Important Is Quality of Labor? And How Is It Achieved?

December 1, 2006 by Jim Heskett

Executive Summary: A new book by Gregory Clark identifies "labor quality" as the major enticement for capital flows that lead to economic prosperity. By defining labor quality in terms of discipline and attitudes toward work, this argument minimizes the long-term threat of outsourcing to developed economies. By understanding labor quality, can we better confront anxieties about outsourcing and immigration?

Friday, December 01, 2006

Yesterday's story stated that no personal information was kept on these computers... I guess that was a bit overly optimistic.

Pa. Computers With Personal Data Stolen

By MICHAEL RUBINKAM The Associated Press Thursday, November 30, 2006; 6:18 PM

DUNMORE, Pa. -- Thieves stole equipment from a driver's license center and got away with computers containing personal information on more than 11,000 people, state officials said Thursday.

The thieves got a camera and a printer during the break-in late Tuesday, plus enough card stock and laminate to make about 750 fake licenses, said Betty Serian, Pennsylvania Department of Transportation deputy secretary, at a news conference Thursday.

They also stole two computers containing data on 11,384 people.

The information included names, addresses, dates of birth, drivers' license numbers and at least partial Social Security numbers. The data included complete Social Security numbers for 5,348 people, officials said.

... In response to the theft, the Transportation Department has made subtle changes to all new driver's licenses [If you already have a license, you will be considered a crook? Bob] and is reviewing security at all 97 driver license centers.

Credit Bureau Security Breached

Nov 30, 2006 03:24 PM

TransUnion Credit Bureau is investigating who was able to get into their database and illegally download hundreds of people's personal information.

... According to the information we have, four different scam companies across the country got more than 1,700 people's credit information after someone obtained the TransUnion log in information from a courthouse in Kingman, Arizona.

... TransUnion told KXAN this was not due to a breach of security on their part. However, somehow, somebody with just one password was able to randomly download hundreds of people's information.

Thousands At Risk In ID Theft Ring

Saline County investigators say they've uncovered one of the largest identity theft rings in the county, and possibly state's history. The amount of documents in evidence is in the thousands.

On Monday night, a traffic stop led officers to a storage unit that contained dozens of boxes of personal documents. The evidence belongs to people from all over Arkansas and across the U.S., and investigators say they've never seen anything like it.

They found hundreds of bank account numbers, home addresses, marriage licenses, death certificates, never used credit cards, and get this—an un-cashed $36,000 check.

John Dvorak On Vista's Launch

Posted by Zonk on Thursday November 30, @01:54PM from the he-said-lunch-not-launch dept. Windows Microsoft

An anonymous reader writes "John is at it again, this time with his take on the launch of Microsoft's Vista operating system. John covers the reality from a market perspective, looking at whether the release will affect PC sales, peripherals ... or even Microsoft."

From the article: "While there is no way that Vista will be a flop, since all new computers will come with Vista pre-installed, there seems to be no excitement level at all. And there does not seem to be any compelling reason for people to upgrade to Vista. In fact, the observers I chat with who follow corporate licensing do not see any large installations of Windows-based computers upgrading anytime soon. The word I keep hearing is 'stagnation.' Industry manufacturers are not too thrilled either. One CEO who supplies a critical component for all computers says he sees a normal fourth quarter then nothing special in the first quarter for the segment. Dullsville."

Another “Case that wouldn't die!”

HP Faces Expanded Civil Lawsuit In Spying Case

Posted by Zonk on Thursday November 30, @05:11PM from the really-should-have-thought-this-through dept. Businesses HP The Courts The Almighty Buck

narramissic writes "ITworld is reporting that a shareholder lawsuit against HP for pretexting has been expanded to include charges of insider stock trading. On top of everything else, eight executives implicated in the spying ring also participated in the sale of 1.7 million shares of the company."

From the article: "An amended complaint filed Wednesday in the Superior Court of California for Santa Clara County accuses HP Chairman and Chief Executive Officer Mark Hurd and seven other company executives of selling $41.3 million worth of HP stock at 'inflated prices' shortly before the company revealed that its investigators had used questionable and possibly illegal techniques to gain access to personal records such as phone call logs."

Speaking of the HP pretexting case...,72214-0.html?tw=rss.index

MPAA Kills Anti-Pretexting Bill

By Ryan Singel 02:00 AM Dec, 01, 2006

A tough California bill that would have prohibited companies and individuals from using deceptive "pretexting" ruses to steal private information about consumers was killed after determined lobbying by the motion picture industry, Wired News has learned.

... "The MPAA has a tremendous amount of clout and they told legislators, 'We need to pose as someone other than who we are to stop illegal downloading,'" Goldberg said.

Consequently, when the bill hit the assembly floor Aug. 23, it was voted down 33-27, just days before revelations about Hewlett-Packard's use of pretexting to spy on journalists and board members put the practice in the national spotlight.

... California went on to pass a much more narrow bill that bans the use of deceit to obtain telephone calling records, and nothing else.

Tools & Techniques

Cracking the BlackBerry with a $100 Key

Posted by Zonk on Thursday November 30, @06:15PM from the reach-out-and-worming-someone dept. Security Handhelds IT

Hit Reply writes "Eweek is running the contents of a Symantec white paper that details how easy it is for a hacker to manipulate BlackBerry applications. Using a developer key that can be purchased by anyone for $100, an attacker can launch e-mail worms, SMS interception and backdoor attacks, and compromise the integrity of contacts, events and to-do items. The white paper has been yanked from Symantec's Web site."

From the article: "Signed applications can send e-mail and read incoming e-mail. A malicious application could be used to allow third parties to send messages from the infected BlackBerry and also read all received messages. A malicious application could also use e-mail as a command and control channel to receive instructions to send and receive e-mails; send and receive SMS messages; add, delete and modify contacts and PIM data; read dialed phone numbers; initiate phone calls; and open TCP/IP connections."


Newly discovered Trojan threatens cell phone privacy

30 November, 2006 By Vanessa Ho

A Trojan called RexSpy has been created by Wilfried Hafner, CEO of SecurStar GmbH to demonstrate that cell phone conversations as well as SMS messages can be eavesdropped and recorded.

RexSpy uses an undetectable SMS message that is completely invisible to the operating system. The SMS sender can spy on cell phone users at anytime as long as the cell phone is in use. With this Trojan, all SMS message and all conversations can be listened to and the surrounding areas can be monitored via this infected mobile device. In addition, the RexSpy Trojan can access and forward complete address books.

Portions of SCO's Expert Reports Stricken

Posted by CowboyNeal on Friday December 01, @06:19AM from the gonna-have-to-do-

rm69990 writes "A day after Judge Dale Kimball reaffirmed Judge Wells' order tossing most of SCO's case, Judge Wells has stricken large portions of SCO's expert reports, stating that SCO was trying to do an end-run around IBM. As IBM put it in its motion papers, SCO will not be allowed to 'litigate by ambush.' This motion was regarding SCO's expert reports, where SCO attempted to insert new evidence after discovery had ended via their expert reports. Wells' ruled directly from the bench, and finished by telling SCO to 'take it up with Judge Kimball' if they had a problem. This really hasn't been a good week for SCO."

U.S. warns of possible Qaeda financial cyber attack

Thu Nov 30, 2006 8:46pm ET148 By Kristin Roberts

WASHINGTON, Nov 30 (Reuters) - The U.S. government warned American private financial services on Thursday of an al Qaeda call for a cyber attack against online stock trading and banking Web sites beginning on Friday, a source said.

The source, a person familiar with the warning, said the Islamic militant group aimed to penetrate and destroy the databases of the U.S. financial sites.

The Department of Homeland Security confirmed an alert had been distributed but said there was no reason to believe the threat was credible. [That means it's incredible, right? Bob]

... The warning said the threat called for attacks to begin Friday and run through the month of December in retaliation for the United States keeping terrorism suspects at the Guantanamo Bay naval base in Cuba.

"Denial of service is what it called for," said a Homeland Security official who spoke on condition of anonymity.

... Robert Albertson, chief investment strategist at Sandler O'Neill & Partners in New York, said it was unlikely al Qaeda members could do serious harm to financial Web sites.

"I'm not saying there aren't precautions to be taken, but I just can't fathom how there would be serious havoc," he added.


ATM system called unsafe

Posted: Thursday, November 30 at 03:22 pm CT by Bob Sullivan

Researchers who work for an Israeli computer security company say they have discovered a fundamental weakness in the system that banks use to keep debit card PIN codes secret while they are transported across bank networks – a flaw that they say could undermine the entire debit card system.

The U.S. Secret Service is investigating the matter, and obtained a memo compiled by the agency that indicates that organized criminals are systematically attempting to subvert the ATM system and unscramble encrypted PIN traffic.

The report has ignited a debate within the banking industry, with many financial industry experts downplaying the seriousness of the flaw and outside experts divided on its implications. But there is no disputing the impact that such a hack would have if successful.

November 30, 2006

2007 Digital Future Report

"The Center for the Digital Future at the USC Annenberg School has been tracking a representative sample of the American population for over six years watching as people move on-line and then move from modems to broadband."

  • "This year's report contains a large module looking at on-line communities and social networking in great detail. Readers can compare the social networking data and correlate it to six years of attitudes and behaviors on-line. As usual, the report continues to track off-line media use, purchasing both off-line and through e-commerce, social and political activity and a wealth of other data." [The report is available for purchase here.]

Police Decry Web Site on Informants

By MATT APUZZO Associated Press Writer Nov 30, 8:28 PM EST

WASHINGTON (AP) -- Police and prosecutors are worried that a Web site claiming to identify more than 4,000 informants and undercover agents will cripple investigations and hang targets on witnesses.

The Web site,, first caught the attention of authorities after a Massachusetts man put it online and named a few dozen people as turncoats in 2004. Since then, it has grown into a clearinghouse for mug shots, court papers and rumors.

Federal prosecutors say the site was set up to encourage violence, and federal judges around the country were recently warned that witnesses in their courtrooms may be profiled online.

... Sean Bucci, a former Boston-area disc jockey, set up after federal prosecutors charged him with selling marijuana in bulk from his house. Bucci is under house arrest awaiting trial and could not be reached, but a WhosaRat spokesman identifying himself as Anthony Capone said the site is a resource for criminal defendants and does not condone violence.

... For two years, anyone with an Internet connection could search the site. On Thursday, a day after it was discussed at a courthouse conference in Washington, the site became a subscription-only service. The site has also disabled the ability to post photos of undercover agents, Capone said, because administrators of the Web site do not want officers to be hurt.

... Prosecutors in Boston have discussed whether WhosaRat is protected as free speech but have not moved to shut it down. In 2004, an Alabama federal judge ruled that a defendant had the right to run a Web site that included witness information in the form of "wanted" posters.

Thursday, November 30, 2006

Security? We don't need no stinkin' security!”

Discarded Western Union Computer Found; Hard Drive Loaded with Customer Data

Last Update: 11/29/2006 2:42:33 PM Posted By: Rachel Rose

If you’ve ever wired or received money through Western Union, this may come as some alarming news:

An old Western Union computer filled with dozens of customers’ data somehow ended up at the Chemung County Transfer Station, completely unattended and otherwise up for grabs.

Company officials were notified about it a year ago. But they didn’t do anything about it until we stepped in last month.

... Skip Starr, President of R.E.A.C.T., an electronics recycling store in Big Flats, said his facility received the hard drive from the Chemung County Transfer Station last year. When he realized what it was, he said, he put it aside right away and called Western Union.

In fact, he says he made at least six calls to the corporate headquarters.

I spoke to a manager every time,” Starr said. “As of yet, they haven’t replied. They always tell me they’ll call me back.”

But, he says, for an entire year, no one did call him back!

So, we stepped in and called Western Union ourselves.

Within a few days, a company representative flew to Elmira from Colorado and picked up the hard drive at WETM-TV’s studios.

That was on Oct. 18th.

Almost a month later, a company spokesperson still couldn’t tell us how the computer ended up at the Transfer Station, but offered this statement:

... What’s worse, Danaher says there’s nothing to prevent companies like Western Union from throwing out their old data.

There are no restrictions or laws in effect, presently, that prohibit companies from getting rid of information.”

The law only requires a company to notify its customers if information like social security or other account numbers are compromised. However, a Western Union spokesperson says the company will not notify its customers about this incident because they don’t believe anyone was put at risk for identity theft.

Nov 28, 2006 8:39 pm US/Pacific

Stolen Drive Puts Faculty, Student Info At Risk

(CBS) LOS ANGELES Personal information of 48 faculty members and more than 2,500 students and applicants of a Cal State L.A. teacher credential program was on a portable disk drive that was recently stolen, authorities said Tuesday.

... The college was recently informed that an employee's USB drive was inside a purse stolen from a car trunk in the Norwalk area.

First time I've seen this!

Computers, cameras stolen from state driver’s license center

By EDWARD LEWIS Posted on Wed, Nov. 29, 2006

HANOVER TWP. – Computers and computer-related equipment that may contain personal information were stolen from the state’s Drivers License Center when burglars deactivated an outside alarm system and forced open a steel door.

... Personal information isn’t kept at the Hanover Township-based center and is downloaded overnight to the Pennsylvania Department of Transportation’s headquarters in Harrisburg, Kelly said. [YES! Very good. Bob]

I suspect the same is true in the US.

UK Financial Services Companies Vulnerable to Data Theft Reveals Survey

LogLogic survey finds 76.UK Financial Services Companies Vulnerable to Data Theft Reveals Survey

LogLogic survey finds 76 per cent of UK's biggest financial services companies unable to track and trace potential theft

While 86 per cent of large UK financial services companies report that their enterprise data is mission critical, 76 per cent reveal that that they do not currently have systems in place to track and trace potential data theft according to a survey commissioned by LogLogic, the log management and intelligence company. Of those companies who report having systems in place to monitor IT data, 57 per cent say it takes them several days to identify security breaches involving data theft and just 19 per cent report they are able to perform the appropriate forensics within one working day.

... The research found that of those financial services companies that do not have a system to track data theft, 94 per cent report that they are 'concerned' and cite a lack of budget as the key reason for the failure to address the security issue. Monitoring or tracking employees was also a concern with 29 per cent of those financial services companies surveyed reporting that they are not immediately aware when an employee leaves or is terminated from their organisation. Further compounding the issue, over one third of those surveyed admitted that they do not know how employees' data is handled before or after they leave.

Ironically, this same survey found that 86 per cent report that meeting data compliance legislation is a current priority in their organization, with 52 per cent acknowledging that the US Sarbanes-Oxley (SOX) regulation is relevant to their operations. SOX mandates companies have strict policies regarding data retention, security, and audit trails that clearly determine how employee data is handled at termination.

I'm sure that if we wait a few weeks, they'll get over it. You can't make political hay until just before the next election, and you wouldn't want to actually change anything...

Feds Finally Realizing That Current E-Voting Standards Suck

from the it-took-them-this-long? dept

Despite the fact that people have been pointing this out for many years, it seems that the federal government is finally recognizing that current e-voting machines suck, and it's time to have much more stringent rules on e-voting machines. Specifically, they want to finally require voter verifiable paper trails so that every machine can have an audit and a recount if there are any questions about them -- which would mean that the plan in Sarasota county, Florida to resell their broken e-voting machines may have just gone out the window. Of course, as per usual, there are always some who are against such a plan. The article quotes an "elections expert" who complains: "If you insist on paper you're tying elections to an old technology." That's about the weakest argument we've heard. We need e-voting machines because they're new? How about accuracy or security? I would think in the long list of reasons why you'd want any particular voting method, "novelty" as opposed to "been around for a while" would be near the bottom of the list.

Is this typical? Should every business do this?

Google Now Gets Purchasing Data, Too

Posted on Tuesday, November 28th, 2006 at 10:39 am

With their recent push to get the citizens of Planet Google to start using Google Checkout, Google’s growing infrastructure of dataveillance now includes purchasing data. From Google Checkout’s privacy policy:

* Registration information - When you sign up for Google Checkout, we ask for your personal information so that we can provide you with the service. The information we require to register for the service includes your name, credit or debit card number, card expiration date, card verification number (CVN), address, phone number, and email address. For sellers, we also require you to provide your bank account number, and in some situations, your personal address, your business category, your taxpayer identification number or social security number, and certain information about your sales or transaction volume. This information allows us to process payments and protect users from fraud. In some cases, we may also ask you to send us additional information or to answer additional questions to help verify your information. The information we collect is stored in association with your Google Account.

* Information obtained from third parties - In order to protect you from fraud or other misconduct, we may obtain information about you from third parties to verify the information you provide. For example, we may use card authorization and fraud screening services to verify that your credit or debit card information and address match the information that you provided to us. Also, for sellers, we may obtain information about you and your business from a credit bureau or a business information service such as Dun & Bradstreet.

* Transaction information - When you use Google Checkout to conduct a transaction, we collect information about each transaction, including the transaction amount, a description provided by the seller of the goods or services being purchased, the names of the seller and buyer, and the type of payment used.

John Battelle has much more.

The Presence of Magazines on the Internet

Posted on November 29th, 2006

TBG has recently completed a research study called "Analyzing the Presence of Magazines on the Internet". In the wake of success surrounding our previous newspaper study, "The Use of the Internet by America's Newspapers ", we decided to conduct similar research on the magazine industry.

Our study reviews the websites of the top 50 most circulated magazines in the United States and evaluates them based on the presence or absence of various Web 2.0 features. After finishing the research, it became clear that magazines are not making use of Web 2.0.

Despite their failure in terms of Web features, it should be recognized that magazines have taken on a more effective general strategy than newspapers when it comes to the Internet. Instead of replicating printed content online, as newspapers do, magazines have made efforts to publish unique, Web specific, and easily digestible materials on their websites. In this way, magazines are using the Internet as a supplement to, rather than a replacement of, their printed publications. Magazine websites limit their article content and focus on pushing customers to purchasing printed subscriptions.

Here are some key findings from our research:

  • The most common online feature offered by magazines is RSS feeds (48 per cent). All of the RSS feeds offered by magazine websites are partial feeds. In addition, none of the magazines are including advertisements in their RSS feeds, while just 28 per cent of magazines divide their RSS feeds into different sections.

  • Message boards/forums are offered by 46 per cent of magazine websites. This seemingly old-fashioned form of communication is extremely popular on magazine websites, particularly on the sites of women’s magazines.

  • 38 per cent of the magazines require registration to view all of the site’s content. While this feature is only present on 23 per cent of the nation’s top 100 newspaper sites, it seems that magazines are still heavily reliant on website registration. It must be noted, however, that newspaper and magazine online registration is very different. The large majority of the magazines we investigated allow users to view article content free of registration. However, to participate in forums, registration is required. This seems to serve as a mechanism for monitoring content that people post on message boards rather than to collect demographic information, as is the case with newspapers. Thus, this 38 per cent figure largely represents magazines that require forum registration, not registration for the purpose of reading articles.

  • 38 per cent of the magazines offer at least one reporter blog. Readers can comment on 16 of the 19 magazine blogs, while eight reporter blogs offer blogrolls, or external links to other blogs.

  • Video is an offering on 34 per cent of websites.

  • Just 14 per cent of websites use podcasts and bookmarking; eight percent allow comments on articles; and six per cent use tags.

You can read the report in its entirety here and view our data sheets here.

November 29, 2006

Rand Report on State and Local Emergency Preparedness

Combating Terrorism - How Prepared Are State and Local Response Organizations?

  • "This book presents the results of the third and final wave of a national survey to elicit assessments of state and local response agencies of the activities they have undertaken after 9/11 to respond to terrorist-related incidents and of federal programs intended to improve preparedness and readiness for terrorism. The survey also sought information on how state and local agencies are resourcing these activities." (197 pages, PDF)

Defining antitrust? Could a new car company claim that GM had an unfair advantage because it was buying all the output of one of its suppliers? Who is supposed to benefit?

Is Aggressive Competition Anti-Competitive?

from the what's-the-difference dept

For any company, one of the most important decisions it has to make is the price of its goods or services. Straddling the line between competitiveness and profitability is a task that's made harder by the fact that from time to time, certain pricing decisions are deemed to be illegal, or at least the competition claims as such. We saw cries, earlier this year, that Microsoft's decision to sell its anti-virus suite at a cut-rate price was anti-competitive. Of course, while Microsoft's aggressive pricing may have been rough on the competition, it was a positive for customers, many of whom took to the offering. The Supreme Court is currently hearing an interesting case that involves paper and timber company Weyerhauser. The company is accused of buying too much lumber, to drive up the cost for their competitors, and then undercharging for the finished goods, again, to wreak havoc on their competitors profit margins and drive them out of business. It seems like the company has two valid defenses. The first is that you can't demonstrate the company's intent. Perhaps it really just wanted to buy up a lot of raw materials, and felt that it could still do well at that volume. The second is that even if the company took these actions for the express purpose of harming its competitors, then that's just aggressive business. Naturally a company wants to see their competitors pay more for raw materials. And as in the Microsoft case, it would seem like the end user benefits from Weyerhauser's actions, in the form of lower prices on end goods. Considering all of the questions surrounding intent, and the difference between being competitive and anti-competitive (which is an odd phrase), it definitely seems like a mistake to meddle in something as important as pricing.

Justice Department Misses The Point In Suit Against Realtors

from the not-getting-it dept

Here's a story that hits on some of today's themes of monopolistic behavior and keeping stuff off the internet. The Department of Justice has been given the go ahead to proceed with a lawsuit against the National Association of Realtors, alleging that the group colluded to prevent listings from appearing online, in a bid to give established brokers an advantage. Now, we'd be tempted to say that however backwards the organization's thinking is, they have the right to distribute their data to whomever they want. But we should take a step back and ask why the NAR is in the position to monopolize this information in the first place. That fault rests with the government, which has put the NAR in charge of regulating its industry, and deciding who can and can't be a broker. In other words, its monopoly has official legal blessing. Without this, anyone could go out and get listings, and abide by whatever rules they wanted to, offerings to broker home sales as efficiently as possible. So instead of suing the NAR, for doing what it's intended to do (maximize profits for its members) why not get at the root of the problem and take away its monopoly status?

Attention RIAA!

France To Cosmetics Companies: Get Online Or Else!

from the it's-the-21st-century dept

It's the time of the year when we're inundated with stories about online shopping, as if it were still this totally new phenomenon that warrants special attention. That being said, there are apparently several holdouts from the trend, as some companies have taken aggressive moves to prevent their products from being sold online. In France, ten cosmetics companies have reached a deal with the government, agreeing to become more flexible about internet sales. French regulators had accused these companies of "distorting the market" by restricting how their products could be sold. The reasons for not wanting to sell online aren't completely clear. It seems in some cases that it has to do with maintaining the mystique and aura of the brand. In any event, these companies should be able to come to any agreement with distributors that they want. If they insist on only physical sales, and that's what the retailer wants, then it doesn't seem like a problem. Making the whole discussion even sillier, is that there's nothing preventing another party from acquiring this merchandise, and then going on and selling it how they like, assuming the right of first sale were respected. It would be a different matter if, say, a large retail firm were telling its suppliers that they couldn't let their products get sold online, as Wal-Mart's done with DVD sales, pressuring Hollywood studios not to make their films available for download. Even this action might not warrant government intervention, but it's a lot closer to the market distortion that has the French so worried.

So, is there a cop assigned to monitor the internet, or do they rely on tipsters? Is a video “probable cause?” Should we arrest the “Men in Black” for driving after hitting the red button?

Police Fine Driver Who Supplies His Own Speed Camera Via YouTube

from the zoom-zoom-zoom dept

Lots of people dislike speed cameras that have a history of malfunctioning, but it's another thing altogether to basically turn a speed camera on yourself. Following in the footsteps of others who have been arrested after documenting their misdeeds on MySpace or YouTube, a young man in Norway has been given a $1,300 fine for speeding after he posted a video of himself driving at speeds up to 150 mph, more than twice the legal speed limit in Norway. If anything, the police seem to have let him off easy, saying they could only prove he had averaged 86 miles per hour, and set the fine at that speed. Once again, though, it just goes to show that just because you get away with something, you still can get in plenty of trouble if you post the evidence online for everyone to see. However, it certainly does fit with the rise of exhibitionist culture these days.

Wednesday, November 29, 2006

This begs a thousand questions...,1299,DRMN_15_5175592,00.html

Laptop with patient info stolen

By Rocky Mountain News November 28, 2006

A laptop computer containing private medical information on 38,000 Kaiser Permanente members in the Denver area was stolen last month, the health care provider said Tuesday.

The computer was stolen in early October from a car belonging to a Kaiser Permanente employee in California, Kerry W. Kohnen, Kaiser’s vice president of business operations, said.

The information in the computer included names, membership identification numbers, dates of birth; gender; and physician information for clients treated at the Skyline Medical Office in Denver’s North Capitol Hill and the Southwest Medical Office in Jefferson County, according to Kaiser.

Kohnen said it is not likely the thief will be able to use any of the customers’ personal data.

Kaiser members who may be affected by the breach may call a special phone line for more information: 866-529-0813

Kaiser warns 38,000 after laptop stolen

written by: Ward Lucas I-Team Reporter posted by: Jeffrey Wolf Web Producer Created: 11/28/2006 2:36 PM MST - Updated: 11/28/2006 9:35 PM MST

... The computer was stolen in Oakland, California.

... Kohnen says the computer was password protected, but only part of its database was encrypted.

He acknowledged that employees often take home company computers to do work.

He says Kaiser Permanente is now reviewing its security procedures.

...and this from a country where “hanging Chad” has a whole other meaning.

Venezuelan Election Using Paper Trail To Verify E-Voting Is Accurate

from the a-step-forward dept

While some say that it's impossible to have a secure and accurate election using e-voting machines, having some sort of paper trail backup certainly goes a long way towards relieving the biggest fears associated with e-voting machines. While we don't yet have them in the US, Venezuela's national election this coming weekend will have a verifiable paper trail associated with each voting machine. After a person votes, the machine will spit out a receipt for the voter to review. They will then put the receipt into a box so that it can be counted (and also to avoid "vote buying" where the voter can prove he or she voted for a specific candidate). Not only that, but election officials are going to count millions of the votes and compare them with the e-vote totals to make sure they're accurate. They're not only going to take a small, self-selected sample, or only in specific cases where misuse is suspected. Apparently, they're going to audit over half of the machines by checking the paper ballots. That's pretty impressive and makes it that much harder to question the results of the election. Update: Some great comments left by people in Venezuela who point out why many are still uncomfortable with the e-voting machines and still expect fraud.

“Oh look Martha, a bargain!”

Sarasota begins voting changes

Officials must buy new machines for paper balloting

STACEY EIDSON Herald Staff Writer Posted on Tue, Nov. 28, 2006

While many frantic shoppers are busy searching for the perfect holiday gift, Sarasota County commissioners will soon be shopping for new voting machines that will satisfy citizens' demand for a paper trail.

With 55 percent of Sarasota County voters calling for the replacement of the county's $4.7 million touch-screen voting machines in a referendum on the Nov. 7 ballot, commissioners will begin developing a plan to purchase new equipment today.

... In order to possibly reduce the cost of the new machines, Ley recommended commissioners ask ES&S for a trade-in on the county's existing touch-screen machines or seek out other qualified vendors in a competitive bidding process.

... Even though there is skepticism about the accuracy of the touch-screen machines in Sarasota County, Sweat said that does not mean other counties won't be interested in purchasing the used equipment.

"Sarasota County needs to talk trade-in because they are marketable machines," Sweat said. "Just because there is some controversy over the touch-screen machines here, doesn't mean places like Georgia, Alabama, Washington, D.C., or Michigan won't want them. Many of them use that exact equipment."

Who initiates these customer-facing procedures without checking with their lawyers or PR people?

IHOP Changes Policy Of Asking For IDs

Tuesday, November 28 2006 @ 01:55 PM CST - Contributed by: anonadmin - Businesses & Privacy

John Russo has been a victim of identity theft. So when he was asked to fork over a photo ID just to be seated at an IHOP pancake restaurant, he flipped. "'You want my license? I'm going for pancakes, I'm not buying the Hope diamond,' and they refused to seat us," Russo said, recounting his experience this week at the Quincy IHOP.

Source - CBS

I doubt this is official policy. This is the age of “We can, therefore we must!”

DHS official urges caution on sharing of biometric info

By Jonathan Marino

Biometric information has in the last five years become paramount [Really? Bob] in catching criminals and potential terrorists at American borders, but the intelligence and law enforcement communities need to work together more closely in using it, a Homeland Security Department official said Tuesday.

... But biometric and other identifying information should not be used "willy-nilly," he cautioned.

For instance, biometric information may not be necessary in order to track alimony dodgers or to find people who are late paying parking tickets. There also is "a difficult ... set of ethical issues" surrounding how, and to what degree, biometric information should be shared between intelligence and law enforcement officials, Baker said during his speech.

... Domestic and international ethics concerns also must be addressed when handling information from overseas travelers, he noted. He cited a disagreement between U.S. and European Union officials over whether travelers' information could be divulged to agencies beyond Customs and Border Protection, [which is moot if Customs does its job. Bob] which reviews foreigners at entrances to the United States.

Ahh Newt, did someone call you an asshole again?

Newt Gingrich Says Free Speech May Be Forfeit

Posted by kdawson on Tuesday November 28, @01:36PM from the cain't-let-the-terrists-use-the-internets dept.

At a dinner honoring those who stand up for freedom of speech, former House speaker Newt Gingrich issued his opinion that the idea of free speech in the U.S. needs to be re-examined in the interest of fighting terrorism. Gingrich said a "different set of rules" may be needed to reduce terrorists' ability to use the Internet and free speech to recruit and get out their message. The article has few details of what Gingrich actually said beyond the summary above, and no analysis pointing out how utterly clueless the suggestion is given the Internet's nature and trans-national reach.

27B Stroke 6

by Ryan Singel and Kevin Poulsen Tuesday, 28 November 2006

Boarding Pass Hacker Not Prosecuted

A graduate student security researcher will not be prosecuted by FBI for his fake boarding pass generator, which was shut down by the government in October following a prominent Congressman's call for his arrest. [It used to be you had to violate a law... Bob]

Christopher Soghoian, a student at Indiana University, posted the generator on October 25 in an attempt to draw further attention to a long-neglected airport security hole, and three days later FBI agents raided his home and seized his computers and passports.

On November 14, Soghoian and one of his lawyers met with agents and an assistant U.S. attorney who returned his possessions after saying they found he had no intent to cause harm or help terrorists, according to an interview with Wired News and a detailed blog post. They did however lecture him on what they said was the impropriety of his methods and his future plans to work on an internet anonymizing tool known as TOR.

Soghoian says he has no plans to repost the generator, since another version -- one which, unlike his own, can be downloaded, was released into the internet wilds after his was taken down.

He also wants the conversation not to be about the ability to just get into the security line with a fake boarding pass, but about the current uselessness of government watchlists for domestic flights. Currently anyone on the no-fly list can use a fake boarding pass or using the option not to show identification papers to fly without tripping the watchlists. While suspected terrorists such as those recently arrested in England aren't put on the list for fear of tipping investigators hands, the lists continue to snag innocent nuns, Congressmen, toddlers for name mismatches and additionally lists the president of Bolivia as a security threat.

... "I travel and I see the risks and I want them to be fixed, but I'm not going to get to try them, and if Al Qaeda is the first one to test it then we failed. Al Qaeda should never be the first one to test the system," Soghoian said.

November 28, 2006

Guide to Foreign and International Legal Citations

"The N.Y.U. Journal of International Law and Politics is very pleased to announce the publication of the 1st edition of its Guide to Foreign and International Legal Citation (GFILC - 296 pages, PDF)."

Oops! Guess this means I'm not a theater...

MPAA Home Theater Regulation Satire Hits Too Close To Home

from the it's-funny-because-it's-true dept

We've had a ton of submissions yesterday and today over BBSpot's article on how the MPAA is lobbying for home theater regulations. According to the article, consumer electronics makers would be required to put technology into their systems that would record what was being watched and details on the "audience," suggesting that having friends over to watch a movie on your home theater system is a violation of copyright. Of course, if you follow tech news closely, you're already aware that BBSpot is the technology equivalent of The Onion. That is, all of its articles are satire. We ignored the early submissions, but they just keep on coming -- and some of the submitters seem genuinely freaked out about it. This morning, Slashdot also posted the story as if it were real (Update: or not -- commenters have pointed out that Slashdot posted it as satire too), at which point we realized why this particular satire works so well: it's totally, 100% believable. Given everything that the MPAA and RIAA have done recently, no one would be surprised if they actually did try to put in place regulations like this. They've certainly tried (and will continue to try) to influence the design of consumer electronics, with things like the broadcast flag, and they continue to freak out at any market shift that doesn't involve them getting paid every time a piece of content is heard or watched. So, while it's not true that the MPAA is looking to punish you for having your friends over, it's so believable that even a well-known satire site is fooling people left and right.

The School Of The Future, Today... But Is It Worth It?

from the rushing-ahead dept

We've had numerous stories about attempts to use technology to upgrade the school process, from the basics of just adding laptops to the classroom to more advanced ideas, such as completely replacing textbooks with tablet PCs and the internet (though, perhaps not WiFi in some schools). However, it looks like one school in Philadelphia has decided that there's no use speculating on the school of the future of technology in schools when they can just build it themselves -- with some help from Microsoft (found via Broadband Reports). The school, which apparently cost $63 million to build, involves a bunch of different technologies, from laptops to smartcards (which even track how many calories students eat) to digital lockers to mobile desks to internet-connected screens replacing blackboards (or whiteboards). The school attracted thousands of applicants, but could only take 170 students -- all from the West Philadelphia area. Apparently 85% of students come from low income families -- and the article highlights how all this technology has them excited about learning, though that could just be the novelty effect. Of course, there are also plenty of naysayers who point out that the $63 million could have gone towards many other projects that would impact a much larger group of people. That's absolutely true, but there are always opportunity costs in how money is spent (especially donated money). No matter what, it should be interesting to follow how this project moves forward and how successful it is over time. Sometimes the problem with projects like this that seek to reinvent almost every aspect of something get so far ahead of themselves that they miss the little things. Either way, it should be a good lesson for other schools looking to use technology to their advantage.

You know you've got lousy security when...


By The Commercial Staff Wednesday, November 22, 2006 8:29 AM CST

A State Police investigation is continuing after 42 new laptop computers were reported missing from a Department of Correction office at Pine Bluff.

Prison spokeswoman Dina Tyler said the computers were discovered missing in October and had last been seen on Aug. 23 [New, but apparently not needed immediately. Is this an example of stockpiling stuff they bought with their Homeland Security grants? Bob] in a storage closet in the department’s Administrative Annex East building on East Harding Avenue.

Obviously they didn’t sprout legs and walk out,” Tyler said. “We have no idea at this point if it was employees or inmates.” [Hint: Look in the cells! Bob]

Tyler said the computers, valued at $59,000, were to be used to record inmate medical information so the data could be put into a prison computer system. No state records had been stored on the computers, which were still in boxes.

No arrests have been made and state police would not discuss the investigation.

Tyler said 17 employees had keys to the storage area, but it also could have been left unlocked. [“Them locks is just fer show” Bob]

In addition, several inmates work in the building on a daily basis.

Tyler said the computers could have been disguised as trash to get them out of the building.

Trash is supposed to be checked, but that’s a possibility,” she said.

Even “noble” actions have to be adequately planned.,1,2058349.story?coll=la-headlines-pe-california

Law firm temp worker sentenced in data theft

From Times Staff and Wire Reports November 28, 2006

A temporary worker who took data about an electronic voting company from a law firm's computers avoided jail time in a plea agreement with prosecutors.

Stephen Mark Heller, 44, pleaded guilty Nov. 20 to unlawfully accessing a computer at the Jones Day law firm in Los Angeles. The firm represented voting machine manufacturer Diebold Inc. Heller took memos stating that Diebold might have broken laws. The memos were subsequently leaked to the media.

Heller received three years' probation and must pay $10,000 restitution.