Saturday, December 30, 2006

Of course it's an isolated incident, you never got caught before!

Prescription documents found in Winnipeg alley

Friday, December 29 2006 @ 09:05 AM CST - Contributed by: PrivacyNews - Non-U.S. News

Shoppers Drug Mart says a man's discovery of hundreds of its prescription information documents strewn across a Winnipeg back alley was an isolated incident. A man discovered the documents, which include names, addresses, prescription information and health numbers, while walking past an alley behind St. Boniface General Hospital on Dec. 26.

Source - (via Canadian Privacy Law Blog)

[From the article: The man brought the papers — enough to stuff three shopping bags — to the CBC in Winnipeg on Wednesday.

er... The computer did it?

Tax mailing has Social Security numbers visible

Saturday, December 30 2006 @ 12:21 AM CST - Contributed by: PrivacyNews - State/Local Govt.

When Wisconsin taxpayers pull their packets of 2006 state income tax forms out of their mailboxes, tens of thousands of them will see something even less welcome than the annual reminder of how much money they owe to Madison.

They'll see their Social Security numbers, printed right on the outside of the booklets - where identity thieves might be able to see them.

About 170,000 tax booklets were mailed with Social Security numbers on the address labels because of a computer programming error [Bullish! That is a management error! You never make untested changes to programs, and client managers (not the kid who makes the change) must sign off! Bob] at a printing company hired by the state, Meredith Helgerson, spokeswoman for the state Department of Revenue, said Friday.

Source - JS Online

Big plus fast equals organized?

Credit card fraud case still under investigation


Federal officials are still trying to crack the credit card fraud case that apparently stemmed from late-summer purchases at Wesco fuel stations.

... In an age of fast-transit information, bad things can happen in the wrong hands, according to Murray. The problem appears geographically limited to West Michigan and Lakeshore consumers.

... Wesco worked with U.S. Secret Service agents and the U.S. Attorney's office to identify possible fraud and identity theft that allegedly occurred between July 25 and Sept. 7 at some of the company's 51 Michigan facilities. Wesco spokeswoman Ginny Seyferth said Thursday that there has been no incidents of questionable credit card activity since Sept. 7.

Some Tri-Cities residents experienced credit card statement charges during that timeframe from as far away as Tokyo, Spain and New York for purchases they denied making.

Although Murray said he wasn't allowed to disclose details of the investigation, he said the fraudulent charges totaled more than $3 million, which would be one of the largest heists to occur during such a short-time period.

"There have been some abusers identified," said Murray, who last month said several suspects were in custody. "We are taking steps to see if they can be interviewed, but they aren't necessarily the type of people who want to help law enforcement. We have no indication it was an inside job."

... "There's a substantial likelihood that the (credit card) numbers that were stolen were passed off to another group of people who abused them," Murray said. "It's possible to pass that information to anyone via the Internet. I think the (Wesco) problem was taken care of in the banks' process of generating new cards. About 20,000 cards were reissued, and I think the period of abuse is over. As a precaution, the banks reissued a larger number of cards than were actually abused."

... Murray added: "We don't think this will be the last such incident. That's why we're trying to learn more. We want to design a better system to understand and respond to these issues ... so that we can be better prepared in the future."

Perhaps they should have asked to compare (not reveal) the software in those machines with the software in other machines, then (if there are differences) they have an argument.

Judge Rules Against Ballot Computer Check

By DAVID ROYSE AP Updated:2006-12-29 19:46:51

TALLAHASSEE, Fla. (Dec. 29) - A judge ruled Friday that the Democrat who narrowly lost the race to succeed Rep. Katherine Harris cannot examine the programming code of the electronic voting machines used in the disputed election.

Circuit Judge William Gary ruled that Christine Jennings' arguments about the possibility of lost votes were "conjecture" and did not warrant disclosing the trade secrets of the voting machine company, Election Systems & Software.

The Jennings campaign said it will appeal.

"It's shocking that there is more concern for protecting a company's profits rather than protecting our right to vote," Jennings said in a news release.

... Jennings has filed a complaint with Congress, the ultimate arbiter of who will fill the seat. Congressional Democrats said they will allow Buchanan to take his seat for now when the House convenes Thursday but will investigate.

...even though he owns the photographs?

Wausau man accused of posting nude photos of ex-girlfriend on Web

Saturday, December 30 2006 @ 12:30 AM CST - Contributed by: PrivacyNews - Internet & Computers

A Wausau man was charged with felony identity theft for allegedly posting nude photographs [I never considered that... Must lead a sheltered life. Bob] of his ex-girlfriend on the Internet and encouraging random men to call her. Shawn Bauer, 29, also faces two misdemeanor charges related to the creation of a Web page featuring his ex-girlfriend, a 26-year-old Altoona woman.

Source - Journal Times

Do you suppose there is money to be made here?

100% RIAA free radio

This radio station has a 100% RIAA-free format. They discover different, better ways of listening to music "The independents just seem to be a bit more creative — likely because they’re not single-mindedly focused on selling their music to a lowest-common-denominator audience."

[From the site: Some years from now, after the recording industry finishes its slow-mo implosion routine, this is how all music distribution will work.

If I do this, am I automatically a terrorist?

How-To Hide Files In A .JPG Image

Here is a tutorial on how to hide files in Jpg's. Please note it isn't the most secure method, because the information is stored in plain text but it's still cool to play with. A simple solution to make this more secure, is to use encryption on the RAR file when your create it, but thats not the point of this tutorial ...

Let's see... We have their pictures, fingerprints, DNA... What else can we do to ensure the little darlings are kept safe from Osama?

Galveston County joins program to scan kids' eyes

08:03 AM CST on Friday, December 29, 2006 Associated Press

GALVESTON-- Galveston County became the first in Texas to purchase eye-scanning equipment as part of a national program to keep track of children by recording unique characteristics of their irises, [Must have missed that... Bob] officials said.

... The company, which sold the county two biometric scanners for $35,000, is working to build a national database dubbed the Children’s Identification and Location Database, or CHILD Project.

... Robert Melley, Biometric’s vice president and CEO, said the project wants to record the irises of 5 million children over the next few years.

We have 1,800 sheriff’s departments representing 46 states who have committed to participating,” he said.

... Leonard said he will work to win over any parents that might have privacy concerns about the iris scans.

Friday, December 29, 2006

Hope you weren't in a hurry for that passport...”

Bag With Passport Applications Headed To Charlotte Is Found

POSTED: 11:58 am EST December 28, 2006

SALT LAKE CITY -- A bag with hundreds of passport applications was found at Los Angeles International Airport, nearly after a month after it was supposed to be shipped to a processing center in Charlotte, N.C.

"The applications appear to be intact and undamaged," said Kate Goggin, spokeswoman for consular affairs at the U.S. State Department.

The bag with more than 700 applications was reported missing Dec. 1. Most applications were from Texas and California but a handful were from Utah.

Before the bag was found, the State Department had notified people that it would pay for another round of applications.

The documents had personal information, including Social Security numbers. Goggin said she was unaware of any reports of identity theft.

"We're feeling very much that it was an isolated incident," she said, declining to disclose how the bag was found or what changes the department plans to make to ensure it doesn't happen again.

An article worth reading...

First Line of Defense Against Data Security Breaches: Employees

Thursday, December 28 2006 @ 08:14 PM CST - Contributed by: PrivacyNews - Businesses & Privacy

As headlines continue to report data security breaches at an alarming rate, discussion often focuses on the need for enhanced technical controls, such as two-factor authentication and encryption, to protect sensitive, personally identifiable information. The role of the company employee, both as the cause of, and the first line of defense against, security breaches is often lost in the analysis. Yet developing law is increasingly requiring administrative or procedural controls, particularly those directed at employees, as a component of a legally compliant security program.

Source -

Another document for your security manager

Making Effective Use of Your Intrusion Detection System

by Jamie Riden on 23/12/06

The attacker has a lot of advantages on the Internet; he or she may be hard to trace and may have a great deal of time and equipment to spend mapping out a network's weak points before they launch an attack. Worms and viruses may be able to exploit weaknesses very rapidly before a human can carry out a proper incident response. However, the defender has two big advantages. Firstly, the administrator can achieve excellent visibility of what is happening on their network, via logs, audit trails and other monitoring systems. The second advantage is domain knowledge - the defender should have a good idea of what traffic can be expected from the various computers on the network, which makes it easier to detect attacks.

This document is in PDF format. To view it click here.

Who manages your web site?

Church's old Web domain converted into porn site

By Emily Aronson 12-29-2006

DOVER -- Hope Community Church is trying to spread the word about its new Web site and disavow its former domain name.

Because of an error, [This was a management failure, not a simple mistake. Bob] a pornography company bought the church's old domain name unbeknownst to the church.

... Pastor Steve Spearing said Friday the mix-up happened a few weeks ago when the church changed Internet service providers. Spearing said he believed [Blind faith is not a management tool Bob] the church could keep its Web site name, which contained the words "life" and "Christ."

But the old service provider put the address up for sale and it was bought by a pornographic Web site.

Spearing said he didn't realize the site had been sold [Failure to monitor? Bob] until he got a call from a Massachusetts woman who was interested in moving to the area and was doing research on the Internet about local churches.

"She asked what kind of a church we were and then she said, 'Do you know that your Web site is connected to a porn site,' and I said 'No, ma'am,'" Spearing said.

He said he was aghast, especially because the church had just handed out fliers with the old Web site name at Dover's Apple Harvest Day.

... "It will be interesting to see who shows up to church now," he said.

This approach makes it easier for Subway, and they likely gave no thought to privacy...

**WARNING** Subway Subcards Privacy Issues.

General, posted: 28-DEC-2006 10:03

... Sunway launched these cards a few weeks ago but I only got around to picking mine up yesterday and the concept is cool - you buy your goods and card is scanned which credits your card/account with money for every sub you purchase and these can be used towards the purchase of a product once you have a minimum of $3.

... The scary part? Access to the website is by entering the 16 digit card number and 4 digit security code that is printed ON THE BACK of your Subcard for anybody to see!

If you lose your card anybody who finds it now has access to your personal details and can change them instantly online to be their own and also has access to any credit you have loaded onto the card.

Corporations ain't people?

No Privacy for Sex Club Owner

Thursday, December 28 2006 @ 06:21 PM CST - Contributed by: PrivacyNews - Court Opinions

The federal appeals court in San Francisco has rejected an attempt by a Phoenix gay sex club's corporate owner to assert the privacy rights of its patrons in order to invalidate a city law that may be used to shut down the establishment. Ruling on December 22, the U.S. Court of Appeals for the 9th Circuit held that corporations do not themselves have privacy rights, and that the club cannot bring suit to vindicate the privacy rights of its "members."

Source - Gay City News

Tools & Techniques: Is your organization safe? (Note: The author is CEO of an encryption company)

Encryption a perfect response to the Year of the Breach

Phillip M. Dunkelberger, president and CEO, PGP Corporation Dec 27 2006 21:54

2006 will be recorded as the year that security breaches reached the consciousness and awareness of the mainstream consumer.

... A recent report by The Ponemon Institute showed that 81 percent of U.S. companies surveyed reported the loss of one or more laptop computers containing sensitive information during the previous 12 months.

... Take a look at just five of the reported stolen laptop incidents from this year:

· Metropolitan State College of Denver, Colorado - stolen laptops with names and Social Security numbers of students from 1996-2005: 93,000 records

· Fidelity Investments - stolen laptop with information of Hewlett-Packard, Compaq, and DEC employee retirement accounts: 196,000 records

· YMCA - stolen laptop with credit card and checking account information and names, addresses, and medical information of children in the program: 65,000 records

· U.S. Dept. of Transportation - a special agent's laptop was stolen with personally identifiable information for 80,000 Miami-Dade County residents, 42,000 Florida residents who hold FAA pilot certificates, and 9,000 other Florida residents: 132,470 records

· Mercantile Potomac Bank - laptop with confidential customer information was stolen when a bank employee removed it from the bank's premises, in violation of policy: 48,000 records

What jumps out from this list is that no industry is more prepared than any other when it comes to security breaches. In fact, consider this breakdown of breaches from 2006:

· 31 percent occurred at government or military agencies

· 30 percent involved educational institutions

· 19 percent took place at "general business" organizations

· 11 percent affected health care facilities or companies

· 9 percent involved banking, credit, or financial services institutions

... Additional Ponemon Institute research showed that even a small breach of 2,500 records can result in $1 million of immediate direct costs for the affected organization, and a significant breach compromising 150,000 customer records can result in more than $10 million in immediate direct costs. ... Hopefully by now, you've determined your organization is ready to deploy a full disk encryption solution across your enterprise. If so, here are some best practices to consider:

· Deploy non-intrusive software: Avoid software that replaces critical Windows system files, such as the Microsoft GINA (Graphical Identification and Authentication). Proprietary code increases the risk of system failure and incompatibility with important operating system security updates and patches.

· Enforce strong passwords: Select a solution that can leverage existing domain password requirements. This approach reduces administrative efforts and provides consistent enforcement of policies across the organization.

· Create policy based on an assessment of risks and threats: Single sign-on is convenient for users, but may not be appropriate for all use cases. Consider which users or systems require additional levels of security, such as two-factor pre-boot authentication, and apply security policy, as necessary.

· Consider future projects: Will the solution scale and expand to meet not only current security requirements, but also the requirements for future encryption projects?

· Educate users: Take the time to educate end users and management on the threats to the business and the ways solutions such as full disk encryption are protecting the company and its customers.

Your tax dollars at work...

U.S. Gov't to use Full Disk Encryption on All Computers

Posted by timothy on Thursday December 28, @10:48AM from the double-secret-probation-rot-13 dept.

To address the issue of data leaks of the kind we've seen so often in the last year because of stolen or missing laptops, writes Saqib Ali, the Feds are planning to use Full Disk Encryption (FDE) on all Government-owned computers. "On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The U.S. Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. The selected product will be deployed on Millions of computers in the U.S. federal government space. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The evaluation will come to an end in 90 days. You can view all the vendors competing and list of requirements."

I've been suggesting this for 10 years or more...

Muni Fiber Keeps Helping Economies Grow

from the well-look-at-that dept

While we've discussed repeatedly why WiFi might be the wrong technology for municipal networks, that doesn't mean the idea of municipal networks is a bad thing. While there have been some reports claiming that municipal networks never work, they've generally been written by astroturfing groups, who cherry pick their information, and often are flat out wrong. A number of the cases they cite as failures, turned out to actually be success stories. In general, though, as with any bit of government intervention, there are plenty of ways for governments to screw things up, and they often do. However, if you set it up right, a muni-broadband offering can actually be a very, very good thing. The key is recognizing two things.

First, there isn't a competitive market in most of these places.

Second, that's often because of the natural monopoly issue.

It's simply inefficient to have every new competitor rip up a city to place their own network infrastructure in the ground. As with the highway system, sometimes it just makes sense to work out a deal to get a single top-notch fiber network in the ground and let everyone compete on it. You get true competition, which leads to better services, and you get much faster broadband.

While not many places have yet adopted this type of system, there is increasing evidence that (unlike many of the muni-WiFi efforts), muni-fiber efforts are turning out to be a big boost for local economies. We've already discussed how muni-fiber in Oregon helped bring Google to town (and plenty of new jobs), and now Broadband Reports runs through a number of other examples of muni-fiber installations boosting the local economy by attracting new companies and increasing jobs. While many of us are naturally averse to government involvement in things, it does seem like, when the market has failed to create competitive situations (sometimes because of dumb government involvement that tilted the initial playing fields, it can help if a well thought-out plan creates the infrastructure that others can compete on.

Thursday, December 28, 2006

Patients warned of possible identity theft

By JIMMY NESBITT Courier & Press staff writer 464-7501 or Wednesday, December 27, 2006

A Deaconess Hospital laptop that contained private information on up to 128 patients [At least its not 128 thousand... Bob] has been missing for at least a month, a hospital spokesman said Tuesday.

The laptop, which was used in the respiratory therapy department to record medical and personal information, was reported missing near the end of November, said spokesman Sam Rogers. Hospital officials have not filed a police report, but the laptop is presumed stolen.

The hospital mailed letters Saturday to all affected patients, warning them of the possibility of identity theft. Rogers said the hospital waited to send the letters because their internal investigation took several weeks.

"We don't know if it's stolen or if it's still lost," he said. "We took the safest route to just notify the people and assume that it is stolen."

We never look at the information we send out until someone complains...”

University apologizes for mistakenly sharing student information

BOZEMAN, Mont. (AP) - Montana State University has sent letters of apology to more than 250 students whose names and Social Security numbers were mistakenly shared with other students.

Eight students each mistakenly received a list of 30 or so students' names and Social Security numbers, school officials said.

School administrators said they do not believe the information was misused, but alerted the 259 students after being unable to immediately reach all of the eight who received the information.

... Humberger said the mistake occurred when a student working in the MSU loan office mailed out packets to eight students who had paid off their student loans. Each packet contained the contents of each student's file, with the original promissory note marked as paid. But each packet also contained an alphabetical list of 30 or so other students with loans. The name of the packet recipient was highlighted.

Stealing a laptop too much effort?

Internet Research Digs Up Private Matters

Carole Levitt & Mark Rosch Law Technology News December 28, 2006

I know your mother's maiden name, your date of birth, your address and the price you paid for your house. I also know the name of the person who officiated at your wedding, the names of your children (and their dates of birth), the number of times you've been divorced and how much you inherited from your great aunt. I know the amount of your liens, the type of tattoo you sport (and its location on your body), your political persuasion and your religion. I even know if you are mentally ill -- and I've never met you.

I know all this because you live in a jurisdiction where public records (state and local) are abundantly free and accessible by anyone with a computer and an Internet connection. [Is there a database that describes what is available in each jurisdiction? Bob]

While public records are made available to give notice to and protect the public, and to advance commerce, savvy lawyers access public records because they contain treasure troves of government-held data about people and companies. This data can be useful for: 1) locating anyone who has "gone missing," 2) tracing heirs or 3) investigating the background of a potential client, new partner, a witness or the opposition.

But, what if public records are not available in the jurisdiction you're interested in? What if government agencies and commercial database companies require a requestor to provide his or her name and the reason for accessing someone else's public records? What if your target is always informed of your access to their records?

Or, what if more privacy laws are passed and a record that is public today becomes private tomorrow? For example, drivers' licenses, were considered public until federal legislation deemed them private in 1994 (Driver's License Privacy Protection Act of 1994 (DPPA), 18 U.S.C. 2721 et seq.). But it took six years and a U.S. Supreme Court case to stop states from treating them as public and selling the data (Reno v. Condon, 528 U.S. 141 (2000)). And there are still exceptions to the DPPA so the records may be accessible in some instances.

How likely are these scenarios about losing access to public records?

... Here are examples of how you can use Web sites to find people or to learn about their background:

  • Social networking: Trying to track down someone's address and you've had no luck using their name? Consider tracking them through teenage children's names by visiting social network sites like or

    These types of sites are now even sprouting up for boomers and elders, as evidenced by Visit it to learn if the person you are trying to track has a profile.

    Social networking sites are not the only place people are posting personal information about themselves. A family law attorney recently shared an anecdote about the embarrassing information that her client posted to an online dating site discovered by the other side. To dig up dirt, see sites such as or is not just for reconnecting with your long lost classmate. It's the secret weapon of many private investigators. Search by a woman's maiden name and you might discover her married name. Search by a company's name and date range to identify people who worked at the company where your client was sexually harassed. You just might find a willing witness.

  • Blogs: If you need to learn about someone's background, cell phone or fax number, read their blog. People typically add personal information to their blogs, not to mention provide a taste of their personality. For example, judging from the entries on a well-known lawyer's blog, he clearly has a dry sense of humor. This is something you would not learn from his profile at his traditional law firm Web site. Look for blogs at

  • Podcasts: What better way to learn about someone than listening to their podcast? You might learn about the opposition expert's real opinion as you listen. Search for general topic podcasts at Ipodder, and legal topic podcasts at The Blogs of Law,

  • PowerPoint presentations: Some expert witnesses' Microsoft PowerPoint presentations from conferences get posted to their Web site or the conference Web site. You may not only be able to learn what that person really thinks by viewing PowerPoints online, but by looking in the editing mode, you can read their notes.

    Find PowerPoints by using the Advanced Menu on Google (or Yahoo), entering a person's name into the search box and then limiting your results to the file format PPT.

    Better yet, is there some inside information you could retrieve from a corporate presentation posted online? Inside information from Google Inc. was uncovered this way. Locate someone's PowerPoint presentation by searching at

  • Google Groups: Is your client -- the one who was involved in an automobile accident -- on methadone? Do you believe another client had no notice until November 2002 that his company's product was defective? Take a walk through the community of Google Groups to see if your client publicly discussed his woes in a discussion group, or if others are discussing your client's products. The results might change your case strategy.

When the public record floodgates narrow or are closed completely, the amount of information you can find about people will only be limited by the time and energy you have to surf the Internet -- and your ability to think outside the box.


Law Enforcement Just Can't Let Go Of Their Big Database Obsession

from the more-data,-more-data,-more-data dept

The various law enforcement agencies and groups around the US just can't give up on their desire to have big centralized databases, no matter how many problems it might cause. And, every time one effort is stopped, another one springs up in its place. There was, of course, the famed Total Information Awareness project that was shelved after it got a ton of negative publicity, and was later renamed the Terrorism Information Awareness project, because no one wants to be against "terrorism," right? Then, of course, there was the famed MATRIX system (not the movie) that would allow various state law enforcement groups to easily access similar databases from other state law enforcement groups, and would then spit out a "terrorist quotient" for any particular person to see how likely you were to be a terrorist (like a credit score, but more ridiculous). That got shut down after a wave of negative publicity as well. Yet here we are again, as the Washington Post reports that the Justice Department, the DEA and a bunch of other federal law enforcement officials are working on a big centralized database system called OneDOJ, which will let state and local police officers tap into federal law enforcement case files.

There are some obvious benefits for law enforcement agents to have such information at their fingertips. After all, some people believe it was a lack of critical data sharing that made law enforcement miss some important connections that might have tipped them off to what the 9/11 hijackers were up to. However, centralized database systems like this also open up a ton of potential problems as well. There are always questions about how accurate the data is, for example. Remember the guy who was arrested due to a database error? Then, of course, there are all the issues that come about from opening up this data to more people. Even if the people who are supposed to access it are in law enforcement, that's no guarantee it won't be misused. Remember the cop who used a law enforcement database to spy on his ex-wives? And the MATRIX system we discussed above was brought down in part due to a bunch of crooks hacking into the system, which doesn't inspire much confidence. In the meantime, of course, law enforcement officials are spending more time (and taxpayer money) using private databases rather than the ones they built themselves, not that they have any better quality control or security.

Roswell? The grassy knoll? Fluoride in the water supply?

Which secret government documents will be declassified on December 31?

by Julia Layton December 23, 2006

This New Year's Eve, at midnight on the dot, hundreds of millions of pages [Two day's worth? Bob] of U.S. government secrets will be revealed. Or at least they'll no longer be official secrets -- it may actually take months or more for the National Archives and Records Administration to make those pages available for public consumption. The NARA is already dealing with a multi-million page backlog.

But in theory if not in immediate practice, what was set in motion by the Clinton administration in 1995 is coming to fruition. Executive Order 12958 declared that in 2000, every classified document 25 years of age or older would be automatically declassified unless the classifying agency had already sought and received that document's exemption (anything that could cause an "identifiable" risk to national security, would violate a person's privacy or involves more than one agency is exempt). After two three-year extensions granted by the Bush administration in response to cries from the CIA, FBI, NSA and other agencies that they didn't have the manpower to review all of their papers in time, the final deadline has arrived. And President Bush is enforcing it.

Scholars of history, conspiracy theorists and freedom-of-information activists everywhere are doing a happy dance like none you've ever seen. We're talking about a treasure trove of historical documents, secrets that have been kept for decades, suddenly stripped of its Top Secret, Secret or Confidential status.

... So what can we expect to learn when these pages become accessible to the public? We're not talking about small secrets here. Experts says the documents will tell us about the inner workings of such events and periods as World War II; the Cold War; the McCarthy-era search for Communist sympathizers in the United States and the very real presence of Soviet spies in the U.S. government's upper ranks; the Cuban missile crisis; the Vietnam War and the government's anti-war-protestor activities including surveillance and penetration of activist groups; the CIA's secret experiments with LSD; the Camp David Accords that resulted in a peace treaty between Israel and Egypt; the Iran hostage crisis in 1979; and the Soviet Union's attack on Afghanistan that same year.

... For more information on declassified government documents and related topics, check out the following links:


Tools & Techniques Trivial, but interesting

How to Foil a Phone Thief

... Of course, the US is a cell tech backwater, but firms in other countries are working on innovative antitheft products for mobiles. Some act as deterrents, others help recover the phone, and a few just satisfy your primal urge for revenge. Now, if we could just get these things stateside.

You don't suppose the company that manufactures the slot machines also makes e-voting equipment? “Sorry, you candidate won due to a software error...”

Wednesday, December 27, 2006

All bets off as casino refuses to pay jackpot

Two men from Manitoba have hired a lawyer and are threatening legal action after a Winnipeg casino refused to pay out more than $209,000 in slot-machine winnings.

The men were playing a computerized version of Keno last week when they matched all five numbers on the screen.

The machine said the win was worth a jackpot of $209,716.40. The casino said it was a software error.

... It says nickel machines normally don't pay out more than $3,000.

... "My clients saw what the payout was. As they were playing, they saw what five numbers would have gotten someone. It's not disputed that it was on the screen."

But Olynik said the slot machines have a sticker on them advising players that a "malfunction" voids all winnings. [Attention e-voting manufacturers! Bob]

... External Source:

Tools & Techniques

Wed December272006

Send Anonymous Text Messages

Ever want to text someone anonymously? Hit up AnonTxt and just enter in an alias, a subject, and the message itself, and it'll be quickly sped to the cellphone number of your choosing.

Of course, the message appends "anontxt" to the sender's name, so the recipient knows where it's from. So if you really want to spoof someone's phone—say to make your co-worker think your boss is flirting with her—you'll have to look elsewhere. And you can contact anontxt to block your number if someone is pranking you repeatedly.

Wednesday, December 27, 2006

Do you suppose this will become commonplace? (Lots of interesting ideas in the comments, too.)

Disabling the RFID in the New U.S. Passports?

Posted by Zonk on Tuesday December 26, @10:19AM from the very-high-tech dept.

slashchuck writes "Along with the usual Jargonwatch and Wired/Tired articles, the January issue of Wired offers a drastic method for taking care of that RFID chip in your passport. They say it's legal ... if a bit blunt. From the article: 'The best approach? Hammer time. Hitting the chip with a blunt, hard object should disable it. A nonworking RFID doesn't invalidate the passport, [Want to bet? Bob] so you can still use it.' While this seems a bit extreme, all indications seem to be these chips aren't very secure. How far will you go to protect or disable the RFID chip in your passport? Do you think such a step is necessary? Does anyone have an argument in favor of the technology's implementation here? "

Inevitable, but it looks like the “time to adoption” David Paul measured for the dynamo (20 years) is much shorter for technology that does not require a capital investment.

DVD Player Ownership Surpasses VCR Ownership

Posted by Zonk on Tuesday December 26, @12:04PM from the just-in-time-for-a-new-format dept.

An anonymous reader wrote to mention an Ars Technica post stating that, for the first time, more U.S. consumers own a DVD player than own a VCR. The DVD player dropped below $100 quite some time ago, but the third quarter of this year saw the percentage of DVD player ownership reach 81.2. Only 79.2% of consumers now own VCR players, reports Nielsen.

From the article: "For all of the talk about the battle between HD DVD and Blu-ray, both technologies are far, far away from most family rooms. Yes, the two are just now beginning what could be a long battle for entertainment-center supremacy, but keep in mind that the technology that they are vying to replace has only recently gained the upper hand against the previous-generation technology--a decade after first being introduced. Even if Blu-ray or HD DVD unexpectedly routs its opponent from the market in the next two or three years, it will still be several more years before the victorious format supplants the DVD."

No politician will want their words used against them.

Liberating & Restricting C-SPAN's Floor Footage

Posted by timothy on Wednesday December 27, @06:43AM from the bye-bye-insomnia dept. The Media United States Politics

bigmammoth writes "C-SPAN bid to "liberate" the House and Senate floor footage has re-emerged and been shot down. In an aim to build support a recent New York Times editorial called for reality TV for congress. But what is missing from this editorial is the issue of privatization and the subsequent restriction of meaningful access to these media assets. Currently the U.S. government produces this floor footage and it is public domain. This enables projects such as metavid to publicly archive these media assets in high-quality Ogg Theora using all open source software, guaranteeing freely reusable access to both the archive and all the media assets. In contrast C-SPAN's view-only online offerings disappear into their pay for access archive after two weeks and are then subject to many restrictions." (Continues)

"If C-SPAN succeeds, reusable access to floor footage will be lost and sites such as metavid will be forced to stop archiving. Because of C-SPAN's zealous IP enforcement metavid has already been forced to take down all already 'liberated' committee hearings which are C-SPAN produced. Fortunately, the house leadership sees private cameras as a loss of 'dignity and decorum' and will be denying C-SPANS request."

Can you do this anonymously?

December 26, 2006

Identity Theft Task Force Seeks Public Comment

Press release: "The Federal Identity Theft Task Force, chaired by Attorney General Alberto R. Gonzales and co-chaired by Federal Trade Commission Chairman Deborah Platt Majoras, is seeking public comment on ways to improve the effectiveness and efficiency of federal government efforts to reduce identity theft. The public comments on these issues will supplement the research and analysis being conducted, provide further information about the proposals being considered, and identify areas where additional recommendations may be warranted. The Task Force was established by an Executive Order 13402 on May 10, 2006."

Attention Virtual Lawyers!

Korea Doesn't Want That Virtual Currency To Be Traded For Real Money

from the and-you-will-do-this-how-exactly? dept

It's not like people haven't been warning others around the world about the potential tricky issues that come up with online worlds and offline laws -- but it seems that no one paid much attention and everyone simply plowed onwards. As these worlds gain more attention and users (though, perhaps not as many as the press would have you believe), governments are increasingly taking an interest in them. There's the obvious issue of taxation of virtual winnings, which some governments are starting to explore, but a bigger issue may be the secondary economies found within these worlds, and what that means for government-level monetary policy. The idea that of these kinds of secondary currency systems forming beneath the surface of official currencies is nothing new at all, but are usually narrowly focused on local communities. However, when that "local community" suddenly gets much bigger thanks to the internet, it can represent a big issue.

It appears that South Korean politicians are trying to tackle this issue, but are doing so badly. They've put forth legislation that would ban the trading of virtual currencies, as an attempt to cut off the use of in-game money as an alternative to real money. Of course, trading virtual currencies and objects from within these games is a big part of the appeal of the games -- and has proven pretty much unstoppable for games that have tried to prevent it from happening. Black markets open up very quickly. To make matters even worse, the South Korean proposal only looks to ban the trading of in-game currencies, not in-game items. In other words, all you need to do if you want to trade in-game currency is buy some sort of object in the game, and then trade or sell that, and you've now stayed within the law, but accomplished the same exact thing. It's no surprise that governments are worried about these non-regulated currencies, but simply announcing a ban on trading them clearly isn't going to be very effective.

We don't want to spend money to deliver what we promised our customers, so we will spend money to ensure the service becomes worse!” (Promise everything, deliver within budget.)

Trying To Slow Down BitTorrent Traffic Will Backfire, Badly

from the bad-bad-plan dept

Over the past couple of years, a bunch of ISPs have started (usually quietly) applying traffic shaping efforts to slow down your high bandwidth applications like BitTorrent. This is part of what the whole network neutrality debate is about, but this has more to do with the ISPs trying to keep out services that use up more bandwidth then they budgeted for. What it really represents is the inability of ISPs to recognize a simple fact: if you offer people bandwidth, they'll figure out ways to use it. [Amen! Bob] The ISPs got into this big race with each other, and all promised unlimited bandwidth at cheap prices, making the calculation that the demand for bandwidth wouldn't increase very much, and most people wouldn't use very much at all. They were wrong. But, rather than admit that they made a mistake, they suddenly pretend that the "all you can eat" broadband they sold you is something different -- one where they can arbitrarily limit what you can do with that bandwidth. They sold you one thing, with the belief that you wouldn't actually use it, and now that you are, they're shoving in place temporary fixes to stop you from using what they sold you. Of course, there are many who believe the whole thing is simply a ruse to try to charge everyone more money, a concept that gained steam when a loose-lipped CTO from Qwest admitted that file sharing traffic isn't actually much of a burden for them, and he didn't understand other ISPs claiming it was such a problem.

The funny thing, though, is that whether or not it really is a burden, the idea of using traffic shaping is absolutely going to backfire. As we've already discussed, the more ISPs try to snoop on or "shape" your internet usage, the more that's going to be a great selling point for encryption. People are going to increasingly encrypt all of their internet usage, from regular surfing, to file sharing to VoIP -- as it makes it that much more difficult to figure out what kind of traffic is what and to do anything with it. Broadband Reports today is moderating something of a debate on whether or not encrypting BitTorrent is a good thing, with Wired taking the bad side and TorrentFreak (not surprisingly) taking the good side. Of course, it's really all a matter of perspective. It may be good for some people or bad for the others -- but what's most amusing, is that encrypting all of this traffic will simply add a lot of overhead for the ISPs to deal with. That means, for all their talk about how file sharing traffic was a burden on their network, by trying to slow it down with traffic shaping, they're only likely to increase the burden as everyone shifts to encrypted systems making it more difficult and more costly for them to do anything about it. Add to this that the traffic shaping hardware costs money that could have gone into simply upgrading their overall network, and it seems doubly problematic. They're left with an expensive solution that doesn't solve the issue and actually makes it worse, when they could have just spent more on upgrading their network to handle more capacity.

Remember the “Streisand effect!”

Cyberspace Sex Scandal Heads to Trial

Wednesday, December 27 2006 @ 07:00 AM CST - Contributed by: PrivacyNews - Internet & Computers

WASHINGTON - When Robert Steinbuch discovered his girlfriend had discussed intimate details about their sex life in her online diary, the Capitol Hill staffer didn't just get mad. He got a lawyer. Soon, though, the racy tidbits about the sex lives of the two Senate aides faded from the front pages and the gossip pages. Steinbuch accepted a teaching job in Arkansas, leaving Washington and Jessica Cutler's "Washingtonienne" Web log behind.

While sex scandals turn over quickly in this city, lawsuits do not. Steinbuch's case over the embarrassing, sexually charged blog appears headed for an embarrassing, sexually charged trial.

Lurid testimony about spanking, handcuffs and prostitution aside, the Washingtonienne case could help establish whether people who keep online diaries are obligated to protect the privacy of the people they interact with offline.

Source - AP

Would denying these records to an insurer aide in a fraud?

Spread of Records Stirs Patient Fears Of Privacy Erosion

Tuesday, December 26 2006 @ 09:53 AM CST - Contributed by: PrivacyNews - Medical Privacy

After her fiancé died suddenly, Patricia Galvin left New York for San Francisco in 1996 and took a job as a tax lawyer for a large law firm. A few years later, she began confiding to a psychologist at Stanford Hospital & Clinics about her relationships with family, friends and co-workers.

Then, in 2001, she was rear-ended at a red light. When she later sought disability benefits for chronic back pain, her insurer turned her down, citing information contained in her psychologist's notes. The notes, her insurer maintained, showed she wasn't too injured to work.

Ms. Galvin, 51 years old, was appalled. It wasn't just that she believed her insurer misinterpreted the notes. Her therapist, she says, had assured her the records from her sessions would remain confidential.

As the health-care industry embraces electronic record-keeping, millions of pages of old documents are being scanned into computers across the country. The goal is to make patient records more complete and readily available for diagnosis, treatment and claims-payment purposes. But the move has kindled patient concern about who might gain access to sensitive medical files -- data that now can be transmitted with the click of a computer mouse.

Source - Wall Street Journal (sub. req.)

Related - Kaiser Permanente's Privacy Policy

A collaboration tool or a way to snoop?

Google Notebook Search: Go through people's notebooks

Google Notebook Search is still a Google Labs service, but it's open to the public. It lets you search through everyone's public notebooks. Fun.

Attention Class Action Lawyers?

And now the Wiixercises !!!

Wii_yoga The British Chiropractic Association has advised people to warm up before playing the Wii games. They are advising people to consider the Wii session as a form of excersise and hence do a warm up and a cool down. Players can then avoid “stiffness and possible injuries.”

Tuesday, December 26, 2006

I've got this idea for a fully mobile remote nanny. She watches and listens to everything you do, scolds or praises as appropriate, rats you out to parents or spouse, even gives you a grade for “Conformity.” I figure the government will buy hundreds of them to follow sexual predators and paroled felons (maybe even congressmen!) Some interesting comments too.

George Orwell Was Right — Security Cameras Get an Upgrade

Posted by ScuttleMonkey on Tuesday December 26, @12:34AM from the big-brother-would-be-proud dept.

Jamie stopped to mention that Bloomberg is reporting on a recent addition of speakers to public security cameras in Middlesbrough, England. From the article: "`People are shocked when they hear the cameras talk, but when they see everyone else looking at them, they feel a twinge of conscience and comply,' [When did “everyone else” stop voicing their disapproval? Bob] said Mike Clark, a spokesman for Middlesbrough Council who recounted the incident. The city has placed speakers in its cameras, allowing operators to chastise miscreants who drop coffee cups, ride bicycles too fast or fight outside bars."


Watch ANY Traffic Camera in New York City in Real Time!

This website lets you watch real-time streaming videos and still images of NYC whenever you want. The cams even have a great framerate.

Advanced Traveller Information System

Manhattan Information

There are 45 cameras installed in key traffic points around Manhattan accessible from either the map or the list below. 10 cameras provide both streaming video or still images, 35 cameras provide only still images.


Project aims to tag Tokyo neighborhood with RFID

Tags and transmitters to provide location-based information

By Martyn Williams, IDG News Service December 26, 2006

A location-based services trial that will see a famous Tokyo neighborhood blanketed with around 10,000 RFID (radio frequency identification) tags and other beacons got its start earlier this month.

The Tokyo Ubiquitous Network Project seeks to install RFID, infrared and wireless transmitters throughout Tokyo's Ginza area, which is the most famous shopping area in the capital. The tags and transmitters will provide location-related information to people carrying prototype readers developed for the trial, said Ken Sakamura, a professor at The University of Tokyo and the leader of the project.

The system works by matching a unique code sent out by each beacon with data stored on a server on the Internet. The data is obtained automatically by the terminal, which communicates back to the server via a wireless LAN connection and requests the data relevant to the beacon that is being picked up.

Sakamura envisages the system will be able to provide users with basic navigation and information about the shops and stores in the area in at least four languages: Japanese, English, Chinese and Korean.

For example, bringing the terminal close to an RFID tag on a street lamp will pinpoint the user's location and the system will be able to guide them to the nearest railway station while walking past a radio beacon in front of a shop might bring up details of current special offers or a menu for a restaurant.

... The project is supported by the Tokyo Metropolitan Government and Ministry of Land, Infrastructure and Transport (MILT) and one of several that currently taking place in Japan.

In one of the trials, RFID tags have been embedded in yellow studded rubber tiles that are often put onto pavements as an aid to blind or partially sighted people. An RFID reader at the tip of a cane picks up the tags and a transmitter box mounted higher on the cane sends the tag's ID to the prototype terminal which gets relevant information from the server. In a demonstration of the system the terminal alerted the user that the pavement is coming to an end but that there's a ramp to the right and stairs to the left.

Isn't this (at least partly) to combat the lack of communication between agencies? Should we risk allowing a fleeing felon to avoid arrest because we can't get the word out? ...and since when does something change from Okay to evil because it grows larger?

Justice Dept. Database Stirs Privacy Fears

Size and Scope of the Interagency Investigative Tool Worry Civil Libertarians

By Dan Eggen Washington Post Staff Writer Tuesday, December 26, 2006; A07

The Justice Department is building a massive database that allows state and local police officers around the country to search millions of case files from the FBI, Drug Enforcement Administration and other federal law enforcement agencies, according to Justice officials.

The system, known as "OneDOJ," already holds approximately 1 million case records and is projected to triple in size over the next three years, Justice officials said. The files include investigative reports, criminal-history information, details of offenses, and the names, addresses and other information of criminal suspects or targets, officials said.

The database is billed by its supporters as a much-needed step toward better information-sharing with local law enforcement agencies, which have long complained about a lack of cooperation from the federal government.

But civil-liberties and privacy advocates say the scale and contents of such a database raise immediate privacy and civil rights concerns, in part because tens of thousands of local police officers could gain access to personal details about people who have not been arrested or charged with crimes. [Like the guy who robbed the Seven-11 and killed the clerk. He hadn't been arrested or charged, we didn't even know his name... Bob]

The little-noticed program has been coming together over the past year and a half. It already is in use in pilot projects with local police in Seattle, San Diego and a handful of other areas, officials said. About 150 separate police agencies have access, officials said.

But in a memorandum sent last week to the FBI, U.S. attorneys and other senior Justice officials, Deputy Attorney General Paul J. McNulty announced that the program will be expanded immediately to 15 additional regions and that federal authorities will "accelerate . . . efforts to share information from both open and closed cases."

Eventually, the department hopes, the database will be a central mechanism for sharing federal law enforcement information with local and state investigators, who now run checks individually, and often manually, with Justice's five main law enforcement agencies: the FBI, the DEA, the U.S. Marshals Service, the Bureau of Prisons and the Bureau of Alcohol, Tobacco, Firearms and Explosives.

Within three years, officials said, about 750 law enforcement agencies nationwide will have access.

... Much information will be kept out of the system, including data about public corruption cases, classified or sensitive topics, confidential informants, administrative cases and civil rights probes involving allegations of wrongdoing by police, [In other words, it will only record information about us second class citizens... Bob] officials said.

... Barry Steinhardt, director of the Technology and Liberty Project at the American Civil Liberties Union, said the main problem is one of "garbage in, garbage out," [Technically not a database problem Bob] because case files frequently include erroneous or unproved allegations.

"Raw police files or FBI reports can never be verified and can never be corrected," Steinhardt said.

I suspect this could be done with non-artists too. Perhaps sites by specific topics (Computer Security, Wine, competitive knitting...)

A site for student artists

December 25, 2006 5:59 AM PDT

The Saatchi Gallery in London has opened up its Web site for students and other aspiring artists to post their work and chat with peers.

The recently redesigned Web site of the famed Saatchi Gallery in London has become a social-networking outlet for aspiring young artists. A key feature launched in May is the section called Your Gallery, where artists can post their own work at no charge, sell it without a middleman and chat with peers. That section now has contributions, including video art, from more than 20,000 artists, with 800 more signing up each week, according to a story in The New York Times. Another section, called Stuart (for "student art"), launched in November and now counts 1,300 students, the Times reported.

Think what you would trust to people not under your immediate control.

December 25, 2006

Growth in Outsourced Legal Services to Companies in India Reported

Follow-up to a November 12, 2006 article on, Developments in Legal Outsourcing and Offshoring, Moushumi Anand, Medill News Service, posted this article that highlights the growth in contracts for outsourced legal work undertaken by several companies in India.

I've always thought charities were a rather backwards way to do “good works” For one thing, they spend everything they collect (less the 90% collector's fee) and then have to beg next year.

December 25, 2006

Consumer Reports Guide to Charitable Giving

Make sure that your donations count - Here's how to home in on charities that don’t waste--or steal--your money.

Clearly a business opportunity!

Latest Attempt To Catch Phishers May Make Life Difficult For Small Web Vendors

from the no-fun-at-all dept

It's no secret that there are a lot of scammers out there online, and trying to come up with ways to weed out who's legit and who's not has certainly been a growth industry lately. However, sometimes things get tricky. Microsoft is rolling out a new system in the latest version of Internet Explorer that aims to flag certain sites as being safe or unsafe, using much stricter verification rules that secure certificate vendors need to follow. Of course, these are also a lot more expensive, and the strict rules mean that a lot of smaller merchants may not make the cut or may not want to pay extra to get these certificates. It raises questions about whether or not it's fair for a company like Microsoft to put the burden on the sites themselves to go out and prove to a certificate vendor that they're legit (and willing to pay a lot more than a standard secure certificate) just to be considered safe. Obviously, it can help to cut out many questionable sites, but if it has plenty of false positives, harming perfectly legitimate vendors as well, that's hardly a good solution.

I'm always amused by statistics like these...

60 percent of P2P video downloads are porn

Porn and TV dominate the video content that people downlaod from P2P networks, according to a new study by the NPD Group. The market researchers estimate that 60 percent of those videos are "adult content", while 20 percent are TV shows.

This isn't really new, is it?

Paypal announces FREE 'Virtual Debit Card' - throwaway online credit cards

Those of you that are jealous of the Visa throwaway credit card that creates a new unique one-time use number for your online transactions can stop worrying, anyone can now get on the fun! Paypal will offer this service FREE to all users once it leaves beta, meaning you'll have alot less headache worrying about credit card theft and security.

10 Web Operating Systems Reviewed - Maybe You Try One

Why not try some of the WebOS applications that are already available? Believe it or not, there's already over 15 of them, and here you can find a review of the 10 most promising WebOSes.