Thursday, March 22, 2007

Remember, it doesn't have to be the entire laptop. Storage devices are getting smaller, even as they hold more data. Note the last paragraph – should these devices be labeled and if so, how?

http://www.theregister.co.uk/2007/03/21/perth_council_usb_loss/

Security flap as Scottish council loses USB key

By John Leyden Published Wednesday 21st March 2007 13:04 GMT

Pay details of scores of workers of Perth and Kinross Council has been found on a memory stick left in the street. The security lapse could have exposed workers to ID theft, the Perth Advertiser reports.

The breach emerged after a USB key containing 59 documents, many from the council's Environmental Services Department, were recovered near a bike shelter close to the council building at Pullar House. The retired man who found the memory device handed it over to the local paper. [Why? Were the police not interested? Bob]

Data on the key included 25 spreadsheets some of which included details of council workers' pay, National Insurance contributions, and overtime hours. It also contained health and safety reports, performance reviews, and budget information.

Information on workers ranging from HGV drivers to cemetery workers was exposed by the breach.

Inquiries by the Perth Advertiser established that the loss of the device had gone unnoticed, or at least unreported to police. A spokesman for the council thanked the paper for the recovery of the lost memory device, which he described as "an unfortunate accident".

The man who reported the loss described it as careless. [Interesting. Perhaps a tech-savvy individual, not a random bystander... I wonder if he made a copy first? Bob] "I would have thought it would be unwise for council employees to be going around with a pen drive in such a way that it could be so easily lost. I thought more care would be taken over such information.

"If I was a council worker, I would be furious," he added.

A spokesman at the council explained that council workers sometimes take work home with them on USB sticks. "Officers in this situation are all aware of the need for care and it would seem that this was an unfortunate accident.

"The device contained some historical information but much of the documentation was on the device in order to assist the owner in preparing some draft material for the new Business Management Improvement Plan," he added.

The council criticised the man who found the key for not returning it directly to the council. [Did it have a big label detailing who it belonged to and that it contained sensitive data? Not smart if it did! Bob] "The failure by the finder of the USB device to return it to the council constitutes theft and the council would like to thank the PA for its return," he said.



All the news that fits...

http://www.pogowasright.org/article.php?story=20070321194436268

Sensitive Information Published in Federal Register

Wednesday, March 21 2007 @ 07:44 PM CDT - Contributed by: PrivacyNews - Fed. Govt.

The World Privacy Forum filed comments with the Department of Transportation today regarding the department's publication of the detailed personal medical information of individuals subject to DOT regulations in the Federal Register along with their names, ages, and other identifying information.

... "The March 1 notice included the full first and last name, the age of the applicant, the middle initial when available (most were), as well as the individual’s medical details, and finally, the state the individual is licensed in. With this information, it was a simple matter to locate a number of the home addresses and telephone numbers of these individuals to a very high degree of confidence by conducting a brief search of the web using the name and state that the individuals were licensed in as keywords."

Source - World Privacy Forum [pdf]



Now here's a Judge I'd like to talk to...

http://www.sltrib.com/ci_5488482

ID thieves should pay for victims' lost time, judge says

By Pamela Manson The Salt Lake Tribune Article Last Updated: 03/21/2007 03:55:28 PM MDT

Posted: 3:58 PM- Frustrated that he has no power to make identity thieves pay for the time victims spend restoring their good credit records, a federal judge in Utah is calling for reform of restitution laws.

In a memorandum issued Wednesday, [Where can I find this? Perhaps from the reporter? pmanson@sltrib.com Bob] U.S. District Judge Paul Cassell notes that federal statutes limit the kinds of losses that offenders can be ordered to repay. Lost time, a precious commodity, falls outside the covered categories, the judge wrote.

"Congress has recently acted to punish aggravated identity theft severely by creating mandatory minimum sentences for the crime," Cassell wrote. "But while these changes strongly deter such crimes, they, unfortunately do nothing to fully compensate the victims who suffer from such crimes."

Cassell said the Judicial Conference, which makes policy concerning the federal court administration, recently agreed to support legislation that would authorize judges to award restitution at their discretion when circumstances warrant it. He encouraged lawmakers to follow up.

The judge's comments stem from the case of Ruby Teresa Garcia, who investigators say obtained others' personal information by stealing mail and burglarizing vehicles. She then allegedly used the data to get fraudulent credit cards, which she sold or used to buy merchandise over the Internet.

Garcia pleaded guilty last month to two counts of aggravated identity theft. She was sentenced by Cassell to a mandatory sentence of two years in prison and ordered to pay $6,839 to two banks.

Then came the question of how much to pay a victim, called H.F. in court records. The charges on the fraudulent credit cards were covered by the bank but H.F. - a wife and mother who works outside the home - also suffered considerable damage, according to Cassell.

He said H.F., whose car was vandalized and purse stolen one morning while she was at a gym, spent considerable time and energy straightening out her credit record. In addition to replacing her stolen cards, she had to deal with the fraudulent charges and close a checking account.

"Finally and most importantly, H.F. suffered a loss of what she called her 'most precious thing' - her free time," Cassell wrote.

But he was powerless to require payment for all those hours spent untangling the mess, he said, because the legal limits on restitution "unfairly tie the hands of judges in crafting restitution orders."



PRO...

http://news.com.com/Homeland+Security+dismisses+Real+ID+privacy+concerns/2100-1028_3-6169388.html

Homeland Security dismisses Real ID privacy worries

By Anne Broache Story last modified Thu Mar 22 06:41:58 PDT 2007

ARLINGTON, Va.--A senior U.S. Department of Homeland Security official on Wednesday said he finds privacy concerns prompted by the proposed Real ID regime puzzling.

Stewart Baker, the department's assistant secretary for policy, said a forthcoming system of uniform national identification cards will not put more personal information into the hands of motor vehicle administrators or result in a massive centralized database that's more susceptible to hackers.

In fact, Baker said, the controversial law will improve Americans' privacy. "You can never foresee the future, but every indication is that Real ID is actually going to make it less easy for people to engage in identity theft," Baker told the Homeland Security Data Privacy and Integrity Advisory Committee at its quarterly public meeting here.

Real ID has been a target of criticism since Congress enacted it three years ago as part of an "emergency" Iraq spending bill. Although Homeland Security has tried to defuse criticism by extending deadlines, the law still requires states to reconfigure their drivers licenses and share data. If they don't agree to comply by this October, their citizens won't be able to use their driver's licenses to board planes or enter federal buildings starting on May 11, 2008.

Baker said the process is privacy-protective because it will require Americans to produce legal documents like birth certificates, whose authenticity will be verified, before they can receive a card that meets Real ID protocol. That approach would allow, for instance, airport officials to be more confident in the identity of travelers when it comes time to check them against government watch lists, Baker said.

Some states, including Maine, have rejected Real ID on cost grounds, however, and privacy advocates worry about what will happen to data on the IDs' mandatory bar code when it is scanned by banks, bars and other businesses. DHS ruled earlier this month that the data will not be encrypted because of "operational" concerns, such as police being able to easily scan the data from the backs of licenses during traffic stops.

Baker said Wednesday that the department would consider requiring encryption as it writes the final rules, but added: "If you impose encryption requirements that make that exchange of information difficult, [..you don't know how to use encryption! Bob] you're undermining, not improving, security associated with driver's licenses, we don't want to do that."

Several members of the committee, composed of security companies, academia and nonprofit groups who make policy recommendations to Homeland Security privacy officials, raised concerns about the new system at Wednesday's meeting.

"With what happens now in airports, it doesn't look like it would matter how hard the document was to fake because no one looks at it closely enough to even think about that question," said committee Chairman J. Howard Beales, a George Washington University professor and former Federal Trade Commission official. "Is there a more elaborate process that's envisioned here?"

Baker said Homeland Security was considering taking over the identification check process and putting in stricter controls. Right now, people who check IDs in airport security lines are not generally government employees, he said.

Earlier in the meeting, Jonathan Frenkel, a senior policy adviser with Homeland Security, complained about what he called a rash of "misinformation" about draft national standards for ID cards.

For one thing, he said it's "utter nonsense" that the U.S. government is planning a "Big Brother kind of system" to track American citizens' every move through the cards, as one Missouri state legislator suggested this week.

Frenkel said that if the government really wanted to track cardholders, it would force all citizens to carry the cards. [Oh cool! I don't need to carry my drivers license any more... Bob] "Since no one is ever required to carry a Real ID...it makes no sense that the government would track something that (a person) doesn't have to carry," he said. (Many nations do require their citizens to carry such documents, and some Real ID critics view the law as the first step toward such a system.)

It also isn't true that only a Real ID card will allow a person to board an airplane or enter a federal building, Frenkel said. A U.S. passport issued by the State Department--new ones have RFID tracking chips embedded--would also qualify.

Privacy groups took issue with the agency's assertions. "It is not ridiculous to say that Real ID will create a national identification system that will allow people to be tracked," said Melissa Ngo, director of the Identification and Surveillance Project at the Electronic Privacy Information Center. "Real ID is ostensibly voluntary, but that just isn't true."

Barry Steinhardt, director of the American Civil Liberties Union's Technology and Liberty Program, said the practical effect of the rules will be a "uniform" card with a machine-readable zone whose information can readily be harvested by outsiders.


...and CON

http://www.pogowasright.org/article.php?story=20070321171015891

EPIC Appears Before Homeland Security Committee on REAL ID

Wednesday, March 21 2007 @ 05:10 PM CDT - Contributed by: PrivacyNews - Fed. Govt.

From EPIC.org:

At a Department of Homeland Security Data Privacy and Integrity Advisory Committee meeting today, EPIC and other groups explained the many security, financial and privacy costs created by the proposed regulations to implement the REAL ID Act (pdf). EPIC explained (pdf) that the ubiquity of licenses; mandate that only REAL ID cards will be used for federal purposes; and proposed universal design for non-REAL ID cards, add up to an atmosphere where people without such cards will be looked upon with suspicion. EPIC's Melissa Ngo said, "Critics of the REAL ID Act and proposed regulations have been labeled anti-security. It is not anti-security to reject a national identification system that does not add to our security protections."

Source - EPIC's explanation [pdf]



Next year we'll have everyone to skinny dip in ink and roll on this life-size sheet of paper...”

http://digg.com/security/US_wants_all_10_fingerprints_on_entry

US wants all 10 fingerprints on entry

Currently foreign travelers must have their index fingers scanned into a database when they enter the US by agents of the Department of Homeland Security. Those prints can then be checked against a database of fingerprints held by police forces or the FBI. That number will increase to all 10 fingerprints.

http://www.theregister.co.uk/2007/03/21/us_travellers_fingerprints/



If this fell under the new discovery rules, would executions be in order?

http://www.wired.com/news/technology/0,73048-0.html?tw=rss.index

E-Vote Memo Is a 'Smoking Gun'

By Kim Zetter 05:00 AM Mar, 22, 2007

A memo sent last year by a voting machine maker to election officials in Florida has reignited controversy over the reliability and accuracy of the company's machines. Voting activists are now renewing calls to examine source code used in the Election Systems & Software machines during a close election last November.

Activists say the memo, which was uncovered last September but only came to prominence last week, proves that ES&S and Florida election officials knew about problems with the company's iVotronic touch-screen machines before the election, yet withheld the information from a court to prevent activists from examining the voting software.

The software, activists say, is crucial to a dispute over the 13th Congressional District race in November, in which Democrat Christine Jennings lost by fewer than 400 votes to Republican Vern Buchanan. Jennings and groups of voters filed separate lawsuits contending that the results were questionable because more than 18,000 ballots cast in Sarasota County mysteriously recorded no vote in the congressional race.

Activists say the ES&S memo points to a possible reason for the high "undervote" rate.

"This memo is the smoking gun that says, 'Yes, Houston, we have a problem,'" says Reginald Mitchell, lawyer for People for the American Way, which, along with other voting groups, filed a motion (.pdf) Tuesday asking the court to reopen its December ruling denying access to the ES&S code. "They had a duty to share it with the judge to say there was a problem with the machines and it's probably sanctionable that they didn't provide it. And there's no way they should have gone to the court and said everything is fine with their machines."

Jennings and voting activists had sought not only access to the source code but to all correspondence between ES&S and election officials related to the performance of the machines. The memo was not among documents handed over. Last year, ES&S, which did not return a call for comment, told the court that its machines performed with 100 percent accuracy and worked as designed during the 2006 elections.

But the memo, which the company sent to Florida election officials before the state's September primary, revealed that the iVotronic machines had a flaw that sometimes caused machines to respond slowly to a voter's touch "beyond the normal time a voter would expect to have their selection highlighted." The memo stated that a software upgrade was required but couldn't be certified before the September election. In its absence, ES&S sent election officials a warning sign to post at polls advising voters that they might need to press the screen for several seconds before their votes would register.

Kathy Dent, election supervisor in Sarasota, decided not to post the sign, saying that an existing department sign instructing voters with less strongly worded language was sufficient. An action alert sent to poll workers also instructed them to emphasize to voters to "keep pressing their selection" until they saw their choices register.

In an interview with Wired News, Dent said the machines performed without problems in the September primary and it wasn't until after 18,000 undervotes were discovered in the November race that she became aware from poll workers that voters had experienced problems with the machines. She also said the machines had no response problems in last week's countywide election.

Dent said her office didn't withhold the memo from the plaintiffs but had misfiled it in a folder containing proprietary information about the machines and found it only when reporters asked about it. She said that e-mails discussing the issue with ES&S and with her staff members were given to the plaintiffs.

The ES&S memo was obtained by a Florida voting activist in August through a Freedom of Information Act request. After that activist posted it to a listserv, Joyce McCloy of the North Carolina Coalition for Verified Voting sent the memo to computer scientists and other activists in Florida. McCloy also posted it to her website in September, where it sat unnoticed. The blogosphere noticed the memo only after she discussed it recently in comments posted to a computer scientist's blog.

Dent said the memo is insignificant since independent computer scientists working with Florida State University to examine the ES&S source code released a report (.pdf) last month saying they found no flaws that would have produced the high undervote rate -- although they did find other problems with the software.

Calls to several of the report participants were not returned. But Avi Rubin, a computer scientist with Johns Hopkins University and an expert on e-voting machines, says that a source code review would not uncover the kind of intermittent problem that voters described having with the machines. For that, he said, examiners would need to impound the machines used in the election and test them under circumstances identical to those under which the problems occurred. Even then tests could be inconclusive.

"It's probably based on something that happens only some of the time under certain conditions," he says. "And glitches that manifest with low probability under specific circumstances are hard to detect."



Strategy is as strategy does. Even bad legal strategy

http://yro.slashdot.org/article.pl?sid=07/03/22/0336230&from=rss

RIAA Caught in Tough Legal Situation

Posted by samzenpus on Thursday March 22, @04:23AM from the catch-22 dept. Music

JeffreysTube writes "The RIAA's legal fight against a divorced mother has run into trouble, with the judge now telling the RIAA that its only two options are to proceed with a jury trial against Patty Santangelo or dismiss the case with prejudice. If the latter happens, Santangelo officially "wins" and could collect attorneys' fees. The judge is less than pleased with the RIAA, which is now trying to drop the case without giving Santangelo a chance to be declared guilty. 'This case is two years old,' wrote Judge McMahon. 'There has been extensive fact discovery. After taking this discovery, either plaintiffs want to make their case that Mrs. Santangelo is guilty of contributory copyright infringement or they do not.'"



One more voice added

http://techdirt.com/articles/20070322/002651.shtml

Walt Mossberg Asks Congress To Rewrite The DMCA

from the good-for-him dept

A year and a half ago, famed Wall Street Journal columnist Walt Mossberg wrote up an opinion piece about problems with copy protection technology. He's now written a very similar piece blasting the DMCA and asking Congress to rewrite copyright law. His main point is that recent changes to copyright law have all been written by the copyright industry (sometimes with some influence from other industries), but never with any voice from the consumer side of things. For those who prefer to watch and listen, rather than read, Mossberg, he's also got a video that covers similar ground:

[Video link at the site Bob]

It's great to see someone with the stature and visibility of a Walt Mossberg come out in favor of fixing a bad law like the DMCA, and great to see him pick up on the key point that it's the very people Congress is supposed to be representing that got totally left out of the discussion last time around. Like his last article on the topic, though, there are some points to nitpick. While many people do this (unfortunately), Mossberg falls into the trap of assuming that this is all a big tug of war -- and what benefits one side harms the other. It's this zero-sum thinking that has everyone at each other's throats, rather than looking for solutions that benefit everyone. It's not about "balance" between copyright holders and content consumers -- but about creating a system that works for everyone. So, yes, let's rewrite bad copyright laws, and let's keep the consumer in mind when we do, but it's time to recognize that serving the consumer doesn't mean hurting the producer. In just about every other industry, people recognize that better serving consumers tends to be good for business too. It's not clear why everyone assumes the same concept isn't valid when it comes to content as well.



http://www.bespacific.com/mt/archives/014332.html

March 21, 2007

British and Irish Legal Information Institute Launches New Website

Via Cynthia S. Fellows, BAILII Open Law Project: The British and Irish Legal Information Institute has a new website. New features include:



http://www.bespacific.com/mt/archives/014344.html

March 21, 2007

FTC Testifies on Identity Theft and Social Security Numbers

Press release: "The Federal Trade Commission today told the Senate Judiciary Committee Subcommittee on Terrorism, Technology, and Homeland Security that “the government and the private sector must continue to work together to reduce the opportunities for thieves to obtain consumers’ personal information and make it more difficult for thieves to misuse that information if they obtain it.” Lydia Parnes, Director of the FTC’s Bureau of Consumer Protection, said government and the business community should evaluate whether they need to collect and maintain the data they have about consumers, better-protect the data that they do possess, and develop better ways to authenticate customers to keep identity thieves from using the information they steal."



Tool for my Powerpoint class?

http://blog.wired.com/geekdad/2007/03/turn_your_kids_.html

Wednesday, March 21, 2007

Turn your kid's drawings into videogames

Like all boys my sons spend a lot of time drawing elaborate battle tableaus with lots of knights (the younger one) or marines (the older one). They pretend that the figures are actually moving and fighting and the act of drawing becomes the animation. But we thought it would be cool to see if we could find a way to actually animate these drawings and turn them into 2D videogames they could make themselves.

The easiest way to do this we found was The Games Factory 2, which is a package that lets you program games without writing any code. You just create or import graphics, assign them properties (location, moving or not, background or foreground layer, etc) and then script "events" in a simple matrix of checkboxes that looks like this:



WOW! Watch the video. You will need ink by the gallon...

http://digg.com/gadgets/Amazing_200_inkjet_prints_one_page_per_SECOND_on_sale_next_year_VIDEO

Amazing $200 inkjet - prints one page per SECOND on sale next year (VIDEO)

Secretive inventor with more patents that Edison. Spent 13 years developing the technology. Today released videos that have stunned the printer industry. Analysts have confirmed prototypes are real. Ultra-high speed $150 photo printer technology available 2007. Also promises color printers built into mobile phones, digicams, and handheld games...

http://texyt.com/silverbrook+memjet+technology+available+desktop+photo+wideformat+hp+edgeline+comparison



Very interesting...

http://digg.com/movies/Best_Online_Documentaries_2

Best Online Documentaries

"A comprehensive list of documentaries, to be viewed online for free"

http://best.online.docus.googlepages.com/



Taste. Some of us ain't got none!

http://digg.com/offbeat_news/Top_1000_Books_Owned_by_Libraries_Around_the_World

Top 1000 Books Owned by Libraries Around the World

What’s the most popularly held book in libraries around the world? Which author or character —or monster or animal—is found most often on library shelves worldwide? The research division of OCLC compiled a list of the top 1,000 titles owned by member libraries.

http://www.oclc.org/research/top1000/default.htm

[From the site: http://blogs.britannica.com/blog/main/2007/03/fun-facts-about-the-oclc-top-1000/

Which author has the most works on the OCLC Top 1000 list?

William Shakespeare (with 37 works). He is followed by Charles Dickens (16 works) and John Grisham (13 works).

Which author on the list is most held by OCLC libraries?

William Shakespeare, followed by the United States government, Charles Dickens, Mark Twain, and Giuseppe Verdi.

Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)