Tuesday, May 08, 2007

Is this a new package of benefits for those at risk?

http://www.bespacific.com/mt/archives/014805.html

May 07, 2007

TSA Public Statement on Employee Data Security Incident

Follow up to May 5, 2007 posting, Missing TSA Hard Drive Has Data on 100,000 Employees, this additional update from the TSA: "Today the Transportation Security Administration (TSA) announced a benefit package to provide employees and former employees affected by the data security incident with free credit monitoring for up-to one year. In addition to credit monitoring, the package includes ID theft insurance up to $25,000, fraud alerts and identity restoration specialists who will complete paperwork and assist employees in the event they are a victim of identity theft. Current and former employees can register via phone, mail or online through a secure web site. More information is available at www.tsa.gov, including a list of frequently asked questions."



Hurry, hurry, hurry! Only three more years! (Just before we finish counting the Chad...)

http://www.pogowasright.org/article.php?story=2007050715174536

FL: You're online -- for all to see

Monday, May 07 2007 @ 03:17 PM CDT - Contributed by: PrivacyNews - State/Local Govt.

The state's clerks of court will get three more years to black out Social Security, bank account, credit, debit and charge card numbers from public records available on the Internet.

That's three more years Florida citizens could be at risk of identity theft courtesy of state and local government. Until then, residents must submit a request in writing to have their personal information stricken from online documents.

Without debate, the State Senate voted (40-0) Wednesday to give clerks until the year 2011 to edit out personal information from online records. The bill (HB 7197) was approved by the House (115-0) last week. The legislation will now go to Gov. Crist for his review.

Source - Miami Herald (Props, The Virginia Watchdog)



Never a good sign...

http://www.pogowasright.org/article.php?story=20070507184207284

Homeland Security's Own Privacy Panel Declines to Endorse License Rules

Monday, May 07 2007 @ 06:42 PM CDT - Contributed by: PrivacyNews - Fed. Govt.

The Department of Homeland Security's outside privacy advisors explicitly refused to bless proposed federal rules to standardize states' driver's license Monday, saying the Department's proposed rules for standardized driver's licenses -- known as Real IDs -- do not adequately address privacy, price, information security, redress, "mission creep", and national security protections.

Source - Threat Level (blog)



Picky, picky!

http://www.pogowasright.org/article.php?story=20070507071107247

Journalists Intend to Sue Hewlett-Packard Over Surveillance

Monday, May 07 2007 @ 07:27 AM CDT - Contributed by: PrivacyNews - Businesses & Privacy

In an unusual step for the news media, three journalists whose private phone records were scrutinized by investigators working for Hewlett-Packard intend to sue the company for invasion of privacy.

The dispute stems from an investigation of Hewlett-Packard’s directors initiated under the company’s former chairwoman, Patricia C. Dunn. To try to uncover leaks from board members, private investigators examined the phone records of nine journalists who covered the company, as well as the records of some of their relatives.

Source - The Ledger



Quick summary

http://www.epic.org/privacy/consumer/states.html

Privacy Laws by State



Track everyone/everything at all times.

http://www.eweek.com/article2/0,1759,2126991,00.asp?kc=EWRSS03119TX1K0000594

Bermuda to Put RFID in All Vehicles on Island

May 7, 2007 By Renee Boucher Ferguson

Cars in Bermuda are getting chipped. RFID chipped that is.

Bermuda's Transport Control Department, a division of the tiny string of island's Ministry of Tourism, announced May 7 that it plans to automate vehicle registration, compliance and enforcement with an island-wide deployment of EVR (electronic vehicle registration). The EVR system is made up of RFID tags, antennas, readers and a database system.



Sometimes it is better to say nothing...

http://techdirt.com/articles/20070504/094845.shtml

Verizon Says It Has A First Amendment Right To Illegally Give Your Call Records To The Government

from the that's-an-interesting-way-to-look-at-things dept

The nation's biggest telcos are working hard to make the lawsuits against them for passing customer call records and other info to the government as part of its program of warrantless wiretaps disappear. AT&T's argument that it was just following government orders didn't wash with a judge, and now Verizon is claiming that its passing of information to the government is protected by the First Amendment. Yes, you read that correctly: it says the Electronic Communications Privacy Act is unconstitutional, and the information it passed to the government -- in apparent violation of it, and to comply with the sort of warrantless surveillance the ECPA was designed to prevent -- is constitutionally protected free speech. This seems tenuous at best, but it fits with Verizon's MO. The company always tries to whitewash its customer data leaks by filing lawsuits and trying to shift the blame onto pretexters and information brokers, and making the problem appear to be solely these people's activities, rather than its own inability to protect customer data. Likewise in this case, it contends that it's done nothing wrong, and that the ECPA makes the mistake of trying to prevent free speech, rather than putting restrictions on the government's ability to ask for the information. Of course, those restrictions exist (in the form of having to get a warrant), but didn't really work so well here. Verizon's complicity seems pretty obvious and its free-speech claims look like little more than a hail-mary attempt to shirk liability for disclosing the customer information. That may not be necessary, though, if the Bush administration's attempts to get Congress to pass a law giving the telcos immunity from these sorts of lawsuits are successful.



Is this going to be fun or what? Imagine the RIAA trying to explain how their gibberish is superior to the defense the MIT students could mount. I can't wait!

http://www-tech.mit.edu/V127/N24/riaa.html

RIAA Pre-Litigation Letters Sent to MIT

23 Students Accused of Copyright Violations

By Nick Semenkovich ASSOCIATE NEWS EDITOR May 8, 2007

Twenty-three MIT students have been sent pre-litigation settlement letters after allegedly illegally downloading copyrighted audio recordings, according to a press release from the Recording Industry Association of America.

MIT received the pre-litigation letters last Wednesday, May 2, said Daniel Jacobs, legal assistant in MIT's Senior Counsel's Office. At that time, Jacobs said that the letters would have to be analyzed before MIT considered forwarding them to students. These are the first RIAA pre-litigation letters received by MIT, according to Jacobs.

As of yesterday, MIT had forwarded the letters on to students, said Timothy J. McGovern, manager of IT Security Support for Information Services and Technology. McGovern also said that MIT suggested students talk with advisers, family members, or attorneys in considering a response to a pre-litigation letter.

McGovern declined to discuss legal specifics regarding the cases, saying the letters were part of a student's permanent record and thus legally protected by the Family Educational Rights and Privacy Act.

... A sample pre-litigation settlement agreement is available at http://www-tech.mit.edu/V127/N24/riaa/letter.pdf.

Jeffrey I. Schiller '79, Network Manager for IS&T, said that the letters also act as a preserve order for MIT, requiring the Institute to save information about the user of a specific IP. MIT maintains a database of IP addresses assigned to users and stores the information for 30 days, said Schiller. "Suppose on day 29 we get one of the pre-litigation notices. Once we get one of these, we basically … have to save the information forever."

... McGovern stated that "most" of the students who were sent pre-litigation letters had previously received Digital Millennium Copyright Act takedown notices [This suggests that “most” downloaders also put the music online for others... I doubt that is true. Bob]regarding the music in question. Schiller said that MIT, acting as an Internet Service Provider, forwards DMCA notices to students accused of violating copyright law.

... Moreover, Schiller cautioned that not all students who receive DMCA notices necessarily violated copyright law. Shiller said that it is becoming "quite difficult" to ensure IP addresses were actually used for infringement. "I've seen notices for random IP addresses that we would have never assigned," said Schiller.

Furthermore, the complexity of some protocols such as BitTorrent has caused erroneous DMCA notices to be sent. A discussion on the EDUCAUSE Security Discussion Group last month included concerns that HBO had sent a series of inaccurate DMCA notices with incorrect infringement times. The discussion also suggested that HBO was relying on questionable and possibly forged data from BitTorrent "trackers" — directory servers that contain information about IPs downloading a file — that could be readily forged.



Can this be correct? (see article on anti-SLAPP, below)

http://politics.slashdot.org/article.pl?sid=07/05/07/2227201&from=rss

Library of Congress Threatens Washington Watch Wiki

Posted by kdawson on Monday May 07, @07:11PM from the trademark-madness dept. United States Politics

BackRow writes "Washington Watch, a site devoted to tracking the cost of federal legislation, has raised the hackles of the Library of Congress with a new wiki that makes an unfavorable comparison to the LOC's THOMAS legislative search engine. After Jim Harper, Washington Watch's creator and the director of information policy at the Cato Institute, announced the wiki, he received a nastygram from the LOC."

Quoting: "After the announcement, he was contacted by Matt Raymond, the Director of Communications at the Library (and the author of the Library of Congress' blog). Raymond said that he possessed 'statutory and regulatory authority governing unauthorized use of the Library's name and logo and those of Library subunits and programs,' and he asked that Harper stop using the names 'Library of Congress' and 'THOMAS' in his marketing materials."


Other wikis... (Want to build your own?)

http://www.advolcano.com/blog/?p=11

Top 57 Wikis By Rank

Over the last couple years we’ve watched Wikipedia go from a virtually unknown website to one of the top 10 in the world - so it’s no secret that Wiki’s have seen an unprecedented amount of growth and popularity (not to mention free Wiki engines such as MediaWiki or MoinMoin feeding that growth).

I took the liberty to scour the web for as many Wiki’s as I could find, meanwhile compiling a list of each. Some of my findings were great, such as: WikiTravel, Heroes Wiki, and WoW Wiki (for all you WoW fanatics), and some, well, not so great.

I noticed a growing amount of businesses adopting the concept. Wiki’s aren’t only a helpful resource for customers, but a great way for marketers to obtain that all-too-important customer feedback, which is why it’s great that more businesses are beginning to understand the true value of Wikiing (wikiing?) :).

Anyway, on with the good stuff. Here’s a list of over fifty Wiki’s by rank. If there’s something I’ve missed, post a comment and I’ll be happy to add it. Enjoy…



Why do we care? See next article and the LOC article above

http://techdirt.com/articles/20070506/185214.shtml

In Case You Didn't Know: Anti-SLAPP Laws Apply To Bloggers Too

from the fyi dept

This probably won't come as a huge shock to, well, anyone, but for the various bloggers who are getting sued by individuals or companies upset about what they're saying, bloggers do appear to be protected by anti-SLAPP laws. Of course, this doesn't mean bloggers can just go and defame or libel anyone -- but as long as there's support behind what they're saying, it sounds like a court will recognize if the suing party is simply trying to shut someone up, rather than respond to actual libel or defamation. If you're unfamiliar with them, anti-SLAPP laws are designed to protect individuals who are sued by companies who are simply trying to shut up the individual. The idea is that a big company can just file a libel suit against someone they don't like (even if there's no libel), and since it's so expensive (and scary) to be sued, the individual will be forced to quiet down. Anti-SLAPP laws give the individuals a quick way to fight back and stop such bogus lawsuits.


...so many organizations forget this simple fact!

http://techdirt.com/articles/20070507/105514.shtml

Thanks To The Web, Everybody's A Potential Critic -- So Treat Them Well

from the business-101 dept

The rise of blogs and user-generated content sites has turned every customer of a business into a potential critic with a big platform. Word of mouth still serves as a huge boon or burden to a company; but like so many other things, the internet has made its spread much more efficient. Many consumers check out all sorts of businesses and restaurants online before they visit them, and while professional reviews still matter, blogs and sites that aggregate user reviews are growing increasingly powerful. The question for businesses is how to respond to and capitalize on this trend. Some try to bury criticism or attack critics, but some are pointing out, the best way to keep potential customers from finding out you don't treat customers well is simply to treat them all well to begin with. Professional restaurant critics typically strive to maintain their anonymity, and restaurants strive to find out what they look like to they be sure to put their best foot forward when they visit. But as more people put stock in what fellow non-professional critics have to say about restaurants and other sorts of businesses, it means they'll have to raise their game for everybody. After all, you may figure out what the Times reviewer looks like, but you're going to have a hard time keeping track of all the "normal people" reviewers.



You have to design increased productivity into all parts of the process...

http://news.yahoo.com/s/nm/20070507/od_nm/belgium_speeding_dc;_ylt=AmRHnfDy7bIHSQhY3ogpJbrMWM0F

Prosecutors to go easy on speeding drivers

Mon May 7, 10:23 AM ET

Prosecutors in the Belgian capital, overwhelmed by the number of speeding fines imposed since fixed radar traps were installed, have asked police to let off all but the worst offenders -- angering local mayors.

The prosecutor's office, grappling with a backlog of 10,000 cases, has asked Brussels police not to fine drivers unless they are motoring at 87 kph (54 mph), or 67 kph (42 mph) near schools, the daily La Derniere Heure reported Saturday.

Speeding fines are not automatic in Belgium and each case goes through the prosecutor's office.

The paper quoted a letter from the prosecutor to district mayors suggesting they temporarily reduce the number of speed controls and that police report only the worst cases, when drivers exceed the limit by 30 kph plus a 6 kph tolerance margin.

The speed limit in most of Brussels is 50 kph, reduced to 30 kph in areas near schools.

RTBF radio quoted several district mayors as voicing outrage over the circular because most offenders would escape punishment. The prosecutor's spokesman was not available for comment.



If my integer is 00 00 00 00 00 00 00 00 01, can I sue anyone who publishes a one?

http://www.freedom-to-tinker.com/?p=1155#comments

You Can Own an Integer Too — Get Yours Here

Monday May 7, 2007 by Ed Felten

Remember last week’s kerfuffle over whether the movie industry could own random 128-bit numbers? (If not, here’s some background: 1, 2, 3)

Now, thanks to our newly developed VirtualLandGrab technology, you can own a 128-bit integer of your very own.

Here’s how we do it. First, we generate a fresh pseudorandom integer, just for you. Then we use your integer to encrypt a copyrighted haiku, thereby transforming your integer into a circumvention device capable of decrypting the haiku without your permission. We then give you all of our rights to decrypt the haiku using your integer. The DMCA does the rest.

The haiku is copyright 2007 by Edward W. Felten:

We own integers,

Says AACS LA.

You can own one too.

Here is your very own 128-bit integer, which we hereby deed to you:

49 73 B9 DC DC A0 81 D7 E8 05 93 0C 32 85 59 66

If you’d like another integer, just hit Shift-Reload, and we’ll make a fresh one for you. Make as many as you want! Did we mention that a shiny new integer would make a perfect Mother’s Day gift?

If you like our service, you can upgrade for a low annual fee to VirtualLandGrab Gold — and claim thousands of integers with a single click!



Read yourself to sleep?

http://www.f-secure.com/weblog/#00001186

PhD on Viruses

Posted by Mikko @ 14:41 GMT

There are surprisingly few people out there who have done their PhD thesis on computer viruses.

However, we just got one more. Mr. Jussi Parikka did his dissertation on his thesis titled "Digital Contagions. A Media Archeology of Computer Worms and Viruses" on Saturday at the University of Turku, Finland.

As we here at F-Secure have a fairly substantial collection of material and memorabilia from the early days of the computer virus problem, we lent some of this material to Mr. Parikka during his research phase. It's good to see the final outcome now.

No comments: