Guidelines? Or a call for guidelines?

http://www.pogowasright.org/article.php?story=20071213062947923

Security Breach Notification Laws: Views from Chief Security Officers

Thursday, December 13 2007 @ 06:50 AM EST Contributed by: PrivacyNews News Section: Breaches

From the Executive Summary:

... this study proposes establishing a uniform set of notification requirements to maximize information exchange about security breaches:

• Establish a uniform standard that requires public notice of all security breaches – to help security professionals track and adapt to incidents at other organizations and to ensure that all affected consumers are being provided with breach notices.

• Establish a uniform reporting standard and require notification to a centralized organization in addition to consumers – to make information on breaches publicly available and allow industry professionals to reference breach reports for information on security vulnerabilities.

• Clarify and broaden technology safe harbor provisions beyond encryption – to give better guidance to organizations on what types of security mechanisms are sufficient to prevent lost data from being accessible for the purposes of misuse and to incubate research into and adoption of other technologies that effectively render personal information useless if accessed without authorization.

• Create a safe harbor period for notifications – to compromise between giving clear instructions on how quickly notifications must be given and providing enough flexibility for organizations to investigate and remedy security breaches.

• Collect more information on the type of notification trigger language that should be used.

Source - Study Conducted for the Samuelson Law, Technology & Public Policy Clinic [pdf] (December, 2007)

(Props, Bruce Schneier)

Analysts rule!

http://www.pogowasright.org/article.php?story=20071213063703360

Bruce Schneier: Why 'Anonymous' Data Sometimes Isn't (commentary)

Thursday, December 13 2007 @ 06:51 AM EST Contributed by: PrivacyNewsNews Section: Internet & Computers

Last year, Netflix published 10 million movie rankings by 500,000 customers, as part of a challenge for people to come up with better recommendation systems than the one the company was using. The data was anonymized by removing personal details and replacing names with random numbers, to protect the privacy of the recommenders.

Arvind Narayanan and Vitaly Shmatikov, researchers at the University of Texas at Austin, de-anonymized some of the Netflix data by comparing rankings and timestamps with public information in the Internet Movie Database, or IMDb.

Their research (.pdf) illustrates some inherent security problems with anonymous data, but first it's important to explain what they did and did not do.

Source - Wired

If they see the camera, they can order you to stop videotaping. If they don't, you're a criminal?

http://www.huffingtonpost.com/eugene-volokh/the-dark-side-of-privacy-_b_76518.html

The Dark Side of Privacy Law:

Eugene Volokh Posted December 12, 2007 | 03:54 PM (EST)

InstaPundit links to a story about someone who was "convicted of violating state wiretapping laws" for "conceal[ing] a camera to videotape a Boston University police sergeant ... during a 2006 political protest."

That's pretty outrageous, but it's entirely consistent with a 2001 Massachusetts Supreme Judicial Court decision in Commonwealth v. Hyde, which is based on Massachusetts' extremely broad privacy law:

With the right tools, even a small number of spammers can reach millions...

http://blogs.cnet.com/8301-13505_1-9831556-16.html?part=rss&subj=news&tag=2547-1_3-0-5

Study: 95 percent of all e-mail sent in 2007 was spam

Posted by Matt Asay December 12, 2007 3:02 PM PST

There was a time--2004 to be precise--when spam "only" consumed 70 percent of all e-mail. Those were the good old days. Today, as Barracuda Networks' annual spam report shows, upwards of 95 percent of all e-mail is spam. In 2001, the number was 5 percent.

“We are French, we don't have to be rational!”

http://techdirt.com/articles/20071213/010749.shtml

France Says Non! To Amazon's Free Shipping

from the we-want-our-citizens-to-pay-more dept

I've never quite understood European laws that bans the discounting of books. It's one of those protectionist laws that ends up harming everyone. While economically-challenged folks will say that it helps save independent bookstores, they are unwilling to admit at what cost: less innovation in the way books are sold, fewer books purchased and higher prices for everyone. And, there's actually evidence to suggest that it really doesn't do much to protect those independent booksellers after all. The UK ditched such price fixing over a decade ago and didn't see the expected demise of independent booksellers. However, France is still a big believer in the concept and has now told Amazon.com it can no longer offer its famed "free shipping," since that effectively is an excessive discount. Amazon now has ten days to start charging shipping fees, or face daily fines. In other words, ordering books online just got a lot more expensive. It's difficult to see how that helps anyone.

A nice geeky video...

http://blog.wired.com/27bstroke6/2007/12/pgps-geek-chris.html

PGP's Geek Christmas Carol

By Kim Zetter EmailDecember 12, 2007 | 1:13:31 PMCategories: Hacks and Cracks

The security geeks at PGP have put together this video carol of the "12 Threats of Christmas" as performed in harmony (with a little hip hop thrown in) by Boyz Nite Out.