Saturday, March 24, 2007

An unusual situation. This technique is probably not limited to the military, but at least they could and did determine that it was occurring. Would your bank notice it?

DoD Investigates Hacking of Troops' Personal Computers

By Carmen L. Gleason, American Forces Press Service Mar 23, 2007 - 9:59:56 AM

Blackanthem Military News, WASHINGTON, D.C. - Defense Department officials have launched an investigation into recent computer hackings of servicemembers' home computers that compromised personal information and led to the redirection of funds from their military pay accounts.

Over the past eight months, nearly two dozen [Low numbers indicate a good and timely security response. Bob] Defense Finance and Accounting Service "myPay" participants have had their accounts accessed by unauthorized personnel, officials said. The myPay program allows DFAS users to manage pay information, leave and earnings statements and W-2s online.

The compromise likely came from personal information being stolen from home computers via spyware and keystroke-logging viruses, DFAS officials said.

A hacker redirected one servicemember's pay to a credit card vendor by changing account information the day before pay day, Tom LaRock, DFAS spokesman, said. However, he added, DFAS quickly worked with his bank to have funds returned to his account within two days.

... DFAS plans to launch a new program soon that will increase the ability to detect unauthorized changes prior to processing by pay systems.

... "This won't completely stop compromises," he said, "but it will help alert us more quickly so appropriate actions can be taken." [Proper attitude! Bob]

Another case of stealing just the (portable?) hard drives... Perhaps the computers were locked down?

Hard drives with hundreds of patient files stolen

By Connie Thompson Watch the story

KOMO 4 News has learned a thief or thieves have stolen computer hard drives with personal files on hundreds of local patients.

Police aren't saying much, but it appears to involve someone that has access to offices in the building.

This week, Swedish Urology Group notified hundreds of patients and former patients about potential identity theft at its office in Seattle.

... In its letter to patients, the group says "three external hard drives, which we use to back up our data, were stolen from our locked office suite."

"Although we have security measures in place, the hard drives were taken as a result of an unforeseen intentional criminal activity."

Data Goes Back As Long As 3 or 4 Years

Based on our contact with patients and former patients who got the notice, the stolen computer go back as long as 3 or 4 years.

It's another example of how easily identity theft can happen, because in this case there's no sign of forced entry. The property management has sent notices to every office in the building, alerting them of the theft and urging them to make sure valuables are secured before the offices are closed for business.

... Because of the complexity of its hard drive technology, [Ooo! A new meaningless phrase! Bob] The Swedish Urology Group stresses the likelihood of patient information being retrieved is extremely low.

Note this is from the same TV station as the last article... Crime wave?

Group Health laptops missing, 31,000 identities at risk

By Joe Furia Watch the story

SEATTLE - Group Health Cooperative Health Care System said Friday two of its laptop computers containing the personal information of 31,000 people are missing. The computers are said to contain the names, addresses, social security numbers and Group Health ID numbers of local patients and employees.

,,, The letter also stated one of the computers disappeared on Feb. 26, and the second on March 7. [Stealing the first one was so easy the thief came back for another? Bob]

Now Donnelly wants to know why it took Group Health nearly a month to let her know.

... Group Health would not agree to an on-camera interview with KOMO 4 News, but the company did release a statement which, in part, read:

"Our investigation has not produced evidence that the missing laptops were deliberately taken for an illegal purpose, nor any evidence that the information they contained has been accessed by any unauthorized person." [These are old meaningless terms. They should learn form the guys in the previous story. Bob]

Would this have been lost if it was a package of cash?

KHPA informing consumers of an alleged loss of data CD

Additional steps being taken to ensure private health information is kept secure in the future [In retrospect, we think the barn door should have been closed. Bob]

Story by KHPA News Release 5:09 p.m. Friday, March 23, 2007

The Kansas Health Policy Authority (KHPA) began notifying a small number of individuals that a computer disk containing information about their health records and identity may have been lost within the agency. A letter sent to the affected individuals should be received in the mail Friday.

The password-protected disk was mailed to the KHPA by a company that helps process information about people receiving benefits. KHPA did receive the package with the disk, but the disk did not reach the person who was supposed to receive it. There is no evidence that the disk went beyond our office, the password was broken, or any information was taken off the disk.

... KHPA is taking every step to ensure that individuals’ information is kept private and is not compromised Friday and in the future. KHPA has conducted its own investigation, and as a result, is changing how it manages mail and other processes. Even though KHPA has a privacy officer, the agency will hire an additional person to help protect the privacy and security of customers’ information.

Why not? Obviously it's so simple a child could do it. This first article is interesting for what it does NOT say... Makes it seem that the State didn't stand a chance against such a serious threat...;jsessionid=OJW2PYPIEJXTYQSNDLRCKHSCJUNN2JVN?articleID=198500410

Hacker Suspected Of Multistate Break-In Spree

... The hacker being investigated for stealing the personal identification information of 71,000 health-care workers certified in Indiana is suspected of breaching other state government sites.

... The credit card information had been accidentally stored against state IT policy, said Cotterill in an interview.

... Cotterill, who wouldn't say how the hacker got into the system, called the breach a "sophisticated" attack.

"It took a level of expertise we hadn't seen before," he said. "We have Web sites under attack every day, and our Web site has not suffered an attack like this before."


State: Web Site Breach May Have Been Prank

Investigators Have Suspect; Charges Pending

POSTED: 8:44 pm EDT March 22, 2007 UPDATED: 8:49 pm EDT March 22, 2007

INDIANAPOLIS -- A state Web site security breach in which thousands of Social Security numbers and credit card numbers were exposed may have been a prank by a teenager, the Indiana Office of Technology said Thursday.

Investigators have identified a teen they believe hacked into and gained access to Social Security numbers for 71,000 health-care workers and credit card information of about 5,600 people and businesses, the office said.

"It appears like it was a teenage hacker that was out just trying to prove something," [Looks like he proved their security was not adequate... Bob] the office's Gerry Weaver said.

Should make for a great who-dun-it... Kinda like a “locked room” mystery.

State investigates leaks of Centinela prison employee data

By: Associated Press - Saturday, March 24, 2007 Last modified Friday, March 23, 2007 7:49 PM PDT

SEELEY, Calif. -- A document with personal information on more than 800 corrections officers was discovered in the ceiling panel of a watch command office at Centinela State Prison.

The document, discovered March 15, included names, addresses, telephone numbers and next-of-kin details.

California Corrections Secretary James Tilton toured the prison facility Thursday and promised an investigation. [A tour and a promise. Sounds like the perfect solution. Bob]

... Authorities are also investigating two other document leaks at the prison, located about 100 miles east of San Diego.

On March 16, an inmate was found with documents in his work boot listing 20 names of corrections staff and their Social Security numbers. Officials recently found a Post-It note inside a light socket in a minimum security area that included the names and Social Security numbers for 12 additional prison employees.

Citizen surveillance: Given tools with the potential to violate privacy, what would you expect?

Man Put Camera In Shampoo Bottle, Filmed Rommates, Police Say

created: 3/22/2007 4:40:52 PM updated: 3/22/2007 7:22:49 PM

Click here to watch this video story. ........[No, not the videos... Bob]

A Connecticut man is in hot water over something he left in his shower.

"That is absolutely one of the most horrible things I've ever heard. A complete violation of privacy," says a neighbor of Steven Thibodeau.

The 25-year-old Manchester, Connecticut resident was arrested after his female roommate discovered a camera hidden inside of a shampoo bottle in their shower.

Police say that Thibodeau used the camera to record his two female roommates showering, and that they were filmed at least 15 times. He made at least one compilation video of the shower scenes, but so far there is no evidence that he posted any of his files on the Internet. [I'll check a few hundred porn sites – to assist the police... Bob]

One roommate told police she became suspicious after noticing that the bottle of shampoo hadn't been moved over a period of several months. When she finally picked up the bottle to inspect it, wires fell out, revealing the camera.

Thibodeau originally told police that he was filming himself in the shower in order to keep track of an abnormal mole, but changed his story after failing a polygraph test.

Investigators are now combing through Thibodeau's computer hard drive searching for more evidence of his illicit movie making.

... Thibodeau is facing 15 charges of voyeurism and one count of evidence tampering. Police say he attempted to delete some of the movie files stored on his computer.

Citizen surveillance: Cameras are cheap – start your child's surveillance at birth!

Patient’s candid camera sends shockwaves through hospitals

By Jessica Fargen Boston Herald Health & Medical Reporter Friday, March 23, 2007 - Updated: 12:46 AM EST

A nurse’s discovery of a Webcam hooked up by parents in their child’s Boston hospital room has stunned the patient’s doctor, raised a mound of privacy issues and potentially left medical staff looking over their shoulders.

Dr. Samuel Blackman, a pediatric oncologist at Dana-Farber Cancer Institute, would not speak for the record when contacted by the Herald about the incident at Children’s Hospital.

But in an entry on his blog titled “Hemorrhage! You’re On Candid Camera,” Blackman strongly questioned the use of the camera in the child’s room, asking, “Should parents have the right to a hospital version of a NannyCam?” [Sure, why not? Bob]

According to Blackman’s blog account - an incident confirmed by hospital officials - the unidentified parents set up the camera so the child’s favorite relative could see what was going on during the long hospital stay. It captured, among other things, the child suffering a bloody nose and vomiting.

The parents were asked by the doctor to take the camera down. Blackman removed the blog entry yesterday afternoon.

“How far can a parent or relative go in taping the health care of their loved one?” he asked in the blog, adding that, while the filming of births is commonplace, there are questions about whether graphic procedures or even a patient’s death should be allowed to be taped.

Steps must be taken to protect the privacy of both patients and hospital staff, he wrote. [Isn't that why they wear masks? Bob]

Direct-to-Web sites like, have allowed just about anyone to bring millions of Internet junkies into a hospital room with a few key strokes.

At Beth Israel Deaconess Medical Center, chief information officer Dr. John Halamka said, “Webcams wouldn’t be something we would want to allow in a patient room. We don’t want someone walking into an OR and saying, ‘Here’s mom’s operation.’ How (would) mom feel about that?”

Every patient room has free wireless access, he said, but the hospital bans cameras and Webcams. [Unlikely they have technology in place to stop their use... Bob]

Children’s Hospital families are free to film their own child, but must have permission to record staff or other patients, said spokeswoman Anna Gonski. Blackman consulted a staff attorney about the Webcam incident, she said.

Dr. Deborah Peel of the Patient Privacy Rights Foundation said as long as a patient isn’t recording other patients, she doesn’t see violations of the federal Health Insurance Portability and Accountability Act, or HIPAA, which protects patient privacy.

“Many people are very concerned that the quality of care in hospitals has decreased so much. I could understand the family wanting a Webcam to prove what care their family did or didn’t get,” she said.

Dr. Kenneth Peelle, president of the Massachusetts Medical Society, said hospitals have adopted their own policies as the technology emerges. “It’s a relatively new area,” Peelle said.

But he said, “If it goes over to someone hiding a camera, that would be stepping over the line.”

Citizen surveillance: “Eventually, a whole range of attachments and inserts for employees will be available. See our spring catalog!”

New RFID System Takes Security to Heart

The new security system from Third Eye alerts casinos, banks or convenience stores if an employee's heart begins racing, indicating a possible robbery or theft in progress.

By Claire Swedberg

March 23, 2007—Portable surveillance systems company Third Eye has released a Security Alert Tracking System (SATS) that allows casinos, banks or convenience stores to be alerted if one of their employees' hearts begins racing. The purpose is to add intelligence to security and surveillance, alerting management to the fact that an employee is under stress [What new liability does this information create? Bob] and could be in an emergency situation, or even planning a theft against the business.

The system, designed and manufactured by biosensor and microprocessor maker SPO Medical, includes a wristband employees wear that measures the pulse rate and can send an RF signal alerting surveillance if that rate changes suddenly.

... The RFID chip is constantly beaconing its ID number, as well as the heart rate of the wearer, to receivers installed within a facility. The receivers send the data wirelessly to a PC or laptop, which forwards it to the central monitoring system.

... In the case of a facility such as a large casino, the system's purpose is to monitor the behavior of the employee and prevent theft by the employee. In this case, with multiple employees in a large area, the system can be configured to trigger cameras in the area in which the employee with the fluctuating heart rate is located to pan or zoom in on that individual, and to send an alert to security personnel.

... Receivers can pick up the signal from the transponder in the wristband from approximately 300 feet away.

“We're eventually serious about security.”

White House issues deadlines to secure Windows

Government agencies have been instructed to implement a common secure configuration on their Windows XP and Vista systems to improve security and reliability

By Jaikumar Vijayan, Computerworld, IDG News Service March 23, 2007

Federal agencies have until Feb 1, 2008 to implement a common secure configuration setting for all Windows XP and Vista systems based on standards from the National Institute of Standards and Technology (NIST) and other organizations.

I suspect he's right...

How Big A Crime is Invasion of Privacy?

By Ray Everett-Church March 21, 2007

With the dismissal of charges against former Hewlett-Packard chairman Patricia Dunn, and the assignment of 96 hours of community service to each of three other defendants, the saga of the HP board of directors spying case is drawing to a close.

Or is it?

... The brutal wrist-slaps doled out by Santa Clara County Superior Court Judge Ray Cunningham send a clear message that fraud, identity theft, and invasion of privacy are inconsequential when they’re done for white-collar reasons.

The message being sent by the judge’s decisions is pretty clear: try harder not to get caught next time or you too may have to spend two weeks picking up roadside garbage.

... Indeed, this is a common occurrence when privacy-related problems arise: how do you quantify the harm?

The reality is that most privacy issues have a high shock value, but people have a much more difficult time assessing a “real” value to a privacy problem.

... As long as privacy is undervalued as an individual right, it will be difficult to argue that its protection is worth the effort. And as long as privacy is undervalued, it will be difficult to justify harsh penalties for those who willfully breach it for their own petty purposes.

When given the opportunity to assign a value to the fraud, privacy invasions, and breaches of ethics exhibited in the HP spying case, the judge weighed everything and concluded that it was roughly equivalent to the quantity of trash three people could collect during 96 hours of community service.


The next wave in design: Gadgets that won't bug you

March 23, 2007 2:48 PM PDT

Add to your Digg this storyDigg this

Genevieve Bell, who has been Intel's chief in-house anthropologist for a decade, says she's noticed an interesting phenomenon in recent studies. People want gadgets that don't keep them up-to-date.

... In some cases, though, technology could become part of a vacation hobby, if it was similar to a more traditional hobby. Bell met one 75-year-old woman in France who wanted to convert her albums and family photos to digital, and was partitioning a hard drive. Her behavior, though, was similar to people who build scrapbooks for fun.

Some national differences exist. The French often found it easier to completely get away from gadgetry than people from the U.S. Part of that is a reflection of the French vacation system: they take whole months off at a time. Men and women in the U.S. also argued more over when to turn off or turn on gadgets.

One of the problems with representative government is the representatives – until the next election. (Perhaps he should have just ignored the law?)

Voters Appalled Over Forced Amendment to Marijuana Law Passed by the People

Missoula, MT has fallen victim to the illusion of democracy. Initiative 2, passed on November 7th, 2006 was passed to recommend a lower priority to marijuana-based crimes.. Now, on March 22nd, 2007, the County Commissioners have voted (2-1) to alter the initiative. The reason? "A gut feeling" that voters weren't aware of what they voted for. [Or who... Bob]

Research tool? I think it is worth a look

State Government Offices, Local US Government, City Government and Federal Government... *

The State and Local Government Internet directory provides convenient one-stop access to the websites of thousands of state agencies and city and county governments. Use the drop-down menus on the left to view directory pages for:

States: State Government Offices - View all the websites in a given state -- from a state's home page or governor's site to the smallest counties or townships.

Topics: The websites of state government constitutional officers, state legislatures, state judiciaries and departments across ALL states.

Local Govt.: Local Government Links by County Government

Friday, March 23, 2007

Why would this server be connected to the Internet in the first place? I wonder if all lawyers work this way?

Client files unguarded on lawyer's server

'Extremely serious privacy breach,' detective says

Charles Rusnell The Edmonton Journal Thursday, March 22, 2007

EDMONTON - An unprotected computer server in a downtown Edmonton law office allowed access to hundreds of client files that included personal information such as driver's licence and social insurance numbers, work histories and criminal records.

"This is an extremely serious privacy breach," said Edmonton Police Det. Bob Gauthier, an expert in identity theft, who was shown samples of the records obtained by The Journal. "If I was one of these clients, I would be screaming."

... The private personal information was in the computer system of a local lawyer. When informed of the breach by The Journal on Wednesday, the lawyer was so shocked he could barely speak. [for a lawyer, that's shocked indeed! Bob]

He said he immediately shut down the system so there could be no further access.

He said he thought the system was secured by an encrypted password. [Clear indication of a non-techie. Bob] There is no indication that anyone else accessed the information.

The system was accessed by a man who had just started a job in a nearby building. Daniel Gallant said he brought his laptop to work because his employer had yet to set up his work computer. The laptop has a wireless card, which allows it to connect to any nearby wireless access point. Most such access points are password-protected, which means they can't be entered without a secret password.

Gallant, who said he is computer novice, said he was shocked to find the system was not password-protected. When he logged onto one network, he said he was invited to log onto one lawyer's database.

"I work in the social services field," Gallant said. "I understand about the importance of protection of privacy."

Gallant said he downloaded a few samples of documents. He later called the provincial privacy commissioner's office. [Bypassing the lawyer? Bob]

He said he was surprised when the privacy commissioner's office seemed uninterested in taking immediate action.

"Anyone could get access to that information," he said. "I was very disappointed. I expected them to tell me that there was some sort of penalty for not protecting the information."

Gallant said he killed the files out of his computer and did not distribute them to anyone else.

The Journal has sealed its copies of the documents.

Marilyn Mun, director of the provincial Freedom of Information and Protection of Privacy office, said her staff told Gallant to put his concerns in writing and send them and the documentary proof to their office.

"We get all sorts of people calling and making allegations," Mun said.

"And for that reason there is a process in place. We require that you put it in writing so that we have something that we can use to do an investigation."

This should not come as a shock... (see next article)

CA: SSI Numbers Showing Up in Public Records

Thursday, March 22 2007 @ 08:20 PM CDT - Contributed by: Lyger - State/Local Govt.

Assemblyman Dave Jones couldn't believe the treasure trove of Social Security numbers he found on the California Secretary of State Web Site.

[...] "The state has literally been selling on the Internet an identity theft starter kit," said Assemblyman Jones (D-Sacramento). "It has sold Social Security numbers for a mere $6 each to any member of the public with an Internet connection and a credit card."

Source - Related -

Remember, this started with the TX attorney general saying the county clerks were in violation of the law, then retracting that, then the state wanted to pass a law exempting them from compliance... This sounds like bad law to me.,1641,CCCT_811_5435136,00.html

Bill targets the removal of personal information

Social Security numbers would be obscured if the governor signs legislation [and if the gov doesn't? Bob]

By Denise Malan Caller-Times March 22, 2007

Social Security numbers would be obscured from public documents, upon request, [Do you know where your personal data is? If so, then you can opt out. Bob] under a bill approved by the Legislature and awaiting the governor's signature.

The bill would give county clerks a "reasonable amount of time" to remove - redact, in legal-speak - all but the last four digits of a person's Social Security number from public documents, including those filed electronically. [Why not change the program to do it automatically? Bob]

... The bill, filed by state Rep. Jim Keffer, R-Eastland, is a compromise between privacy concerns and the practicalities of removing Social Security numbers from all public documents in county clerk offices around the state. The numbers routinely are included on marriage license applications, child support liens, tax liens and court abstracts.

... However, people must file a written request to have the numbers redacted from records that already have been filed. Removing numbers from all records would have required the county to hire a redaction company, and Barrera said she is unsure how many people will request removal.

... The bill also eliminates penalties for county or district clerks who disclose Social Security numbers in the ordinary course of business. The current law provides for as much as $1,000 in fines and six months in jail for each offense.

Pretty good capsule summary... (There is a great little classification summary page too.)

Growing pressure for data classification

Jay Cline

March 22, 2007 (Computerworld) A storm is brewing over the silicon fields of corporate data — and companies that don’t classify their data are going to get rained on. Why? Three reasons. New security-breach notification laws being considered around the world will compel multinationals to know where their most sensitive data is. The recent implementation of a U.S. Supreme Court decision on e-discovery allows for fines to be levied against companies in federal litigation that don’t know where all their data is. And the decentralization of corporate data to mobile devices is heightening the risk of not having business-continuity plans that risk-rank critical data.

If you’re one of the 65% of companies polled by Computerworld last year that don’t routinely classify their data, you’ll want to forward this list to Legal and IT to help inject some urgency into the situation:

• Data classification for breach response. U.S. state laws on security-breach notification have been so successful in prodding companies to shore up their information security that Congress, and legislative bodies in Canada, Europe and Australia are now considering adopting similar measures. To comply with these laws and prevent these breaches from happening in the first place, companies are starting to inventory all their data that trip these notification triggers. (See Data Confidentiality Classifications table below.)

• Data classification for e-discovery. Last December, amendments to the Federal Rules of Civil Procedure recommended by the Supreme Court concerning the discovery of "electronically stored information" came into effect. Under the new rules, companies need to produce all relevant information much earlier in the litigation process and may be fined stiff penalties for stumbling across new information during a trial. To avoid these penalties and reduce the cost of e-discovery, companies are finally starting to implement comprehensive data-retention policies that routinely destroy old records. (See Data Retention Classifications table below.)

• Data classification for business continuity. The growing popularity in U.S. corporations of data-leak scanning software has shown them just how much of their data is flowing outside their organizations. Employees are increasingly e-mailing company files to their home e-mail accounts and storing them on their handheld devices and laptops. To ensure that a company can recover its operations in the event of a large-scale disaster, there has never been a greater need for companies to have a handle on where all of their mission-critical data is. (See Data Recovery Classifications table below.)

I can just hear the groans on the other end of your e-mail. "Three classification schemes? Are you crazy? This would be too expensive, and employees would never get it."

That’s what I thought, too, until I came across companies that have put this into practice. I can’t mention their names, but they’ve found basic data classification to cost less than any of their enterprise-technology implementations. And their employees intuitively understood the data classes after a minimal amount of training and awareness. In one company, 75% of employees could accurately identify the company’s data classifications after just three months of an awareness campaign.

It all comes down to two basic messages companies need to inculcate in employees from Day One on the job:

1. Don’t store privacy-restricted or mission-critical data on your laptop, mobile device, home computer or personal e-mail account.

2. If you have official company records, you need to store them in a special share-drive directory, since your personal drive and e-mail account will be routinely purged.

This isn’t rocket science. And with these basic rules understood across your company, you can build out more rigorous security, retention and business-continuity programs over time.

You could do that, or bet that your company will never experience a publicized security breach, federal trial or large-scale physical disaster. As the Information Age converges with the Age of Terror, these kinds of bets will increasingly determine the outcome of careers and fortunes.

Jay Cline is a former chief privacy officer of a Fortune 500 company and now president of Minnesota Privacy Consultants. You can reach him at

If congress says you can't do it... Offshore it! (Friendly governments share information, right?),73046-0.html?tw=wn_politics_privacy_1

Son of TIA Will Mine Asian Data

By Sharon Weinberger 12:00 PM Mar, 22, 2007

Nearly four years after Congress pulled the plug on what critics assailed as an Orwellian scheme to spy on private citizens, Singapore is set to launch an even more ambitious incarnation of the Pentagon's controversial Total Information Awareness program -- an effort to collect and mine data across all government agencies in the hopes of pinpointing threats to national security.

... Retired U.S. Adm. John Poindexter, the architect of the original Pentagon program, traveled to Singapore to deliver a speech at the unveiling, while backers have already begun quietly touting the system to U.S. intelligence officials.

... Poindexter, who was also on the roster of people the Singaporeans were scheduled to meet with in the United States, never quite disappeared from the data-mining scene. In January of this year, he was elected to the board of BrightPlanet, a firm that boasts "the most powerful search, harvest and document federation technology available in the world." The company's press release announcing Poindexter's appointment noted the former national security adviser would "provide guidance in developing further contacts within the intelligence community."

Always interesting

Internet Security Threat Report - Symantec Corp.

March 23, 2007 - 6:11am — MacRonin

Internet Security Threat Report - Symantec Corp.: "The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a six-month period. It covers Internet attacks, vulnerabilities, malicious code, phishing, spam and security risks as well as future trends. The eleventh version of the report, released March 19, 2007, is now available."

[From the report:

Over the past two reporting periods, Symantec has observed a fundamental shift in Internet security activity. The current threat environment is characterized by an increase in data theft and data leakage, and the creation of malicious code that targets specific organizations for information that can be used for financial gain.

The what...

Oracle sues SAP; alleges ‘corporate theft on a grand scale’

Posted by Larry Dignan @ 11:39 am March 22nd, 2007

...and the why?

Maintenance contracts at heart of Oracle, SAP dispute

Oracle's suit against SAP is about business rivalry and theft, but it is also very much about third-party maintenance of software

By Nancy Gohring and Elizabeth Montalbano, IDG News Service

March 22, 2007

Sometimes justice sounds just right!

Broadcom says Qualcomm violated duty to standards group

Qualcomm failed to divulge a pair of video-related patents, according to suit

By Dan Nystedt, IDG News Service March 23, 2007

A U.S. jury ruled that a failure by Qualcomm Inc. to disclose two patents to a video standards group means the company waived its rights to enforce the patents, which are now part of the H.264 video compression standard, Broadcom Corp. said Thursday.

Another technique for bypassing those pesky subpoenas?

US Gamblers To Get Frozen Assets Back, Feds Still Looking For A Crime

from the there-must-be-a-crime-somewhere dept

Are the Feds going soft in the war on online gambling? For the last couple of months, gamblers in the US have been stuck in limbo as popular money transfer firm NETeller was unable to return to them funds that were being held by the company. While the government has gone after online gambling firms and the financial institutions that abet the business, it's not clear that the actual act of placing a bet online is illegal, so it didn't make sense to victimize gamblers themselves. It now appears that NETeller has reached a deal with the Department of Justice to return $55 million in frozen assets at some point in the next 75 days, although the details of this transfer have yet to spelled out. It's great that the DOJ is concerned about getting people their money back, but it appears it might have an ulterior motive here. As part of the agreement, NETeller will undergo a complete forensic audit that will allow the Feds a detailed look into how the whole business works. It bears repeating that NETeller isn't itself an online gambling firm. It's basically the European version of PayPal, and, as PayPal used to do, it helps people transfer money to online casinos. The company's founders were arrested back in January, but so far haven't been formally charged with anything, so it seems as if this forensic audit is basically a way for the Feds to figure out what, if anything, the NETeller founders can be charged with. Meanwhile, the cost and effort associated with this whole anti-gambling push continues to escalate, and it's still not clear who the victims are or why this is a government priority at all.

I expect “personal surveillance tools” will become a major market niche. Note that “Have fun...” will likely be the most common marketing slogan.

Have Fun Wiretapping Enemies and Loved Ones with 2ReCall

March 21, 2007 - 9:27pm — MacRonin

Have Fun Wiretapping Enemies and Loved Ones with 2ReCall: "New York based call recording company 2ReCall just recently launched their initial call recording product last week. The new service lets you record any US domestic outgoing call by first dialing into an 800 number and then number you want to call. The old fashioned way of recording calls consisted of Spy-vs-Spy type tape recorders and suction mics. VOIP changed that a bit, making it dead simple to grab the conversation as it passes through your phone client, although it leaves you chained to the desk. 2ReCall’s 800 number means you can record an outgoing call on any phone. Over the coming year the service will be able to record inbound calls as well, with the ultimate goal being a completely seamless solution that records all calls on the number.

When calls are recorded, they are stored on your online 2ReCall account in .wav or .mp3 format where you can download, review, and annotate them. Although the service works by 800 number, you must first buy a 500MB storage account for $4.95/month and pay 20 cents a minute or a 1GB account for $9.95/month and pay 15 cents a minute to use it.

Currently call recording is a rats nest of legal issues, with 38 states only needing one party’s permission and the other twelve needing both parties’ consent before recording a call. It gets complicated when calling between states. They cover the legal issues deeper in their FAQ.

While the service is geared to anyone needing to frequently record their calls (journalists, professionals, conference calls), the founders have already used the service to catch one stonewalling architect. The architect, who was reviewing plans for one of the founder’s developments, said he wouldn’t let him build a house on their property regardless of whether they met the development guidelines or not. Armed with the tape of their conversation, the reviewing architect backed down and settled the matter out of court.

Now drivers can do more than chat on their cell phones, they can make sweeping gestures...

Motion-sensing comes to mobile phones

By Marguerite Reardon Story last modified Fri Mar 23 05:53:28 PDT 2007

The same technology used in Nintendo's popular Wii video game console that lets you bowl strikes and hit tennis volleys like you're Venus Williams is also making its way into mobile handsets.

Could be the tool that makes the next “anti-Hillary” video?

Wednesday, March 21, 2007

Quick Stop Motion Shorts

For years my kids and I have been making claymation episodes, doll- and figure-animations, paper cutout sequences, and fun time-lapse movies with our family handy-cam. With mixed results. Although fun, our primitive method of simply blinking the on-button has always been less than satisfactory. Our brain-dead way creates three problems for an animation: 1) the interval is too long (jerky movement), 2) you can't see what motion should be next, and 3) you can't edit out goofs when you make a boo-boo -- which is 100% certain.

It was with great joy that we discovered software that solves all three problems. iStopMotion is a one of those offerings. It works on the Mac, but there are PC versions of the same thing out there. With this inexpensive programs you connect a live video feed from your camera to your computer (via USB or Firewire) and then you control the film from your keyboard -- or this is cool -- via voice command! After you capture a frame, the program overlays that frame as transparent layer over the current camera view so you can see exactly where you need to move next. [Obvious? Bob] You can even request the last 5 frames (onion skinning animators call it) to get a sense of direction and trajectory, which allows a very fine tuning of the motion. And you can edit mistakes, and do redos on the fly. All this is simple enough that my 7-year-old could instantly manage it. Yet it is sophisticated enough that film students use this software for thesis projects. Making time-lapse films is even easier.

In fact, it's a perfect GeekDad enterprise because filming goes a lot quicker with more than one person invloved -- one moving things, one calibrating and clicking. And its also perfect for class rooms.

The joy of this tool is that your computer screen rather than your camera screen drives the animation. The downside is that you either need to do all your filming within cable reach of your desktop, or else on a laptop (with sufficient shade on the screen outdoors). The closer you can get your screen to your "stage" the better. When you are done animating, or time-lapsing, it is very easy to export the Quicktime file to iMovie to add a soundtrack and titles.

There are three programs in this genre and all three run on Mac OSX. I've tried all three (iStopMotion, FrameThief, and Stop-Motion Studio) and iStopMotion is by far the superior. It has the most features, ease of use, speed and stability. It is also the best designed. It's $40 after a free demo version.

For inspiration about what can be accomplished in a weekedn check out the entertaining examples completed by folks on the iStopMotion website.

Don't you love 'em?

The New Yorker

The New Yorker has partnered with Ring Tales to present these animated versions of classic New Yorker cartoons.

[This one is for my PowerPoint class:

Thursday, March 22, 2007

Remember, it doesn't have to be the entire laptop. Storage devices are getting smaller, even as they hold more data. Note the last paragraph – should these devices be labeled and if so, how?

Security flap as Scottish council loses USB key

By John Leyden Published Wednesday 21st March 2007 13:04 GMT

Pay details of scores of workers of Perth and Kinross Council has been found on a memory stick left in the street. The security lapse could have exposed workers to ID theft, the Perth Advertiser reports.

The breach emerged after a USB key containing 59 documents, many from the council's Environmental Services Department, were recovered near a bike shelter close to the council building at Pullar House. The retired man who found the memory device handed it over to the local paper. [Why? Were the police not interested? Bob]

Data on the key included 25 spreadsheets some of which included details of council workers' pay, National Insurance contributions, and overtime hours. It also contained health and safety reports, performance reviews, and budget information.

Information on workers ranging from HGV drivers to cemetery workers was exposed by the breach.

Inquiries by the Perth Advertiser established that the loss of the device had gone unnoticed, or at least unreported to police. A spokesman for the council thanked the paper for the recovery of the lost memory device, which he described as "an unfortunate accident".

The man who reported the loss described it as careless. [Interesting. Perhaps a tech-savvy individual, not a random bystander... I wonder if he made a copy first? Bob] "I would have thought it would be unwise for council employees to be going around with a pen drive in such a way that it could be so easily lost. I thought more care would be taken over such information.

"If I was a council worker, I would be furious," he added.

A spokesman at the council explained that council workers sometimes take work home with them on USB sticks. "Officers in this situation are all aware of the need for care and it would seem that this was an unfortunate accident.

"The device contained some historical information but much of the documentation was on the device in order to assist the owner in preparing some draft material for the new Business Management Improvement Plan," he added.

The council criticised the man who found the key for not returning it directly to the council. [Did it have a big label detailing who it belonged to and that it contained sensitive data? Not smart if it did! Bob] "The failure by the finder of the USB device to return it to the council constitutes theft and the council would like to thank the PA for its return," he said.

All the news that fits...

Sensitive Information Published in Federal Register

Wednesday, March 21 2007 @ 07:44 PM CDT - Contributed by: PrivacyNews - Fed. Govt.

The World Privacy Forum filed comments with the Department of Transportation today regarding the department's publication of the detailed personal medical information of individuals subject to DOT regulations in the Federal Register along with their names, ages, and other identifying information.

... "The March 1 notice included the full first and last name, the age of the applicant, the middle initial when available (most were), as well as the individual’s medical details, and finally, the state the individual is licensed in. With this information, it was a simple matter to locate a number of the home addresses and telephone numbers of these individuals to a very high degree of confidence by conducting a brief search of the web using the name and state that the individuals were licensed in as keywords."

Source - World Privacy Forum [pdf]

Now here's a Judge I'd like to talk to...

ID thieves should pay for victims' lost time, judge says

By Pamela Manson The Salt Lake Tribune Article Last Updated: 03/21/2007 03:55:28 PM MDT

Posted: 3:58 PM- Frustrated that he has no power to make identity thieves pay for the time victims spend restoring their good credit records, a federal judge in Utah is calling for reform of restitution laws.

In a memorandum issued Wednesday, [Where can I find this? Perhaps from the reporter? Bob] U.S. District Judge Paul Cassell notes that federal statutes limit the kinds of losses that offenders can be ordered to repay. Lost time, a precious commodity, falls outside the covered categories, the judge wrote.

"Congress has recently acted to punish aggravated identity theft severely by creating mandatory minimum sentences for the crime," Cassell wrote. "But while these changes strongly deter such crimes, they, unfortunately do nothing to fully compensate the victims who suffer from such crimes."

Cassell said the Judicial Conference, which makes policy concerning the federal court administration, recently agreed to support legislation that would authorize judges to award restitution at their discretion when circumstances warrant it. He encouraged lawmakers to follow up.

The judge's comments stem from the case of Ruby Teresa Garcia, who investigators say obtained others' personal information by stealing mail and burglarizing vehicles. She then allegedly used the data to get fraudulent credit cards, which she sold or used to buy merchandise over the Internet.

Garcia pleaded guilty last month to two counts of aggravated identity theft. She was sentenced by Cassell to a mandatory sentence of two years in prison and ordered to pay $6,839 to two banks.

Then came the question of how much to pay a victim, called H.F. in court records. The charges on the fraudulent credit cards were covered by the bank but H.F. - a wife and mother who works outside the home - also suffered considerable damage, according to Cassell.

He said H.F., whose car was vandalized and purse stolen one morning while she was at a gym, spent considerable time and energy straightening out her credit record. In addition to replacing her stolen cards, she had to deal with the fraudulent charges and close a checking account.

"Finally and most importantly, H.F. suffered a loss of what she called her 'most precious thing' - her free time," Cassell wrote.

But he was powerless to require payment for all those hours spent untangling the mess, he said, because the legal limits on restitution "unfairly tie the hands of judges in crafting restitution orders."


Homeland Security dismisses Real ID privacy worries

By Anne Broache Story last modified Thu Mar 22 06:41:58 PDT 2007

ARLINGTON, Va.--A senior U.S. Department of Homeland Security official on Wednesday said he finds privacy concerns prompted by the proposed Real ID regime puzzling.

Stewart Baker, the department's assistant secretary for policy, said a forthcoming system of uniform national identification cards will not put more personal information into the hands of motor vehicle administrators or result in a massive centralized database that's more susceptible to hackers.

In fact, Baker said, the controversial law will improve Americans' privacy. "You can never foresee the future, but every indication is that Real ID is actually going to make it less easy for people to engage in identity theft," Baker told the Homeland Security Data Privacy and Integrity Advisory Committee at its quarterly public meeting here.

Real ID has been a target of criticism since Congress enacted it three years ago as part of an "emergency" Iraq spending bill. Although Homeland Security has tried to defuse criticism by extending deadlines, the law still requires states to reconfigure their drivers licenses and share data. If they don't agree to comply by this October, their citizens won't be able to use their driver's licenses to board planes or enter federal buildings starting on May 11, 2008.

Baker said the process is privacy-protective because it will require Americans to produce legal documents like birth certificates, whose authenticity will be verified, before they can receive a card that meets Real ID protocol. That approach would allow, for instance, airport officials to be more confident in the identity of travelers when it comes time to check them against government watch lists, Baker said.

Some states, including Maine, have rejected Real ID on cost grounds, however, and privacy advocates worry about what will happen to data on the IDs' mandatory bar code when it is scanned by banks, bars and other businesses. DHS ruled earlier this month that the data will not be encrypted because of "operational" concerns, such as police being able to easily scan the data from the backs of licenses during traffic stops.

Baker said Wednesday that the department would consider requiring encryption as it writes the final rules, but added: "If you impose encryption requirements that make that exchange of information difficult, [ don't know how to use encryption! Bob] you're undermining, not improving, security associated with driver's licenses, we don't want to do that."

Several members of the committee, composed of security companies, academia and nonprofit groups who make policy recommendations to Homeland Security privacy officials, raised concerns about the new system at Wednesday's meeting.

"With what happens now in airports, it doesn't look like it would matter how hard the document was to fake because no one looks at it closely enough to even think about that question," said committee Chairman J. Howard Beales, a George Washington University professor and former Federal Trade Commission official. "Is there a more elaborate process that's envisioned here?"

Baker said Homeland Security was considering taking over the identification check process and putting in stricter controls. Right now, people who check IDs in airport security lines are not generally government employees, he said.

Earlier in the meeting, Jonathan Frenkel, a senior policy adviser with Homeland Security, complained about what he called a rash of "misinformation" about draft national standards for ID cards.

For one thing, he said it's "utter nonsense" that the U.S. government is planning a "Big Brother kind of system" to track American citizens' every move through the cards, as one Missouri state legislator suggested this week.

Frenkel said that if the government really wanted to track cardholders, it would force all citizens to carry the cards. [Oh cool! I don't need to carry my drivers license any more... Bob] "Since no one is ever required to carry a Real makes no sense that the government would track something that (a person) doesn't have to carry," he said. (Many nations do require their citizens to carry such documents, and some Real ID critics view the law as the first step toward such a system.)

It also isn't true that only a Real ID card will allow a person to board an airplane or enter a federal building, Frenkel said. A U.S. passport issued by the State Department--new ones have RFID tracking chips embedded--would also qualify.

Privacy groups took issue with the agency's assertions. "It is not ridiculous to say that Real ID will create a national identification system that will allow people to be tracked," said Melissa Ngo, director of the Identification and Surveillance Project at the Electronic Privacy Information Center. "Real ID is ostensibly voluntary, but that just isn't true."

Barry Steinhardt, director of the American Civil Liberties Union's Technology and Liberty Program, said the practical effect of the rules will be a "uniform" card with a machine-readable zone whose information can readily be harvested by outsiders.

...and CON

EPIC Appears Before Homeland Security Committee on REAL ID

Wednesday, March 21 2007 @ 05:10 PM CDT - Contributed by: PrivacyNews - Fed. Govt.


At a Department of Homeland Security Data Privacy and Integrity Advisory Committee meeting today, EPIC and other groups explained the many security, financial and privacy costs created by the proposed regulations to implement the REAL ID Act (pdf). EPIC explained (pdf) that the ubiquity of licenses; mandate that only REAL ID cards will be used for federal purposes; and proposed universal design for non-REAL ID cards, add up to an atmosphere where people without such cards will be looked upon with suspicion. EPIC's Melissa Ngo said, "Critics of the REAL ID Act and proposed regulations have been labeled anti-security. It is not anti-security to reject a national identification system that does not add to our security protections."

Source - EPIC's explanation [pdf]

Next year we'll have everyone to skinny dip in ink and roll on this life-size sheet of paper...”

US wants all 10 fingerprints on entry

Currently foreign travelers must have their index fingers scanned into a database when they enter the US by agents of the Department of Homeland Security. Those prints can then be checked against a database of fingerprints held by police forces or the FBI. That number will increase to all 10 fingerprints.

If this fell under the new discovery rules, would executions be in order?,73048-0.html?tw=rss.index

E-Vote Memo Is a 'Smoking Gun'

By Kim Zetter 05:00 AM Mar, 22, 2007

A memo sent last year by a voting machine maker to election officials in Florida has reignited controversy over the reliability and accuracy of the company's machines. Voting activists are now renewing calls to examine source code used in the Election Systems & Software machines during a close election last November.

Activists say the memo, which was uncovered last September but only came to prominence last week, proves that ES&S and Florida election officials knew about problems with the company's iVotronic touch-screen machines before the election, yet withheld the information from a court to prevent activists from examining the voting software.

The software, activists say, is crucial to a dispute over the 13th Congressional District race in November, in which Democrat Christine Jennings lost by fewer than 400 votes to Republican Vern Buchanan. Jennings and groups of voters filed separate lawsuits contending that the results were questionable because more than 18,000 ballots cast in Sarasota County mysteriously recorded no vote in the congressional race.

Activists say the ES&S memo points to a possible reason for the high "undervote" rate.

"This memo is the smoking gun that says, 'Yes, Houston, we have a problem,'" says Reginald Mitchell, lawyer for People for the American Way, which, along with other voting groups, filed a motion (.pdf) Tuesday asking the court to reopen its December ruling denying access to the ES&S code. "They had a duty to share it with the judge to say there was a problem with the machines and it's probably sanctionable that they didn't provide it. And there's no way they should have gone to the court and said everything is fine with their machines."

Jennings and voting activists had sought not only access to the source code but to all correspondence between ES&S and election officials related to the performance of the machines. The memo was not among documents handed over. Last year, ES&S, which did not return a call for comment, told the court that its machines performed with 100 percent accuracy and worked as designed during the 2006 elections.

But the memo, which the company sent to Florida election officials before the state's September primary, revealed that the iVotronic machines had a flaw that sometimes caused machines to respond slowly to a voter's touch "beyond the normal time a voter would expect to have their selection highlighted." The memo stated that a software upgrade was required but couldn't be certified before the September election. In its absence, ES&S sent election officials a warning sign to post at polls advising voters that they might need to press the screen for several seconds before their votes would register.

Kathy Dent, election supervisor in Sarasota, decided not to post the sign, saying that an existing department sign instructing voters with less strongly worded language was sufficient. An action alert sent to poll workers also instructed them to emphasize to voters to "keep pressing their selection" until they saw their choices register.

In an interview with Wired News, Dent said the machines performed without problems in the September primary and it wasn't until after 18,000 undervotes were discovered in the November race that she became aware from poll workers that voters had experienced problems with the machines. She also said the machines had no response problems in last week's countywide election.

Dent said her office didn't withhold the memo from the plaintiffs but had misfiled it in a folder containing proprietary information about the machines and found it only when reporters asked about it. She said that e-mails discussing the issue with ES&S and with her staff members were given to the plaintiffs.

The ES&S memo was obtained by a Florida voting activist in August through a Freedom of Information Act request. After that activist posted it to a listserv, Joyce McCloy of the North Carolina Coalition for Verified Voting sent the memo to computer scientists and other activists in Florida. McCloy also posted it to her website in September, where it sat unnoticed. The blogosphere noticed the memo only after she discussed it recently in comments posted to a computer scientist's blog.

Dent said the memo is insignificant since independent computer scientists working with Florida State University to examine the ES&S source code released a report (.pdf) last month saying they found no flaws that would have produced the high undervote rate -- although they did find other problems with the software.

Calls to several of the report participants were not returned. But Avi Rubin, a computer scientist with Johns Hopkins University and an expert on e-voting machines, says that a source code review would not uncover the kind of intermittent problem that voters described having with the machines. For that, he said, examiners would need to impound the machines used in the election and test them under circumstances identical to those under which the problems occurred. Even then tests could be inconclusive.

"It's probably based on something that happens only some of the time under certain conditions," he says. "And glitches that manifest with low probability under specific circumstances are hard to detect."

Strategy is as strategy does. Even bad legal strategy

RIAA Caught in Tough Legal Situation

Posted by samzenpus on Thursday March 22, @04:23AM from the catch-22 dept. Music

JeffreysTube writes "The RIAA's legal fight against a divorced mother has run into trouble, with the judge now telling the RIAA that its only two options are to proceed with a jury trial against Patty Santangelo or dismiss the case with prejudice. If the latter happens, Santangelo officially "wins" and could collect attorneys' fees. The judge is less than pleased with the RIAA, which is now trying to drop the case without giving Santangelo a chance to be declared guilty. 'This case is two years old,' wrote Judge McMahon. 'There has been extensive fact discovery. After taking this discovery, either plaintiffs want to make their case that Mrs. Santangelo is guilty of contributory copyright infringement or they do not.'"

One more voice added

Walt Mossberg Asks Congress To Rewrite The DMCA

from the good-for-him dept

A year and a half ago, famed Wall Street Journal columnist Walt Mossberg wrote up an opinion piece about problems with copy protection technology. He's now written a very similar piece blasting the DMCA and asking Congress to rewrite copyright law. His main point is that recent changes to copyright law have all been written by the copyright industry (sometimes with some influence from other industries), but never with any voice from the consumer side of things. For those who prefer to watch and listen, rather than read, Mossberg, he's also got a video that covers similar ground:

[Video link at the site Bob]

It's great to see someone with the stature and visibility of a Walt Mossberg come out in favor of fixing a bad law like the DMCA, and great to see him pick up on the key point that it's the very people Congress is supposed to be representing that got totally left out of the discussion last time around. Like his last article on the topic, though, there are some points to nitpick. While many people do this (unfortunately), Mossberg falls into the trap of assuming that this is all a big tug of war -- and what benefits one side harms the other. It's this zero-sum thinking that has everyone at each other's throats, rather than looking for solutions that benefit everyone. It's not about "balance" between copyright holders and content consumers -- but about creating a system that works for everyone. So, yes, let's rewrite bad copyright laws, and let's keep the consumer in mind when we do, but it's time to recognize that serving the consumer doesn't mean hurting the producer. In just about every other industry, people recognize that better serving consumers tends to be good for business too. It's not clear why everyone assumes the same concept isn't valid when it comes to content as well.

March 21, 2007

British and Irish Legal Information Institute Launches New Website

Via Cynthia S. Fellows, BAILII Open Law Project: The British and Irish Legal Information Institute has a new website. New features include:

March 21, 2007

FTC Testifies on Identity Theft and Social Security Numbers

Press release: "The Federal Trade Commission today told the Senate Judiciary Committee Subcommittee on Terrorism, Technology, and Homeland Security that “the government and the private sector must continue to work together to reduce the opportunities for thieves to obtain consumers’ personal information and make it more difficult for thieves to misuse that information if they obtain it.” Lydia Parnes, Director of the FTC’s Bureau of Consumer Protection, said government and the business community should evaluate whether they need to collect and maintain the data they have about consumers, better-protect the data that they do possess, and develop better ways to authenticate customers to keep identity thieves from using the information they steal."

Tool for my Powerpoint class?

Wednesday, March 21, 2007

Turn your kid's drawings into videogames

Like all boys my sons spend a lot of time drawing elaborate battle tableaus with lots of knights (the younger one) or marines (the older one). They pretend that the figures are actually moving and fighting and the act of drawing becomes the animation. But we thought it would be cool to see if we could find a way to actually animate these drawings and turn them into 2D videogames they could make themselves.

The easiest way to do this we found was The Games Factory 2, which is a package that lets you program games without writing any code. You just create or import graphics, assign them properties (location, moving or not, background or foreground layer, etc) and then script "events" in a simple matrix of checkboxes that looks like this:

WOW! Watch the video. You will need ink by the gallon...

Amazing $200 inkjet - prints one page per SECOND on sale next year (VIDEO)

Secretive inventor with more patents that Edison. Spent 13 years developing the technology. Today released videos that have stunned the printer industry. Analysts have confirmed prototypes are real. Ultra-high speed $150 photo printer technology available 2007. Also promises color printers built into mobile phones, digicams, and handheld games...

Very interesting...

Best Online Documentaries

"A comprehensive list of documentaries, to be viewed online for free"

Taste. Some of us ain't got none!

Top 1000 Books Owned by Libraries Around the World

What’s the most popularly held book in libraries around the world? Which author or character —or monster or animal—is found most often on library shelves worldwide? The research division of OCLC compiled a list of the top 1,000 titles owned by member libraries.

[From the site:

Which author has the most works on the OCLC Top 1000 list?

William Shakespeare (with 37 works). He is followed by Charles Dickens (16 works) and John Grisham (13 works).

Which author on the list is most held by OCLC libraries?

William Shakespeare, followed by the United States government, Charles Dickens, Mark Twain, and Giuseppe Verdi.