Saturday, May 19, 2007

No, no, NO! You have to go after the lawMAKERS...

Thousands of police at risk

12:48 AM CDT on Saturday, May 19, 2007 By Jeremy Desel / 11 News

The state agency that licenses cops had a computer stolen that contains personal information of every licensed peace officer in the state of Texas.

Police tell us to guard our personal information closely. But it is the police who are now at risk.

... That is what police departments were notified by TCLEOSE- the agency that licenses peace officers in Texas.

... Anyone who has a TCLEOSE certification- nearly 230,000 men and women.

... But so far officers here at HPD have not been notified officially about the thefts. When 11 News asked him specifically about the progress of the investigation, Chief Hurtt said he did not want to comment further because he "doesn't want to spook them." [Isn't that cop-speak for “we haven't got a clue?” Bob]

The flip side of a “surveillance state”

Stolen: Sensitive personal data on 30,000 disabled benefits claimants

This was published: 2007-05-18 08:10:00

30,000 disabled people had sensitive personal information including bank account details stolen last September, Liberal Democrat research has revealed.

Recipients of Independent Living Funds and civil servants working on the scheme had personal information including their names, addresses, National Insurance numbers and bank account details stolen when a van was broken into last year.

... “This Government has an obsession with gathering ever more information on its citizens despite its abysmal track record of ensuring that the details it holds are kept secure.

Weekly Recap

Data “Dysprotection” Weekend Roundup for Week Ending May 20th (update 1)

Friday May 18th 2007, 2:55 pm

E-Discovery – sort of... We're not done with you yet. OR We may have “possible cause.”

Pa. Prosecutor Asks MySpace to Keep Data

May 18, 2007, 3:38PM

HARRISBURG, Pa. — Pennsylvania's attorney general on Friday asked the social networking Web site to preserve any user profiles posted by the state's registered sex offenders.

Attorney General Tom Corbett said he was responding to published statements by MySpace officials that they had identified, removed and blocked thousands of user profiles of convicted sex offenders.

On Monday, Corbett and seven other state attorneys general asked the company to provide information about registered sex offenders who use MySpace. The company said federal privacy laws bar it from doing that in the absence of specific legal procedures.

Prosecutors want to make sure that MySpace, which is owned by News Corp., will be able to produce the information if it is needed to prosecute Pennsylvania offenders "who might be violating their terms of release, or may be engaged in criminal activity," a Corbett spokesman, Nils Frederiksen, said Friday.

The formal "preservation letter" was sent to MySpace's custodian of records in Santa Monica, Calif., Frederiksen said. Messages left Friday for MySpace officials were not immediately returned.

Isn't it logical that holding data is neutral while using it for negative purposes is the true evil?

An Empirical Approach to Understanding Privacy Valuation

Published: May 18, 2007 Paper Release Date: April 2007 Authors: Luc Wathieu and Allan Friedman

Executive Summary:

What do consumers value and why? Researchers on privacy remain stumped by a "privacy paradox." Consumers declare that they value privacy highly, yet do not take steps to guard it during transactions. At the same time, consumers feel unable to enact their preferences on privacy. Clearly, scholars need a more nuanced understanding of how consumers treat information privacy in complex situations. To test the hypothesis that there is a homo economicus behind privacy concerns, not just primal fear, Wathieu and Friedman conducted an experiment based on a real-world situation about the transmission of personal information in the context of car insurance. Their experiment was based on a previous case study about marketing processes that use membership databases of trusted associations (such as alumni associations) to channel targeted deals to members through a blend of direct mail and telemarketing. Key concepts include:

* Contrary to some research, the chief privacy concern appears based on data use, not data itself.

* There is consumer demand for social control that focuses on data use.

* Sophisticated consumers care about economic context and indirect economic effects.

Read this in the context of the attacks on Estonian computers or the statement by the military that they are concerned about bandwidth used by soldiers accessing MySpace! (see below)

"Data storm" blamed for nuclear-plant shutdown

Robert Lemos, SecurityFocus 2007-05-18

The U.S. House of Representative's Committee on Homeland Security called this week for the Nuclear Regulatory Commission (NRC) to further investigate the cause of excessive network traffic that caused an Alabama nuclear plant to shut down last year.

... An investigation into the failure found that the controllers for the pumps locked up following a spike in data traffic...

Estonian government, business Web sites under attack

By Peter Finn The Washington Post Saturday, May 19, 2007 - Page updated at 02:02 AM

TALLINN, Estonia — Estonia, one of the most wired societies in Europe, has been subjected in recent weeks to massive and coordinated cyber attacks on Web sites of the government, banks, telecommunications companies, Internet service providers (ISPs) and news organizations, according to Estonian and foreign officials here.

Computer security specialists here call it an unprecedented assault on the public and private electronic infrastructure of a state. They say it is originating in Russia, which is angry over Estonia's recent relocation of a Soviet war memorial. Russian officials deny any government involvement.

The NATO alliance and the European Union have rushed information technology specialists to Estonia to observe and assist during the attacks, which have disrupted government e-mail and led financial institutions to shut down online banking.

... Estonian officials said they traced some attackers to Internet protocol (IP) addresses that belong to the Russian presidential administration and other state agencies in Russia.

... Roughly 1 million unwitting computers worldwide were employed, said Jaak Aaviksoo, Estonia's minister of defense.

Military Says Bandwidth Alone Forced Web-Site Blocking

By Sam Diaz Washington Post Staff Writer Friday, May 18, 2007; Page D01

... The Defense Department, which announced Monday that it was blocking access on its networks to such popular Web sites as MySpace and YouTube, put a technology official under the spotlight to explain why bandwidth -- the available space on a computer network for transferring data -- is something that the military cannot afford to compromise.

Rear Adm. Elizabeth A. Hight, vice director of the Defense Information Systems Agency, repeated the Defense Department's position that 13 specific Web sites were singled out because of the heavy traffic to them from military computers.

Reporters questioned Hight about whether bandwidth usage had ever reached a point where military operations would be compromised. She said it had not, and characterized the department's decision as "proactive."

They asked her how much bandwidth was available on the military's computer networks, a question she did not answer directly, instead turning to focus on the demands created by the sites. "We cannot accommodate the growth in bandwidth demands from these newer technologies," she said.

Research away! (Shouldn't the Democrats get equal time?)

May 17, 2007

NYPD Releases All 2004 RNC-Related Documents

The NYPD decided not to appeal a judge's decision that the NYPD should declassify its surveillance documents from the 2004 RNC, so it has set up a special NYPD RNC Documents website with the documents. Of course, you have to scroll down to the very bottom for a zip file of the 600 pages of documents. And what's above the documents is the NYPD's rather thorough explanation/ defense justifying why it did such extensive surveillance of disparate groups and people, listing various terror incidents between 2001 and the convention as well as other incidents of protest.

More potential summer reading...

A Reading List For The Economics Of Ideas

from the a-bibliography dept

While the core of my series of posts on economics of ideas and content may now be done, there are some follow-ups and other discussions I hope to add as we go forward. However, to kick off that next section, I'm going to do an "easy" post and highlight some of what I've been reading to help inform these posts.

As typically happens, my Presentation (PowerPoint) class is over, so NOW I find a presentation I really like and it contains some useful ideas – suppose there is a connection?

OSCON 2005 Keynote - Identity 2.0

Dick Hardt | Founder & CEO, Sxip Identity

Watch Dick deliver a compelling and dynamic introduction on Identity 2.0 and how the concept of digital identity is evolving.

Friday, May 18, 2007

When should notice have been given? Didn't they have a duty when the package didn't arrive as planned?

Missing Lucent CD-ROM reported

Personal information of U.S. retirees at risk

By Anna Marie Kukec Posted Friday, May 18, 2007

The identities of tens of thousands of U.S. employees of the former Lucent Technologies — including those in Naperville and Lisle — are at risk because a computer disk with their personal information disappeared, [Arrest David Copperfield! Bob] Alcatel-Lucent announced Thursday.

The disk included names, contact information and Social Security numbers for roughly 182,000 retirees and their dependents, as well as several thousand current U.S.-based employees, of the former Lucent Technologies. There are 21,400 Alcatel-Lucent employees in the U.S., but the company wouldn’t break out how many of those workers would be affected.

Paris-based Alcatel, which bought Lucent last year, said it was informed May 7 by a vendor that the disk was lost or stolen.

There are laws on the books that we are obligated to inform people,” said Alcatel-Lucent spokeswoman Mary Lou Ambrus. “As far as I can remember, we’ve never had to do this before. But we need to get the word out and inform as many people as we can.”

The disk went missing between April 5 and May 3. It did not contain information regarding customers, accounts, credit card numbers, bank account numbers or password information, Ambrus said.

The disk was prepared by Lincolnshire-based Hewitt Associates for delivery by UPS to another vendor, Aon Corp. in Chicago. The disk was part of an ongoing consulting assignment that focused on managing employee programs more efficiently, Aon spokesman Al Orendorff said.

The package arrived a month late and without the disk,” Orendorff said.

What a great way to learn your identity is at risk. (Only story I can find, so far...)

Report of laptop theft worries Detroit city workers

David Josar / The Detroit News May 17, 2007

DETROIT -- Some city Water and Sewerage Department workers said they were concerned after reports were aired in a television report that a laptop containing personal information about city workers had been stolen.

However, George Ellenwood, a spokesman for the city Water and Sewerage Department, said he had not heard or seen any confirmation of a story that ran earlier in the day on WXYZ-TV (Channel 7).

... WXYZ reported that an insurance company employee had the laptop that contained information on about 3,000 workers stolen from her car while it was parked in Detroit.

Is this identity theft? Free speech? Humor?

Teens Charged for Making Fake Website

Last Update: May 17, 2007 5:51 PM

Police are charging three teens with identity theft and harassment after they created a fake website in the name of a Perry County businessman.

Police say the MySpace page had a confederate flag in the background and was covered with racial slurs.

It was up for about four days in February before being taken down.

Apparently two of the three being charged are friends with the man's son.

Interesting. How would you send a fake email to all Apple employees? How would you block that email?,1759,2132727,00.asp?kc=EWRSS03119TX1K0000594

Apple Denies Internal Source for Fake iPhone Memo

By Daniel Drew Turner May 17, 2007

Apple officials have offered no detailed explanation regarding the source of a memo sent to Apple employees the morning of May 16 that falsely claimed that there would be a delay in the release of the company's iPhone and the Mac OS X Leopard operating system.

[...and just in case you think that fake emails don't have an economic impact... Bob]

Soon after the purported internal Apple e-mail was published on the consumer electronics Web site, Apple's stock price fell from $108.83 to a low of $103.42. The stock recovered by the end of the day, and moved higher on May 17, but at one point nearly $4 billion of Apple's market capitalization had evaporated.

Registration required

Meeting the Data Security and Privacy Challenge: Best Practices for Securing Your Message Streams

by Proofpoint, Inc.


... Listen to Proofpoint discuss best practices for securing outgoing message streams and learn about:

* Privacy and data protection regulations that may apply to your company's use of email, webmail and other electronic communications.

* Technologies that can help identify non-public information including PHI (protected health information) and PFI (personal financial information) in outgoing message streams.

* New technologies for detecting and preventing leaks of confidential information and valuable intellectual property.

When: Available On Demand Format: Multimedia Length: 00:54:35 (hh:mm:ss)

Type: Webcast Language: English

View this Webcast

Amusing, but I suspect the report is not completely accurate.

Court right to allow release of teacher’s pornographic images

By Tribune staff Thursday, May 17, 2007

.If a public school teacher uses his school-issued computer to view pornographic images, does he have a privacy right to keep the public from viewing those images?

Amazingly, that was a question before the Wisconsin Supreme Court, which sensibly ruled that there is no such privacy right.

That’s a good ruling, because people have a right to know all the facts in this case. [And make lots of copies of the pictures? Bob]

Cedarburg High School teacher Robert Zellner was fired by the school board in January 2006 after receiving evidence that he had viewed adult images on his computer.

Zellner appealed his termination to a state arbitrator, who ruled that he should be reinstated. In the process of researching the case further after Zellner went to the arbitrator, the school board found 1,500 adult images on Zellner’s computer.

When the Milwaukee Journal Sentinel asked the Cedarburg School District to make public the images at issue, Zellner fought the release, arguing that releasing the images would violate copyright laws [Copyright? Sure... Bob] and his own privacy.

Zellner’s lawyer had argued that he did not intentionally view the images, [“It was just 1500 errors... Bob] and that they came up on his screen after a Google search of sexually suggestive words on the Internet.

Given the disputed nature of the case, taxpayers, parents and other adult members of the public have a right to know exactly what is at issue. There should be no right to privacy in a case involving the improper use of a publicly-owned computer. [I doubt the court said that... Bob]

And the court unanimously agreed. Writing for the court, Justice N. Patrick Crooks said: “Public school teachers ... are in a significant position of responsibility and visibility ... the public has an interest in knowing about such allegations of teacher misconduct and how they are handled.”

The court ruling is correct. There should be no “privacy” right in a case such as this.

[There seems to be a problem searching for this case on the website. You don't suppose they have been inundated with requests for the pictures, do you? Perhaps it will be featured as their “Case of the Month” ( Bob]

Here's a site that did get overwhelmed...

The Techdirt Insight Community In Two Minutes

from the with-apologies-to-Larry-Lessig-and-Bob-Dylan dept

Two weeks ago, when we moved the Techdirt Insight Community into public beta, we also took part in a fun event called the Plug & Play Expo, which involved 32 startups explaining what their business was in two minutes. [Business opportunity? Bob] Six of those startups are then selected to do a second round presentation (including us!). I had a little fun with the presentation, combining the "Lessig Method" with a little bit of Bob Dylan (without the talent of either) after discovering we weren't allowed to use Powerpoint. A bunch of folks have asked us for a copy of the video. Unfortunately, in the original cut of the video, it's tough to see the handheld slides, so we redid the video superimposing the actual slides on the screen behind me so that people watching the video can read them. We also figured it's a good, quick way for people to understand what we're doing with the Techdirt Insight Community:

If the Techdirt Insight Community sounds interesting to you either as a company or as an expert come on over and join up.

I wonder what $8500 worth of discipline is?

Student jailed after asking for Denver cop's ID wins $8,500

By Howard Pankratz Denver Post Staff Writer Article Last Updated: 05/17/2007 01:45:44 AM MDT

Denver will pay $8,500 to a man arrested after asking an officer for his identification, and police will provide training to prevent a similar incident, the American Civil Liberties Union of Colorado announced Wednesday.

Evan Herzoff was handcuffed, arrested and forced to spend a night in jail last year after asking for a police officer's business card, said Taylor Pendergrass, ACLU staff attorney.

The training bulletin will state that no retaliatory action is to be taken against citizens based on a request for an officer's identification.

But Jamie Wynn, an assistant Denver city attorney, said the city and the ACLU don't have a settlement at this point.

"It is contingent on City Council approval," she said. "We are intending to take it to the City Council, and, certainly, we are hopeful."

Pendergrass said that Herzoff, a University of Colorado at Denver student and a local CopWatch volunteer, was walking home April 8, 2006, when he saw police arresting an individual.

Herzoff, who had a small camera with him, started filming the arrest. Officer Jeffrey Morgan approached Herzoff and asked for his identification.

After looking at the identification, Morgan told Herzoff he was free to go but arrested Herzoff when he asked for Morgan's business card.

Morgan cited Herzoff for trespassing, but the charge was later dismissed.

Richard Rosenthal, the independent monitor for the city of Denver, said Wednesday that the original complaint about the incident came to his office, and he sent it to police internal affairs.

"We actively monitored the investigation," Rosenthal said. "We sat in on the interviews to make sure they were thorough and complete."

Rosenthal said disciplinary action was taken against the officer after the incident was reviewed by police commanders, the police chief and the manager of safety.

Rosenthal said he is prohibited from saying what that discipline was.

Not a very comprehensive report...

Study Finds 25 Countries Block Web Sites

By ANICK JESDANUN AP Internet Writer May 18, 12:47 AM EDT

NEW YORK (AP) -- At least 25 countries around the world block Web sites for political, social or other reasons as governments seek to assert authority over a network meant to be borderless, according to a study out Friday.

[The report isn't there yet... Bob]

Thursday, May 17, 2007

You can never start too young.

Security breach involves recent births

Parents' personal, medical information improperly discarded

By GAYLE WHITE The Atlanta Journal-Constitution Published on: 05/17/07

State officials are warning parents of 140,000 Georgia babies that a security lapse has exposed some of their personal and medical information to the risk of fraud.

The Georgia Department of Human Resources mailed letters Wednesday to all parents of infants born in Georgia between April 1, 2006, and March 16, 2007, saying that paper records containing their Social Security numbers and information about their medical histories were improperly discarded.

... The forms are supposed to be shredded after the information is entered into a computer for public health analysis, but he said amid staff turnover, the shredding was not done.

Staff at the state vital records facility at 1600 Skyland Drive N.E., Atlanta, discovered the breach in March after a television investigative reporter raised questions, Brown said. But, he said, his office was not notified until Tuesday.

Failure to consider security?

IPS student data exposed

Confidential info about thousands of students was available online

By Andy Gammill 3:22 AM May 17, 2007

In what appears to be one of the broadest online school security failures ever in the U.S., thousands of confidential Indianapolis Public Schools student records were available to the public through Google searches.

An Indianapolis Star reporter using Google found information on at least 7,500 students and some staff members, including phone numbers, birth dates, medical information and Social Security numbers. Such student information is required to be kept private under federal law.

Internet security experts said the inadvertent release of information resulted from a network setup that was sloppy. It appears that teachers and students unwittingly posted the files to the Web when they tried to save their work on the system.

... "We will protect this information in the future," Superintendent Eugene White said. "This matter has received the highest priority of the district, and the IT department has made the necessary changes."

He also said the district would continue to investigate what went wrong.

Yet, in an example of the complexities of the Internet, copies of the records may remain accessible on other computers for some time. Wednesday night, duplicate versions remained up on Google.

... The district could face a state or federal inquiry if parents file complaints and could face lawsuits if any of the information was misused.

... The records reveal medical details, such as diagnoses of special education students. Others are rosters of students that include names, addresses, home phone numbers, birth dates and other information.

A suspension list from Donnan Middle School and all the locker combinations at Marshall Middle School were among the files.

... It was unclear Wednesday whether the software IPS uses, ANGEL Learning Management Suite developed by Indianapolis-based ANGEL Learning, played a role in the security failure.

The company's chief executive officer, Christopher Clapp, said he didn't have enough information to make that determination.

We can, therefore we must... (First Alzheimer's patients, then Democrats!)

Plan to 'chip' Alzheimer's patients causes protest

19 May 2007 Celeste Biever New Scientist Print Edition.

... The battle lines are being drawn in a quiet corner of West Palm Beach, Florida. On 12 May, some 30 protesters held an inter-faith prayer vigil (pictured above) outside Alzheimer's Community Care, a day-care facility for people with dementia. At issue is the facility's plan to implant 200 patients with microchips manufactured and donated by VeriChip of nearby Delray Beach.

We will get to that, as soon as we finish counting the chad...” New ad campaign: “Visit Florida, Still the best place for ID Thieves”

Florida extends deadline for redacting data from online records -- again

Jaikumar Vijayan

May 16, 2007 (Computerworld) County clerks in Florida have been given more time by state lawmakers to remove Social Security numbers, bank account details, credit card numbers and other personal data from images of public records posted on their Web sites.

The state Senate early this month voted 40-0 for a bill (download document) that gives court clerks until Jan. 1, 2011, to redact personally identifiable data from images of title deeds, tax liens, court papers and other public records filed with their offices. Until then, individuals in the state who want personal data removed from their online public records must specifically ask for it to be redacted. [That procedure will no doubt add a huge workload to the court clerks... Bob]

... This is the third time the deadline has been extended.

... "The whole thing is just stupid," said B.J. Ostergren, a Virginia-based privacy advocate who runs a Web-site called The Virginia Watchdog to highlight the problem. "I can't understand why they are giving clerks three more years to remove Social Security numbers off those records," when other counties in Florida have already completed their redactions or are well on their way to doing so, she said.

... In Texas, an association of county and court clerks earlier this year succeeded in getting state lawmakers to approve a bill that essentially exempts them from liability when they disclose "in the ordinary course of business" Social Security numbers contained in documents held by their offices.

... Florida's Orange County, for instance, completed an 18-month redaction effort last October in which it reviewed more than 30 million pages in more than 12 million public records for personal data. In the end, 777,635 documents, about 2.5% of the total reviewed, were found to contain personal data that needed to be redacted.

Will this catch on? Probably. Interesting business model in any case...

Visa, MasterCard, AmEx... Driver's Licenses?

from the no-cash dept

Credit-card processing fees continue to be a growing burden for retailers, particularly in low-margin operations like grocery stores and gas stations. This is fuelling a lot of interest in alternative payment systems that seek to cut out credit-card companies, though they face formidable competition in the form of the cards' ubiquity and convenience. One company is seeking to overcome that by turning people's driver's licenses into debit cards (via Payments News). Users link their bank account to their driver's license number, and make purchases at participating retailers using the license and a PIN code. The service is already being used by some gas stations, who are very happy with it since the company charges a flat 15 cents per transaction, rather than a variable percentage, as credit cards do. The main sticking point is, of course, security -- with plenty of people hesitant to start using their drivers' license for payments, and authorities saying they don't endorse the idea. This may not be a perfect solution, but it does indicate the sort of system that will be needed to meet the demand for a payment alternative to credit cards. Since this change will be retailer-driven -- as the costs of payment processing are generally invisible to consumers -- any viable solution will have to offer benefits to consumers that are at least equal to those offered by existing payment mechanisms.

Attention Spring graduates!

Why Monster Isn't The Monster It Once Was

from the long-tail-of-jobs dept

Microsoft's recently acquired stake in Careerbuilder has brought renewed interest to online job sites, like, which some now see as a takeover candidate. But despite the initial promise that online job boards would make the process of hiring and finding a job much more efficient, many have felt that they've never really lived up to the hype. The flood of useless resumes that companies receive often means that posting a job to a major site is more trouble than it's worth. The industry is now starting to iron out its kinks, but in a way that's not to the benefit of the major sites, like Careerbuilder and While their traffic sags, business is booming at niche sites (via alarm:clock), like, which only lists public sector jobs. The benefits to to employee and employer are clear, as these sites allow for a more targeted search. So while companies like Microsoft (and maybe Google) look to get into this space, this trend emphasizes the fact that they should build platforms for third parties to do job search, rather than simply trying to buy the market leaders.

Yet they continue to insist that DRM works!

Newest AACS circumvented: The Matrix Trilogy set free

Posted May 17th 2007 2:59AM by Thomas Ricker

Just in case you didn't already piece it together, many (if not all) of the new HD DVD and Blu-ray Disc titles set for release on May 22nd will feature the latest revisions to AACS. Right, the update hinted at by those forced user updates to the WinDVD and PowerDVD software. Yeah, well no worries... it's cracked. That's right, a week before the disks have even hit the shops, the kids over at Slysoft have already released AnyDVD HD (beta) which kicks AACS MKB v3 swiftly to the curb. Thus you can continue to rip all your newly purchased HD DVD and BD flicks for playback any damn way you like. The update has already been demonstrated to work with an early-shipped release of The Matrix Trilogy on HD DVD and will likely work for Pirates of the Caribbean - Dead Man's Chest when it arrives on Blu-ray. Come on AACS LA, you're gonna have to at least try. Better yet, why not just give up this silly charade.

What kind of France is this?

Presidential Politics: What to Expect from France's Nicolas Sarkozy

Published: May 16, 2007 in Knowledge@Wharton

... Sarkozy is depicted as a friend, but also a critic, of the U.S.; as a supporter, to some degree, of the European Union; and as a reformer bent on changing France's burdensome labor laws, but also willing to meet with union leaders.

Wednesday, May 16, 2007

Suspicions confirmed

Indian Visa Application Data Easily Accessible Using Old 'Change Number In URL' Trick

from the very-very-secure dept

The folks over at Daniweb have submitted their story about the online visa application system in India. Approximately a year ago, someone who was using the system ran into a problem, where all the work he had done in filling out the application seemed to disappear, and the back button wasn't work. So he tried making small changes to the URL... which gave him access to someone else's visa application. There are plenty of online systems that do this, but you would expect something a little more secure when it comes to government documents that include all sorts of personal info. The guy notified those responsible, and his alert was promptly ignored. It was only after they were contacted a second time, by the person writing the article about it, that they took it seriously enough to finally plug the hole. With governments leaking data all the time, is it any wonder that people don't feel particularly safe when the government wants even more data from us, while promising that there's no way it would ever be leaked?

TJX Financials for the quarter ended April 28, 2007


Notes to Consolidated Condensed Statements

... TJX recorded an after-tax charge of approximately $12 million, or $0.03 per share, for costs incurred during the first quarter in connection with the Computer Intrusion in addition to an after-tax charge of approximately $3 million for such costs recorded in the fourth quarter of fiscal 2007.

Is this the way to do it? Seems to me it encourages taking data home...

VA buys 25K secure thumb drives

Tuesday, May 15 2007 @ 06:51 AM CDT - Contributed by: PrivacyNews - Fed. Govt.

The Veterans Affairs Department awarded a contract to Kanguru Solutions of Millis, Mass., for 25,000 encrypted USB flash drives to help ensure the security of VA’s sensitive data. Kanguru will deliver the drives by the end of this month.

Source - FCW

Please push this! It could be very entertaining...

MySpace Explains The Law To States' Attorneys General

from the so,-the-first-thing-you-need-to-do-is... dept

Following the ridiculous grandstanding by a group of 8 state attorneys general, MySpace has responded to the demand that they hand over the names of sex offenders who are registered on the site by noting that to do so would be against the law. Specifically, it would violate the Electronic Communications Privacy Act (ECPA). You would think that someone in the position of Attorney General would know the law -- but why let the law come between you and a little grandstanding publicity "for the children?" MySpace also notes that it's been pretty successful in finding and blocking sex offenders, so the whole thing is quite overblown. You have to hand it to MySpace. It's nice to see them resist just handing over info to the government, rather than, say, pulling a Verizon and claiming a first amendment right to hand your info over to the government.

Rethinking without thinking?

Court Ruling May Narrow Section 230 Protection

from the exempt-exemptions dept

The government's attempts to regulate the internet are almost always misguided, but section 230 of the Communications Decency Act stands out as a rare instance of foresight, as it specifies that website proprietors aren't, in general, legally liable for content posted by users. As more and more sites are built on user-generated content, this protection has only grown in importance. However, a decision handed down today by the Ninth Circuit may narrow section 230 protection (via Above The Law) to some extent. At issue is whether the site is on the hook for ads posted by its users that violate the Fair Housing Act by specifying the race and gender of the desired roommate. If you'll recall, Craigslist faced the exact same issue, but was cleared, so you might think that the same would apply in here. However, in this case, the court ruled that the site is not necessarily protected because it provides a form that specifically invites users to fill out a potentially illegal roommate preference. The court reasoned, by analogy, that a hypothetical site called would not warrant protection if it specifically asked that its users furnish defamatory information on individuals. However, the court did say that could not be held liable for comments on the site that were separate from the forms it offered to users. It's still not clear what's going to happen here, or what this means for other sites that depend on section 230 immunity, though it would seem to have little effect on most sites that simply have an open comments section. As for, it's likely it will try to avoid the problem by letting its users post free-form roommate ads, so that it's not suggesting anything illegal.

I'll look for the transcript – should be amusing.

RIAA’s IP Gathering Techniques About to be Busted

Written by Ernesto on May 15, 2007

RIAA’s shoddy data gathering techniques are unlawful and shouldn’t be used as legal evidence. This is what a Dutch court concluded based on the expert witness statement from Dr Johan Pouwelse, who is about to testify in the UMG v. Lindor case in the US.

Dr. Pouwelse is hired by Ray Beckerman, Mrs Lindor’s lawyer, to give his expert opinion on the RIAA’s IP-harvesting techniques.

Among others, the RIAA hires the US based company MediaSentry to monitor file-sharing networks for infringements of their client’s media. MediaSentry’s job is to identify and trace IP addresses they claim are engaged in such activity.

MediaSentry’s effectiveness has been called into question by Dr. Pouwelse in Foundation v. UPC Nederland. It was concluded that the “shoddy” way MediaSentry collects and processes IP addresses has no lawful basis. When the US court reaches the same conclusions, this will have great implications for many other RIAA lawsuits.

As Jon from P2Pnet puts it; “Pouwelse’s evidence will be a landmark and it’ll be re-employed by attorneys the length and breadth of America who are working to prove the innocence of their clients who, like Mrs Lindor, are falsely held up to be unprincipled, hard-core criminals and thieves.”

Pouwelse is founding father of the Tribler BitTorrent client and currently employed as an Assistant Professor at Delft University of Technology in the Netherlands.

Stay “tuned”.

Tuesday, May 15, 2007

Something is missing here – they can't be that ignorant...

CCSN Warns 197,000 Students of Computer Security Breach

Edward Lawrence, Reporter May 14, 2007 07:13 PM

There's a warning for current and former students at the Community College of Southern Nevada to check their credit.

School officials say a virus attacked one of the school's computer servers, which possibly contained students' personal information, names, social security numbers and dates of birth. Eyewitness News discovered this affects 197,000 people.

The attack happened on the West Charleston and Torrey Pines campus, but could have been launched from anywhere. The virus bounced from place to place over the Internet hiding its tracks before attaching to a server at CCSN.

CCSN president Richard Carpenter says the virus could have allowed a hacker to access student records on the server but that it is not certain whether anything was actually stolen from the school's computer system.

Carpenter says the malicious virus attack happened at the end of February. However, a letter warning the potential victims of identity theft was mailed at the end of last week.

... Carpenter says the school waited to notify the current and former students until technicians finished their investigation. "Our reason for alerting the students involved is not because we think their data was acquired. We don't. But there is an outside possibility it was," Carpenter explained.

School technicians discovered the virus four days after it attached to the server. They pulled the server offline and had each of the 197,000 files examined [unlikely each student had their own file... Bob] to see if it was downloaded. The school then sent the server to a third-party for an examination.

Again, CCSN President Richard Carpenter thinks no information was taken, but cannot be sure. That's why the school mailed letters to all potential victims and replaced all social security numbers in all the servers with school identification numbers. [Governments claim this will take “years” Bob]

Inevitable. Amusing?,1759,2129790,00.asp?kc=EWRSS03119TX1K0000594

DHS Employees Sue TSA over Lost Hard Drive

May 14, 2007 By Lisa Vaas

The American Federation of Government Employees is suing the Transportation Security Administration after the TSA lost a hard drive containing employment records for some 100,000 individuals.

... In AFGE, et al v. Kip Hawley and TSA, the AFGE claims that by failing to establish safeguards to ensure the security and confidentiality of personnel records, TSA violated both the ATSA (Aviation and Transportation Security Act) and the Privacy Act of 1974.

Forcing data storage into offshore data havens? (Data haven are like tax havens) ...and didn't TJX pass its PCI audits?

Texas mulls bill that would make PCI requirements a state law

Retailers that accept credit cards would be financially liable for data breach costs

Jaikumar Vijayan

... The state's House of Representatives last week voted 139-0 in favor of a bill that would formally codify PCI requirements into a state law that merchants would be obliged to comply with if passed.

“We don't need no stinking subpoenas!” Part 96... Consti-who-tion?

State Police, ACLU at odds over phone records legislation

May 14, 2007

PROVIDENCE, R.I. --Police departments would be able to obtain Rhode Islanders' telephone and Internet records without court review or a warrant under legislation pending before the General Assembly.

“We want your files?”

Thousands of sex offenders discovered on MySpace

By Scott Malone Mon May 14, 2007 3:38PM EDT

BOSTON (Reuters) - Thousands of convicted sex offenders have registered for profiles on social networking Web site MySpace, [How do they know? Bob] posing a risk to children who are among the site's most avid users, eight U.S. attorneys general said on Monday.

Connecticut Attorney General Richard Blumenthal and counterparts in seven states called on the company, owned by media tycoon Rupert Murdoch's News Corp., to hand over the offenders' names and addresses. [How do they not know? Bob]

Sources told the attorneys general that MySpace had discovered thousands of sex offenders on its site in an internal investigation, Blumenthal said. He did not give the identity of the sources. [I don't think this explains it... Bob]

Toward ubiquitous surveillance...,1759,2129979,00.asp?kc=EWRSS03119TX1K0000594

Calculators Tell Teachers Which Pupils Need Help

By Philipp Gollner, Reuters May 14, 2007

NEW YORK (Reuters)—Texas Instruments, whose calculators helped make the company a household name, has found a way to help teachers quickly identify students who may be failing math, CEO Rich Templeton said on May 14.

The so-called TI-Navigator sends wireless signals from pupils' handheld calculators to a personal-computer screen that lets instructors correct and analyze errors in real time.

"The teacher can understand who's not getting it" by assessing which functions students keyed into their calculators, Templeton said at the Reuters Global Technology, Media and Telecoms Summit in New York.

Always interesting...

Schneier on Security

A blog covering security and security technology.

May 14, 2007

Does Secrecy Help Protect Personal Information?

Personal information protection is an economic problem, not a security problem.

Old ideas, but not from legal scholars.

Gonzales proposes new crime: "Attempted" copyright infringement

Posted by Declan McCullagh May 15, 2007 2:00 AM PDT

Attorney General Alberto Gonzales is pressing the U.S. Congress to enact a sweeping intellectual property bill that would increase criminal penalties for copyright infringement, including "attempts" to commit piracy.

"To meet the global challenges of IP crime, our criminal laws must be kept updated," Gonzales said during a speech before the U.S. Chamber of Commerce in Washington on Monday.

The Bush administration is throwing its support behind a proposal called the Intellectual Property Protection Act of 2007, which is likely to receive the enthusiastic support of the movie and music industries and would represent the most dramatic rewrite of copyright law since a 2005 measure dealing with pre-release piracy.

Here's our podcast on the topic.

The IPPA would, for instance:

* Criminalize "attempting" to infringe copyright. Federal law currently punishes not-for-profit copyright infringement with between 1 and 10 years in prison, but there has to be actual infringement that takes place. The IPPA would eliminate that requirement. (The Justice Department's summary of the legislation says: "It is a general tenet of the criminal law that those who attempt to commit a crime but do not complete it are as morally culpable as those who succeed in doing so.")

* Create a new crime of life imprisonment for using pirated software.

* Permit more wiretaps for piracy investigations.

* Allow computers to be seized more readily.

* Increase penalties for violating the Digital Millennium Copyright Act's anti-circumvention regulations.

* Add penalties for "intended" copyright crimes.

* Require Homeland Security to alert the Recording Industry Association of America. [Now I see who drafted this law... Bob]

Worth watching...

May 14, 2007

CeRI: Cornell e-Rulemaking Initiative

CeRI: Cornell e-Rulemaking Initiative: "The Cornell e-Rulemaking Initiative brings together faculty and students from several disciplines and the legal informatics professionals at LII. We consult with government agencies on, and engage in theoretical and applied research about, the technology and practice of e-rulemaking and related areas of e-government. An alliance of broad-ranging scholarly expertise with LII's recognized proficiency in Web-based provision of legal information, CeRI's goals are:

  • Helping agencies use the transition to Internet-based rulemaking as an opportunity to improve the quality and efficiency of their regulatory practice.

  • Facilitating public and private efforts to realize e-rulemaking's potential for increasing citizen understanding of, and participation in, government policymaking.

  • Assisting, and actively promoting, agency experimentation in Internet-based ways to elicit public participation beyond just the notice-and-comment process.

  • Increasing the data available to scholars on rulemaking practices, as well as on how agencies manage and change in light of significant shifts in technology."

Worth watching covertly...

May 14, 2007

CIA Unveils New Web Site

Press release: "On Monday, May 14, 2007, the CIA unveiled its newly designed public Web site. The new site is an extension of the CIA’s social contract with the American people... In addition to a new look and feel, the redesigned introduces a variety of interactive features – including videos and virtual tours – and revamped, updated and improved content.

Key changes include:

  • A movie on the homepage that easily and quickly details who we are and what we do

  • Virtual tours of CIA Headquarters and the CIA Museum

Kerfuffle followup.

Men Apologize For Boston Cartoon Stunt

BOSTON, May. 11, 2007(AP) Prosecutors said they would not pursue charges against two men who planted electronic devices around the city as part of a botched advertising campaign after the pair apologized Friday for causing a bomb scare.

Peter Berdovsky, 27, and Sean Stevens, 28, also performed community service at a rehabilitation center in a deal with prosecutors.

In contrast to their first court appearance in January, when they mugged for the camera and waved to friends in the courtroom, the men offered contrite apologies and said they never expected the stunt to cause any turmoil.

... The two were accused of planting about three dozen battery-powered devices in Boston and Cambridge on Jan. 31. The devices, a promotion for Cartoon Network, had lights that created images of a cartoon character making an obscene gesture. [Sure to please the Boston market? Bob]

... Similar signs were placed in nine other cities around the United States, but only in Boston did they elicit such a response.

Berdovsky and Stevens were charged with placing a hoax device and disorderly conduct.

... Berdovsky performed 80 hours of service and Stevens completed 60 hours at the Spaulding Rehabilitation Center in Boston.

... Turner Broadcasting and the advertising agency that carried out the campaign, Interference Inc., agreed to pay a $2 million settlement to cover costs and restitution for the law enforcement response. The head of the Cartoon Network resigned nine days after the stunt.

Watching your cat while you work? (They also list some services...)

Remote Home Monitoring: Passing Fad or Wave of the Future?

By Bill Ablondi TechNewsWorld 05/14/07 3:38 PM PT

With an estimated 80 million households using broadband Internet by 2010, what does the future look like for remote home monitoring services? When looking into the face of a new market opportunity to quantify its magnitude, sometimes it's useful to examine where people currently spend their money and if some of this spending could be diverted to an alternative.

... Here are some of our key assumptions based on our research and analysis:

  • Self-monitoring systems will appeal to some households with security systems installed.

  • Five to 6 percent of households with a security system will adopt self-monitoring capability in the next 12 to 18 months; 12 to 15 percent will do so in five years.

  • Not all of these households will be willing to pay for self-notification services; most will opt for free services.

  • Households with no security system currently installed are less likely to adopt some form of self-monitoring capability.

  • Only 0.5 to 0.6 percent will adopt in next 12 to18 months; 1 to 1.5 percent will do so in five years.

  • Overall, 4 to 5 percent of households that opt for some form of self-monitoring system will pay for a notification service in the next 12 to 18 months; this will increase to 15 to 20 percent within five years.

Replacing the SCO litigation?

Microsoft desperate, says target

Open source alternative to Office incredulous over Microsoft's claims

By Gregg Keizer, Computerworld May 14, 2007 Monday called Microsoft's assertion that its open source application suite violates 45 of its patents "a desperate act."

Business opportunities abound...,1759,2129527,00.asp?kc=EWRSS03119TX1K0000594

Online Retail Years Away from Saturation: Survey

By Reuters May 14, 2007

LOS ANGELES—E-commerce is moving "full steam ahead" and is years away from saturation, with double-digit growth expected for several years, according to an online retail industry report published on Sunday.

... But it is not quite time to shutter that brick-and-mortar store. The online retail industry still only accounts for 7 percent of total retail sales, excluding travel. But certain categories represent a much higher percentage, like computers, where online sales make up 44 percent of the total.

The food and beverage category, by contrast, represents only 1 percent.

Critical advice (from the Wall Street Journal no less!)

How to Be a Star in a YouTube World

What it takes to stand out when anyone can be an entertainer

By MICHAEL TOTTY May 14, 2007; Page R1

There are millions of people trying to get noticed on the Web, with everything from blogs to podcasts to videos. So with the huge glut of material out there, how do amateurs get attention -- let alone become bona fide online stars?

... It turns out that success in the new-media world depends on a lot of the same things as in the old-media universe.

Will everyone learn this or die?

CBS Learns The Lesson Quickly: Don't Build Your Own Destination; Syndicate Your Video Content

from the go-forth-and-multiply dept

Whenever we talk about the ridiculousness of big media companies demanding all their content be stripped from YouTube, people show up in the comments saying that they need to do this in order to build their own destination site for video. That doesn't make sense. In a world where attention may be the scarcest resource of them all, you should want your content spread as widely as possible. It appears that CBS is the first of the major networks to get this. While the company had tried to build its own video destination site for its content, it's now admitting that it should have been called CBS is learning that people don't want to have to hunt down your silo for content and deal with your redesign and usability issues. They want the content wherever its easiest to get it -- and CBS has decided to comply. Rather than focusing on building out its own destination site, the network is going to push to get its content syndicated everywhere possible. This really isn't that surprising, given that CBS was one of the few networks to recognize that YouTube actually increased viewership of its TV shows. However, it is a bit amusing to think that CBS was just recently split off from Viacom, who has gone in the exact opposite direction.

Perhaps less protesting would have reduced the “Streisand Effect”

BBC Scientology documentary: Watch it in full online

For the next 7 days you can watch the BBC's documentary about Scientology in full on their website. Click 'Watch Now' at the top of TFA.