Oh my, how unexpected.
Ohio Data Leak Gets Pinned On The Intern
from the passing-the-buck-eye dept
You might remember the recent data leak in Ohio, where personal info on a million or so people was lost, after a storage device containing it was stolen from an intern's car. The intern, who apparently took the device home with him as part of a security protocol, has now been fired by the state, and says he's being made the scapegoat for the loss. [What, you expected the Governor to assume responsibility? Bob] Despite the governor's claims to the contrary, of course the intern's being scapegoated, even though he apparently was just doing what he was told. That's how things work with data leaks: the buck is passed, and responsibility shirked. In this instance, the state can say the responsible party has been fired, glossing over the fact that he was apparently just following directions he'd been given, and that the real problem here was a flawed security plan that was either devised by an idiot, [I'd like to vote for that one, but Ignorance is much more likely... Bob] or, more likely, by somebody who didn't take the security of other people's personal info very seriously. That's the problem here: nobody seems to care when it's other people's data. There are never any real ramifications from these leaks, as long as companies or governments are seen to have some security plan in place, even if it's not a good one. Until that changes -- and the scapegoating and responsibility shirking stops -- data leaks and breaches are going to keep on coming.
Perhaps their encryption is weak?
Newcastle Council admits to data breach
Card payment details on insecure server for 15 months
Andrew Charlesworth, vnunet.com, 27 Jul 2007
Newcastle City Council has confessed to exposing up to 54,000 credit and debit card details between February 2006 and April 2007.
... The information was contained in a file of transaction details about payments to the council for business rates, council tax, rent and parking fines. The file was encrypted but uploaded to an insecure server. [So in the US, this would not be considered a breach Bob]
Newcastle's security breach came to light last Thursday during an independent security review commissioned by the council.
... UK companies are not obliged to reveal such security breaches. The California Security Breach Information Act, made law on 1 July 2003, compels Californian companies to inform all those affected by a breach, under the threat of heavy penalties for failing to comply.
Think you're confused about Privacy? (They should have said, “Google promises not to keep any data about you, except as required by law.”)
The Pointless Privacy Debate
By Larry Downes July 27, 2007
The battle over consumer data protection may be more about money-making opportunities than user safety.
In response to criticism from a british privacy group and European Union data overseers, Google recently announced it would anonymize data it retains on user searches after 18 months.
The EU applauded the move as it had lauded Google's agreement to comply with its 2005 directive requiring service providers to retain all identifiable records up to two years. Huh?
E-Discovery Evidence suggesting why we couldn't find the evidence?
Merely Cloaking Data May Be Incriminating?
Posted by Zonk on Friday July 27, @07:39PM from the what's-mine-is-mine dept. Privacy Encryption
n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"
[As often happens, the comments are interesting. Like this one...
Any compression system might be viewed as encryption if you don't know how to decompress it.
I actually had to throw together an encryption system today to store some archival material online. I wrote a one time pad in python where my pad was just a jpeg of a mountain I had lying around. I contend that my ciphertext is art, a picture of a mountain combined with some literature. Who's to say it isn't?
As goes California, so goes the country!
California: E-voting security not up to snuff
Research teams contracted by the state found security issues in every single e-voting system tested, casting doubt on the reliability and security of e-voting
By Robert McMillan, IDG News Service July 27, 2007
Researchers commissioned by the State of California have found security issues in every electronic voting system they tested, California Secretary of State Debra Bowen said Friday.
... "The security teams were able to bypass both physical and software security in every system they tested," Bowen said Friday during a conference call with media.
Bowen is set to decide by Aug. 3 which systems will be certified for use in the 2008 presidential primaries.
... California's review is the most thorough review of voting machine technology yet undertaken in the U.S.
Oh look! Business Strategy 101
Washington Post Shows That The Newspaper Business Isn't Doomed
from the doing-okay dept
While many in the newspaper business are whining about the struggles some newspapers face, a few in the actual newspaper business are actually adapting and thriving. A detailed article in Fortune takes a look at how the Washington Post has thrived, while its competitors have struggled. The keys aren't too surprising: diversify away from just news, embrace new outlets for news and invest in unique investigative reporting skills. There are still plenty of questions, but it becomes clear very quickly that the Washington Post knows that it's future is quite different than it's past -- and it's not going to wait around to find out how things play out. Instead, it wants to drive news innovations forward, while others complain that nothing can be done.
Update: Intel accused of breaching European antitrust rules
Intel has 10 weeks to reply to the EC's accusation that it abused its position in the microprocessor market to exclude rival AMD
By Peter Sayer, IDG News Service July 27, 2007
Just because it legalizes SPAM doesn't mean it can't also harm small businesses...
List Building: Is Your Email Within The Law?
Tellman H. Knudson
It's been almost three and a half years since the U. S. CAN-SPAM act went into effect, and though it didn't help to stem the flow of spam into our inboxes every day, you still have to follow the law.
Here are some important parts of the law:
This looks interesting. I wish I spoke British...
BBC launches free Internet TV service
Fri Jul 27, 2007 11:03AM EDT By Peter Griffiths
LONDON (Reuters) - Billed as the biggest change in the way viewers watch television in 40 years, the BBC launched an online service on Friday that allows people to download many programs from the last week.
BBC Director General Mark Thompson says the arrival of the "on-demand" iPlayer is as important as the first color broadcasts in the 1960s.
Viewers can choose from 400 hours of programs, between 60 and 70 percent of the total TV output, including hit shows such as "EastEnders, "Doctor Who" and "Planet Earth".
It faces competition from similar services provided by Channel 4 and ITV and from increasingly popular video-sharing sites such as YouTube.
The growth of the Internet, mobiles and hard-drive recorders that save hours of programs, has destroyed the notion of fixed TV schedules delivered through a TV in the corner of the room.
Broadcasters are under pressure to hold on to viewers by letting them watch programs when and where they want.
"Our vision is for BBC iPlayer to become a universal service available not just over the Internet, but also on cable and other TV platforms, and eventually on mobiles and smart handheld devices," said the BBC's Ashley Highfield, director of future media and technology.
The service, at www.bbc.co.uk/iplayer, is free, but people will not be allowed to save permanent copies to their computer. It could take 30 minutes to download an hour-long show.
It is only available to people living in Britain with computers that run the Microsoft XP operating system.
Programs will be automatically deleted after viewing or after 30 days. Copyright protection software will prevent the copying of shows. [Want to bet? Bob]