Saturday, September 08, 2007

A little slow to disclose?

McKesson: Stolen Computers Contain Patient Information

Friday, September 07 2007 @ 04:23 PM CDT Contributed by: PrivacyNews News Section: Breaches

Health-care services company, McKesson, is alerting thousands of its patients that their personal information is at risk after two of its computers were stolen from an office.

The company, which helps pharmaceutical manufacturers set up assistance programs for patients in need, sent out a letter alerting patients that the computers were stolen on July 18. The names of the people being alerted were on one of the two PCs, but it's not known how much of their accompanying identifying information was also contained on the machines.

Source - InformationWeek

[From the article:

The company representative said it's not clear if the data on the machines was encrypted. [“We don't know what the hell we're doing...” Bob]

Clueless in Canada?

Ca: CHR patient data stolen

Saturday, September 08 2007 @ 06:41 AM CDT Contributed by: PrivacyNews News Section: Breaches

Patient information has been compromised after Calgary Health Region computers were stolen in a sophisticated break-and-enter early yesterday, officials said.

... "Apart from other electronics, seven laptops were stolen, two of which contained patient information."

How sensitive the information in the stolen machines is and how much there is isn't yet known, [“We have no idea what our employees do, and they have no idea what data they do it with...” Bob] said Rougeau.

Source - Calgary Sun

This is interesting...

ID Theft Research Group to Come Out of the Shadows

Friday, September 07 2007 @ 05:05 PM CDT Contributed by: PrivacyNews News Section: Breaches

The Center for Identity Management and Information Protection (CIMIP) has kept a low profile since its inception over a year ago, but that's about to change: The public-private partnership that includes IBM, the U.S. Secret Service, and the FBI, has just broken ground on a new multi-million dollar secured facility, and next month will release some surprising findings about the bad guys behind identity theft.

Source - Dark Reading

So is this (some of the same folks as in the previous story)

International Journal of Digital Evidence

The major drawback is that US “broadband” is much slower that broadband in third world countries. That will need to change.,1759,2180379,00.asp?kc=EWRSS03119TX1K0000594

Analysts Predict Death of Traditional Network Security

By Brian Prince September 7, 2007

As the number of mobile workers grow, businesses will be forced to opt for desktop virtualization, Forrester analysts say.

Robert Whiteley and Natalie Lambert have seen the future—and in it, traditional network security is dead. At least that is the message the two Forrester Research analysts delivered to a crowd at the Forrester Security Forum in Atlanta Sept. 6.

According to them, in the next five years the Internet will be the primary connectivity method for businesses, replacing their private network infrastructure as the number of mobile workers, contractors and other third-party users continues to grow. In this new world, which Whiteley and Lambert called "Internet Everywhere," corporations will have to redefine network security and focus on data encryption, managing risk at the endpoint and having strict data access controls, they said.

Some corporations, such as the energy giant BP, have already taken big steps towards deperimeterization—a term created by the Jericho Forum to describe a strategy that focuses on protecting data with tactics such as encryption rather than traditional efforts aimed at fending off attacks from intruders at the network's boundary. BP has taken some 18,000 of its 85,000 laptops off its LAN and allowed them to connect directly to the Internet, the two said.

... Desktop virtualization allows a PC's operating system and applications to execute in a secure area separate from the underlying hardware and software platform. Its security advantages have become a major selling point, as all a virtualized terminal can do is display information; if it is lost or stolen, no corporate data would likely be compromised since it wouldn't be stored on the local hard drive.

This wouldn't be interesting except for the “We didn't know... “ aspect. Is this a one-in-a-billion situation? (see next article)

National Intelligence Web site no longer invisible to search engines

Posted by Declan McCullagh September 7, 2007 4:30 PM PDT

Until a few hours ago, the Web site of National Intelligence Director Mike McConnell had been invisible in Google, MSN and Yahoo searches. That's because's robots.txt file told search engines to stay away. [This is not a default, it requires action by someone. Bob]

Now it's been fixed. DNI spokesman Ross Feinstein told me, apologetically, a moment ago: "When we saw your story posted, I asked our developers to look into it... We certainly appreciate you bringing it to our attention. It's a public Web site. We want it to be indexed. We're not even sure how (the robots.txt file) got there." [The Tooth Fairy strikes again! Bob]

Typically, updates to a database are fed back to the updater, allowing them to confirm that ALL the updates were made. This is Programming 101.

Database Glitch Trips Up Terrorist Screening

By Lara Jakes Jordan AP 09/07/07 8:25 AM PT

A database mistake on the part of the FBI resulted in the records of 20 terror suspects not being available to front-line screeners, an audit found. The problem is that records for two systems that feed to and from the central terror watch list database don't match. The FBI says it is working on the problem and should have it fixed within six months.

... The audit by Justice Department Inspector General Glenn A. Fine gave the FBI mixed reviews for its efforts over the last two years to clean up its terror watch list database.

I wonder what this cost the taxpayers...,1,6329782.story?ctrack=1&cset=true

High technology off menu

After 1 day, Wilmette district's use of pupils' fingerprints to pay for lunches is put on hold because of privacy and legal concerns

By Lisa Black Tribune staff reporter September 7, 2007

Shortly after rolling out a new lunch program that allows pupils to pay for hot meals with a scan of their fingerprint, Wilmette school officials put the system on hold after learning that a new Illinois law limits the use of biometric information to protect children's privacy.

That, and the system didn't work, perhaps because of grubby fingers or a computer glitch, said officials from Wilmette Elementary School District 39.

"The jury is still out. We tried it just one day, and it was unsuccessful," said interim Supt. Ray Lechner. [Translation: “We're not done being stupid yet!” Bob]

The US isn't the only clueless government.,1759,2180443,00.asp?kc=EWRSS03119TX1K0000594

No-Defense Department

September 7, 2007 By Lisa Vaas

On July 18, Sunbelt Software came across a SQL command passed as a query within a URL belonging to an arm of a European country's military. With that, any visitor can pass queries in the URL straight to the back-end database and squeeze out any data, no password required.

At the time, the URL displayed what Sunbelt President Alex Eckelberry calls an "infantile" security screw-up: Namely, putting production code and a back-end database into the hands of anybody who wanders by. It was, in other words, a serious security vulnerability that even the most basic security policy should have forbidden, never mind the security policy of a major defense agency.

Sunbelt, of Clearwater, Fla., alerted security researchers from the country in question. They in turn assured Sunbelt that they would notify the defense agency.

End of story? Unfortunately not. Six weeks later, Sunbelt checked the site and found it was still a sitting duck, serving up military base information to any visitor who knows how to frame a SQL query, telling potential attackers exactly which database it was running and what operating system it was using, thereby painting a day-glow arrow toward the exact class of known vulnerabilities and exploits that could bring it to its knees.

Sunbelt alerted security researchers from the country in question. Again. They in turn assured Sunbelt that they would notify the defense agency. Again.

This is far from an anomaly. As evidenced by the recent attack on a portion of the Pentagon's network—allegedly perpetrated by the Chinese People's Liberation Army—continued vulnerability in defense establishments is leaving governments exposed and populaces at risk. What's worse, much of it is due to sheer sloppiness: Poor security policies, unpatched systems, you name it—nothing glamorous, nothing cutting-edge, just run-of-the-mill slacker lack of attention.

... But even without specifics from the horses' mouths, finding specific vulnerabilities on these sites isn't particularly difficult. Eckelberry directed eWEEK to simply Google "sex porn" Out of the 10 top hits Sept. 6 at 4:13 EDT, eight were for pornography somehow tied in to Web servers hosted by the government of California.

Same questions I asked only better...

Why Is The Justice Department Commenting On Net Neutrality?

from the not-really-their-area-of-interest dept

There's been a fair amount of chatter over the Justice Department's decision to comment to the FCC about network neutrality, but there's been almost no discussion as to why the Justice Department should be involved at all. It's true that the DOJ covers anti-trust issues, but this isn't about a merger or the potential to create a monopoly. While I'm not in favor of regulating network neutrality, there are a bunch of really questionable statements in the DOJ's filing that simply don't make much sense. Take, for example, the following statement: "Regulators should be careful not to impose regulations that could limit consumer choice and investment in broadband facilities." If the DOJ really feels that way, then shouldn't it have also come out against the FCC's decision to do-away with line sharing rules that actually did allow for competition? Does the DOJ not realize that the market for broadband is already heavily regulated, which is why most consumers here only have one or two choices -- compared to other countries that have created more open markets on top of the infrastructure, allowing for competition, faster speeds and increased innovation? Does the DOJ really not realize how many gov't subsidies and handouts have been given to the telcos so that they could build networks where no one else could enter the market in the same manner?

The DOJ also makes the bizarre argument that without breaking net neutrality, broadband providers will never make enough money to upgrade their networks. It's a dumb argument for the same reason that it's a dumb argument to claim that without network neutrality, it'll be too costly for certain sites to make enough money to offer cool services to users. Both arguments are ridiculous because they focus on the specific benefits to one private party and not how they impact the rest of the market -- and the DOJ shouldn't have any interest in focusing on the benefits of a single private party (and it's even worse for the DOJ to do so under the false guise of "free market" economics). Sure, without network neutrality telcos might be able to make more money in the short term. But you could just as easily argue that if network neutrality remains, it'll be easier (and cheaper) to create the next generation of killer apps that will make more bandwidth more valuable (allowing the telcos to profit handsomely). And, it's not even worth going into the DOJ's use of the thoroughly debunked claim comparing network neutrality to different delivery speeds at the post office. Basically, the DOJ brief (and, again, it's still not clear why they even have an opinion on this) repeats a bunch of the misleading half-truths that the telcos have spouted for months. Yet, it doesn't touch on the really key issue: there simply isn't real competition in the broadband market. Allowing the telcos to break network neutrality doesn't change that.

Free is good!

Taking the Open Road: University Libraries Explore Options

By Tracey Caldwell Information World Review 09/08/07 4:00 AM PT

The virtual learning environment could be where university libraries first encounter open source. An increasing number of content management and portal systems are also open source and many university libraries are involved in setting up open source repositories. As acceptance of open source grows, the next step will be to consider open source solutions for the core integrated library system.

... Open source learning management system (LMS) Moodle alone is now used in 56 percent of universities since its introduction three years ago, and the Open University has moved over to it wholesale. Supporters say open source LMS tend to be more modular and make it much easier for libraries to contribute content than is the case with commercial solutions.

Friday, September 07, 2007

We didn't know...”

USC investigates student information found on the Web

Thursday, September 06 2007 @ 07:12 PM CDT Contributed by: PrivacyNews News Section: Breaches

The University of South Carolina is looking into what it called an "accidental disclosure" of private student information on the Internet, school spokesman Russ McKinney said Thursday.

The information wasn't on the Web long before the school realized what happened and took immediate steps to remove it, McKinney said.

The university is trying to determine exactly what type of information was released, the length of time it was on the Internet and who might have accessed it. McKinney said.

The breach involved 1,482 students, he said.

Source - Associated Press

[From the article:

The student files were found Aug. 31 by the Washington-D.C.-based nonprofit group Liberty Coalition, said Aaron Titus, director of information privacy for the group.

... It appears the person responsible [Isn't the CIO responsible for Information? Bob] for the breach may not have known enough about computers to realize the information could be accessed outside the university system, Titus said.

"But once that information gets out there, it's nearly impossible to tell how many copies of it might have been made," [This is what auditors refer to as a Big Fat Lie... Bob] Titus said.

The disclosure was first reported by The Daily Gamecock, the independent student newspaper at the university.

Another attempt to calm the victims by declaring that passwords are adequate to prevent Identity Theft. Just go to and enter a search for “password” -- they'll provide dozens of techniques for bypassing or cracking passwords. Most of the computer forensic companies will show you how to access data on a hard drive without ever being asked for a password. (sorry for the rant, but I worry that someone actually believes this nonsense!)

Stolen laptop contained data on De Anza students

Friday, September 07 2007 @ 06:13 AM CDT Contributed by: PrivacyNews News Section: Breaches

De Anza College warned Thursday that a laptop swiped from a math teacher's home contained personal information - including many Social Security numbers - of about 4,375 students.

But the laptop and its personal information were password protected, according to a district spokeswoman, and there was no evidence that any of the information has been used.

Source - Mercury News

This article is worth reading...

Indictment here marks "new age" of ID theft

By David Bowermaster Seattle Times staff reporter

Like millions of computer users, Gregory Kopiloff used the file-sharing program known as LimeWire to swap digital content with people all over the world.

But federal prosecutors say Kopiloff, 35, was not only using LimeWire to download music, movies or video games.

The Seattle resident allegedly used the peer-to-peer network to infiltrate hundreds of people's hard drives and steal tax returns, student financial-aid forms and other sensitive personal data. According to a federal indictment, Kopiloff then used that information to create bogus credit-card and bank accounts and illegally purchased thousands of dollars in merchandise.

Authorities said they have identified at least 83 victims — most of whom have teenage children and did not know the file-sharing software was on their computer. But investigators also said they believe the number of people affected was in the hundreds.

... "We are entering a new age of identity theft," said Robert Boback, chief executive of Tiversa, a computer-security firm based in Pittsburgh that has conducted extensive research on peer-to-peer networks. "Tens of thousands of individuals make a living doing this."

Kopiloff was charged Thursday in U.S. District Court in Seattle with mail fraud, accessing a protected computer without authorization in order to further fraud, and two counts of aggravated identity theft.

... Also, early versions of LimeWire automatically exposed a user's entire hard drive to other users on the peer-to-peer network.

More recent versions create a "shared" folder where users can isolate music or video files they want to swap, but many viruses "effectively expand access to [other] areas of the disk drive," according to a search warrant.

To illustrate how criminals try to exploit such security holes, Boback conducted a demonstration during Thursday's news conference at the U.S. Attorney's Office in Seattle. Using his company's technology, he showed — in real time — searches being conducted on peer-to-peer networks. As the searches were entered, they scrolled rapidly along the screen of his laptop. Many clearly concerned music files and pornography, but interspersed were scores looking for files that contained terms such as "password" and "medical billing."


Alum Charged With Hacking Into Texas A&M

By MONICA RHOR Associated Press Writer Sep 7, 7:55 AM EDT

HOUSTON (AP) -- A recent graduate of Texas A&M University is charged with hacking into the school's computer system and illegally accessing information on 88,000 current and former students, faculty and staff members.

Luis Castillo must appear before a magistrate judge Wednesday.

Federal prosecutors said Castillo, who graduated in December with a computer science degree, accessed the system in February and caused more than $5,000 in losses to the university. The school had to hire extra staff to minimize damage.

Castillo was charged with felony reckless damage to a protected computer [I wonder if there is a tool (software) that helps you select the charge? Should be simple to program... Bob] and could face as many as five years in prison if convicted.

... Social Security numbers and bank account numbers were not accessed, and the breach did not allow entry into the school's financial system or payroll, officials said. No unauthorized changes to the records have been found.

Another follow-up..

(follow-up) SAIC Second Quarter Profits Rise on Higher National Security Sales

Thursday, September 06 2007 @ 07:13 PM CDT Contributed by: PrivacyNews News Section: Breaches

Defense and national security contractor SAIC Inc. Thursday reported higher profit in the second quarter on sales of border patrol and port security technology and cost cutting measures. The San Diego-based company also said it spent $8 million in the quarter to deal with a security breach in July when it compromised personal information about more than half a million military personnel and their relatives when it transmitted information unencrypted.

Source - Associated Press Previous Coverage

Winning Customer loyalty?

1300 Unopened Fry's Rebate Forms Found In Dumpster

Posted by samzenpus on Thursday September 06, @05:22PM from the put-it-in-the-circular-file dept. Businesses It's funny. Laugh.

blackmonday writes "The Consumerist is reporting a find of 1,300 unopened rebate submissions in a dumpster belonging to Vastech, a rebate processor hired by Fry's Electronics. Vastech's management blames it on a bad employee."

Their PR Dept. deserves lots of credit for keeping their name in the news...

Pfizer victim of spambots, says security company

Thursday, September 06 2007 @ 01:48 PM CDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Home PCs aren't the only ones vulnerable to compromise. After all, the same people using machines at home are using them at work – and often lax security policies (or bad software) make it difficult or impossible to fully protect hundreds of workstations.

A humorous and glowing example of this is Pfizer, who has found themselves victim of spambots. The company, better known as the manufacturer of Viagra, has found their own inboxes flooded with spam for their own products. The reason is that machines on their internal network have become compromised by hackers on the outside and turned into spambots, churning out tons of email.

Source - TechSpot

About time! (Will it stick?)

September 06, 2007

Federal Court Strikes Down National Security Letter Provision of Patriot Act

ACLU press release: "A federal court today struck down the amended Patriot Act's National Security Letter (NSL) provision. The law has permitted the FBI to issue NSLs demanding private information about people within the United States without court approval, and to gag those who receive NSLs from discussing them. The court found that the gag power was unconstitutional and that because the statute prevented courts from engaging in meaningful judicial review of gags, it violated the First Amendment and the principle of separation of powers."

Another source for a Universal Guideline... Anyone want to do a paper or journal article?

September 06, 2007

DOT OIG Analysis of Loss of Control Over Sensitive Personally Identifiable Information

Analysis of Loss of Control Over Sensitive Personally Identifiable Information and Follow-up Actions to Strengthen its Protection, August 28, 2007. Correspondence (23 pages, PDF)

  • Summary: "On August, 28, 2007 we issued a memorandum on our analysis of the circumstances surrounding the July 27, 2006 theft of an OIG laptop from a government vehicle in Doral, Florida and a prior theft that had occurred on April 24, 2006 from a hotel conference room in Orlando, Florida. Both laptops contained Sensitive Personally Identifiable Information (SPII) information on 138,000 individuals that heightened their potential risk of identity theft. Following our notification of the July theft, Members of the Florida congressional delegation requested that we examine our procedures for handling and storing such information and identify steps we have taken to ensure that such a breach would not happen again...We identified three interrelated factors that contributed to the loss of our control over the sensitive personal information stored on the laptops:(1) measures taken to protect the physical security of the laptops were insufficient; (2) the data on the laptops had been decrypted to preserve the data during an upgrade to the OIG's information technology (IT) system; and (3) SPII databases were stored on laptop computers, which are inherently less secure than computers that operate in a centralized environment. The memorandum also sets forth the steps we have taken to improve the physical security of our laptops and improve how sensitive personal information is handled and stored."

It should be possible to structure your discovery request to be both reasonable and impossible to comply with...

September 06, 2007

Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery

NASCIO - Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery, September 2007: "In increasingly consolidated state technology environments, State CIOs may have heightened responsibility for the storage, preservation and retrieval of electronic information in response to e-discovery requests. Since government information is a knowledge asset, State CIOs must ensure the proper management of state information assets in addition to the technological infrastructure for locating and retrieving that information. This issue brief explains the impact for State CIOs of e-discovery requests and encourages State CIOs to pursue a holistic approach to enterprise records management as part of a team of state government stakeholders, including state legal counsel, archivists, records managers, and agency business leaders."

What would you expect them to say?

Copyright Alliance Says Fair Use Not a Consumer Right

Posted by CowboyNeal on Thursday September 06, @11:12PM from the no-rights-make-a-wrong dept. Media Movies Music Television

KingSkippus writes "In response to a complaint to the FCC filed by the Computer and Communications Industry Association (CCIA) to change copyright warnings before movies and sporting events, Executive Director Patrick Ross of the Copyright Alliance tells us in an editorial that "fair use is not a consumer right." The Copyright Alliance is backed by such heavy-hitters as the MPAA, RIAA, Disney, Business Software Alliance, and perhaps most interestingly, Microsoft, who is also backing the CCIA's complaint."

What possible basis would Justice have for making these comments? Perhaps they could come back to this arguement when the US ranks in the top 100 countries for Internet speed?

Feds OK Fee for Priority Web Traffic

The Associated Press Thursday, September 6, 2007; 12:22 PM

WASHINGTON -- The Justice Department on Thursday said Internet service providers should be allowed to charge a fee for priority Web traffic.

The agency told the Federal Communications Commission, which is reviewing high-speed Internet practices, that it is opposed to "Net neutrality," the principle that all Internet sites should be equally accessible to any Web user.

... The Justice Department said imposing a Net neutrality regulation could hamper development of the Internet and prevent service providers from upgrading or expanding their networks. It could also shift the "entire burden of implementing costly network expansions and improvements onto consumers," [Who pays for it now? The Tooth Fairy? Bob] the agency said in its filing.

... However, the agency said it will continue to monitor and enforce any anticompetitive conduct to ensure a competitive broadband marketplace.

Interesting, but I doubt I'd create such a fuss unless I was traveling with my lawyer... (I like their version of the DHS Security Levels. Perhaps we could make similar posters?)

Skip to the front of the airport security line

Posted by Chris Soghoian September 6, 2007 3:49 AM PDT Airport security

Attempts to assert your right to fly without ID can often be very frustrating, due to Transportation Security Administration and airport officials not knowing their own rules.

I'm teaching all of my classes at least partly (50%) online. What will life be like when these kids hit college?

Virtual Schooling Growing at K-12 Level

By BILL KACZOR Associated Press Writer Sep 7, 8:03 AM EDT

TALLAHASSEE, Fla. (AP) -- As a seventh-grader, Kelsey-Anne Hizer was getting mostly D's and F's and felt the teachers at her Ocala middle school were not giving her the help she needed. But after switching to a virtual school for eighth grade, Kelsey-Anne is receiving more individual attention and making A's and B's. She's also enthusiastic about learning, even though she has never been in the same room as her teachers.

Kelsey-Anne became part of a growing national trend when she transferred to Orlando-based Florida Virtual School. Students get their lessons online and communicate with their teachers and each other through chat rooms, e-mail, telephone and instant messaging.

"It's more one-on-one than regular school," Kelsey-Anne said.

... Virtual learning is becoming ubiquitous at colleges and universities but remains in its infancy at the elementary and secondary level, where skeptics have questioned its cost and effect on children's socialization.

However, virtual schools are growing fast - at an annual rate of about 25 percent. There are 25 statewide or state-led programs and more than 170 virtual charter schools across the nation, according to the North American Council for Online Learning.

Estimates of elementary and secondary students taking virtual classes range from 500,000 to 1 million nationally compared to total public school enrollment of about 50 million.

... Many policymakers approach virtual learning with dollar signs in their eyes, expecting big savings from schools that do not need buildings, buses and other traditional infrastructure.

"We should not, as stewards of public money, be automatically paying the same or even close to the same amount of money for a virtual school day as we pay for a conventional school day," said Florida Senate Education Committee Chairman Don Gaetz.

On the Net: Florida Virtual School:

Education Sector:

North American Council for Online Learning:

Geek stuff...

Are Relational Databases Obsolete?

Posted by kdawson on Thursday September 06, @12:27PM from the long-in-the-tooth dept.

jpkunst sends us to Computerworld for a look at Michael Stonebraker's opinion that RDBMSs "should be considered legacy technology." Computerworld adds some background and analysis to Stonebraker's comments, which appear in a new blog, The Database Column. Stonebraker co-created the Ingres and Postgres technology while a researcher at UC Berkeley in the early 1970s. He predicts that "column stores will take over the [data] warehouse market over time, completely displacing row stores."

There are 44 vineyards and wineries in Colorado? Whod'a thunk it! I can see this type of site as a model for many “hobbies” or interests... (Bike trails, professional seminars, chili cook-offs, soccer games, even yard sales) - Find A Vineyard Near You

Planing on doing some wine tasting? Or are you curious to see if there are any vineyards in your area? Go to where you can search by state and see what type of wine events are going on in your area. uses the google map function to give you a visual image of where these wine events are. The map marks where; vineyards, wine festivals, wine associations and wine trails are located. Plan your trip and get directions from your home to the vineyards.

... Look through the calendar to see what events are happening this week. If you know of a vineyard that is not listed go to the feedback section and add it to the list. The information is updated regularly so you know when future events will take place. Search for vineyards and plan your trip with

Just because we can...

Video - Hundreds of Dogs in a Public Pool! watch! — Dogs take over the pool at the 4th annual Pooch Plunge held in Fort Collins, Colorado. City Park pool is open for the summer season and then closes for the rest of the season. Before the pool is drained our four-legged friends get to enjoy the pool. This August 19th - 20th, from 4pm to 5:30pm you could bring your pooch to the pool.

Thursday, September 06, 2007

Someone argued poorly

Junk-fax senders win a victory in Ohio court

Thursday, September 06 2007 @ 05:43 AM CDT Contributed by: PrivacyNews News Section: In the Courts

While acknowledging yesterday that unsolicited "junk" faxes are an irritant, the Ohio Supreme Court curbed the ability of individuals to sue businesses that send them.

The court said yesterday that while individuals can sue senders of unsolicited fax advertisements under the federal Telephone Consumer Protection Act, they can't seek higher penalties against senders who fail to disclose their name, phone number and the date and time of the fax -- as required by federal law.

Source - Columbus Dispatch


Confusion 2.0: Keep a Tight Grip on Personal Data

September 5, 2007 By Brian Prince, eWEEK

Researchers at Fortinet call it Confusion 2.0—the unlearning of the golden rule of the Web: "Never give out any log-in credentials to an online service, regardless of the reason for the request."

But in their latest report on malware trends, they warned that some of the golden rule's shine has rubbed off as users are being lulled into violating the axiom by popular sites such as

Technology can be used by anyone!

As Prostitutes Turn to Craigslist, Law Takes Notice

... “Craigslist has become the high-tech 42nd Street, where much of the solicitation takes place now,” said Richard McGuire, Nassau’s assistant chief of detectives. “Technology has worked its way into every profession, including the oldest.”

... Sex and the Internet have been intertwined almost since the first Web site, but the authorities say that prostitution is flourishing online as never before. And while prostitutes also advertise on other sites, the police here and across the country say Craigslist is by far the favorite. On one recent day, for example, some 9,000 listings were added to the site’s “Erotic Services” category in the New York region alone: Most offered massage and escorts, often hinting at more.

... Experts say that under the federal Communications Decency Act of 1996, the ads are legal and Web site owners are exempt from responsibility for content posted by users. [Business Model: Hookers-R-Us? Bob]

This look like an old list, but it is dated yesterday? Nothing here is new. In other words, all of these “trends” should already be factored into your strategic plan...

10 Future Web Trends

Written by Richard MacManus / September 5, 2007 /

Have I mentioned that this is a political blog? (I hope to be named Blogger Laureate of the US)

FEC Will Not Regulate Political Blogging

Posted by ScuttleMonkey on Wednesday September 05, @05:11PM from the still-free-to-speak-your-mind-for-now dept. United States Politics

eldavojohn writes "Despite complaints that political bloggers should be subject to campaign finance laws since they are donating huge amounts of money in the form of advertising and media services to candidates, the FEC will not regulate political blogging. From the FEC statement: 'While the complaint asserts that DailyKos advocates for the election of Democrats for federal office, the commission has repeatedly stated that an entity that would otherwise qualify for the media exemption does not lose its eligibility because it features news or commentary lacking objectivity or expressly advocates in its editorial the election or defeat of a federal candidate.'"

The Tools are there, you just have to use them...

Prof Produces Tool to Highlight Wikipedia Whoppers

By Brian Bergstein AP 09/05/07 8:17 AM PT

By diving into Wikipedia's open volumes of edit histories, the software counts the degree to which any given contributor's work survives subsequent edits by other people. In general, the less tinkering your work on Wikipedia engenders, the more trustworthy you are deemed to be. That system is not foolproof, as accurate contributions might get quickly overwritten in articles on contentious topics.

... For now, the software is in demonstration mode and operates on an older subset of Wikipedia entries.

Trust your news? “The truth is whatever I say it is!” (ever read “Lying with Statistics?”)

San Diego Paper Sees Voter Confidence in Elections Where Others See Vote of No Confidence

By Kim Zetter EmailAugust 23, 2007 | 6:18:43 PMCategories: E-Voting, Election '08

"Electronic voting trusted, poll shows," reads the headline of an article published today in the San Diego Union-Tribune in California.

Yet the headline of an article in the San Francisco Chronicle about the same poll reads, "Most voters suspicious of ballot's accuracy, Field Poll finds."

So which is it? You be the judge.

The Field Poll (pdf), a telephone survey of only 402 likely voters, found that fewer than half of those surveyed (44%) said they had "a great deal of confidence" in the accuracy of California voting systems, while 41% said they had only "some" confidence in the voting systems.

Is this likely to become a trend? Will Church groups demand access? (Gee Bob, why do you say that? See next article...)

Google Seeks Partnership to Identify Illegal Content (Update3)

By Romina Nicaretta

Sept. 5 (Bloomberg) -- Google Inc., the owner of Brazil's most-used social networking Web site, is seeking partnerships to help identify illegal content.

Google will let non-governmental organizations in Brazil monitor the Orkut social-networking service, report illegal postings and request that data be saved for future legal action.

Illegal file sharing: what every Christian parent should know

Several years ago, Napster brought the issue of illegal online file sharing into the public eye–and the topic hasn’t dropped out of the news cycle ever since. Today, laws about downloading copyrighted music and movies are controversial but quite serious, and most Christian parents and organizations abide by the law. But 9 out of 10 teenagers–a figure that includes plenty of Christian kids–disagrees that this sort of file sharing is wrong. How can parents approach their kids about this topic?

In a recent article at Christian Computing Magazine, Ben Woelk maps out what you should know about filesharing [PDF]–what’s legal and what isn’t, how to protect your computer from related dangers and yourself from legal problems, and how to talk with kids today about the ethics of the issue. He also provides plenty of links for additional reading.

The US transitioned to manufacturing in the 1950s, services came later.

After 10,000 Years, Farming No Longer Dominates

Posted by kdawson on Wednesday September 05, @01:05PM from the long-row-to-hoe dept. The Almighty Buck News

Peter S. Magnusson writes "As reported widely in business and mainstream press, the ILO recently released world market employment statistics. Most outlets focused on US economic competitiveness vs. China and Europe. Few noticed the gem hidden away in the ILO report: for the first time since the invention of agriculture, farming is not the biggest sector of the global economy — services is. (Aggregate employment numbers often divide the economy into agriculture, industry, and services.) Workers are now moving directly from agriculture to services, bypassing the traditional route of manufacturing."

Related: Are they immigrant robots?

Robots May Become Essential on US Farms

By JACOB ADELMAN Associated Press Writer Sep 6, 4:30 AM EDT

LOS ANGELES (AP) -- With authorities promising tighter borders, some farmers who rely on immigrant labor are eyeing an emerging generation of fruit-picking robots and high-tech tractors to do everything from pluck premium wine grapes to clean and core lettuce.

Gosh! Economics 101 was right?

Are Franchises Bad Employers? A Closer Look at Burger Flippers and Other Low-paid Jobs

Published: September 05, 2007 in Knowledge@Wharton

... But Cappelli, a management professor, and Monika Hamori, a management professor at Instituto de Empresa Business School in Spain, decided to investigate whether facts supported the conventional wisdom. In a recently completed study, "Are Franchises Bad Employers?" the researchers conclude that, in some cases, they didn't. "Once we control for size and industry, we find little evidence that jobs are worse in franchises and considerable evidence that they are better than in equivalent non-franchise operations," they write.

Because I like lists...

Cool Stuff for Your Life Online

Simple Spark is the place to find and share a new world of web applications.

Ditto (Plus I use Zamzar -- #1 on their list)

Conversion Central: 101 Tools to Convert Video, Music, Images, PDF and More

Posted on September 5, 2007 by Yoav Ezer

Research tool?

September 05, 2007

Free Federal Court Opinions Website Now Searchable From 2004 to Present

Tim Stanley: US Federal District Court Opinions with Full Text Search: "We have put online the Federal District Court case opinions and orders that are available using the opinion report in the Federal Courts' ECF. These are updated daily. We have categorized the opinions by state, court, type of lawsuit and judge and combinations of judge and type of lawsuit. You can also subscribe to each of categories through RSS feeds to track a judge or court's decisions on different issues. And we also give the cause of action for each case.

We are using Google's hosted Business Custom Search Engine for the full text search. Google is now OCRing PDF image files, so even PDF files that have images of scanned documents will be in most cases full text indexable and searchable. Like the OCR of Google's Book Search. You will need to look at the cached copy to see the highlighted searched text though, and then find in the original PDF to be 100% that what you are reading is correct. Google should be doing a pretty good job of indexing and ocring these court decisions, although it may take a few days for a new document to show up in the index.

We have also noted on the federal district court case filing database when we have a judge's opinion (you will see a little gavel. The case filings are at here."

Wednesday, September 05, 2007

There are several stories today that fall into that evil category of “We can, therefore we must!” There can be undue reliance on technology – what (other than ethics) can keep organizations out of this trap?

We can rely on technology to presume guilt.”

Breathalyzer Source Code Revealed

Posted by kdawson on Tuesday September 04, @05:49PM from the and-it-ain't-pretty dept. The Courts Software

Nonillion writes "New Jersey attorney Evan M. Levow was finally able to get an order from the Supreme Court of New Jersey forcing the manufacturer of the popular Draeger AlcoTest 7110 to reveal the source code. Levow turned the code over to experts, Base One Technologies, to analyze. Initially, Base One found that, contrary to Draeger's protestations that the code was proprietary, the code consisted mostly of general algorithms: 'That is, the code is not really unique or proprietary.' In other words, the 'trade secrets' claim which manufacturers were hiding behind was completely without merit." Following up an earlier discussion here, the state of Minnesota has (without explanation) missed a deadline to turn over the code for a different breathalyzer.

[From the article:

  1. Catastrophic Error Detection Is Disabled: An interrupt that detects that the microprocessor is trying to execute an illegal instruction is disabled, meaning that the Alcotest software could appear to run correctly while executing wild branches or invalid code for a period of time. Other interrupts ignored are the Computer Operating Property (a watchdog timer), and the Software Interrupt.

Yet another “we can, therefore we must”

Comcast Forging Packets To Filter Torrents

Posted by kdawson on Tuesday September 04, @04:56PM from the could-be-actionable dept. Security Censorship

An anonymous reader writes "It's been widely reported by now that Comcast is throttling BitTorrent traffic. What has escaped attention is the fact that Comcast, like the Great Firewall of China uses forged TCP Reset (RST) packets to do the job. While the Chinese government can do what they want, it turns out that Comcast may actually be violating criminal impersonation statutes in states around the country. Simply put, while it's legal to block traffic on your network, forging data to and from customers is a big no-no."

One to watch? If policy isn't enough, the union contract may be...


By DAVID SEIFMAN City Hall Bureau Chief

August 31, 2007 -- Schools Chancellor Joel Klein yesterday fired a veteran worker whose movements were tracked for five months through the GPS device in his cellphone, leading to charges that he was repeatedly cutting out early.

"This individual was getting paid for not working," said schools spokeswoman Margie Feinberg, explaining Klein's decision to accept an administrative law judge's recommendation to ax John Halpin, a longtime supervisor of carpenters.

Halpin had worked in the school system for 21 years and was conscientious enough to show up as much as two hours early for his 8 a.m.-to-3:30 p.m. shift.

He said he was never told that the cellphone he was given in 2005 could be used to monitor his every move and questioned the accuracy of the data it produced.

But neither argument swayed administrative law Judge Tynia Richard, who found Halpin guilty of submitting false time records when he left early on numerous occasions between March and August 2006.

She issued a decision saying the Department of Education was under no obligation "to notify its employees of all the methods it may possibly use to uncover their misconduct."

Jeremy Gruber, legal director for the National Work Rights Institute in Princeton, N.J., said only two states in the nation - Connecticut and Delaware - require that employees be given advance word that their movements might be tracked if they accept a GPS device.

A spokeswoman for the city's Department of Citywide Administrative Services said there was no citywide policy on providing that warning.

The 11-page booklet does contain one cautionary note: Even when the GPS feature is restricted, "location information may still be available to the phone's owner, fleet manager or account administrator."

Halpin's lawyer, Alan Wolin, couldn't be reached for comment.

At least one union has negotiated a deal limiting how GPS data can be used. Drivers for United Parcel Service can't be disciplined based on GPS tracking under the company's contract with the Teamsters.

But city officials said the issue had never been raised in negotiations with municipal unions.

Learn from your mistakes. (Looking for similar security failures often finds more than you thought possible...)

Pfizer workers' identities at risk

Tuesday, September 04 2007 @ 07:00 AM CDT Contributed by: PrivacyNews News Section: Breaches

Some 34,000 Pfizer Inc. workers, including some current and former employees in Michigan, are at risk for identity theft, according to a letter to employees obtained by The Detroit News.

According to the Aug. 24 letter, a security breach may have caused employees' names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card information, signatures and other personal information to be publicly exposed.

The breach occurred late last year when a Pfizer employee removed copies of confidential information from a Pfizer computer system without the company's knowledge or approval. Pfizer didn't become aware of the breach until July 10.

It's the third time since late May that Pfizer has made public a security breach that exposed current and former employees' personal information.

Source - Detroit News

More on Pfizer's third breach this year

Tuesday, September 04 2007 @ 10:25 AM CDT Contributed by: PrivacyNews News Section: Breaches

As additional information to a story posted earlier today, see Pfizer's notification letter to New Hampshire and their notification letter to those affected (pdf).

Probably not enough to force a change...

Scientist Must Pay to Read His Own Paper

Posted by samzenpus on Tuesday September 04, @12:00PM from the who-own-paper-town dept. Education The Almighty Buck

Glyn Moody writes "Peter Murray Rust, a chemist at Cambridge University, was lost for words when he found Oxford University Press's website demanded $48 from him to access his own scientific paper, in which he holds copyright and which he released under a Creative Commons license. As he writes, the journal in question was "selling my intellectual property, without my permission, against the terms of the license (no commercial use)." In the light of this kind of copyright abuse and of the PRISM Coalition, a new FUD group set up by scientific publishers to discredit open access, isn't it time to say enough is enough, and demand free access to the research we pay for through our taxes?"

First song I've ever downloaded -- honest!

...and an anthem for my lawyer friends