Saturday, November 10, 2007

What's worse than credit card fraud?

VA: Dozens of Henry County residents are victims of debit card fraud

Friday, November 09 2007 @ 07:36 PM EST Contributed by: PrivacyNews News Section: Breaches

At least a dozen or more debit card customers in the Henry County area are finding they're victims of fraud.

Hackers have gotten into financial data banks where they've obtained valid card numbers.

They're actually manufacturing debit cards under some of the most common bank names: Wachovia, BB&T, SunTrust, and various credit unions.

Then they're apparently selling the cards on the black market to third parties in various states.

Source -

Want to do your own lead generation? (Not sure how you differentiate a true business-related visit from a casual browsing-while-at-work visit.) - Look Who's Clicking Now

Domodomain turns your any web page into a lead generation machine by automatically identifying business visitors by company name and capturing detailed information about them, in real time, and without visitor registration required.

Want to see what they could learn about you? (Attention DHS: Think of it as targeting information for a cruise missile...) - Get Details On Your Network Location gives you all of your location information. Once you enter the site a google map is displayed on the homepage with an icon on the city you are presently in along with country information such as, region, city, longitude and latitude. Besides your geographic location tracks your network information. lists your IP address, you external address, and your port number. This is useful to see if your service applications are being blocked by a firewall.

A Dilbert Moment: “So what if it doesn't work – do it anyway!” (They have better lobbyists than you do)

NY Rejects E-Voting, DOJ Trying to Force The Issue

Posted by Zonk on Friday November 09, @02:42PM from the please-let-use-vote-in-peace dept. The Courts The Internet United States Politics

CompaniaHill writes "Hastily passed in the wake of the 2000 election mess, the Help America Vote Act (HAVA) supposedly offered funding to help states update their voting systems. In reality, the short deadlines have been used to push the sale of untested and uncertified new e-voting systems. Many states continue to demonstrate that the new e-voting machines are not reliable. The New York State Board of Elections (NYSBOE) took the time to pass their own voting legislation with additional testing and certification standards which far exceed the HAVA standards. As a result, they missed the HAVA deadlines. In March 2006, the Department of Justice (DOJ) sued New York to comply with HAVA. Now, the DOJ is serving a motion to try to take away New York's right to select and acquire their own voting machine systems — in effect, to force e-voting machines on New York anyway. At the moment it's too soon to say how the NYSBOE will respond."

This is 12 months less than Google's “reduced” retention period.

Germany Implements Sweeping Data Retention Policies

Posted by Zonk on Friday November 09, @05:33PM from the bad-day-for-leaving-people-alone dept. Privacy Government Communications

G'Quann writes "Starting next year, all communication providers in Germany will have to store all connection data for six months. This includes not only phone calls but also IP addresses and e-mail headers. There had been a lot of protest against the new law, but it was ignored by the government. 'The content of the communications is not stored. The bill had been heavily criticized. Privacy advocated had organized demonstrations against the bill in all major German cities at the beginning of this week. In October there had already been a large demonstration with thousands of participants in Germany's capital Berlin. All opposition parties voted against the bill. Several members of the opposition and several hundred private protesters announced a constitutional complaint.'"

This is interesting. Does it suggest that the cost of retail operations in Japan exceeds the synergies of vertical integration for foreign firms?

Samsung retires from Japanese consumer electronics market

Posted by Erica Ogg November 9, 2007 10:02 AM PST

As of the end of October, Samsung no longer sells its consumer gadgets in Japan, according to the Associated Press.

The Korean electronics giant had actually pulled its products out of Japanese retail outlets a year ago, but as of the end of last month, it ended its Web presence also.

"We judged direct sales to individual consumers are less profitable than business-to-business sales," Lee Eun-hee, a Samsung spokeswoman, told the AP. Samsung will still sell flat panel monitors, LCD panels, and memory chips directly to businesses.

While Samsung is the largest provider of flat-panel televisions in North America, reaching 11.8 percent of the market, the competition in Japan is much stiffer. There it has to compete in a gadget-crazed country on the home turf of Matsushita (Panasonic), Sony, Sharp, and others.

Convergence? Not a joke? La Cucaracha was bad enough, now you can blast out your entire mp3 library! (Imagine all those mommy vans playing “Its a small world” over and over and over and over and over...)

Video: Horntones FX-550 MP3 car horn

Nov 9, 2007 2:52:00 PM

Now you can customize your auto's alert

CNET's Brian Cooley shows off new tech at the 2007 SEMA show in Las Vegas: a way to download MP3s to your car horn. If you hate other people's booming car audio systems, Horntones might push you right over the edge.

This is one of a whole bunch of handy dandy tools available online. They are easy to use and generally free, but locating exactly what you need when you need it is still very difficult.

Goldmail: Talkie slide shows made super-easy

Posted by Rafe Needleman November 8, 2007 9:01 PM PST

Goldmail is a new service for creating narrated slide shows. I've seen other multimedia presentation products, but never one as drop-dead easy as this. It's a great tool. And I say this despite the fact that Goldmail's CEO, Guy Longworth, introduced the product to me with worst pitch I've ever heard anyone give a writer: "Text is lifeless." Gee, thanks.

To create a talkie in Goldmail, first you grab your images, either from your hard disk, by taking screen grabs, or by creating text slides in Goldmail. You sort the images into the order you want. Then you press Record, and while you're talking, click the "next slide" button to advance the show (you can also use an audio file from your PC). Goldmail records the transition points. It's a more natural authoring environment than any other I have used.

Once you've created your presentation, you get an option to e-mail it, link to it, or embed it. I like that the app doesn't pretend it's an e-mail client or a blogging tool--but it gives you just what you need to work with the tools you already use.

The image uploader in the Goldmail download is better than most Web-based image apps.

... The consumer version of Goldmail is free and allows unlimited views for your talkies, but all messages end with advertising. There's a pro version for $9.95 a month that has no ads and that offers tracking, so you can see who's viewing your messages and when.

[Here are a couple similar sites: Vizzvox and VoiceThread Bob]

Towards automated education?

Open-Source Early Literacy Materials Gaining Some Attention

Posted by Zonk on Friday November 09, @06:27PM from the not-often-you-can-say-children-and-free-in-the-same-sentence dept. The Internet Education

phooky writes "Although open teaching materials have been available at the university level for a while now, there have been very few materials for younger learners. That's beginning to change now with the advent of Free-Reading, a free, wiki-based resource for early literacy instruction. The availability of free materials could free up millions of dollars from school budgets for more teachers and training. From the USA Today article 'Last fall, a Florida textbook adoption committee approved Free-Reading, a remediation program for primary-school children that's believed to be the first free, open-source reading program for K-12 public schools. It's awaiting approval by Eric Smith, the state's incoming education commissioner, who could approve it by mid-December. Florida is one of the top five textbook markets in the USA, so its move could lead to the development of other free materials that might someday challenge the dominance of a handful of big educational publishers.'"

Friday, November 09, 2007

Its not clear (to me) from the article what compensation was paid, but wouldn't that number help establish a method to calculate damages?

(update) Court tosses stolen data lawsuit

Friday, November 09 2007 @ 06:53 AM EST Contributed by: PrivacyNews News Section: In the Courts

A Multnomah County judge has tossed out a proposed class-action lawsuit seeking compensation for tens of thousands of people whose confidential records were stolen from Providence Health & Services in Oregon.

Judge Marilyn Litzenberger struck the claims for damages, concluding that the nonprofit hospital corporation had already reasonably compensated the affected patients and employees and corrected the security problems. The parties received the opinion Thursday.

Source - The Oregonian\


IU professor's book examines identity theft, Internet privacy


BLOOMINGTON, Ind. -- L. Jean Camp, associate professor in the Indiana University School of Informatics, has published a new book on the ever-growing challenge of identity theft and how to protect personal privacy in the Internet age.

Economics of Identity Theft: Avoidance, Causes and Possible Cures is an examination of identity management and how individuals and organizations can do a better of job of protecting financial and personal data. The scholarly narrative is woven into helpful tips for daily life, identity theft horror stories and tales of recovery, and easy-to-read descriptions of modern security technologies.

... A central theme of Economics of Identity Theft: Avoidance, Causes and Possible Cures is that identity is -- more than anything else -- economic, and that the technology used to create, utilize and protect identities is increasingly ill-matched to the economics and uses of identities. Camp argues that in order for us to prove our online identities we must expose personal information, thus illustrating that the near-term search for inexpensive identity management is a formula for long-term fraud resulting in ever-increasing identity theft.

Do their managers know?

Federal IT pros insecure over security

A poll by Cisco finds that government IT managers are spending more time on security compliance but don't feel that their infrastructure is secure

By Matt Hines November 08, 2007

If a new poll sponsored by Cisco is to be considered an accurate indicator of the opinions held by a majority of federal IT leaders, it appears that the security of the United States government's network infrastructure remains a serious problem.

According to the report released Thursday -- and detailed by Cisco CTO John Stewart at an ongoing government security summit in Washington -- federal IT decision makers are even more concerned about issues related to security than they were when the company carried out the same survey one year ago.

... project leaders continue to feel as if they do not have enough time or funds to adequately address what they view as their most pressing network security issues.

For instance, while 65 percent of those people interviewed said that the spent more time dealing with security issues in 2007 than during previous years, only 50 percent of respondents said they feel more confident about their agency's security than they did three years ago.

... Behind budget, respondents ranked the high amount of user training needed to install new network security technologies (55 percent), existing security architecture (55 percent) and the need to give prioritization to other projects over network security improvements (53 percent) as leading barriers to improving their standing.

Never tell a hacker that you can spot music sharing anywhere, anytime... (If 12 year old kids can encrypt their songs, whay can't 12 billion dollar companies encrypt the data on their laptops?)

Surge in encrypted torrents blindsides record biz

BPI claims losing is winning in P2P arms race

By Chris Williams Published Thursday 8th November 2007 11:53 GMT

Exclusive The legal crackdown and publicity blitz aimed at people who share music, videos and software online may be having an unintended consequence for the troubled record industry. The number of file-sharers disguising their BitTorrent activity with encryption is skyrocketing.

Figures from a large UK ISP obtained by The Register show that the portion of BitTorrent traffic encrypted by file-sharers has risen 10-fold in the last 12 months, from four to 40 per cent.

Interesting idea for special interest groups. I wonder if they have one on Privacy?

Watchgroup Catalogs Legal Threats to Online Speech

Vesna Jaksic The National Law Journal November 8, 2007

The Citizen Media Law Project has unveiled the Legal Threats Database, a collection of a growing number of lawsuits, cease-and-desist letters and other legal challenges faced by those engaging in online speech.

The database can be accessed at It is updated daily and already contains hundreds of entries from 35 states and nine countries. The threats range from copyright infringement lawsuits filed against bloggers to cease-and-desist letters claiming defamation sent to users of the MySpace social networking Web site.

The Legal Threats Database allows users to input threat entries, comment on existing threats and search the database in a number of ways. It aims to provide lawyers, citizen journalists and mainstream media with resources for assessing the validity and potential outcomes of legal threats to online speech based on actual cases and legal actions.

The database is funded by the John S. and James L. Knight Foundation. It represents the start of several endeavors the Citizen Media Law Project will undertake in upcoming months. Starting next year, the project will roll out state-based legal guides for citizen and non-traditional journalists, which will focus on issues such as defamation, newsgathering, access to government information and intellectual property.

The Citizen Media Law Project is jointly affiliated with the Berkman Center for Internet & Society at Harvard Law School and the Center for Citizen Media.

Soon, you will be required to wear a video camera next to your “I'm a citizen (Second class)” sign...

CCTV systems have become ubiquitous

Posted on November 6, 2007

It seems that some of the gloomy phantasies of Orwell’s “1984″ and “V for Vendetta” are becoming reality. According to some unconfirmed market research reports there may be now as many as 6 million CCTV cameras in UK: one for every ten people, and a person can be captured on over 400 cameras each day. CCTV cameras have become commodities sold in supermarkets. Big Brother is indeed watching.

What will you do with those videos?

YouTube Releases Multi-file Uploader, Raises File Limits to 1 GB

Written by Marshall Kirkpatrick / November 8, 2007 / 6 comments

YouTube just announced the availability for Windows users of a desktop uploader (install page here). Users will now be able to do bulk file uploads. The company also raised its file size limit from 100 MB to 1 GB. Length will remain at 10 minutes though, so that just means more high quality video will be available on the site.

Innovation v. obscure law?

Law professor argues that Facebook's "Social Ads" may be illegal

Posted by Caroline McCarthy November 9, 2007 5:03 AM PST

Facebook executives have recently been quoted as saying that they want to take over the world, but something might already be getting in their way: the law.

The New York Times' Saul Hansell has linked to a blog post from William McGeveran, a professor at the University of Minnesota Law School, in which McGeveran asserts that an obscure, 100-year-old New York privacy law may put a damper on Facebook's new "Social Ads" program, which inserts "endorsements" from your friends on the social networking site.

Plenty of pundits have already argued that this could be really annoying, but McGeveran says that it could violate a New York privacy law that was instituted to protect people from having their names and likenesses used for advertisements without permission. Specific written consent, he underscored, is necessary. True, it's a state law, but the fact that Social Ads are online, and hence displayed on computers in New York, could get in the way.

"I don't see how broad general consent to share one's information translates into the specific written consent necessary for advertisers to use one's name (and often picture) under this law," McGeveran wrote.

According to Hansell's article in the Times, Facebook's chief privacy officer has already come out and said that he thinks McGeveran's interpretation of the law is too broad to apply to Facebook's Social Ads.

A blog for tracking the Supremes. (Nothing special about the case...)

New Filing in Driver’s Privacy Protection Act Case

Thursday, November 8th, 2007 10:22 am | Kevin Russell

On Monday, the Stanford Law School Supreme Court Litigation Clinic filed this brief in opposition in Fred O. Dickinson, et al. v. Mary Ann Collier, et al., No. 07-197. The petition raises three questions relating to whether a state official may be sued in his or her individual capacity for violating drivers’ right to privacy under the Driver’s Privacy Protection Act, when the official was purportedly disclosing the information in an attempt to comply with an invalid state law. Stanford students Alan Bakowski, Sarah Craven and Scott Stewart worked on the brief.

See what others are extracting via FOIA? - Search For Government Publications

Government Docs is a searchable database of just that: government documents. Operating under the Freedom of Information Act, Government Docs makes available otherwise disclosed documents to the public and promotes an open and accountable government.

For your Security manager...;jsessionid=H0hGLDJKN0PP87Vwl32wT5RJnx9KbwX3X0k6hCMBN8pmrhTztTnW!545993162

Security & Privacy

Jason Hong and Mahadev Satyanarayanan • Carnegie Mellon Univeristy

George Cybenko • Dartmouth College

... The seven articles that we selected for this special issue draw on ideas from many of these fields and provide a flavor of the kinds of security and privacy challenges and opportunities in pervasive computing.

Thursday, November 08, 2007

If you won't say how many, shouldn't we assume “ALL?”

CA: Sensitive customer information on bank's stolen laptop

Wednesday, November 07 2007 @ 10:29 AM EST Contributed by: PrivacyNews News Section: Breaches

Chico-based Butte Community Bank notified an undisclosed number of customers this week that a laptop computer probably containing their names, addresses, Social Security numbers and account numbers was stolen in mid-October.

Bank officials refused to say how many customer were mailed the notice, which was dated Oct. 24.

They said the laptop was stolen from a bank employee who carries it from branch to branch, but declined to say exactly where it went missing.

Source -

Why so much data? Why no encryption?

Thousands of People's Personal Information Misplaced

A laptop containing thousands of people's personal information is missing in Cabarrus County.

On Sunday, an ambulance took a patient to Carolinas Medical Center-Northeast in Concord.

While the ambulance was at the hospital, a Panasonic Tough Book was placed on the back bumper.

Cabarrus County Emergency Medical Services isn't sure if the laptop was lost at the hospital or while in transit back to the EMS station.

Furthermore, they don't know if it was stolen or destroyed in traffic.

The laptop contains names, address, phone numbers and social security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years.

In addition, the laptop contains medical information for nearly 60 patients who have been treated by paramedics since October 13.

WBTV's Tom Roussey has more information about the missing laptop as well as an award being offered for its return. Press "PLAY" to see this story.

Why a cop ID? 'Cause they can carry guns and confiscate your drugs and park anywhere and strip search people and...

Radio Shack employee charged with stealing police IDs

Wednesday, November 07 2007 @ 01:55 PM EST Contributed by: PrivacyNews News Section: Breaches

A female clerk at a Peekskill Radio Shack store and a civilian employee for the NYPD have been arrested for allegedly running an identity-theft ring that victimized 10 New York City police officers.

Source - Newsday

Data! Facts not speculation!

November 07, 2007

Bureau of Justice Statistics: Identity Theft, 2005

Identity Theft, 2005 released on November 7, 2007: "Presents data from the National Crime Victimization Survey (NCVS) on identity theft victimization and its consequences. This report presents the first full year of data available after new questions about identity theft were added to the survey in July 2004. Identity theft is defined in the report as credit card thefts, thefts from existing accounts, misuse of personal information, and multiple types at the same time. Based on interviews with a nationally representative sample of 40,000 household residents, the report describes age, race, and ethnicity of the household head; household income and composition; and location of the household. Characteristics of the theft presented include economic loss, how the theft was discovered, whether misuse is ongoing, and problems experienced as a result of the identity theft."

Ahhhh... I don't think it's supposed to work this way guys...

Indiana to Revoke Driving Licenses Over Database Errors

Wednesday, November 07 2007 @ 10:09 AM EST Contributed by: PrivacyNews News Section: REAL ID

As a result of adopting regulations designed to conform with REAL ID national identification card requirements, the Indiana Bureau of Motor Vehicles (BMW) has threatened to cancel the licenses of 206,000 of the state's 4.5 million motorists. According to the BMV, database mismatches were flagged on the motorists' records after they were compared with a federal database. Motorists must now take action to correct any mistakes in the way the social security numbers, names and dates of birth were entered into the system or they will lose their ability to drive.

Source -

Hey, you only paid us once and now you think you own it? (One tiny problem with DRM) NOTE: First comment was a call for a class action suit!

Fans shafted as Major League Baseball revokes DRM licenses

In what can only be called the biggest bonehead move since Bill Buckner's error in Game 6 of the 1986 World Series, Major League Baseball has deactivated a DRM license server used to verify your worthiness to play back video of games you purchased online. Claiming the full-game downloads were "one-time sales", MLB is completely unapologetic to fans

Worth a look!

November 07, 2007

Guide to Optimizing Investments in Security Countermeasures

Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets, by Jonathan Caulkins and Nancy R. Mead, September/October 2007 edition of IEEE Security and Privacy Magazine. "In the article, the team presents a tool and methodology they developed for software engineers and their clients to help them make security decisions when resources are limited."

All we need is someone who will watch all 62 bazillion videos uploaded each day... Sound like a job for the NSA?

YouTube Video Warned About School Shooting

Posted by ScuttleMonkey on Wednesday November 07, @06:00PM from the getting-godwin-out-of-the-way-early dept.

mytrip writes to tell us that CNN is reporting at least eight dead in a Finland school shooting that was apparently planned out in graphic videos posted to YouTube. "YouTube appeared to have removed 89 videos linked to his account, many of them featuring Nazi imagery, shortly after the incident. Finnish media reported someone posted a message two weeks ago on the Web site, warning of a bloodbath at the school. A video posted earlier Wednesday, by 'Sturmgeist89,' was titled 'Jokela High School Massacre - 11/7/2007.' 'Sturmgeist89' identified himself as Auvinen, and said he chose the name 'Sturmgeist' because it means 'storm spirit' in German."

Beat 'em while they're down!,1759,2213859,00.asp

SCO vs. Novell: The Bankruptcy Wars

By Steven J. Vaughan-Nichols November 8, 2007

The first blows are exchanged in SCO's newest legal arena: the bankruptcy court.

Can SCO escape Novell's wrath? Will SCO CEO Darl McBride emerge rejuvenated and ready to continue the Linux legal wars by selling SCO's Unix business? These and many more questions will be answered in the next episode of "As SCO Turns."

Video from the Privacy Commissioner of Canada

Privacy on Social Networks

What does a friend of a friend of a friend need to know about you?

Wednesday, November 07, 2007

Going for the record! Call Guinness!

MSU notifies students, staff of security breaches

Tuesday, November 06 2007 @ 03:26 PM EST Contributed by: PrivacyNews News Section: Breaches

Montana State University is informing 271 people that their Social Security numbers may have been exposed in one of three separate data security breaches.

On Nov. 2, it was determined that a stolen data storage device contained the Social Security numbers of 216 students and employees who lived in on-campus housing from 1998 to the spring of 2007.

In a separate incident that also occurred on Nov. 2, an independent security analyst informed university data security staff that an Excel spreadsheet with the names and Social Security numbers of 42 people - mostly new hires during the summer of 2006 - was available on the MSU Web site. The spreadsheet was immediately removed.

While investigating the Excel spreadsheet incident, MSU data-security staff discovered another Excel spreadsheet with the Social Security numbers of 13 people affiliated with the Department of Computer Science on the university's Web site. It, too, was immediately removed.

Source - Billings Gazette

Lack of Security Training, good (quick and thorough) response?

Update: falls for phishing scam, warns customers

After a phisher managed to get a corporate password, online criminals have been sending fake invoices as well as malware to Salesforce customers

By Robert McMillan, IDG News Service November 06, 2007 is warning customers that they may be the targets of malicious software or phishing scams, after one of its employees was tricked into divulging a corporate password.

In a note to customers, Salesforce said that online criminals have been sending customers fake invoices and, starting just a few days ago, viruses and key logging software. The e-mails were sent using information that was illegally obtained from bills its Web-based CRM (customer relationship management) products as easier to use and maintain than traditional CRM software, but this latest development underlines the security risks that come with this more open model.

The problems began a few months ago, when a employee fell for a phishing scam and divulged a company password that gave attackers access to a customer contact list. With this password, the criminals were able to obtain first and last names, company names, e-mail addresses, and telephone numbers of customers.

"As a result of this, a small number of our customers began receiving bogus e-mails that looked like invoices," said.

Some of those customers then fell victim to the scam and gave up their passwords to the criminals, too. When started seeing malicious software being attached to these e-mails, the company decided to issue a general alert to its nearly 1 million subscribers.

According to the Washington Post, Suntrust Banks was one of the customers victimized by this scam.

Jan Sabelstrom noticed that something was amiss when an e-mail purporting to be from the U.S. Federal Trade Commission landed in his inbox. This phishing attempt contained information about one of his company's customers that would have been available to, but not the public at large, he said.

Sabelstrom, managing director of CaSa Customer Solutions, a Chicago-based CRM consultancy, said he emailed Salesforce employees, including CEO Marc Benioff, about the message on Oct. 30 -- the same day that notified its customers of the problem.

"I basically shot them an e-mail saying... I would like to understand how this came to be," he said. "It seems a little bit dubious to me that there's this connection between me and my customers."'s response showed him that the company was taking the issue seriously, Sabelstrom said. Within two hours he heard back from Benioff, and soon the company's security team was walking him through what had happened, and assuring him that his customer's data had not been breached. "I was impressed," he said. "You can call it damage control but it was attentiveness." is working with law enforcement to resolve the problem, but in the meantime it is recommending that customers implement a number of security measures in order to cut down on the phisher's chance of succeeding.

Suggested actions include restricting account access to users who are within the corporate network, [ opposed to “everyone?” Bob] phishing education or the use of stronger authentication techniques to log on to the servers.

On Tuesday, declined to comment further on the matter. "Everything that they have to say about it is in this note," a spokesman with the company's public-relations agency said.

New insights?

Book: Privacy at Risk (by Christopher Slobogin)

Tuesday, November 06 2007 @ 08:46 AM EST Contributed by: PrivacyNews News Section: Surveillance

Professor Christopher Slobogin (University of Florida College of Law) has just published Privacy at Risk: The New Government Surveillance and the Fourth Amendment (U. Chicago Press, Nov. 1, 2007). According to the book description:

Without our consent and often without our knowledge, the government can constantly monitor many of our daily activities, using closed circuit TV, global positioning systems, and a wide array of other sophisticated technologies. With just a few keystrokes, records containing our financial information, phone and e-mail logs, and sometimes even our medical histories can be readily accessed by law enforcement officials. As Christopher Slobogin explains in Privacy at Risk, these intrusive acts of surveillance are subject to very little regulation.

Applying the Fourth Amendment’s prohibition on unreasonable searches and seizures, Slobogin argues that courts should prod legislatures into enacting more meaningful protection against government overreaching. In setting forth a comprehensive framework meant to preserve rights guaranteed by the Constitution without compromising the government’s ability to investigate criminal acts, Slobogin offers a balanced regulatory regime that should intrigue everyone concerned about privacy rights in the digital age.

Source - Concurring Opinions

Anything new or novel? Perhaps just a sales tool...

Data Breach Harm Analysis From ID Analytics Uncovers New Patterns of Misuse Arising From Breaches of Identity Data

Wednesday, November 07 2007 @ 07:38 AM EST Contributed by: PrivacyNews News Section: Breaches

ID Analytics, Inc., the leader in Identity Risk Management, today announced the results of a new study on the harm resulting from data breaches. The study analyzed more than ten million identities spanning over a dozen data breaches. ID Analytics found five separate cases where breached identity data was misused by fraudsters, with two of those cases resulting from employee theft of data.

.... Webinar and White Paper on Findings
Today at 11:00 am PT / 2:00 pm ET, Thomas Oscherwitz will present these findings in a free, live, one-hour webinar. To register, go to
To request a white paper with more detailed findings on the research, email

Source - PRNewswire

How NOT to keep things quiet. This might be amusing if it goes far enough... (If they lose, will they be required to reimburse the district?)

School District Threatens Suit Over Parent's Blog

Posted by kdawson on Wednesday November 07, @06:06AM from the speech-in-a-deep-freeze dept. The Internet Education The Courts

penguin_dance writes "A Texas School District is threatening to sue a parent over what it terms 'libelous material' or other 'legally offensive' postings on her web site and are demanding their removal. Web site owner Sandra Tetley says they're just opinions. The legal firm sending the demand cited 16 items, half posted by Tetley, the rest by anonymous commentators to her blog. The alleged libelous postings 'accuse Superintendent Lynne Cleveland, trustees and administrators of lying, manipulation, falsifying budget numbers, using their positions for "personal gain," violating the Open Meetings Act and spying on employees, among other things.' The problem for the district is that previous courts have ruled that governments can't sue for libel. So now, in a follow-up story, the lawyers say the firm 'would file a suit on behalf of administrators in their official capacities and individual board members. The suit, however, would be funded from the district's budget.' So far, Tetley hasn't backed down, although she said she'll 'consult with her attorneys before deciding what, if anything, to delete.'"

Amusing and worth listening to... Democratizing technology. (Downloadable)

My TED talk is up

November 7, 2007 12:30 AM

Somethings old, somethings new, lots that's borrowed, none that's blue. Watch it at the TED site here.

...and what might students do with technology?

Students Accused of Sending Porn Via School-Issued Laptops

Posted: Nov. 5, 2007

Snow Hill — The State Bureau of Investigation is looking into three Greene County Central High School students accused of creating and sending pornographic material with their school-issued computers.

In one case, a 16-year-old student reportedly sent video of himself with his 15-year-old girlfriend to a teacher by mistake.

... "So, there are probably more opportunities for them to record things and to do things with the computers that they haven't had before, unfortunately" Mazingo said. "It also greatly enhances the educational opportunities."

... Mazingo said the school system does not plan to cancel the laptop program. Administrators, however, are working with the district attorney's office on a video to teach students about how serious charges can be for using the cameras inappropriately.

He said administrators would also continue to monitor closely all activity on every issued computer. [“We'll be looking at each of these video countless times...” Bob]

How schools will respond?

HI: School searches are reasonable (editorial)

Tuesday, November 06 2007 @ 07:51 AM EST Contributed by: PrivacyNews News Section: Minors & Students

When it comes to keeping track of what students are doing, schoolteachers and administrators should have the same rights as parents. [Does that mean they should face the same liability if they neglect the children? Bob] Children know, or should know, parents are liable to check their belongings, despite crying: “Don’t I have any privacy?” In most homes, the answer is, “No, you don’t.”

The state Board of Education, including Maui representative Mary Cochran, has voted in favor of allowing officials to search student lockers “with or without cause.” The policy includes the use of drug-sniffing dogs on school campuses.

Source - The Maui News

Will you need a drivers license to ride the subway?

D.C.: DMV explores SmarTrip chips

Wednesday, November 07 2007 @ 06:53 AM EST Contributed by: PrivacyNews News Section: REAL ID

Privacy advocates are alarmed by a D.C. Department of Motor Vehicles initiative to embed SmarTrip computer chips inside every new D.C. driver’s license, making it easier than ever to track D.C. residents on their travels through the transit system.

The DMV will spend $830,000 a year to install SmarTrip chips in all driver’s licenses and identification cards starting in October 2008.

Source -

Huh. I don't think so...

November 06, 2007

Commentary on Digitization of the World's Libraries

The New Yorker: Digitization and its discontents, by Anthony Grafton, November 5, 2007

  • "...the Internet will not bring us a universal library, much less an encyclopedic record of human experience. None of the firms now engaged in digitization projects claim that it will create anything of the kind. The hype and rhetoric make it hard to grasp what Google and Microsoft and their partner libraries are actually doing. We have clearly reached a new point in the history of text production. On many fronts, traditional periodicals and books are making way for blogs and other electronic formats. But magazines and books still sell a lot of copies. The rush to digitize the written record is one of a number of critical moments in the long saga of our drive to accumulate, store, and retrieve information efficiently. It will result not in the infotopia that the prophets conjure up but in one in a long series of new information ecologies, all of them challenging, in which readers, writers, and producers of text have learned to survive...the narrow path still leads, as it must, to crowded public rooms where the sunlight gleams on varnished tables, and knowledge is embodied in millions of dusty, crumbling, smelly, irreplaceable documents and books."

First question (also first in the comments) Do they make more money this way? Anyone know how many albums they sold the RIAA way? How much does a band make per album?

38% of Downloaders Paid For Radiohead Album

Posted by kdawson on Tuesday November 06, @05:09PM from the fanatical-fan-base dept.

brajesh sends us to Comscore for a followup on the earlier discussion of Radiohead making $6-$10 million on their name-your-own-cost album "In Rainbows" — with the average price paid being between $5 and $8. Comscore analyzes the numbers: "During the first 29 days of October, 1.2 million people worldwide visited the 'In Rainbows' site, with a significant percentage of visitors ultimately downloading the album. The study showed that 38 percent of global downloaders of the album willingly paid to do so, [Does that match the RIAA estimates? Bob] with the remaining 62 percent choosing to pay nothing... Of those who were willing to pay, the largest percentage (17 percent) paid less than $4. However, a significant percentage (12 percent) were willing to pay between $8-$12, or approximately the cost to download a typical album via iTunes, and these consumers accounted for more than half (52 percent) of all sales in dollars."

email these to your competitors, let them waste time. (Lots more in the comments)

What Are The Best Free Games Online?

Posted by Zonk on Tuesday November 06, @02:23PM from the big-fan-of-line-rider dept. Games

almostdead writes “CNET has just put up a story about what it thinks are the best online flash games of all time. These include titles like Line Rider, Bejeweled, Desktop Tower Defense and Portal, all of which I enjoy playing a lot. But my thirst for free games is peaking at the moment, probably due to an incredibly boring job and lack of imagination. Can you suggest any more good free games online?"

A hobby site. Make money, have fun – my kind of business model! (Tupperware for winos?) - Viritual Wine World

Are you a wine connoisseur who is looking for an open door to the wine tasting realm? If so, might just be able to whet your whistle. is an online wine tasting site that has both online and offline activities!

Tuesday, November 06, 2007


Data “Dysprotection:” breaches reported last week

Monday, November 05 2007 @ 07:24 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

What if DNA is not good evidence?

Northwestern University Law Review: Colloquy: Coming Clean About "Junk DNA"

Monday, November 05 2007 @ 11:58 AM EST
Contributed by: PrivacyNews
News Section: Medical Privacy

It is a challenge to reply to a response when its very title pleads that we put the issue of whether forensic DNA profiles contain predictive medical information to rest.[1] I agree that the recent exchange between Professors Joh, Kaye, and myself has probably beaten the “junk DNA” horse past the point of expiration. One thing we all agree upon is that the potential privacy violations engendered by the storage of forensic DNA profiles in law enforcement databases is a “distraction,”[2] as Professor Kaye puts it, from the potential privacy issues posed by the storage of DNA samples in law enforcement and other government repositories.

Source - Northwestern University Law Review


November 05, 2007

World Privacy Forum: State Security Freeze Laws and General Information

"A credit freeze (sometimes called a security freeze) lets you stop the disclosure of your credit report by a credit bureau. As of November 1, 2007, the three credit bureaus are allowing all consumers nationwide to set a security freeze. Some states have specific security freeze laws; a list of states with security freeze laws may be found here. However, even if you live in a state without a security freeze law, you can still set a security freeze."

Automating government oversight?

Facial Recognition Software To Tell People They Look Too Young To Smoke

from the prepare-to-show-id-if-you-look-under-30 dept

In the aftermath of 9/11, facial recognition software was a hot topic for a while. The idea was that it could be used to help catch criminals and terrorists as they wandered through cities or airports. There was just one little problem: it didn't work. And, by didn't work, I don't mean it sorta worked some of the time. I mean, it didn't work at all. The places that tested it out soon ditched it as a total waste of time and money. It turns out that making an exact match on faces is not an easy problem, and while the technology may eventually reach that point, it's nowhere near close enough to be useful for things like finding terrorists. That doesn't mean it can't be used in other scenarios, and over in Japan it appears that they're about to put facial recognition to the test as a way of stopping kids from smoking. Yes, one company has integrated facial recognition software with cigarette vending machines, so that it will not sell you your pack of smokes if you happen to have a babyface. You can wonder how effective this might be (my guess: not very effective), but it's still interesting to see those behind facial recognition software looking for different markets where the results don't need to be as perfect.

The gPhone – replacing the PC with a free “do anything” handheld?

Google, Bidding For Phone Ads, Lures Partners

By KEVIN J. DELANEY and AMOL SHARMA November 6, 2007; Page A1

Google Inc. is trying to shake up the wireless industry by helping to create cheaper phones that can access advanced Internet services -- and carry its lucrative advertising.

... Android is a bid to change how the wireless industry operates. Carriers traditionally have decided what applications most consumers see on their cellphones, setting rules and negotiating fees for software developers to gain access.

[There are also stories in


and the NY Times:

Microsoft looking for non-operating system projects?

Microsoft to Deliver TV Over Web in India

AP 11/05/07 8:00 AM PT

Targeting a different market than it has gone after in the West, Microsoft announced a partnership with India's Reliance Communications to provide Internet Protocol Television service to households in India. The companies are going after the fast-growing mass market in India, which is growing by about 25 percent per year.

Monday, November 05, 2007

Strategy is as strategy does. Instead of describing the Real ID program by quoting politicians, shouldn't we be talking about the outcomes? “Papers Comrade! You can't get aboard the Ambulance/buy food/get gas/cross state lines/get on a plane/cash a check without Papers.”

Why states are resisting U.S. on plan for REAL I.D.

Sunday, November 04 2007 @ 05:26 PM EST Contributed by: PrivacyNews News Section: REAL ID

The federal government's efforts to create a standardized, secure driver's license that would also serve as a national ID card have hit some significant stumbling blocks.

Chief among them: Eight states have voted in the past year not to participate in the program. Nine others are on the record opposing the proposal. In total, legislation opposing the plan has been introduced in 38 states.

Behind much of the state legislative opposition to the Department of Homeland Security (DHS) plan is Missouri state Rep. Jim Guest, a conservative Republican. His primary concern: REAL ID, as DHS has dubbed the initiative, would not deter terrorists. Instead, he believes, it would be an unprecedented invasion of individual privacy, creating a databank of personal information to which officials on the local, state, and federal levels would have access.

Source - Christian Science Monitor

...and if your kids put pictures or 'home movies' online, you can make a 3D model of your house – perfect for those midnight SWAT raids.

Recreating Cities Using Online Photos

Posted by Zonk on Sunday November 04, @05:33PM from the taking-a-walkabout dept. Graphics The Internet Technology

Roland Piquepaille writes "The billion of images available from a site like Flickr has stimulated the imagination of many researchers. After designing tools using Flickr to edit your photos, another team at the University of Washington (UW) is using our vacation photos to create 3D models of world landmarks. But recreating original scenes is challenging because all the photos we put on Flickr and similar sites don't exhibit the same quality. With such a large number of pictures available, the researchers have been able to reconstruct with great accuracy virtual 3D model of landmarks, including Notre Dame Cathedral in Paris and the Statue of Liberty in New York City."

Is it time to 'short' Microsoft? Okay, probably not, but there are an increasing number of articles that show how vulnerable Microsoft is in several areas. At minimum, we are seeing the impact of commoditization.;_ylt=AiTQLUatXatjEqSwFD9YrSis0NUE

PCs being pushed aside in Japan

By HIROKO TABUCHI, Associated Press Wrier Sun Nov 4, 4:28 PM ET

TOKYO - Masaya Igarashi wants $200 headphones for his new iPod Touch, and he's torn between Nintendo Co.'s Wii and Sony's PlayStation 3 game consoles. When he has saved up again, he plans to splurge on a digital camera or flat-screen TV.

There's one conspicuous omission from the college student's shopping list: a new computer.

The PC's role in Japanese homes is diminishing, as its once-awesome monopoly on processing power is encroached by gadgets such as smart phones that act like pocket-size computers, advanced Internet-connected game consoles, and digital video recorders with terabytes of memory.

Making the Operating System less important...

Press F4 to Bypass Windows With Fast-Boot Technology

By Bryan Gardiner Email 11.05.07 | 12:00 AM

Say goodbye to excessive boot times. HyperSpace's secure embedded platform will let your basic applications fire up instantly.

There's absolutely no reason you should be waiting the three-plus minutes it takes your computer to boot up Windows, says Woody Hobbs, CEO of Phoenix Technologies. And indeed, if Hobbs has his way, you may not have to endure those waits much longer.

Phoenix says its new technology, HyperSpace, will offer mobile PC users the ability to instantly fire up their most used apps -- things like e-mail, web browsers and various media players -- without using Windows, simply by pressing the F4 button.

"As Windows gets more and more complex, we've seen startup times get longer and longer," says Hobbs. "If I go to the airport and try to connect to a Wi-Fi network, I'm waiting for five minutes just to connect. That's ridiculous -- people usually just give up and use their cell phones or PDAs."

Phoenix Technologies is the company responsible for many computers' basic input/output system, or BIOS, the firmware code that runs when your PC starts up. Usually, the BIOS identifies the hardware on your PC and initializes components, then lets the operating system handle everything else, from storing files to connecting with networks to running applications. In essence, HyperSpace is a simple operating environment, a layer on top of the BIOS, that runs side-by-side with Windows and can efficiently implement some of the most commonly used apps on a PC.

... Phoenix Technologies says content providers will be able to create "instant-on" applications like media players, and PC system vendors will be able to embed purpose-built apps into new computers. The quick-start apps will operate like self-contained appliances.

... Those problems don't just entail slow boot times. At a basic level, they also have to do with Microsoft dictating user experience as a whole, regardless of what machine you're using. In that vein, Phoenix says its HyperSpace platform could very well usher in a new era of ultrapersonalized PCs and laptops, even upending the way the industry does business.

... A student-aimed laptop, for instance, could come with apps like word processing, e-mail and IM preloaded into HyperSpace. Companies could even start releasing HyperSpace versions of applications specifically for the embedded platform, he says.

Getting paid to get rid of your servers...

Move to a Mainframe, Earn Carbon Credits

Posted by Zonk on Monday November 05, @03:35AM from the trade-and-process-process-and-trade dept. Power Supercomputing IBM Science

BBCWatcher writes "As Slashdot reported previously, Congress is pushing the U.S. Environmental Protection Agency to develop energy efficiency measures for data centers, especially servers. But IBM is impatient: Computerworld notes IBM has signed up Neuwing Energy Ventures, a company trading in energy efficiency certificates, in a first for "green" computing. Now if your company consolidates, say, X86 servers onto an IBM mainframe on top of slashing about 85% off your electric bill each megawatt-hour saved earns one certificate. Then you can sell the certificates in emerging carbon trading markets. IBM's own consolidation project (collapsing 3,900 distributed servers onto 30 mainframes) will net certificates worth between $300K and $1M, depending on carbon's market price. Will ubiquitous carbon trading discourage energy-inefficient, distributed-style infrastructure in favor of highly virtualized and I/O-savvy environments, particularly mainframes?"

Even if the simply aggregate existing tools, this could be useful. (The concept will translate to other areas as well...)

November 03, 2007

Article Details Text Mining Services for the UK Academic Community

The National Centre for Text Mining: A Vision for the Future: "Sophia Ananiadou describes NaCTeM and the main scientific challenges it helps to solve together with issues related to deployment, use and uptake of NaCTeM's text mining tools and services."

  • "One of the defining challenges of e-Science is dealing with the data deluge information overload and information overlook. More than 8,000 scientific papers are published every week (on Google Scholar, for example). Without sophisticated new tools, researchers will be unable to keep abreast of developments in their field and valuable new sources of research data will be under-exploited. The capability of text mining (TM) to find knowledge hidden in text and to present it in a concise form makes it an essential part of any strategy for addressing these problems. As text mining matures, it will increasingly enable researchers to collect, maintain, interpret, curate, and discover knowledge needed for research and education, efficiently and systematically. The National Centre for Text Mining (NaCTeM)"

For my small business class. Plan and start your own small business FOR REAL! Convert your passion for rap-bluegrass fusion to an online store where customers rely on your expertise. - Shared Profit Retailing

Mediastores is exactly what their name implies: a site where you can create your own store, selling the books, DVDs, CDs, and downloads that you choose. You can personalize the color scheme of your online store and add your company’s logo, and the best part is that you earn a 20% commission off of any purchases made from your store.

Another niche, but are there enough nichettes to use it? - Attractive Spot to Discover Fonts

Fawnt is an easy way to find the new and creative fonts that you are looking for. The various fonts they display are shown in a way that makes it easy to view what they look like and see how popular they have been with other site users. It’s easy to scroll the different font options without ever having to reload the screen or sort through categories to find a design appealing to you. This is also a good place for font designers to show their work and gain coverage of their fonts.

Could there be a market for this at all? Aren't kids addicted to YouTube enough already? (Perhaps a video from Mom & Dad: “Get up! Go to class! Study hard! Get a great job!” ...Naaaah. - Wake up to YouTube

AlarmTube is an online alarm clock that allows you to wake up to the YouTube video of your choosing.

Now this might find a market. - Text Message Reminders

... could help us remember certain tasks by reminding us with text messages. is a text messaging service that reminds us of when we need to do something.

Sunday, November 04, 2007

“What, me worry?” A. E. Newman,139212-c,onlineprivacy/article.html

Most Consumers Clueless About Online Tracking

Online privacy is vastly overestimated, as ad networks and marketers track surfers, study reports.

Jaikumar Vijayan, Computerworld Friday, November 02, 2007 11:00 AM PDT

... One example of that disconnect is that more than half -- about 55 percent -- of those surveyed falsely assumed that a company's privacy polices prohibited it from sharing their addresses and purchases with affiliated companies. Similarly, nearly four out of 10 online shoppers falsely believed that a company's privacy policy prohibits it from using information to analyze an individuals' activities online; in fact, this is a common practice. A similar number also assumed that an online privacy policy meant that a company they're doing business with wouldn't collect data on their online activities and combine it with other information to create a behavioral profile.

report (PDF)

Attention Hackers: Talk about a target!

NZ: Have your say about proving your identity online

Saturday, November 03 2007 @ 02:25 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

The Government is proposing a new service that will allow people to prove their identity to government agencies online and in real time to a high level of confidence. The Department of Internal Affairs is holding a public consultation on the identity verification service between now and 7 December 2007. The aim is to gather feedback from potential users about how this new service might work for them.

This Identity Verification Service will be provided as a part of the All-of-Government Authentication Programme being led by the State Services Commission. The working title for all of the services offered to the public by the Authentication Programme is “igovt”.

Source - Scoop (Press Release: Department Of Internal Affairs)

Sort of a WalMart for computer thieves?

Datacenter Robbed for the Fourth Time in Two Years

Posted by Zonk on Saturday November 03, @06:36PM from the that's-quite-a-router-failure dept. Security IT

mariushm writes "According to the Register, the Chicago-based colocation datacenter C I Host was attacked by armed intruders recently, making it the the fourth time in two years that armed thugs have made off with data. According to a letter C I Host officials sent customers, 'At least two masked intruders entered the suite after cutting into the reinforced walls with a power saw ... During the robbery, C I Host's night manager was repeatedly tazered and struck with a blunt instrument. After violently attacking the manager, the intruders stole equipment belonging to C I Host and its customers.' Aggravating the situation, C I Host representatives took several days to admit the most recent breach, according to several customers who said they lost equipment, all the while reporting the problems as 'router failures'."

For you Google watchers...

Saturday, November 03, 2007

The best blogs about Google

Rex Sorgatz of Fimoculous, answers the question: Among the scores of sites devoted to Google-watching, sympathetic and skeptical, which are the best?

Worried about wireless?

Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks

Online Article USENIX: View article online


The growing popularity of wireless networks and mobile devices is starting to attract unwanted attention especially as potential targets for malicious activities reach critical mass. In this study, we try to quantify the threat from large-scale distributed attacks on wireless networks, and, more specifically, wifi networks in densely populated metropolitan areas. We focus on three likely attack scenarios: “wildfire” worms that can spread contagiously over and across wireless LANs, coordinated citywide phishing campaigns based on wireless spoofing, and rogue systems for compromising location privacy in a coordinated fashion. The first attack illustrates how dense wifi deployment may provide opportunities for attackers who want to quickly compromise large numbers of machines. The last two attacks illustrate how botnets can amplify wifi vulnerabilities, and how botnet power is amplified by wireless connectivity.

To quantify these threats, we rely on real-world data extracted from wifi maps of large metropolitan areas in the States and Singapore. Our results suggest that a carefully crafted wireless worm can infect up to 80% of all wifi connected hosts in some metropolitan areas within 20 minutes, and that an attacker can launch phishing attacks or build a tracking system to monitor the location of 10-50% of wireless users in these metropolitan areas with just 1,000 zombies under his control.

Could any US hospital do this?

London Children’s Hospital Puts Historic Records Online

3rd November 2007

London’s Great Ormond Street children’s hospital has launched a Web site containing more than 50 years’ worth of patient records. The new site covers over 84,000 child patients who were treated between 1852 and 1914. You can search it at

From the front page you can search by first name, surname, and approximate year of birth. (There is a far more extensive search available at but you’ll have to register to use it.) I did a search for Dickens and got 18 results, including Dickenson as well as Dickens.

The results are in a table that shows date of admission, sex, name, diseases, and registration district. There are no hyperlinks on the table but you can choose a name and click on it for more details. Additional information includes admitting doctor, ward, and length of stay. If you register on the site (registration is free) you’ll get even more information including case notes, residence of the patient, and outcome of the disease. (Not all data is available for all records.)

This is a very interesting set of data for historical or genealogical research. Definitely worth a look!