Saturday, December 15, 2007

Again, “We don't know...” is the main theme.

http://www.pogowasright.org/article.php?story=20071214175824626

Hackers gain access to U of M-Flint computers

Friday, December 14 2007 @ 05:58 PM EST Contributed by: PrivacyNews News Section: Breaches

A security alert on the University of Michigan-Flint campus has been issued after someone hacked several servers, perhaps putting personal information at risk.

... The university told the campus community that it's working to determine the scope of the breach, but for now, can't say what type of information may have been jeopardized.

"It's difficult at this point to really know what's on there, or what may or may not have been accessed," said university spokeswoman Jennifer Hogan.

Source - ABC



Oh look! Someone found a copy of the Bill of Rights! (Not the ideal case for establishing this precedent. Sounds like the government didn't control the laptop and files were encrypted after his arrest.)

http://www.pogowasright.org/article.php?story=20071215073620365

Judge: Man can't be forced to divulge encryption passphrase

Saturday, December 15 2007 @ 07:36 AM EST Contributed by: PrivacyNews News Section: In the Courts

A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination.

Source - Declan McCullagh, C|net
Court Ruling - In Re Boucher, 2007 WL 4246473 [pdf]



It seems studies are cheap, but fixes are impossible?

http://it.slashdot.org/article.pl?sid=07/12/15/031238&from=rss

Ohio Study Confirms Voting Systems Vulnerabilities

Posted by Zonk on Saturday December 15, @06:22AM from the never-thought-i'd-be-longing-for-paper dept. Security Politics

bratgitarre writes "A comprehensive study of electronic voting systems (PDF) by vendors ES&S, Hart InterCivic and Premier (formerly Diebold) found that 'all of the studied systems possess critical security failures that render their technical controls insufficient to guarantee a trustworthy election'. In particular, they note all systems provide insufficiently protection against threats from election insiders, do not follow well-known security practices, and have 'deeply flawed software maintenance' practices."

Some of these machines are the ones California testers found fault with last week.

[From the paper:

All of the systems exhibited a visible lack of trustworthy auditing capability.


Now that's interesting!

http://blogs.cnet.com/8301-13505_1-9833918-16.html?part=rss&subj=news&tag=2547-1_3-0-20

Piracy as a leading indicator of sales

Posted by Matt Asay 2 comments December 14, 2007 1:20 PM PST

One great way to determine whether your digital product is destined for greatness is how many people want to steal it. As the television industry is starting to realize, there's a great deal of positive information that can be gleaned from illegal torrents of the shows. If no one wants to watch it, no one is going to steal it.

The open-source analog, of course, is the download. If you aren't getting free downloads then it's probably futile to try selling a product. Downloads, in other words, tell us a lot about future purchases, assuming there's a compelling business and revenue model behind the download:

Tech-savvy consumers have been boldly declaring that piracy can help and not hinder industry for years (especially when it comes to music downloads), but I was shocked the first time I heard the same claim from some very knowledgeable marketing types one day over a year ago in a boardroom. One of them simply asked, "Is the show on BitTorrent? How many people are downloading it??" The rest of the group looked genuinely interested in the answer from a demand point of view, not from an outraged one. I've since heard the same thing again several times, from different companies.

An even more interesting thing has started to happen: unofficial, but sanctioned television show leaks on BitTorrent. Broadcasters aren't posting their shows directly on PirateBay yet, but they are talking informally and giving copies of shows to a friend of a friend who is unaffiliated with the company to make a torrent. Why? Well, it's partially an experiment, but the hope is that distribution of content this way will lead to new viewers who wouldn't have been reached through traditional marketing means. Early signs indicate that these experiments are working.

The TV industry needs to explore ways to take advantage of piracy. While people will gladly take a free product if offered it, they'll also likely pay for a complement to that product. Hence, TV watchers have long "paid" for free TV with taxes (U.K.) and advertising (U.S.). In a world of TiVo, there may need to be new means of monetization devised, but the value of the piracy for indicating a potential market should not be underestimated.


...this looked highly experimental, but based on the previous article perhaps it was simply smart?

http://techdirt.com/articles/20071214/021230.shtml

More Bands Experimenting With Free As A Part Of The Business Model

from the good-for-them dept

Eric the Grey writes in to let us know about yet another band understanding the economics facing the music industry. Apparently the band Big Head Todd and the Monsters isn't just giving away free downloads of their new album, but are also giving away 500,000 CDs. They're actually doing it in an interesting way. Somewhat similar to Prince's recent offering to give away CDs with newspapers, BHTM is giving the CDs away via radio stations. Fans could sign up on the band's website for the CDs or get them from radio stations who are being given the CDs in batches to be given away. While giving away physical CDs doesn't make as much sense as just offering the downloads (it's a lot costlier...), it appears that the folks involved with this project understand the basics: "This sort of thing might very well be the future of music distribution. Give away the music, build a bigger fan base [and] generate revenue through live shows, merchandising and other platforms." That, of course, is what plenty of folks have been suggesting for years, while having record label execs insist it would never fly. Where are they now that it's flying? Oh, right, playing dumb.



A prescription for the computer industry?

http://hbswk.hbs.edu/item/5830.html

When Your Product Becomes a Commodity

Published: December 14, 2007 Author: John Quelch

Executive Summary:

Like death and taxes, commoditization of your products is a given. Marketing professor John Quelch offers tips for delaying the inevitable and dealing with it once it arrives. Key concepts include:

* The speed from product launch to maturity is faster than ever before.

* Innovate, bundle, and segment are 3 things marketers can do to delay commoditization.

* Managers already in a commoditized market must rethink salesforce compensation and pricing, trim costs, acquire competitors, and fire unprofitable customers.



Could be a simple way to copy data for my students. (A bit pricey though...)

http://news.softpedia.com/news/Kanguru-039-s-USB-Duplicator-Your-Own-Personal-Data-Multiplication-Factory-73864.shtml

Kanguru's USB Duplicator: Your Own, Personal Data Multiplication Factory

- Obtain up to 24 drives in a single shot

By: Alex Vochin, Technology Editor

Although most users don't need to multiply data stored onto USB drives on a daily basis, there are certain situations (back ups, IT work, sales and marketing preparation, PC rollouts, etc.) when a device that can copy the same files over and over again onto several such portable storage solutions could really come in handy.

... The USB Duplicator comes in 2 sizes: 1 Master to 9 Targets and 1 Master to 24 Targets.

http://www.kanguru.com/usbdup.html

Friday, December 14, 2007

Does this change the debate?

http://www.pogowasright.org/article.php?story=20071214080416315

Attorney: TJX Knew Of Data Breach Much Earlier Than It Claims

Friday, December 14 2007 @ 08:04 AM EST Contributed by: PrivacyNews News Section: Breaches

TJX learned of its massive data breach on Oct 3, 2006, more than two months earlier than TJX has told the government it first learned of the breach, according to one of the attorneys representing one of the banks suing the retail chain.

Source - Evan Schuman's StorefrontBacktalk (blog)

[From the article:

But the details also reinforce the appearance that TJX—throughout this incident—has shown more concern about keeping this incident quiet than protecting customer data. [...and they executed that strategy brilliantly! Bob]



Very interesting question. Are there other events that could place an organization in this position?

http://techdirt.com/articles/20071209/205715.shtml

What's The Liability For A Service Provider Who Ignores Takedown Notices?

from the we-may-be-about-to-find-out dept

We've gone on at length over the years concerning safe harbors for online service providers, noting that service providers shouldn't (and usually don't, under the law) have liability for illegal actions performed by users of the service. However, many of the safe harbors that provide that protection make it clear that should the service providers be informed of illegal activities, the service providers need to take action to avoid becoming liable. However, if the service providers don't take action, what is their liability? We may soon find out, thanks to a new lawsuit involving eBay and the maker of of dollhouse furniture, Hansson. Hansson is upset that someone else is selling dollhouse furniture on eBay using Hansson's trademark. While, at first, this might sound like other such lawsuits against eBay for counterfeit goods, this case is different in a few important ways. First, Hansson actually is suing the company who is selling the counterfeit doll furniture. Second, while it is suing eBay, that's only because Hansson claims that the company sent eBay eight takedown notices and a cease-and-desist letter -- all of which were ignored. So, the question now becomes what kind of liability eBay faces if it's found that the company ignored the various notifications about infringing goods on the site. Eric Goldman, who wrote the story at the link above wonders why eBay would ignore all those notifications, but also questions whether or not it's wise on Hansson's part to drag eBay into the lawsuit just to get its attention. As he says, Hansson may get more of eBay's attention than it really wanted.



Probably means we should check our systems.

http://www.pcworld.com/article/id,140538-c,virusesworms/article.html

One in Five PCs Infected With Rootkits

Malware researchers have uncovered 'massive growth' in the number of PCs harboring silent rootkit infections.

Matt Egan, PC Advisor Thursday, December 13, 2007 08:30 AM PST

Malware researchers at Prevx have highlighted what they are calling a 'massive growth' in the number of PCs harboring rootkit infections.

More than 725,000 PCs were scanned using the Prevx CSI malware scanner over a two-month period. Of the around 291,000 users who scanned their PCs during October 2007, some form of spyware or malware was found on one in six.

Significantly, although rootkits were detected on 15.6% of PCs during October 2007, that figure had risen to 22% by early December.

According to Prevx's Jacques Erasmus: "The rise of the rootkits has begun."

Rootkits are often 'dropped' or buried by other infections. They then modify a PC's operating system to hide themselves from both the user and any security products installed on the computer. By so doing rootkits can allow criminals to remotely monitor, record, modify, steal and transfer data from the victim's PC.

(Ed. Note: another excellent tool for detecting rootkits is an application called IceSword)



Does anyone still follow baseball?

http://www.bespacific.com/mt/archives/016802.html

December 13, 2007

Senator George J. Mitchell Releases Report on Major League Baseball Investigation

DLA Piper press release: "Senator George J. Mitchell, the chairman of DLA Piper, today released the report of his independent investigation into the illegal use of steroids and other performance enhancing substances by players in Major League Baseball. Senator Mitchell was named in March 2006 by the Commissioner of Baseball, Allan H. Selig, to conduct the investigation. He led a national team of lawyers from DLA Piper that included experienced investigators, former government prosecutors and agency enforcement professionals.



...and you thought Harry Potter books were expensive!

http://hosted.ap.org/dynamic/stories/P/PEOPLE_ROWLING?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

J.K. Rowling Fairy Tales Sell for $4M

By THOMAS WAGNER Associated Press Writer Dec 14, 4:34 AM EST

LONDON (AP) -- A book of fairy tales created, handwritten and illustrated by J.K. Rowling sold for nearly $4 million at auction Thursday.

The buyer, Web retailer Amazon.com Inc., now owns one of only seven copies of "The Tales of Beedle the Bard," which is leather bound with silver mounts.

Thursday, December 13, 2007

Guidelines? Or a call for guidelines?

http://www.pogowasright.org/article.php?story=20071213062947923

Security Breach Notification Laws: Views from Chief Security Officers

Thursday, December 13 2007 @ 06:50 AM EST Contributed by: PrivacyNews News Section: Breaches

From the Executive Summary:

... this study proposes establishing a uniform set of notification requirements to maximize information exchange about security breaches:

  • Establish a uniform standard that requires public notice of all security breaches – to help security professionals track and adapt to incidents at other organizations and to ensure that all affected consumers are being provided with breach notices.

  • Establish a uniform reporting standard and require notification to a centralized organization in addition to consumers – to make information on breaches publicly available and allow industry professionals to reference breach reports for information on security vulnerabilities.

  • Clarify and broaden technology safe harbor provisions beyond encryption – to give better guidance to organizations on what types of security mechanisms are sufficient to prevent lost data from being accessible for the purposes of misuse and to incubate research into and adoption of other technologies that effectively render personal information useless if accessed without authorization.

  • Create a safe harbor period for notifications – to compromise between giving clear instructions on how quickly notifications must be given and providing enough flexibility for organizations to investigate and remedy security breaches.

  • Collect more information on the type of notification trigger language that should be used.

Source - Study Conducted for the Samuelson Law, Technology & Public Policy Clinic [pdf] (December, 2007)

(Props, Bruce Schneier)



Analysts rule!

http://www.pogowasright.org/article.php?story=20071213063703360

Bruce Schneier: Why 'Anonymous' Data Sometimes Isn't (commentary)

Thursday, December 13 2007 @ 06:51 AM EST Contributed by: PrivacyNewsNews Section: Internet & Computers

Last year, Netflix published 10 million movie rankings by 500,000 customers, as part of a challenge for people to come up with better recommendation systems than the one the company was using. The data was anonymized by removing personal details and replacing names with random numbers, to protect the privacy of the recommenders.

Arvind Narayanan and Vitaly Shmatikov, researchers at the University of Texas at Austin, de-anonymized some of the Netflix data by comparing rankings and timestamps with public information in the Internet Movie Database, or IMDb.

Their research (.pdf) illustrates some inherent security problems with anonymous data, but first it's important to explain what they did and did not do.

Source - Wired



If they see the camera, they can order you to stop videotaping. If they don't, you're a criminal?

http://www.huffingtonpost.com/eugene-volokh/the-dark-side-of-privacy-_b_76518.html

The Dark Side of Privacy Law:

Eugene Volokh Posted December 12, 2007 | 03:54 PM (EST)

InstaPundit links to a story about someone who was "convicted of violating state wiretapping laws" for "conceal[ing] a camera to videotape a Boston University police sergeant ... during a 2006 political protest."

That's pretty outrageous, but it's entirely consistent with a 2001 Massachusetts Supreme Judicial Court decision in Commonwealth v. Hyde, which is based on Massachusetts' extremely broad privacy law:



With the right tools, even a small number of spammers can reach millions...

http://blogs.cnet.com/8301-13505_1-9831556-16.html?part=rss&subj=news&tag=2547-1_3-0-5

Study: 95 percent of all e-mail sent in 2007 was spam

Posted by Matt Asay December 12, 2007 3:02 PM PST

There was a time--2004 to be precise--when spam "only" consumed 70 percent of all e-mail. Those were the good old days. Today, as Barracuda Networks' annual spam report shows, upwards of 95 percent of all e-mail is spam. In 2001, the number was 5 percent.



“We are French, we don't have to be rational!”

http://techdirt.com/articles/20071213/010749.shtml

France Says Non! To Amazon's Free Shipping

from the we-want-our-citizens-to-pay-more dept

I've never quite understood European laws that bans the discounting of books. It's one of those protectionist laws that ends up harming everyone. While economically-challenged folks will say that it helps save independent bookstores, they are unwilling to admit at what cost: less innovation in the way books are sold, fewer books purchased and higher prices for everyone. And, there's actually evidence to suggest that it really doesn't do much to protect those independent booksellers after all. The UK ditched such price fixing over a decade ago and didn't see the expected demise of independent booksellers. However, France is still a big believer in the concept and has now told Amazon.com it can no longer offer its famed "free shipping," since that effectively is an excessive discount. Amazon now has ten days to start charging shipping fees, or face daily fines. In other words, ordering books online just got a lot more expensive. It's difficult to see how that helps anyone.



A nice geeky video...

http://blog.wired.com/27bstroke6/2007/12/pgps-geek-chris.html

PGP's Geek Christmas Carol

By Kim Zetter EmailDecember 12, 2007 | 1:13:31 PMCategories: Hacks and Cracks

The security geeks at PGP have put together this video carol of the "12 Threats of Christmas" as performed in harmony (with a little hip hop thrown in) by Boyz Nite Out.

Wednesday, December 12, 2007

Wishing is not a security technique.

http://www.pogowasright.org/article.php?story=20071211194829602

Iowa DNR Tells 7000: Social Security Numbers Lost

Tuesday, December 11 2007 @ 07:42 PM EST Contributed by: PrivacyNews News Section: Breaches

A contractor working for the Iowa Department of Natural Resources (DNR) lost a jump drive containing the names and social security numbers of 7000 people who work in wastewater and drinking water systems. The loss occurred on Nov. 21, but the contractor waited to report it until Dec. 5th because he thought he might find the drive. He now believes that the drive fell off his desk at DNR and into the trash.

Source - KCRG-TV



Keep swinging people, eventually you could connect.

http://www.pogowasright.org/article.php?story=20071212003554151

TJX Lawsuit Transferred

Wednesday, December 12 2007 @ 06:41 AM EST Contributed by: PrivacyNews News Section: Older News Stories

A lawsuit by a group of New England and Alabama banks against TJX Cos. over a data breach that resulted in the theft of millions of credit-card numbers was transferred to a Massachusetts state court by a federal judge.

In his order yesterday, U.S. District Judge William G. Young denied the plaintiffs' request to sue as a class and ruled that without class-action status the case would no longer fall under federal jurisdiction.

... The plaintiffs plan to continue pressing for class-action status in state court, Joseph R. Whatley Jr., an attorney representing the banks, said after the decision.

Source - Wall Street Journal



Told ya! (Video)

http://digg.com/politics/From_the_Programmer_s_Mouth%3A_How_the_2000_Election_was_Fixed

From the Programmer's Mouth: How the 2000 Election was Fixed watch!

youtube.com — Clinton E. Curtis, ex-programmer tells all during a Congressional hearing on voting fraud. In October 2000, Curtis was asked by Tom Feeney (R), then Speaker of the House in Florida, to write a computer program that would render electronic voting fraud undetectable. Curtis did just that.

http://www.youtube.com/watch?v=ky-YXvxYbck&feature=related



We promise to start using all that security stuff everyone has been telling us to use. We'll start now (should be done before the turn of the millennium)

http://it.slashdot.org/article.pl?sid=07/12/11/2144255&from=rss

Ohio Plans To Encrypt After Data Breach

Posted by kdawson on Tuesday December 11, @05:24PM from the shutting-the-barn-door-after-the-horses dept. Security IT

Lucas123 writes "After a backup tape containing sensitive information on 130,000 Ohio residents, current and former employees, and businesses was stolen from the car of a government intern in June, the state government just announced it has purchased 60,000 licenses of encryption software — McAfee's SafeBoot — for state offices to use to protect data. It's estimated that the missing backup tape will cost Ohio $3 million. In September, the state docked a government official about a week of future vacation time for not ensuring that the data would be protected."



Oh them wild 9th Circuit guys...

http://www.pogowasright.org/article.php?story=20071211142949550

9th Circuit finds parts of Patriot Act unconstitutional

Tuesday, December 11 2007 @ 02:29 PM EST Contributed by: PrivacyNews News Section: In the Courts

A federal appeals court ruled yesterday that some portions of the U.S. Patriot Act dealing with foreign terrorist organizations are unconstitutional because the language is too vague to be understood by a person of average intelligence. [“So says us smart guys!” Bob]

Source - First Amendment Center

Court Opinion - Humanitarian Law Project v. Mukasey [pdf]



As we assumed?

http://www.pogowasright.org/article.php?story=20071211142529527

Reportable and Multiple Privacy Breaches Rising at Alarming Rate

Tuesday, December 11 2007 @ 02:25 PM EST Contributed by: PrivacyNews News Section: Breaches

Personally identifiable information (PII) of customers and employees is being exposed -- frequently and repeatedly -- potentially putting hundreds of thousands of individuals at risk and exposing organizations to increased liability, according to a new survey by Deloitte & Touche LLP ("Deloitte") and the Ponemon Institute LLC.

A shocking 85 percent of privacy and security professionals in North America surveyed acknowledged having at least one reportable data breach of PII within their organizations during the last 12 months, according to the "Enterprise@Risk: 2007 Privacy & Data Protection Survey." More alarming is the fact that 63 percent acknowledged multiple reportable data breaches occurred within their organizations during the same period.

Source - EarthTimes.org (press release)

"Enterprise@Risk: 2007 Privacy & Data Protection Survey" is available, at no charge, via the Deloitte web site at http://www.deloitte.com/us/privacyfunction.



“...'cause if we knew this was on the record, we would have lied better”

http://www.pogowasright.org/article.php?story=20071211111145983

Judge tosses privacy case against rapper

Tuesday, December 11 2007 @ 11:11 AM EST Contributed by: PrivacyNews News Section: In the Courts

A lawsuit in which three former City of Detroit employees claimed rapper Dr. Dre invaded their privacy by videotaping a conversation without their knowledge has been dismissed.

Wayne County Circuit Judge John A. Murphy, in a ruling issued Dec. 4 but released Monday, held that the city workers had no reason to believe the conversation was private.

[...]Murphy ruled that the conversation took place in a room with an open door and that at least one of the city employees entered and exited without difficulty. "Under the circumstances," the judge wrote, "the plaintiffs could not have a reasonable expectation of privacy."

Source - Detroit Free Press

[From the article:

Dr. Dre's attorney, Herschel Fink, who also represents the Free Press in editorial matters, said Monday this is the third time a judge has dismissed litigation by city employees against the rapper over the incident.



Detection by results...

http://www.infoworld.com/article/07/12/11/DNS-attack-could-signal-Phishing-2.0_1.html

DNS attack could signal Phishing 2.0

Only recently have hackers lined up the technology and technique to reap open-recursive DNS servers' weaknesses

By Robert McMillan, IDG News Service December 11, 2007

Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet.

... Georgia Tech's and Google's researchers estimate that as many as 0.4 percent, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. They also estimate that another 2 percent of them provide questionable results. Collectively, these servers are beginning to form a "second secret authority" for DNS that is undermining the trustworthiness of the Internet, the researchers warned.

"This is a crime with few witnesses," said David Dagon, a researcher at Georgia Tech who co-authored the paper. "These hosts are like carnival barkers. No matter what you ask them, they'll happily direct you to the red light store, or to a Web server that does nothing more than spray your eyeballs with ads."



If my computer make the discovery, do I get to share the Nobel? Legal questions?

http://science.slashdot.org/article.pl?sid=07/12/11/210246&from=rss

Citizen Science and Grid Computing

Posted by kdawson on Tuesday December 11, @04:06PM from the greyware-network dept. Social Networks Science

japonicus writes "The Economist has an article summarizing the current state of distributed computing (think SETI@home and its ilk), which suggests that distributed-human projects are going to be the next big thing. (We discussed one such project, the Galaxy Zoo, a few months back.) T he distributed-computing platform BOINC is about to expand to human processing. Distributed proofreaders have been a longstanding success (yet inexplicably failed to get even a mention in the article); but there are a lot of other projects waiting in the wings."



Ignorance of the technology is no excuse! (I've always wanted to say that.)

http://ralphlosey.wordpress.com/2007/12/08/dumb-and-dumber-sequel-another-attempt-by-attorneys-to-try-and-excuse-non-production-of-esi-with-computer-illiteracy/

Court Rejects Attorney’s Computer Illiteracy As Excuse For Non-Production

Plaintiff’s counsel in a district court case in Colorado lacked the technical ability to open and read most of his client’s emails. He figured that since he could not read them, he did not have to produce them. Instead of producing the thousands of emails on a DVD containing his client’s college email, he just produced the ten he could read, and ignored the rest. Garcia v. Berkshire Life Ins. Co. of America, 2007 U.S. Dist. LEXIS 86639 (D. Colo. Nov. 13, 2007).



I recently bought a teddybear for $10 and called it Mohammed...

I have now sold it on eBay for $30...

My question is, have I made a prophet ?????

Tuesday, December 11, 2007

No surprise here.

http://www.pogowasright.org/article.php?story=20071210112911396

Banks to Appeal TJX Decision

Monday, December 10 2007 @ 11:29 AM EST Contributed by: PrivacyNews News Section: Breaches

As a retailer defending itself because of the world's worst data breach, TJX has turned over more than 2.5 million pages of documents. That—plus the decision to appeal and some shifting of the blame to MasterCard—were the highlights from a series of federal filings late Dec. 6.

In an anticipated move, lawyers for the banks that are suing TJX formally declared their intent to appeal to a federal appellate panel a Nov. 29 decision by U.S. District Court Judge William Young to deny class certification for their case.

Source - eWeek



“Gee, the data was secure almost all the time.”

http://www.pogowasright.org/article.php?story=2007121107053022

CA: Stolen laptop holds private information

Tuesday, December 11 2007 @ 06:58 AM EST Contributed by: PrivacyNews News Section: Breaches

Sutter Lakeside Hospital (SLH) reported Monday that a laptop computer containing personal and medical information of approximately 45,000 former patients, employees and physicians has been stolen from the residence of a contractor. It has not been recovered.

The information, dating from 2005 and earlier, was to be transferred from one secure system to another as part of an equipment upgrade, but the contractor went against hospital policy by downloading the information onto the laptop's hard drive.

... The patient information on the laptop primarily includes names, addresses, phone numbers, dates of birth and social security numbers, officials said. For a small number of patients, billing and diagnosis information was also included.

Source - Lake County Record Bee



“Gee, it sounded like a reasonable request. They just want to send us Christmas Cards...”

http://www.pogowasright.org/article.php?story=20071210194151910

TX: Employee Accused of Emailing County Workers' Personal Information

Monday, December 10 2007 @ 07:41 PM EST Contributed by: PrivacyNews News Section: Breaches

A letter sent to Cameron County employees states their personal information was released through an e-mail.

According to the letter, an employee released an e-mail with a list of all county officials and employees. It reportedly contained names, social security numbers, and salaries.

.... The email had been sent to a Brownsville Herald reporter.

Source - KRGV- TV



How to turn your average DA into a caped crime fighter?

http://www.pogowasright.org/article.php?story=20071210184533534

Justice details grants to help victims of ID theft

Monday, December 10 2007 @ 06:45 PM EST Contributed by: PrivacyNews News Section: Breaches

The Justice Department on Monday unveiled $1.7 million in funds for national, regional, state and local organizations and agencies that assist victims of identity theft and financial fraud.

The grants, awarded through the Office of Justice Programs, are intended to expand existing services and strengthen law-enforcement response. Justice is committed to tackling the problem and providing groups on the front lines the resources they need, acting Assistant Attorney General Cybele Daley said in a statement.

The Identity Theft Resource Center, a national organization that provides free assistance to victims of ID theft, will get $500,000 to improve and expand its counseling and case work. The money also will allow the San Diego, Calif.-based group to expand the staff of its call center.

Source - Government Executive



I think I may have this translated into a Christmas Card. Imagine the amusement.

http://www.pogowasright.org/article.php?story=2007121013111025

Santa putting children's information at risk, warn experts

Monday, December 10 2007 @ 01:11 PM EST Contributed by: PrivacyNews News Section: Breaches

The good folks at Out-Law.com may have started their holiday parties a bit early this year....

Santa Claus could be breaking privacy laws in his collection and use of data about British children, experts have warned. Yuletide cheer-bringer Claus could be putting the personal data of millions of children at risk.

Data protection laws lay down strict conditions for the use of personal data and there is no evidence that Claus has an adequate compliance programme in place.

Children across Britain who write letters to Claus with a list of gift requests are not told for how long that data is kept, or if it will be used for other purposes such as marketing by third parties.

[...]OUT-LAW's attempts to put the questions to Claus were hindered by the lack of an office chimney. Eventually the questions were put up a domestic chimney but no response was received by time of publication.

Source - Out-Law.com



Because...

http://www.pogowasright.org/article.php?story=20071210081344775

Data “Dysprotection:” breaches reported last week

Monday, December 10 2007 @ 08:13 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee. Source - Chronicles of Dissent



The proof is in the pudding. Big claims warrant close inspection...

http://www.pogowasright.org/article.php?story=20071210181516828

Ask.com offers new privacy controls

Monday, December 10 2007 @ 06:15 PM EST Contributed by: PrivacyNews News Section: Internet & Computers

Hoping to establish itself as the Internet's least intrusive search engine, Oakland-based Ask.com is empowering people to prevent their search requests from being deposited in data banks.

The new privacy control, called "AskEraser," is scheduled to be unveiled Tuesday. When it's turned on, the safeguard purges a user's search requests from Ask.com's computers within a few hours. [Certainly no more than a few million... (and after copying them to another machine?) Bob]

Source - Mercury News



Interesting!

http://digg.com/general_sciences/Absolutely_Brilliant_Explanation_of_the_Workings_of_the_Mind

Absolutely Brilliant Explanation of the Workings of the Mind watch!

ted.com — In a wide-ranging talk, Vilayanur Ramachandran explores how brain damage can reveal the connection between the internal structures of the brain and the corresponding functions of the mind. He talks about phantom limb pain, synesthesia (when people hear color or smell sounds), and the Capgras delusion, when brain-damaged people believe...

http://www.ted.com/index.php/talks/view/id/184

Monday, December 10, 2007

Please note: This is a business model I did not come up with – but probably should have...

http://www.pogowasright.org/article.php?story=20071209183248224

Improving Your Credit Score By Buying Someone Else's

Sunday, December 09 2007 @ 06:32 PM EST Contributed by: PrivacyNews News Section: Businesses & Privacy

PogoWasRight.org note: this is perhaps a bit off-topic, but it is so wild that I thought it might be of interest to readers.

Check out this wild LA Times article about a San Diego company, TradeLine Solutions, Inc., that, for about $1200, effectively sells better credit scores to people with bad credit scores by putting their customers' names on paid-up mortgage loans. The company's website says its business model is "100% legal." But, according to the Times, the company's chief executive Ted Stearns concedes that other folks may not see it that way: "Are there people out there who are going to say that it's mortgage fraud?" Stearns asks. "Sure, there could be. " He goes on to say that though it's "possible" that his customers might face legal problems, but noted "that it is really hard to enforce the law."

Source - Consumer Law & Policy Blog



I believe this area would support several business models. All based on the original Rothschild model.

http://www.bespacific.com/mt/archives/016762.html

December 09, 2007

CRS Report - Open Source Intelligence

Via OpenCRS - CRS Report, Open Source Intelligence (OSINT): Issues for Congress, December 5, 2007 (27 pages, PDF).

  • "Open source information (OSINT) is derived from newspapers, journals, radio and television, and the Internet. Intelligence analysts have long used such information to supplement classified data, but systematically collecting open source information has not been a priority of the U.S. Intelligence Community (IC). In recent years, given changes in the international environment, there have been calls, from Congress and the 9/11 Commission among others, for a more intense and focused investment in open source collection and analysis. However, some still emphasize that the primary business of intelligence continues to be obtaining and analyzing secrets. The collection and analysis of OSINT information will be ultimately judged by its contribution to the overall intelligence effort. Collecting information from open sources is generally less expensive and less risky than collection from other intelligence sources. The use of OSINT may result not only in monetary savings but also in less risk than utilizing sensitive technical and human sources. OSINT can also provide insights into the types of developments that may not be on the priority list for other systems or may not be susceptible to collection through other intelligence approaches — innovative applications of new technologies, shifts in popular attitudes, emergence of new political and religious movements, growing popular discontent, disillusionment with leadership, etc. Supporters of OSINT maintain that the future contribution of the Intelligence Community will be enhanced by its ability to provide detailed information and incisive analyses of such developments."



Yes, we know this – but there are some funny (because they happened to someone else) examples.

http://slashdot.org/article.pl?sid=07/12/10/0726251&from=rss

Corporations Face Problems with Employee Emails

Posted by Zonk on Monday December 10, @02:42AM from the think-before-you-send-is-a-great-adage dept. Communications Businesses

TwistedOne151 writes "Law.com has an article outlining how the casual attitude of many employees toward work e-mails has resulted in some thorny problems for corporate in-house counsel. 'It has now become routine even in civil investigations for computers to be subpoenaed so lawyers can look at e-mails and hard drives. And one thing always leads to another. "We have forensic software that shows multiple levels of deletions. It shows thought processes. We can learn far more than from just a document alone," said [Scott] Sorrels. "E-mails have taken over the world."'"



Getting Junior his first guitar?

http://www.killerstartups.com/Web20/ShowMeHowToPlaycom---Learn-How-To-Play-An-Instrument/

ShowMeHowToPlay.com - Learn How To Play An Instrument

ShowMeHowToPlay.com is a site that helps you learn an instrument online.

http://www.showmehowtoplay.com/



Remember, this is how Woody Allen got his start.

http://www.killerstartups.com/Web20/Overtsreamnet---Giving-Your-Videos-Subtitles/

Overtsream.net - Giving Your Video's Subtitles

Overstream.net is a site where you can add subtitles and captions to any of the videos you find on YouTube, Google Video, MySpace video, and Daily Motion. OverStream.net is a great site that allows you to add subtitles in any language.

http://www.overstream.net/

Sunday, December 09, 2007

An interesting question. What test(s) will we apply? “All 'droids are created equal?” (Bad philosophy, good T-shirt)

http://www.technewsworld.com/rsstory/60651.html

Human After All: Ethical Questions and the Future of Robotics

Asia Pulse 12/09/07 4:00 AM PT

Dr. Caroline West, a senior lecturer in philosophy at Sydney University, says we should already be thinking about what will happen when humanoids develop the ability to reason and integrate into society. If humanoids become as intelligent and capable of feeling as humans, should they be given the same rights? The question cuts to the heart of what a "person" is.



I collect business models, but I think this one would be hard (not impossible) to replicate.

http://slashdot.org/article.pl?sid=07/12/09/0833232&from=rss

Making a Buck Online - Without Ads

Posted by Zonk on Sunday December 09, @03:27AM from the juggling-act dept.

A New York Times article hosted by C|Net looks at the unique position of the Consumer Reports website; they're one of the few online resources that gets by completely on subscription fees. They have no ads. One key seems to be valuing their online readers as much as their print readers - and charging both the same amount.

"The New York Times and the Los Angeles Times tried charging for some online content, then abandoned the practice. For a decade, however, Consumer Reports has charged Internet readers the same price as print subscribers, currently $26 a year (or $5.99 for a month's online access or $45 a year to get the magazine both in print and on the Web). While the rest of the industry sees print readers as more valuable--because advertisers do--Consumer Reports actually makes more money from readers on its Web site, because it avoids printing, trucking, and mailing costs."



If you are going to give in to holiday overeating, you might as well go for the gold...

http://digg.com/food_drink/Experiments_in_Deliciousness_Bacon_chocolate_chip_cookies

Experiments in Deliciousness: Bacon chocolate chip cookies

neverbashfulwithbutter.blogspo… — We all know bacon is a miracle food, but does it even improve chocolate chip cookies?

[Article with recipe: http://neverbashfulwithbutter.blogspot.com/2007/12/experiments-in-deliciousness-bacon.html

[Commentary on Bacon: http://www.youtube.com/watch?v=IVKJpkq-wNo