Sunday, March 16, 2008

Close to home, but discovered only when they notified the New Hampshire AG. Who says no one learned from TJX...

http://www.pogowasright.org/article.php?story=20080315101134617

Server stolen from Starling Insurance contained customers's personal information

Saturday, March 15 2008 @ 10:11 AM EDT Contributed by: PrivacyNews News Section: Breaches

A server stolen from the locked offices of Colorado-based Sterling Insurance and Associates contained names, addresses, and Social Security numbers, dates of birth, driver's license numbers, and/or account information for an unspecified number of customers. The type of information varied by customer.

In its March 5th notification letter to the New Hampshire Department of Justice, Ray Starling, the president of the firm, did not indicate when the password-protected server was stolen.

Those whose were affected were notified by letter dated March 5th and offered free credit monitoring for two years.

Source - Starling Insurance & Associates Notification to NH DOJ [pdf]



I'm sure the paper is interesting but my question is: Where did they get 30 billion conversations to analyze?

http://www.news.com/8301-13953_3-9894881-80.html?part=rss&subj=news&tag=2547-1_3-0-5

March 15, 2008 2:35 PM PDT

Proof of six degrees of separation

Posted by Dan Farber

In a research paper from June 2007, titled "Worldwide Buzz: Planetary-Scale Views on an Instant-Messaging Network (PDF)," Eric Horvitz of Microsoft Research and Jure Leskovec of Carnegie Mellon University analyzed 30 billion conversations among 240 million people using Microsoft Instant Messenger in June 2006. It turned out that the average path length, or degree of separation, among the anonymized users probed was 6.6.



There is a simple post on this article ( http://www.pogowasright.org/article.php?story=20080315133253395 ) but I found the editorial more amusing... (It seems one of our themes today is Customized Law...)

http://www.pogowasright.org/article.php?story=20080315144740774

Editorial: Virginia plays "shoot the messenger" and targets a privacy advocate

Saturday, March 15 2008 @ 02:47 PM EDT Contributed by: PrivacyNews News Section: State/Local Govt. A PogoWasRight.org editorial:

The Associated Press reports that in order to stop a privacy activist from posting Social Security numbers on her web site that she finds on her state's own web pages, Virginia has enacted the Personal Information Privacy Act. The law makes it illegal to "intentionally communicate an another individual's social security number to the general public." The Commonwealth might have more accurately named the bill the "My God, Stop BJ Ostergren Act of 2008." Their bill has little to do with promoting privacy of personal information and more to do with protecting themselves from embarrassment.

The bill, already signed into law by Governor Kaine, makes it clear that it is perfectly fine for the Commonwealth of Virginia to intentionally communicate millions of individuals' social security numbers to the general public on their web pages or as required by their laws, but it is not okay for anyone who actually sees or obtains a SSN from the state's web site to then publish it on their own web site or to (further) share it with the general public. The legislature has its collective head up its search engine if it does not already realize that whereas Ms. Ostergren generally publishes a few "celebrity" SSN to get public attention to her issue, nothing stops cybercriminals from downloading and sharing all of the SSN that Virginia continues to make easily available. If Virginia is serious about protecting the privacy of personal information, it will stop making it available on their web pages.

On her own web site, The Virginia Watchdog, Ostergren takes the Commonwealth to task over the constitutional issues and her rights as she sees them. The ACLU of Virginia has also gotten involved in this case. ACLU of Virginia Executive Director Kent Willis summarized the issue nicely when he said, “The ACLU is a staunch supporter of laws that prevent the government from allowing Social Security Numbers to appear on publicly accessible websites, but the government can’t put the numbers online and then turn around prevent the public from using those numbers.”

In an April 2007 commentary on Ostergren's tactics in Chronicles of Dissent, I disagreed with her tactics in publishing SSN on her web site. But my objection to her tactics were based on personal ethics. I never suggested and do not believe that she has done anything illegal. Nor do I think that making it illegal to republish information obtained from a state web site where the data have been intentionally made public is constitutional or right.

It is to the Commonwealth's great shame that rather than redacting or protecting SSN properly, they continue to grant themselves permission to put citizens at risk of ID theft while enacting laws to stop one person from advertising their foolishness.

-- Dissent



Always amusing... Perhaps related to the articles that follow?

http://www.pogowasright.org/article.php?story=2008031512245031

Article: Privacy Decisionmaking in Administrative Agencies

Saturday, March 15 2008 @ 12:24 PM EDT Contributed by: PrivacyNews News Section: Other Privacy News

Bamberger, Kenneth A. and Mulligan, Deirdre K., "Privacy Decisionmaking in Administrative Agencies" . University of Chicago Law Review, Vol. 75, No. 1, p. 75, 2008 Available at SSRN: http://ssrn.com/abstract=1104728

Abstract:

Administrative agencies increasingly rely on technology to achieve substantive goals. Often this technology is employed to collect, exchange, manipulate and store personally identifiable information, raising serious concerns about the erosion of personal privacy.

Congress has recognized this problem. In the E-Government Act of 2002, it required administrative agencies to conduct privacy impact assessments (PIAs) when developing or procuring technology systems that handle personal information. Despite this new requirement, however, agency adherence to privacy mandates is highly inconsistent.

In this paper, we ask why. We first explore why both process requirements and traditional means of political oversight are often weak tools for ensuring that policy reflects privacy commitments. We then consider what factors might, by contrast, promote agency consideration of privacy concerns.

Specifically, we compare decisions by two federal agencies - the Department of State and the Department of Homeland Security - to use RFID technology, which allows a wireless-access data chip to be attached to or inserted into a product, animal, or person. These two cases suggest the importance of internal agency structure, culture, and personnel, as well as alternative forms of external oversight, interest group engagement, and professional expertise, as important mechanisms for ensuring bureaucratic accountability to the secondary privacy mandate imposed by Congress.

The analysis speaks to debates in both public administration and privacy protection. It implicates disputes over the efficacy of external controls on bureaucracy, and the less-developed literature on opening the black box of administrative decisionmaking. It further offers insight into pre-conditions necessary to advance privacy commitments in the face of social and bureaucratic pressure to manage risk by collecting information about individuals. Finally, it offers specific proposals for policy reform intended to promote agency accountability to privacy goals.

Free full-text article available at SSRN ; free reg. required.



Like the strategic goals of many governments, 1984 came later than originally planned...

http://www.phiprivacy.net/?p=102

Mar-16-2008

UK: Put young children on DNA list, urge police

Mark Townsend and Anushka Asthana write in The Observer:

Primary school children should be eligible for the DNA database if they exhibit behaviour indicating they may become criminals in later life, [Like breathing or having parents that vote conservative... Bob] according to Britain’s most senior police forensics expert.

Gary Pugh, director of forensic sciences at Scotland Yard and the new DNA spokesman for the Association of Chief Police Officers (Acpo), said a debate was needed on how far Britain should go in identifying potential offenders, given that some experts believe it is possible to identify future offending traits in children as young as five.


Related? (What hath Spitzer wrought?) This is where everyone (male and female) names the ministers who proposed this policy.

http://www.pogowasright.org/article.php?story=20080315093005550

AU: Ministry staff told to reveal details of sex life

Saturday, March 15 2008 @ 09:30 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

MINISTERIAL staff in the Rudd government are being forced to list their history of sexual partners, reveal extra-marital affairs and detail homosexual experiences before gaining security clearance.

More than 300 ministerial and electorate staffers have been ordered to fill in a 25-page form and attend an in-depth interview into their personal finances, drug habits and sexual history before gaining high-level security clearance.

Senior staff say they have been told the security form is designed to protect them from blackmail.

But several have told The Sunday Telegraph they were affronted at the personal information they had been forced to divulge.

Friends are also interviewed, and information about drug use and sexual history is cross-checked.

Source - news.com.au



I would call this “Get out of jail free” rule if it was directed at industries or other non-governmental groups. As it is, consider it business as usual. After all, which is easier: Solving a problem or Writing a rule that says it's not a problem? Is it a problem?

http://www.pogowasright.org/article.php?story=20080315125501409

OH: Plans to hide court records cut back

Saturday, March 15 2008 @ 12:55 PM EDT Contributed by: PrivacyNews News Section: State/Local Govt.

Birthdays, home addresses and the last four digits of Social Security numbers of people whose names show up in court files likely will remain public information, after an Ohio Supreme Court panel yesterday backed away from plans to close off the records.

The judge-dominated panel rolled back much of the secrecy that it had proposed for court records across Ohio last year. Those proposed changes -- which court officials said were spurred by fears of identity theft -- drew sharp protests from media organizations, private investigators and other advocates of open court records.

Source - Columbus Dispatch



Perhaps we'll see another custom law?

http://yro.slashdot.org/article.pl?sid=08/03/15/2021257&from=rss

Wikileaks Publishes FBI VoIP Surveillance Docs

Posted by CmdrTaco on Saturday March 15, @06:40PM from the watching-the-watchers dept. Communications United States

An anonymous reader writes

"The folks on wikileaks have published a new interesting and shocking report: FBI Electronic Surveillance Needs for Carrier-Grade Voice over Packet (CGVoP) Service. The 88 paged document, which is part of the CALEA Implementation Plan was published in January 2003 and describes in detail all needs for surveillance of phone calls made via data services like the internet. Wikileaks has not published any analysis yet, so maybe some of the techies hanging around this end of the internet are interested in taking that one on."



Lots of fun quotes!

http://www.bespacific.com/mt/archives/017819.html

March 15, 2008

The Diverse and Exploding Digital Universe

The Diverse and Exploding Digital Universe, An Updated Forecast of Worldwide Information Growth Through 2011, March 2008, By International Data Corporation.

  • "In this companion to last year's EMC-sponsored white paper, IDC again calibrates the size (bigger than first thought) and the growth (faster than expected) of the digital universe through 2011. IDC also explores new dimensions of the digital universe (e.g., the impact of specific industries on the digital universe; your digital shadow) and discusses the implications for individuals, organizations, and society. The tools are in place—from Web 2.0 technologies and terabyte drives to unstructured data search software and the Semantic Web—to tame the digital universe and turn information growth into economic growth."



Anything new?

http://yro.slashdot.org/article.pl?sid=08/03/15/1915249&from=rss

Class Action Complaint Against RIAA Now Online

Posted by CmdrTaco on Saturday March 15, @05:35PM from the stuff-to-read-if-you're-insane dept. The Courts

NewYorkCountryLawyer writes

"Recommended reading for all interested in the RIAA's litigation war against p2p file sharing is the amended class action complaint just filed in Oregon in Andersen v. Atlantic. This landmark 109-page document (pdf) tells both the general story of the RIAA's campaign against ordinary folks, and the specific story of its harassment of Tanya Andersen, and even of her young daughter. The complaint includes federal and state RICO claims, as well as other legal theories, and alleges that "The world's four major recording studios had devised an illegal enterprise intent on maintaining their virtually complete monopoly over the distribution of recorded music." The point has been made by one commentator that the RIAA won't be able to weasel its out of this one by simply withdrawing it; this one, they will have to answer for. If the relief requested in the complaint is granted, the RIAA's entire campaign will be shut down for good."



Another use for the logs no one seems to keep. If you have 200 logons from the same IP address, get suspicious! (Even criminals can outsource...)

http://www.theregister.co.uk/2008/03/14/captcha_serfs/

Russian serfs paid $3 a day to break CAPTCHAs

Semi-automated attack or chain-mail gang

By John Leyden Published Friday 14th March 2008 17:54 GMT

Why should miscreants bother to develop cutting edge programming techniques when they can pay $3 to somebody to set up spam-ready webmail accounts on their behalf? Evidence has emerged that people as well as malware are being used to defeat CAPTCHAs, challenge-response systems that are often used to stop the automatic creation of webmail accounts by spammers.

CAPTCHAs typically help ensure that online accounts can't be created until a user correctly identifies letters depicted in an image. The tactic is designed to frustrate the use of automated sign-up tools by spammers and other miscreants.

Over recent months security firms have reported that first the Windows Live CAPTCHA used by Hotmail, and later the equivalent system at Gmail, have been broken by automated attacks.

... Google's contention that low-wage workers are been paid to break watchers is supported by anecdotal evidence unearthed by Websense, which has been active in researching the issue over recent months. The firm found Russian language documents instructing modern day serfs on the art of CAPTCHA breaking.



Beware the living Tux! (Another USB toy)

http://hardware.slashdot.org/article.pl?sid=08/03/15/2244250&from=rss

Hacking the Tux Droid

Posted by Zonk on Saturday March 15, @07:33PM from the cutest-robot-ever dept. Hardware Hacking Robotics

Rockhopper writes

"Ars Technica has a combo review/hack guide for the Tux Droid, a programmable penguin. 'Tux is completely programmable at practically every level, and all of the source code of the firmware and software used by the droid is available from Kysoh's version control repository. There are several ways to program the droid's behavior, ranging from modifying the firmware to coding a gadget in Python.' There's a sample Python script that will cause Tux to speak IRC messages out loud when the user's name is mentioned."

No comments: