I was unable to tell from the article if there was a third party (storage provider) involved, but experience suggest if there were, they would have been blamed for the “error” They did blame the government for requiring offsite backup. They made no mention of encryption.
http://www.phiprivacy.net/?p=557
Jul-22-2008
UK: Littleborough surgery’s patient records stolen
Thousands of patient records [on a backup tape Bob] have been stolen while they were in storage at an unknown location in the Rochdale area.
The data, belonging to 3,500 patients from Trinity Medical Centre on Winton Street in Littleborough, was taken during a burglary on 12 July.
The stolen records contained personal details and full medical history of patients, which includes names and address and dates of birth of patients.
Full story - Rochdale Online
[From the article:
A spokesman for the Heywood, Middleton and Rochdale Primary Care Trust said that this was an isolated incident and they have written to the patients affected to say that it would be 'extremely difficult' for anyone to access the patient records without a password and login details. [One does not “logon” to a reel of tape. Bob]
... "Following consultation with the IT system suppliers, we believe that it would be extremely difficult for anyone to access or use data. [Translation:You would need a tape drive Bob]
I think I'll try to have one of my students write a paper on the process used to detect access to a computer. As far as I know, you can't make a statement like this with any certainty.
http://www.pogowasright.org/article.php?story=20080722161102922
Stolen Indiana State laptop returned to professor
Tuesday, July 22 2008 @ 04:11 PM EDT Contributed by: PrivacyNews
Indiana State University officials say a computer stolen from a professor has been returned and none of its personal student information was accessed.
School spokesman Dave Taylor said Tuesday the laptop computer was mailed anonymously to the professor, who received it Friday, six days after it was stolen along with other personal items.
Source - WLFI
At last we get some details...
San Francisco's mayor gets back keys to the network
IT administrator Terry Childs is in jail for previously refusing to hand over the admin passwords to the city's multimillion dollar WAN
By Robert McMillan and Paul Venezia, IDG News Service July 23, 2008
... Childs' attorney has asked the judge to reduce Childs $5 million bail bond, describing her client as a man who felt himself surrounded by incompetents and supervised by a manager who he felt was undermining his work.
"None of the persons who requested the password information from Mr. Childs ... were qualified to have it," she said in a court filing. [Not an actual detail, but amusing and he may have a point (see below) Bob]
... He also found that Childs had configured several of the Cisco devices with a command that would erase critical configuration data in the event that anyone tried to restore administrative access to the devices, [a Cisco feature Bob] something Ramsey saw as dangerous because no backup configuration files could be found. [Unforgivable (and impossible if management was doing its job) Bob]
... But without access to either Childs' passwords or the backup configuration files, administrators would have to essentially re-configure their entire network, an error-prone and time-consuming possibility, Chase said. "It's basically like playing 3D chess," he said. "In that situation, you're stuck interviewing everybody at every site getting anecdotal stories of who's connected to what. And then you're guaranteed to miss something." [This goes beyond missing backups to a complete lack of documentation! Bob]
Government has a duty... At least Europe agrees with me. Perhaps we (the US) will get to this point in twenty or thirty years...
http://www.out-law.com/page-9287
Data blunders can breach human rights, rules ECHR
OUT-LAW News, 22/07/2008
The European Court of Human Rights has ordered the Finnish government to pay out €34,000 because it failed to protect a citizen's personal data. One data protection expert said that the case creates a vital link between data security and human rights.
The Court made its ruling based on Article 8 of the European Convention on Human Rights, which guarantees every citizen the right to a private life. It said that it was uncontested that the confidentiality of medical records is a vital component of a private life.
... The woman in the case did not have to show a wilful publishing or release of data, it said. A failure to keep it secure was enough to breach the Convention. [Or as that eminent Philosopher Forrest Gump said, “Stupid is as stupid does” Bob]
A Finnish woman worked in an eye clinic where she also received treatment, having been diagnosed as having AIDS.
The woman began to suspect that news of her disease had spread to other employees and asked to be shown who had accessed her medical records and when. The health authorities only kept a note of the last five people to have accessed a record.
... The Court recognised that the Finnish courts did not find in I's favour because she could not prove that her record had been misused, but said that "to place such a burden of proof on the applicant is to overlook the acknowledged deficiencies in the hospital’s record keeping at the material time." [YES! Bob]
"It is plain that had the hospital provided a greater control over access to health records … the applicant would have been placed in a less disadvantaged position before the domestic courts," the Court said. "For [this] Court, what is decisive is that the records system in place in the hospital was clearly not in accordance with the legal requirements."
Related? Do banks have a duty? NOTE: This study is based on data from 2006. This is ancient history, but I suspect some of the problems noted will have never been repaired or have been reintroduced.
http://www.pogowasright.org/article.php?story=20080722111747794
U of M Study: Most Bank Web Sites Flawed
Tuesday, July 22 2008 @ 11:17 AM EDT Contributed by: PrivacyNews
A new University of Michigan study finds that more than 75 percent of bank websites had at least one design flaw that could make customers vulnerable to cyber crooks.
Atul Prakash, a professor in the Department of Electrical Engineering and Computer Science, along with a pair of doctoral students, examined the Web sites of 214 financial institutions in 2006.
Source - WWJ
Interesting because Fifth Third also handled TJX card processing...
http://www.pogowasright.org/article.php?story=20080722111245378
Bank Back On Hook For Data Theft At BJ's Wholesale
Tuesday, July 22 2008 @ 11:12 AM EDT Contributed by: PrivacyNews
An appeals court reversed a lower court ruling absolving Fifth Third Bancorp from paying damages associated with replacing credit cards.
Source - InformationWeek
[From the article:
Fifth Third provided credit card processing services to BJ's. In its initial complaint, PSECU argued that Fifth Third bore some liability for the data breach because it failed to properly train the retailer's staff in proper security procedures.
... At one point, the case involved IBM. BJ's Wholesale sought to recover some of its losses from the computing giant, claiming that when it upgraded card-processing software, it told IBM to deactivate a feature that retains magnetic strip data so that a transaction can be processed offline. [First mention of this. I guess they didn't bother to check before they approved the upgrade... Bob] It's that data that was hacked.
Amusing article, but I can make up excuses too:
...because he' not second class trash, that's why
...because he approves our budget
...because we aren't supposed to have that video
...because we might look dumb
City still refusing to release McIver arrest video
03:23 PM PDT on Wednesday, July 16, 2008
By BERNARD CHOI / KING5 News
SEATTLE - Once again, the City of Seattle is refusing to release a video that recorded the arrest of a current city councilmember. In one month, the City of Seattle has given KING5 News no less than four different explanations why it will not release the video. The reasons range from privacy concerns to the video was nowhere to be found.
But, it's for the children!
http://www.pogowasright.org/article.php?story=20080722115801299
Spy cameras in students’ homes?
Tuesday, July 22 2008 @ 11:58 AM EDT Contributed by: PrivacyNews
Tucked away in a 1,200-page bill now in Congress is a small paragraph that could lead distance-education institutions to require spy cameras in their students’ homes, [Overstating it a bit, but the article points out a few potential problems Bob] writes Andrea L. Foster in Chronicle of Higher Education.
It sounds Orwellian, she says, “but the paragraph - part of legislation renewing the Higher Education Act - is all but assured of becoming law by the fall” and, “No one in Congress objects to it.
Source - p2pnet.net
[From the article:
The paragraph is actually about clamping down on cheating, says New Systems Keep a Close Eye on Online Students at Home.
It says an institution offering an online program, “must prove that an enrolled student is the same person who does the work” and, “Already, the language is spurring some colleges to try technologies that authenticate online test takers by reading their fingerprints, watching them via Web cameras, or recording their keystrokes. Some colleges claim there are advantages for students: The devices allow them to take tests anytime, anywhere.”
... But some college officials are wary of the technologies, noting that they are run by third-party vendors that may not safeguard students’ privacy. Among the information the vendors collect are students’ fingerprints, and possibly even images from inside their homes.
Related? How long should you argue that a poorly written law is okay?
http://yro.slashdot.org/article.pl?sid=08/07/22/2043228&from=rss
COPA Suffers Yet Another Court Defeat
Posted by kdawson on Tuesday July 22, @05:41PM from the let-it-die-already dept.
A US federal appeals court today struck down COPA, the Child Online Protection Act, a Clinton-era censorship law that the Justice Department has been struggling to get implemented for a decade. (The ACLU filed suit as soon as COPA was signed in 1998 and won an immediate injunction.) The battle has made it to the Supreme Court twice, and the DoJ has essentially never gotten any satisfaction out of the courts. This was the case for which the DoJ famously went trolling for search histories. In the ruling issued today, the 3rd US Circuit Court of Appeals upheld a lower-court ruling that COPA violates the First Amendment because it is not the most effective way to keep children from visiting adult Web sites. [The court cares about effectiveness? I gotta read this one... Bob] The law would require sites to check visitors' ages, e.g. by taking a credit card, if the site contained any material that is "harmful to minors," whatever that means.
Related Links to the ruling...
http://www.bespacific.com/mt/archives/018850.html
July 22, 2008
CDT Applauds Appeals Court Ruling In COPA Case
"The 3rd U.S. Circuit Court of Appeals today upheld a lower court ruling striking down the controversial Child Online Protection Act (COPA) that required Web operators to restrict access to large amounts of constitutionally protected speech. COPA placed severe restrictions on a wide range of legal, socially valuable speech, including content relating to sexual identity, health and art. CDT, which has filed friend-of-the-court briefs opposing COPA and supporting parental empowerment technology, applauds the ruling. July 22, 2008.
3rd U.S. Circuit Court of Appeals Decision in COPA [PDF] July 22, 2008
Related postings on COPA and articles from LLRX.com
Related? Will all this activity result in more poorly crafted “technology” law?
http://www.pogowasright.org/article.php?story=20080723053256341
ISP Justifies, But Doesn't Explain Secret Customer Eavesdropping
Wednesday, July 23 2008 @ 05:32 AM EDT Contributed by: PrivacyNews
Just last week, a trio of powerful federal lawmakers asked the large ISP Embarq to answer questions about the company's secret testing of technology that spied on its customers' web habits in order to serve them targeted advertisements.
... Most of the letter consisted of Embarq -- an ISP -- trying to convince the lawmakers that total online awareness of its paying customers complied with the Federal Trade Commission's proposed rules about behavioral advertising and longstanding privacy rules.
Source - Threat Level blog
Related - Ars Technica: Embarq: Don't all users read our 5,000 word privacy policy?
[From the article:
Embarq - a Fortune 500 telecom provider -- looked to escape the wrath of the trio, explaining that its test of technology from NebuAd was small and that it added a paragraph to its privacy policy to let its customers know about the test. [Because every customer checks the Privacy Policy every day! Bob]
We are starting to see some hints alluding to a possible future proposal relative to suggested directions for eventually “doing something” to improve intelligence sharing, maybe.
http://www.bespacific.com/mt/archives/018849.html
July 22, 2008
Intel Community Releases "Vision 2015: A Globally Networked and Integrated Intelligence Enterprise"
Vision 2015: A Globally Networked and Integrated Intelligence Enterprise: "Vision 2015 expands upon the notion of an Intelligence Enterprise, first introduced in the National Intelligence Strategy and later in the 100 and 500 Day Plans. It charts a new path forward for a globally networked and integrated Intelligence Enterprise for the 21st century, based on the principles of integration, collaboration, and innovation.
"By 2015, a globally networked Intelligence Enterprise will be essential to meet the demands for greater forethought and improved strategic agility. The existing agency-centric Intelligence Community must evolve into a true Intelligence Enterprise established on a collaborative foundation of shared services, mission-centric operations, and integrated mission management, all enabled by a smooth flow of people, ideas, and activities across the boundaries of the Intelligence Community agency members. Building such an Enterprise will require the sustained focus of hard-nosed leadership. Services must be shared across the entire spectrum, including information technology, human resources, security, facilities, science and technology, and education and training."
Something for the toolkit?
http://www.killerstartups.com/Web-App-Tools/woxikon-com-multilingual-translator
Woxikon.com - Multilingual Translator
Woxkion is an online translator and multi-language dictionary. Users enter in a word into the translation search field, or search a word listed alphabetically in the chosen language dictionary. Once they select to translate the word, the user is provided with the translation in eight languages.
Signs of a trend? Easily explained. Every time Baen adds a free book to its online library, sales of that book go up.
http://news.cnet.com/8301-13512_3-9997186-23.html?part=rss&subj=news&tag=2547-1_3-0-5
July 23, 2008 5:01 AM PDT
Free ebooks-- some for a limited time only
Posted by Peter Glaskowsky
A friend of mine told me recently about tor.com, a new site managed by Tor Books, part of the Macmillan publishing group.
There's something cool going on there for just the next few days, and if you've bought Amazon's Kindle or Sony Reader-- or just like to read ebooks on your laptop, cellphone, or other system-- you'll want to scoot right over to the "Freebies Bonanza" page.
There you'll find 24 free ebooks and a collection of downloadable high-res cover art suitable for use as computer desktop backgrounds.
... This content will only be available through July 27, so don't delay, download today.
... Tor and its authors are following a path blazed most notably by Baen Books. The Baen Free Library has been giving away free ebooks for years, attracting considerable attention in the publishing industry and-- more importantly-- lots of extra business for Baen's participating authors.
Will this become an instant collectors item?
http://www.technewsworld.com/rsstory/63900.html
Esquire to Put Digital Moving Pix on Mag Cover
By Walaika Haskins TechNewsWorld 07/22/08 1:18 PM PT
To celebrate the 75th anniversary of Esquire magazine, the publication's editors plan to release 100,000 copies of its October 2008 edition with a cover made of electronic paper.
No comments:
Post a Comment