Saturday, February 09, 2008

The most difficult task for management is implementing “lessons learned.”

Lost thumb drive contains some BJ's employee names and SSN

Friday, February 08 2008 @ 09:17 AM EST Contributed by: PrivacyNews News Section: Breaches

On January 15th, BJ's Wholesale Club sent the New Hampshire DOJ a copy of a notification letter to employees. The letter indicates that an employee who was working on updating a list of participants in the firm's tuition reimbursement programs lost the external back-up drive that contained names and Social Security numbers. The drive was last used on December 31st and noticed as missing on January 3.

The company has arranged for free credit monitoring for those affected and notes that it is recalling all mobile storage devices and replacing them with encrypted, password-protected drives.

Source - BJ's Notification Letter to New Hampshire DOJ [pdf]

[BJ's has been mentioned before...

Raleigh, N.C., BJ's Wholesale Club Credit Card Holders Told to Eye Statements.

From: News & Observer (Raleigh, NC) Date: March 24, 2004

How silly of us! Of course it wasn't done to obstruct the investigation.

D.C.: 2 Computer Servers Taken Out With Trash

Friday, February 08 2008 @ 09:33 AM EST Contributed by: PrivacyNews News Section: Breaches

Two large computer servers belonging to the Washington D.C. tax office [D.C. Office of Tax and Revenue] have been found in an alley next to a commercial trash compactor. The office is at the center of a corruption scandal.

.... The Washington Post reports that federal investigators want to examine the servers for possible evidence in a case involving the embezzlement of more than $20 million in bogus property tax refunds. Two former tax office employees are among 10 people arrested in the case.

Authorities also want to know if the servers contain any personal information about the city's taxpayers.

Source - CBS News

“Ve know vere you are. Ve know vere you have been. Ve know everything!” If it was allowed because the technology wasn't very good, shouldn't it be dis-allowed when the technology matures?

Police Blotter: E911 rules aid police in tracking cell phones

By Declan McCullagh Story last modified Fri Feb 08 16:14:02 PST 2008

Police Blotter is a weekly report on the intersection of technology and the law.

What: Minnesota man charged with alien smuggling says data from a location tap of his T-Mobile phone should not be used against him in court.

When: U.S. District Judge Paul Magnuson in Minnesota rules on January 31.

Outcome: Prosecutors can use location information.

What happened, according to court documents:

Federal prosecutors have been arguing that they should be able to track the locations of Americans through their cell phones without showing any evidence of criminal activity--in legalese, no "probable cause"--because cell-tracking technology is not that precise. Police Blotter was the first to report on this trend nearly three years ago.

In one case in Texas, for instance, prosecutors claimed in a legal brief (PDF) that: "It is true that cell-site data provides information about the location of a cell phone user. However, cell phones do not permit the detailed continuous tracking of movement..."

That was then. Now that the Federal Communications Commission's E911 requirements have led to the adoption of assisted GPS and triangulation through cellular towers, "detailed continuous tracking of movement" has become commonplace. (The Sprint Navigation and Verizon's VZ Navigator feature are two examples.)

An interesting resource? (I've even translated it from the New Zealand-ish)

NZ: Cellphones, computers in privacy law review

Friday, February 08 2008 @ 10:55 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

The Law Commission has launched the first phase of a four-stage investigation into privacy that will end with proposals to change the 1993 Privacy Act, which was passed when the Internet was in its infancy and before it was possible to take pictures from cellphones.

The first stage, Privacy Concepts and Issues, made public yesterday, outlines the values surrounding privacy and examines the impact of technology and other areas.

Source - Stuff

Related: This study paper is the outcome of stage 1 of the Law Commission’s Review of Privacy, and provides background for the later stages. It establishes a conceptual framework for the Review; examines social attitudes, technological developments, and international trends relating to privacy; and looks at some particular issues that will be discussed in more detail in the later stages of the Review. It does not include recommendations. Privacy Concepts and Issues - NZLC SP 19 [pdf]

Related What would happen if my students were required to pick a politician and find out everything they could?

The Anonymity Experiment

Friday, February 08 2008 @ 12:46 PM EST Contributed by: PrivacyNews News Section: Other Privacy News

During a week of attempting to cloak every aspect of daily life, our correspondent found that in an information age, leaving no trace is nearly impossible

Source - Popular Science

Can you see the hacking potential here? (Scan your check, deposit it, modify the amount and check number, repeat...)

New Tech Lets Customers Make Bank Deposits Without Leaving Home

By Jim Offner E-Commerce Times Part of the ECT News Network 02/07/08 10:36 AM PT

CheckFree's Remote Deposit Capture system has some hurdles to clear even though in the long run the technology will be a boon to consumers, said Ed Kountz, a senior analyst with JupiterResearch. However, "over the short term, of course, it allows the consumer to basically deposit a check, as long as you have a scanner, a PC and an Internet connection, and that's certainly a positive."

Outsourcing without off-shoring.

Barclays turns U.S. call center over to Indian outsourcer

Barclays' credit card business in the U.S. signs a five-year deal worth as much as $80 million with Indian outsourcer Firstsource Solutions to run a call center in Colorado

By John Ribeiro, IDG News Service February 08, 2008

Barclays' credit card business in the United States has struck a five-year deal with Indian outsourcer Firstsource Solutions to run a call center in Colorado Springs, Colo.

The value of the deal could be as much as $80 million, according to a notice on Friday sent by Firstsource to the Bombay Stock Exchange.

Interesting. An aggregation of existing (bet the school didn't know about these) podcasts. Perhaps my students would like to create something like this...

Indiana University launches

FOR RELEASE Feb. 4, 2008

BLOOMINGTON, Ind. --, an online gateway for audio and video podcasts from IU faculty and staff and various departments and groups from all of IU's campuses, will be launched publicly on Feb. 4. The user-friendly podcast portal will pull together a variety of contributed content, including lectures, music, radio broadcasts, performances and student profiles, on one convenient home page.

Worth mentioning to my e-commerce students.

Yahoo Tempts SMBs with All-You-Can-Eat Hosting Buffet

By Karen D. Schwartz 2008-02-08

The new Yahoo Web Hosting offers unlimited disk space, Web site design tools, 1,000 e-mail accounts and more.

Yahoo has sweetened the pot for small and midsize businesses with an all-you-can-eat plan.

On Feb. 6, Yahoo introduced a flat-rate Web hosting plan called Yahoo Web Hosting. The monthly price of $11.95 includes unlimited disk space, data transfer and e-mail storage, as well as Web site design tools, a free domain name, 1,000 personalized e-mail accounts and live 24/7 customer support.

Because I love lists like this...

10 great free downloads for your network — Whether you've got a home network, small network, enterprise network or anything in between, these 10 freebies can make it more secure, run better and easier to manage. They're useful, easy to learn ... and you certainly can't beat free

Friday, February 08, 2008

I'd have to ask if they even had a strategy.

(update) Missing laptop has workers', patients' personal data

Thursday, February 07 2008 @ 09:48 AM EST Contributed by: PrivacyNews News Section: Breaches

The identity theft risk from a stolen Wake County EMS laptop is far worse than originally estimated [Very common. Bob] and could include personal information about patients, firefighters and paramedics from across the county.

New numbers released today by Wake County place the number at 5,000 people whose personal information -- including Social Security numbers, addresses and ages -- was stored on a laptop that was missing for more than a week in January before county officials reported it stolen to WakeMed hospital police.

This figure includes more than 1,100 patients transported by county EMS ambulances and their contracted first responders -- up from the original estimate of more than 800 patients.

Worse still, the laptop also included personal information of more than 3,400 EMS and firefighters from across the county [Why? Bob] -- including Wake County paramedics, contracted ambulance and paramedic outfits and firefighters.

Source - The News & Observer

[From the article:

The county has hired a third party consultant to help county employees track down the information. [Indication that they don't know what is on the laptop? Bob]

... Wake EMS uses laptops to streamline diagnostic and billing procedures for patients transported in the county's ambulances. [So why do they have information on non-patients? Bob]

I wouldn't normally get upset with convicts as victims (they have no rights, right?) but look where they computer was stolen form...

UK: Convict info on stolen laptop

Thursday, February 07 2008 @ 11:45 AM EST Contributed by: PrivacyNews News Section: Breaches

A LAPTOP holding information about convicted criminals has been stolen from a Magistrates’ Court, police confirmed today.

The theft from the Victoria Law Courts in Birmingham was reported on January 14, a spokeswoman for West Midlands Police said.

The laptop was stolen from an office at the court over the Christmas period, according to Her Majesty’s Courts Service (HMCS).

Source - The Sun

You're probably going to write one of these...

CSO In-Depth: The Dos and Don'ts of Disclosure Letters

Thursday, February 07 2008 @ 10:40 AM EST Contributed by: PrivacyNews News Section: Breaches

One security breach, two letters, 11 lessons in the art of telling customers you screwed up. Two PR pros deconstruct the messages that and USAJOBS were really giving to customers whose personal information had been disclosed.

Source - CSO

Interesting but not unexpected.

Technology, media firms overconfident, unprepared for breaches: Deloitte survey

Thursday, February 07 2008 @ 01:39 PM EST Contributed by: PrivacyNews News Section: Breaches

Media, technology and telecommunications industries are overconfident in their security postures and ill-prepared to handle breaches, according to a survey conducted by consulting firm Deloitte Touche Tohmatsu.

The 2007 Technology, Media and Telecommunications (TMT) Survey indicates that 46 percent of the more than 100 respondents have no formal information security strategy. However, 69 percent of the respondents surveyed said they're "very confident" or "extremely confident" in their abilities to deal with security challenges.

Source - SC Magazine

[Get your copy here:,1015,cid%253D186403,00.html

Another victory for the masked avenger!

California court bars unmasking of Web critic

Wed Feb 6, 2008 5:39pm EST

LOS ANGELES (Reuters) - A California appeals court on Wednesday said an anonymous Internet poster does not have to reveal his identity after being sued for making "scathing verbal attacks" against executives at a Florida company on a Yahoo! Inc message board.

... The appellate court concluded that while Doe 6's messages were "unquestionably offensive and demeaning," they could not be counted as defamation since they could not be considered assertions of fact.

Thursday, February 07, 2008

I fear this author has nailed it. Would other types of organization be so lucky? (see next article)

How TJX Avoided Wall Street's Wrath

The discount retailer allowed the biggest customer data breach in history, and yet Wall Street barely noticed. Why?

By Thomas Wailgum

... To retail analyst Paula Rosenblum, a managing partner with Retail Systems Research, the reason why TJX was able to escape unscathed is simple: TJX's customers didn't care, so why should Wall Street.

Enabling ubiquitous surveillance.

Privacy experts warn of 'ambient intelligence' risks

Wednesday, February 06 2008 @ 06:16 PM EST Contributed by: PrivacyNews News Section: Other Privacy News

A group of European technology researchers and academics has warned industry and policy makers of the privacy and security risks posed by gathering and using so-called "ambient intelligence" — data gathered from ubiquitous technology.

A book published on Thursday, Safeguards in a World of Ambient Intelligence, claims both customers and citizens could be alienated if information collected by embedded devices, such as RFID tags, as well as surveillance technologies, biometrics and communications devices, is not properly controlled.

Source - ZDNet

Thanks to Brian Honan for this link.

Is someone at war and forgetting to tell the press?

Fifth Cable Cut To Middle East

Posted by CmdrTaco on Wednesday February 06, @10:16AM from the now-wait-a-minute dept.

You may have noticed a number of stories recently about undersea cables getting cut around the world. Apparently the total is now up to 5, but the scariest part of this is that Iran is now offline. You can also read Schneier's comments on this coincidence. Update: 02/06 17:42 GMT by Z : As a commenter notes, though the country of Iran is obviously experiencing some networking difficulties, it is not offline.

On the other hand...

Cable Cut Fever Grips the Web

By Ryan Singel EmailFebruary 06, 2008 4:50:11 PM

Are underseas telecom cable cuts the new IEDs?

After two underwater cable cuts in the Middle East last week severely impacted countries from Dubai to India, alert netizens voiced suspicions that someone -- most likely Al Qaeda -- intentionally severed the cables for their own nefarious purposes, or that the U.S. cut them as a lead-in to an attack on Iran.

Then two more cables failed in the same area, one in a segment connecting Qatar to an island in the United Arab Emirates, and another in a link between Oman and the UAE. The former wasn't even a cut -- it was a power failure, but you can't keep a good conspiracy theory down; some news sites are even reporting incorrectly that Iran is cut off from the internet, and claiming that there's a fifth cut, which turns out to be an unexceptional cable failure from weeks ago.

... "Cable cuts happen on average once every three days," Beckert said. There are 25 large ships that do nothing but fix cable cuts and bends, Beckert adds.

... That said, even some security experts who early on dismissed suggestions of intentional sabotage are starting to get a little suspicious.

Take Columbia University Professor Steven Bellovin, a computer security and networking expert, for one:

As a security guy, I'm paranoid, but I don't understand the threat model here. On the other hand, four accidental failures in a week is a bit hard to swallow, too. Let's hope there will be close, open examination of the failed parts of the cables.

White Paper: Data Loss Prevention Best Practices

Wednesday, February 06 2008 @ 12:58 PM EST Contributed by: PrivacyNews News Section: Breaches

Abstract: (Source: Ironport) Data loss prevention (DLP) is a serious issue for companies, as the number of incidents (and the cost to those experiencing them) continues to increase. Whether it's a malicious attempt, or an inadvertent mistake, data loss can diminish a company's brand, reduce shareholder value, and damage the company's goodwill and reputation.

Source - Download from Computerworld (requires free reg.)

The world, she is a changin'

February 06, 2008

UN Information Economy Report 2007-2008

Information Economy Report 2007-2008 (386 pages, PDF): "The Information Economy Report 2008 - Science and technology for development: the new paradigm of ICT, analyses the current and potential contribution of information technology to knowledge creation and diffusion. It explores how ICTs help generate innovations that improve the livelihoods of the poor and support enterprise competitiveness. The report examines how ICTs affect productivity and growth and reflects on the need for a development-oriented approach to intellectual property rights in order to enable effective access to technology. ICT has also given rise to new models for sharing knowledge and collective production of ideas and innovations, known as "open access" models, which often bypass the incentive system provided by intellectual property rights."

Perhaps public data isn't public? (Why would I pay $8 per map when I can get them all for $20?)

West Virginia Tax Official Tries To Stop Website From Posting Public Tax Maps

from the follow-the-money dept

Paul Alan Levy writes "The county tax assessor in Charleston, West Virginia, has sued a local tech company that had the audacity to post public tax maps from the entire state of West Virginia on its web site. The company obtained the maps under the West Virginia Freedom of Information Act (FOIA) for a total charge of $20 for 28000 maps (the actual cost of copying electronic files to CDs). The tax assessor complains that she stands to lose the profit she makes by selling paper tax maps at $8 per sheet. Why should you care? If the county tax assesor wins her case, it could affect other Web sites and bloggers that make public government records available on the Internet." Apparently, what some people have a different idea of what "public" information means than others... especially when the government stands to profit from that information. While government documents cannot be covered by copyright, apparently some gov't officials feel that preventing their ability to profit off of that public data is illegal.

Boy, if I knew how to do anything I'd start a web site like these...

Ex-Googlers Launch Instructional Video Site Howcast, Raise $8 Million A Round

Erick Schonfeld

A New York City startup called Howcast is launching today that wants to be the YouTube of instructional videos.

... Howcast faces competition from Expert Village, 5min, and Instructables (even though the latter uses step-by-step images more than video).

Wednesday, February 06, 2008

Typical reaction by managers without a clue.

NE: Adams Central's Computers Hacked

Tuesday, February 05 2008 @ 10:08 AM EST Contributed by: PrivacyNews News Section: Breaches

A local school is left reeling after hackers access personal information in the school network.

Adams Central School Board President Tom Behmer said no student's information was hacked in the incident last week, but they are concerned because staff member's information was on the hard drive.

Source - NTV

[From the article:

They won't know how much information was hacked until State Patrol investigates, but staff notified their banks to make sure any personal information is secured.

... "It happens all the time," Steve Spencer, a network administrator, said. Spencer controls networking at KDS Internet Services in Grand Island. He said strealing information is easy once hackers find even a way in.

Steve says computers are vulnerable in three ways: no system security, like a firewall, viruses and weak passwords.

School Board President Tom Behmer said Adams Central had a firewall. [ to that other stuff, we don't know... Bob]

When you ask an entry level IT programmer to design and implement the system with no management supervision, here's what you get!

Couple: 'Security Breach' On Cell Phone Web Site

Tuesday, February 05 2008 @ 04:40 PM EST Contributed by: PrivacyNews News Section: Breaches

A San Diego woman is outraged after she discovered what she called a potentially disastrous security breach on her cell phone company's Web site.

Janet Daniels told NBC 7/39 her husband was among the thousands of customers of Nationlink Wireless, an authorized dealer for Nextel and Sprint, whose private information was on display. That includes San Diego cell phone users.

Daniels said they chose Nationlink Wireless because of their special Employee Value Program, which gives customers a discount if they purchase the cell phone through their employer.

When Janet went on the Web site to track her husband's order, she said she was shocked at what she found. Not only did she find a list of each customer and the company they worked for, including such companies as Disney, Kaiser Permanente and even the U.S. Army, but also their addresses, birthdates, Social Security numbers, and an IP address where you can locate the customers' home.

Source - NBC SanDiego

[From the article:

Daniels said she assumes that the company did something after the report aired, because her husband was able to log on Monday night and delete his information. [Surely each victim is not required to delete their own information? This sounds like another security design bug. Bob]

... It is not known how long the data were live on the site. Some of the customers have been members since 2006, but without comment from Nationlink, there is no way to know how long their information was accessible online. [Isn't that part of the disclosure requirement? Bob]

More on costs...

The Cost of ID Theft, Part 2: Fixing the System

Wednesday, February 06 2008 @ 06:29 AM EST Contributed by: PrivacyNews News Section: Breaches

The costs as well as the volume of ID thefts continue to rise. Estimated business losses per victim increased by about $7,500 from 2003 to 2004, from $41,717 to $49,254, according to the Identity Theft Resource Center. Reported costs per record were $197 last year, according to the Ponemon Institute's third annual study.

Source - TechNewsWorld

Cyberwar? Look at the target, ask “who benefits?”

Fourth undersea cable cut near UAE, suspicions rise

Posted Feb 5th 2008 11:34AM by Darren Murph Filed under: Networking

For the fourth time in a week, an undersea communications cable has apparently been cut (or "failed due to a power outage," as some sources suggest), and while no official reports of subversion have surfaced just yet, things are beginning to get suspicious. [Ya think? Perhaps a “return to the 1400's” group is responsible? Bob] Flag Telecom, a subsidiary of Indian conglomerate Reliance ADA Group, has had two cables damaged in the span of a week -- a quandary it has never dealt with until now. As it stands, traffic from the Middle East and surrounding areas is being routed through various other cables in an attempt to remain online, but any more snips and we could be dealing with ping times eerily similar to those seen in 1993 (or much, much larger issues).

I suspect ALL the girls in my high school would have claimed to be pregnant – and named Elvis as the father. After all, that's how you deal with mandatory actions based on hearsay...

MD: Teen Pregnancy Policy Threatens Students

Tuesday, February 05 2008 @ 02:16 PM EST Contributed by: PrivacyNews News Section: Minors & Students

A new Howard County, MD school policy threatens teens’ right to privacy now that school employees are required to inform parents if a student tells them that she is pregnant. The county Board of Education voted the policy into effect 7-1, according to the Baltimore Sun.

The lone vote against the policy was a student representative who told the Baltimore Sun, "I polled dozens of students. It was unanimous. The students didn’t want this policy, and they didn’t think it was fair to them."

Not only does the Howard County pregnancy notification policy (PDF) threaten students’ privacy because the information is shared with parents, but the policy also states that "information shared in confidence by students to staff will be divulged to principals, to others who by their training or licensure are able to provide immediate appropriate assistance." Therefore students’ personal information is shared with several members of the school administration as well.

Source - Ms. Magazine

[From the article:

The director of general pediatrics and adolescent medicine at John’s Hopkins University Dr. Tina L. Cheng told the Washington Post that research has shown that teens will stop using sexual health care services if they know their parents will be notified.

I suspect that having this information available to the public would terrify most politicians. That alone sounds like a great reason to do it!

February 05, 2008

Michigan AG Track Your Taxes Webpage

"This webpage is hosted by Attorney General Mike Cox as a clearinghouse of information that allows users to track how Michigan tax dollars are being spent by the Attorney General's office. Currently, users can search the total amount the Michigan Department of Attorney General spends on salary, benefits, rent, browse a detailed list of contracts, and much more. Cox is supporting legislation that would mandate the Michigan Department of Information Technology (DIT) create a user friendly Track Your Taxes website for all of state government."

In the “Vote early and often” category... (Sort of like one key starts any car you'd like to steal.)

Diebold voting machine key copied from pic on Diebold site

Posted by Xeni Jardin, January 25, 2007 7:19 AM | permalink

BoingBoing reader Sejin says, In another stunning blow to the security and integrity of Diebold's electronic voting machines, someone has made a copy of the key which opens ALL Diebold e-voting machines from a picture on the company's own website. The working keys were confirmed by Princeton scientists, the same people who discovered that a simple virus hack on the Diebold machines could steal an election. Absolutely incredible and another example of how Diebold's e-voting machines pose a great threat to the electoral process.

For my web site students - Just Watch

As TV shows go into hiding, and the networks drag the already cancelled but leftover shows out of the closet of shame, there’s not much left to do but take action. That’s right, it’s time to make your own TV show. And with you can. has all the tools necessary for you to record on your webcam, edit and upload your own videos, add music, jingles, ads, logos—everything you need to make the next “24” (you’re on your own if you want Kiefer, though). Not into video podcasting? That’s fine. There’s plenty of other entertainment to be had with Woho. Upload your favorite videos from YouTube or DailyMotion, create your own playlists, make a video mashup, make friends worldwide, comment, save embed your faves and the lists goes on. Woho is your one-stop shop for entertainment.

Tuesday, February 05, 2008

Lots of interesting statistics. Still hard to build a model of the cost to victims...

The Cost of ID Theft, Part 1: Beyond Dollars and Cents

By Andrew K. Burger E-Commerce Times Part of the ECT News Network 02/05/08 4:00 AM PT

The ultimate cost to ID theft victims varies across industries, Uriel Maimon, senior researcher for the software firm RSA, told the E-Commerce Times. "In the banking and electronic commerce industries, the end user is usually indemnified, and most of the damage is done to the business. The end users are usually affected by the trauma and paperwork of the experience but can usually recuperate most of their losses."

Private, personally identifying information is everywhere, from portable computers and digital devices, to the Internet and private networks. This data can be obtained so easily -- either through technology or more mundane means -- and its theft is so often glamorized on film, that it is starting to attract a younger generation to criminal ranks.

The scope of ID theft has grown so quickly that it now takes up a substantial -- and growing -- portion of law enforcement resources. [Is this true? Bob] Personal ID theft more than tripled in the U.S. in 2007, according to USA Today.

Records containing personal data on more than 215 million U.S. residents have been exposed due to security breaches since January 2005, according to the Privacy Rights Clearinghouse. Those for whom a breach turns into something far worse -- actual ID theft -- the financial and emotional burdens can be tremendous.

ID Theft in Dollars and Cents

The average cost of an identity fraud case closed by the U.S. Secret Service was US$31,000 between 2000 and 2006, according to a study by the Center for Identity Management and Information Protection. Among more than 700 cases, dollar losses ranged from zero to $13 million.

... Fraud alerts, security freezes and credit reports for such cases are free or cheap and are relatively straightforward to set up, since organizations are required to provide them. For example, free annual credit reports are now obligatory under federal law. Losses can mount and become serious quickly, however, if a security breach turns into financial fraud or criminal ID theft.

... "In 2004, consumers could expect to recover 80 percent of the money they lost due to identity theft. By 2006, that had dropped to 54 percent. Businesses can expect to pay an average of $197 per customer record should they lose a laptop containing the sensitive information of their customers," Livingston told the E-Commerce Times.

A Waste of Time and Energy

Victims in 2004 spent an average of 330 hours, often stretching out over a period of years, recovering from ID theft and crime, compared to 600 hours in 2003, according to ITRC studies. ITRC attributes the range in 2004's reported hours -- from three hours to 5,840 -- to the severity of the identity theft. A lost credit card typically takes fewer hours to solve than the use of your Social Security number by a would-be evil twin.

In both years, about a third of respondents said that they spent a period of four to six months recovering from ID theft. In 2004, only 11 percent of people said they had been dealing with their ID fraud case for seven months two a year. In 2003, 23 percent had wrestled with a case for nearly a year. However, in 70 percent of cases studied in 2004, people noted that they continued to find negative ID information on their records after more than a year, up from 66 percent in 2003.

Problems associated with ID theft don't stop when the crooks are caught or remediation efforts end. After-effects include increased insurance and credit card fees, difficulties finding a job, higher interest rates and fighting collection agencies and credit card issuers who refuse to clear their records despite substantiating evidence. "This 'tail' may continue for more than 10 years after the crime was first discovered," according to the ITRC.

The Aftershocks

Disturbingly, ID theft is often committed by family members and friends. Forty-three percent of victims in the ITRC's 2004 study believed they knew their impostor; 14 percent said that it was an employee of a business that had their information. "There continues to be a lack of understanding by friends, family and the general public regarding the emotional impact of this crime on the victims, both short term and long term," writes the ITRC's Linda Foley in its ID Theft 2007-2008 review and predictions report.

The emotional impact of ID theft on victims is akin to that felt by victims of more violent crime, according to the ITRC. "Some victims feel dirty, defiled, ashamed and embarrassed, and undeserving of assistance. Others report a split with a significant other or spouse and of being unsupported by family members," according to the study.

... The longer the security breach and potential ID theft goes unrecognized, or remediation is postponed, the greater risk you run of serious criminal ID theft. In 2004, 37.5 percent of those surveyed in the ITRC's study reported that they found out about their ID theft within three months, down from 48 percent in 2003.

Passwords alone are not adequate security. How many times must we say this? (Again, not much real information, but a picture is beginning to emerge.)

Poor password management may have led to bank meltdown

Huge losses reported by Société Générale were apparently enabled by forgotten low-level IT chores such as password management

By Jeremy Kirk, IDG News Service February 04, 2008

The huge losses reported by French bank Société Générale, apparently caused by a rogue trader with inside knowledge of the bank's procedures, don't necessarily point to an IT systems failure, but rather to poor management of those systems, analysts say.

The bank has accused 31-year-old employee Jerome Kerviel of creating a fraudulent trading position in the bank's computers that ultimately caused it to lose around €4.9 billion ($7.3 billion).

Kerviel achieved this by, among other things, misappropriating computer passwords, the bank said. It has revealed few other technical details of what caused the losses.

... In some cases, it may not have been the security of the passwords themselves that posed a problem, but rather the access those passwords allowed, said Ian Walden, professor of information and communications law at Queen Mary, University of London.

Organizations tend to think of access as being binary in nature: you get access to it all, or you don't, Walden said. In reality, there are many more levels of access. "In modern, complicated systems, the granularity has to be much more sophisticated."

... "The underlying issue is that many systems are designed to stop honest people from making mistakes, but do not take into account those with malicious intent," Rothke said.


Two e-Discovery Guides for Judges Provide Good Advice for All

There are now two e-discovery guides for judges, one for state court judges and one for federal.

Managing Discovery of Electronic Information: A Pocket Guide for Judges

Conference of Chief Justices Guidelines For State Trial Courts Regarding Discovery Of Electronically-Stored Information.

Now that they're down, let's stomp on them!

10K Filing Suggests Grim Outlook for SCO

Posted by Zonk on Tuesday February 05, @08:41AM from the truly-a-stunning-development dept. Caldera The Almighty Buck Linux

dacarr writes "SCO has filed their 10K with the SEC — and according to this, their own assessment of the company's outlook is pretty grim. As usual, PJ of Groklaw has a good synopsis of the filing highlights. In short, it boils down to one thing: unless there's a miracle, even SCO doesn't think they're going to come out of this. 'As a result of the Chapter 11 filings, realization of assets and liquidation of liabilities are subject to uncertainty. While operating as debtors-in-possession under the protection of Chapter 11 of the Bankruptcy Code, the Debtors may sell or otherwise dispose of assets and liquidate or settle liabilities for amounts other than those reflected in the consolidated financial statements, in the ordinary course of business, or, if outside the ordinary course of business, subject to Bankruptcy Court approval. In addition, under the priority scheme established by the Bankruptcy Code, unless creditors agree otherwise, post-petition liabilities and prepetition liabilities must be satisfied in full before stockholders are entitled to receive any distribution or retain any property under a plan of reorganization.'"

Would there be a market for a free version?

Site Offers Crime Alerts and Maps

By BRIAN BERGSTEIN AP Technology Writer Feb 4, 5:45 PM EST

... A new service on, launched last year and expanding nationwide, overlays police reports on maps, so people can view where arrests and other police calls have been made. Users can configure e-mail alerts to notify them of crimes in locations of interest within a day.

The free site relies mainly on police departments paying $100 or $200 a month, depending on their size, to have extract the information from their internal systems and publish it online.

... This coincides with a prominent trend in policing. Since New York City police launched their "CompStat" system in 1994, law enforcement agencies around the country have been capturing and analyzing crime information in more careful detail, in hopes of better planning responses.

... This flood of information could have its downsides. lists only the block on which a crime occurred or was reported, not the actual address, so as to protect victims' privacy. Even so, the Salt Lake sheriff noted that neighbors on a tiny street might be able to figure out, say, which house on their block had a domestic incident that the participants would rather keep quiet.

While that kind of information was always available in department records, "`public' and `readily accessible' are two different things," Winder said.

On the Net:

Police agencies with data on CrimeReports:

Vote early and often! (see next article)

February 04, 2008

Tech Tools for the American Voter and the 2008 Congressional Elections

  • Tech Tools for the American Voter and the 2008 Congressional Elections - The Tutorial: "This tutorial is a visual walk-through of how to find what you need to know for the upcoming Congressional elections. Use the tutorial to help you find out if you are registered to vote, biographical information on your Congressman or Senator, his or her voting records, and money donations and campaign fundraising for the upcoming election."

How to vote early and often?

Perspective: The Democratic Party's dangerous experiment

By David Dill and Barbara Simons Published: February 4, 2008, 6:03 PM PST

As most of us now understand, paperless electronic voting is a really bad idea. But there is a still worse idea: voting over the Internet.

You should review every penny!

February 04, 2008

Budget of the United States Government Fiscal Year 2009

Budget of the United States Government Fiscal Year 2009 - The Budget Documents

  • "Budget of the United States Government, Fiscal Year 2009 contains the Budget Message of the President, information on the President’s budget and management priorities, and budget overviews organized by agency.

  • Analytical Perspectives, Budget of the United States Government, Fiscal Year 2009 contains analyses that are designed to highlight specified subject areas or provide other significant presentations of budget data that place the budget in perspective. This volume includes economic and accounting analyses; information on Federal receipts and collections; analyses of Federal spending; information on Federal borrowing and debt; baseline or current services estimates; and other technical presentations. Analytical Perspectives volume also contains supplemental materials with several detailed tables, including tables showing the budget by agency and account and by function, subfunction, and program, that is available on the Internet and as a CD-ROM in the printed document.

  • Historical Tables, Budget of the United States Government, Fiscal Year 2009 (342 pages) provides data on budget receipts, outlays, surpluses or deficits, Federal debt, and Federal employment over an extended time period, generally from 1940 or earlier to 2009. To the extent feasible, the data have been adjusted to provide consistency with the 2009 Budget and to provide comparability over time.

  • Budget of the United States Government, Fiscal Year 2009—Appendix contains detailed information on the various appropriations and funds that constitute the budget and is designed primarily for the use of the Appropriations Committee. The Appendix contains more detailed financial information on individual programs and appropriation accounts than any of the other budget documents. It includes for each agency: the proposed text of appropriations language, budget schedules for each account, new legislative proposals, explanations of the work to be performed and the funds needed, and proposed general provisions applicable to the appropriations of entire agencies or group of agencies. Information is also provided on certain activities whose outlays are not part of the budget totals.

  • Current Program Assessment Rating Tool summaries and details are available on including a CSV File for Researchers and Academics and the data model diagram. Government-wide PART summary data is also available in PDF and XLS format on the OMB website.

  • A comprehensive list of Agency Congressional Justifications, Performance and Accountability Report and Agency Strategic Plans is now also available on the OMB website.

I wonder if the US would do any better? Perhaps I'll ask my Statistics class...

Quarter of Brits think Churchill was myth

London, United Kingdom 05 February 2008 12:13

Britons are losing their grip on reality, according to a poll that came out on Monday, which showed that nearly a quarter think Winston Churchill was a myth while the majority reckon Sherlock Holmes was real.

The survey found that 47% thought the 12th century English king, Richard the Lionheart, was a myth.

And 23% thought World War II prime minister Churchill was made up. The same percentage thought Crimean War nurse Florence Nightingale did not actually exist.

You gotta admire the Dutch. What a business model!

Overwhelming popularity for Dutch online safer sex training

Fri Feb 1, 1:55 PM ET

A Dutch online training in safer sex is so popular that the website featuring short instruction videos was overloaded Friday, the Amsterdam health authorities told the ANP news agency.

The website called (have nice sex) went online on Wednesday and just hours after opening already had nearly half a million hits.

Perhaps the greatest lyricist of our age?

Tom Lehrer

I grew up listening to my mom's Tom Lehrer records, but I had never actually *seen* Tom Lehrer singing. Someone has posted on YouTube eleven clips of Tom Lehrer performing his songs on stage in the 1960's. Yep, I still know all the words.

- The Vatican Rag.
- Poisoning Pigeons in the Park.
- Werner von Braun.
- So Long, Mom (A Song for Word War III).
- Send the Marines.
- National Brotherhood Week.
- Pollution
- When You Are Old and Gray.
- Masochism Tango.
- The MLF Lullaby.
- Who's Next.
EDIT: One more, from 1980: - I Got It From Agnes
And another longer, informal one: - here and continued here.
EDIT-EDIT: It's from a 1997 math lecture (part of Irving "Kaps" Kaplansky's 80th Birthday Celebration?).

And, for completion's sake, a more recent (1998?) concert version of Poisoning Pigeons.

For my Stats class


World statistics updated in real time.

For my web site class... (and anyone who would look better with Don King's hair) - Try Out A Celeb Hairstyle

Hair is a delicate matter. The wrong cut or color could leave a girl in tears. Help, however isn’t far away with HairMixer. Fancy Angelina’s up-do, Kate’s bangs, or Posh’s bob? Preview the look with HairMixer before your stylist takes out the scissors. It’s easy enough to do—just upload a photo of yourself and pick a celeb whose hair you want—make sure the photo is an appropriate size, otherwise it just won’t work. You can even swap hair dos amongst celebrities. It’s not only useful, but also loads of fun. Try Tom Cruise’s cut on, oh say Paris Hilton and vice versa; email the results to your best friends. Make a t-shirt out of it. If your favorite celeb hair style isn’t pictured, use HairMixer’s image search function. Check it out on Facebook too.

Monday, February 04, 2008


Data “Dysprotection:” breaches reported last week

Monday, February 04 2008 @ 07:08 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

February 03, 2008

The Future of Reputation: Gossip, Rumor, and Privacy on the Internet

Solove, Daniel J., "The Future of Reputation: Gossip, Rumor, and Privacy on the Internet". The Future of Reputation: Gossip, Rumor, and Privacy on the Internet, Daniel J. Solove, Yale University Press, October 2007 Available at SSRN:

  • "Solove explores how the Internet is transforming gossip, the way we shame others, and our ability to protect our own reputations. Focusing on blogs, Internet communities, cyber mobs, and other current trends, he shows that, ironically, the unconstrained flow of information on the Internet may impede opportunities for self-development and freedom. Longstanding notions of privacy need review: unless we establish a balance among privacy, free speech, and anonymity, we may discover that the freedom of the Internet makes us less free."

Perhaps in the next administration?

Abracadabra! Bush Makes Privacy Board Vanish

Monday, February 04 2008 @ 07:09 AM EST Contributed by: PrivacyNews News Section: Fed. Govt.

The Bush administration has failed to nominate any candidates to a newly empowered privacy and civil-liberties commission. This leaves the board without any members, even as Congress prepares to give the Bush administration extraordinary powers to wiretap without warrants inside the United States.

Source -

Once is happenstance. Twice is coincidence. Three times is enemy action, Mr Bond. - Auric Goldfinger

Fourth Undersea Cable Taken Offline In Less Than a Week

Posted by Zonk on Monday February 04, @12:36AM from the bad-week-to-be-a-backbone-cable dept. Communications Networking Hardware

An anonymous reader writes An anonymous reader writes "Another undersea cable was taken offline on Friday, this one connecting Qatar and UAE. 'The [outage] caused major problems for internet users in Qatar over the weekend, but Qtel's loss of capacity has been kept below 40% thanks to what the telecom said was a large number of alternative routes for transmission. It is not yet clear how badly telecom and internet services have been affected in the UAE.' In related news it's been confirmed that the two cables near Egypt were not cut by ship anchors."

Update: 02/04 07:13 GMT by Z : A commenter notes that despite the language in the article indicated a break or malfunction, the cable wasn't cut. It was taken offline due to power issues.

Research: A meta-site for Field Guides. (Every niche has its expert, the trick is finding one when you need one.

International Field Guides

This site merges the book A Guide to Field Guides: Identifying the Natural History of North America by Diane Schmidt, Biology Librarian at the University of Illinois, and its companion Web site International Field Guides.

Humor (Please don't take this seriously. God knows I don't take Hillary seriously.)

Clinton suggests tapping wages to pay for healthcare — Democrat Hillary Rodham Clinton said Sunday she might be willing to garnish the wages of workers who refuse to buy health insurance [but refused to call in mandatory! Bob] to achieve coverage for all Americans. The New York senator has criticized presidential rival Barack Obama for pushing a health plan that would not require universal coverage.;_ylt=AreQ9GL0Bon12cF85fwJDgGs0NUE

Sunday, February 03, 2008

It seems they haven't updated their web site yet, but mark this in your calendars now...

Privacy Foundation

Privacy & Legal Ethics: Lessons Learned From the TJ Max 40+ Million Stolen Credit Card Files Case

FRIDAY, February 22, 2008 Sturm College of Law at the University of Denver

Schedule of Events
10:00 – 10:15 Introduction: John Soma, Executive Director, Privacy Foundation

10:15 – 10:40 Panel I: Legal, Industry, & Ethical Lessons Learned From The TJ Max Affair

Jim Keese, Global Privacy Officer, The Western Union Company

Jim Reuter, President, FirstBank Data Corporation

10:45 – 11:45 Panel II: Ethical & Legal Issues Facing Post TJ Max Privacy Breaches

Dave Berson, ESQ, Partner, The Banking & Tax Law Group LLP, Leawood, Kansas

Dan Vigil, Assistant Dean Student Affairs, Sturm College of Law

11:50 – 12:50 Round Table Discussion:

Moderator: John Soma, University of Denver, Sturm College of Law

Panelists: Jim Keese, Jim Reuter, Dave Berson, Dan Vigil


Diane Bales, Law Coordinator 303.871.6580; Email:

Reservations required (due to seating and food) ASAP

Registration Fee Seminar and Lunch $20

Seminar, (Room 190), Lunch (Faculty Library, Room 412), and CLE Credit (lunch included $40)

3 Hours Ethics CLE – Applied For

No charge for lunch & seminar for all DU Faculty, Alumni & Students!

'cause we said so, that's why!

Routine fingerprinting at Heathrow provokes outrage

Authorities are being accused of bringing in measures that infringe civil rights without proper consultation.

By Home Affairs Editor John Bynorth

CIVIL LIBERTIES campaigners have accused airport chiefs of sneaking in mandatory fingerprinting of passengers on domestic routes without proper consultation. Heathrow Airport has quietly introduced compulsory fingerprinting and photographic profiling of passengers on domestic routes, including to Glasgow and Edinburgh, ahead of the opening of its fifth terminal late next month.

The move has already caused disquiet among some passengers who were handed leaflets warning they would be barred from their flights unless they co-operated.

Anti-ID card campaigners have demanded to know why no public announcement was made and fear compulsory fingerprinting is smoothing the path for the controversial scheme's introduction UK-wide.

The British Airports Authority (BAA), which operates Heathrow, claims the profiling is needed because the new terminal will have a single departure lounge for domestic and international travellers. [We could have designed it the old fashioned way, but we like all our fish in one barrel. Bob]

... Dr Gus Hosein, of the London School of Economics who has studied the impact of technology on civil liberties, claimed the government is "softening up" people, particularly the young, by making fingerprinting appear acceptable in the run up to ID cards.

... "Britain is the first country in the democratic world to introduce this scheme as mandatory for flights within its borders. There would be a revolution if it happened in the US. [Not if the choice is “comply or don't fly!” Bob]

... "Labour is the only party in the UK which supports the fingerprinting of children in schools through biometrics so they can use the library or buy food. The beauty of what the party has done is these young people don't have the images of 1940s Germany, or that fingerprinting is for people who break the law.

"The aim is to make them grow up thinking fingerprinting is absolutely fine and ID cards are a natural extension of that.

Related. Nothing unusual about seeing combat teams in your neighborhood. “Papers, comrade!”

New Operation to Put Heavily Armed Officers in Subways

By AL BAKER February 2, 2008

In the first counterterrorism strategy of its kind in the nation, roving teams of New York City police officers armed with automatic rifles and accompanied by bomb-sniffing dogs will patrol the city’s subway system daily, beginning next month, officials said on Friday.

Convergence: They have been talking about this for some time. This can't be the first test... Can it?

Cellphones to Monitor Highway Traffic

Posted by Zonk on Sunday February 03, @04:33AM from the using-the-fillings-in-your-teeth dept. Wireless Networking Transportation Cellphones Technology

Roland Piquepaille writes "On February 8, 2008, about 100 UC Berkeley students will participate in the Mobile Century experiment, using GPS mobile phones as traffic sensors. During the whole day, these students carrying the GPS-equipped Nokia N95 will drive along a 10-mile stretch of I-880 between Hayward and Fremont, California. 'The phones will store the vehicles' speed and position information every 3 seconds. These measurements will be sent wirelessly to a server for real-time processing.' As more and more cellphones are GPS-equipped, the traffic engineering community, which currently monitors traffic using mostly fixed sensors such as cameras and loop detectors, is tempted to use our phones to get real-time information about traffic."

Interesting new resource

National Defense Intelligence College Press

Unless otherwise indicated, all publications from the National Defense Intelligence College Press are in the public domain, and may be used for educational and professional purposes.

The alternative was to use Digital Rights Management, which would have blocked any attempt by the bacteria to reproduce.;jsessionid=KEG0KWHGV4PS3QFIQMGSFFWAVCBQWIV0?view=DETAILS&grid=&xml=/earth/2008/02/01/scigenome101.xml

'Watermarks' written in first artificial genome

By Roger Highfield, Science Editor Last Updated: 7:55pm GMT 01/02/2008

The scientist attempting to create the first man-made organism scribbled his name in the first synthetic genome that he unveiled a few days ago.

... Now a table in the online supplemental materials for the Science paper that announced the feat reveals it contained a secret message embedded in the DNA: the code carries the name of the head of the institute, Dr Craig Venter, that of his research institute and co-workers.

His name appears in the synthetic genome as one of five "watermarks," sequences of genetic code. Although the genetic alphabet only comes in four letters, the team exploited how they are grouped in units of three, called codons, and each codon is equivalent to one of 20 naturally occurring amino acids.

I think it's the same as “I kinda had a feeling...” (Or maybe that old Almond Joy commercial, “Sometimes you feel like a nut...”)

Is There a Difference Between “Reasonable Belief” and “Probable Cause”?

Tuesday, January 22nd by Robert Loblaw

Price v. Sery, 06-35159 (9th Cir., Jan. 21, 2008)

This Ninth Circuit decision focuses on a fascinating semantic issue in Fourth Amendment law: is there a legally significant difference between reasonable belief and probable cause? The question arises in the context of a Portland policy that authorizes deadly force if an officer “reasonably believes” that the suspect presents an immediate threat of death or serious physical injury.

Yet another example of management saying, “We know there are errors in our data, we even know what to look for, but making even a minimal effort could cost us money – so why bother?”

What a Nasty Letter for Only $16.96!

1 day ago

BUFFALO, N.Y. (AP) — A collection agency tried to collect a $16.96 debt with an letter that addressed its recipient with a four-letter word for excrement.

"Dear S---," began the letter attempting to collect from an old record club membership. The word was spelled out in the letter, which arrived in an envelope addressed to "S--- Face."

... Under U.S. law, debt collectors are not allowed to use profanity to collect a debt, Hiller said, nor are they supposed to threaten legal action over such a small amount.

Nationwide President Phillip McGarvey said the October 2007 letter was automatically generated after his company bought about 350,000 Columbia House accounts. "S--- Face" is the name under which the account was opened and the way the coupon to start the club was filled out, he said.

Hiller's client has signed an affidavit saying he never signed up for the music club membership under that name.

"It looks bad to the observer who is not familiar with the industry," acknowledged McGarvey, "but anybody who understands the volume would understand how this could happen. [Yes, see my comment above Bob] ...You've also got people filling in famous people's names."

I'd probably include this just because I like lists, but I had never heard of the snail mail application. Now that's an interesting business model – converting old technology to run on the information super highway .

February 2, 2008 - 12:55 P.M.

How to work from the beach

LOS ANGELES, CALIF. -- The designer and blogger behind the Outline Design Blog plans to spend the summer "living and working from the sandy beaches of Costa Rica" starting this month. He has put together a very good list of online resources that make his "extreme telecommuting" possible.

Snail Mail: Earth Class Mail

I've just recently signed up for Earth Class Mail. They give you a new address, and all your mail goes to them. They scan both sides of the envelope and put all scans in an online list. You can look at the envelope and, click to tell them to trash it (recycle it, actually), open and scan the insides, archive it and other options. It's a way to make paper mail electronic, and a Godsend for people who travel constantly. Here's more about Earth Class Mail.

From the list above, but specifically for my web site class...


Photo editing made fun

Picnik makes your photos fabulous with easy to use yet powerful editing tools. Tweak to your heart’s content, then get creative with oodles of effects, fonts, shapes, and frames.

It's fast, easy, and fun.

Structuring your business model: Also for my web site (e-commerce) students, ideas the RIAA should consider too.

Better Than Free

The internet is a copy machine. At its most foundational level, it copies every action, every character, every thought we make while we ride upon it. In order to send a message from one corner of the internet to another, the protocols of communication demand that the whole message be copied along the way several times. IT companies make a lot of money selling equipment that facilitates this ceaseless copying. Every bit of data ever produced on any computer is copied somewhere. The digital economy is thus run on a river of copies. Unlike the mass-produced reproductions of the machine age, these copies are not just cheap, they are free.

Eight Generatives Better Than Free