Saturday, February 16, 2008

You must register to get this (free) report.

ID theft ranking questioned

Saturday, February 16 2008 @ 07:02 AM EST Contributed by: PrivacyNews News Section: Breaches

Identity fraud nationwide fell 21 percent last year, but Delaware ranks among the top five states at risk of the crime, according to a survey by a California-based research firm. But the accuracy of the report is being questioned by some.

Respondents in California, Illinois, Idaho, West Virginia and Delaware reported the highest incidence of identity fraud, with more than one out of 20 state residents reporting themselves as fraud victims, compared with an average of 3.58 percent, or about one out of 28 people, nationwide, Pleasanton-based Javelin Strategy & Research found in its "2008 Identity Fraud Survey Report."

"Your odds of getting struck by this are higher if you live in Delaware," says James Van Dyke, the company's president and founder, who pointed to Delaware's high population density and role as a corporate haven as possible reasons for the high ranking.

Those odds differ wildly, however, from the most recent data from the Federal Trade Commission, and a local banking expert questioned the survey's results.

Source - Delaware Online

[Get the report here:

Civilian Surveillance. Toys that let you act just like James Bond.

AU: Court hears of elaborate spycam network

Saturday, February 16 2008 @ 06:42 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

A HI-TECH peeping tom rigged his house with an elaborate network of miniature hidden cameras to spy on his housemates, a court was told yesterday.

But police have been unable to view the footage Gold Coast man Rohan Wyllie is suspected to have recorded because he has refused to give them his computer password. [Perhaps they mean 'encryption key,' since a password should be a trivial hack. Bob]

Mr Wyllie, 37, faced a committal hearing in Southport Magistrate's Court yesterday charged with making observations or recordings in breach of privacy, disobeying a lawful order to supply his computer password and wilful damage.

Source -

New subject for law? Not sure I've seen anti-RFID skimming law before.

Washington State Reps. Pass Ban On RFID Skimming

Friday, February 15 2008 @ 04:22 PM EST Contributed by: PrivacyNews News Section: State/Local Govt.

The Washington State House of Representatives on Friday passed a bill that would make it a felony to steal information from RFID cards.

The bill (HB 1031) would make it a class C felony to intentionally skim information from RFID-enabled identity cards for fraud or identity theft. The legislation, introduced by State Rep. Jeff Morris, provides exemptions for health care givers and emergency responders.

Source - InformationWeek

[From the article:

It also makes it a violation for businesses to retain personal information gleaned from RFID chips without card owners' consent. [as TJX did with credit card stripe data Bob]

... The bill removed a provision that required all cards with RFID technology to be labeled so consumers would know they contain the chips. [Shame. Bob]

The future of the IRS? (“We can't let the Brits out-surveil us!”)

UK: HMRC gets bugging powers

Friday, February 15 2008 @ 11:48 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

He already has the power to arrest, and as of today, the British taxman will also be able to intercept phone calls, emails and letters, as well as bug residential premises and private vehicles.

The powers were granted to HMRC in the Serious Crime Act, which gained Royal Assent in October, but did not come into force until the relevant statutory instrument is issued today.

... HMRC has stated that all surveillance will be conducted in compliance with the Regulation of Investigatory Powers Act and the Wilson Doctrine, and subject to checks by the Office of Surveillance Commissioners and the Interception of Communication Commissioners Office. However, the department will not need to seek external authorisation for any of its surveillance activities.

Source - Accounting Web

...and a simple way to get parent fingerprints. (Note: this is that intermediate step between government surveillance and citizen surveillance.)

UK: Fingerprint scan at nursery door

Saturday, February 16 2008 @ 06:51 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

A nursery has installed fingerprint scanning at its entrance to increase the safety of its young pupils. The biometric security system at Mes Enfants nursery in Mumbles, Swansea, allows only authorised parents and staff to access the building.

The nursery believes it could be the first nursery in Wales to adopt such a system for staff and parents.

Source - BBC

If you tell a hacker that “unlimited usage” no longer applies to him, don't be surprised if his an amused “Oh yeah?”.

BitTorrent Developers Introduce Comcast Busting Encryption

Written by Ernesto on February 15, 2008

Several BitTorrent developers have joined forces to propose a new protocol extension with the ability to bypass the BitTorrent interfering techniques used by Comcast and other ISPs. This new form of encryption will be implemented in BitTorrent clients including uTorrent, so Comcast subscribers are free to share again.

Interesting that Apple has once again changed the paradigm...

Google iPhone usage shocks search giant

By Slash Lane Published: 03:00 PM EST Thursday, February 14, 2008

Google on Wednesday said it has seen 50 times more search requests coming from Apple iPhones than any other mobile handset -- a revelation so astonishing that the company originally suspected it had made an error culling its own data.

Related? (Maybe that high volume usage is coming from some eastern European hacker...)

Most Mobile Users Don't Know if They Have Security

McAfee-sponsored research finds mobile users expect vendors to pre-install 24 x 7 protection.

By David Needle February 13 2008

Security vendor McAfee released results of a survey of mobile users focused on their awareness and concerns related to security threats, which showed more than three quarters of respondents don't have any security at all.

Research tool? Look for blogs in your field/niche. (Besides, I like lists...)

Comparing Six Ways to Identify Top Blogs in Any Niche

Written by Marshall Kirkpatrick / February 15, 2008 10:34 AM

In the early days of blogging you could go to the Technorati Blog Index, enter some identifying terms for a particular niche topic and discover what the top blogs were in the field.

Identifying top niche blogs is invaluable knowledge for anyone wanting to enter, study or market to people in a particular field. It's one of the fastest and most effective ways to learn the lay of the land and get involved in the community of successful artists, real estate agents or 4-H club leaders using social media. I've been seeing a lot of demand for this information lately so I thought I'd write up some quick pros and cons of the options I'm familiar with. Perhaps you'll add some of your own favorite methods in comments.

Now this is creative money wasting at its best! (I admit, it was the headline that caught my attention)

Sex-Toy Sue will drive you around the bend

Louisa Hearn February 14, 2008 - 10:22AM

They may not be famed for their navigation skills, but personalities such as Ozzy Osbourne, the Queen and John Cleese are helping owners of in-car GPS devices manoeuvre their way across town.

Colourful commands such as: "You have reached your f---ing destination" and a regal-sounding "One has arrived" are taking the place of more customary instructions as the growing popularity of the novelty voice download market attracts a host of third-party offerings.

The market for these "voice skins" is split between parodies of famous celebrities such as Dirty Harry (Clint Eastwood), Mr T and Marilyn Monroe, and generic characterisations featuring the likes of the Voice of God, NASA Ground Control and the adult-oriented Sex-Toy Susan.

[Some sample audio on this page Bob]

For my fellow winos

Let’s Wine a Lot!

15th February 2008, 12:34 am

... The SF Gate had an article about Able Grape ( ), a search engine of about ten million pages devoted to wine.

... Speaking of northern California, there’s WineMap at , which will open to the general public on March 1st. WineMap is collecting information on wineries and where grapes are grown, and placing that information on a map. If you can’t wait for the site to open, you can already download its database to use in Google Earth.

Finally, there’s WineMad, at . WineMad is a wine reviews aggregator and custom Google search engine that’s currently indexing 900 wine Web sites and blogs. The front page lists recent wine reviews and articles, with additional tabs for red wine reviews, white/rose/sparkling wine reviews, and cheese articles and reviews (of course). A blog for this search tool is available at .

For my statistics class...

Poor People Use Yahoo, Those Better Off Use Google

Duncan Riley

New data released by Hitwise yesterday shows that the difference between those using Yahoo and Google can be shown by the wealth of each user.

Friday, February 15, 2008

There is no Rodney King in Utah. Only second class citizens may have their misconduct recorded.

Utah Law Proposed To Hide Police Misconduct So It Doesn't Get On YouTube

from the blame-the-victim dept

It's really fairly amazing to see how people react when bad activities are brought to light. A few times now, we've seen stories of students who were able to film inappropriate activity from teachers or principals with their mobile phones. Rather than recognizing the activity as whistleblowing, the schools in question responded by banning mobile phones. In other words, rather than fix the problem, the schools chose to cover it up so future problems wouldn't get exposed. It appears something along those lines may be happening on a larger scale in the state of Utah. After a video showing questionable police activity involving a taser showed up on YouTube, state senator Chris Buttars has introduced legislation that would allow police to withhold any reports concerning police misconduct from the public (found via Digg). That's because the whole reason the taser video made it to YouTube was because the victim filed a Freedom of Information Act request for it. So now, rather than deal with stopping police misconduct, it appears supporters of this legislation would simply prefer that no one knows about it. It might be worth noting that this comes at about the same time as new reports of a police officer suspended for inappropriate activity -- which was brought to light via YouTube.

Wow, this is a new definition to me!

Public Health Surveillance in the Twenty-First Century: Achieving Population Health Goals While Protecting Individuals’ Privacy

Friday, February 15 2008 @ 06:14 AM EST
Contributed by: PrivacyNews
News Section: Medical Privacy

Stoto, M.A. Public Health Surveillance in the Twenty-First Century: Achieving Population Health Goals While Protecting Individuals’ Privacy and Confidentiality. Georgetown Law Journal, 2008, 96:2, 703-719.

Surveillance, a core function of public health, is defined as “ongoing, systematic collection, analysis, and interpretation of health data essential to the planning, implementation, and evaluation of public health practice, closely integrated with the timely dissemination of these data to those who need to know.”1 In the context of a session that addresses how data and information can and should inform public health policy and practice, this discussion of surveillance calls attention to the disclosure and use of personal health information. In particular, public health surveillance programs require a careful balance between the development of statistical and epidemiological data and knowledge that are essential to achieving population health goals and the protection of individuals’ privacy and confidentiality rights.

Free full-text article available at Georgetown Law Journal [pdf]

One to watch?

Is Selling A CD You Found In The Trash Copyright Infringement?

from the so-sayeth-the-courts dept

Various courts have held that by putting something in the trash, you are relinquishing your ownership of those goods. However, apparently that might not apply to music. William Patry has the story on an unfortunate decision by our court system, suggesting that if you find a CD in the trash and sell it you may be charged with copyright infringement. The story of the case is as follows: BMG famously offers a CD and DVD "club" that sends out new CDs and DVDs on a regular basis to subscribers. Sometimes those subscribers move and cannot be found or for whatever reason the discs are determined to be "undeliverable." BMG so devalues its own discs that it has told the post office to throw out the undeliverable discs, rather than spend the postage to have them sent back to BMG. The post office dumps the discs in its dumpsters -- at which point a Postal Service employee dumpster dives to rescue them. He then goes and sells those discs to local stores, cashing in to the tune of nearly $80,000. This gets discovered, and he gets charged with mail fraud before settling on charges of copyright infringement.

However, what no one seems to clearly explain is where the infringement is? BMG instructed the CDs to be thrown out. The Post Office threw them out. At that point, the property has been relinquished by BMG and the Post Office, so it would appear that anyone who finds the discs wouldn't be committing any kind of infringement (or, for that matter, fraud) in selling them. A lower court ruling was especially bizarre, in demanding that the guy give up all the money he earned to BMG due to the "lost opportunity" to BMG in selling the music. As we've discussed at length before a "lost opportunity" is not an actual loss and it's not a crime. It's simply a marketing challenge. Otherwise, just about any business could be guilty of creating a "lost opportunity" for any competitor. The pizza shop down the street creates a "lost opportunity" every time I eat there instead of the deli. Hell, just buying one musician's CD rather than another's creates a "lost opportunity." So, it's ridiculous to equate a "lost opportunity" to a crime -- and even worse when that "lost opportunity" was self-created by BMG choosing to throw out the discs.

Luckily, the Appeals Court tossed out the "lost opportunity" part, but as Patry notes, it doesn't appear that anyone questioned how the facts of this case could possibly be considered copyright infringement. Selling used CDs is considered to be perfectly legal and non-infringing. How is selling CDs that have been thrown in the garbage any different?

You can't be serious!

SCO Goes Private With $100 Million Backing

Posted by Zonk on Thursday February 14, @04:34PM from the this-is-just-a-touch-unexpected dept. Unix Businesses Caldera The Almighty Buck

AmIAnAi writes "Just when you thought it was all over, the SCO story takes a new twist. SCO has received $100 million financing from Stephen Norris Capital Partners to get them out of Chapter 11 and go private 'The move gives Stephen Norris, whose namesake founder was a co-founder of private equity giant The Carlyle Group, a controlling interest in SCO, which now has a platform to continue its court battle with Novell Inc. over royalties from the Unix server operating system, SCO's main business ... According to a statement from the company, SNCP already has a business plan for SCO that includes pursuing its legal claims.'"

For my web site students. Innovation is everything!

Catching Real Fish With Your Mobile Phone

from the don't-play-with-your-food dept

Well, here's an amusing one. Some folks in Japan have put together a game for mobile phones that lets you go fishing for virtual fish. That, alone, isn't particularly interesting of course. What makes it worth writing about is that when you catch a virtual fish, you then can get a real fish delivered to your door from a local fish wholesaler. There's a bit of luck involved, as once you've "caught" the fish, you then have to have numbers match up on a virtual slot machine, but it could get people thinking about more creative ways to make ordering any kind of product more fun. We've already seen various crazes for "virtual pets" come and go -- but why not attach them to real life outcomes? Need fish? Catch a fish. Need bread? Manage a virtual farm to successfully grow wheat. Want a dog? Successfully take care of a virtual one first. Obviously, some of these ideas are a bit silly, but you could see some more interesting ideas developed out of them, potentially offering people discounts on the actual products if they partake in some of these games that either have subscription fees or advertising.

...and another for my web site students - Adding Glitter and Commerce to Net Videos

New fangled video oriented startups are a dime a dozen, however has entered the cramped arena offering something actually cool and entertaining. The concept is fairly simple: users can overlay stuff over videos. There are animations, graphics, icons, pointers and text all available so that you can add some shimmer and glitter to the video of your choice. Simply pull in a video from Youtube, Google Video, Myspace, etc., and use the Overlay dashboard to start piecing things together. Besides making for some pretty amusing jokes, Overlay also targets the advertising sector. Items in a video, a shirt, someone’s skirt, a musical instrument, whatever, can be highlighted and put up for sale. Create your own online store based on a video and viewers will be able to purchase directly from the video itself. Of course all that stuff sometimes becomes annoying and tiresome, so Overlay gives you the option to switch it off.

I'd tell my students about this one, but they can't hear me with those things in their ears...

Thursday, February 14, 2008

100 Ways to Use Your iPod to Learn and Study Better

If you think that iPods are used just for listening to music, you obviously haven't been keeping up with the latest technology The Apple-developed music player now features all kinds of accessories to help you study better, and now other companies are in a rush to get their designs in sync with the iPod.

... To find out about the many different ways you can transform your iPod into a learning device, check out our list below.

[One of the items on the list:

Podcasting Legal Guide

To say this needs work is an understatement, but there is content there (somewhere) - OpenSource Education

You paid thousands in dollars worth of textbooks and course packets. They were either never opened, or shoddily leafed through in hopes of retaining something in the brain before the big exam. But in reality, you couldn’t remember it if you had to. This is the problem with a lot of course material these days—it’s expensive, disengaging and expensive. OpenCourseWare wants to change this. OpenCourseWare is a haven for high-quality and free educational materials. It’s a collaborative effort, with material gathered and shared from hundreds of universities around the world. Along with OpenCourseWare’s main site, there’s OpenCourseWare Finder, a search engine site for students who can search all the available courses. The left-hand side contains an alphabetized list of all subjects. The top has a search query box and below that, you have your choice of four languages. So, next time you have to buy a textbook, check OpenCourseWare first.

Dilbert on: Trouble-free programming

Thursday, February 14, 2008

Some questions...

TN: Two Laptop Computers Missing From Lifeblood's Main Office

Wednesday, February 13 2008 @ 02:00 PM EST Contributed by: PrivacyNews News Section: Breaches

Two laptop computers are missing from Lifeblood's possession and presumed to be stolen.

The dual-password protected laptops [password1, password2... Next challenge? Bob] were used on mobile blood collection drives, and each included information about Lifeblood's blood donors, including names, contact information, blood type, gender, ethnicity, and, in some cases, Social Security numbers.

The organization is notifying all of the approximately 320,000 affected individuals [What possible reason for so many? Bob] about the situation and encouraging them to place fraud alerts on their credit reports in the unlikely event that an unauthorized person gained access to the data on the computers.

Source -

CSO Disclosure Series | What's Next with Disclosure Legislation?

Wednesday, February 13 2008 @ 02:22 PM EST Contributed by: PrivacyNews News Section: Breaches

An interview with lawyer and breach notification expert Tanya Forsheit on why the United States still doesn’t have a federal breach notification law. Part of an in-depth series about disclosing breaches has published an interactive map highlighting the 37 states that have followed California’s suit and passed laws requiring organizations to notify consumers whose personal information has been compromised. (To view the map, see "Data Breach Notification Laws, State by State.") But one site on the map is still muddied: Washington, D.C., where our nation’s leaders are still wrangling over how a federal disclosure law might look.

Source - CSO Online

About time!

HP Settles Spying Scandal Claims

By JORDAN ROBERTSON AP Technology Writer Feb 13, 8:43 PM EST

SAN JOSE, Calif. (AP) -- A lawyer for a New York Times reporter and three BusinessWeek reporters who were spied on as part of Hewlett-Packard Co.'s boardroom surveillance scheme says the four have settled claims against the company.

As you can clearly see, your honor, my client was nowhere near the scene of the crime.”

US Set to Use Spy Satellites on US Citizens

Posted by samzenpus on Wednesday February 13, @08:13PM from the eye-in-the-sky dept. Privacy United States Technology

duerra writes "A plan to use U.S. spy satellites for domestic security and law-enforcement missions is moving forward after being delayed for months because of privacy and civil liberties concerns. The plan is in the final stage of completion, according to a department official who requested anonymity because the official was not authorized to speak publicly about it. While some internal agencies have had access to spy satellite imagery for purposes such as assisting after a natural disaster, this would be the first time law-enforcement would be able to obtain a warrant and request access to satellite imagery."

Perhaps you can watch streaming satellite footage here? - Video Streaming Service

66Stage is the newest player in the constantly evolving world of video streaming. The movie and television database is massive, and is separated into movies, TV shows, anime, documentaries, cartoons, and comedy. Stage66 also features “amazing videos” and downloadable movies. Another useful organizational option is a function that divides movies by the host server; users can select to view videos specifically from Veoh, DivX, Google, Youku, Tudou, or Megavideo. The home page also showcases the featured movies (or TV shows, or anime) or the week. Finally, Stage66 mercifully promises to remove dead links within twenty-four hours.

The world is changing. Think CNN will be able to turn a profit this way? (Remember, they thought Ted Turner was nuts...) - Unedited Unfiltered News

iReport, a new extension of CNN, marks the most sanctioned step a big news organization has taken towards legitimizing citizen journalism. Of course, when a station needs some extra video footage they turn to the masses, and YouTube has been making strides at housing newscasts shot by everyday people, but iReport provides users with the tools and tips for uploading their own news segments. Submitted videos run the gamut from political commentary to musings about New York weather. Stories are rated in a variety of ways (most popular, “newsiest”), and by author, all with the promise of showcasing unfiltered, uncensored content.

For my web site students... (Easy video grabs...)

4 YouTube Tools you Probably Don’t Know About

Below, we present to you the best applications for dealing with Youtube.

Wednesday, February 13, 2008

A requested delay?

MN: MPS teachers' private data taken

Tuesday, February 12 2008 @ 10:44 PM EST Contributed by: PrivacyNews News Section: Breaches

Half of Milwaukee Public Schools teachers are at risk for identity theft after a computer containing their names, Social Security numbers, birthdates and addresses was stolen, a teachers union spokesman confirmed Tuesday.

Milwaukee Teachers' Education Association staffers have received about a dozen calls since last weekend, when affected teachers received a letter from Administrative Systems Inc., a Seattle-based third-party administrator on contract with their insurance company, alerting them of a security breach that occurred in late December.

... Around 3,000 MPS teachers are affected by the theft because they're enrolled in a group disability insurance plan underwritten by the Union Security Insurance Company, said Pam Schiefelbein, a local plan administrator. The teachers' personal information was stolen from Administrative Systems Inc., which contracts with Union Security and others in the insurance and financial services industries.

Source - JS Online

Related - Computer stolen from Administrative Systems, Inc. contained sensitive personal information and Stolen Administrative Systems, Inc. computer reported to have personal data on 200,000

[From the article:

O'Mahar of MTEA said he was told that the lag between the December theft and notification of Milwaukee teachers occurred at the request of Seattle police. [Is this wise? What are the pros and cons? Bob]

What are the rules of disclosure?

(update) Stolen Administrative Systems, Inc. computer reported to have personal data on 200,000

Tuesday, February 12 2008 @ 05:36 PM EST Contributed by: PrivacyNews News Section: Breaches

As a follow-up to a story first published on, one of those affected by the breach tells us that an employee of Administrative Systems, Inc. (ASI) informed her that the computer stolen from Adminstrative Systems, Inc.'s Seattle office contained personal information on 200,000 individuals.

Additionally, although the copy of the sample notification letter posted to ASI's web site did not indicate that any financial data were involved, the letter she received indicated that personal information may include, "in some cases, bank account information."

"I was still surprised when the girl I talked to said my bank account was also involved; I hadn't even considered that possibility," one of those affected wrote. Her checking account had been set for automatic debit of her insurance premiums. Others who were set up for automatic deduction from checking accounts for their premium payments may be similarly affected.

To date, ASI has not responded to two requests for additional information or clarification on this breach.

Oh goodie, not I can practice building my “Get to know your neighbor” web site – I'm certain this will spread nation-wide quickly...

State of Connecticut Puts Criminal Convictions Online

12th February 2008, 07:42 pm

The state of Connecticut has put a database of over one million criminal convictions (dating back to January 1, 2000) online. Unlike some other states’ criminal conviction databases, this one also includes minor infractions like traffic offenses. [That a bit down the slippery slope from Child Molester, isn't it? Bob] You can search it at . Using it is free.

This is another indication of the culture at Best Buy.

The lost (Best Buy) laptop and the $54 million lawsuit

Tuesday, February 12 2008 @ 11:14 AM EST Contributed by: PrivacyNews News Section: In the Courts

Best Buy is yet again at the center of an unusual lawsuit: A customer sues the retailer for $54 million over her laptop that the company apparently lost during a repair process. A ridiculous amount? Sure. But this is actually one of the smarter lawsuits we hear about these days.

Source - tgdaily
Related - Best Buy vs. Consumer Protection Blog has correspondence and more...

[From the article:

Without legal representation, she filed a $54 million lawsuit against Best Buy last November and actually admits that this is a ridiculous amount. But she hoped that this amount would attract plenty of media attention, which it actually does.

This is just in case Read-ID fails... (Your SSAN card can't be used as identification, can it?)

House bill mandates high-tech Social Security cards

Tuesday, February 12 2008 @ 04:14 PM EST Contributed by: PrivacyNews News Section: Fed. Govt.

Two Republican congressmen from Illinois have proposed legislation that would update the Social Security card for the age of cybercrime.

U.S. Reps. Mark Kirk and Peter Roskam announced on Monday their proposal of the Social Security Identity Theft Prevention Act, a bill that would require tamperproof and wear-resistant Social Security cards to contain a photo of its holder and a biometric sample, such as a fingerprint.

Source - SC Magazine

Another resource

Web Browsers Under Siege From Organized Crime

Posted by Zonk on Tuesday February 12, @01:23PM from the x-force-2007-sounds-like-an-awesome-movie dept. Security The Internet

An anonymous reader writes "IBM has released the findings of the 2007 X-Force Security report, a group cataloging online-based threat since 1997. Their newest information details a disturbing rise in the sophistication of attacks by online criminals. According to IBM, hackers are now stealing the identities and controlling the computers of consumers at 'a rate never before seen on the Internet'. 'The study finds that a complex and sophisticated criminal economy has developed to capitalize on Web vulnerabilities. Underground brokers are delivering tools to aid in obfuscation, or camouflaging attacks on browsers, so cybercriminals can avoid detection by security software. In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80 percent during the first half of 2007.'"

[Get the report here: Bob]

Follow-up They did reverse.

Defendant had a reasonable expectation of privacy in his desk at work

Tuesday, February 12 2008 @ 11:18 AM EST Contributed by: PrivacyNews News Section: In the Courts

Defendant had a reasonable expectation of privacy in his desk at work, and the state did not show that the work area was shared with others to show that there was no expectation of privacy.

The case is Harper v. State, 2008 Ga. LEXIS 150 (February 11, 2008):

Source -

Listen to the video. This sounds more like “Someone must do what their mommys didn't” than any meaningful deterrent of crime,8599,1711972,00.html

When Surveillance Cameras Talk

By THOMAS K. GROSE Monday, Feb. 11, 2008

Big Brother is not only watching you; in Barking and Dagenham, Big Brother wants a word.

... Eventually, the council wants to run contests to pick school children to voice some of the messages. [Get 'em young! Bob]

Counter-surveillance? Will the state insist on monitoring the activities of counter-surveillance (counter-counter-surveillance) and if so will their be counter-counter-counter-surveillance?

New Online Mapping Tool Shows Drivers Speedtrap Locations

Tim King Feb-12-2008 09:26 is working on exporting 50-thousand speed traps to GPS-enabled mobile phones and devices.

(PORTLAND, Ore.) - Drivers who dial into new technology from the Oregon company, may have an edge when it comes to avoiding expensive speeding tickets in police speed traps.

The company expects to reach a landmark of over 50-thousand speed traps worldwide and map them online using the Speed Trap Mashup

Soon we will have the technology to recreate you from the bones out – at which point we will no longer need a “real” you.

The Authorities Have Your Skeleton On File

Security checkpoints could do a full-body scan and check your skeleton against the bone structures of known terrorists in a few years. A new patent, issued on Friday, covers a system that would scan some, or all, of your skeleton and compare it with a database of skeletons. The database would also pull up data such as your name, address, social security number, and passport number. Worst of all, you might not even know your skeleton is being scanned from a distance.

The patented device uses "imaging radar," which bounces microwaves off your skeleton and obtains an image. The objective of the new system is to provide a fool-proof means of identifying people by their skeletons, which may be harder to spoof than fingerprints or other biometrics. The imaging system will be "compact and safe" for use on humans, the patent (#7317416) claims. Most of all, the system would provide "a means to identify individuals at a distance and/or without requiring direct contact."

Because he amuses me...

When and Why Should You Start an e-Discovery Team?

Do you think this is ready for prime time? It is possible to put too much information in your resume. - Visual and Interactive Resumes

The job search, application process, and actual on-site work now take place primarily online- why should your CV not be updated accordingly? VisualCV brings your resume into the twenty-first century. The program incorporates audio, video, charts and graphs into your electronic resume. This means that employers don’t have to wait for if and when they schedule an interview with you to see your body of work- they can see it immediately. In addition, VisualCV links background information about former employers and educational institutions within the resume, so employers can cut out search time.

For my web site students Very easy to use!

www. - Software for ScreenCasts is a site that allows users to create screencasts for free. Using is easy. All you need to do is download the free software to make your own screencasts. Once you have downloaded the software you can create an account and make as many screencasts as you want. With this software you can share your screencasts with your friends, family, and the world. You can host you’re your screencasts on your blog or website. Publish as many as you want and share your tips and skills with the community. When you visit the site you can browse through all of the screencasts or take a looked at the featured screencasts. is a great site for those individuals who do not want to deal with technicality that they could find challenging. is simple and easy, download and publish and there you are.

[This software ( ) is a bit more complicated, but allows you to edit the results... Bob]

Tuesday, February 12, 2008

Short of beating it into them, how do we get this message across?

Two more businesses left unencrypted employee data in vehicles -- with predictable results.

Monday, February 11 2008 @ 12:30 PM EST Contributed by: PrivacyNews News Section: Breaches

Despite the highly publicized and costly Ohio breach affecting over 600,000 people due to the theft of a storage device improperly left in an employee's vehicle, and despite the more recent highly publicized theft of a laptop that contained personal information on 21,000 seniors from a vehicle belonging to an employee of the Pennsylvania Dept. of Aging, some companies or their employees seemingly continue to tempt fate -- with predictable results. Two new incidents involving theft of devices from employee vehicles have just come to light.

In the first incident, Cross Country Travcorps, Inc.. NovaPro, Inc., and Assignment America, Inc. (dba "Cross Country Staffing"), a supplier of healthcare staffing services for facilities throughout the U.S., reported [pdf] that an unencrypted laptop was stolen from a corporate executive's car on February 1st.

The laptop contained sensitive personal information on an unspecified number of Cross Country Staffing employees, including their names, Social Security numbers, and addresses. In the notification letter, Joseph Boshart, Cross Country Staffing's Vice President, did not indicate whether the laptop was supposed to have been encrypted instead of just password-protected, and he did not indicate where the theft occurred, i.e., whether the vehicle was parked outside the employee's home or was in some other location.

In the second newly reported incident, David Schellhase, General Counsel for CRM software vendor reported [pdf] that an unencrypted storage device had been stolen from an employee's vehicle. Personal details on the stolen device included names, Social Security numbers, and dates of birth of some of's current and former employees. Schellhase's letter, dated Feb. 7th, does not indicate whether the firm's security policies had been followed or why unencrypted personally identifiable information had been left in a vehicle.

Requests for additional information from Cross Country Staffing and were not immediately answered.

Another one...

CA: Thieves swipe ID info from Modesto schools employees

Tuesday, February 12 2008 @ 04:57 AM EST Contributed by: PrivacyNews News Section: Breaches

A computer drive holding names, addresses, birth dates and Social Security numbers of all 3,500 Modesto City Schools employees was stolen early today from a Southern California data processing firm, district officials said.

... The burglary happened at Systematic Automation Inc. in Fullerton. It prints annual, customized statements for each district employee with a summary of their health and other employee benefits, said Dennis Snelling, director of business services.

... School district officials said they sent an encrypted file containing employee information to Systematic Automation, where it was apparently stored on the computer in an unencrypted format. [Shouldn't we at least double the liability when a company removes the security to make the crooks job easier? Bob]

Source -

...and a local one...

CO: Jeffco special ed students' information stolen

Monday, February 11 2008 @ 02:01 PM EST Contributed by: PrivacyNews News Section: Breaches

Letters are being sent home to approximately 2,500 Jeffco Public Schools households telling them that their students' information may have been compromised because of a crime. On Monday, Jan. 28, a special education technician had a personal laptop and jump drive stolen during a home robbery in Arvada. The jump drive may have contained the following information for as many as 2,900 special education students:

- Student name and date of birth
- Student ID number (this is not a Social Security number, but rather a school district identification number only)
- School location

If the student has received district transportation, additional information such as parent or guardian name and contact information, may also have been on the jump drive.

Source -

It seems to have taken them quite a while to count all these incidents. Perhaps next year they could use a computer?

Educational Security Incidents Year In Review – 2007 (udpated)

Monday, February 11 2008 @ 09:21 AM EST Contributed by: PrivacyNews News Section: Breaches

The ESI Year in Review - 2007 examines all of the information security incidents occurring at colleges and universities around the world as reported in the news during 2007.

2007 marked a significant change for information security incidents reported in the news. Among the changes are an increase in both the number of incidents reported and the number of institutions reporting a breach as well as the addition to new categories such as incident type "Employee Fraud" and information type "Username and Password".

Source - ESI
Report and Analyses [pdf]
(Update) Related -
Chronicle of Higher Education: More Colleges Suffered Data Losses in 2007 Than in 2006, Study Finds

Ditto (TJX is number one)

2007: A Year of Record Data Breaches

Monday, February 11 2008 @ 09:24 AM EST Contributed by: PrivacyNews News Section: Breaches

See the data behind the substantial rise in identity theft and data breaches from 2007—a record year.

Since the term identity theft was coined, the number of recorded data breaches and compromises has steadily risen in both volume and severity. The following is an accounting of known data breaches and record compromises for 2007, which for the time-being will go down in the annals as a record year. The original data was supplied by the Identity Theft Resource Center and has been reconfigured by Baseline's editorial staff.

The data in this article has the following information:

  • Top 25 Data Breaches of 2007

  • Chief Causes of Data Breaches

  • List Toppers By Vertical

  • Affected Records By Industry

Source - Baseline

Do we need a new law?

With Libel Law Often Unenforceable Online, What Rules Can Be Used to Protect Reputation?

Monday, February 11 2008 @ 04:35 PM EST Contributed by: PrivacyNews News Section: Internet & Computers

Recently, as Wired reported, the online auction site eBay has decided to remove sellers' ability to give buyers a negative or neutral rating, while leaving intact buyers' ability to give sellers neutral or negative ratings. Sellers, in contrast, can now give positive feedback or none at all.

... In this first column of a two-part series, I'll consider the difference between the protection of reputation in real-life and online contexts. In addition, I'll argue that because of some serious problems with "real world" libel law, devising new online reputation-protection systems - systems that can be tweaked over time to make them fairer -- may prove over the long term to be a superior approach

Source - Julie Hindlen, FindLaw's Writ

Another interesting legal debate... Does this have the potential to invalidate the mandatory notice laws?

Fifth Widens Circuit Split Over Psychotherapist-Patient Privilege

Tuesday, February 12 2008 @ 06:45 AM EST Contributed by: PrivacyNews News Section: In the Courts

Today, the Fifth Circuit broke new ground in a growing circuit split over whether the psychotherapist-patient privilege applies to violent threats. Defendant John Auster is a retired police officer who suffers from paranoia, anger, and depression; the fact that his worker’s compensation benefits were about to be terminated did not help matters. Auster told his two therapists that he was prepared for a campaign of violent retribution if his benefits were not reinstated. The therapists had a duty under state law to report these threats, and the government decided to prosecute Auster for extortion.

But the prosecution hit a road bump when the district court tossed out Auster’s threatening statements. Following authority from the Sixth and Ninth Circuits, the district court decided that Auster’s threats were protected by the psychotherapist-patient privilege and therefore not admissible at trial.

On appeal, the Fifth Circuit reverses.

The case is U.S. v. Auster, 07-30084 (5th Cir., Feb. 11, 2008)

Source - Decision of the Day

We probably won't get a new law, but some ethical guidelines would be interesting...

Rethinking Surveillance

Tuesday, February 12 2008 @ 05:33 AM EST Contributed by: PrivacyNews News Section: Breaches

Video surveillance has become a fact of everyday life. Each time you withdraw cash from the corner ATM, travel through an airport or visit a national monument, your image is probably being recorded.

But you may be surprised to learn that there are no federal laws governing how these images can be used, where they should be stored, with whom they may be shared and when they must be destroyed. In this age of YouTube, TMZ and "Cops," it's hard to know where your image might reappear.

Source - Washington Post

Just in case I need some information...

February 11, 2008

Government Information Online (GIO): Ask a Librarian

"Through Government Information Online (GIO) you can ask government information librarians who are experts at finding information from government agencies of all levels (local, state, regional, national international) on almost any subject from aardvarks to zygomycosis. GIO is a free online information service supported by nearly twenty public, state and academic libraries throughout the United States. All participants are designated Federal depository libraries in the U.S. Government Printing Office's Federal Depository Library Program. Many are also official depository libraries for their other types of governments and public agencies."

Monday, February 11, 2008

Medical ID theft is the new black.

Computer stolen from Administrative Systems, Inc. contained sensitive personal information

Sunday, February 10 2008 @ 01:43 PM EST Contributed by: PrivacyNews News Section: Breaches

A desktop computer stolen from an Administrative Systems, Inc. (ASI) office in Seattle on December 29th contained names and sensitive information about customers or employees of several of the firm's clients: Continental American Medical, EyeMed Vision/Kelly Services Vision, and Jefferson Pilot Financial Dental.

ASI provides third party administrative services to insurance and financial firms, such as processing employee applications for insurance coverage, issuing of insurance plans and employee certificates, managing premium billing and collection for insurance plans, responding to customer service requests and other record-keeping functions.

Individuals who were affected by the theft were notified by letter on February 9th.

According to a web site created to provide some information and resources about the incident, personal details may have included name, date of birth, mailing address, and Social Security number, depending on the service being provided. According to ASI, information on the stolen computer did not include credit card information or driver’s license numbers.

In its notification letter, ASI did not indicate whether the data were encrypted nor why it took over a month for individuals to be notified of the theft, but the letter signed by William J. Hill, President of Administrative Systems, Inc., noted that "We have tightened our security measures to provide greater protection for the information we maintain and are working closely with local authorities to minimize future risks."

Great thanks to Joanne Solliday for alerting us to this incident.

(follow-up) Davidson Co.'s security breach reminds that personal data isn't as safe as we'd like

Sunday, February 10 2008 @ 08:43 AM EST Contributed by: PrivacyNews News Section: Breaches note: included in news because it gives a glimpse of handling the aftermath and keeping good will...

... Most of Davidson Companies' financial consultants have made contact with a majority of their clients so they can answer questions about the breach.

The Great Falls-based financial services company also set up two call centers, which have handled more than 15,000 calls since news of the breach was released Jan. 29, Burchard wrote.

The call center is staffed with about 60 Davidson employees from various parts of the Great Falls operations.

"Our Great Falls center has done an outstanding job in answering client questions and providing special assistance to out clients and former clients who need it," Burchard wrote. "We know this because of the many favorable comments we have received."

Davidson Companies initially offered affected clients a one-year enrollment in a credit-monitoring service, but have since changed that to two years

Source - Great Falls Tribune

[From the article:

The No. 1 cause of security breaches isn't hackers, Smith said.

"It's lost stuff."


Data “Dysprotection:” breaches reported last week

Monday, February 11 2008 @ 07:55 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

Good business model? Bad ethics?

Security Research and Blackmail

Posted by kdawson on Sunday February 10, @10:36PM from the pay-to-play dept.

harryjohnston alerts us to a story picked up by a few bloggers in the security space. A Russian security research company, Gleg, has discovered a zero-day in the latest version of RealPlayer 11. But they won't reveal details to Real, or to CERT, despite repeated requests. Details are available only to their clients who pay a lot of money for early access to such knowledge. To describe Gleg's business model Daniweb rather cautiously puts forward the word "blackmail." The story was first exposed in Ryan Nariane's Securitywach blog.

I don't know if I trust these yet... - Login Service for the Internet

SignOn is an identity management service. It allows users to easily log into OpenID enabled websites with one unique identifier—something along the lines of Thus your URL becomes your sign on. The site goes further in offering information cards—essentially digitized versions of those in your wallet. These are stored on your computer; one card works with multiple sites. The cards are grouped by an Identity Selector, software which allows you to created and organize all your Information cards. It’s free to install. Creating a card requires that you fill in your name and email address and register it on your account. Once that’s done, it will be attached to your Signon account. Additionally, you’ll be given an optional public profile which can be ended and adjusted among with settings on your account page.

Is this a trend? (Baen has been doing this for years with apparent success.

HarperCollins Will Post Free Books on the Web

By MOTOKO RICH February 11, 2008

In an attempt to increase book sales, HarperCollins Publishers will begin offering free electronic editions of some of its books on its Web site, including a novel by Paulo Coelho and a cookbook by the Food Network star Robert Irvine.

The idea is to give readers the opportunity to sample the books online in the same way that prospective buyers can flip through books in a bookstore.

“It’s like taking the shrink wrap off a book,” said Jane Friedman, chief executive of HarperCollins Publishers Worldwide. “The best way to sell books is to have the consumer be able to read some of that content.”

Starting Monday, readers who log on to will be able to see the entire contents of “The Witch of Portobello” by Mr. Coelho; “Mission: Cook! My Life, My Recipes and Making the Impossible Easy” by Mr. Irvine; “I Dream in Blue: Life, Death and the New York Giants” by Roger Director; “The Undecided Voter’s Guide to the Next President: Who the Candidates Are, Where They Come from and How You Can Choose” by Mark Halperin; and “Warriors: Into the Wild” the first volume in a children’s series by Erin Hunter.

Mostly SciFi?

Tor Books Is Giving Away E-Books

Posted by kdawson on Sunday February 10, @04:32PM from the what's-not-to-like dept. Books Sci-Fi

stoolpigeon writes "Tor Books is launching a new site and running a campaign in which they are giving away e-books (free as in beer) until the site goes live. To get in on the deal, fill out the form at their site, and each week you will receive a newsletter containing links to download a new book. The first two books are Mistborn by Brandon Sanderson followed by Old Man's War by John Scalzi. Scalzi's site says: 'My understanding is that they don't have DRM on them. Or at least, mine isn't supposed to have, and I don't think they're planning mine to be special in that regard.'"

How it used-to-was

Full-Text Collection

The Full-Text Collection contains 140 schoolbooks from the Nietz Old Textbook Collection.

For my web site students...

10 Principles Of Effective Web Design

January 31st, 2008

for my students - Youtube for Healthcare

ICYou. Think hospital wards, think videos. ICYou is a video site focusing on healthcare. The site fulfills the role of support group, medical advisor, lifestyle guru, entertainer and inspirational life coach. Topics neatly categorized on your left hand side range from aging and blood disorders to organ transplants and wellness. You’ll find doctors discussing eye conditions, bypass surgery and diet; there are boy bands talking about living with diabetes. There are cancer survivors giving others hope. Videos are grouped as either Patients and People, Doctors and Experts or News Reports. A tag cloud displays popular topics. Users can upload videos, comment, and lend support.

I can think of a few people who deserve one of these...

February 10, 2008

Connecticut Farmers Selling Dairy Fiber Pot Containers

Audubon Naturalist Society: "Gardeners have long wanted pots made of biogradable and renewable materials. And now, at least for seedling pots, this alternative exists: CowPots™, invented by two Connecticut dairy farmers, are durable fiber pots made of cow poo. So far, though, these odorless pots are only available to us online."