Saturday, March 08, 2008

Why does anyone have 5000 employee names on their laptop? Why no encryption? (I am also startled to hear that MTV employees 5000 people. What do they do beyond putting DVD's into the player?)

5,000 MTV Networks' employees potential affected by breach

Friday, March 07 2008 @ 08:13 PM EST Contributed by: PrivacyNews News Section: Breaches

Someone apparently hacked into a computer belong to an employee of MTV Networks and possibly gained access to names, birth dates, social security numbers and compensation data of 5,000 employees.

MTV Networks, a unit of media conglomerate Viacom, notified employees of the security compromise on Friday and said that while the computer files pertaining to employees' private information were password protected, the company can't be sure they haven't been opened. [Much better than “Don't worry, they were password protected.” Bob]

Source - C|net

Why 40,000 people on a laptop?

NY: Missing Laptop Prompts ID Theft Concern at Blue Cross-Blue Shield of WNY

Saturday, March 08 2008 @ 07:40 AM EST Contributed by: PrivacyNews News Section: Breaches

Thousands of Blue Cross-Blue Shield customers are being notified by mail that their identity could potentially be compromised.

A viewer called 2 On Your Side to tell us her son received a letter from the company telling him his information is on a company laptop computer that's missing.

Blue Cross-Blue Shield Spokesperson Karen Merkel-Liberatore tells 2 On Your Side 40 thousand current and former customers in the Buffalo and Albany areas are effected. The company is giving them one year of free Equifax credit protection.

Source - WGRZ

Should we call Guinness? (This could screw up their WHOLE life.)

MS: Head Start Burglary Leads To BIG ID Theft Operation

Saturday, March 08 2008 @ 09:36 AM EST Contributed by: PrivacyNews News Section: Breaches

Police in Memphis and Mississippi may have cracked a major identity theft ring.

The files of 79 students were taken last month from the ICS Head Start Center in Mount Pleasant, in Marshall County, just south of the Tennessee state line.

We showed you the arrests but at the time, nobody was talking about what exactly they had..... Thieves got away with 79 files, many with multiple social security numbers on them.

... They're some of the youngest victims ever of identity theft. Criminals used school files on these children in what investigators call a huge scam.

... Officers from Memphis and Marshall County raided this house, and arrested an unidentified woman and her boyfriend. They also found many of the missing files, detectives believe were used in a big scam apparently run by the two.

. Here's our understanding of how this scam worked. Want to save some money on your taxes? No problem. Just buy a kid, or rather, rent their social security number and take the deduction. [Do people think they'll get away with this? Bob] The going rate? About 500 bucks.

Source - WREG

Interesting problem. Assume than an organized crime group has hundreds of thousands of “stolen identity” records – would it make sense for them to sort/sell them by location to create just this kind of confusion?

WI: Credit Card Information Stolen In Dunn County

Friday, March 07 2008 @ 11:04 AM EST Contributed by: PrivacyNews News Section: Breaches

Investigators are trying to figure out how thieves are getting credit card information from people in Dunn County.

Investigators say, since November, about 60 to 70 people have reported unauthorized charges and a total of about $75,000 has been stolen. Detectives say they have no leads at this point, and so far only people living in Dunn County have been affected.

Source - WEAU

Note: back in December, covered another story out of Dunn County involving debit cards where police couldn't figure out what was going on. Whether this breach is related to the prior story or not is unknown to us, but is certainly curious -- Dissent.

We may never know what is going on here. How do you distinguish between an search for “Jane Doe” that is related to an ongoing investigation and one that is related to stalking? Would the same rules have applied when all records were paper and someone was scanning the mug shots?

UK: Officer admits taking personal data from police computer

Friday, March 07 2008 @ 11:36 AM EST Contributed by: PrivacyNews News Section: Breaches

A POLICE officer has admitted stealing personal data from a Northumbria Police computer. Simon Hindmarsh, 28, pleaded guilty to 13 charges of obtaining personal data without consent when he appeared at Newcastle Crown Court.

He also admitted two further offences of disclosing personal information without the consent of the data controller.

The offences relate to information regarding both individuals and addresses.

Michael Graham, prosecuting, said Hindmarsh was a police officer based in Wallsend.

"The penalty for these offences is restricted to a fine," [Pay 3 shillings, return to work, access more records? Bob] said Mr Graham.

Source - Guardian

If we start linking all these cameras (the Brits want to link to private cameras in stores and pubs) who is going to monitor them? This reads like they will be looked at ONLY when some other source (a 911 call) suggests they might provide information. But there is nothing to prevent browsing, is there?

Chicago Links School Cameras To Police

Posted by Soulskill on Friday March 07, @05:25PM from the i'll-be-watching-you dept.

Farakin brings us a story about how cameras in roughly 200 Chicago schools are being connected to police headquarters and the city's 911 emergency center. The goal of the effort is to "consolidate video surveillance," and it will involve both routine monitoring and real-time updates to officers on their way to a crisis. According the the Chicago Tribune, "The mayor acknowledged the cameras provide only limited security, citing a spate of shootings in recent days that have claimed young victims during after-school hours." The story also contains a video in which Mayor Daley indicated that he expects the cameras to serve as a deterrent now that people know they're under the eye of the police.

Related (and because Bruce actually seems to think about this stuff...

Transparency Isn't A Substitute For Privacy

from the power-imbalances dept

Slashdot points to a great Bruce Schneier article debunking the idea that "transparency" is better than privacy. People like David Brin argue that technological change is rapidly making the concept of privacy obsolete, and that instead of lamenting this fact, we should make sure that everyone, including the government, is subject to increased "transparency." But Schneier does a great job of explaining what's wrong with this theory: the less power you have, the more important your privacy is to you. If the government knows everything about you, and you know everything about the government, that's not a fair trade. The government can use its increased knowledge to coerce you in a variety of ways that you're not going to like. But even if you know about everything the government is doing, you're not going to have the power to stop it from doing things you don't like. Reduced privacy for everyone increases the power of those who already have power, and increases the vulnerability of those without power.

The other problem is that in the real world, accepting less privacy for ordinary citizens isn't going to lead to increased transparency in government. Government officials who might want to put more cameras up on public streets are not going to want cameras installed in police headquarters. The Bush administration wants our electronic communications to be more "transparent" to NSA eavesdropping, but they haven't reciprocated by giving us information about how those eavesdropping programs work. It's a mistake to equate government transparency with reduced privacy for private citizens because transparency of government activities and privacy for ordinary citizens are both ways of limiting the ability of the government to violate our rights.

Interesting new resource?

Chronology of Breaches for 2008 uploaded

Posted by Dissent on Mar 7, 2008

The chronology of medical- or health-related breaches that were published in 2008 is now available on this site for the first part of this year. It will be updated several times during the year.

So far, there are 26 incidents in the chronology.

Oh what a wicked web we weave...

March 7, 2008

Air Force DMCA-Bombs YouTube

Filed under: Chilling Effects, DMCA, copyright — wseltzer @ 6:21 pm

Over at Wired’s Threat Level blog, Kevin Poulsen reports on a new DMCA overreach: the U.S. Air Force complained (via outside counsel) about his posting of their recruiting video. The post, Kevin says, was initially made at the Air Force’s invitation.

If the government created this work, then the DMCA claim is improper. Works of the U.S. government are not copyrightable. But the statute allows the government to receive copyright assignments, so if an independent contractor created the video, still available at the Air Force’s (non .mil) site, the government could meet that technical requisite of the DMCA.

The DMCA also requires that the notifier assert the posting was unauthorized. Poulsen’s article, however, says the Air Force sent Wired the ad and “thanked THREAT LEVEL for agreeing to run it.” That doesn’t quite square with the DMCA-required statement that the notice-sender “ha[s] a good faith belief that none of the materials or activities listed above has been authorized by the U.S. Air Force, its agents, or the law.”

Even if the Air Force’s DMCA claim is truthful, however, it’s still a policy overreach. Wired posted the video in order to report on government recruiting efforts; the video’s dissemination is part of that First-Amendment protected discussion, whether it happens on or off government websites.

As an auditor, I keep insisting that you must keep and review your logs. Here's a free tool to help you do that. (Now what's your excuse?)

What Are All Those Logs Trying to Tell You?

By Dana Gardner TechNewsWorld 03/06/08 5:00 AM PT

... Splunk's approach to this problem has been to index and make searchable the flood of constantly generated log files being emitted from IT systems, and then aligning the time stamps to draw out business intelligence inferences about actual IT performance.

The San Francisco company took the IT information assembly and digestion process a step further two years ago by creating SplunkBase, an open reservoir of knowledge about IT searched systems for administrators to share and benefit from.

... To kick-start the effort, the first Splunk-built application on the platform was announced this week. Splunk for PCI Compliance is available for download from SplunkBase.

The application provides 125 searches, reports and alerts to help satisfy PCI (payment card industry data security) requirements, including secure remote access, file integrity monitoring, secure log collection, daily log review, audit trail retention, and PCI control reporting, says Splunk.


Data-leak security proves to be too hard to use

Data-loss-prevention tools are a great idea to keep secrets from leaking out, users say, but they're too difficult to actually use

By Matt Hines March 06, 2008

Data-loss-prevention technologies promise organizations the chance to stop sensitive information from falling into the wrong hands. But the process of creating the rules necessary to use the systems' enforcement capabilities is proving extremely complex for customers.

... The fundamental barrier to getting DLP systems to enforce data-handling policies comes down to this: It takes a lot of time and effort to understand the dynamics of how an organization uses information. [Or you could look at what is going on based on the logs – if you keep the logs... (see previous article) Bob] And then it takes a lot more effort to write governance policies that adequately address all the areas of data risk — while not writing rules that get in the way of daily business operations, several companies using DLP told InfoWorld.

Sometimes useful insights come from pointing out the obvious... (or, as the great philosopher said, "You can observe a lot by watching" Y. Berra)

Almost Every Company Is A Software Company

from the customization dept

I noted last summer that the New York Times launched a new blog called Open about the use of open source technologies at the paper. On Tuesday the blog had a post about a new Perl profiler that they developed in-house and are releasing to the world. I'm not in the market for a Perl profiler, but I thought it was striking that the New York Times, a firm that a decade ago was totally clueless about the web, is now producing non-trivial free software projects. What I think this illustrates is that the common conception that software is something that comes in a box you buy at Best Buy is rather misguided. An enormous number of programmers are employed in organizations we don't think of as software firms, developing custom applications for the internal use of their employers. In a sense, every company of non-trivial size is a software company.

In fact, I'm composing this post in a custom CMS developed specifically for the Techdirt Insight Community. And this, I think, is one of the things that makes software patents so dangerous. A firm doesn't have to worry that its fleet of company cars infringe patents; that's generally the responsibility of the car manufacturers. In a healthy patent system, companies should only have to worry about patents in their own line of business. But when a company "manufactures" a software product for internal use, they suddenly have to worry about whether their internal software might be violating some patents. Indeed, the End Software Patents project has pointed out that companies as diverse as the Green Bay Packers, Kraft Foods, and Ford Motors have been hit by software patent lawsuits in recent years. The reality is that software isn't just an industry, it's becoming a fundamental tool for manipulating information about the world. Policies that implicitly assume that only a few companies in Silicon Valley and Seattle are "software companies" are going to cause major problems.

Another effort to segregate the second-class citizens from the important people...

New lanes may speed up airport security

By Thomas Frank, USA TODAY

WASHINGTON — The government said Wednesday that it's going to expand an airport security program that creates special checkpoint lanes for families and "expert" travelers.

Beginning in April, the Transportation Security Administration plans to launch the program in at least six new airports. "There's no real cap on the number of airports," TSA spokesman Christopher White said. "If this is well-received by the six airports, we'll continue to expand."

A test that began last month in the Denver and Salt Lake City airports found that segregating passengers speeds up security lines and eases traveler stress, [Unless you are in the segregated “against” line Bob] White said.

... In Denver and Salt Lake City, both the expert and family lanes are moving faster, [How could entire families be processed faster than individuals? Simple, skip a few steps! Bob] White said.

Buying the wine should be easy. Selling wine is more complicated than selling guns!

Amazon to enter US wine market

By Jonathan Birchall in New York Published: March 5 2008 02:00 | Last updated: March 5 2008 02:00

Amazon, the world's largest online retailer, is to start selling wine in the US, entering a business fraught with regulatory complexities and littered with the wreckage of previous failures.

Amazon is looking to recruit a senior wine buyer, whom it says will be responsible for "the acquisition of a massive new product selection" for its site. The wine sales will augment a rapidly expanding non-perishable groceries business that Amazon launched two years ago.

Something to go with your wine?

Food Blog Search

"Food Blog Search is a custom built search engine specifically for searching food blogs. It uses Google technology, through the Google Custom Search Engine program. Started in October 2006, Food Blog Search now searches over a thousand hand-selected, high quality food blogs. More and more food blogs are added to the list of sites searched every day."

Is there a “map war” going on?

Yahoo! Maps update includes more neighborhoods and worldwide coverage

Posted Mar 6th 2008 4:00PM by Simon Kerbel

Yahoo! has rolled out a major update to Yahoo! Maps, with expanded worldwide coverage, new and more focused neighborhood data, and many stylistic improvements.

The new neighborhood data allows you to get more specific information for any given location, with lower zoom levels and more localized data, including schools, rest areas, resorts, restaurants, and so on.

Tools & Techniques

March 7, 2008 12:01 AM PST

Convert any Office file to PDF for free

Posted by Dennis O'Reilly 14 comments

Recently an associate whose PC lacked Adobe Acrobat sent me a Word file via e-mail, asking if I could convert it to PDF and e-mail it back to her. Since the process took all of about 30 seconds, I was delighted to help. Then the next day she sent two more files in need of conversion to PDF, and a couple of days after than another. After her fourth request of the week I felt compelled to tell her about two ways she could have converted the files herself for free: Adobe's own Create Adobe PDF Online free trial, and Arco Software's great CutePDF Writer freebie.

If you use Office 2007 you can download Microsoft's free Save as PDF or XPS utility, which adds the ability to convert files to PDF or Microsoft's competing XML Paper Specification to all eight applications in the suite. The great thing about CutePDF Writer is that it works with programs other than Office 2007. See below for more.

NOW they tell us!

Vista And XP Users May Need Daylight-Saving Time Patch

To ensure Windows users aren't hit with a daylight time bug, Microsoft has launched an automated diagnostic and update service that installs patches on systems that need them.

By Paul McDougall InformationWeek March 7, 2008 11:12 AM

Friday, March 07, 2008

I can't wait for some scholarly study on this topic. It may be hard to have a TJX fund it, however...

When does a privacy breach cause harm?

Thursday, March 06 2008 @ 12:56 PM EST Contributed by: PrivacyNews News Section: Breaches

Several countries are on the verge of doing what U.S. courts have stopped short of: codifying that breaches of personal information can actually harm people. Why should U.S. companies welcome this development?

Because an international answer to this question could clarify the standard of protection corporations have to meet with regard to personal data in their care. Finally having a clear standard could contain corporate liability and reduce companies' operational expenses. [Interesting argument. Perhaps there are funds out there? Bob] Whether the U.S. Congress also makes this leap in its deliberations over a national breach-notification bill may depend on legal experts stepping up to the plate to reshape the terms of the debate.

Source - Computerworld

This is interesting. Also see the article on China's cyberwar practices...

NY: Cops crack Queens ID theft ring

Friday, March 07 2008 @ 06:49 AM EST Contributed by: PrivacyNews News Section: Breaches

A Queens crime ring with roots in China swiped personal information from thousands of U.S. consumers to make phony IDs and credit cards, police said Thursday.

"This was a well-oiled machine up until this past Tuesday," Police Commissioner Raymond Kelly said, announcing the indictments of 38 members of the enterprise.

... Police said they suspected the account information was stolen by hackers in China and the Ukraine who broke into the databases of major department store chains.

"Particularly disturbing is the fact that some of these people boarded aircraft and purchased tickets ... with fraudulent documents," Queens District Attorney Richard Brown said.

During a 14-month probe, cops said 3,000 blank cards and account numbers were sent every month - 42,000 in all - from China to five houses in Queens. Police said the scam had been going on for nearly a decade.

Source - Daily News

...and since the Internet is a network of networks, we can look any any computer attached to the Internet... (The logic is obvious. If you live on the same block (city? State?) as a criminal, we can assume you are working with that criminal until we can prove your innocence. Bend over and spread 'em!)

NSW police to search computer networks

Thursday, March 06 2008 @ 01:17 PM EST Contributed by: PrivacyNews News Section: Non-U.S. News

The New South Wales Cabinet has approved new powers for police designed to help them track terrorist threats, fraudsters and paedophiles through computer networks.

The proposed laws would allow police to search computers networked to those listed on a search warrant.

Police could also seize computer hard drives and memory sticks for up to seven days.

Police Minister David Campbell says police are currently only able to search computer hardware found on a premises named in a search warrant.

Source - ABC News (AU)

Perhaps there is something to learn...

EDUCAUSE Data Privacy Presentations

Thursday, March 06 2008 @ 04:52 PM EST Contributed by: PrivacyNews News Section: Minors & Students

Two presentations are available on the web:

Insights on the Legal Landscape for Data Privacy in Higher Education [pps]
Rodney J. Petersen (EDUCAUSE), and

Data Classification and Privacy: A Foundation for Compliance [pdf of pps]
Brian Markham (University of Maryland)

Are we ready for CyberWar?

U.S. military flags China cyber threat

Published: 2008-03-06

The U.S. Department of Defense warned in an annual report released this week that China continues to develop its abilities to wage war in cyberspace as part of a doctrine of "non-contact" warfare.

The warnings are part of the Department's Annual Report to Congress on the Military Power of the People's Republic of China (PRC) 2008 published this week. The report, which for the most part focuses on China's land, air, sea and space capabilities, also notes that numerous intrusions into computer systems at the DOD and its contractors emanated from China.

Just exactly what security does this provide? If not security, what is the purpose of this censorship?

DIA keeps Wi-Fi on the mild side

By Michael Booth The Denver Post Article Last Updated: 03/06/2008 12:00:47 PM MST

Want to browse Vanity Fair magazine on the Denver airport's free Wi-Fi system? Sorry. You'll have to buy it at the newsstand, because DIA's Internet filter blocks Vanity Fair as "provocative."

... Denver International Airport officials are erring on the side of caution in blocking access to certain sites through the free Internet browser offered to fliers.

They say they're using prudent judgment in a public, family-friendly atmosphere.

But others see it as cyber-censorship that taints Denver's self-portrayal as a progressive economy.

Certainly difficult to see RIAA held to an “Intellectual” standard...

Neither Intellectual Nor Property

Posted by kdawson on Thursday March 06, @06:10PM from the but-it's-not-imaginary-either dept.

Techdirt's Mike Masnick is writing a series of short articles on topics around intellectual property. His latest focuses on the term itself, exploring the nomenclature people have proposed to describe matter that is neither intellectual nor property. The whole series (starting here) is well worth a read.


Does The DMCA Still Matter?

from the you-better-believe-it dept

Kevin Donovan writes in to point to law professor Tim Armstrong wondering if the DMCA is still relevant at all, now that so many content providers are dumping DRM. He also notes that we're seeing fewer DMCA-related cases. Kevin supplies his own excellent response talking about the legacy of the DMCA, including the anti-circumvention clause, noting that it's still holding people hostage. For example, he points out that everyone who bought an HD DVD player (picking the losing side in the battle) now would be breaking the law if they merely wanted to move the HD DVD content they legally purchased over to a more usable format. He also points to the importance of the DMCA's safe harbor provisions, which protect service providers from copyright infringement by their users. Both of these are good points. Also, I find Armstrong's first point, about fewer DMCA cases, unconvincing. All it really means is that many of the larger points related to how the law should be interpreted have been decided by the courts. That doesn't change the chilling effects that those rulings have left behind. The law itself is still very, very relevant -- mostly for unfortunate reasons.

Now this is intriguing... Why object to anything that gets students to study?

Student Faces Expulsion for Facebook Study Group

Posted by Soulskill on Friday March 07, @05:13AM from the our-way-or-the-highway dept.

Pickens brings news that a student at Ryerson University is facing 147 counts of academic misconduct after helping to run a chemistry study group through Facebook. School officials have declined to comment, but students are claiming that it is simply a valid studying technique in the information age. Quoting: "Avenir, 18, faces an expulsion hearing Tuesday before the engineering faculty appeals committee. If he loses that appeal, he can take his case to the university's senate. The incident has sent shock waves through student ranks, says Kim Neale, 26, the student union's advocacy co-ordinator, who will represent Avenir at the hearing. 'That's the worst part; it's creating this culture of fear, where if I post a question about physics homework on my friend's wall (a Facebook bulletin board) and ask if anyone has any ideas how to approach this - and my prof sees this, am I cheating?' said Neale, who has used Facebook study groups herself."

Thursday, March 06, 2008

Well I'm shocked, shocked I tell you! (“We've got the power to make them second class citizens and no inclination not to...”)

National Security Trumps Personal Privacy, Government IT Pros Say

Wednesday, March 05 2008 @ 10:00 AM EST Contributed by: PrivacyNews News Section: Other Privacy News

Government IT professionals believe that national security is more important than personal privacy, according to a survey released Monday.

Quest Software's Identity Management Government Survey of 474 IT professionals in federal, state, and local government found that 53% believe that national security should take priority over American's personal privacy.

The survey, conducted by the public opinion research company Pursuant in January, also showed that 69% of IT professionals in federal, state, and local government believe identity management is very important to their organizations and agencies. Seventy-two percent believe that it will increase in importance over the next five years, the survey revealed.

Source - InformationWeek

We can make entire states into second class citizens...

Montana driver licenses will not be accepted to board planes

Wednesday, March 05 2008 @ 06:40 PM EST Contributed by: PrivacyNews News Section: REAL ID

Montana is one of four states that have yet to seek an extension to comply with the Real ID law.

Officials at the Homeland Security department are pushing Montana, Maine, South Carolina and New Hampshire to adopt stricter driver's license standards to end a standoff that could disrupt domestic air travel.

... Chertoff says any state that doesn't seek an extension by the end of March will find that, come May, their residents won't be able to use their licenses to board domestic flights. But Montana Governor Brian Schweitzer says Motnana won't buckle.

He says the Real ID proposal will cost Montana a fortune and give a false sense of security without actually making ID more reliable.

Source - Montana's News Station

“Thus I wave my magic wand and lo, no more identity theft” H. Potter

UK: Tories pledge commitment to data security

Thursday, March 06 2008 @ 06:39 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

The Conservative Party will make it an offence for a Crown servant or a government contractor to lose personal data.

The reckless handling of personal data offence was part of a wide-ranging package of measures to combat cyber crime unveiled today by Shadow Home Secretary David Davis.

Source -

Medical Privacy gets its own feed

ANNOUNCE: Pogo's Medical Privacy News Section is Moving to its Own Site

Wednesday, March 05 2008 @ 04:21 PM EST Contributed by: PrivacyNews News Section: Medical Privacy

Medical- and health-related privacy news is moving to its own site, That should help cut down on the amount of news headlines on this main site, but will also allow those who want to discuss health-related privacy news the opportunity to do so. I hope that those of you who have been following the medical privacy news section of this site will bookmark that site and join us over there.

The original Medical Privacy Project files will remain on this site, but will not be updated here. All of the updated chronologies and reports will be available on

For those of you who have been using the medical privacy headlines RSS feed, the new feed will be

Medical- or health-related breaches will be cross-posted on both sites for the convenience of those who track or analyze breaches. Occasionally, other stories may merit cross-posting, but privacy issues related to HealthVault, Google Health, etc. will generally be on

“It is better to feel safe than to be safe” Hernando

Green light for TTC's 11,000 cameras

$21 million network of video 'eyes' justified for safety of riders, privacy czar rules

Mar 04, 2008 04:30 AM Kerry Gillespie Queen's Park Bureau

Surveillance cameras make TTC riders feel safer and the plan to dramatically expand their numbers is okay with Ann Cavoukian, Ontario's privacy commissioner.

“We've decided it works!” (Other than “because we can” what justifies this?)

Biometrics screening for Olympics workers

Wednesday, March 05 2008 @ 09:57 AM EST Contributed by: PrivacyNews News Section: Surveillance

About 100,000 workers at the Olympics site in London are to be screened using advanced face and palm recognition techniques in one of the largest and most expensive security operations undertaken on a British construction project.

Every worker on the site – up to 10,000 at one time at the peak of construction in 2010 and 100,000 in total – will pass through a two-tier biometrics access system that includes palm-print reading and face recognition.

Source - TimesOnline

[From the article:

Biometric testing is also being considered for the nine million ticket-holders as they enter the site.

The plans were disclosed as Tarique Ghaffur, the Metropolitan Police Assistant Commissioner in charge of the 60-day Games operation, told a security conference in Abu Dhabi that 500,000 CCTV cameras would be required to police the event.

“We've decided it doesn't work!”

UK: ID card u-turn by government

Thursday, March 06 2008 @ 06:41 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

A government u-turn has ditched plans to force people to get a biometric ID card when they renew or apply for a passport.

Home Secretary Jacqui Smith is also expected to reveal today that any Parliamentary vote to make ID cards compulsory for British citizens will now be delayed until 2015.

But the government still intends to force foreign nationals living in Britain to register their biometric details on the National Identity Register and carry an ID card by the end of this year.

Source - Related - Guardian

Let's see if I understand. We can't afford to cover all of these people, so we'll cover a small percentage, but it will be fun! Next year, we can do the same thing with police and fire services!

Oregon holds health insurance lottery

By SARAH SKIDMORE Associated Press Writer Mar 4, 8:00 AM EST

PORTLAND, Ore. (AP) -- Oregon is conducting a one-of-a-kind lottery, and the prize is health insurance.

Probably better than just throwing money at the problem...

Next Question: Can Students Be Paid to Excel?

... School districts nationwide have seized on the idea that a key to improving schools is to pay for performance, whether through bonuses for teachers and principals, or rewards like cash prizes for students. New York City, with the largest public school system in the country, is in the forefront of this movement, with more than 200 schools experimenting with one incentive or another. In more than a dozen schools, students, teachers and principals are all eligible for extra money, based on students’ performance on standardized tests.

Each of these schools has become a test to measure whether, as Mayor Michael R. Bloomberg posits, tangible cash rewards can turn a school around. Can money make academic success cool for students disdainful of achievement? Will teachers pressure one another to do better to get a schoolwide bonus?

So far, the city has handed out more than $500,000 to 5,237 students in 58 schools as rewards for taking several of the 10 standardized tests on the schedule for this school year. The schools, which had to choose to participate in the program, are all over the city.

Free is good! - Be Heard, Free Podcasting

GCast will host your podcasts for free. So what’s the trick, you ask? Ads. You’ll get advertisements placed within your casts, possibly, and they’re placing ads in videos and on audio networks. There will be an option for ad-free podcasts, for a price, though. Once you’ve decided to set your voice to the net, you’ll have several options. You can create playlists, with the site’s Playlist Manager, and add files from your own computer, from a phone, or from GarageBand. Once your playlist has been published, GCast mixes it up into one continuous Mp3 file for your podcast. You can record your entire podcast via your mobile or house phone and you can embed you podcast into your blog or web page. Subscribers can get their podcast fix via email alerts.

Wednesday, March 05, 2008

Perhaps it will be easier than I had thought to get lawyers interested in privacy...

Jackson's Lawyer May Get $12M Over Secret Videotaping

Tuesday, March 04 2008 @ 09:27 AM EST Contributed by: PrivacyNews News Section: In the Courts

A huge chunk of money may change hands over the secret videotaping of Michael Jackson and his lawyer when the singer was surrendering on child molestation charges.

The owner of an air charter service is ordered to pay Jackson's former attorney, Mark Geragos, and an associate $12 million for rigging the plane with hidden cameras.

... Geragos sued for invasion of privacy. The charter company plans to appeal.

Source -


CDT Releases Principles for Behavioral Targeting Privacy Tools

Tuesday, March 04 2008 @ 04:45 PM EST Contributed by: PrivacyNews News Section: Businesses & Privacy

CDT today released a set of privacy principles to help guide the development of software tools related to online behavioral targeting. Developed in consultation with members of CDT's Internet Privacy Working Group (IPWG), the principles aim to bolster the development of tools for Web browsers and other software that empower users with the ability to manage their privacy and control online behavioral tracking activities. The document is a result of meetings with IPWG, sparked by renewed interest in behavioral targeting at the FTC, in the private sector and among consumer groups.

Source - Principles for Behavioral Targeting Privacy Tools [PDF]

Looking for guidelines?

Ca: Privacy Commissioner seeks feedback on implications of using RFID technology in the workplace

Wednesday, March 05 2008 @ 06:47 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

The Privacy Commissioner of Canada, Jennifer Stoddart, issued a call today for feedback to enrich the debate on the use of radio frequency identification (RFID) systems in the workplace.

“While there is no doubt this technology can be used to improve productivity and enhance security, we are nevertheless concerned that it can also be used as a surveillance tool, undermining the dignity and autonomy of workers,” said Commissioner Stoddart. “In applying RFID systems in the workplace, we believe it is necessary to strike a balance between the benefits to employers and the privacy of employees.”

Source - Privacy Commissioner of Canada

Related - Radio Frequency Identification (RFID) in the Workplace: Recommendations for Good Practices: A Consultation Paper March 2008

If not, can anyone make up evidence to fit their complaint? What could possibly be “proprietary?”

Should RIAA Investigators Have to Disclose Evidence?

Posted by Zonk on Tuesday March 04, @05:22PM from the special-rules-for-special-people dept. The Courts Media The Internet

NewYorkCountryLawyer writes "A technology battle is raging in UMG v. Lindor, a court case in Brooklyn. The issue at hand is whether the RIAA's investigator SafeNet now needs to disclose its digital files, validation methodology, testing procedures, failure rates, software manuals, protocols, packet logs, source code, and other materials, so that the validity of its methods can be evaluated by the defense. SafeNet and the RIAA say no, claiming that the information is 'proprietary and confidential'. Ms. Lindor says yes, if you're going to testify in federal court the other side has a right to test your evidence. A list of what is being sought (pdf) is available online. MediaSentry has produced 'none of the above'. 'Put up or shut up' says one commentator to SafeNet."

As organizations cut back on their training budgets, free online video tutorials were one way to ensure employees could do their jobs. Makes you wonder...

The New Workplace Rules: No Video-Watching

By BOBBY WHITE March 4, 2008; Page B1

Carriage Services Inc., a Houston funeral-services company, recently discovered that 70% of the workers in its 125-person headquarters watched videos on Web sites like Google Inc.'s YouTube and News Corp.'s MySpace for about an hour a day.

"I almost fell out of my chair when I saw how many people were doing it and how much bandwidth those sites sucked up," says Jeff Parker, the company's information-technology administrator. He quickly blocked access to both sites.


Microsoft Develops New Operating System From Scratch

Microsoft Research unveiled the new operating system, Singularity, as a prototype aimed at academics and researchers.

Nancy Gohring, IDG News Tuesday, March 04, 2008 2:30 PM PST

Microsoft showed off a new operating system on Tuesday, but don't get too excited.

Think of Singularity as "a concept-car OS," said Rick Rashid, general director of Microsoft Research. Microsoft is making the prototype OS available free to the academic and research communities in the hope that they'll use it to develop new kinds of computer architectures.

It's difficult for the academic community to experiment with computer architectures, he said. Singularity is designed to make it easier for researchers to test how operating systems and applications interact with each other, he said.

Could be interesting.

UN Makes Its Statistical Data Free and Searchable

Posted by Zonk on Wednesday March 05, @02:39AM from the can't-argue-with-free dept. Databases The Internet Education

NorseWolf writes "Since its foundation, the United Nations system has been collecting statistical information from member states on a variety of topics. The information thus collected constitutes a considerable information asset of the organization. However, these statistical data are often stored in proprietary databases, each with unique dissemination and access policies. As a result, users are often unaware of the full array of statistical information that the UN system has in its data libraries. The current arrangement also means that users are required to move from one database to another to access different types of information. UNdata addresses this problem by datapooling major UN databases and those of several international into one single internet environment. The innovative design allows a user to access a large number of UN databases either by browsing the data series or through a keyword search."

Tuesday, March 04, 2008

Give credit when due...

Stolen VA laptop caught in safety net

Monday, March 03 2008 @ 12:49 PM EST Contributed by: PrivacyNews News Section: Breaches

The Veterans Affairs Department lost another laptop PC, but the department was better prepared this time.

When an employee at VA’s Austin Corporate Data Center in Texas had his laptop stolen from his apartment last month, the department’s revamped security policies and new security technologies were put to the test. Unlike what happened when a VA laptop was stolen in 2006, data on the newly missing laptop was protected by encryption, and VA officials knew exactly what equipment was missing.

... VA protected the laptop with GuardianEdge full-disk encryption. No one lacking proper authentication could do more than turn on the computer. The encryption software would block unauthorized users from accessing the data, Martinez said.

In the latest incident, the employee immediately reported the theft to VA and the Austin police department. Because VA followed information technology security policies and procedures, officials could determine that no sensitive data resided on the laptop.

... On the evening of the theft, Austin police recovered the laptop in a raid on a convenience store suspected of involvement in drug activity.

Source - FCW

Not every organization got the memo...

Missing laptop, data could affect Q-C Oscar Mayer employees

Monday, March 03 2008 @ 05:42 PM EST Contributed by: PrivacyNews News Section: Breaches

A company-owned laptop computer was stolen from an employee of Kraft Foods traveling on company business.

And now 20,000 employees nationwide have received letters telling them that their personal information was stored on the missing laptop and they could be vulnerable to some type of identity theft.

That group of 20,000 includes employees from Davenport’s Kraft Oscar Mayer plant. It is unknown how many employees of the Davenport facility were affected. The plant employs about 1,700 people.

Source - Quad-City Times

OH: 25,000 student photos had no login protection

Tuesday, March 04 2008 @ 06:54 AM EST Contributed by: PrivacyNews News Section: Breaches

More than 25,000 pictures, apparently of Ohio University students, were inadvertently left without password protection on an otherwise secure OU Web site [What are they suggesting? The rest of the site had a password? (password) the security system worked every time except this time? Bob] in what state and federal officials said might be a violation of federal privacy law.

OU restricted access to the pictures, which appeared to be headshots taken for OU identification cards, hours after a Post reporter called to inquire about them last Tuesday. Brice Bible, the university’s chief information officer, said in an interview yesterday that the only way someone could have located the Residence Life Web site containing the pictures was to abuse their access privileges. [Bull! See next sentence... Bob]

The pictures, housed on a Web site used by OU resident assistants to file incident reports, were available to anyone who typed in the appropriate Web address.

Source - The Post

(Just a reminder that password security is trivial at best...)

Aging Security Vulnerability Still Allows PC Takeover

Posted by Zonk on Tuesday March 04, @08:44AM from the there-are-issues-here-and-perhaps-they-should-be-investigated dept. Microsoft Security

Jackson writes "Adam Boileau, a security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password. By connecting a Linux machine to a Firewire port on the target machine, the tool can then modify Windows' password protection code and render it ineffective. Boileau said he did not release the tool publicly in 2006 because 'Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble'. But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website."

What would you do with military ID that you can't do any other way? Shop at the PX?

Military IDs, Equipment Stolen Over Weekend

Monday, March 03 2008 @ 02:49 PM EST Contributed by: PrivacyNews News Section: Breaches

More than 200 military identification cards, and equipment that can be used to make more, was stolen during a burglary at a U.S. Army Reserve Center on Milwaukee's northwest side over the weekend, police said Monday.

Source -

Just 'cause it's local...

CO: Identity theft ring members indicted

Monday, March 03 2008 @ 04:59 PM EST Contributed by: PrivacyNews News Section: Breaches

Eight members of an identity theft ring operating across the metro area were indicted today on 89 felony counts.

The gang is accused of stealing mail, breaking into cars and burglarizing homes and businesses to steal personal information, according to Scott W. Storey, district attorney for Jefferson and Gilpin counties.

...Investigators believe there were more than 20 victims, including businesses and individuals. Among the businesses hit by the group were Safeway and Home Depot.

Source - Rocky Mountain News

Comcast digs themselves deeper? Organizations need to consider that when they publish data the entire world has the opportunity to review and comment.

Advocacy groups bash Comcast's "technical-sounding nonsense"

By Nate Anderson | Published: March 03, 2008 - 08:11AM CT

The Electronic Frontier Foundation and Free Press, two of the biggest backers of the FCC's investigation into Comcast's traffic management practices, late last week filed reply comments with the Commission. The goal of both was to undermine the arguments trotted out by Comcast in defense of its BitTorrent "delaying" practices.

While the EFF turned in a dense and thoughtful discussion of the importance of corporate transparency (PDF), Free Press ranged much wider (PDF), seeking to undermine the whole edifice of "technical-sounding nonsense" coming from Comcast HQ. Taken together, both sets of comments make a strong case that Comcast's decision to block "pure seeding" during periods of network congestion was both poorly handled and is technically unnecessary.


Data “Dysprotection:” breaches reported last week

Monday, March 03 2008 @ 07:12 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

Always amusing...

The Constitutionality of FISA [Duke Law School]

9:43 PM ET

The Constitutionality of FISA, Duke Law School, February 18, 2008 [Professor Robert Turner, University of Virginia]. RealPlayer, 58 minutes. Watch recorded video.

I suspect more politicians will find this an easy subject for “We gotta do something” politics.

(follow-up) O’Toole Renews Call For Immediate Investigation Of Horizon Blue Cross/Blue Shield Data Breach

Monday, March 03 2008 @ 12:48 PM EST Contributed by: PrivacyNews News Section: Breaches

Senator Kevin O’Toole (R-40) called today for immediate hearings on the loss of a laptop containing the personal data of more than 300, 000 customers of Horizon Blue Cross/Blue Shield of New Jersey. The computer was stolen in early January. It was reported that the laptop was taken home by an employee who regularly worked with customer data outside of Horizon offices.

"An immediate investigation into the loss of this information must be launched immediately," O’Toole stated. [redundantly... Bob] "How many other Horizon laptops are out there, filled with unencrypted and easily retrievable customer data, just waiting to be lost or stolen?"

Source -

Anyone can spy on their neighbor...

Top 10 Barely-Legal Gadgets for the Modern Spy

by Alex Santeria, Mar 3, 2008

This is a guide I wrote for people who have a desire to obtain gadgets like James Bond without being enrolled in the military or secret service.

Here are listed 10 categories of devices you can buy to make you feel like a James Bond, from laser beams that cut things to x-ray goggles that see through clothes to CSI grade forensic lab hardware.

Another Home-Surveillance tool. Eventually all security types will be required to wear these and record everything that second class cotizens do,,,

Cyber-Goggles Record and Identify Every Object You See

Posted by Zonk on Monday March 03, @05:51PM from the partially-sapient-ai-additional-charge dept. Robotics Hardware

RemyBR writes "Researchers at the University of Tokyo have developed a smart video goggle system that records everything the wearer looks at, recognizes and assigns names to objects that appear in the video. Advanced programs then go back and create an easily searchable database of the recorded footage. Designed to function as a high-tech memory aid, these 'Cyber Goggles' promise to make the act of losing your keys a thing of the past, according to head researcher professor Tatsuya Harada. 'In a demonstration at the University of Tokyo last week, 60 everyday items -- including a potted begonia, CD, hammer and cellphone -- were programmed into the Cyber Goggle memory. As the demonstrator walked around the room viewing and recording the various objects, the names of the items appeared on the goggle screen. The demonstrator was then able to do a search for the various items and retrieve the corresponding video.'"

Add in facial recognition technology and this would make for a great aid at conferences and family reunions.

“We are French! This makes perfect sense to us!”

France Decides That Expressing An Opinion About Your Teachers Should Be Illegal

from the please-explain? dept

Sites like and have been around in the US for ages, but it appears that some other countries aren't too thrilled with the concept. Last year, a teachers' union in the UK demanded that the sites be banned which seemed a bit extreme. However, in France things have gone even further, as a court has banned such sites from naming teachers entirely, and is threatening huge fines if the site continues to do so. It makes you wonder what good the site is if it can't actually name teachers.

Either way, it does raise a larger issue: what is wrong with a site that allows students to rate their teachers, and allows students, parents and the schools themselves to see what the students feel about various teachers? In France, they're saying it's a violation of privacy, but it's not clear what privacy is being violated. [We have the right to be bad teachers without anyone knowing! Bob] It seems the only violation is in preventing students from giving feedback and their honest opinions. Even the article notes that the average rating was quite favorable for teachers. This seems like the type of site that could only be useful. Yes, there will occasionally be an angry student who posts a bad review, but on the whole, you'd imagine that the ratings will even out and be accurate over time. If a teacher is really worried that their ratings are poor, perhaps that says more about their teaching ability than it does about this particular site.

Monday, March 03, 2008

...and we wonder why there are TJX level events.

Security skills of IT workforce lacking, survey finds

CompTIA's most recent survey reveals wide gap between IT security skills wanted and those workers bring to the job

Denise Dubie (Network World) 28/02/2008 07:10:33

A majority of organizations are in need of IT workers with security, firewall and data privacy skills, but more than 40 per cent surveyed by the Computing Technology Industry Association in the US said their IT employees are not proficient in such skills.

Nearly three-fourths of 3,500 technology professionals polled identified security, firewall and data privacy as the IT skills most important to their organization today, according to CompTIA, which commissioned The Center for Strategy Research to conduct the telephone and online survey during the fourth quarter of 2007. Tied for second in terms of importance behind security skills were general networking and operating system skills, cited by 66 per cent of respondents each.

Yet despite the importance 73 per cent of IT managers place on security skills, just 57 per cent also said they believed their IT employees were proficient in such skills, which represents a gap of 16 percentage points between the skills IT organizations need and those they have in place.

What ethics?

Lawyer admits computer breach

Sunday, March 02 2008 @ 07:11 AM EST Contributed by: PrivacyNews News Section: Breaches

A Charleston lawyer could be suspended from the State Bar after admitting that he accessed another law firm's computer system because he suspected his wife was having an affair.

According to a brief filed with the state Supreme Court by the Bar's Lawyer Disciplinary Board, Michael P. Markins repeatedly accessed e-mail accounts at Offutt, Fisher and Nord, where his wife, Andrea N. Markins, worked as an associate.

..."From his wife's e-mail address, [Markins] was able to determine he could gain access to various OFN e-mail accounts ... by going to the OFN main Web page, clicking on a link, and typing in an e-mail address and a person's last name," the brief states. (emphasis added by Dissent).

Source - The Charleston Gazette

How could this possibly work?

Startup Plans to Solve Online Identity Theft, But Does Anyone Care?

By Alexander Gelfand 02.08.08 | 12:00 AM

Imagine you could prove you were 21 without revealing your date of birth -- or anything else about you, for that matter. Or qualify for a loan without disclosing your net worth. Or enjoy the benefits of e-commerce, e-health and e-government without a moment's fear that you are open to identity theft.

Sound impossible? It is. But it won’t be if cryptographer and entrepreneur Stefan Brands has his way.

Brands runs Credentica, a Montreal-based startup that is rolling out an encryption-and-authentication system called U-Prove that allows users to disclose the absolute minimum to complete digital transactions -- and to do so in a way that ensures the information they need to reveal has no shelf life whatsoever.

At what point did this become a “big deal” because obviously before that, it was not...

AU: Agency made 700 privacy breaches

Sunday, March 02 2008 @ 09:48 AM EST Contributed by: PrivacyNews News Section: Breaches

THE Child Support Agency faces an urgent review over nearly 700 privacy blunders in the past year, including people being given the confidential contact details of their former spouses.

Human Services Minister Joe Ludwig said yesterday that he questioned the agency's competence over the breaches, and ordered an overhaul of its administration.

Source - The Australian

Protecting politicians from the second class...

CO: Bill would curb access to data

Monday, March 03 2008 @ 06:58 AM EST Contributed by: PrivacyNews News Section: State/Local Govt.

Getting voting records, school budgets, property assessments and other public records could get more difficult as lawmakers attempt to fend off websites and blogs that have used public data to target politicians.

Draft legislation to erect more speed bumps to access — such as requiring that requests come from Colorado citizens — would make the state's rules tougher than its neighbors'.

Source - Denver Post

This could be interesting. What is the next election worth?

United Technologies Corporation Makes A Bid For Diebold

from the buy-now,-vote-later... dept

Just as the Onion is poking fun at Diebold for releasing the results of the 2008 Presidential election months early, it appears that United Technologies Corporation is attempting a hostile takeover of the company after it turned down a private offer. Diebold is mostly known these days for its controversial e-voting business (which the company has renamed "Premiere" to try to disassociate it with the Diebold name) but is also a major player in the ATM business. Whether or not UTC takes the company over, there's little doubt that Diebold has done a terrible job responding to the questions and accusations about the security and reliability of its e-voting machines. Having a company like UTC come in and take over could actually do a lot for the company to regain some trust.

Stuff for my web site class... - Software for Developing Web 2.0 Apps

WaveMaker provides powerful solutions for the development of web applications. Their chief products Studio and Framework offer clean, intuitive user interfaces that take advantage of drag and drop assembly of widgets and service and quick, code free integration of web services. WaveMake Studio runs with with Ajax and utilizes Push to Deploy technology, allowing one touch application deployment. WaveMaker’s Framework deploys Java files from the Studio, maintaining and extending their usage. It makes use of open source components such as Spring and Acegi; it also reduces the necessity of custom coding, which means apps are both of higher quality and easier to support. WaveMaker can be freely downloaded for Macs, Windows and Linux users.

Ditto - Make Your Own Business Apps

RollBase is a new platform as a service provider (PaaS) which is looking to simplify application creation for businesses. Its web based software is designed for small and medium sized businesses. RollBase provides drag and drop technology so that users can easily pick and choose apps they want to incorporate into their account. Among these, users can choose from a wide variety of categories, for instance, apps for creating an online community, apps designed for managing sales, and there are apps for human resources. Those with a little more tech know how can choose to customize their apps by implementing code; however, Rollbase has been designed to obviate the need for programmers altogether while still providing high quality, sophisticated applications. Rollbase offers both fully featured backed end apps as well as front end applications which can be directly plugged into company websites and intranets. There is a free 60 day trial version available.

Got ancestors?

March 02, 2008

National Archives Makes Some Passenger Arrival Records Available Online

News release: "For the first time, the National Archives and Records Administration has made available online more than 5.2 million records of some passengers who arrived during the last half of the 19th century at the ports of Baltimore, Boston, New Orleans, New York, and Philadelphia. The records were transcribed from original ship manifests into electronic databases by Temple University’s Center for Immigration Research at The Balch Institute. The Center donated the digital records to the National Archives. The records are known as Data Files Relating to the Immigration of Germans to the United States, 1850-1897; Data Files Relating to the Immigration of Italians to the United States, 1855-1900; and Data Files Relating to the Immigration of Russians to the United States, 1834-1897."