MAKE 'DEAR JOHN' DATA LETTERS MEANINGFUL
Friday, August 22 2008 @ 05:35 PM EDT Contributed by:PrivacyNews
I like to call them "Dear John" data letters. And just like those sad, cold notes from a lover announcing a breakup, those "We've lost your data" letters are almost always frustratingly vague.
A new study from identity theft research firm ID Analytics suggests that's both unfair and risky. The study shows that consumers victimized by insider data theft -- theft by an employee -- are 12 times more likely to be ultimately hit by fraud than victims of an accidental data loss, like a lost laptop computer.
Yet many Dear John data letters announcing security breaches offer precious few details about the circumstances of the loss. That leaves consumers completely in the dark about what to do.
Source - The Red Tape Chronicles
[From the article:
About half of U.S. adults have received at least one such letter, according to the Ponemon Institute.
... Here's why the details matter. ID Analytics analyzed 5 million pieces of identity data stolen in 12 separate insider thefts. More than one-third of consumers exposed by those incidents -- 36 percent -- were ultimately hit by identity fraud. Contrast that with ID Analytics data on lost laptops and hard drives, where victims were hit with fraud only about 3 percent of the time.
... Other circumstances surrounding the breach also help predict the likelihood of fraud, Cook said. This might sound counterintuitive, but the findings suggest that the larger the data leak, the less likely a victim will be hit by fraud.
... Consumers who are victims of data breaches should always get the answers to three critical questions, Cook said: the size of the breach, the precise data involved and the reason it was stolen or lost.
“It is better to look legal than to be legal”
But What If A Takedown Notice Isn't Actually A DMCA Takedown?
from the legal-gymnastics dept
We already covered the judge's ruling about how copyright holders need to consider fair use before sending a DMCA takedown notice, but there's another part of Universal's position in this case that has been widely ignored (even by the judge in the case), but which Ethan Ackerman wisely calls attention to: Universal claims that the takedown letter doesn't violate the DMCA because it wasn't actually a DMCA takedown. Instead, they said it was just a friendly "request."
This may seem like a silly assertion or, at best, a minor side point, but it could become quite important. The DMCA has some very specific conditions that those sending takedowns need to meet -- but there's nothing really stopping anyone from sending a request that isn't specifically a DMCA takedown notice. For copyright holders, this would remove some of the power of the takedown notice, as it wouldn't require the service provider to react, like a DMCA notice does. However, if rulings like this one stand, adding some amount of liability to copyright holders sending DMCA takedown notices, some may actually find it safer to send non-DMCA takedowns on the assumption (probably correct) that most service providers will treat them exactly the same as a DMCA takedown. In other words, would copyright holders "opt-out" of the DMCA terms in order to avoid that liability? It will be worth watching.
Of course, in this case, the court just assumed that even if it didn't hit all the criteria, it was for all intents and purposes a DMCA takedown letter. But that won't always be the situation in future cases -- especially if copyright holders become even more explicit that the letters aren't DMCA takedowns, but some other type of takedown request. And, of course, this could expand as well -- where a total non-copyright holder could send such "requests" for takedowns, and they conceivably might not be violating the DMCA's provision against false takedowns, because they won't even fall under the DMCA. One way or the other, you can bet lawyers are going to be busy.
Rather to keep shoveling money at vaguely defined projects, wouldn't it be simpler to use tools that already work for large volumes of data?
Fatal flaws found in terrorism database
Posted by Stephanie Condon August 22, 2008 2:11 PM PDT
One of the country's most important terrorism databases is on the verge of failure after suffering from gross mismanagement and technical design flaws that went ignored for months, a congressional investigation found.
A congressional committee on Thursday called for an investigation into a program called "Railhead," which was supposed to upgrade the National Counterterrorism Center's integrated terrorist intelligence database, called Terrorist Identities Datamart Environment (TIDE). The database serves the United States' 16 separate intelligence agencies, and as of January, contained more than 500,000 names (PDF), according to the NCTC. The program has cost an estimated $500 million.
Interesting, but a precedent others can use?
NJ: Court says data-mining firms must pay to keep Social Security numbers secure
Friday, August 22 2008 @ 02:01 PM EDT Contributed by: PrivacyNews
A state appeals court today ruled that data-mining companies must pay to have personal information like social security numbers masked from public view.
A three-judge panel of the New Jersey Appellate Division said privacy interests outweigh the interests of companies that gather massive amounts of public real estate records for profit.
... In 2006, Data Trace Information Systems filed an open public records request with the Bergen County Clerk's office requesting microfilm copies of the 13 kinds of realty documents covering decades of information. County officials said the request covered 2,559 rolls of microfilm that contain 8 million pages of documents and would cost $1.8 million.
A trial court judge ruled the records could be released, if company paid to remove social security numbers.
Source - nj.com
[From the article:
But allowing social security numbers to be collected and sold provides a "key to access a myriad of information about an individual" including their home, race, contact information, and criminal history, the judges said in the 40-page ruling.
"We are convinced that the right of privacy under the New Jersey constitution ... establishes protection for New Jersey citizens from wholesale disclosure of SSNs," wrote Judge Lorraine Parker, who was joined by Judges Dorothea Wefing and Rudy Coleman.
... "What it means to regular folks is where the legislature has failed to protect the citizens of New Jersey and their personal data, the courts have stepped forward and created a new right of privacy in the constitution," he said.
We can, therefore we must: Pretty mild in the state that made “aggravated littering” a capital crime.
TX: Court to monitor truant students with GPS ankle bracelets
Friday, August 22 2008 @ 05:33 PM EDT Contributed by: PrivacyNews
Court authorities will be able to track students with a history of skipping school under a new program requiring them to wear ankle bracelets with Global Positioning System monitoring.
But at least one group is worried the ankle bracelets will infringe on students' privacy.
Source - Houston Chronicle
[From the article:
"We are at a critical point in our time where we can either educate or incarcerate," Penn said, linking truancy with juvenile delinquency and later criminal activity.
... Asked why the students have to wear the ankle bracelet all the time instead of just the school day, Penn cited problems with runaways.
Related? When you have proof that the students are smarter than the Principal, shouldn't he be fired?
Principal Loses Lawsuit Against Students Over Fake MySpace Profile
from the taking-the-pal-out-of-principal dept
You may remember a story we had last year about a principal at a school so overreacting to some students creating a fake MySpace profile for him that he took them to court. It's one thing to ask MySpace to take down such a profile or to discipline the students in school (both of which would likely backfire as well), but to take them to court seems extreme. And, apparently, the courts think so too. An appeals court has upheld a lower court ruling that there was no defamation or intentional infliction of emotional distress in the case. Of course, the judge does also scold the kids for their "unacceptable" conduct. Luckily for the kids, "unacceptable" wasn't against the law in this case.
Wouldn't cooperation have been better, strategically?
Interview With MIT Subway Hacker Zack Anderson
Posted by timothy on Friday August 22, @03:01PM from the clearly-a-terrorist dept. Hardware Hacking The Courts Transportation
"In his most extensive interview since the DefCon controversy emerged, MIT subway hacker Zack Anderson talks with Popular Mechanics about what's wrong with the Charlie Card, what happened at DefCon, and what it's like to tango with the FBI and the MBTA. The interview comes on the heels of Tuesday's court ruling denying motions by the MBTA to issue a preliminary injunction aimed at keeping the students quiet for a further five months."
[From the article:
Popular Mechanics: All this started as a class project at MIT—is that right?
Zack Anderson: For Computer Network Security class, and it was basically the final project.
... Some significant physical security problems were present—not technology related, just things that are very easily overlooked. People could hit a button in an open box and all the turnstiles would open. I mean, why resort to some high-tech hack when you could just hit a button?
We also looked at the Charlie Ticket, which is a magnetic card. Actually, the MIT Tech [the university's daily newspaper] has a good article that basically went over everything that was made public—some of which came out through MBTA filings, not through anything we released.
I got a map of the campus.
Welcome, Freshmen. Have an iPod.
By JONATHAN D. GLATER Published: August 20, 2008
Taking a step that professors may view as a bit counterproductive, some universities are doling out Apple iPhones and Internet-capable iPods to students.
Related? Making markets rather than trying to capture existing ones...
Bringing Cell Phones To the Third World
Posted by Soulskill on Saturday August 23, @08:20AM from the strength-through-communication dept.
An anonymous reader tips a story about Denis O'Brien, a mobile phone entrepreneur whose goal is to spread cell phones throughout third-world countries. Quoting:
"...O'Brien keeps pouring money into the world's poorest, most violent countries. His bet: Give phones to the masses and they'll fight your enemies for you. ...In Trinidad & Tobago, where the state mobile phone firm was dragging its feet on connecting Digicel calls to its own customers, O'Brien harangued government officials to speed things up, even phoning one Christmas night to complain. After the launch the state firm started dropping Digicel calls anyway, making its new competitor look bad. O'Brien took his case to the people, taking out ads in T&T's papers listing life 'Before Digicel' and 'After Digicel' and held a press conference. The state firm eventually relented. In its first four months Digicel bagged 600,000 customers and is narrowing the gap now with the state in market share."
Well, it's cheaper than armed guards... (It's not just for your pets any more...)
Wealthy Mexicans Getting Chipped in Case of Abduction
Posted by samzenpus on Friday August 22, @04:44PM from the human-Lojack dept.
Because the number of abductions in Mexico has jumped almost 40% in the past 3 years, the wealthy are getting subcutaneous transmitters so they can be tracked when kidnapped.
Never fear! We'll have it fixed by early December at the latest!
Ohio's voting machine glitch exposed
Touch-screens can't be fixed before election, Brunner says
Thursday, August 21, 2008 8:34 PM By Mark Niquette THE COLUMBUS DISPATCH
The maker of touch-screen voting machines used in half of Ohio's counties has admitted that its own programming error is to blame for votes being dropped in some counties.
The problem can't be fixed before the Nov. 4 election, so Premier Election Solutions and Secretary of State Jennifer Brunner are issuing guidelines to counties for how to avoid the problem. [Deny everything! Bob]
... But in a letter Tuesday to Brunner, Premier President David Byrd admitted that further testing showed a source-code error that can cause votes not to be recorded when memory cards are uploaded to computer servers under certain circumstances. [Like when the (insert party here) has the most votes. Bob]
... But Premier spokesman Chris Riggall said the programming problem had gone undetected after years of use and both federal and state testing. [Translation: we got away with it... Bob]
... She noted that Brunner has been issuing directives recently dealing with security measures surrounding the election and is expected to address computer server security soon.
"This is something that we will watch very closely," Leininger said. [This does not sound like a security issue – the machines are working as (mis?)-programmed. Bob]
Very impressive! Its ability to find “similar” images could be useful.
TinEye.com - Reverse Image Search
Google’s image search is a great place for you to find images. But what if you want to see where an image you have can be found on the internet? If you want to find that out, check out Tineye.com. This site allows you to upload a picture and find where on the internet you can find it. This will allow you to find more pictures like it, or know if your friends have been uploading pictures of you to their profiles. It’s surprising to see how accurate the image matching capabilities of the site are. It takes seconds for the site to tell you where the image you uploaded comes from. People worried about copyright infringement should love this site. Just upload a copyright protected picture and the site will tell you if someone has used it illegally. It’ll be interesting to see if the results get better as the site improves its search algorithms.
I love lists, someone has already done the hard work, all I need do is see if anything on the list is interesting – and a few of these are.
The Top 100 Undiscovered Web Sites
pcmag.com — These sites let you crunch the numbers, analyze the data, or just look up who that one guy is in that one movie.
You'll forgive me if I think this proves the French are crazy. Apparently driving while blind is perfectly legal in France!
Blind Frenchman fined for drunk driving
Fri Aug 22, 7:54 AM ET
NANCY, France (AFP) - A blind journalist was given a month's suspended jail sentence and fined 500 euros (750 dollars) by a French court Friday for driving while drunk and without a license.