http://www.wired.com/threatlevel/2009/08/privacyboost/
Court’s Steroid Ruling Pumps Up Computer Privacy
By David Kravets Email Author August 26, 2009 7:32 pm
A divided 11-judge federal appeals court panel has dramatically narrowed the government’s search-and-seizure powers in the digital age, ruling Wednesday that federal prosecutors went too far when seizing 104 professional baseball players’ drug results when they had a warrant for just 10. [As we all know, lawyers can't count. Bob]
The 9th U.S. Circuit Court of Appeals’ 9-2 decision offered Miranda-style guidelines to prosecutors and judges on how to protect Fourth Amendment privacy rights while conducting computer searches.
… Chief Judge Alex Kozinski, writing for the 9-2 majority, (.pdf) said the government “must maintain the privacy of materials that are intermingled with seizable materials, and … avoid turning a limited search for particular information into a general search of office file systems and computer databases.”
George Washington University law professor and former federal cybercrime prosecutor Orin Kerr called the decision “truly astonishing.”
“The majority opinion … announces a laundry list of brand-new rules, introduced with no citations to any authority, [I wonder if they read my blog? Bob] that henceforth the government must follow when executing warrants for digital information,” Kerr wrote in a post to the Volokh Conspiracy blog. “I can’t recall having read anything quite like it, although it does bring to mind Miranda v. Arizona.”
… In dissent, Judges Consuelo Callahan and Sandra Ikuta wrote that the majority was sidestepping its own precedent in which the circuit court had denied the suppression of child pornography evidence found on a computer during a search for the production of false identification cards pursuant to a valid warrant.
“There is no rule … that evidence turned up while officers are rightfully searching a location under properly issued warrant must be excluded simply because the evidence found may support charges for a related crime,” the dissenting judges wrote.
[The decision:
http://www.wired.com/images_blogs/threatlevel/2009/08/seizure.pdf
Repeated finding: The scope of any data breach expands dramatically after statements like, “Only a few records were compromised.” (The alternative would force us to the conclusion that politicians were lying to us!)
http://www.databreaches.net/?p=6883
Update: Home Office admits full extent of USB data loss
August 26, 2009 by admin Filed under Breach Incidents, Government Sector, Lost or Missing, Non-U.S., Subcontractor
The Home Office has had to dramatically revise its estimates of the amount of data contained on a memory stick lost by third-party contractor PA Consulting last year.
The department’s newly released Resource Accounts for 2008-09 (PDF) say that the USB device containing Police National Computer and prisoner data actually held 377,000 records, 250,000 more than originally reported.
Read more on V3
Earlier coverage of this breach can be found in the archive of PogoWasRight.org
A detailed (long) article illustrating another axiom of data breaches: If management doesn't understand what happened, they deny that anything happened.
http://www.databreaches.net/?p=6872
School district hiding behind a criminal investigation - parent
August 26, 2009 by admin
On the principle of “no good deed goes unpunished,” some of those who have discovered and reported breaches have been terminated or prosecuted for their actions...
… Now a parent of a disabled student alleges that he is being investigated by the FBI because he discovered and reported a security breach that his child’s school district has not owned responsibility for.
… He claims that it wasn’t until four months later, however, when he went back to a publicly available document on Leander’s web site called “Welcome to the World of eSped” that he noticed that screen shots of the eSped system in that public document displayed logins and passwords to the system. [Probably created by “screen capture” of the logon process by someone with full access to the system. Bob] Short informs this site that he impulsively tested one of the logins on eSped’s site and found that it gave him access to Leander’s special education records.
Your tax data will never be used for any other purpose. Your health data will never be used for any other purpose.
http://www.pogowasright.org/?p=3202
Democratic health care bill divulges IRS tax data
August 27, 2009 by Dissent Filed under Featured Headlines, Govt, Legislation, U.S.
Over on Taking Liberties, Declan McCullagh has some commentary on provisions in the proposed health care bill, H.R. 3200, that relate to privacy. Some of the provisions in the massive bill include:
Section 431(a) of the bill says that the IRS must divulge taxpayer identity information, including the filing status, the modified adjusted gross income, [because if you're rich you get better coverage and you get to be on the Democrat's fund raising list. Bob] the number of dependents, and “other information as is prescribed by” regulation. That information will be provided to the new Health Choices Commissioner and state health programs and used to determine who qualifies for “affordability credits.”
Section 245(b)(2)(A) says the IRS must divulge tax return details — there’s no specified limit on what’s available or unavailable — to the Health Choices Commissioner. The purpose, again, is to verify “affordability credits.”
Section 1801(a) says that the Social Security Administration can obtain tax return data on anyone who may be eligible for a “low-income prescription drug subsidy” but has not applied for it.
Read more on CBS News.
Let me see if I get this right. They're bragging about catching this guy after failing to do so 9 times in a row. Yeah. Great software.
http://news.cnet.com/8301-17852_3-10318536-71.html?part=rss&subj=news&tag=2547-1_3-0-20
Man with 25 IDs nabbed by face-recognition tech
by Chris Matyszczyk August 26, 2009 12:14 PM PDT
… However, according to authorities in Indiana, his real name was George Helms and he assumed at least 10 different names in that state alone.
According to CBS2 Chicago, Helms walked into the Hobart, Ind., license branch to obtain an 11th ID. No one seems really sure why he would want an 11th license.
What Helms appears not to have known is that Indiana has invested in new facial recognition software.
Helms allegedly had all the correct paperwork and then posed for his photograph. However, in the evening after his application was approved, the photograph passed through the new facial recognition system, which spotted an allegedly remarkable similarity with 10 other licenses, according to the report.
Remember, “We locked the barn door!” should only happen after, “We put the horse in the barn.”
http://www.bespacific.com/mt/archives/022165.html
August 26, 2009
DHS and Information Technology Sector Coordinating Council Release Information Technology Sector Baseline Risk Assessment
News release: "The Department of Homeland Security (DHS) and the Information Technology Sector Coordinating Council (IT SCC) today released the IT Sector Baseline Risk Assessment (ITSRA) to identify and prioritize national-level risks to critical sector-wide IT functions while outlining strategies to mitigate those risks and enhance national and economic security... The ITSRA validates the resiliency of key elements of IT sector infrastructure while providing a process by which public and private sector owners and operators can continually update their risk management programs. The assessment links security measures to concrete data to provide a basis for meaningful infrastructure protection metrics." [This control.....Didn't work. Bob]
(Related) In the US, wouldn't we (taxpayers) already own the code? Could we send the NSA a FOIA request? (The Swiss like their cheese and your network with holes.)
http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out?from=rss
Coder of Swiss Wiretapping Trojan Speaks Out
Posted by Soulskill on Wednesday August 26, @10:41AM from the is-swiss-software-full-of-security-holes dept.
Lars Sobiraj writes
"Ruben Unteregger has worked for a long time as a software-engineer for the Swiss company ERA IT Solutions. His job there was to code malware that would invade PCs of private users, and allow the wiretapping of VoIP calls — in particular, calls made through Skype. In the German-speaking areas of the country, the Trojans were called 'Bundestrojaner' because the Swiss government was involved with their development and use. Unfortunately, Unteregger has to remain silent about the customers of the company. Last night, he published the source code of his Skype-Trojan under the GPL."
This is always one of the options on the negotiation table, so they can't complain.
http://www.hollywoodreporter.com/hr/content_display/news/e3i34ed7d659fd02963e279d2dc2ecf9406
TiVo sues AT&T and Verizon
DVR firm claims patent infringement
By Paul Bond Aug 26, 2009, 08:36 PM ET
Unable to strike a deal with either of the major phone companies that offer TV services, TiVo on Wednesday sued them both.
TiVo filed its DVR patent infringement lawsuits against AT&T and Verizon in the U.S. District Court in the Eastern District of Texas, where it has been battling -- mostly successfully -- Dish Network for five years.
TiVo has already taken Dish for more than $200 million and a judge has slapped a permanent injunction, now being appealed, against Dish. If all goes TiVo's way, Dish will have to shut off millions of its customers' DVRs or strike a licensing deal with TiVo.
Now, the company that introduced DVRs to the world is hoping for a similar outcome against the two phone companies.
Do they mean, “If it ain't work related, don't do it on government owned equipment or during work hours?”
US Fed Gov. Says All Music Downloads Are Theft
Posted by timothy on Wednesday August 26, @04:29PM from the bit-of-a-broad-brush-there dept.
BenEnglishAtHome writes
"Nearly all US government employees and contractors are subject to mandatory annual information security briefings. [This is a good thing. Bob] This year the official briefing flatly states that all downloaded music is stolen. The occasionally breathless tone of the briefing and the various minor errors contained therein are funny but the real eye-opener is a 'secure the building' exercise where employees stumble across security problems and resolve them. According to the material, the correct response to an employee who is downloading music is to shout 'That's stealing!' No mention is made of more-free licenses, public domain works, or any other legitimate download. If this were a single agency or department that had made a mistake in their training material it might not be so shocking. But this is a government-wide training package that's being absorbed by hundreds of thousands of federal employees, both civilian and military. If you see a co-worker downloading music, they're stealing. Period. Who woulda thunk it? Somebody should mirror this. Who wants to bet that copies will become hard to find if clued-in technogeeks take notice and start making noise?"
Warning: this site gives a whole new meaning to "Flash heavy."
Dear Government Guys, Thank you for putting all of your utility communications eggs is one easily accessed basket. Sincerely, The League of Extraordinary Hackers
Utilities may get dedicated chunk of spectrum for smart grid
As part of its broadband hearings, the FCC looked at whether it should follow Canada's lead and allocate a chunk of spectrum to give utilities wireless broadband for smart grid devices.
By John Timmer Last updated August 26, 2009 2:41 PM CT
Remember the IBM commercials that suggested you would be able to listen to “Every song ever recorded?” This is how that will happen. No need for local storage, since you can access anything from anywhere.
http://www.wired.com/entertainment/music/magazine/17-09/pl_music
5 Apps Tap the Internet's Infinite Playlist
By Eliot Van Buskirk Email 08.24.09
It used to be you needed a ginormous hard drive to build and store your digital music collection. But now that most songs exist somewhere in the cloud—on YouTube, one-stop streaming sites like imeem, or blog aggregators like Hype Machine—services have emerged that help you squeeze the Internet for any track you need. Wherever music lives, you can now play, collect, and share it without downloading any audio files. None of these sites is pitch-perfect, and their fidelity isn't as high as your meticulously encoded lossless library. But in these lean times, free jams are sounding better by the minute.
For my Disaster/Recovery students. Creating an “excuse free” contingency plan.
7 Backup Strategies for Your Data, Multimedia, and System Files
Nobody likes backing up, but one day, it’ll save your bacon. Here are the most efficient methods of protecting your stuff, no matter what your situation.
Lincoln Spector, PC World Aug 25, 2009 7:00 pm
Tools & Techniques This could be very handy. I could create a new web page for each of my lectures, with all the links and images. Also useful in the website class...
http://www.makeuseof.com/tag/create-a-free-rinky-dink-disposable-web-page-with-dinky-page/
Create a Free Disposable Web Page with DinkyPage
Aug. 27th, 2009 By Karl L. Gechlik
Have you ever had the need to create a free web page quickly to share information with a group of people or even a team member? You have to fire up your editor, make the page and then upload the page to the site, find the URL and pass it around.
Now we have discovered a service that does ALL the hard work for you! It’s called DinkyPage and can be found here.
No comments:
Post a Comment