http://www.pogowasright.org/?p=6631
Ie: Hospital keeps secret DNA file
December 27, 2009 by Dissent Filed under Breaches, Featured Headlines, Other
Mark Tighe reports:
A Dublin hospital has built a database containing the DNA of almost every person born in the country since 1984 without their knowledge in an apparent breach of data protection laws.
The in Temple Street is under investigation by the Data Protection Commissioner (DPC) since The Sunday Times discovered it has a policy of indefinitely keeping blood samples taken to screen newborn babies for diseases.
Unknown to the DPC, the hospital has amassed 1,548,300 blood samples from “heel prick tests” on newborns which are sent to it for screening, creating, in effect, a secret national DNA database. The majority of hospitals act on implied or verbal consent and do not inform parents what happens to their child’s sample.
Read more in The Times Online.
T.J. McIntryre comments on the story on IT Law in Ireland:
…. In light of these controversies elsewhere, the lack of informed consent and the fact that there is no legal basis for the heel prick tests (a point confirmed in North Western Health Board v. HW and CW) it’s hard to see how Temple Street could have believed that it was entitled to hold onto these samples indefinitely – and it is remarkable that this point appears to have been missed by the ethics committee on four separate occasions.
Worth reading! Makes you wonder if any social network user can read.
http://www.techcrunch.com/2009/12/27/privacy-theater/
Privacy Theater: Why Social Networks Only Pretend To Protect You
by Guest Author on December 27, 2009
… With apologies to Bruce Schneier’s brilliant coinage, “security theater” (e.g. the magical thinking behind forcing passengers to sit down and shut up for the last hour of international flights), social networks have been dogged by one disaster after another in 2009 because they pursue policies that provide the “feeling of improved privacy while doing little or nothing to actually improve privacy.”
… It’s not like lawsuits are being filed, as Marissa Mayer announced by going after work-from-home scam artists in an interview with Mike Arrington at LeWeb. It’s not like this is Scamville 2.0, since this isn’t stealing users’ cash, only their dignity. It’s not like there’s a legal spotlight on the issue, since there’s only $9M set aside for a hazy new privacy foundation in the latest Facebook class-action settlement. It’s not like it’s a political issue in the headlines, since a Facebook Chief Privacy Officer is running for Attorney General, the top law-enforcement office in California. It’s not like it’s as complicated as “don’t be evil,” since I can give you one simple tip to eliminate privacy theater: enforce your ToS and obey others’ ToS — or else stop setting unrealistic expectations and just let users have their data back!
(Related) The (double-secret) TSA regulation requires everyone to be searched and all carry-ons to be inspected. Looks like another major victory for Al Qaeda, and I doubt this guy had any contact with Al Qaeda except in his dreams.
http://www.pogowasright.org/?p=6638
TSA Security Directive SD-1544–09-06
December 28, 2009 by Dissent Filed under Surveillance
Over on The Volokh Conspiracy, Randy Barnett has posted a TSA security directive that was implemented on December 25, following the failed terrorist attack over Detroit. The directive seems to be circulating on the web, but I have not yet been able to confirm that this is, indeed, an official TSA directive because it is not on any government site that I have found as yet.
Of note, the directive does include the types of precautions described on Air Canada’s original travel advisory. From the directive:
2. IN FLIGHT
1. During flight, the aircraft operator must ensure that the following procedures are followed:
1. Passengers must remain in seats beginning 1 hour prior to [scheduled or actual? Bob] arrival at destination.
2. Passenger access to carry-on baggage is prohibited beginning 1 hour prior to arrival at destination.
3. Disable aircraft-integrated passenger communications systems and services (phone, internet access services, live television programming, global positioning systems) prior to boarding and during all phases of flight. [Cell phone blockers? Bob]
4. While over U.S. airspace, flight crew may not make any announcement to passengers concerning flight path or position over cities or landmarks.
5. Passengers may not have any blankets, pillows, or personal belongings on the lap beginning 1 hour prior to arrival at destination. [Air crew must remove them? Bob]
The directive expires on December 30. You can read the whole thing here.
[From “the whole thing”:
1. Perform thorough pat-down of all passengers at boarding gate prior to boarding, concentrating on upper legs and torso.
2. Physically inspect 100 percent of all passenger accessible property at the boarding gate
(Related) Better than nothing, but not by much.
370 Passwords You Shouldn’t (And Can’t) Use On Twitter
by Robin Wauters on December 27, 2009
… It just so happens that Twitter has hard-coded all banned passwords on the sign-up page. All you need to do to retrieve the full list of unwelcome passwords is take a look at the source code of that page.
Do a simple search for ‘twttr.BANNED_PASSWORDS’ and voilà, there they are, all 370 of them.
This isn’t a security issue, of course, and in fact it’s helpful to distribute the list so you can check if your favorite password that you use for other services might not be as fail-proof as you’d like to think. For the full list, simply download this TXT file, but here are a couple:
password testing naked stupid twitter 123456 secret
please beavis butthead internet hooters
My students discovered this over a year ago.
Security In the Ether
Posted by Soulskill on Sunday December 27, @12:15PM from the less-likely-than-ether-in-the-security dept.
theodp writes
"Technology Review's David Talbot says IT's next grand challenge will be to secure the cloud — and prove we can trust it. 'The focus of IT innovation has shifted from hardware to software applications,' says Harvard economist Dale Jorgenson. 'Many of these applications are going on at a blistering pace, and cloud computing is going to be a great facilitative technology for a lot of these people.' But there's one little catch. 'None of this can happen unless cloud services are kept secure,' notes Talbot. 'And they are not.' Fully ensuring the security of cloud computing, says Talbot, will inevitably fall to emerging encryption technologies."
Well, there's Reality and eReality, see. And sometimes technology that works in Reality doesn't work in eReality, see.
Relax, You Can Still Buy An iPhone In New York City. Just Not Online.
by Erick Schonfeld on December 27, 2009
If you live in the New York City metropolitan area, as I do, and try to buy an iPhone from AT&T’s website, you will probably get the same message I did after I entered my zipcode: “Sorry this package is not available in your area.” Apparently, this is a big story. (Hey, it’s the tail end of a long holiday weekend, and there is nothing else going on). For instance, the Consumerist called some hapless AT&T customer service rep who confirmed that “the phone is not offered to you because New York is not ready for the iPhone.”
A very useful resource for my Business Continuity class
http://www.makeuseof.com/dir/ground-zeroii-nuclear-strike-map/
Ground Zero II: Analyze nuclear explosions on a nuclear strike map
By Israel Nicolas on Dec. 20th, 2009
Similar tool: NukeoMeter and Impact Calculator.
No comments:
Post a Comment