Hospital Addresses Online Privacy Mistake
Posted January 9th, 2009 by admin
When a former patient at West Penn hospital went online to pay her bill, she discovered that she could access 85 other patients’ information, including their names, addresses, medical procedures and costs.
When the hospital did not reply to two emails she sent alerting them to the problem, she went to a news station, and that’s when the hospital started dealing with the problem.
A hospital spokesman blamed the problem on a temporary data translation error involving a third-party billing partner. [Excellent use of gibberish! Bob]
“We immediately disabled the online bill payment service to complete a full audit of the system. We are working to institute additional safeguards and cross-checks with out third party service to ensure that this issues is completely resolved,” said spokesman Dan Laurent.
Laurent said this was an isolated incident and that only 15 patients had their information viewed. [Calling our whistle blower a liar! Bob]
Is there a law anywhere that requires ISPs/Cloud sites/anyone to assist victims? Points out several other gaps (in Japanese law at least)
JP: Info on 110,000 students leaked
Posted January 10th, 2009 by admin
Personal information containing names, addresses, telephone numbers and bank account numbers used for paying tuition on all 110,000 students enrolled in Kanagawa prefectural senior high schools in fiscal 2006 was leaked–and remains–on the Internet because the involved parties have been unable to get it removed.
Last September, the board of education received a fax from an anonymous person, saying private information had been leaked on the Internet through file-sharing software.
The information mentioned in the fax turned out to be data that the board of education had provided to IBM Japan to develop a tuition collecting system.
IBM Japan said it was highly likely the information was leaked from a computer of an employee at another company, which IBM Japan had commissioned to help carry out the task. A virus that had infected the employee’s computer apparently released the information through the Winny file-sharing program. [Japanese peer-to-peer software Bob]
Read more in the Asahi Shimbun
[From the article:
The board of education, IBM Japan and other parties concerned have been unable to remove the data.
… The board of education and prefectural police have decided that trying to establish a criminal case against the file-sharer would be difficult because the law on protection of personal information applies to corporations and organizations, not individuals.
Other options are being considered, including IBM Japan filing a criminal complaint against the file-sharer on suspicion of violating the Copyright Law because the information leaked includes IBM's internal documents.
This is becoming so easy it might even pass selling drugs as the preferred method for putting yourself through college!
CO: New reports of “skimming” in the Grand Valley
Posted January 9th, 2009 by admin
Grand Junction Police are looking into a number of reports of “skimming” incidents around the Grand Valley. This is the second time in as many months police have seen a rash of reports pour into the department.
The GJPD says at least 17 new victims have come forward, with a dollar loss per victim of two-thousand dollars.
In July, Grand Junction police told us of similar investigations. Police say over $150,000 has been stolen from 40 victims in skimming incidents in Grand Junction. These crimes had been reportedly occurring locally since February.
Looks like those “sex offender” laws have greased the slope a bit... Maybe we could extend this to include: “Really bad driver” and “Hopelessly Liberal?” (“Nothing wrong with our sentencing guidelines!”)
OR: Criminally insane residence disclosure sought
Saturday, January 10 2009 @ 06:39 AM EST Contributed by: PrivacyNews
Medford City Council members Friday said they would support changes in the way the criminally insane are released back into the community.
Twenty-two criminally insane individuals, including a murderer and a child rapist, live in foster and group homes in the city as part of conditional releases from state hospitals, but state law bars police from notifying their neighbors of their presence, said Medford Police Chief Randy Schoen.
Source - Mail Tribune
Yippee! A new target for hackers! “Cameras, OFF! Door, OPEN! Contents, GONE!”
Schlage to put your front door locks on the Web
Posted by Rafe Needleman January 9, 2009 2:30 PM PST
Lock company Schlage is launching Schlage Link, a suite of products to allow over-the-Web control of a home's locks, lights, and thermostats. It also integrates with Webcams.
Even with the surveillance cameras turned off there is video – from multiple angles!
Web videos of Oakland shooting fuel protests
Posted by Elinor Mills January 9, 2009 1:23 PM PST
More than 100 people were arrested in downtown Oakland on Wednesday night when a protest turned violent, fueled at least in part by videos that quickly spread online of a subway policeman fatally shooting an unarmed man while he was lying on the ground restrained by another officer.
First "Pretexting" Charges Filed Under New Law Passed After HP Spy Scandal
Friday, January 09 2009 @ 12:41 PM EST Contributed by: PrivacyNews
... Last month in Ohio, authorities filed an indictment against 28-year-old Vaden Anderson alleging that the defendant used pretexting to obtain confidential phone records from Sprint/Nextel. According to the indictment, Anderson served the phone company with a fake U.S. District Court civil subpoena to obtain the records.
... In a separate case in Alabama last November, Nicholas Shaun Bunch was charged with using a victim's name and the last four digits of his Social Security number to obtain the victim's confidential phone records from T-Mobile. He was also charged with aggravated identity theft for use of the victim's Social Security number.
Source - Threat Level
Not yet a National Holiday... (Checkout the resource list in the article!)
Data Privacy Day 2009
Posted January 9th, 2009 by admin
January 28 is the second international Data Privacy Day in the U.S., Canada, and over two dozen European countries.
In Congress, Rep. David Price of North Carolina has introduced a resolution supporting the designation of January 28, 2009 as National Data Privacy Day. To date, the bill has six co-sponsors:
Rep Barton, Joe [TX-6]
Rep Coble, Howard [NC-6]
Rep Dreier, David [CA-26]
Rep Markey, Edward J. [MA-7]
Rep McGovern, James P. [MA-3]
Rep Stearns, Cliff [FL-6]
Rep. Price had previously submitted this bill in August as H.RES.1411, during the 110th Congress. At the time, there were 11 co-sponsors.
If your representative is not listed as a co-sponsor of the current resolution and you would him or her to support the resolution, you can use the House’s web site to contact your representative about H. Res. 31.
And if your business or agency is doing anything special for the day, feel free to post the details or link to your event below. [I know that the DU Law School is doing something... Bob]
Sounds simple, doesn't it? But now you are talking about adding a mechanical device (the switch) to what had been a sealed system. Then you need an indicator to tell you when it's on and when it's off. Not simple, not cheap.
Privacy Commissioner wants off switch on new Ontario driver licenses
Friday, January 09 2009 @ 01:15 PM EST Contributed by: PrivacyNews
Ontario's Privacy Commissioner wants to give Ontarians the ability to turn off the RFID function on their new enhanced driver's licences.
More specifically, Commissioner Ann Cavoukian wants a simple switch added to the RFID chip in the enhanced driver's licence (EDL) that will soon be coming to Ontario. The new cards aim to meet new U.S. Homeland Security requirements that come into effect June 1, transmitting a unique number to border officials while drivers wait in line at the crossing.
The Ontario government passed the bill approving the EDL on Nov. 18. But now Cavoukian wants to revisit that legislation because of privacy concerns.
Source - ITBusiness.ca
E-Discovery: This can't be good
D.C. Appeals Court Affirms Order Requiring a Non-Party to Spend $6 Million, 9% of its Total Annual Budget, to Comply with an e-Discovery Subpoena
… The Circuit Court did not even address the merits of these arguments, but, instead, basically said it was too late, you “agreed” to it, so now you are stuck with it regardless of the costs and consequences.
Surveys like these are mirrors where you can examine the flaws of your security strategy.
January 09, 2009
PWC: Global state of information security survey 2008
"The Global state of information security survey 2008 is a worldwide security survey by PricewaterhouseCoopers, CIO Magazine and CSO Magazine. It was conducted online from March 25 to June 26, 2008. Readers of CIO and CSO Magazines and clients of PricewaterhouseCoopers from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 7,000 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 119 countries. Thirty-nine percent (39%) of respondents were from North America, twenty-seven percent (27%) from Europe, seventeen percent (17%) from Asia, fifteen percent (15%) from South America, and two percent (2%) from the Middle East and South Africa."
Google Researchers Warn of Automated Social Info Sharing
Posted by Soulskill on Friday January 09, @08:10PM from the don't-post-what-you-want-kept-private dept. Social Networks Google Privacy The Internet
"Researchers from Google have written a paper about how social networks can undermine privacy. The most interesting scenario they discuss is 'merging social graphs' — when correlating multiple social networks makes it possible to reveal connections that a person has intentionally kept secret (PDF). For example, it may be possible to work out that a certain LinkedIn user is the same person as a MySpace user, despite their attempting to keep their profiles separate. The Google solution is to develop software that screens new data added to a social network, attempting to find out if it could be fodder to such data mining."
Related? Interesting statistic
Will 2009 Be the Year of Multiple Digital Identities?
Friday, January 09 2009 @ 12:40 PM EST Contributed by: PrivacyNews
Just days after microblogging company Twitter More about Twitter was hacked, a group of entrepreneurs and policy activists gathered at Facebook's More about Facebook Palo Alto headquarters to discuss "Privacy 2009: The Year Ahead." The discussion, cohosted by Tech Policy Central, demonstrated that the privacy debate is starting to mature.
Instead of inflexible government dictates for data usage, privacy activists agreed that rules need to be set in a way that encourages innovation.
Chris Hoofnagle, director of the Berkeley Center for Law and Technology, called for an "evolving standard, so innovations can happen," as the way to protect privacy and security.
"You can't legislate common sense," remarked Jim Dempsey, vice president of public policy for the Center for Democracy and Technology More about Center for Democracy and Technology.
Source - TechNewsWorld
[From the article:
Currently, 60 percent of Facebook's teen users have implemented privacy controls, compared with only 25 percent to 30 percent of adult users. This is an interesting statistic, given the common assumption that members of the younger generation don't care who sees their data. It is probably also a sign to entrepreneurs that there will be greater demand in the future for people to do more with their profiles, meaning more than one.
Need to stay current?
Google Reader gets how-to video guides
Posted by Josh Lowensohn January 9, 2009 2:26 PM PST
In an effort to make Google Reader more approachable, Google has put out a series of help videos that show people how to use it. There are only two clips to start out with (posted below) which cover basics like adding and reading feeds, and using the tool's sharing features. Google says future videos will cover some of the more advanced features.
This used to be called “Polluting” now it's “Global Warming Remediation” (I hope they have plenty of liability insurance if the precipitate an Ice Age)
U.N. Says 'No,' Climate Hackers Say, 'Yes We Can'
By Alexis Madrigal January 09, 2009 10:46:37 AM
A major Indian-German geoengineering expedition set sail this week for the Scotia Sea, flouting a U.N. ban on ocean iron fertilization experiments in hopes of garnering data about whether the process actually does take carbon dioxide out of the atmosphere and sequester it in the deep ocean, a technique that may help reverse global warming.
The LOHAFEX experiment will spread 20-tons of iron sulphate particles over a 115-square-mile section of open ocean north of Antarctica — that's about 1.7 times the size of Washington, D.C. The initiative has drawn fire from environmental groups who point out that 200 countries agreed to the moratorium until more evidence was available about its efficacy.
Straight line after straight line after straight line... (I must have a dirty mind.) But I did learn some new words – I just can't use them.
Photos: Adult Entertainment Expo crashes the CES party
January 9, 2009 3:51 PM PST
LAS VEGAS--CES isn't the only show in town this week.
… For many in the adult entertainment industry, having their major annual trade show alongside CES is a boon, because it gives them a chance to see the latest technology coming down the line from the consumer electronics industry, and therefore to try to figure out how to tie their own products to the best new electronics. For example, one adult industry executive said that the 3D TVs coming down the line are likely to be a boon for the adult industry, as fans will be able to experience a more realistic kind of porn in the privacy of their own homes.
Porn producer leans on iPhone to lure new customers
Posted by Daniel Terdiman January 9, 2009 4:44 PM PST
LAS VEGAS--Apple might not want anything to do with it, but if one thing is clear, it's that porn on the iPhone is going to be huge.
Unrelated (but almost as amusing)
Army Assembles 'Mad Scientist' Conference. Seriously.
By Noah Shachtman January 09, 2009 5:25:00 PM
… "The objective of the seminar was to investigate proliferating technologies with the potential to empower individuals and groups in the next 10-25 years," according to an unclassified summary of the Mad Scientist gathering, obtained by Danger Room.
… Turning to forward-looking thinkers [and then ignoring their advice Bob] is a time-honored government tradition. Shortly after 9/11, for instance, the Army met with Hollywood screenwriters and directors to forecast terrorist scenarios. Last year, the Department of Homeland Security held a gathering of science-fiction writers to solicit advice on which technology programs to fund.