This can't be right, can it? According to Wolfram Alpha, more than 600,000 people died in the UK last year. So something like 96,000 had their identity stolen? Are we seeing this in the US where 2,500,000 people died last year?
Post-mortem ID theft
According to Cifas data analyzed by Halo, if you’re in the UK and die, you apparently have a 16% risk of having your identity stolen after your death.
That makes a somewhat compelling argument for not dying in the UK, doesn’t it?
Après HITECH, le déluge (of reports)
Yesterday on phiprivacy.net, I posted a link to an article in the Journal of AHIMA that discusses how California officials were surprised at how many breach reports they have received since California’s new medical privacy breach reporting law went into effect on Jan. 1.
Under the broadened reporting requirements whereby healthcare organizations in California are now required to report any unauthorized access to a patient’s unsecured personally identifiable health information (PHI) —intentional or otherwise — 823 incidents were reported between Jan. 1 and May 31. According to a spokesperson for the California Department of Public Health, Center for Health Care Quality (CDPH), most of the breaches have been due to errors as opposed to intentional breaches.
In a statement to PogoWasRight.org, Pam Dixon, Executive Director of the World Privacy Forum noted how the high numbers suggest that there is much to be done to ensure privacy and confidentiality:
“What struck me the most about the report is the total number of breaches since January — over 800. This is a substantially higher number than previous breach reports have hinted at. We have always known that the number of actual breaches exceeded the number of breaches that get reported, but these new statistics suggest that the number of actual breaches is staggeringly high. This new data show why there is heightened need for stronger protections for electronic health records, and especially for electronic health records that are exchanged among a variety of providers and health information exchanges. Ensuring patient privacy and confidentiality has not been adequately addressed yet, or we would not be seeing these high breach numbers.”
If that is the case, as it appears to be, then what should we expect to see nationwide when the HITECH Act is implemented? Under the new law, there is a broader definition of what constitutes a breach and what triggers notification. Although notification is only required in the case of unsecured PHI, given how many incidents we read about on a daily basis involving unsecured records, and in light of preliminary data from California, it seems likely that we are about to have a mind-boggling experience when we see how often unintended disclosure of PHI really occurs.
As Dixon points out, and as the reports from Alberta Health Services in Canada and the NHS in the UK clearly remind us, as we move towards more records online, we run greater risks of not only hacks but viruses infecting databases and either endangering the accuracy of patient records or stealing sensitive health and personal information. The California data serve as a useful wake-up call and call to action even before HITECH Act provisions go into effect.
I hope they are notifying users and pointing them to a “cure” but I don't see that in the article. Just means the user will re-connect with a new account and the same old malware – and assume Twitter is poorly managed.
Twitter Suspends Accounts of Users With Infected Computers
Jeremy Kirk, IDG News Service Friday, July 10, 2009 5:00 AM PDT
Twitter is suspending the accounts of some users whose computers have fallen victim to a well-known piece of malicious software that has targeted other sites such as Facebook and MySpace.
The malware, Koobface, is designed to spread itself by checking to see if person is logged into a social network. It will then post fraudulent messages on the person's Twitter account trying to entice friends to click the link, which then leads to a malicious Web site that tries to infect the PC.
… Koobface gets instructions from a command-and-control server, which tells the malware which messages to send out. Koobface is dangerous on other levels, however, as it can also steal data from a PC or download other malware.
Politics means never having to say you're sorry (or wrong or lying or...)
Mininova Denied Rectification From Dutch Government
Written by Ernesto on July 09, 2009
Recently a committee of the Dutch Parliament published a report on copyright legislation in which it made several false accusations against the Dutch-based BitTorrent site Mininova. The Mininova team were insulted by the report and demanded a public rectification, which the parliament has now refused. Mininova is now considering legal action.
… Legal threats or not, the committee announced today that it does not intend to rectify their earlier statements, even though they admit to having made a mistake.
(Related) Perhaps we've reached a point where whatever politicians say is assumed to be wrong?
EU Commissioner: Digital Natives See Piracy As ‘Sexy’
Written by enigmax on July 10, 2009
EU Commissioner for Telecoms and Media Viviane Reding has joined the debate over Internet piracy. Yesterday she stated that both sides of the conflict are right but their inability to see things from the other’s perspective is holding back progress. In the meantime, she says, piracy is seen by many as increasingly “sexy”.
“enquiring minds want to know”
Terrorist Surveillance Program, unplugged
A long-awaited report on the Terrorist Surveillance Program was released today. An unclassified version of the report prepared by the Office of Inspectors General for the Departments of Defense, Justice, the CIA, NSA, and DNI is entitled Unclassified Report on the President’s Surveillance Program (pdf).
The report’s discussion of the President’s Surveillance Program (PSP) makes it clear that the Terrorist Surveillance Program (TSP) that the public became aware of in 2005 following publication by the New York Times was only one part of a much broader program expanded by Bush after 9/11 to include a variety of activities. The other activities, referred to in the report as “Other Intelligence Activities,” remain “highly classified” and are not described in the report, but are also subsumed under “PSP.” The PSP program resulted in “unprecedented” collection of data.
According to the report, although John Yoo reportedly prepared several preliminary opinions relating to hypothetical events in September and October of 2001, the first formal Office of Legal Counsel (OLC) opinion on the legality of PSP was not drafted until after President Bush formally authorized the program in October 2001. According to the report:
The first OLC opinion directly supporting the legality of PSP was dated November 2, 2001, and was drafted by Yoo. As discussed in Section IV of this report, deficiencies in Yoo’s memorandum identified by his successors in the Office of Legal Counsel and the Office of the Deputy Attorney General later became critical to DOJ’s decision to reassess the legality of the program in 2003.
As the only OLC official read into the PSP through early 2003, Yoo consulted directly with White House officials about the PSP during this period. Because the DOJ OIG was unable to interview Yoo, it could not determine the exact nature and extent of these consultations. The DOJ OIG was also unable to determine whether Attorney General Ashcroft was fully aware of the advice Yoo was providing directly to the White House about the PSP.
Of course, much that the public would want to know is omitted from the unclassified version of the report, but there is a significant amount of criticism that is left for the public to mull over. One such aspect concerns the DOJ’s handling of PSP-collected information as it related to DOJ’s discovery obligations in international terrorist prosecutions. The DOJ OIG recommended that DOJ reviews its obligations, but also that the DOJ
carefully consider whether it must re-examine past cases to see whether potentially discoverable but undisclosed Rule 16 or Brady material was collected under the PSP, and take appropriate steps to ensure that it has complied with its discovery obligations in such cases.
That Yoo was pretty much the sole source of legal justification memos for PSP seems pretty evident from reviewing the report. It also seems clear that as more people in OLC were read into the program, the OLC began seriously questioning Yoo’s memoranda and the legality of the program, while Gonzales and others in the White House kept trying to persuade Yoo’s successors that the program was legal.
Perhaps some of the greatest drama in the report is provided in the detailed description of the conflict between the White House and DOJ counsel in March 2004, which included the scene in Ashcroft’s hospital room where, having disregarded his wife’s request that her husband was too ill, White House Chief of Staff Andy Card and White House counsel Alberto Gonzales still tried to pressure Ashcroft into signing a reauthorization of the program.
Later in the report, the DOJ OIG concluded that
the White House’s strict controls over DOJ access to the PSP undermined DOJ’s ability to perform its critical legal function over the PSP’s early phase of operation.
The report also indicated that because Ashcroft would not be interviewed, it was unclear whether he had aggressively pursued getting more staff read into the program when the White House did not approve of Ashcroft’s chief of staff, David Ayres, and Deputy Attorney General Larry Thompson being read in.
The report also criticized Alberto Gonzales for providing testimony to Congress that was
confusing, inaccurate, and had the effect of misleading those who were not knowledgeable about the program.
Overall, the impression given is that by restricting details of the program to one and only one person in the OLC who would be likely to be sympathetic to the President’s views, the White House was able to produce “paper” justifying the program until March 2004 by which time others who had been read into the program raised serious doubts about the legality of the program.
Unfortunately, the public still has no court ruling on important issues such as whether the President’s Article II powers trumps FISA. If the courts would stop tossing out lawsuits based on “state secrets” defense, maybe we’d get an answer. If we don’t, then eventually we may find ourselves in a similar situation.
This could get interesting, or Facebook could back away immediately.
Power.com gets in Facebook’s face
In the filing, Power.com claims that some of the actions attributed to Power.com by Facebook, such as sending out emails to contacts, actually were the doing of Facebook itself and that it was Facebook itself which inserts the Facebook email address and “team” sig line. The filing also claims that Facebook is essentially complaining about Power.com doing exactly what Facebook does. Facebook allows users to import contacts from other email accounts but is seemingly trying to block Power.com from also serving an aggregator function.
Dismissing Facebook’s copyright and trademark infringement claims in relatively short order by pointing out that Facebook does not provide even one element to support its claims, Power.com focuses on user ownership of and control of data, and asserts that everything it is doing is done with the content owner’s consent — unlike Facebook, it says, which is allegedly trying to stop its users from exerting such control if they wish to use Power.com’s service.
Jason Kincaid of TechCrunch provides a recap of the lawsuits to date and his perspective on the lawsuits.
Facebook did not respond to a request for a comment on Power.com’s filing or lawsuit by the time of publication.
(Related) I don't see much new...
July 10, 2009
Research Institute Releases Primer on Internet Privacy
Another “nothing new”
July 10, 2009
National Security Inspectors General Release Critique of Warrantless Surveillance Program
News release: Today’s release of a report by several agency inspectors general reinforces the National Security Archive’s argument in our Freedom of Information Act lawsuit that the Justice Department should declassify and release the legal justifications for the surveillance program authorized by President Bush after the terrorist attacks of September 11, 2001. The new report from the inspectors general of the Department of Defense, Department of Justice, Central Intelligence Agency, National Security Agency, and Office of the Director of National Intelligence, criticizes the OLC memoranda that were used to justify warrantless surveillance of US citizens, several of which remain secret and are subject to the Archive’s lawsuit. The IGs state that there were “deficiencies” in the OLC memos, drafted by Deputy Assistant Attorney General John Yoo, and that the memos “raise[d] serious concerns” at DOJ because they omitted analysis of key cases and legal provisions and were not subject to the ordinary “rigorous peer review process.”
Sometimes I just like to remind you that I do have a great grasp of the obvious. I've been saying for years that there is no need to own media if the cost (buying, storing, upgrading) is greater than the cost of viewing movies (songs, archives) 'on demand'
July 10, 2009
Has the Swan Song of the DVD Begun?
The Economist: "TEN years ago DVDs rejuvenated the film business, encouraging people to own films rather than simply watch them. But sales, which began declining gradually in 2006, are now falling more steeply. Around a third of the drop in the first quarter was counteracted by rising sales of high-definition Blu-ray discs, which are more profitable. Meanwhile, rentals are booming. Redbox, which rents films cheaply from self-service kiosks, has been adding machines at the rate of more than 500 per month. For the studios it is much more profitable to stream a film digitally or sell it through a cable operator as a video-on-demand (VOD)."
(Related?) A business model the RIAA will absolutely hate.
Trent Reznor: 'So you want to make money on the Web'
by Matt Asay July 10, 2009 8:04 AM PDT
For those who have yet to grok the Open Core business model, Trent Reznor of Nine Inch Nails fame will sing it to you. In a series of forum entries, Reznor explains exactly how to build a music business on the Web and, in the process, classically defines Open Core, the primary business model for open-source software, too.
Forget thinking you are going to make any real money from record sales. Make your record cheaply (but great) and GIVE IT AWAY. As an artist you want as many people as possible to hear your work. Word of mouth is the only true marketing that matters.
… Then, offer a variety of premium packages for sale and make them limited editions/scarce goods. Base the price and amount available on what you think you can sell. Make the packages special--make them by hand, sign them, make them unique, make them something YOU would want to have as a fan.
For my website students (Get a “.INFO” domain name for $0.99)
Domparison is a domain name price comparison search engine. We search domain registrars to find the cheapest domain prices so that you don't have to. Simply select which domain extension you want and the type of price you want (e.g. register, renew or transfer) and the lowest domain name prices for registration, renewal or transfers will be displayed.
Have I listed this one before?
JDSupra: Database of Legal Documents Shared By Lawyers
JDSupra is a database of legal documents shared by lawyers. For legal professionals its a platform to reach wider audience by uploading their work and get credited for their expertise and experience. For consumers it’s a way to find a lawyer to represent them in court who has worked on similar cases with a proven record of success.