Saturday, August 28, 2010

Perhaps this is how they do it outside of Philadelphia?

GA: Schools attorney drafting revised policy after parent says searching backpacks is unconstitutional

August 28, 2010 by Dissent

Ryan Calhoun reports:

Random school searches are meant to keep your children safe, but one parent tells the Richmond County school board it’s unconstitutional and now they’re taking a new look at the policy.

OK, let’s stop right there in amazement. A parent raises a constitutional concern and the school board decides to think about their policy more? It doesn’t take a lawsuit to get them to at least consider their policy? What a refreshing change. [Amen! Bob]


In the U.S. Supreme Court case, Safford Unified School District #1 v. Redding it states, “For school searches, ‘the public interest is best served by a Fourth Amendment standard of reasonableness that stops short of probable cause.’”

Later it reads, “…a school search ‘will be permissible…when the measures adopted are reasonably related to the objectives of the search and not excessively intrusive in the light of the age and sex of the student and the nature of the infraction.’”

Richmond County School officials tell News 12 their attorney is now drafting a policy to make sure their searches are legal.

Read more on WRDW.

(Related) Rational is so much cheaper...

IT staffer set to return to LMSD

At least one of the two Lower Merion School District employees who have been on paid administrative leave since shortly after a webcam lawsuit was started against the district will be going back to work, her attorney confirmed this week.

In February school officials placed the employees, who were authorized to activate the district’s webcam monitoring system, on leave. Neither has been able [was allowed? Bob] to go back to work since the suit was filed. This week Main Line Media News learned that Carol Cafiero was expected to be taken off administrative leave and return to her job.

… Mandracchia said he also expects to work with the district to have them cover the legal fees she has accumulated.

“Hopefully we can come to some type of mutual agreement,” he said.

Although he declined to say what her bills amounted to, Mandracchia said they hadn’t reached six figures.

Should we conclude there is an economic impact?

The Economist Debate on Online privacy

August 27, 2010 by Dissent

Resolved: “This house believes that governments must do far more to protect online privacy.”

Proposer: Marc Rotenberg, EPIC

….. we need the government agencies charged with consumer protection, privacy protection and antitrust review to play a more active role on behalf of internet users. Companies that collect personal information for one purpose and then turn around and use it for a completely unrelated purpose should not get a free pass from regulators. And the consolidation of large internet firms, particularly in the online advertising world, should set off alarm bells for competition authorities. Not only does the massive profiling of users by incumbents place users in a digital fishbowl, it also makes it more difficult for new entrants to compete. Competition, innovation and privacy protection could easily become allies as the internet economy evolves.

We also need independent privacy agencies to speak up when the private sector or the government cross into Big Brother territory. Requiring RFID tags in products and identity documents, gathering up DNA samples for law enforcement use and consumer products, and tracking the location of internet users without their knowledge or consent all pose new challenges that cannot be ignored.

The Opposition: Jim Harper, CATO

…. Government help will not do for protecting privacy in its stronger “control” sense either. Privacy is a value that varies from person to person and from context to context. Perfectly nice, normal people can be highly protective of information about themselves or indifferent to what happens with data about their web surfing. Any government regulation would cut through this diversity.

Government “experts” should not dictate social rules. Rather, interactions among members of the internet community should determine the internet’s social and business norms.

Read more of the debate on The Economist.

Debate is better than nothing, but shouldn't we be narrowing down toward an agreement by now?

More on the “harm” threshold (and its possible demise)

By Dissent, August 27, 2010

Over on HIPAA Blog, attorney Jeff Drummond writes:

More on the “harm” threshold (and its possible demise): During this past week, the AHLA “HIT list” listserv has buzzed with commentary on the “harm” threshold (in large part started by the NYT article mentioned here), whether it should even be in there (or is an unconstitutional expansion of the statute beyond the capacity of HHS to enact), and whether it’s a good idea even if it can be instituted via regulation. Dom Nicastro has a nice article comparing the California breach notification statute, which is a net that catches all, to the the HIPAA breach notification provisions, which allow the “no harm” breaches to be excluded from the reporting requirement. Virtually all of the California healthcare breaches reported to the state were not reported to HHS under the “harm” standard (although it’s possible some were not reported because they fit into one of the other HIPAA exceptions to reporting). Which means either we need the “harm” threshold to prevent useless and unnecessary reporting, OR we must get rid of the “harm” threshold because it is abused in its use.

I discussed Nicastro’s article on this blog yesterday, here. What I want to respond to here is Jeff’s conclusion that

either we need the “harm” threshold to prevent useless and unnecessary reporting, OR we must get rid of the “harm” threshold because it is abused in its use.

There are more than two options or rationales here. We could — and should — get rid of the “harm” threshold because it exceeds the statute passed by Congress and indeed, flouts Congress’s specific language and intent as they had specifically rejected a harm threshold after considering it. We could — and should — get rid of the “harm” threshold because it is premised on the notion that the main reason to notify patients of a breach is concern for societally recognized “harm” and does not consider the issue of patient trust and confidentiality as the primary reason to disclose a breach.

What Jeff Drummond considers “useless and unnecessary reporting” reflects what he or others might consider a pragmatic approach, but what I consider to be an approach that ignores the trust and confidentiality issues between provider and patient. Patients believe we are bound by an oath to keep what we learn about them confidential. Unless we’re going to start warning them, “Yes, I’ll keep this all confidential, but if I suffer a security breach, I may not tell you,” then we have an obligation to disclose breaches.

(Related) Exceptions...

MN: Court Sides With State in Baby Blood Storage Case

By Dissent, August 27, 2010

Jeff D. Gorman reports:

Minnesota did not violate families’ privacy rights by collecting and storing children’s blood samples, the state Court of Appeals ruled.

Alan and Keri Bearder and the parents of 23 other children sued the state and its Department of Health for allegedly collecting blood samples from their infants to test for genetic disorders, and then storing the blood in freezers for use in research.

The parents claimed the state’s actions violated state privacy laws.

Read more on Courthouse News, where you can also read the court’s opinion (pdf). A key part of the opinion was the broad powers of the Commissioner “trump” the state’s genetic privacy act which requires written informed consent before use of the information “unless otherwise expressly provided by law.”

Applying these principles, we conclude that Minn. Stat. § 144.125-.128 and other governing legislation granting the commissioner broad authority to manage the newborn screening program amount to an “express” provision of law that authorizes collection, retention, use and dissemination of blood specimens for the newborn screening program, making the genetic privacy act inapplicable.

I am watching this debate, not surveilling it.

Debating America’s surveillance state

August 27, 2010 by Dissent

Glenn Greenwald writes:

Earlier this month, The Cato Institute’s Unbound published my essay on America’s Surveillance State, and then invited several commentators to reply and participate in a debate of these issues. Two of those replies were particularly critical: this one from John Eastman, former Dean of the Chapman University School of Law (recent home to John Yoo), recently defeated GOP candidate for California Attorney General, and former clerk to right-wing judges Clarence Thomas and Michael Luttig; and this one from Paul Rosenzweig, a Fellow at the Heritage Foundation and a former Homeland Security official in the Bush administration.

Read more on Salon.

(Related) For my Ethical Hackers – a four factor test.

Orin Kerr discussed GPS Tracking on C-SPAN

August 27, 2010 by Dissent

Orin Kerr was on C-SPAN’s Washington Journal program this morning discussing GPS surveillance and the Fourth Amendment. You can watch the interview on C-SPAN’s site, here. If you’re interested in this topic, it’s a great interview to watch as Orin touches on a number of cases and how different courts have reached different conclusions about the need for a warrant.

Another for my Ethical Hackers. Perhaps this suggests a business model: Send us your failing malware and we'll analyze it for you! If nothing else, selling the results of the analysis to the anti-virus vendors should turn a profit.

Many Hackers Accidentally Send Their Code To Microsoft

Posted by Soulskill on Friday August 27, @09:30AM

"When hackers crash Windows in the course of developing malware, they'll often accidentally agree to send the virus code straight to Microsoft, according to senior security architect Rocky Heckman. 'It's amazing how much stuff we get.' Heckman also said Microsoft was a common target for people testing their attacks. 'The first thing [script kiddies] do is fire off all these attacks at On average we get attacked between 7000 and 9000 times per second.'"

Who writes these contracts? Do they specifically outlaw Best Practices and Common Sense?

State of Virginia Technology Centers Down

Posted by Soulskill on Friday August 27, @12:00PM

"Some rather important departments (DMV, Social Services, Taxation) in the state of Virginia are currently without access to documents and information as a technology meltdown has caused much of their infrastructure to be offline for over 24 hours now. State CIO Sam Nixon said, 'A failure occurred in one memory card in what is known as a "storage area network," or SAN, at Virginia's Information Technologies Agency (VITA) suburban Richmond computing center, one of several data storage systems across Virginia.' How does the IT for some of the largest departments in a state come to a screeching halt over a single memory card? Oh, and also, the state is paying Northrup Grumman $2.4 billion over 10 years to manage the state's IT infrastructure."

Reader miller60 adds, "Virginia's IT systems drew scrutiny last fall when state agencies reported rolling outages due to the lack of network redundancy."

No comments: