MN: Exposed student data leaves prying eyes wide open
September 7, 2010 by admin
Anthony C. Maki reports:
An online MCTC [Minneapolis Community and Technical College] directory left sensitive student data and internal documents accessible to the prying eyes of anyone with an Internet connection since at least the summer of 2006, according to an investigation by City College News.
Besides annual accounts-receivable reports and salary rosters, a database spanning the last several years of work-study records contained the names of students, their student ID numbers, the amount which they were awarded and the amount which they had earned, sorted by department.
However, college officials claimed that only names of department heads, student ID numbers and work-study awards appeared in the database. This contradicts what City College News found, but the college said that it would investigate further for other data.
The college did not keep records of who accessed the data, according to Jim Dillemuth, chief information officer of MCTC, who suggested that there is no reason to suspect that the data came under inappropriate use.
Read more on City College News.
How it's done in Jamaica, mon. Not clear from the article if they were about to attach a card skimmer to the ATM or were already reading card information wirelessly.
First persons charged under Cyber Crimes Act
At about 9:30 am that day the accused men were seen acting suspiciously in a motorcar in front of an Automated Teller Machine (ATM) situated in Manchester.
The men and the vehicle were searched and found in the car were electronic devices used to intercept transactions and to duplicate the personal identification number (PIN) and other personal information of customers using the ATM.
A look at the legal future of Cloud Computing
Article: Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services
September 6, 2010 by Dissent
Simon Bradshaw of University of London – Centre for Commercial Law Studies, Christopher Millard of the
Centre for Commercial Law Studies; Oxford Internet Institute, and Ian Walden of Queen Mary University of London, School of Law have a working paper that reports the results of their survey of 31 Cloud services offered by 27 discrete providers and compares their Terms and Conditions (T&C). The survey includes Amazon Web Services, MobileMe, DropBox, Facebook, Google Apps Premier, Google Docs, SQL Azure Database, Rackspace Cloud, Salesforce CRM, and others. The results are very thought-provoking.
The paper makes clear that it seems many, if not most, cloud services are specifically disclaiming any liability for data integrity, so if you’re concerned about security, you may want to think twice or be prepared to spend more to obtain additional back-up or security services that they offer. Here’s what the authors say about Data Integrity:
A natural concern for Cloud computing customers is that data placed into the provider's Cloud be secure against loss, be it loss of integrity or availability (resulting, for example, from corruption or deletion) or loss of confidentiality (due perhaps to a security breach or an unauthorised disclosure). Our survey found however that most providers not only avoided giving undertakings in respect of data integrity but actually disclaimed liability for it.
The majority of providers surveyed expressly include terms in their T&C making it clear that ultimate responsibility for preserving the confidentiality and integrity of the customer's data lies with the customer. [I agree. Don't sign the contract. Bob] A number (for example, Amazon, GoGrid, Microsoft) assert that they will make “best efforts” to preserve such data, but nonetheless include such a disclaimer. A number of providers go so far as to recommend that the customer encrypt data stored in the provider's Cloud (for example, GoGrid, Microsoft) or specifically place responsibility on the customer to make separate backup arrangements…[...]… Significantly, such terms are imposed by storage providers such as ADrive and Apple for services that for many (especially individual) customers will be their “separate backup arrangement”. In effect, a number of providers of consumer-oriented Cloud services appear to disclaim the specific fitness of their services for the purpose(s) for which many customers will have specifically signed up to use them.
Concerned about privacy? Here’s a snippet from the section on Data Disclosure:
In terms of the circumstances in which providers will disclose customer information (including customer data stored on the provider's Cloud), we see a spectrum of approaches ranging from providers that have a very high threshold for justifying disclosure to ones which have a much lower one.
All providers that mention this issue state that they will disclose such data in response to a valid court order. Some purport to establish procedural safeguards. For example, the T&C for Salesforce CRM provide that the customer will be given advance notice of a requested disclosure, unless such notice is prohibited, and that Salesforce will assist the customer in opposing such orders.
A number of providers have a slightly lower threshold of disclosure, accepting requests (as distinct from enforceable orders) from recognised law-enforcement agencies, or where there is a clear and immediate need to disclose information in the public interest or to protect life….. [...]… An unusual approach is that taken by IBM regarding its beta-test Smart Business Cloud. IBM expressly states that it has no duty of confidentiality regarding customer data and places responsibility for keeping it confidential on the customer, for example, via encryption…
You can read the entire working paper on SSRN.
Apparently, no. What would? (A self-destruct code that looks like a password?)
Article: Can a Password Save Your Cell Phone from the Search Incident to Arrest Doctrine
September 6, 2010 by Dissent
Adam M. Gershowitz of the University of Houston Law Center has an article in a forthcoming issue of the Iowa Law Review, “Password Protected? Can a Password Save Your Cell Phone from the Search Incident to Arrest Doctrine?” Here’s the abstract:
Over the last few years, dozens of courts have authorized police to conduct warrantless searches of cell phones when arresting individuals. Under the so-called search incident to arrest doctrine, police are free to search text messages, call histories, photos, voicemails, and a host of other data if they arrest an individual and remove a cell phone from his pocket. Given that courts have offered little protection against cell phone searches, this article explores whether individuals can protect themselves by password protecting their phones. The article concludes, unfortunately, that password protecting a cell phone offers minimal legal protection. In conducting a search incident to arrest, police may attempt to hack or bypass a password. Because cell phones are often found in arrestees’ pockets, police may take the phones to the police station where computer savvy officers will have the time and technology to unlock the phone’s contents. And if police are themselves unable to decipher the password, they may request or even demand that an arrestee turn over his password without any significant risk of the evidence on the phone being suppressed under the Miranda doctrine or as a Fifth Amendment violation. In short, while password protecting a cell phone may make it more challenging for police to find evidence, the password itself offers very little legal protection. Accordingly, legislative or judicial action is needed to narrow the search incident to arrest doctrine with respect to cell phones.
You can read the full article on SSRN.
Techno-Darwinism: As technology advances, changing the eco-system, Homo Sapiens who can't adapt to the new environment die off before passing their genes to another generation.
Australia To Fight iPod Use By Pedestrians
Posted by Soulskill on Monday September 06, @11:20PM
"In recent years the number of people killed on roads in New South Wales, Australia has dropped, but strangely enough, the number of pedestrians killed has risen. Some think it's because of the use of iPods and other music players making people not attentive to road dangers (the so-called 'iPod Zombie Trance'). Based on this (unproven) assumption, the Pedestrian Council has started a campaign in an effort to educate the people, but apparently it isn't enough. Now, some are pushing for the government to enact laws [because only governments can solve problems. Bob] to help eradicate the problem. 'The government is quite happy to legislate that people can lose two demerit points for having music up too loud in their cars, but is apparently unconcerned that listening devices now appear to have become lethal pieces of entertainment,' [Harold Scruby of the Pedestrian Council of Australia] said. 'They should legislate appropriate penalties for people acting so carelessly towards their own welfare and that of others. ... Manufacturers should be made to [warn] consumers of the risks they run.'"
The evolution of marketing? Maybe if we added even more gizmos to the sneakers... GPS: “I've jogged in all 50 states! Altimeters: I jog in Colorado! Cameras: Look what I've stepped in!
American Business Embraces 'Gamification'
Posted by Soulskill on Monday September 06, @06:36PM
"JP Mangalindan writes that for years psychologists have studied what makes video games so engrossing — why do players spend hours accruing virtual points working towards intangible rewards and what characteristics make some games more addictive than others? Now, companies are realizing that 'gamification' — using the same mechanics that hook gamers — is an effective way to generate business. For example, when Nike released Nike + in 2008, it 'gamified' exercise. 'Place the pedometer in a pair of (Nike) sneaks and it monitors distance, pace and calories burned, transmitting that data to the user's iPod. The Nike software loaded on the iPod will then "reward" users if they reach a milestone,' writes Mangalindan. 'If a runner beats his 5-mile distance record, an audio clip from Tour de France cycling champ Lance Armstrong congratulates him.' In addition, users can upload their information, discuss achievements online with other users, and challenge them to distance or speed competitions. The result: to date, Nike has moved well over 1.3 million Nike + units."
Not so much evolution, but rather arriving at the point the government originally intended despite any concerns or objections.
NZ: DNA collection expanded to help fight violent crime
September 6, 2010 by Dissent
New Zealand Justice Minister Simon Power issued the following press release:
Police can now collect DNA at the same time they take fingerprints from people they intend to charge and match it against profiles from unsolved crimes, Justice Minister Simon Power said today.
The Criminal Investigations (Bodily Samples) Amendment Act allows police to take a person’s DNA at arrest, where previously it was only after conviction. Also, the range of offences it can be taken for has been expanded.
The implementation of DNA sampling is being done in two stages.
From today, stage 1, police will be able to take a sample from anyone they intend to charge with a relevant offence. These include offences punishable by more than seven years’ imprisonment, and offences with a relationship to more serious offending, [I wonder if the relationships are defined? Bob] such as peeping and peering, that can be related to more serious sexual offending.
“Until now, DNA could be taken only with consent, or where there were judicially approved suspect orders or police-issued compulsion notices, and only after conviction,” Mr Power says.
From the middle of next year, stage 2, police will be able to take DNA samples for all imprisonable offences by subsequent Order-in-Council. This will follow a broader review of the Act.
It is forecast that in stage 1 some 4,000 more samples than previously will be taken each year, resulting in 2,800 links to the crime-scene database. The first year of stage 2 is expected to add 5,000 more profiles per year than stage 1 and 200 additional links to the crime scene database.
The DNA databank holds about 110,000 DNA profiles, more that 8,000 of which are unidentified profiles from crime scenes.
“This law will enable police to take full advantage of this modern-day fingerprint in order to solve cold cases, and I have no doubt it will be a critical tool in the fight against violent crime,” Mr Power says.
The Act contains provisions around storage and retention of samples, including that samples of people not convicted will be destroyed, unlike in some other countries.
“There are also new offences that penalise the misuse of DNA profile information, which will complement existing legal remedies under the Bill of Rights Act and the Privacy Act.
“Police have also developed guidelines to avoid any arbitrary or unreasonable application of this power. [A shame it wasn't considered worthy of inclusion in the law... Bob]
“I see this tool as doing as much for those who are innocent as for those who are found guilty of a crime.”
The Act was passed in October last year and did not come into force immediately in order to give police time to finalise training and guidelines and for Environmental Science and Research to prepare for an increased workload.
The original intent was to identify “aliens”
Indian UID system continues to draw harsh criticism
September 6, 2010 by Dissent
India’s Unique Identification System (UID) continues to be controversial. The government, of course, insists that there are adequate privacy and security controls. PTI reports:
The Unique Identification System had an inbuilt security and privacy component that ensured that the data from the data bank could not be accessed except on grounds like national security, Unique Identification Authority of India Chairman Nandan Nilekani said today. The UID data base could not be read except for authentication and could not be accessed easily, he said. …. The project,which attempts to give a unique identity number to the country”s over billion people and expected to be rolled out shortly, would help in delivery of government”s welfare schemes, boost financial inclusion beside enabling other service providers like banks, insurance, to tap on the UID for authentication purposes. He said the UID could also help in setting up of micro ATMs as part of the government”s objective of bringing in financial inclusion.
Activists, however, are not persuaded. Sreelatha Menon reports:
Members of the National Advisory Council (NAC) and other organisations have expressed their dissent against the Unique Identification Authority of India (UIDAI) — the nodal agency responsible for implementing Aadhaar.
The Central Employment Guarantee Council (CEGC)) had also raised concerns, objecting to the linking of the UIDAI project to the National Rural Employment Guarantee scheme.
In a letter addressed to Rural Development Minister C P Joshi last week, Jean Dreze and Aruna Roy, members of the CEGC and NAC raised objections to the ministry’s decision to link UID to job cards without consulting the council. [No need for discussion. We wanted to, so we did, so there! Bob]
Dreze told Business Standard that UID is a national security project in the garb of a social policy initiative. “I am opposed to the UID project on grounds of civil liberties. Let us not be naive. This is not a social policy initiative — it is a national security project.”
Read more in the Business Standard.
How should I categorize this article? The dangers of reflecting society online? Attorneys General bashing? Humor?
Is Craigslist bluffing over adult ads?
A little Copyright joke. Search for “free legal forms” on the Internet can save you time, but it's still bad lawyering...
Plagiarizing a Takedown Notice
Posted by Soulskill on Monday September 06, @05:40PM
"Over at hobbyist site OS News, editor-in-chief Thom Holwerda published a highly skeptical opinion of the announcement of Commodore USA's own Amiga line. Within hours, Commodore USA sent a takedown notice to OS News, demanding a retraction of the piece and accusing the site of libel and defamation. What's funny is that the takedown notice was mostly copied, with minor edits, from Chilling Effects, a site dedicated to publicizing attempts at squelching free speech. The formatting, line breaks, obtuse references to 'OCGA,' and even the highlighted search terms were left largely intact."
“Because everyone (of our competitors) deserves an antitrust investigation!”
Google Says Microsoft Is Driving Antitrust Review
Posted by Soulskill on Monday September 06, @08:20PM
"On Friday we discussed news that Texas Attorney General Greg Abbott opened a probe into whether Google ranks its search listings with an eye toward nicking the competition. Google suggested the concerns have a major sponsor: Microsoft. In question is whether the world's biggest search engine could be unfairly disadvantaging some companies by giving them a low ranking in free search listings and in paid ads that appear at the top of the page. That could make it tough for users to find those sites and might violate antitrust laws. Abbott's office asked for information about three companies who have publicly complained about Google, according to blog post by Don Harrison, the company's deputy general counsel. Harrison linked each of the companies to Microsoft."
Okay, geeks will like these too.
5 Websites To Buy Strange & Unique Tech Gifts For A Student