Monday, September 13, 2010

I think this is the first computer theft suspected to be a “targeted attack” in a long time. I'd like to see more than “they left some good stuff” as evidence of intent, but I believe they are correct.

Sensitive information’ on Tamil migrants stolen (update 1)

September 12, 2010 by admin

The Canadian Press is reporting what appears to be a burglary that specifically targeted a computer containing Tamil migrants’ personal information at the Toronto office of the Canadian Tamil Congress:

The congress says it contained the names and information of hundreds of migrants.

A spokesman for the congress, David Poopalapillai, says it was a “deliberately targeted attack,” because other computers and a flat screen TV were left behind.

The identities of the migrants are subject to a publication ban ordered by the Immigration and Refugee Board.

No mention as to whether the data were encrypted.

Update 1: Kelly Grant of the Globe and Mail reports:

A computer containing the names, birth certificates and contact information of “hundreds” of the 492 Tamils who arrived in British Columbia aboard the MV Sun Sea in August was stolen during a break-in at the headquarters of the Canadian Tamil Congress.

“Our immediate concern is about the families back home in Sri Lanka,” said David Poopalapillai, national spokesman for the CTC. “We are quite worried.”

The Immigration and Refugee Board of Canada has placed a publication ban on the names of the migrants, in part to protect their Sri Lankan relatives from reprisal. But the CTC has most of their names on file because the non-profit organization has been trying to connect the ship’s passengers with family back home.

[From the Globe article:

“Somebody had tried to take the computers’ hard drives,” Mr. Poopalapillai said. The only thing missing was a single desktop computer from the reception area [Strange place to store sensitive data... Bob] containing the MV Sun Sea information.

“That’s the weird thing,” Mr. Poopalapillai added. “Had they come for monetary purposes they would have taken all these things.”

Old story, but worth repeating. “Ignorance of the outlaw is no excuse.” Will insurance companies start denying coverage for those who “assist” the bad guys?

Burglary Ring Used Facebook Places To Find Targets

Posted by timothy on Sunday September 12, @05:21PM

"A burglary ring was caught in Nashua, NH due to the vigilance of an off-duty police officer. The group is credited with 50 acts of burglaries, the targets chosen because they posted their absence from home on the Internet. '"Be careful of what you post on these social networking sites," said Capt. Ron Dickerson. "We know for a fact that some of these players, some of these criminals, were looking on these sites and identifying their targets through these social networking sites."' Well, I guess the prophecies came true."

Simple question. How do you ensure your information is protected? I doubt the car dealer will make an exception here. What would work? Might be an interesting paper...

Signing away our privacy

September 13, 2010 by Dissent

Mark Gibbs notices a new privacy form when signing paperwork to buy a new car:

It was the Privacy Notice that caught my attention. After explaining what private information they might collect from me, the form then enumerated the ways that they might disclose this information. These ways included “to marketing service providers and joint marketing partners” and “with non-affiliated third parties.”

Let me clarify and condense these options: What this amounts to is they can share my information with pretty much anyone they please. Anyone at all. Apparently the corporate overlords don’t see anything wrong with this situation while I, au contraire, did and do. I crossed out both and printed in capitals underneath “ABSOLUTELY NOT!”

Read more on Computerworld.

(Related) Does violation of a Privacy Policy void their contract? I have seen it, so I can't say.

How Many Google Privacy Policies Are You Violating?

September 13, 2010 by Dissent

Brad Geddes writes:

Every website that uses Google AdWords, Analytics or AdSense, and does not have a privacy policy, violates three of Google’s terms of service agreements.

To get a sense of how big a problem this is, I took a look at a couple hundred sites this week and found some startling statistics:

  • More than 90% were breaking at least one of Google’s policies

  • More than 65% were breaking at least two of Google’s policies

  • More than 40% were breaking at least three of Google’s policies

Read more on Search Engine Land.

Have they been reading about the Lower Merion webcamgate? (Will anyone on the Lower Merion school board read this article?)

UK: More people recognizing the down side of surveilling students

September 13, 2010 by Dissent

It is encouraging to see so many people starting to challenge the extensive use of surveillance in schools. Gavin Atchison reports:

Half of York’s secondary schools have been filming pupils on CCTV without telling parents, sparking condemnation from privacy campaigners.

An investigation by The Press has found that while all ten secondaries in the city have cameras installed, only four informed parents first. Five did not, while one cannot find the original records.


One school, Huntington, has 113 cameras – more than City of York Council has in the whole of the city centre, although its head defended the cameras.

The report also refers to some as-yet-unpublished research on the impact of surveillance:

Dr Emmeline Taylor, a criminologist and researcher at Salford University, said no independent research had shown CCTV to benefit schools, despite its widespread use.

She has conducted two new studies, due to be published later this year, examining how CCTV in schools fits with the Data Protection Act, and studying pupils’ views of cameras.

She found many pupils saw cameras as “symptomatic of an underlying mistrust of them” and as the “embodiment of suspicion”. She said there was also evidence they could even cause some pupils to misbehave, as they felt they were seen as troublemakers anyway.


Her other paper concluded: “Schools are contributing to the emergence of a surveillance society and fundamentally habituating young people to accept a heightened level of scrutiny.”

Her conclusions are consistent with the concerns I raised last month, here.

Read more in The Press.

(Related) Clearly, not everyone sees any problem in doing whatever they feel like doing.

MI: Flint eyes drug tests for public housing

September 13, 2010 by Dissent

Kim Kozlowski reports:

Flint’s public housing authority, in an effort to fight crime in the projects, is considering a requirement for all current and prospective residents to take a drug test to keep their federally subsidized apartments.

Flint Housing Commission Executive Rodney Slaughter said he wants a drug-testing program modeled after the city of Indianapolis, where public housing residents are required to take annual drug tests. If a resident tests positive, they would have 30 days to test negative or seek help.

Not surprisingly, the ACLU’s position is that such testing is unconstitutional.

Read more about Flint, Michigan’s civil liberties-busting idea in The Detroit News.

Over on John Wesley Hall reacts this way:

These utterly senseless public [dis]servants need to be drug tested because their stupidity about fundamental privacy law is stunning. Could drug use explain it? No. They must be the product of a failing school system in their states where they either slept through or cut class the day the Fourth Amendment was talked about.

The only reasons? Me, I'm just anti-social...

Six reasons I'm avoiding Facebook

1 - Private companies aren't motivated by your best interests

2 - They make it harder to reinvent yourself

3 - Information you supply for one purpose will invariably be used for another…

4 - …and there's a good chance it will be used against you

5 - People screw up, and give away more than they realise

6 - And besides, why should we let businesses privatise our social discourse?

(Related) Dilbert's view of social media in business...

How much is too much?

Article: The Case for Stewart Over Harlan on 24/7 Physical Surveillance

September 12, 2010 by Dissent

Afsheen John Radsan of the William Mitchell College of Law has an article in the Texas Law Review, (Vol. 88, No. 7, 2010), “The Case for Stewart Over Harlan on 24/7 Physical Surveillance.” Here’s the abstract:

This Article explains why the government’s physical surveillance can reach a point in terms of duration and intensity that it becomes a “search” under the Fourth Amendment. As references, Katz v. United States and Kyllo v. United States stand out from the canon. Katz, decided in 1967, swept away a prior emphasis on property rights and trespass laws to hold that the electronic monitoring of a phone booth was a search. Since then, the two-part test from Justice Harlan’s concurring opinion has received as much attention as the totality-of-the-circumstances test in Justice Stewart’s majority opinion. Kyllo, decided just months before 9/11, ruled that the government’s use of a thermal-imaging device from outside a house was a search. For the era after 9/11, a blend of Justice Harlan’s test in Katz with Justice Scalia’s opinion in Kyllo reproduces Justice Stewart’s test, a more open-ended test which makes room for property, liberty, secrecy, anonymity, autonomy, and privacy, as well as other values that may undergird the “right of the people to be secure in their persons, houses, papers, and effects.” For the new age of terror, Justice Stewart’s test helps not only on one issue of physical surveillance but also opens up new approaches to data mining, the use of GPS devices, and other issues at the intersection of national security, privacy, and technology.

You can download the full article from SSRN.

Radsan, Afsheen John, The Case for Stewart Over Harlan on 24/7 Physical Surveillance (September 1, 2010). Texas Law Review, Vol. 88, No. 7, 2010; William Mitchell Legal Studies Research Paper No. 2010-15. Available at SSRN:

Interesting idea. I wonder if it would extend to broader sources, like social networks or even the comments on websites and blogs that talk about privacy?

Article: The Prototype of Privacy: Analysing Privacy Discourse Through its Features

September 12, 2010 by Dissent

Asimina Vasalou of the University of Bath, Alastair Gill of the University of Surrey, Fadhila Mazanderani of the University of Oxford, Chrysanthi Papoutsi of the University of Oxford – Oxford Internet Institute, Anne-Marie Oostveen of the University of Oxford – Oxford Internet Institute, and Sacha Brostoff of the University College of London have an article developed for the British HCI 2010 Conference Privacy and Usability Methods (PUMP) Workshop, 2010: “The Prototype of Privacy: Analysing Privacy Discourse Through its Features.” Here’s the abstract:

In this paper we outline our ongoing research program towards creating an automated privacy dictionary. Previous research applied prototype theory, a classic linguistic approach, to develop a new definition of the concept of privacy. Building on these findings, we will employ an integrated top-down and data-driven linguistic analysis to an existing dataset of qualitative interviews in different contexts, in order to identify privacy specific markers. Apart from its theoretical contribution, this work aims at providing a novel methodological tool to assist researchers in detecting privacy relevant discourse.

You can download the full article at SSRN.

Vasalou, Asimina, Gill, Alastair, Mazanderani, Fadhila, Papoutsi, Chrysanthi, Oostveen, Anne-Marie and Brostoff, Sacha, The Prototype of Privacy: Analysing Privacy Discourse Through its Features (September 8, 2010). British HCI 2010 Conference Privacy and Usability Methods (PUMP) Workshop, 2010. Available at SSRN:

[From the paper:

theoretical disputes on what ‘criteria’ belong to the concept of privacy have hampered this field of research.

Our previous work applied the above procedure to the concept of privacy and showed that it met the criteria of prototype theory [6]. 146 participants reported an average of 6.6 features, a process that yielded a total of 82 privacy features. [They provide the list... Bob]

Well lawyer guys? What do you think?

September 12, 2010

EPIC: Surveillance Court Seeks Public Comments on Proposed Rules

"The Foreign Intelligence Surveillance Act (FISA) authorizes a special court, the Foreign Intelligence Surveillance Court (FISC), to undertake electronic surveillance in the United States for foreign intelligence information. The FISC is now seeking public comments concerning its procedures. Comments must received by Monday, October 4, 2010. EPIC previously submitted an amicus brief regarding FISA authority and national security. EPIC will be submitting comments to the FISC and endorse changes that improve accountability and transparency for FISA orders."

Food for thought?

The skinny on Net neutrality (FAQ)

Net neutrality is dwarfing all other policy debates in the communications sector these days.

No comments: