Friday, October 01, 2010

A breach ain't a breach until we says it's a breach!”

Update on my FOI request to HHS/OCR for breach reports

By Dissent, September 30, 2010

I received a phone call from OCR this morning to discuss my FOI request for the breach reports HHS is receiving under HITECH regulations. I had requested electronic copies of the reporting forms breached entities submitted via HHS’s web site. The conversation was a bit of an eye-opener for me.

First, it turns out that they cannot give me many of the reports just yet, because under their policies, they treat each and every report as a self-reported complaint that requires an investigation for compliance with HIPAA’s privacy rule. Because investigations are not public while they are ongoing, anything the breached entity submitted would be exempt from production under FOI. Once the investigations are closed, however, then they can provide the records.

Slightly over one dozen cases reported since the new reporting went into effect in September 2009 have now been closed, and I will be sent those records very soon. It took a while to figure out whether I really wanted the full investigation records or just some summary documents. I decided that for now, getting the breach report and the closure letter would, in combination with the HHS/OCR web site entries, probably give me enough information to determine if particular breaches involved SSN or financial information, and what happened (how the breach occurred).

So stay tuned, and great thanks to OCR for their call and helpfulness. I will probably have to file a new FOI request each month for the rest of my life, but hey, at least now I understand the process and we will be getting more data.

Apparently, your cell phone is now a party line...

Many More Android Apps Leaking User Data

Posted by CmdrTaco on Thursday September 30, @01:30PM

"After developing and using TaintDroid, several universities found that of 30 popular free Android apps, half were sharing GPS data and phone numbers with advertisers and remote servers. A few months ago, one app was sending phone numbers to a remote server in China but today the situation looks a lot more pervasive. In their paper (PDF), the researchers blasted Google saying 'Android's coarse grained access control provides insufficient protection against third-party applications seeking to collect sensitive data.' Google's response: 'Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data. We consistently advise users to only install apps they trust.'"

You don't have to be a rocket scientist, but you do need to THINK!

Security doesn't have to be complicated

Last week, I wrote about two simple ways to thwart Web spies. One of the methods prevents Web sites from activating your PC's built-in video camera and microphone without your permission.

In a comment posted in response to that article, a reader by the screen name of "BirdDog01" supplied a foolproof solution to the video portion of that equation: put a piece of duct tape over the camera lens. Aesthetics aside, that approach is about as simple and straightforward as they come.

A video has been making the rounds lately that shows crooks installing a card-skimming device and video camera at an ATM in the U.K. (Lifehacker provides a link to the video along with several ATM-safety tips.)

The video shows several ATM users shielding the keypad with one hand as they enter their personal identification number (PIN) with the other. I've been aware of this scam for some time and consider myself a prudent, suspicious ATM user, but I never thought to cover the keypad. Doh!

But does he see what I see?

FTC Consumer Protection Head Shares New Vision for Consumer Privacy

September 30, 2010 by Dissent

David Vladeck, the head of the Bureau of Consumer Protection at the Federal Trade Commission, shared his vision for consumer privacy protection with an audience at the IAPP’s Privacy Academy on September 30, 2010.


Mr. Vladeck noted three key areas for future enforcement. The FTC will (1) bring more cases involving “pure” privacy, i.e., cases involving practices that attempt to circumvent consumers’ understanding of a company’s information practices and consumer choices; (2) focus enforcement efforts on new technologies (Mr. Vladeck noted that, to assist staff attorneys in bringing these sorts of cases, the FTC has hired technologists to assist and also have created mobile labs to respond to the proliferation of smart phones and mobile apps); and (3) increase international cooperation on privacy issues (Mr. Vladeck cited the FTC’s recently-announced participation in the Global Privacy Enforcement Network).

Read more about his presentation on Hunton & William’s Privacy and Information Security Law Blog.

Christopher Wolf also blogs about the presentation on Chronicle of Data Protection.

We don't need no stinking Congress!”

Even Without COICA, White House Asking Registrars To Voluntarily Censor 'Infringing' Sites

from the censorship-through-political-pressure? dept

While there's been increasing attention paid to the "Combating Online Infringement and Counterfeits Act" (COICA), the proposed law that would allow the government to require ISPs and registrars to block access to websites deemed to be "dedicated to infringing activities," it looks like the White House (which we had thought was against censoring the internet) appears to be working on a backup plan in case COICA doesn't pass.

That is, while most folks have been focused on COICA, the White House's Intellectual Property Enforcement Coordinator (IP Czar) Victoria Espinel has apparently been holding meetings with ISPs, registrars, payment processors and others to get them to agree to voluntarily do what COICA would mandate. While the meeting is carefully focused on stopping websites that sell gray market pharmaceuticals, if registrars start agreeing to censoring websites at the behest of the government, it's as if we're halfway to a COICA-style censorship regime already. ICANN, who manages the internet domain name system was asked to attend the meeting, but felt that it "was not appropriate to attend" such a meeting.

How 'geeky' do they need to be?

All Rise: Supreme Court’s Geekiest Generation Begins

The U.S. Supreme Court begins a new term Monday with a slew of technology and civil rights issues queued on its docket, some of which could have far-reaching implications for the Freedom of Information Act, copyright, warrantless searches of private residences, the “state secrets” privilege and freedom of expression.

The cases we’re tracking involve regulation of videogame sales, the limits of the Copyright Act’s first-sale doctrine and the power of the government to collect sensitive data on employees. Another case asks whether convicted defendants have a right to use modern DNA testing to prove their innocence.

Ruling on these issues is a rapidly changing high court, with four new appointees in five years, creating the youngest court in the modern, digital age.

“You’re getting a new generation of justices. You’ve got justices who text on their phones, who do e-mail, who actually use a computer,” says Thomas Goldstein, the SCOTUSblog founder who has argued nearly two dozen cases before the Supreme Court. “That can have real consequences. It makes a difference.”

Here is a summary of some of the upcoming cases that have been granted a hearing by the Supreme Court:

Costco Wholesale v. Omega, 08-1423

Oral argument Nov. 8

Question presented: Does the first-sale doctrine apply to imported goods manufactured abroad?

Schwarzenegger v. Entertainment Merchants Association, 08-1448

Oral argument Nov. 2

Question presented: May the states ban the sale or rental of violent video games to minors?

Skinner v. Switzer, 09000

Oral argument Oct. 13

Question presented: Do convicts have a right to post-conviction DNA testing?

National Aeronautics and Space Administration v. Nelson, 09-530

Oral argument Oct. 5

Question presented: How much personal information may the federal bureaucracy dig up about its workers?

Federal Communications Commission v. AT&T, 09-1279

Oral argument not scheduled

Question presented: The Freedom of Information Act exempts the government from disclosing law enforcement records if they “constitute an unwarranted invasion of personal privacy.” Does that personal exemption apply to a corporation, in this case AT&T?

Boeing Company v. United States and General Dynamics v. United States, 09-1298

Oral argument not scheduled

Question presented: Can the government claim a party owes it money while invoking the “state secrets” privilege to prevent a defense to that claim?

Kentucky v. King, 09-1272

Oral argument not scheduled

Question presented: Did Kentucky police, when first knocking on a suspected drug dealer’s door and then kicking it down, create their own emergency to bypass the need for a warrant to enter a private residence?

Hummm. Perhaps a student project? (A La Linus Torvalds?)

Linux May Need a Rewrite Beyond 48 Cores

Posted by CmdrTaco on Thursday September 30, @12:47PM

"There is interesting new research coming out of MIT which suggests current operating systems are struggling with the addition of more cores to the CPU. It appears that the problem, which affects the available memory in a chip when multiple cores are working on the same chunks of data, is getting worse and may be hitting a peak somewhere in the neighborhood of 48 cores, when entirely new operating systems will be needed, the report says. Luckily, we aren't anywhere near 48 cores and there is some time left to come up with a new Linux (Windows?)."

“'cause I may not be the most perfect teacher in the whole wide world?”

8 Awesome Websites to Take Free College Courses Online

MIT OpenCourseware

Carnegie Mellon OpenLearning

Khan Acadamy

University of California at Berkeley

Stanford University iTunesU

Tufts OpenCourseware

Open University LearningSpace

Johns Hopkins OpenCourseware

Since we're using Windows 7 now, it pays to learn some tricks...

25 Cool Windows 7 Keyboard Tricks That Will Impress Your Friends

Note that some of these shortcuts will only work if Windows Aero is enabled. If Aero effects are disabled on your computer, it might not be powerful enough to support resource intensive graphical features.

The following articles describe lots of additional keyboard tricks and shortcuts to make use of:

'cause you can never have enough free stuff...


DownloadSpy is a huge archive of free and free-to-try software programs for all operating systems. We review and categorize these products in order to allow the visitor to find the exact product they and their system needs.


The Lesser Known (But Very Cool) Windows Apps You Might Be Looking For

I've been asking my students to organize what they learn by using Wikis or Mind Maps. Perhaps it's time to go further?

5 Reliable Ways To Look For Freelance Writing Jobs

No comments: