Tuesday, November 09, 2010

We're your friendly government and we're going to kill you with kindness.


More federal health database details coming following privacy alarm

By Dissent, November 9, 2010

Jaikumar Vijayan reports:

In response to considerable privacy concerns, the federal Office of Personnel Management (OPM) could soon release more details on its plans to build a controversial new database containing information on the healthcare claims of millions of Americans.

The agency will also likely delay its planned November 15 launch of the new database to accommodate a broad public evaluation of its plans, said an analyst from the Center for Democracy and Technology (CDT), a Washington D.C.-based think tank.

Read more on Computerworld.



New Ponemon study: patient data inadequately protected, many hospitals do not notify patients of breaches

By Dissent, November 9, 2010

The Ponemon Institute has released a new study sponsored by ID Experts, “Benchmark Study on Patient Privacy and Data Security.” The study examined hospitals’ patient privacy practices, breaches involving patient information, and compliance policies and activities.

Sixty-five healthcare organizations participated in the study. The healthcare organizations participating in the study were described as integrated delivery systems — a network of healthcare organizations under a parent holding company (35%), part of a healthcare network (46%) and standalone hospital or clinic (17%).

Some of the takeaway points of the study include:

Data breaches are costing the heath care system billions. According to respondents in the study, the economic impact of data breach incidents over a two-year period is approximately $2 million per organization.

Most healthcare organizations experience undetected breaches of patient data due to lack of preparation and staffing.

Protecting patient data is not a priority.

New HITECH requirements have not improved the safety of patient records.

A significant percentage (38%) of organizations did not notify any patients that their information was lost or stolen.

The top causes of a data breach reported by study participants were:

  • unintentional employee action (52% of incidents)

  • lost or stolen computing devices (41%)

  • third-party snafu (34%), followed closely by

  • technical system glitch (31%).

Criminal attacks were involved in 20% of incidents, and malicious insiders were involved in 15% of incidents. Only 10% of incidents involved intentional non-malicious actions.

Attacking Behavioral Advertising?


Gaos v. Google, New Class Action Suit Filed Regarding Use of Referral URLs

November 9, 2010 by Dissent

Eilizabeth Banker writes:

A class action lawsuit filed against Google on October 25th in the Northern District of California may have the Googlers feeling like it is perhaps true that no good deed goes unpunished. The suit, Gaos v. Google, alleges that Google violated the Stored Communications Act as well as several California state consumer protection laws by revealing the content of search queries to third parties. To support the proposition that search queries contain sensitive, private and often personally identifiable information, the complaint draws significantly from Google’s own legal filings in its 2006 opposition to a Department of Justice subpoena for search query information issued in the Child Online Protection Act litigation. At the time, Google positioned itself as a champion of user privacy by contesting the subpoena and raising concerns that the search queries are content protected by the Stored Communications Act.

Read more on Law Across the Wire and Into the Cloud

Does anyone else read this as an admission that TSA can't tell a normal toner cartridge from one that has been made into a bomb? (see photo here: http://www.thestar.com/news/world/article/886943--interpol-publicizes-details-of-yemen-mail-bombs?bn=1 ) Why else would they ask Al Qaeda to use different packaging?


TSA Bans Toner and Ink Cartridges On Planes

Posted by Soulskill on Monday November 08, @04:07PM

"The US has banned toner and ink cartridges from passenger aircraft in the wake of last month's bomb plot. 'The printer cartridge ban affects cartridges over 16 ounces.' No word yet on whether that's a weight or volume measurement or whether it's a per-cartridge or per-passenger limit."

The ban comes alongside a prohibition on air cargo originating from Yemen and Somalia. Bruce Schneier's blog points out another potential consequence from the recent bomb plot: the end of in-flight Wi-Fi.



Royal Navy Website Hacked, Passwords Revealed

Posted by CmdrTaco on Monday November 08, @11:43AM

"The British Royal Navy's website has been suspended after a Romanian hacker exploited SQL injection vulnerabilities to gain access to the site. The hacker, named 'TinKode,' accessed usernames and passwords used by the site's administrators and published them on the web. TinKode's attack is 'particularly embarrassing for the British Ministry of Defence, as just last month protecting against cyber attacks was declared in the National Security Strategy to be a "highest priority for UK national security."'"

There are so may tools on Google, it makes hacking simple...


Facebook Finds A New Way To Liberate Your Gmail Contact Data

That huge sucking sound you hear is Facebook, piling data from third parties into its mouth as fast as it can while it remains stubbornly greedy about releasing its own data to anyone it doesn’t like. Which is mostly Google these days, since Yahoo and AOL completely surrendered and Microsoft actually owns part of them.

Google shut them down last week, restricting API access and effectively blocking contacts exports to Facebook in any automated way. This is, I wrote, the true beginning of data protectionism.

Now Facebook has found a way around that restriction. They’re leveraging a Google feature that lets users download their own data for their own use – part of Google’s golf-clap worthy data liberation effort. They’ve hacked a solution around the block by giving users a direct deep link to the download feature. And then users can upload that file directly to Facebook.

Interesting words...


Anonymous litigation by juveniles: dissent in Jacob Doe v. Kamehameha Schools

November 8, 2010 by Dissent

I freely admit I’m a huge fan of Chief Judge Kozinski, particularly when he’s dissenting from a majority opinion that concerns surveillance or other privacy issues. In this case, the Ninth Circuit Court of Appeals had declined to rehear a case en banc. At issue is the right of juvenile plaintiffs to file a civil rights complaint anonymously. In this case, the minors were complaining about discrimination against white students in the school’s admission policies. The Chief Justice starts his dissent by quoting from comments on the case seen on the Internet:

These are some of the threats made after plaintiffs, four non-native Hawaiian children, filed their civil rights suit:

  • It’s about time that someone put some pressure on these litigious people and their kids! (online post)

  • 4 kids . . . . will need 10 bodyguards lol (online post)

  • Good that the judge ordered them to make these little brats names known to the public, so they can be tormented (online post)

  • Sacrifice them!!!!!!!! (online post)

  • [If their names were revealed, the Does] would have to watch their backs for the rest of their lives! (online post)

  • [E]veryone is going to know who your clients are. . . . [Y]ou and your haole [white] clients can get the lickins’ you deserve. Why do you fucking haoles even come to Hawaii . . . ? (said over the phone to the Does’ attorney)

If threats like that were made against me or my family, I’d be worried. I’d call the U.S. Marshals, as federal judges are repeatedly cautioned to do when targeted by a threat, whether it’s made in person, by mail, by telephone or over the internet.

I doubt I’m alone. My guess is that most federal judges, including those who decided this case here and below, would take such threats directed against them seriously; the speakers, if they could be identified, might well be prosecuted. See, e.g., Mark Fass, Blogger Found Guilty of Threatening Judges in Third Federal Trial, N.Y. L.J., Aug. 16, 2010, at 1.

I believe that the federal courts must be safe havens for those who seek to vindicate their rights. No litigant should fear for his safety, or that of his family, as a condition of seeking justice. Sure, if the purported fear is that they will be captured by Martians and served as dinner, that can be dismissed as fanciful. But when there are real statements, oral and written, that suggest or urge physical violence on account of the lawsuit, how can we force parents to the grim choice of abandoning the rights of their children or exposing them to the risk that they “would have to watch their backs for the rest of their lives!”? I don’t believe that we should have a double standard —one for ourselves and another one for the parties before us —and so have no difficulty concluding that the district court here egregiously abused its discretion when it denied plaintiffs the right to proceed as Does.


Circuit Judge Reinhardt, with whom Chief Judge Kozinski joined, also dissented:

Our court inexplicably and contrary to all precedent holds that a district judge acts within his discretion when, in a racially charged environment, he requires juveniles to publicly disclose their names, and put their physical and mental well-being at risk, in order to bring a civil rights lawsuit in federal court. Doe v. Kamehameha, 596 F.3d 1036, 1041, 1044-45 (9th Cir. 2010). Because it is entirely unacceptable to ask minors to test the seriousness of the “undoubtedly severe” threats that have been made against them in order to gain access to the federal legal system, I strongly dissent from the court’s refusal to hear this case en banc. Id. At 1043. I also dissent because the members of the three judge panel, like the district judge and the magistrate judge before them, were apparently unaware that a special rule applies to the right of juveniles to litigate anonymously, and thus failed to consider the federal rule of civil procedure which permits juvenile litigants to assert anonymity in the ordinary course of civil litigation.


You can read their full dissenting opinions here.

"Those who cannot remember the past are condemned to repeat it.”


November 08, 2010

Slate: The Great American Information Emperors

Via Slate: "Tim Wu's The Master Switch tells the story of how America's information empires—from the AT&T monopoly to today's Internet giants—have been shaped by disruptive inventions, federal intervention, and, above all, a will to power. This week, based in part on excerpts from The Master Switch, Wu will present the stories of five men who disproportionately influenced the shape of the American information industries in the 20th and 21st centuries."

Not what I would have guessed, but interesting.


And the Most Popular Way to Read an E-Book Is …

Quick: What’s the most popular e-book reader? You’re probably wrong.

Amazon’s Kindle has become the breakthrough e-reader since it was introduced only three years ago, fueling a nearly $1 billion business that Forrester Research says will triple in the next five years.

But it is edged out by the humble laptop as the e-reader of choice, according to a Forrester survey released Monday. Laptop users could very well be reading Kindle editions on a computer using software provided by Amazon, and may be motivated to merely avoid a third device (assuming a phone is also a necessary one). But the choice may be very interesting to Google, whose “Editions” e-book service (which was supposed to launch this past summer) would be an entirely web-based store, requiring no special device or software.

Laptops only slightly trump the Kindle, 35 percent to 32 percent. Coming in third was the iPhone, with 15 percent, followed by a Sony e-reader (12 percent), netbooks (10 percent) and the Barnes & Noble Nook (9 percent). Also at 9 percent was the iPad.

For my Ethical Hackers


Get Phone Disk For Free Until December 1

Do you want to access the files on your iPhone, iPod Touch or iPad simply by hooking up your mobile device to your computer? Whether you’re using a Mac or a Windows machine, Phone Disk makes it easy to get right into the files without having to jailbreak your device.

Phone Disk is free for the time being, so don’t waste the chance to download and register the application, and start using your iPhone as a way of backing up and transferring files, the easy way.

No comments: