Tuesday, March 27, 2012


“Be vewy vewy careful.” E. Fudd
You can do everything right, but sill incur penalties – lessons learned from BCBS of Tennessee
… BCBSTN had many security measures in place. The hard drives were stored in a closet that was secured by biometric and keycard scan security with a magnetic lock and an additional door with a keyed lock. The office space was in a building that had security. Nevertheless, HHS alleged that BCBSTN had failed to perform a security risk evaluation and had failed to implement appropriate physical safeguards because it did not have adequate facility access safeguards as required by the HIPAA Security Rule. Commenting on the settlement, the Office of Civil Rights at HHS, emphasized the need for providers who are moving locations to update their risk assessment and keep track of their data during the transition. Without any admission of a HIPAA/HITECH violation, BCBSTN agreed to pay a $1.5m as a part of the settlement – the maximum amount payable in civil penalties for each disclosure under the HITECH Act.
Would the result have been different if BCBSTN had secured the vacated office space where the hard drives were stored? What if they had posted a security guard at the office entrance? These measures may have saved BCBSTN from the $1.5m settlement with HHS, but if a determined thief had overcome the security guard and stolen the hard drives, it would not have saved them from the costs of investigation, notification and remediation resulting from the breach. Those costs are reported to be nearly $17 million, an amount that dwarfs the $1.5million settlement.
This lesson was clearly illustrated in the recent report from the American National Standards Institute – "The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security". [ http://webstore.ansi.org/phi/ Bob] The Report provides a tool that allows organizations to estimate the overall potential costs of a data breach and provides a methodology for determining an appropriate level of investment to reduce the probability of a breach.


True or not, a lot of people will “assume” it is true because of past acts Murdoch has admitted to.
"Neil Chenoweth, of the Australian Financial Review, reports that the BBC program Panorama is making new allegations against News Corp of serious misconduct. This time it involves the NDS division of News Corp, which makes conditional access cards for pay TV. It seems that NDS also ran a sabotage operation, hiring pirates to crack the cards of rival companies and posting the code on The House of Ill Compute (thoic.com), a web site hosted by NDS. 'ITV Digital collapsed in March 2002 with losses of more than £1 billion, overwhelmed by mass piracy, as well as technical restrictions and expensive sports contracts. Its collapse left Murdoch-controlled BSkyB the dominant pay TV provider in the UK.' Chenoweth reports that James Murdoch has been an advocate for tougher penalties for pirates, 'These are property rights, these are basic property rights,' he said. 'There is no difference from going into a store and stealing a packet of Pringles or a handbag, and stealing something online. Right?'"


No doubt Bruce keep posting “Security Theater” to his blog...
"Following up on an earlier Slashdot story, earlier today, the U.S. House of Representatives Committee on Oversight and Government Reform and the Committee on Transportation and Infrastructure held a hearing titled 'TSA Oversight Part III: Effective Security or Security Theater?' ... In a blog update, Bruce Schneier says that 'at the request of the TSA' he was removed from the witness list. Bruce also said 'it's pretty clear that the TSA is afraid of public testimony on the topic, and especially of being challenged in front of Congress. They want to control the story, and it's easier for them to do that if I'm not sitting next to them pointing out all the holes in their position. Unfortunately, the committee went along with them.'"


“The right to be forgotten” extended to “the right to keep you from knowing?”
It's not just Japan that wants to regulate how Google displays search results: judgecorp writes
"A committee of British MPs and peers has asked Google to censor search results to protect privacy and threatened to put forward new laws that would force it to do so, if Google fails to comply. The case relates to events such as former Formula One boss Max Mosley's legal bid to prevent Google linking to illegally obtained images of himself."


...and here I thought that he said “flunk!” If we allow this in schools, won't it eventually spread everywhere?
High school expels student for tweeting f-word
… Well, now. The principal of Garrett High School told INC that regardless of whether it was sent from home--or, indeed, whether a school computer was used--the school may track students' tweets.
Fort Wayne's Journal Gazette does report that Carroll is something of an eccentric. He fought to be allowed to wear a kilt on Irish holidays. He had also been warned before about sending ribald tweets using school-issued computers.
This time, though, there seems ample evidence that he tweeted at 2:30 a.m. Still, the school reportedly maintained that the tweets were adorned with its IP address. [Given the facts, that is impossible. Bob]
… The school appears no longer to be speaking publicly, on the advice of its attorney. Meanwhile, some of the students threatened a protest on Friday, so much so that police were called.
It may well be that Carroll's tweet didn't represent the highest type of wit. Some might conclude, though, that the principal of Garrett High School is a very particular type of wit indeed.


Interesting categories.
Tech Highlights of the FTC Privacy Report
March 26, 2012 by Dissent
Ed Felton writes:
Today the FTC is releasing a major report on privacy. Privacy geeks will read the whole thing–and should, because it represents a lot of careful thinking by folks in the agency.
But if you’re a techie who doesn’t have time to read it all, let me point you to a few of the parts you’ll probably find most interesting.
When you’re reading, keep in mind that the report does not by itself establish any new laws or regulations. It summarizes current law and asks Congress to consider new laws in certain areas, but most of the discussion is about best practices that the FTC thinks well-intentioned companies will want to follow. These best practices are organized in a three-part framework: privacy by design, which means building privacy into your products and practices from the beginning; simplified choice for consumers; and greater transparency about data practices.
Read more on Tech@FTC. I’ll add other links/coverage later today.


Are we so terrified by protestors?
Occupy Tracking
March 26, 2012 by Dissent
A disturbing analysis and report by Tim Libert:
Major advertisers and corporations have been quietly tracking the online movements of those visiting “Occupy Wall Street” related sites for months. They have have used this data to create detailed portraits of the lives and interests of potential protestors. This data is then sold in unregulated markets and retained indefinitely in databases that may be subject to secret government subpoena. The most shocking thing about this is who is ultimately responsible: the self-proclaimed revolutionaries who run the sites.
However, this is not an act of malice: most likely website operators have no idea they are allowing their visitors to be tagged and tracked. [Except those created and run by law enforce,ent Bob]
Read more on TimLibert.me


I doubt this shutdown was the MPAA's idea of a bargaining position, but you never know.
"In a recent story that is beating around the nets, Kim Doctcom has fired back at studios with emails that make for some interesting reading: 'A Disney executive e-mailed Megaupload in 2008. He said he was interested in having Megaupload host Disney content, but said he would need Megaupload to tweak its terms of service to make it clear Disney retained ownership of files uploaded to the site. He sent Megaupload a proposed alternative to the standard Megaupload TOS. Fox emailed "Please let me know if you have some time to chat this week about how we can work together to better monetize your inventory," in an attempt to promote their newly launched ad network. And finally, this gem: a Warner Brothers executive e-mailed Megaupload seeking to expedite the process of uploading Warner content to Megaupload. "I would like to know if your site can take a Media RSS feed for our syndications," he wrote. "We would like to upload our content all at once instead of one video at a time."' Pot calling the kettle black anyone?"
Torrentfreak is running the full interview with Kim Dotcom.


Does this come as a surprise to anyone (aside from a few very out of touch academics at Oxford?) Why would anyone assume that the availability of knowledge automatically results in free academic journal articles generated by the self-educated?
Confirmed: The Internet Does Not Solve Global Inequality
… the Anglophone world dominates with the United States doing the lion's share of academic and user-generated publishing.
Those are the messages of the Oxford Internet Institute's new e-book, Geographies of the World's Knowledge, [Free for the iPad Bob] from which these two graphics were drawn. In the book's foreword, Corinne Flick of the Convoco Foundation reluctantly concludes that the Internet has not delivered on the hopes that it would make knowledge "more accessible."
… We're not only talking about publishing in academic journals or Wikipedia. The book's authors sampled user-generated content on Google and found that rich countries, especially the United States, dominate the production of user content.
The fact of the matter is that people without money can't afford to get the education necessary to publish in academic journals, Internet-enabled or not. The other fact of the matter is that the vast majority of people in very poor countries don't spend their time producing content for free. Hope as we might, [Hope is not a plan. What have you done. Bob] the Internet isn't a magic wand that makes the world more equal.


For my Data Mining / Data Analytics students: See, I told ya! (Also note that the “don't know what to do with it” can apply to governments.)
Study: Enterprises Want More Marketing Data, But They Don’t Know What To Do With It
Online marketers and advertising are getting access to more and more data, but that’s not enough, according to the 2012 Digital Marketing 2.0 Study commissioned by ad company DataXu.
More than 350 “enterprise decision makers” in management, marketing, communications, digital, IT and social media were surveyed, and 75 percent of them said that data will help them improve their businesses. However, 58 percent said they didn’t have the skills and technology needed to analyze marketing data, while more than 70 percent said the same about customer data.


For my students – looks like they've added a couple languages...
If you are looking to get into web-based programming, or you are already knowledgeable and are looking for a way to experiment with some code without downloading a compiler, than Codecademy is the website for you. They allow you write and test code in three of the most popular web-based languages; Java, Ruby and Python.
For the new coder, they offer classes. They start with the basics and move up to more advanced stuff. If you have been looking for a way to break into writing code this website is great. It starts slowly and doesn’t push you into the advanced stuff too quickly.


Student research tool
If you need an all-in-one search portal for downloads, you should check out Foofind. This search engine lets you find audio, video, documents, and images through direct downloads, torrents, gnutella, and streams.


Any backup is better than no backup. Automatic backup is useful if you forget even rarely...
… SurDoc is a web service that offers people a free backup option for their digital documents. You start by creating an account on the site and then downloading its desktop client for Windows. Through the desktop client you can figure out the document syncing options and set up automatic synchronization. Your documents are uploaded to your account and can be read anywhere you have access to your SurDoc account in the site’s own reading interface. The ability to create folders and sort documents into them helps you keep things organized.
The service offers 10GB of free storage to its users and accepts all document file formats.
Similar tools: Humyo, TagMyDoc.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)