Monday, May 14, 2012
One of the few acknowledged breaches covering an entire country. If I'm correct, the Population Registry records births, deaths, citizenship, current address, etc. for Israelis anywhere, not just in Israel.
Il: Six indicted over Population Registry data theft
May 13, 2012 by admin
More on a breach previously mentioned on this blog last year. Joanna Parasczuk reports on the evolution of a data breach that started in 2006 as an insider breach and ultimately affected everyone in Israel, it seems:
The Tel Aviv District Attorney has charged six people, including a computer programmer formerly employed as a Social Affairs Ministry contractor, in connection with a massive data theft that exposed the personal details of millions of Israelis.
The theft, which took place in 2006, included the publication of detailed personal information on nine million Israelis, among them minors, deceased persons and citizens living abroad.
According to the indictment, Shalom Bilik, who had access to the database during his work at the ministry, copied the data and took a copy of the database home.
After Bilik’s contract with the ministry ended in 2006, he began to provide computing services to an ultra-Orthodox organization in Jerusalem, and allegedly installed the database on computers there.
Indicted alongside Bilik are Avraham Adam, Yosef Vitman, Haim Aharon, Moshe Moskovitz and Meir Leiver.
Adam, who worked at the ultra-Orthodox charity, allegedly used the stolen data [Knowing it was stolen? Bob] after Bilik gave it him.
Allegedly, Adam passed the data on to Vitman, who volunteered at the charity.
Vitman then sold a copy of the stolen database to Aharon, an independent computer consultant, who combined it with a copy of the voter registration database and eleven other databases, the indictment said.
Aharon then sold the combined database to several people, and also gave it to Moskovitz, a computer programmer, to sell.
Moskovitz enhanced the database with a sophisticated search program he had written, and called the final database ‘Agron’. He then sold it on to various acquaintances.
At this stage, the indictment said, the database ended up in the hands of Leiver, who renamed it aRi and sold it to several overseas internet sites.
Read more on Jerusalem Post.
So… what do you think the punishment or sentence should be for someone who’s responsible for starting a mammoth privacy breach like this? There’s no closing this particular barn door any more, either, and the potential remains to combine the database with new or future databases.
Is this Mark Zuckerberg’s wet dream or what? Or maybe NSA’s? Or maybe both, for different reasons.
(Related) A much larger target. But then, every country seems to want all of the data about their citizens in one basket.
Indian ID scheme has already enrolled 160 million citizens
Karl Flinders reports:
The Indian government’s plan to issue all of its 1.2 billion citizens with biometric ID cards is gathering pace, with the IT firm that built and supports the software to enroll citizens revealing that it is completing 14 million enrollments a month.
In 2010, tier-two Indian supplier MindTree won the contract to create and support the software used to enroll citizens, which includes the use of biometrics.
Read more on ComputerWeekly.com.
One use for ubiquitous surveillance. I wonder if they ever do the same thing in reverse to make someone's life miserable? I think it could be automated to allow muckety-mucks to zoom past us “second class” citizens.
"Does it count as a hack if you change your own system? Vanity Fair report that during the bidding process for the 2012 Olympic and Paralympic Games, the London Streets Traffic Control Center followed each vehicle using CCTV, 'and when they came up to traffic lights,' [bid committee CEO Keith] Mills said, 'we turned them green.'"
It's probably not that people are better educated about Privacy, but that the number of aggressive, irritating invasions of their privacy have (at last) reached a tipping point.
Complaints Related to Misuse of Personal Data Increasing
Some data from Estonia reported by Ingrid Teesalu of Estonia Public Broadcasting:
The number of complaints over misuse of personal data has increased sevenfold in the last five years, according to the Data Protection Inspectorate.
While in 2007 there were 110 registered complaints, last year the number had climbed to 818, the agency said in a statement, adding that people’s awareness on the importance of personal data protection is also increasing.
Read more on ERR.
(Related) In the US, an invasion of privacy means we sue... My first question: When did you stop using Hulu?
Hulu Said to Disclose Users’ Viewing Habits
Nick McCann reports;
A class of Hulu subscribers who claim the website discloses what they watch to third parties without their consent argued that their action should continue in San Jose’s federal court.
In their amended class action complaint, six Hulu subscribers said the video site “repurposed” its browser cache so a marketing analyst service called KISSmetrics could store their private data.
The class also claims Hulu shared their private viewing choices with Facebook, Google Analytics, and other online market research and ad companies.
Read more on Courthouse News.
I'm not sure lawyers are ready for this, but I suspect there will be a market for “Train the Client” consultants.
ABA Commission Proposes Ethics Rule Requiring Adequate Data Security
Scott Loughlin writes:
Data protection long has been a legal responsibility for lawyers. The American Bar Association now is proposing to make clear that the protection of a client’s data is an ethical responsibility of the lawyer as well.
The Commission on Ethics 20/20 of the American Bar Association released its Report to the House of Delegates recommending several modifications to the ABA Model Rules of Professional Conduct regarding lawyers’ use of technology and protection of client confidences. The proposals will be considered at the ABA’s 2012 Annual Meeting, and several of these proposed modifications incorporate established concepts from existing data protection and breach notification laws.
Read more on Hogan Lovells Chronicle of Data Protection.
[From the article:
The proposed Model Rule 1.6(c), which uses language commonly found in data breach notification statutes, states:
A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to information relating to the representation of a client.
Got facts? This 'free to copy' book shows you how to gather, analyze and report them.
May 13, 2012
Free Online Data Journalism Handbook
"The Data Journalism Handbook (Beta) is an initiative of the European Journalism Centre and the Open Knowledge Foundation. It is published by O'Reilly Media and freely available online under a Creative Commons Attribution-ShareAlike license."
I'll never get rich blogging (my wife will see to that) but the odd million now and then would be useful...
This will inspire my Apple-loving students and completely depress my Windows-lovers...
Something for to make me gooder.
… Edshelf hopes to become a go-to site where teachers can recommend to one another what’s worked for them, and it’s building a directory of educational materials that have been reviewed for educators by educators. Apps and websites are reviewed based on student engagement and pedagogical effectiveness, as well as on how hard these tools are to learn.
… Edshelf has a number of direct and indirect competitors. Kindertown (which I covered here) provides reviews on educational content written by educators for parents. Edsurge, a weekly newsletter that covers education entpreneurship, recently launched its own review site. I’ve also covered Chalkable, a New York City-based startup that wants to blend the app store with the LMS – part of its value proposition is easier procurement and single sign-on. That’s also what platforms like Edmodo and Google’s Chrome Web Store promise too. And then there’s Apple and iTunes.