Sunday, June 10, 2012
We know who you are and now we know where you will be and when you will be there...
Israeli experts: LinkedIn app transmits user data without consent
As if LinkedIn didn’t have enough problems this week, following the disclosure that they had been hacked and millions of passwords posted on a Russian server, Israeli experts point out they have another security problem. Sagi Cohen reports:
International social network LinkedIn is collecting personal information from its users without their consent, according to Israeli computer security experts.
The business-networking giant’s app for Apple’s iPad and iPhone has an opt-in feature that allows users to view their calendar entries within the app. However, researchers Yair Amit and Adi Sharabani, the founders of Skycure, discovered that once enabled by the user, the app automatically transmits users’ calendar entries back to LinkedIn servers.
Read more on ynet.
Seek and ye shall find...
DocuSign user information found through Google search
June 9, 2012 by admin
Oops. AGBeat reports:
As the world’s largest electronic signature platform, DocuSign says that they have over 6 million unique signers processing millions of transactions per year and that they are “trusted by more people, more companies, more times than any other electronic signature provider in the world.”
In just one search query in particular, we uncovered 4,450 URLs filled with DocuSign customer names, emails, document names, and GPS coordinates of where documents were signed. These details are found on websites with URL structures appearing like the one below (which is not a functional link that takes you to a signed document, just an example):
Read more on AGBeat.
Just in case AG's don't know anything about law?
By Dissent, June 9, 2012
Joseph Lazarotti writes:
To date, State Attorneys General (State AGs) in at least four states (Connecticut, Indiana, Minnesota, Vermont) have exercised their authority to enforce the HIPAA privacy and security rules as granted by the Health Information Technology for Clinical and Economic Health (HITECH) Act (pdf), part of the American Recovery and Reinvestment Act of 2009 (ARRA). Following a nationwide live training campaign, the Office of Civil Rights (OCR) is continuing its efforts to train State AGs by making training materials available online.
Read more on Workplace Privacy Data Management & Security Report.
Are we a global society or not?
Does a Data Breach in the U.S. Require Notification in Europe?
June 9, 2012 by admin
Paul Van den Buick writes:
The European legal framework on the protection of personal data (Directive 95/46/Ec) is acknowledged as one of the strictest in the world. This tendency seems to be confirmed by the new draft regulation on the protection of personal data revealed by the European Commission in January 2012, which, once adopted, will certainly not enter into force before 2015. On the contrary, as opposed to American regulations, the current European Directive seems quite lenient when it comes to data breaches.
This said, in reality, should data breaches be treated differently in Europe than in the United States? The answer is “no.”
Read more on McGuireWoods.
This is what happens when you don't watch your senator... (I told you the surveillance drone business was the “next big thing.” Grab a piece before Go-ogle gets into that market.)
Senate: Drones Need to Operate “Freely and Routinely” In U.S.
Steven Aftergood writes:
The integration of drones or unmanned aerial systems (UAS) into the National Airspace System (NAS) needs to be expedited, the Senate Armed Services Committee said in its report on the FY2013 defense authorization bill last week.
“While progress has been made in the last 5 years, the pace of development must be accelerated; greater cross-agency collaboration and resource sharing will contribute to that objective,” the Committee said.
“Without the ability to operate freely and routinely in the NAS, UAS development and training– and ultimately operational capabilities– will be severely impacted,” the Committee report said.
Meanwhile, the House of Representatives yesterday approved an amendment to the 2013 Department of Homeland Security Appropriations bill that would prohibit DHS from acquiring or flying drones that have weapons onboard.
“None of the funds made available by this Act may be used for the purchase, operation, or maintenance of armed unmanned aerial vehicles,” says the provision sponsored by Rep. Rush Holt (D-NJ).
This prohibition, which is limited to DHS, is likely to be of no practical significance. “Has there ever been any plan to buy armed drones by Homeland Security?” asked Rep. Norm Dicks on the House floor yesterday. “No,” replied Rep. Robert Aderholt.
Also yesterday, Rep. Scott Austin (R-GA) introduced a bill (HR 5925) “to protect individual privacy against unwarranted governmental intrusion through the use of the unmanned aerial vehicles commonly called drones.”
Source: FAS. The text of H.R. 5925 is not yet available on Thomas.
(Related) Strangely, I can't seem to find the actual memorandum.
U.S. government to use ‘drones the size of GOLF BALLS to spy on AMERICAN citizens’
The U.K. press also finds our drone-related domestic surveillance newsworthy:
The Obama administration has been widely criticized for its increased reliance on drone strikes to kill suspected terrorists in Pakistan and Afghanistan, but according to published reports, a plan is now in the works to harness tiny drones to spy on U.S. citizens.
A 30-page memorandum issued by President Barack Obama’s Secretary of the Air Force Michael Donley on April 23 has stated that the drones, some as small as golf balls, may be used domestically to ‘collect information about U.S. persons.’
The photos that the drones will take may be retained, used or even distributed to other branches of the government so long as the ‘recipient is reasonably perceived to have a specific, lawful governmental function’ in asking for them.
Read more on The Daily Mail.
[From the article:
The purpose of the cited memorandum is stated as 'balancing … obtaining intelligence information... and protecting individual rights guaranteed by the U.S. Constitution.'
I wonder if any of the DoE “officials” have graduated from high school?
OK: Education officials agree to redact student data in appeals
Andrea Eger reports:
Amid outcry from lawmakers and concerns from their own board members, Oklahoma Department of Education officials now say they will redact personal information from the records of high school seniors who appeal high-stakes testing requirements.
However, they maintain that students will continue to be required to waive their federal privacy rights concerning educational records in order to enter the appeals process of Oklahoma’s Achieving Classroom Excellence Act.
Under the law, which applies to the class of 2012 and beyond, students must pass at least four of seven subject matter tests in order to earn a high school diploma.
Within hours of the state Board of Education’s denial of the first seven appeals Tuesday, officials posted the applications, showing students’ names, schools, grade-point averages, learning disabilities, test scores and other personal information. Addresses and phone numbers were redacted.
Read more on NewsOK.
That is simply outrageous. There is no indication in the report that the U.S. Department of Education has chimed in on this, but I hope they do and support the students’ right to privacy. Students should not have to waive FERPA rights. They can simply be asked to provide the relevant information needed to make a determination and their parents can sign releases for specific records the review/appeals process might need.
“It's not a majority of voters, it's a majority of Facebook users...”
Users give Facebook’s privacy changes a thumbs down
Cameron Scott reports:
Just 13 percent of voters supported Facebook’s proposed policy changes. However, the voter turnout of 342,600 came to just 0.1 percent of the number Facebook required to make the vote binding.
“We’re realizing that this is a process that doesn’t work. We are bound to our regulators, but at the same time we do really, really value user feedback. We need to find a way to combine both of those things.”
The company said it would consider the vote advisory [Translation: easily ignorable Bob] if participation fell short of the required number.
Read more on Computerworld.
Another tool to eliminate lawyers?
“We kept that no good furiner from getting into the US! What? Born here, huh? Okay, well we still kept him out. What? Walked home? Well, at least he didn't hijack no aero-plane...”
California grad student on no-fly list gets home after stranding
An American student who discovered he was included on the government’s no-fly list and was barred from a U.S.-bound flight from Costa Rica was reunited with family and friends after he flew to Mexico and then walked across the U.S.-Mexico border Thursday evening.
Isn't this the nature of infrastructure?
"As the use of cloud computing becomes more and more mainstream, serious operational 'meltdowns' could arise as end-users and vendors mix, match and bundle services for various means, a researcher argues in a new paper set for discussion next week at the USENIX HotCloud '12 conference in Boston. 'As diverse, independently developed cloud services share ever more fluidly and aggressively multiplexed hardware resource pools, unpredictable interactions between load-balancing and other reactive mechanisms could lead to dynamic instabilities or "meltdowns,"' Yale University researcher and assistant computer science professor Bryan Ford wrote in the paper. Ford compared this scenario to the intertwining, complex relationships and structures that helped contribute to the global financial crisis."
Automating English teachers... The easier the grading, the more writing students can do...
The Algorithm Didn’t Like My Essay
[An interesting paper: http://www.scoreright.org/NCME_2012_Paper3_29_12.pdf
[An open source tool: http://www.cs.cmu.edu/~emayfiel/side.html