Wednesday, August 22, 2012
Thousands receive a letter about a possible information breach at Colorado State U. – Pueblo
August 21, 2012 by admin
Lacey Steele reports that Colorado State U. – Pueblo has notified over 19,000 students and applicants of what they believe is a low-threat breach:
A few students accidentally gained access [Usually an indication that the files were unprotected. Bob] to some files containing personal information, but they told school authorities immediately and the problem was fixed.
Read more on KOAA.
Interesting. I assume driving into Mexico is viewed as at least as risky as parking your car in Boston (Car theft capital of the US) Would the government give/sell the information to other warranty issuers?
U.S. Customs Tracks Millions Of License Plates, Shares Data With Insurance Firms
Andy Greenberg reports:
It may come as little surprise that every time you cross the border, cameras record your license plate number and feed it into a database of driver locations. More disturbing, perhaps, is the fact that the government seems to share that automobile surveillance data with an unexpected third party: insurance companies.
Documents obtained through a Freedom of Information Act request and released Tuesday by the Electronic Privacy Information Center (EPIC) catalogue just how pervasive automatic license plate readers have become at the Mexican and Canadian borders, with cameras placed in dozens of U.S. cities each capturing images of millions or tens of millions of plates a year. But the FOIA’d records (PDF here) also include memos outlining the sharing of that license plate data between the Department of Homeland Security’s Customs and Border Protection, the Drug Enforcement Agency, and most significantly, the National Insurance Crime Bureau, an Illinois non-profit composed of hundreds of insurance firms including branches of Allstate, GEICO, Liberty, Nationwide, Progressive, and State Farm.
Read more on Forbes.
...and the pendulum that had swung to “we needed to look for potential Columbine shooters” swings back the other way. Maybe.
California passes legislation to protect college students’ social media privacy
Sam Laird reports:
California’s Senate on Tuesday unanimously approved legislation to bar colleges and universities from requiring students to provide administrators with access to their social media usernames and passwords. Governor Jerry Brown now must sign or veto the bill by Sept. 30.
California is not the first state to pass legislation protecting social media privacy for students. In March, Maryland’s Senate passed a bill to prevent public colleges and universities in the state from requiring students including athletes to provide access to their social accounts.
Read more on Mashable.
(Related) You know you have a problem when the school board strategy matches the vendors sales pitch word for word.
EPIC Supports Moratorium on RFID Student Tracking
EPIC, along with Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) and other leading privacy and civl liberties organizations, issued a Position Paper on the Use of RFID in Schools. Radio Frequency Identification is an identification tracking technology “designed to monitor physical objects,” such as commercial products, vehicles, and animals. Some school districts are proposing to use RFID ID tags to monitor students, teachers, and staff. The report warns of significant privacy and security risks. If RFID techniques are adopted, the groups urge that schools adopt robust privacy safeguards. In 2006 and 2007, EPIC submitted comments to federal agencies recommending against the use of RFID technology to track air travelers. The State Department subsequently made changes to the “e-Passport,” to address privacy and security concerns. For more information, seeEPIC: Radio Frequency Identification (RFID) Systems and EPIC: Student Privacy
Chipping students is a topic I’ve blogged about a number of times, and the schools that are using it are, for the most part, using it to (1) boost school revenues by gaining better attendance records for state reimbursement or (2) claiming that the tracking provides another layer of safety by knowing where the student is. While some parents have objected to the tracking, many others report that they like the idea. Personally, I think it’s a terrible idea as it inoculates youth to feeling that they are under constant surveillance.
...and thus are hairs split, re-split and made absolutely frizzy.
Web Sites Accused of Collecting Data on Children
Natasha Singer reports:
A coalition of nearly 20 children’s advocacy, health and public interest groups plans to file complaints with the Federal Trade Commission on Wednesday, asserting that some online marketing to children by McDonald’s and four other well-known companies violates a federal law protecting children’s privacy.
The law, the Children’s Online Privacy Protection Act, requires Web site operators to obtain verifiable consent from parents before collecting personal information about children under age 13. But, in complaints to the F.T.C., the coalition says six popular Web sites aimed at children have violated that law by encouraging children who play brand-related games or engage in other activities to provide friends’ e-mail addresses — without seeking prior parental consent.
At least one company, however, said the accusation mischaracterized its practices, adding that the law allows an exception for one-time use of a friend’s e-mail address.
Read more on New York Times.
So it's like a Consumer Group but without any pesky consumers?
Smart Grid Advocacy Group Seeks to Refute Privacy and Data Security Concerns
Shelton Abramson writes:
The Smart Grid Consumer Collaborative (SGCC) recently published a fact sheet and released a web video to refute privacy and data security critiques of smart meter technology. SGCC is a non-profit that seeks “to advance the adoption of a reliable, efficient, and secure smart grid.” Its membership includes electric utility and technology companies, universities, government agencies, and environmental advocacy groups. Privacy and data security concerns have led some consumers to oppose the installation of smart meters, and even inspired lawsuits in states such as Maine and Illinois. SGCC’s recently published materials suggest that many of these concerns are based on “myths” and “urban legend.”
Read more on Covington & Burling InsidePrivacy.
Not sure I understand this logic either...
DNA Extraction, Plain View, and the Scope of the Exclusionary Rule: The Fourth Circuit’s Decision in United States v. Davis
The Fourth Circuit decided a very interesting Fourth Amendment case last week on the constitutionality of DNA testing, the scope of the plain view exception, and the scope of the exclusionary rule. The case is United States v. Davis, decided August 16. ... I’ll run though the facts, then turn to the law, and then offer some thoughts.
(Related) Flying with the Fourth...
Does the Fourth Amendment have a Posse (Comitatus)?
Ryan Calo writes:
Earlier this month, U.S. News & World Report ran the following headline: “Court Upholds Domestic Drone Use In Arrest Of American Citizen.” The article goes on to explain that a man was arrested in North Dakota with air support from a Predator B drone on loan from the Department of Homeland Security. His attorney filed a motion to dismiss on the basis that local police had not secured a warrant to use a drone in his arrest. The court, understandably, denied the motion. As I and others have observed, the Fourth Amendment does not restrict the use of drones to assess whether a perpetrator is dangerous. It would only be implicated if, for instance, one person were followed around for a long time, or the entire population were placed under constant aerial surveillance. And even then the outcome of a challenge is uncertain.
Read more on Stanford CIS.
Dilbert perfectly illustrates my point about the perils of long software development projects. (Like the government seems to prefer.)