Thursday, August 30, 2012
So how's that database stuff working for ya UK?
Council data breaches increase by ‘alarming’ 1,600 per cent
August 30, 2012 by admin
Data breaches across the UK have dramatically increased in the past five years, figures released under freedom of information laws have revealed.
Information disclosed by the Information Commissioner’s Office to a data security firm showed a major growth in self-reported data breaches every year.
On average the increase since 2007 stood at more than 1,000 per cent. But some sectors saw even higher rates of increase.
Read more on PublicService.co.uk
Now, when some of us here report increased figures for breach disclosures, we (translation: I) always point out the confounding factors in interpreting apparent increases. Happily for Imation, the firm that requested the data, they think they can dismiss such factors as the explanation:
“Undoubtedly there are some mitigating circumstances which have contributed to the rise in annual data breach numbers, such as the introduction of mandatory reporting in certain sectors, plus the increasing amounts of data being stored and accessed. But none of these factors obscures the clear trend of constant increases.”
How do you know, Imation? How do you know that the increased reports aren’t an artifact of both increased reporting requirements and increased detection of breaches? What percent of the reported increase is really due to increased incidents and what percent is due to other factors? [Sounds like a project for my Statistics class Bob]
Speaking of databases...
Don't Build a Database of Ruin
by Paul Ohm
Many businesses today find themselves locked in an arms race with competitors to see who can convert customer secrets into the most pennies. To try to win, they are building perfect digital dossiers, to use a phrase coined by Daniel Solove, massive data stores containing hundreds, if not thousands or tens of thousands, of facts about every member of our society. In my work, I've argued that these databases will grow to connect every individual to at least one closely guarded secret. This might be a secret about a medical condition, family history, or personal preference. It is a secret that, if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm. And these companies are combining their data stores, which will give rise to a single, massive database. I call this the Database of Ruin. Once we have created this database, it is unlikely we will ever be able to tear it apart.
[A quote from the Comments:
If you have something to hide then you should have done it on your neighbors wifi it in the first place.
I suppose it's better than Tweeting, “Dude, did the reactor scram?”
"The Japanese national Fire and Disaster Management Agency today hosted the first of 3 panels to discuss allowing emergency calls to be placed through social networks. For the event, Twitter's Japanese blog posted entries on how to use the service during emergencies, one of which advised: 'If your circumstances allow, please add #survived to your tweets. This will help when family and friends that are worried about you search on your welfare.'"
Attention Class Action Lawyers! Word is starting to leak out!
Netflix Users Object to Privacy Settlement
Erik Gruenwedel reports:
A number of Netflix subscribers have filed objections to a court decision on a privacy act complaining the proposed $9 million class-action settlement leaves little for those allegedly wronged.
A Northern California court in February found the Los Gatos, Calif.-based streaming pioneer violated provisions of the 1988 Video Privacy Protection Act that disallows video rental services from accessing subscriber information up to two years after cancelation.
About 50 subscribers reportedly have filed formal objections to the court complaining the settlement awards more than $2 million to lawyers involved in the case, about $30,000 to each of the initial six plaintiffs, and little to anyone else. The complaints say the lack of financial remuneration undermines the validity of the case and rendering it little more than a frivolous lawsuit benefitting lawyers. [Well, DUH! Bob]
Read more on HomeMedia.
(Related) You don't even need a Class Action...
Consumer Watchdog wins right to fight Google’s itty-bitty FTC payout
Kelly Fiveash reports that Consumer Watchdog will be able to file a brief opposing the FTC-Google settlement.
Consumer Watchdog, a non-profit outfit, has until 21 September to submit a friend-of-the-court brief expressing its views on the deal struck between the FTC and Google.
US district court judge Susan Illston granted [PDF] attorneys representing the group the right to file the brief. She said Google and the FTC would have to respond to Consumer Watchdog’s gripes about the settlement no later than 28 September.
The group is seeking amicus status [PDF] to oppose the settlement.
Read more on The Register.
For those of us with no brain waves, this is no big deal. The future is a remote brain scan...
Researchers Hack Brainwaves to Reveal PIN Numbers, Other Personal Data
Geeta Dayal reports:
Don’t you dare even think about your banking account password when you slap on those fancy new brainwave headsets.
Or at least that seems to be the lesson of a new study which found that sensitive personal information, such as PIN numbers and credit card data, can be gleaned from the brainwave data of users wearing popular consumer-grade EEG headsets.
A team of security researchers from Oxford, UC Berkeley, and the University of Geneva say that they were able to deduce digits of PIN numbers, birth months, areas of residence and other personal information by presenting 30 headset-wearing subjects with images of ATM machines, debit cards, maps, people, and random numbers in a series of experiments. The paper, titled “On the Feasibility of Side-Channel Attacks with Brain Computer Interfaces,” represents the first major attempt [With no designed in security, this is not a surprise... Bob] to uncover potential security risks in the use of the headsets.
Read more on Threat Level.
Maybe Kim Dotcom has a point?
Oops! Copyright Cops Return Seized RojaDirecta Domain Names – 19 Months Later
One of Spain’s most popular websites, whose American domains were seized in January 2011 as part of a crackdown on internet piracy, is getting its domains returned 19 months later, as the U.S. government voluntarily dropped its claim Wednesday.
The Rojadirecta .com and .org domains were seized more than a year and a half ago, along with eight others connected to broadcasting pirated streams of professional sports, as part of the government’s “Operation in Our Sites.”
The federal court order mandating return of the domain names marks the second court “victory” for seized sites. Earlier this year, the government reluctantly, and without apology, returned a music blog’s domain name after seizing it at the behest of the RIAA, holding onto it for more than a year, and then failing to even file charges against the site.
The government, which seized the domain names for simply including links to copyrighted content, dropped the Rojadirecta claim, seemingly due to a recent ruling by Judge Richard Posner. Posner, one of the nation’s most respected judges, knocked down charges that a video bookmarking site was infringing copyright law, just because its users linked to copyrighted videos.
In a letter accompanying the motion to dismiss, the government told the New York federal court that it had changed its mind:
The Government respectfully submits this letter to advise the Court that as a result of certain recent judicial authority involving issues germane to the above-captioned action, and in light of the particular circumstances of this litigation, the Government now seeks to dismiss its amended forfeiture complaint. The decision to seek dismissal of this case will best promote judicial economy and serve the interests of justice.
… “The government has not shown and cannot show that the site ever was used to commit a criminal act, much less that it will be in the future. By hosting discussion forums and linking to existing material on the internet, Puerto 80 is not committing copyright infringement, let alone criminal copyright infringement,” (.pdf) according to the site’s legal filing last year.
The site says it also tried to negotiate with the government to get the site back, but were told they would only get it back if the site prohibited its users from linking to any U.S. content anywhere on its sites.
The lawsuit added that “the government effectively shut down an entire website, suppressing all of the speech hosted on it, based on an assertion that there was probable cause to believe that some of the material linked to the website (though not found on the website itself) might be infringing.”
The U.S. government is taking .com, .org. and .net domains with court approval, under the same civil seizure law the government invokes to seize brick-and-mortar drug houses, bank accounts and other property tied to illegal activity.
Are we headed toward global copyright laws or vendor defined law?
"After two private meetings with Microsoft and IBM, New Zealand's proposed new patent legislation has been changed by 'replacing an exclusion in clause 15(3A) (which relates to computer programs) with new clause 10A. Rather than excluding a computer program from being a patentable invention, new clause 10A clarifies that a computer program is not an invention for the purposes of the Bill.' The difference is that the new 10A clause contains the 'as such' loophole — the wording that is used by the European Patent Office to grant software patents. This is the same Patents Bill launched in 2009."
Another “Just let the industry decide”
"GigaOm's Jeff John Roberts has a compelling writeup about patent trials and how juries are detrimental to justice in such cases. Roberts uses the recent Apple-Samsung trial as the backdrop for his article; although the trial lasted three weeks, during which hundreds of documents were presented and the finer points of U.S. patent law were discussed, the jury only took 2-3 days to deliberate. 'Patents are as complex as other industrial policies like subsidies or regulatory regimes. When disputes arise, they should be put before an expert tribunal rather than a jury that is easily swayed by schoolyard "copycat" narratives.'"
Interesting. I wonder where they get their information? CIA Press Releases? Maybe someone at the White House just crosses names off the “Kill List”
Apple Rejects App That Tracks U.S. Drone Strikes
It seemed like a simple enough idea for an iPhone app: Send users a pop-up notice whenever a flying robots kills someone in one of America’s many undeclared wars. But Apple keeps blocking the Drones+ program from its App Store — and therefore, from iPhones everywhere. The Cupertino company says the content is “objectionable and crude,” according to Apple’s latest rejection letter.
(Related) Speaking of undeclared wars...
Marines vs. Zetas: U.S. Hunts Drug Cartels in Guatemala
The war on drugs just got a whole lot more warlike. Two hundred U.S. Marines have entered Guatemala, on a mission to chase [What a bland euphemism Bob] local operatives of the murderous Zeta drug cartel.
For my Website students
August 29, 2012
EFF's "Keeping Your Site Alive" guide
News release: "EFF's Keeping Your Site Alive guide includes tips on choosing an appropriate webhost to provide the security and technical assistance needed to weather an attack. The guide also gives advice on how to back up and mirror content so it can be made available elsewhere in case the site is compromised, and includes tutorial videos with background information on the technical concepts involved. Denial of service attacks are an issue for websites across the globe, so EFF's guide is available in many different translations, including Chinese, Russian, Persian, and Arabic."
Popular ‘HTML5 Boilerplate’ Hits 4.0
You can grab a copy of HTML5 Boilerplate v4.0 from the HTML5 Boilerplate website.
… Version 4 of Boilerplate also updates the various code libraries that Boilerplate relies on, including jQuery, Modernizer and the very awesome Normalize.css.
You can see the complete changelog for this version over on Github and get any help you might need with HTML5 Boilerplate at Stack Overflow.
A new class of tech users.
There's this idea that young people, who have grown up in a streaming Internet world, aren't getting cable and they never will. We call these people cord nevers and right now they are more of a theory than a scary trend for the cable companies. It makes sense that a younger "Netflix generation" wouldn't feel the need to pay all that money for all those channels they don't want, but there aren't that many cold hard statistics on this demographic to either confirm or deny it since most statistics in the conversation come from cable company subscription numbers. Those numbers allow us to see how many people are cancelling their cable (not too many) but they don't show how many people are never subscribing to cable in the first place leaving us without information on a possibly huge generational shift in media consumption. On the theory that any numbers would be better than no numbers, we decided to gather a bit of our data ourselves: we asked our esteemed 22-34* year-old colleagues at The Atlantic Media Company a simple question: "Do you have cable at home?"