As I’ve noted before, the Vendini
breach, reported
previously on this
blog, appears to fairly large, but has generally flown under national
mainstream media attention. Instead, I see bits and pieces in local
media or on organizations’ web sites as entities report that their
patrons or members were affected (cf, reports involving Purple
Rose Theatre, Baldwin
Theatre, Stagecrafters,
The
Farmington Players , Lexington
Children’s Theatre, Caterpillar
Visitors Center, Touchstone
Theatre, Cedar
Crest College, Lehigh
Valley Charter High School for the Arts , Valdosta
State University, East
Central College (notice),
Ashville
Community Theatre, St.
Louis Classical Guitar Society, Winchester
Little Theatre, Thalian
Hall, Butler
University, Wildey
Theatre, Pacific
Aviation Museum, The
Arts & Science Center for Southeast Arkansas, Wartburg
College, Oregon
University System (Southern Oregon University Foundation, Western
Oregon University, and Oregon State University), The
Friends of Chamber of Music (cached), ,
and University
of Michigan). And there are undoubtedly more that are not listed
above.
Vendini’s reports to New
Hampshire and California
are available online, but I recently sent a FOI request to North
Carolina, which requires entities to report breaches to the state.
In response, they sent me the breach
notifications they’ve received so far, which I am uploading here:
Butler
University – 411 affected
Asheville Community Theatre – approximately 20,000 North Carolina residents affected
Kirby Cultural Arts Complex – 147 affected
Central Piedmont Community College – approximately 12,000 affected
South Orange Performing Arts Center – 6,619 affected
Thalian (part 1), part 2 – 6,000 affected
Asheville Community Theatre – approximately 20,000 North Carolina residents affected
Kirby Cultural Arts Complex – 147 affected
Central Piedmont Community College – approximately 12,000 affected
South Orange Performing Arts Center – 6,619 affected
Thalian (part 1), part 2 – 6,000 affected
Why Vendini is allowing this to dribble
out instead of just being more upfront about the numbers involved
escapes me. But significantly, a number of their
clients were unpleasantly surprised to discover that their contracts
with Vendini did not require Vendini to make the patron notifications
and that it was on them to do so. [Surely someone read the contract
before signing? Bob] This serves as a useful reminder to
check your contracts to ensure that if a vendor or contractors has a
breach, they are responsible for notifying your customers or paying
for you to do so.
Update to the update: I’ll just
add other organizations as I come across them:
A “don't hire these people”
database?
Gov. Jay Nixon
vetoed a workers’ compensation bill on Tuesday that he said would
have “invaded Missourians’ privacy, required creation of new
government database.”
The rhetoric came
in the midst of a battle between Nixon and a Republican-led
opposition critical of his administration’s Department of Revenue’s
former practice of scanning personal documents, where Republicans
accused Nixon of doing essentially the same thing.
The
bill, Senate Bill 34 which was sponsored by Sen. Mike
Cunningham, would have called on the government to
establish a database of all Missouri workers who have filed for
workers’ compensation claims for on the job injuries. The database
would have been accessible to Missouri employers.
Read more on PoliticMo.
This is a bit aggressive, isn't it? Is
it an act of war? Isn't it like invading an embassy? Would we do
that to Putin's plane?
Bolivia
angered by search of president's plane, no sign of Snowden
VIENNA (Reuters) - Bolivia accused
Austria of an act of aggression by searching President Evo Morales'
plane on Wednesday and blamed Washington for its forced landing in
Vienna over suspicions that former U.S. spy agency contractor Edward
Snowden was on board.
Morales' plane was stranded at Vienna
airport for several hours after Portugal and France abruptly canceled
air permits for it to fly through their airspace, but eventually
resumed its flight home form an energy meeting in Moscow.
(Related)
CRS
– Criminal Prohibitions on the Publication of Classified Defense
Information
Criminal
Prohibitions on the Publication of Classified Defense Information
– Jennifer K. Elsea, Legislative Attorney, June 24, 2013
“The publication of classified
information related to National Security Agency (NSA) surveillance
activity is the latest in a series of leaks to the press that has
riveted Congress’s attention. Press reports describing classified
U.S. operations abroad have led to calls from Congress for an
investigation into the source of the leaks, and Attorney General
Holder appointed two special prosecutors to look into the matter.
The online publication of classified defense documents and diplomatic
cables by the organization WikiLeaks and subsequent reporting by the
New York Times and other news media had already focused attention on
whether such publication violates U.S. criminal law. The suspected
source of the WikiLeaks material, Army Private Bradley Manning, has
been charged with a number of offenses under the Uniform Code of
Military Justice (UCMJ), including aiding the enemy, while a grand
jury in Virginia is deciding whether to indict any civilians in
connection with the disclosure. A number of other cases involving
charges under the Espionage Act, including efforts to extradite
Edward Snowden in connection with the leak of NSA documents
pertaining to certain surveillance programs, demonstrate the Obama
Administration’s relatively hardline policy with respect to the
prosecution of persons suspected of leaking classified information to
the media. This report identifies some criminal statutes that may
apply to the publication of classified defense information, noting
that these have been used almost exclusively to prosecute individuals
with access to classified information (and a corresponding obligation
to protect it) who make it available to foreign agents, or to foreign
agents who obtain classified information unlawful while present in
the United States.”
As long as we're talking about
surveillance... This expands on my “We can, therefore we must!”
meme.
Commentary
– Technology, Not Law, Limits Mass Surveillance
Technology,
Not Law, Limits Mass Surveillance, by Ashkan
Soltani - IT Technology Review July 2013
“Recent revelations about the extent
of surveillance by the U.S. National Security Agency come as no
surprise to those with a technical background in the
workings of digital communications. The leaked documents show how
the NSA has taken advantage of the increased use of digital
communications and cloud services, coupled with outdated privacy
laws, to expand and streamline their surveillance programs. This
is a predictable response to the shrinking cost and growing
efficiency of surveillance brought about by new technology. The
extent to which technology has reduced the time and cost necessary to
conduct surveillance should play an important role in our national
discussion of this issue. The American public previously, maybe
unknowingly, relied on technical and financial barriers to protect
them from large-scale surveillance by the government. These implicit
protections have quickly eroded in recent years as technology
industry advances have reached intelligence agencies, and digital
communications technology has spread through society. As a result,
we now have to replace these “naturally occurring” boundaries and
refactor the law to protect our privacy. The ways in which we
interact has drastically changed over the past decade. The
majority of our communications are now delivered and stored by
third-party services and cloud providers. E-mail, documents,
phone calls, and chats all go through Internet companies such as
Google, Facebook, Skype, or wireless carriers like Verizon, AT&T,
or Sprint. And while distributed in nature, the physical
infrastructure underlying the World Wide Web relies on key
chokepoints which the government can, and is, monitoring. This makes
surveillance much easier because the NSA only needs to establish
relationships with a few critical companies to capture the majority
of the market they want to observe with few legal restrictions. The
NSA has the capability to observe hundreds of millions of people
communicating using these services with relatively little effort
and cost.”
Who expects the government to be
smarter on social media than they are on foreign policy?
State
Department bureau spent $630,000 on Facebook 'likes'
State Department officials spent
$630,000 to get more Facebook "likes," prompting employees
to complain to a government watchdog that the bureau was "buying
fans" in social media, the agency's inspector general says.
… "Many in the bureau
criticize the advertising campaigns as 'buying fans' who may have
once clicked on an ad or 'liked' a photo but have no real interest in
the topic and have never engaged further," the inspector general
reported.
… Despite the surge in likes, the
IG said the effort failed to reach the bureau's target audience …
Only about 2 percent of fans actually engage with the pages by
liking, sharing or commenting.
For my Data Analysis students. Read
free online...
Report
– Frontiers in Massive Data Analysis
“From Facebook to Google searches to
bookmarking a webpage in our browsers, today’s society has become
one with an enormous amount of data. Some internet-based companies
such as Yahoo! are even storing exabytes (10 to the 18 bytes) of
data. Like these companies and the rest of the world, scientific
communities are also generating large amounts of data-—mostly
terabytes and in some cases near petabytes—from experiments,
observations, and numerical simulation. However, the scientific
community, along with defense enterprise, has been a leader in
generating and using large data sets for many years. The issue that
arises with this new type of large data is how to handle it—this
includes sharing the data, enabling data security, working with
different data formats and structures, dealing with the highly
distributed data sources, and more. Frontiers
in Massive Data Analysis presents the Committee on the
Analysis of Massive Data’s work to make sense of the current state
of data analysis for mining of massive sets of data, to identify gaps
in the current practice and to develop methods to fill these gaps.
The committee thus examines the frontiers of research that is
enabling the analysis of massive data which includes data
representation and methods for including humans in the data-analysis
loop. The report includes the committee’s recommendations, details
concerning types of data that build into massive data, and
information on the seven computational giants of massive data
analysis.”
No comments:
Post a Comment