Friday, July 05, 2013

Quelle surprise!

Angelique Chrisafis reports:
France runs a vast electronic surveillance operation, intercepting and stocking data from citizens’ phone and internet activity, using similar methods to the US National Security Agency’s Prism programme exposed by Edward Snowden, Le Monde has reported.
An investigation by the French daily found that the DGSE, France’s external intelligence agency, had spied on the French public’s phone calls, emails and internet activity.
Read more on The Guardian.

Apparently when the FBI could not find the person who sent the first anthrax letters, someone said, “Do whatever it takes” and cost/benefit analysis was tossed out the window. Is this why the Post Office is going bankrupt?
NYT- Postal Service Is Watching, Too: Outside of All Mail Is Recorded
Postal Service Is Watching, Too: Outside of All Mail Is Recorded,” by Ron Nixon: “Under “the Mail Isolation Control and Tracking program…Postal Service computers photograph the exterior of every piece of paper mail that is processed in the United States – about 160 billion pieces last year. It is not known how long the government saves the images… The Mail Isolation Control and Tracking program was created after the anthrax attacks in late 2001 that killed five people, including two postal workers. Highly secret, it seeped into public view last month when the F.B.I. cited it in its investigation of ricin-laced letters sent to President Obama and Mayor Michael R. Bloomberg. It enables the Postal Service to retrace the path of mail at the request of law enforcement… Law enforcement officials need warrants to open the mail… In the past, mail covers were used when you had a reason to suspect someone of a crime,” said Mark D. Rasch, who started a computer crimes unit in the fraud section of the criminal division of the Justice Department and worked on several fraud cases using mail covers. “Now it seems to be, ‘Let’s record everyone’s mail so in the future we might go back and see who you were communicating with.’ Essentially you’ve added mail covers on millions of Americans.”

Interesting. Not only use the company's computers for private browsing but store personal data on them as well. How difficult would it be to store your private stuff on a thumb drive?
Larry Page of Davis LLP discusses a case in which an employee was fired for cause for snooping/improper accessing of a file:
In a recent decision of the British Columbia Supreme Court, the Court upheld the termination for cause of a help desk analyst in the IT department who had been employed for over 20 years at Coast Capital Savings Credit Union. (Steel v. Coast Capital Savings Credit Union, 2013 BCSC 527)
Employees at Coast were permitted to have a personal folder in which they would keep confidential business documents. Under the privacy policy at Coast, the files in the personal folder could only be read or edited by the employee who had the folder. Help desk employees were allowed to access personal folders but could only do so to resolve a technical problem and only if the employee who had the personal folder first gave permission to the help desk to access the folder.
Read more about the case on Mondaq.

What, you thought Texas had a sense of humor?
… In the state of Texas, a 19-year-old man named Justin Carter sits in prison, ruthlessly stripped of his freedom for making an offensive joke. After a Facebook friend with whom he played video games described him as “crazy” and “messed up in the head,” Carter replied — sarcastically, one imagines — “Oh yeah, I’m real messed up in the head, I’m going to go shoot up a school full of kids and eat their still, beating hearts.” He added “lol” and “jk” for good measure. For this he was arrested by Austin police, charged with making a “terroristic threat,” and thrown into prison. He may languish there until the start of the next decade.

So the settlement was, “Fix it and try not to do it again?” Wow, harsh!
Following a public comment period, the Federal Trade Commission has approved a final order settling charges that HTC America Inc. failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.
The settlement with HTC America, announced by the FTC in February 2013, requires the company to develop and release software patches to fix vulnerabilities in millions of the company’s devices. The company is also required to establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years.
In addition, the settlement prohibits HTC America from making any false or misleading statements about the security and privacy of consumers’ data on HTC devices. Violations of the consent order may be subject to civil penalties of up to $16,000 per violation.
The Commission vote approving the final order and letters to members of the public who commented on it was 3-0-1, with Commissioner Ohlhausen recused. (FTC File No. 122-3049; the staff contact is Nithan Sannappa, Bureau of Consumer Protection, 202-326-3185.)
SOURCE: FTC. Case documents are available on their site, here.

Each service must have a policy for each country and they must be up to date.
An ICO spokesperson said:
“We have today written to Google to confirm our findings relating to the update of the company’s privacy policy. In our letter we confirm that its updated privacy policy raises serious questions about its compliance with the UK Data Protection Act.
“In particular, we believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.
“Google must now amend their privacy policy to make it more informative for individual service users. Failure to take the necessary action to improve the policies compliance with the Data Protection Act by 20 September will leave the company open to the possibility of formal enforcement action.”
Read the full press release on the ICO’s site.

I posterd this back on June 18th, but their website was screwed up until yesterday. If you want one of these, now you can actually order one.
Get a Kobo Mini e-reader for $39.99

Dilbert points out one minor risk when using the Cloud.

No comments: