Thursday, October 17, 2013
Think of it as a research project collecting “Strategies for Effective Data Breach Lawsuits?”
U. of Arizona law school notifying over 9,000 former students and applicants whose SSN may have been accessed by hacker
You won’t find it on their home page, but if you dig into the U. of Arizona‘s web site, you’ll find this notice, posted today:
Personal information of certain former law students and applicants to the University of Arizona James E. Rogers College of Law may have been exposed after being stored on a server in error. The University has attempted to notify all those affected by personal letter and set up a toll-free number to answer questions.
The University of Arizona is informing certain former law students and applicants to the James E. Rogers College of Law that an unauthorized intruder may have had access to their personally identifiable information.
An intruder accessed a server hosting the College of Law public website on July 29. Analysis of the server showed that the intruder may have accessed old class rosters and applicant lists that were stored on the server in error. The investigation identified 9,080 individuals whose names and social security numbers were potentially accessible.
The University no longer uses social security numbers as personal identifiers except where required by law. Instead, all students, alumni, faculty and staff, and others whose records are kept for business reasons are assigned a personal University identification number. The files stored on the compromised web server predated this policy by several years.
The Arizona Daily Star reported this incident earlier today.
For my Computer Security students – this is how you get hired.
How to Design — And Defend Against — The Perfect Security Backdoor
… Having lost that public battle, the NSA decided to get its backdoors through subterfuge: by asking nicely, pressuring, threatening, bribing, or mandating through secret order. The general name for this program is BULLRUN.
Sliding down that slippery slope like an Olympic Luge. This seems to be “Wouldn't it be nice” data rather than “We can significantly reduce our risk” data.
A reader kindly sent along this link to a post by Michael Geist:
The Royal Bank of Canada updated its mobile application for Android users earlier this month. Like many banking apps, the RBC version allows users to view account balances, pay bills, and find bank branches from their smartphone. Yet when users tried to install the app, they were advised that the bank would gain access to a wide range of personal data.
The long list of personal data – far longer than that found in comparable applications from banks such as TD Canada Trust or Bank of Montreal – included permission to use the device’s camera, to read the user’s call history, to access the user’s Internet browsing habits, and to even check out their browser bookmarks. After users took to Twitter and the Google app review section to complain, RBC advised that it would update the app and that users should “stay tuned” about the permission requirements.
My weekly technology law column (Toronto Star version, homepage version) notes that RBC is not alone in requiring users to disclose more personal information in order to access services. Aeroplan, the loyalty program linked to Air Canada, sent an email last week to hundreds of thousands of Canadians notifying them that it too was changing its data collection practices.
The company disclosed that holders of its popular financial credit cards (which can be used to earn Aeroplan points based on total spending) will soon be required to grant it access to detailed financial activity. Starting next year, Aeroplan will be privy to all cardholder transactions, including merchant names, transaction amounts, and dates of the transactions.
Read more on Michael’s blog. I guess I won’t be using Aeroplan any more!
Clearly, Congress hasn't seen this yet. My Statistics students could have explained it to them.
Poll – The New American Center
“An exclusive Esquire-NBC News survey [rendered in a series of infographics that accompany the data for each respective question/answer] shows us that everything we are told about politics in America today—that there is no middle ground between left and right, blue and red, us and them—is wrong. The data, compiled by the Benenson Strategy Group (pollster for Obama for America ’08 and ’12) and Neil Newhouse of Public Opinion Strategies (lead pollster for Romney for President), show us there is a large group of American voters—even a majority—who make up a New American Center that is passionate, persuadable, and very real. They are merely waiting for Washington to find them.” ["The Benenson Strategy Group and Public Opinion Strategies conducted a nationwide survey from August 5 through 11, 2013, with 2,410 registered voters. They applied a k-means clustering technique to group respondents into "segments" based on attitudinal and demographic commonalities and like-mindedness. They conducted eight iterations of the clustering to optimize the differentiating variables that feed into the segmentation methodology. The segments were formed based on commonalities across their demographics; psychographics; political, social, and economic values; and lifestyles. The pollsters selected the segmentation solution that yielded the most unique and differentiated clusters."] Esquire, November 2013 issue.
For my “starving students” (Unfortunately, a series of infographics. )
200 Ways To Make Money Online