Thursday, December 05, 2013
This shouldn't surprise anyone...
Allison Bell reports:
The federal agency that enforces health data security regulations did a poor job of protecting the data it was using in its own investigations.
Officials at the Office of Inspector General at the U.S. Department of Health and Human Services announced that conclusion in this latest report.
Thomas Salmon and other HHS OIG staffers were looking at the efforts of the HHS Office for Civil Rights to enforce the Health Insurance Portability and Accountability Act health data Security Rule.
Read more on Benefits Pro.
The Office for Civil Rights Did Not Meet All Federal Requirements in Its Oversight and Enforcement of the Health Insurance Portability and Accountability Act Security Rule (complete report, .pdf, 26 pp.)
Jenna Green reports what’s on the FTC’s wish list for legislation:
… Ramirez said she favors making the FTC the sole federal agency in charge of enforcing a uniform set of national data breach notification requirements. Such requirements would compel businesses to notify consumers of a data breach promptly, and also to notify credit bureaus. The FTC has urged Congress to give the agency civil penalty authority against companies that fail to maintain reasonable security.
Ramirez also said she supported making the federal rules supersede state requirements—and to make the rules enforceable by both the FTC and state attorneys general. Further, she said a violation of data breach requirements should be deemed an unfair or deceptive act in commerce, and thus subject to FTC authority under the FTC Act.
Read more on Law.com, as there’s much more to their wish list but I’m just focusing on breach notification in this post.
Of course, some of the proposed federal data breach notification laws did make the FTC the responsible federal agency for enforcement, but not all of them do. And as I’ve argued repeatedly for lo, these many years, a federal data breach notification law that supercedes the patchwork of state laws is a great idea – but only if it is as strong as the strongest existing state law so that consumers do not lose protections they currently have. The federal law would also need to encompass data in all formats and clarify who has the responsibility to notify consumers when the data loss or breach occurs at a contractor or vendor. And of course, it needs to have some safe harbor provisions that would encourage entities to implement rigorous security.
And while we’re on the subject, see Adam Greenberg’s report on why breach notification laws are likely to remain state-by-state.
Not voluntary because he was surrounded by cops? How many cops does it take to be intimidated? (One with his gun in hand would probably work for me)
Orin Kerr writes:
Yesterday the Fourth Circuit handed down an interesting Fourth Amendment decision in United States v. Robertson, involving a consent search at a bus shelter. It’s a rare published decision from the Fourth Circuit, with a divided vote, and my tentative view is that the dissent is correct.
As I understand the facts, several officers converged on the bus shelter (which I assume something like this) to try to figure out if any of the people at the shelter knew of a foot chase involving a gun that had just been reported in the area. Robertson was one of the men sitting at the bus shelter, and he was approached by Officer Welch. Welch asked Robinson, “Do you have anything illegal on you?”, but Robertson remained silent. Welch then waved Robertson toward him and said, “Do you mind if I search you?” Robertson stood up, walked two yards towards Officer Welch, turned around, and raised his hands above his head. Welch interpreted that as consent, and conducted a search. The search recovered a firearm, and that led to charges for illegal firearms possession.
Read more on The Volokh Conspiracy.
Well, that's why there is a Supreme Court. OR, does the exemption cover anything I do on a regular basis?
Julia Love reports:
A pair of Silicon Valley judges have dramatically parted ways on how much wiggle room email providers have under federal wiretap laws to gather user information.
“The amended complaint fails to allege any interception that falls outside the scope of this broad immunity,” he wrote in a 30-page order.
That philosophy appears to clash with the thinking of U.S. District Judge Lucy Koh, who refused to let Google off the hook in another pending privacy suit.
Read more on Law.com.
“We can, therefore we must!” Even if it doesn't really work too well yet.
Companies Developing Crowd Analysis Programs To Detect ‘Abnormalities’ In Behavior And Match Faces Against Giant Databases
Glyn Moody writes:
One of the reasons that the total surveillance programs of the NSA and GCHQ are possible is that computers continue to become more powerful and cheaper, allowing ever-more complex analyses to be conducted, including those that were simply not feasible before. Here’s another example of the kind of large-scale monitoring that is now possible, as reported by Nikkei Asian Review:
NEC announced that it has developed the world’s first crowd behavior analysis technology. Based on the simulated behavioral patterns exhibited by people in emergencies, the system is designed to detect any abnormalities in the behavior of congested public places.
Read more on TechDirt.
I'm a sucker for a good infographic...
A Visual History of Computers
Pop Up Archive Transcribes and Tags Sounds, Searches Historical Broadcasts
Initially started as a project at University of California, Berkeley, Pop Up Archive is a new tool to help journalists, media, archivists, historians and others easily find and reuse sound.
“As we launch Pop Up Archive publicly, our goal has grown much bigger. We want to make it easy for all storytellers to find and reuse recorded sound. Now, anyone can visit popuparchive.org to make audio findable through auto-transcription, auto-tagging, and easy-to-use sound management tools. We’re gathering thousands of hours of sounds from around the world, audio collections large and small — and they’re all waiting to be discovered,” says Anne Wootton, one of the co-founders.
After having made an audio recording, users can upload it to Pop Up Archive, which automatically transcribes it and issues timestamps, making it easy to search for the recordings. The sounds are indexed so they can be recovered by keyword, date, contributor, location and more. Transcribing isn’t new, of course, and tools like Voicebase already offer that.
“We’ve done the heavy lifting and tethered lots of services in one place: transcription, cataloging, storage, preservation, a hypermedia API, and a platform for processing large amounts of digital sound,” Pop Up Archive says in its description.
Right now, you can visit the website and search through the archives that it has stored, in partnership with Public Radio Exchange (PRX). You can hear Buster Keaton explaining silent film captioning; Chicago Mayor Rahm Emanuel’s plans for his city; and the future of Bitcoin.
There’s thousands of hours of great audio waiting to be discovered at the Pop Up Archive.