Tuesday, January 14, 2014
Oh my gosh! We gotta do something! (We gotta sound like we care, so we can get re-elected!) I doubt the Congressman shops at Target (perhaps his butler does) but we're talking 110 million votes!
Target Corporation : Clay Demands Answers on Target Data Breach, Democrats on House Financial Services Committee Seek Congressional Inquiry
Rep. William L. 'Lacy' Clay Jr., D-Mo. (1st CD), issued the following news release:
In the wake of the massive Target data breach that compromised more than 40 million credit and debit card accounts as well as exposing the personally identifiable information of as many as 110 million Americans, Congressman Wm. Lacy Clay (D) Missouri, the Ranking Member on the House Financial Services Subcommittee on Domestic & International Monetary Policy, joined with 16 fellow Democrats to demand a congressional inquiry into the critical failure to protect the personal financial information of millions of Americans.
Target Attackers May Have Used RAM Scrapers
… The most probable suspect is software known as a random access memory, or RAM, scraper, which steals data in its unencrypted form from the main memory of an infected computer.
While neither Target nor Neiman Marcus have disclosed what tools the attackers used, security experts suspect that POS terminals at both retail chains had been compromised with scrapers, which then stole credit card data and other account information. Reuters first reported the link on 12 January.
“They are grabbing at the stage before it is encrypted,”
Perhaps it's cheaper? Save money where you can, because the total cost of this breach could be huge!
idRADAR has some comments about Target’s offer of an ID theft product. I found it interesting to read because I wouldn’t have realized that what Target negotiated was not the usual kind of product that checks all three major credit reporting databases – Experian, Equifax, and Transunion. The plan Target arranged with Experian only checks Experian’s database.
Read the article and see what you think. [The site was down when I clicked over Bob]
Emails for the paranoid?
Behind the notification service of “Have I been pwned?”
A few weeks ago now I launched the notification service for Have I been pwned? (HIBP). The premise of the service is that whilst it’s great to be able to go to the HIBP website at any time and ask it if your account had been pwned, what’d be really great is if it could just tell you automagically if your email address appears in a data breach loaded into the system in the future.
You phone is a phink! If I don't have an expectation of privacy, how long before businesses (or governments) have an expectation of snooping? Will it become mandatory to own a SmartPhone?
Elizabeth Dwoskin reports:
Fan Zhang, the owner of Happy Child, a trendy Asian restaurant in downtown Toronto, knows that 170 of his customers went clubbing in November. He knows that 250 went to the gym that month, and that 216 came in from Yorkville, an upscale neighborhood.
And he gleans this information without his customers’ knowledge, or ever asking them a single question.
Mr. Zhang is a client of Turnstyle Solutions Inc., a year-old local company that has placed sensors in about 200 businesses within a 0.7 mile radius in downtown Toronto to track shoppers as they move in the city.
Read more on Wall Street Journal.
This is what happens when we have no expectation of privacy in public? Really? And businesses can do what government couldn’t do without a warrant in some cases (or could the government do this, too, legally, with no warrant?) [Why not? Bob]
Turnstyle’s weekly reports to clients use aggregate numbers and don’t include people’s names. But the company does collect the names, ages, genders, and social media profiles of some people who log in with Facebook to a free Wi-Fi service that Turnstyle runs at local restaurants and coffee shops, including Happy Child. It uses that information, along with the wider foot traffic data, to come up dozens lifestyle categories, including yoga-goers, people who like theater, and hipsters.
So they’ve got the identified data, presumably stored for future profiling expansion? And how are those data protected from hackers?
I find this whole tracking thing very concerning, don’t you?
Anything I can match to you has privacy implications.
As CBS 2′s Maurice DuBois reports, stores are increasingly offering to send customers email receipts, which are convenient and save paper.
But if you choose an e-receipt, experts warn that convenience comes with a price: your privacy.
“Once you’ve given up your email address, that retailer can use it for any purpose,” said consumer advocate Richard Holober.
Holober said that includes sending you more emails, using it for targeted marketing and even selling your information to a third party.
In New York and New Jersey, retailers cannot request personal information such as an email address or phone number to complete a credit card transaction. But asking for an email address to send a receipt is a loophole in the law.
Read more on CBS.
It’s just another reminder of the benefits of using an email service that allows unlimited tagged e-mail addresses and self-expiring email addresses
(Related) Same argument. Even if I only know when you turn your thermostat down, I might know when you are out of the house. NOTE: Connecting a “dumb” device to the internet makes it attractive (i.e. valuable) to those jumping into the “Internet of Things.” I'm thinking about developing a generic “Connection Thingie” that will make any dumb device “Internet Ready!” Care to invest?
GOOGLE’S $3.2m [Actually $3.2 billion Bob] acquisition of Nest, a technology company best known for its “smart thermostat” that tracks people in their own homes, has prompted fears over users’ privacy.
The Nest Learning Thermostat uses motion sensors to detect movement within a home, learns its user’s habits and adjusts heat settings accordingly.
Nest has previously only used user information to improve its products and has not shared it with advertisers and other services, but technology experts have suggested Google might have other ideas in mind.
Read more on The Week.
Daniel Solove writes:
Why does privacy matter? Often courts and commentators struggle to articulate why privacy is valuable. They see privacy violations as often slight annoyances. But privacy matters a lot more than that. Here are 10 reasons why privacy matters.
Read Dan’s reasons in this LinkedIn post.
Is there anything you’d add to his list?
Absent Child Porn, what kinds of data would not be allowed into the US? The random searches for drugs or bombs seems to make sense, even if truly random searches are not very likely to detect anything. But what evil comes across the border as data? Do they really expect to find evidence of planned terrorist attacks? Bootleg copies of the latest movies? What makes the investment of time and money worthwhile?
Jaikumar Vijayan reports:
In a boost for civil rights advocates, the U.S. Supreme Court upheld a lower court decision that requires U.S. border agents to have at least some cause for searching electronic devices belonging to travelers at the nation’s borders.
The court on Monday declined to review a 2013 decision by the U.S. Court of Appeals for the Ninth Circuit in a case involving Howard Cotterman, who was accused of possessing and transporting child pornography.
Read more on Computerworld. Over on Wired, David Kravets reports:
A convicted sex offender’s loss at the Supreme Court today was indirectly a boost to the privacy rights of travelers crossing the border to the United States.
Without issuing a ruling, the justices let stand an appeals court’s decision that U.S. border agents may indeed undertake a search of a traveler’s gadgets content on a whim, just like they could with a suitcase or a vehicle. That is known as the ”border search exception” of United States law, where travelers can be searched without a warrant as they enter the country. The Obama administration has aggressively used this power to search travelers’ laptops, sometimes copying the hard drive before returning the computer.
Read more on Wired.
However, the court also held that in Cotterman's case, the government had acted on reasonable suspicion because Cotterman had a prior conviction on child molestation charges.
App Usage Exploded in 2013, Except for News and Magazine Apps
… The app analytics firm Flurry [ http://www.flurry.com/ ] put out a new chart showing the year over year growth in app usage among various categories. Messaging and social apps continued to surge, as did productivity apps. Even games, which consumed an enormous amount of time already, continued to grow at a rapid clip.
But take a look at the shortest bar in the chart: News & Magazines. Media companies have spent so much time and money generating apps, but they just aren't working. Sure, they're growing, but far slower than the rest of the mobile world.
Prime Numbers – For my Math students.
[And how to program it: http://mathlesstraveled.com/2012/10/05/factorization-diagrams/