Friday, November 03, 2006

Oh man, I had this all figured out and now they confuse me with facts. Very interesting reading!

http://www.theregister.co.uk/2006/11/03/workplace_digital_privacy/

Employee privacy versus employer policy

By Mark Rasch, SecurityFocus Published Friday 3rd November 2006 11:17 GMT

Your organisation has a computer and internet use policy. Fine. It's been reviewed by corporate counsel, approved by senior management, and implemented over the years. The policy is comprehensive - it includes policies on expectations of privacy, employee monitoring, and the ownership of corporate electronic assets.

... However, there is a genuine divergence between what companies say and what they do. There is also a divergence between what employees regurgitate about their expectations of privacy (corporate mantra) and how they actually act. My own answer to the question, "do I have a reasonable expectation of privacy in the workplace?" – of course! What we really need to do is better define the scope of that reasonable expectation of privacy.

... The electronic workplace is no longer just the cubicle, desk or office. It now encompasses the coffee shop, the hotel room, the back of the taxi, the living room or bedroom.

... If nobody in the company has a privacy interest in electronic records, then how can the company resist a subpoena, search warrant, or even a warrantless search, since the courts only protect a reasonable interest in privacy?

... In effect, the court held that the actual policy of not monitoring content created, in the users, an expectation of privacy, which the court found to be reasonable.


Also consider...

http://www.internetworld.co.uk/0311.htm#6

Electronic snooping threatens US financial centres

It's official: the US leads the UK in compliance culture - but is it damaging New York as a financial centre?

Email monitoring? Tapped mobile calls? Switchboard snooping? It's all going on, according to a new survey which claims that New Yorkers are more aware of compliance breaches and monitored electronic communication - but they are also more likely to try to dodge communication controls.

The survey, conducted simultaneously in the financial districts of New York and London in October 2006, revealed a key difference in regulatory compliance culture: while Wall Street employees broadly support a firm's right to monitor their communication, they are also more likely to circumvent communication controls. A total of 300 people working in the Wall Street and City areas of New York and London, two of the world's busiest financial districts, were surveyed. The research discovered that:

- In New York more than 60% of respondents thought that it was right that their employer should monitor their e-mail. By contrast, in London less than half (38%) supported their firm's right to monitor e-mail.

- Employees in the New York finance sector are under heaviest scrutiny. In New York almost three quarters of respondents who worked in the finance sector thought their e-mail was already monitored (74%), compared to 62% of London finance workers. Only 28% of non-finance employees in New York believe their e-mail is monitored.

- New Yorkers are more likely to try to dodge e-mail monitoring:

- 60% admitted that they had sent something that they 'didn't want their employer to know about' using webmail. This compared to 42% of London respondents.

- More than seven out of ten New York-based finance workers admitted they had received an e-mail that broke corporate or regulatory policies, compared to just 36% of London City employees. Non-compliant communication is not just a problem in the finance sector; over half of non-finance workers in New York and London admitted to receiving e-mails that broke corporate policy (52% and 57% respectively).

Moreover, the survey confirmed that today's businesses rely heavily on e-mail as heir primary business communication channel.



Here's another one I thought had been resolved on the side of privacy...

http://www.newsday.com/news/nationworld/wire/sns-ap-kansas-attorney-general,0,1436618.story?coll=sns-ap-nationworld-headlines

Kansas AG Gets Abortion Clinic Records

By JOHN HANNA Associated Press Writer November 1, 2006, 12:31 AM EST

TOPEKA, Kan. -- The state attorney general said Tuesday night that his office has received the records of 90 patients from two abortion clinics and is reviewing them for possible crimes, the culmination of an effort that prompted concerns over patient privacy.

... Shawnee County District Judge Richard Anderson subpoenaed the records at Kline's request in September 2004, concluding there was probable cause to believe they contained evidence of crimes.

While Anderson didn't give Kline unfettered access to the records, the state Supreme Court imposed new guidelines for having them reviewed and edited before they were given to the district court. Under that process, neither Kline nor the judge saw the names of the patients.



Why else would we publish their addresses?

http://www.theolympian.com/101/story/48680.html

Attack on sex offender worries official

jeremy pawloski Published November 03, 2006

The beating of a registered offender by an alleged vigilante Tuesday night could spur calls to protect sex offenders' privacy, making it more difficult for law enforcement to track predators, an inspector with the Mason County Sheriff's Office fears.

... Dennis A. Clark, 51, remained at the Mason County Jail Thursday on suspicion of first-degree burglary [Not assault? Bob] and had his first court appearance Thursday.

... In Mason County, deputies also go out and give information about sex offenders to residents who live near them, Byrd said.

"We actually go to neighborhoods and knock on doors," he said.



RFID: Really Fast Identity-theft Device?

http://www.schneier.com/blog/archives/2006/11/dhs_privacy_com.html

November 01, 2006

DHS Privacy Committee Recommends Against RFID Cards

The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security recommended against putting RFID chips in identity cards. It's only a draft report, but what it says is so controversial that a vote on the final report is being delayed.



http://www.cnn.com/2006/EDUCATION/11/02/villanova.stolen.laptop.ap/index.html

Stolen laptop had personal data on 1,200 college students and staff

PHILADELPHIA, Pennsylvania (AP) -- A laptop computer stolen from an insurance brokerage firm contained the names, birth dates and driver's license numbers of more than 1,200 Villanova University students and staff members, the school said Thursday.



http://www.bespacific.com/mt/archives/012904.html

November 02, 2006

UK Report Reviews Surveillance in 2006 With Projections Through 2016

The UK Information Commissioner, Richard Thomas, today issued a press release and a publication titled, A Surveillance Society (102 pages, PDF), a report commissioned for the International Conference of Data Protection and Privacy Commissioners, currently underway. The report "looks at surveillance in 2006 and projects forward ten years to 2016. It describes a surveillance society as one where technology is extensively and routinely used to track and record our activities and movements. This includes systematic tracking and recording of travel and use of public services, automated use of CCTV, analysis of buying habits and financial transactions, and the work-place monitoring of telephone calls, email and internet use. This can often be in ways which are invisible or not obvious to ordinary individuals as they are watched and monitored, and the report shows how pervasive surveillance looks set to accelerate in the years to come."



I'm certain others are doing this. Next they may want to knock on your door for an examination of your National ID and a scan of your sub-cutaneous RFID chip, a DNA sample... Imagine the lengths they would go to if you wanted access to something involving National Security!

http://www.siliconvalley.com/mld/siliconvalley/business/technology/15914032.htm

Posted on Thu, Nov. 02, 2006

Bud.TV site will check IDs at the door

ST. LOUIS (AP) -- Sorry kids. Bud.TV will be checking ID.

Anheuser-Busch Cos. is set to become the first major brewer to weed out underage visitors to its Web sites by hiring an outside firm to check their age.

... The screening process likely will ask visitors for a name, age and address, including zip code, Ponturo said. The data can be matched against public records such as driver's licenses and voter registration cards.

... Anheuser-Busch is walking a fine line between keeping minors off its Web sites without turning away too many people. [The more effort required to access a site, the larger the reward must be. Perhaps free beer? Bob] The company hopes to draw between 3 million and 5 million visitors to Bud.TV each month.

...On the Net: Anheuser-Busch: http://www.anheuser-busch.com Center on Alcohol Marketing and Youth: http://camy.org



Definitely a project to follow.

http://www.infoworld.com/article/06/11/02/HNmitweb_1.html?source=rss&url=http://www.infoworld.com/article/06/11/02/HNmitweb_1.html

MIT will train students to build a better Web

The Web Science Research Initiative plans interdisciplinary course addressing the growing amount of online information and the rules to moderate it

By Ben Ames, IDG News Service November 02, 2006

A group of professors has formed a research collaboration to train students how to design future versions of the World Wide Web.

One of their first lessons will be how to strike a balance between better access to data and stricter rules about its use, said researchers from the Massachusetts Institute of Technology (MIT) and England's University of Southampton at an MIT press conference Thursday.

The Web Science Research Initiative (WSRI) hopes to create a college degree program in "Web science" that combines disciplines including computer science, mathematics, neuroscience law and economics. It will also raise funding for doctorate students to study at MIT and the University of Southampton.



These guys are at Lackland (Texas). Perhaps they could attend a Privacy Foundation seminar an tell us what to watch out for in a CyberWar.

http://www.af.mil/news/story.asp?storyID=123030505

8th Air Force to become new cyber command

by Staff Sgt. C. Todd Lopez Air Force Print News

11/2/2006 - WASHINGTON (AFPN) -- During a media conference here Nov. 2, Secretary of the Air Force Michael W. Wynne said the 8th Air Force would become the new Air Force Cyberspace Command.

... Secretary Wynne said the 67th Network Warfare Wing, now under 8th Air Force, and other elements already within the 8th, would provide "the center of mass" for the nascent Cyberspace Command.



Ah the very symbol of prestige for executives...

http://www.f-secure.com/weblog/#00001011

Bluetooth cracking

Posted by Mikko @ 18:58 GMT Thursday, November 2, 2006

Last Friday Thierry Zoller and Kevin Finistere gave a presentation in the Hack.lu 2006 conference on Bluetooth issues. They also showed a demo of BTCrack, a Windows tool that can crack Bluetooth PIN and Linkkey in almost real-time (assuming it has sniffed the initial pairing).



I wonder what his Privacy Policy says...

http://techdirt.com/articles/20061102/091304.shtml

Would You Take Investment Advice From A Spyware Distributor?

from the your-customers-are-gonna-love-that dept

It turns out that record labels and movie studios aren't the only companies that treat their customers like criminals. So do writers of investment newsletters. The investment newsletter industry is basically what it sounds like. A company or an individual writes up a regular (often monthly) report filled with forecasts and picks and then send it to clients, for what is typically a rather high fee. But they know content like this is easily copied and passed around, so some of them, even in this day and age, are sent on physical paper by mail, in an attempt to make it just a little more difficult to re-distribute it than forwarding an email. The writer of one newsletter, who does distribute it electronically, is suing one of its corporate customers for copying it and passing it around. And how did he find this out? Because through his website, he installed spyware on the computers of all his clients that tracks what happens to the document. Even if he successfully sues the company, you really have to wonder about whether this was a good idea. Now all of his corporate clients, of which there are many, know him as a distributor of spyware, so either they'll stop doing business with the guy -- or maybe they'll get someone from IT to just disable it.



Note that even if the machines are secure (a BIG if) you could intercept the results at several steps along the way...

http://techdirt.com/articles/20061102/112448.shtml

Surprise! More Diebold Problems As They Expose Memory Cards To Viruses

from the didn't-see-that-coming dept

As if there haven't been enough problems with Diebold e-voting equipment (all of which they pretty much brush off or ignore). Ed Felten, who has been pointing out numerous security flaws with Diebold machines has found another one. It turns out that the memory cards that are used to store votes on some of the machines, the same memory cards that Felten showed was susceptible to viruses, are being placed into a variety of laptops that have not been checked to make sure they're free of spyware. Apparently, election workers are expected to put the memory cards into laptops in order to transfer the votes to CD-ROM (and, no I won't even start to get into why you should need to transfer votes to CD-ROM). The laptops in question, though, were either the election workers personal laptops or a bunch that were just "gathered from around the office." How many of those laptops (especially the personal ones) do you think are infected with spyware and viruses? Especially when you consider how many election workers are freaking out over the new machines because they're not at all technically savvy. What kind of e-voting company would think it's somehow "secure" to require people to transfer votes using their personal laptop? In the meantime, of course, we eagerly await Diebold's expected brushing off of this story, complete with insults directed at Felton (as per usual) and some sort of claim about how the whole thing isn't a problem at all due to some bogus "security" procedure they have in place.



Again the field of “virtual law” looks real.

http://techdirt.com/articles/20061102/112643.shtml

Australia To Tax Money From Second Life, But Can Money Spent On Your Avatar Be A Write-Off?

from the H&R-Block-Next-To-Set-Up-In-Second-Life dept

There continues to be a lot of discussion about the real world implications of activity inside virtual worlds. One of the issues is how to deal with taxation, and it appears that Australia has taken the lead, announcing that they plan to tax money made in virtual worlds, specifically citing Second Life Linden Dollars. A spokesperson for the country's tax office said that if you're getting monetary benefit from the site, then it should be taxed like any other income. What's not clear is when the money is taxed. Do they tax you when you've cashed in your Linden Dollars for Australian Dollars? If they did this, the policy would make sense, as it's basically like a capital gains tax, which is levied after someone sells their stock. Or, do they tax the player based on their Linden Dollars even if they don't cash out. This would be a ridiculous policy as it would basically be taxing people for playing a game. Assuming it's the former, the taxation occurs after withdrawing the money, it could be a real boon for Second Life, as it would discourage people from taking money out of the in-game economy.



The business model that will replace those used by media industries are becoming clearer every day.

http://techdirt.com/articles/20061103/001605.shtml

Writers, Directors, Actors Want Their Cut Of The Online Video Spoils

from the did-no-one-expect-this? dept

One of the important things in business is being able to be aware enough and flexible enough that you're rarely (if ever) caught by surprise. You can watch for trends and do scenario planning to help with these types of things -- but apparently some folks in the entertainment industry don't believe in that kind of planning ahead (if they'd only contacted us, we could have helped). So, now, it seems that they're running into all sorts of problems that were easily predictable five years ago. Take the TV industry, for example. Five years ago, they should have paid attention to the various disputes between musicians and the recording industry over digital rights. Contracts had been written in a time before the internet, and no one was exactly sure who got what cut in the royalties and whether or not it was really covered by existing contracts. That, of course, should have been the signal for those in the video business to start looking at their contracts and figuring it all out before it became a problem for them as well. And, of course, not very much happened. So, now, as we hear stories about Google negotiating to give entertainment companies a nice upfront lump of cash to allow their videos online, writers, directors and actors are suddenly wondering what it all means for them. They want to know what their cut will be. Considering that the industry execs have a long, long history of figuring out ways to take the money without paying the talent, they absolutely should be worried.

These are the type of legacy issues that should have been clear from years ago -- and which seem to have been ignored by the execs. Either that or they knew about them and figured they would have the leverage in the end anyway, so there was no reason to negotiate. Of course, these kinds of legacy issues don't just impact the content creation side of the business. Business Week is writing about the difficulties HBO is facing in designing its own online strategy -- since any such plan routes around the cable TV providers who pay good money (and make nice profits) being the only way to get HBO's sought after content. Again, this should have been clear years ago, but it sounds like everyone's just trying to figure out how to get around the legacy issues now.


...perhaps they should read this?

http://arstechnica.com/news.ars/post/20061102-8133.html

UK report: knowledge should be public good first, private right second

11/2/2006 9:36:09 AM, by Nate Anderson

The UK is awaiting the release of a report by the Gowers Review of Intellectual Property, a task force charged with suggesting changes to the country's intellectual property laws. The formation of the commission has inspired a flurry of private books and reports on IP designed to influence debate on the subject. While many of these are exactly as interesting as you'd expect, a new report from the Institute for Public Policy Research offers a fascinating look at the reasons behind intellectual property rights and suggests a new way forward for Britain: thinking about knowledge as a public resource first, and a private asset second. Is this idealistic, anti-business pinko blue-skying? The group says no.



Bogus arguments? I'm shocked!

http://www.boston.com/business/technology/articles/2006/11/02/fcc_rebukes_logan_says_continental_can_offer_wifi/

FCC rebukes Logan, says Continental can offer WiFi

By Peter J. Howe, Globe Staff | November 2, 2006

A two-year effort by Logan International Airport officials to shut down private alternatives to the airport's $8-a-day wireless Internet service was decisively rejected yesterday by federal regulators, who blasted airport officials for raising bogus legal and technological arguments.

No comments: