Wednesday, November 29, 2006

This begs a thousand questions...

http://www.rockymountainnews.com/drmn/local/article/0,1299,DRMN_15_5175592,00.html

Laptop with patient info stolen

By Rocky Mountain News November 28, 2006

A laptop computer containing private medical information on 38,000 Kaiser Permanente members in the Denver area was stolen last month, the health care provider said Tuesday.

The computer was stolen in early October from a car belonging to a Kaiser Permanente employee in California, Kerry W. Kohnen, Kaiser’s vice president of business operations, said.

The information in the computer included names, membership identification numbers, dates of birth; gender; and physician information for clients treated at the Skyline Medical Office in Denver’s North Capitol Hill and the Southwest Medical Office in Jefferson County, according to Kaiser.

Kohnen said it is not likely the thief will be able to use any of the customers’ personal data.

Kaiser members who may be affected by the breach may call a special phone line for more information: 866-529-0813


http://www.9news.com/acm_news.aspx?OSGNAME=KUSA&IKOBJECTID=307fc0e1-0abe-421a-01ea-44178bc3fff1&TEMPLATEID=0c76dce6-ac1f-02d8-0047-c589c01ca7bf

Kaiser warns 38,000 after laptop stolen

written by: Ward Lucas I-Team Reporter posted by: Jeffrey Wolf Web Producer Created: 11/28/2006 2:36 PM MST - Updated: 11/28/2006 9:35 PM MST

... The computer was stolen in Oakland, California.

... Kohnen says the computer was password protected, but only part of its database was encrypted.

He acknowledged that employees often take home company computers to do work.

He says Kaiser Permanente is now reviewing its security procedures.



...and this from a country where “hanging Chad” has a whole other meaning.

http://techdirt.com/articles/20061128/165639.shtml

Venezuelan Election Using Paper Trail To Verify E-Voting Is Accurate

from the a-step-forward dept

While some say that it's impossible to have a secure and accurate election using e-voting machines, having some sort of paper trail backup certainly goes a long way towards relieving the biggest fears associated with e-voting machines. While we don't yet have them in the US, Venezuela's national election this coming weekend will have a verifiable paper trail associated with each voting machine. After a person votes, the machine will spit out a receipt for the voter to review. They will then put the receipt into a box so that it can be counted (and also to avoid "vote buying" where the voter can prove he or she voted for a specific candidate). Not only that, but election officials are going to count millions of the votes and compare them with the e-vote totals to make sure they're accurate. They're not only going to take a small, self-selected sample, or only in specific cases where misuse is suspected. Apparently, they're going to audit over half of the machines by checking the paper ballots. That's pretty impressive and makes it that much harder to question the results of the election. Update: Some great comments left by people in Venezuela who point out why many are still uncomfortable with the e-voting machines and still expect fraud.



“Oh look Martha, a bargain!”

http://www.bradenton.com/mld/bradenton/news/politics/16111217.htm

Sarasota begins voting changes

Officials must buy new machines for paper balloting

STACEY EIDSON Herald Staff Writer Posted on Tue, Nov. 28, 2006

While many frantic shoppers are busy searching for the perfect holiday gift, Sarasota County commissioners will soon be shopping for new voting machines that will satisfy citizens' demand for a paper trail.

With 55 percent of Sarasota County voters calling for the replacement of the county's $4.7 million touch-screen voting machines in a referendum on the Nov. 7 ballot, commissioners will begin developing a plan to purchase new equipment today.

... In order to possibly reduce the cost of the new machines, Ley recommended commissioners ask ES&S for a trade-in on the county's existing touch-screen machines or seek out other qualified vendors in a competitive bidding process.

... Even though there is skepticism about the accuracy of the touch-screen machines in Sarasota County, Sweat said that does not mean other counties won't be interested in purchasing the used equipment.

"Sarasota County needs to talk trade-in because they are marketable machines," Sweat said. "Just because there is some controversy over the touch-screen machines here, doesn't mean places like Georgia, Alabama, Washington, D.C., or Michigan won't want them. Many of them use that exact equipment."



Who initiates these customer-facing procedures without checking with their lawyers or PR people?

http://www.pogowasright.org/article.php?story=20061128135546362

IHOP Changes Policy Of Asking For IDs

Tuesday, November 28 2006 @ 01:55 PM CST - Contributed by: anonadmin - Businesses & Privacy

John Russo has been a victim of identity theft. So when he was asked to fork over a photo ID just to be seated at an IHOP pancake restaurant, he flipped. "'You want my license? I'm going for pancakes, I'm not buying the Hope diamond,' and they refused to seat us," Russo said, recounting his experience this week at the Quincy IHOP.

Source - CBS



I doubt this is official policy. This is the age of “We can, therefore we must!”

http://govexec.com/dailyfed/1106/112806j1.htm

DHS official urges caution on sharing of biometric info

By Jonathan Marino jmarino@govexec.com

Biometric information has in the last five years become paramount [Really? Bob] in catching criminals and potential terrorists at American borders, but the intelligence and law enforcement communities need to work together more closely in using it, a Homeland Security Department official said Tuesday.

... But biometric and other identifying information should not be used "willy-nilly," he cautioned.

For instance, biometric information may not be necessary in order to track alimony dodgers or to find people who are late paying parking tickets. There also is "a difficult ... set of ethical issues" surrounding how, and to what degree, biometric information should be shared between intelligence and law enforcement officials, Baker said during his speech.

... Domestic and international ethics concerns also must be addressed when handling information from overseas travelers, he noted. He cited a disagreement between U.S. and European Union officials over whether travelers' information could be divulged to agencies beyond Customs and Border Protection, [which is moot if Customs does its job. Bob] which reviews foreigners at entrances to the United States.



Ahh Newt, did someone call you an asshole again?

http://yro.slashdot.org/article.pl?sid=06/11/28/1814245&from=rss

Newt Gingrich Says Free Speech May Be Forfeit

Posted by kdawson on Tuesday November 28, @01:36PM from the cain't-let-the-terrists-use-the-internets dept.

At a dinner honoring those who stand up for freedom of speech, former House speaker Newt Gingrich issued his opinion that the idea of free speech in the U.S. needs to be re-examined in the interest of fighting terrorism. Gingrich said a "different set of rules" may be needed to reduce terrorists' ability to use the Internet and free speech to recruit and get out their message. The article has few details of what Gingrich actually said beyond the summary above, and no analysis pointing out how utterly clueless the suggestion is given the Internet's nature and trans-national reach.



http://blog.wired.com/27bstroke6/2006/11/boarding_pass_h.html

27B Stroke 6

by Ryan Singel and Kevin Poulsen Tuesday, 28 November 2006

Boarding Pass Hacker Not Prosecuted

A graduate student security researcher will not be prosecuted by FBI for his fake boarding pass generator, which was shut down by the government in October following a prominent Congressman's call for his arrest. [It used to be you had to violate a law... Bob]

Christopher Soghoian, a student at Indiana University, posted the generator on October 25 in an attempt to draw further attention to a long-neglected airport security hole, and three days later FBI agents raided his home and seized his computers and passports.

On November 14, Soghoian and one of his lawyers met with agents and an assistant U.S. attorney who returned his possessions after saying they found he had no intent to cause harm or help terrorists, according to an interview with Wired News and a detailed blog post. They did however lecture him on what they said was the impropriety of his methods and his future plans to work on an internet anonymizing tool known as TOR.

Soghoian says he has no plans to repost the generator, since another version -- one which, unlike his own, can be downloaded, was released into the internet wilds after his was taken down.

He also wants the conversation not to be about the ability to just get into the security line with a fake boarding pass, but about the current uselessness of government watchlists for domestic flights. Currently anyone on the no-fly list can use a fake boarding pass or using the option not to show identification papers to fly without tripping the watchlists. While suspected terrorists such as those recently arrested in England aren't put on the list for fear of tipping investigators hands, the lists continue to snag innocent nuns, Congressmen, toddlers for name mismatches and additionally lists the president of Bolivia as a security threat.

... "I travel and I see the risks and I want them to be fixed, but I'm not going to get to try them, and if Al Qaeda is the first one to test it then we failed. Al Qaeda should never be the first one to test the system," Soghoian said.



http://www.bespacific.com/mt/archives/013132.html

November 28, 2006

Guide to Foreign and International Legal Citations

"The N.Y.U. Journal of International Law and Politics is very pleased to announce the publication of the 1st edition of its Guide to Foreign and International Legal Citation (GFILC - 296 pages, PDF)."



Oops! Guess this means I'm not a theater...

http://techdirt.com/articles/20061128/080742.shtml

MPAA Home Theater Regulation Satire Hits Too Close To Home

from the it's-funny-because-it's-true dept

We've had a ton of submissions yesterday and today over BBSpot's article on how the MPAA is lobbying for home theater regulations. According to the article, consumer electronics makers would be required to put technology into their systems that would record what was being watched and details on the "audience," suggesting that having friends over to watch a movie on your home theater system is a violation of copyright. Of course, if you follow tech news closely, you're already aware that BBSpot is the technology equivalent of The Onion. That is, all of its articles are satire. We ignored the early submissions, but they just keep on coming -- and some of the submitters seem genuinely freaked out about it. This morning, Slashdot also posted the story as if it were real (Update: or not -- commenters have pointed out that Slashdot posted it as satire too), at which point we realized why this particular satire works so well: it's totally, 100% believable. Given everything that the MPAA and RIAA have done recently, no one would be surprised if they actually did try to put in place regulations like this. They've certainly tried (and will continue to try) to influence the design of consumer electronics, with things like the broadcast flag, and they continue to freak out at any market shift that doesn't involve them getting paid every time a piece of content is heard or watched. So, while it's not true that the MPAA is looking to punish you for having your friends over, it's so believable that even a well-known satire site is fooling people left and right.



http://techdirt.com/articles/20061127/220425.shtml

The School Of The Future, Today... But Is It Worth It?

from the rushing-ahead dept

We've had numerous stories about attempts to use technology to upgrade the school process, from the basics of just adding laptops to the classroom to more advanced ideas, such as completely replacing textbooks with tablet PCs and the internet (though, perhaps not WiFi in some schools). However, it looks like one school in Philadelphia has decided that there's no use speculating on the school of the future of technology in schools when they can just build it themselves -- with some help from Microsoft (found via Broadband Reports). The school, which apparently cost $63 million to build, involves a bunch of different technologies, from laptops to smartcards (which even track how many calories students eat) to digital lockers to mobile desks to internet-connected screens replacing blackboards (or whiteboards). The school attracted thousands of applicants, but could only take 170 students -- all from the West Philadelphia area. Apparently 85% of students come from low income families -- and the article highlights how all this technology has them excited about learning, though that could just be the novelty effect. Of course, there are also plenty of naysayers who point out that the $63 million could have gone towards many other projects that would impact a much larger group of people. That's absolutely true, but there are always opportunity costs in how money is spent (especially donated money). No matter what, it should be interesting to follow how this project moves forward and how successful it is over time. Sometimes the problem with projects like this that seek to reinvent almost every aspect of something get so far ahead of themselves that they miss the little things. Either way, it should be a good lesson for other schools looking to use technology to their advantage.



You know you've got lousy security when...

http://www.pbcommercial.com/articles/2006/11/22/news/news3.txt

INVESTIGATION ON IN COMPUTER THEFT

By The Commercial Staff Wednesday, November 22, 2006 8:29 AM CST

A State Police investigation is continuing after 42 new laptop computers were reported missing from a Department of Correction office at Pine Bluff.

Prison spokeswoman Dina Tyler said the computers were discovered missing in October and had last been seen on Aug. 23 [New, but apparently not needed immediately. Is this an example of stockpiling stuff they bought with their Homeland Security grants? Bob] in a storage closet in the department’s Administrative Annex East building on East Harding Avenue.

Obviously they didn’t sprout legs and walk out,” Tyler said. “We have no idea at this point if it was employees or inmates.” [Hint: Look in the cells! Bob]

Tyler said the computers, valued at $59,000, were to be used to record inmate medical information so the data could be put into a prison computer system. No state records had been stored on the computers, which were still in boxes.

No arrests have been made and state police would not discuss the investigation.

Tyler said 17 employees had keys to the storage area, but it also could have been left unlocked. [“Them locks is just fer show” Bob]

In addition, several inmates work in the building on a daily basis.

Tyler said the computers could have been disguised as trash to get them out of the building.

Trash is supposed to be checked, but that’s a possibility,” she said.



Even “noble” actions have to be adequately planned.

http://www.latimes.com/news/printedition/california/la-me-briefs28.3nov28,1,2058349.story?coll=la-headlines-pe-california

Law firm temp worker sentenced in data theft

From Times Staff and Wire Reports November 28, 2006

A temporary worker who took data about an electronic voting company from a law firm's computers avoided jail time in a plea agreement with prosecutors.

Stephen Mark Heller, 44, pleaded guilty Nov. 20 to unlawfully accessing a computer at the Jones Day law firm in Los Angeles. The firm represented voting machine manufacturer Diebold Inc. Heller took memos stating that Diebold might have broken laws. The memos were subsequently leaked to the media.

Heller received three years' probation and must pay $10,000 restitution.

No comments: