If you can't figure out how to comply with the law – change the law so you are already in compliance.
http://www.chron.com/disp/story.mpl/metropolitan/4605118.html
House votes to allow release of SS numbers
Associated Press March 6, 2007, 1:06AM
AUSTIN — The state House approved a measure Monday that would allow county and district clerks to release Social Security numbers under the Texas Public Information Act, despite an opinion to the contrary last month from the Texas attorney general.
The bill by Rep. Jim Keffer, an Eastland Republican, would change existing law to declare that a Social Security number is not confidential.
It states that county or district clerks can disclose those numbers contained in information held by their offices without being subjected to civil or criminal liability. The measure also would require the public official to establish a procedure for redacting a Social Security number if a person requests it. [This is an after-the-fact Opt-Out procedure Perhaps we could work recall of politicians the same way? Bob]
Many local officials had interpreted the current law, which was designed to prevent identity theft, as a suggestion more than a requirement. But Attorney General Greg Abbott clarified last month the numbers must be removed before a document is made public. After his ruling, county clerks rebelled, saying they didn't have the staff nor money to redact all the numbers right away.
Is any of this new?
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1246423,00.html
Gartner: IT departments lack finances to protect data
By Bill Brenner, Senior News Writer
06 Mar 2007 | SearchSecurity.com
Data breaches like the one TJX recently disclosed are starting to take a heavy toll on consumers, according to the newly-released results of a Gartner Inc. survey.
The Stamford, Conn.-based research firm said in a report released Tuesday that 15 million Americans suffered from identity theft between mid-2005 and mid-2006. That's a 50% increase since 2003, when the Federal Trade Commission (FTC) reported 9.9 million American identity theft victims. The people Gartner surveyed weren't affected by the more recent TJX breach, but that company's mistakes mirror the failures of other merchants to protect customer data, said Avivah Litan, a vice president at Gartner.
"This survey shows that the efforts of IT professionals to protect customer data aren't working very well," she said. "It has taken a lot of work to get companies compliant with the PCI Data Security Standard (PCI DSS) and in many cases IT departments aren't getting the necessary financial support from upper management."
Litan's research included an online survey of 5,000 U.S. adults. Based on feedback from those respondents, she found that:
The average victim lost $3,257 in 2006, up from $1,408 in 2005.
The percentage of funds consumers managed to recover dropped from 87% in 2005 to 61% in 2006.
The average loss on new account fraud more than doubled from $2,678 in 2005 to $5,962 in 2006.
Unauthorized charges to credit cards rose nearly fourfold from an average of $734 in 2005 to $2,550 in 2006.
... Using the TJX breach as an example, she said one of the retail giant's biggest mistakes was storing credit card data it didn't need to store. Several auditors who check companies for violations of the PCI Data Security Standard (PCI DSS) made the same observation last week, and said TJX will almost certainly pay a heavy financial price for its PCI DSS violations.
... Regardless of the method used to steal data to commit new account fraud, Litan said this kind of fraud can be largely prevented if companies use identity verification and scoring services.
I wonder if bureaucracies are incapable of a non-political, straight answer? (same problem with VA and FBI?)
http://www.pogowasright.org/article.php?story=20070306162551100
USDA Gave Lawmakers False Data on Security Breaches (updated)
Tuesday, March 06 2007 @ 04:43 PM CST - Contributed by: PrivacyNews - Breaches
The U.S. Department of Agriculture gave erroneous information to lawmakers about its security compromises, understating thefts of computers that contained confidential data on farmers' social security numbers and payments, according to an audit by the USDA's Inspector General.
The department responded to a congressional inquiry last July by saying there had been eight instances of lost or stolen federal laptops from its offices since 2003, a copy of the USDA letter shows. In fact, there were at least 17 instances between October 2005 and May 2006 alone, the Inspector General said in the audit, which was released today.
The agency also failed to notify the farmers, ranchers, small businessmen and Agriculture Department employees whose personal information was in the stolen files, the Inspector General said.
Source - Bloomberg
Related - Reuters: USDA lacked controls to protect stolen data: report
Related - Report No: OIG74.02: Information Technology – Stolen Computer Equipment Containing Sensitive Information [PDF]
Attention Security Managers, e-Discovery lawyers... Your Word Processor is calling...
http://news.com.com/2100-7352_3-6164962.html?part=rss&tag=2547-1_3-0-5&subj=news
Microsoft Office finds its voice
By Marguerite Reardon Story last modified Wed Mar 07 04:45:46 PST 2007
After months of anticipation, corporate customers will soon get their hands on a beta version of Microsoft's voice over IP software, an event that marks an important step in the evolution of corporate communications.
... But more than adding a new competitor to the mix, Microsoft's entry into the corporate telephony market also marks the next evolution in communications. Tying voice services into Microsoft Office applications turns telephony into another software feature rather than making it a separate and standalone product that requires its own hardware and team of technicians to purchase, install and manage it.
... "Users just want an easy and intuitive way to communicate," O'Sullivan said. "So that means that we have to bring communications to different applications. Whether they use Microsoft, Lotus Notes, SAP or Oracle, we can easily integrate our technology."
Gee golly gosh, what a great idea! I bet we could do that here too!
Security agencies could access health card data
ANNABEL STAFFORD, CANBERRA March 7, 2007
Asio and the Federal Police will not need a warrant to get information held on the Government's new health and welfare Access Card or on its related databases - including one holding the biometric data of almost all Australians - a parliamentary inquiry has heard.
I wonder what (if any) guidelines these employees were given? I suspect this practice is quite common.
http://abclocal.go.com/wtvg/story?section=local&id=5098488
Illegal snooping suspected
WTVG-- March 6, 2007 - Lexus Nexus provide a wealth of information on people's background. The website isused to dig into the backgrounds of people and it may have been misused by Lucas County employees.
Now there are reports of them using the site improperly. Employees are accused of logging onto their computers, pulling up the website and surfing for information on people they weren't authorized to check out. The information obtained could be sensitive and personal, like addresses, dates of birth and Social Security numbers. The department took out the system for its investigative department to help detect welfare fraud and to conduct employee background checks. The team has been able to confirm higher-ups in the department were tipped off to the possible problem this past November, and to date, five employees have been put on administrative leave with pay in connection with the investigation.
At this time, administrators say they aren't sure if there was any misuse of the search engines. They are working with Lexus Nexus to see who exactly employees were checking out. They hope to have that information later this month.
If you can't get the laws you want in this country, get them elsewhere, then point to them as a model for new laws here. “See! Everyone else is doing it!”
http://yro.slashdot.org/article.pl?sid=07/03/06/2120216&from=rss
Cybercrime Treaty — Hidden Costs For All
Posted by kdawson on Tuesday March 06, @08:02PM from the externalizing-costs dept. The Internet
linuxtelephony writes in with an article at CIO Insight about a cybercrime treaty drafted in Europe with help from the US. It has implications for just about everyone with a network.
From the article: "Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located... Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind... The provisions for data retention and production apply to any operator of a computer network, not just telecoms... Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you."
Interesting comment: “Too many people are trying to make others do work for them for free. There's only so much attention to go around. And we're running out.” (The graph of government expenses is interesting...)
http://slashdot.org/article.pl?sid=07/03/06/1441220&from=rss
IBM Many Eyes After One Month
Posted by Hemos on Tuesday March 06, @01:59PM from the measuring-the-web dept. The Internet IBM
ReadWriteWeb writes "IBM's Many Eyes app, a 'shared visualization and discovery' service, has been running for a month now. In this article two of the IBM researchers behind Many Eyes, Martin Wattenberg and Fernanda B. Viégas, showcase some of the best visualizations so far. They also talk about the future of 'social data analysis' on the Web. Wattenberg and Viégas believe that Many Eyes is not just social software, but 'societal-scale software.' They say that Many Eyes represents a break from conventional visualization research. Traditionally, computer scientists concentrate on scaling in terms of data, making visualizations work for bigger and bigger databases. IBM's agenda with Many Eyes is to scale the audience, not the data."
I doubt Bill Gates will give up flying...
http://linux.slashdot.org/article.pl?sid=07/03/07/0234217&from=rss
FAA May Ditch Vista For Linux
Posted by kdawson on Wednesday March 07, @08:07AM from the hello-Google dept. Linux Business Microsoft
An anonymous reader writes "Another straw in the wind: following last week's news that the US Department of Transportation is putting a halt on upgrades to Windows Vista, Office 2007, and Internet Explorer 7, today comes word that the Federal Aviation Administration may ditch Vista and Office in favor of Google's new online business applications running on Linux-based hardware. (The FAA is part of the DOT.) The FAA's CIO David Bowen told InformationWeek he's taking a close look at the Premier Edition of Google Apps as he mulls replacements for the agency's Windows XP-based desktop computers. Bowen cited several reasons why he finds Google Apps attractive. 'From a security and management standpoint that would have some advantages,' he said."
Life just gets easier...
http://www.bespacific.com/mt/archives/014158.html
March 06, 2007
New, Free Searchable Database of Federal Register Rules and Notices
Tim Stanley and the Justia team keep rolling out new services for the legal community that assist us in accessing essential government documents via user-friendly websites, with accompanying RSS feeds and customized search capabilities. Today news is about the launch of a free, searchable database of Federal Register Regulations, Proposed Rules and Notices. This site parses the subject and topical content, as well as document type, from each daily Federal Register Index, and allows users to browse the content, and create a custom filter of specific content of interest. The site supports RSS feeds for each agency's respective documents, specific to document type as well.
Bill Gates is NOT on this list.
http://www.pcworld.com/printable/article/id,129301/printable.html
The 50 Most Important People on the Web
Here's who's shaping what you read, watch, hear, write, buy, sell, befriend, flame, and otherwise do online.
Christopher Null, PC World Monday, March 05, 2007 01:00 AM PST
My picks...
http://hbswk.hbs.edu/item/5641.html
First Look
Each week First Look summarizes new working papers, case studies, and publications produced by Harvard Business School faculty.
Slippery Slopes and Misconduct: The Effect of Gradual Degradation on the Failure to Notice Others' Unethical Behavior
Authors: Francesca Gino and Max H. Bazerman
Brightcove and the Future of Internet Television
Harvard Business School Case 707-457
Check the one on “anti-Smiley Face” emoticons... 'cause I'm a ( e=mc2 )
http://www.techcrunch.com/2007/03/06/scribd-youtube-for-text-gets-300k/
Scribd “YouTube for Documents” Gets $300K
Nick Gonzalez
Scribd, a site for sharing documents, is coming out of private beta this morning with a fresh Angel investment of $300K on top of their original Y Combinator nest egg of $12,000. Scribd is most easily described as a text version of YouTube. It is a social network that lets you tag, share, and comment on uploaded documents (.doc, .pdf, .txt, .ppt, .xls, .ps, .lit).
Scribd is not just a carbon copy of YouTube. They borrowed a lot of the basic design principles, but also took advantage of the written format by including flexible file formats for download and upload along with some interesting analytics tracking. Documents can be displayed and embedded as html or the under-utilized, and faster-than-a-pdf, Flash paper format. They can be downloaded as .pdf’s, .docs, .txt, and even .mp3 files. The mp3 version is created by Scribd’s text-to-speech package (powered by Nuance) that lets you listen to the text of your document [No doubt my students will use this to “read” their textbooks Bob] in a quivering British accent (downloadable example here). People have uploaded all sorts of documents for the private beta, like this guide to dating and seduction for dummies, or this less than legal copy of Visual C++ in 21 days. Scribd also lets you “geek out” on all the analytics generated by documents you post, such as how many votes and views your piece gets, as well as geographic location and http referrer that brought the reader there.
We’ve seen a lot of different social networks pop up around different mediums, photos, video, and even audio, but dominating a medium is no guarantee of an easy business model, as the “For Sale” sign on audio-focussed Odeo reminds us. So far social sites around the written word have dealt with books, rather than user generated, or at least user-uploaded content. Scribd lets people do something new, we just need to wait and see how far people go with it.
See our coverage of SlideShare as well.
Sometimes you need sophisticated scientific/technological tools like this one..
http://www.techcrunch.com/2007/03/06/the-much-needed-beer-calculator/
The Much Needed Beer Calculator
Michael Arrington
If you want to know exactly how many kegs of beer, pounds of ice and number of cups you need to get everyone at your party hammered, give Kegulator a whirl. Tell it how many guests you are having, use their Ajax slider to set how drunk everyone will get, and the site will spit out the supplies necessary to achieve your goal. If you’re Canadian, use Beer Hunter afterwards to figure out where to buy all that stuff. Or use the open source beer recipe and make your own.
No comments:
Post a Comment