Tuesday, March 13, 2007

Latest information on the TJX website is the Feb 21 update...

http://www.boston.com/business/globe/articles/2007/03/13/tjx_faces_scrutiny_by_ftc/

TJX faces scrutiny by FTC

Company says it alerted agency about breach

By Jenn Abelson, Globe Staff | March 13, 2007

The Federal Trade Commission said yesterday it is investigating TJX Cos. in connection with a major security breach at the Framingham retailer that potentially exposed millions of customers' credit and debit card data.

... TJX spokeswoman Sherry Lang said the company is cooperating with the FTC. "We placed the initial call to the FTC and reached out to them in advance of our public disclosure and briefed them of the entire situation in early January," Lang said. "We felt it was the right thing to do."

... Customers across the country have reported fraudulent use in what could be one of the biggest losses of consumer data to date. TJX faces numerous lawsuits from individuals and banks that accuse the company of failing to adequately safeguard private data and of delaying disclosure of the breach. MasterCard International Inc. has acknowledged that TJX failed to meet a data-security standard set by card companies at the time of its breach.

... "An FTC investigation into the TJX data breach should uncover the extent of the harm suffered by TJX customers and shine a light on the security weaknesses at TJX that were exploited by data thieves hunting for consumers' personal information," Markey said yesterday in a statement.

... One of the most extensive came last year, when data provider ChoicePoint Inc. of Georgia agreed to pay $15 million [Choicepoint breach impacted 145,000 people, if TJX is in the millions... Bob] over alleged violations in security and record handling . In most other cases, the FTC has only told companies to strengthen security.



Will this spread to more states? If politicians want to be seen “doing something.”

http://www.pogowasright.org/article.php?story=20070313070329611

Featured Story: CT: State regulators conclude they can probe phone records issue

Tuesday, March 13 2007 @ 07:03 AM CDT - Contributed by: PrivacyNews - Businesses & Privacy

The state Department of Public Utility Control has concluded that despite federal government objections, it has the authority to investigate the release of thousands of phone records to the National Security Agency.

The DPUC, in a draft decision Monday, said that determined it has jurisdiction to look into the charge that AT&T and Verizon turned over thousands of Connecticut phone records without warrants to the NSA.

Source - Associated Press



http://www.krollontrack.com/legalresources/topic.pdf

Electronic Discovery and Computer Forensics Case Law

(Organized by Topic)



http://www.privacyinfo.ca/home.php#1792

Canada.com and Email Privacy

posted on Fri. Mar. 9/07

Several people have written over the past couple of weeks to call attention to the privacy implications of the Canada.com FAQ. The FAQ asks the question about where Canada.com email account information will be stored with the answer that:

canada.com e-mail (the "Service") is provided by Velocity Services, Inc. ("VSI"), a company located in and conducting its business from the United States. By registering for and/or logging on to the Service, you accept and acknowledge that the information processed or stored outside of Canada may be available to the foreign government of the country in which the information or the entity controlling it, is situated under a lawful order made in that jurisdiction and no longer falls under the jurisdiction of Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA") nor be subject to canada.com's Privacy Statement.

As David Fraser rightly notes "I'm pretty confident that you can't wave a magic wand and say that PIPEDA no longer applies."

The Canwest approach, which seemingly contradicts its own privacy policy, confuses the issue of mandatory disclosure by U.S. law enforcement (certainly a possibility) with the applicability of Canadian law and the Canwest privacy policy. They are simply wrong to suggest that Canadian law no longer applies once the information leaves the jurisdiction (as the federal court just ruled) or that a privacy policy is somehow voided by virtue of the fact that the data is outside of the jurisdiction.

Web 2.0 services raise a host of privacy issues, few more than web-based email, which potentially leaves thousands of sensitive, personal email messages in the hands of email providers. The Canada.com approach does little to inspire confidence about the protection of that personal information.



Toward “Best Practices”

http://www.bespacific.com/mt/archives/014240.html

March 12, 2007

OMB Agency Information Quality Guidelines

OMB Agency Information Quality Guidelines: "Section 515 of Public Law 106-554, known as the Data Quality Act, required the Office of Management and Budget to promulgate guidance to agencies ensuring the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by Federal agencies. OMB's government-wide guidelines, published as interim final on September 28, 2002 (66 F.R. 49718) and finalized on February 22, 2002 (67 F.R. 8452), can be found on OIRA's website. Federal agencies were also required by Section 515 to publish their own agency specific guidelines no later than one year after OMB's guidelines. This page contains links to the information quality guidelines for departmental, agency, and sub-agencies of the Federal Government. This list is not complete, and will be updated as more agencies post their guidelines online." [In some agencies, it's still 2002. Bob]



No longer news...

http://techdirt.com/articles/20070309/180818.shtml

Government Accountability Office Trashes E-Voting Machine Testing

from the yet-again dept

The latest evidence of problems with the electronic voting actually comes from the government itself. John points us to the news of a report coming out of the Government Accountability Office (GAO) slamming the process of e-voting testing. In January, the story broke that the company that had supposedly certified approximately 70% of the e-voting machines used in last November's election had actually lost its own certification back during the summer due to some serious questions about whether or not it was really thoroughly testing the e-voting machines (if it was testing them at all). When this was pointed out, people who supported reform on e-voting machines were called wild-eyed activists even as they were being proven correct. Some industry insiders then stopped by Techdirt to claim we had no idea what was really going on and insisting (a) that the machines had been tested and (b) letting security researchers look at the machines would be somehow irresponsible. Yet, the GAO seems to find the opposite -- noting just how problematic these machines have been: "We concluded in 2005 that these concerns have caused problems with recent elections, resulting in the loss and miscount of votes." It's all pretty damning again, but we fully expect the e-voting companies (at least the ones who aren't looking to sell their e-voting units, as both Sequoia and Diebold have explored) to continue to deny there are any problems.

On a related note, can we give a public hand to the GAO, which seems to be the one government agency that doesn't seem to toe the party line all the time? From telling Senators that blaming file sharing system for porn is bogus to slapping down the FCC over its bogus broadband competition numbers to noting that pharmaceutical patents prevent the development of new drugs to this latest report, it seems like the GAO actually is one government organization that's more focused on what's actually happening, rather than what the lobbyists and politicians want to happen.



Sometimes it's just interesting to see the results of all that high priced market analysis...

http://digg.com/tech_news/Walmart_Sends_The_Consumerist_A_DMCA_takedown_notice.

Walmart Sends The Consumerist A DMCA takedown notice.

Angered by the leaked PowerPoint presentation detailing its plan to break down customers into three core segments...

http://consumerist.com/consumer/walmart/walmart-sends-us-dmca-takedown-letter-for-slideshow-243645.php

[The slides... http://consumerist.com/consumer/walmart/leaks-walmart-powerpoint-on-3-customer-plan-241939.php



Need clips? (This tool converts speech to text and then sorts by keyword. Could work with voicemail just as easily...)

http://www.bespacific.com/mt/archives/014247.html

March 13, 2007

Audio Tracks of YouTube Clips Analyzed and Transcribed By Defense Contractor

Beet.TV: "A major defense department contractor, BBN of Cambridge, Massachusetts, has applied a national security technology application, developed to fight terrorism, to "crawl" the audio tracks of public Internet videos through its Podzinger subsidiary. Podzinger has analyzed, transcribed and organized some 1.5 million YouTube clips since December and is crawling many thousand every day, according to Alex Laats, who heads the unit."

No comments: