Monday, March 12, 2007

Lots of butt covering, but little indication they have anything secured.

http://www.klewtv.com/news/6411372.html

Another computer security breach at UI

Story Published: Mar 10, 2007 at 10:07 PM PST

MOSCOW (AP & KLEW Staff) - The University of Idaho says a data file posted to the school's web site may have put at risk the personal information of approximately 2,700 university employees.

It's the third time in almost a year that the personal information of people affiliated with the school has been compromised.

... Officials said UI launched an immediate investigation into the incident.

The data file was uploaded by an authorized user for legitimate university research purposes. [How can this be legitimate? Is this the result of your investigation? Bob] It contained personal identifying information including names, birthdates and Social Security numbers for approximately 2,700 university employees, but did not include any personal financial account numbers.



Contrast this with the “problem” of keeping personal data out of these records. (See next article)

http://hosted.ap.org/dynamic/stories/S/SUNSHINE_WEEK_ELECTRONIC_RECORDS?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Study: Feds Slow in Getting Records on Web

By ROBERT TANNER AP National Writer Mar 12, 1:38 AM EDT

Federal agencies have dragged their feet on implementing 10-year-old law that requires them to use the Internet to make government documents easily available, a new study says.

The result is the public is blocked from easier access to information, the report says, and the cost of answering information requests is driven up.

The study by the National Security Archive, for official release on Monday, found widespread failure among federal agencies to follow the Electronic Freedom of Information Act amendments that took effect in 1997. The changes constituted some of the most significant modernizations of the original 40-year-old law that first guaranteed citizens the right to government information.

... The archive's review of all 91 federal agencies with chief FOIA officers, along with 58 components of agencies (like the Air Force within the Department of Defense) that handle more than 500 documents a year, found:

- Just 22 percent of federal agencies and components fully followed the law and posted on the Web all the required categories of documents (agency opinions and orders; frequently requested records; policy statements; staff guidance).

- Just over one-third of agencies and components provided an index of their records, as required, to help locate documents.

- Only a quarter of agencies and components provided online forms for submitting FOIA requests.

Many of the record-related Web links that do exist are wrong or missing. One FOIA fax number actually rang in the maternity ward of a military base hospital, Blanton said.

... The study singled out as particularly egregious offenders the Department of Veterans Affairs, [Imagine that! Bob] one of the departments that gets the most requests for information; the Department of Defense, particularly the Air Force; the Interior Department; the Office of the Director of National Intelligence; and the Small Business Administration.

The costs of handling FOIA - estimated at $319 million in 2005 - could be sharply curtailed if agencies relied more on the Web, since frequently requested documents would already be public and electronic records could more easily be shared, Blanton said. Backlogs could be reduced, too.

On the Web:

National Security Archive: http://www.gwu.edu/nsarchiv/index.html

Information Security Oversight Office: http://www.archives.gov/isoo/reports/2005-cost-report.html


http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=285658&source=rss_news50

Critics: Clerks Can Easily Redact Personal Data From Web

Jaikumar Vijayan

March 12, 2007 (Computerworld) Security experts downplayed concerns by county clerks in Texas about the difficulty of redacting Social Security numbers from public records posted on government Web sites.

Some pointed to states like Florida, where county governments are already redacting public records as mandated by state law.

... The county clerks would have to go through millions of pages to identify records containing the numbers, make copies of the pages and then block out the numbers on each copy, Gray said.

You are talking about extra paper, extra storage and extra manpower" to do it, she said.

[This is true only when you use pictures of the document, rather that electronic documents. Even then, you don't need to print the document to redact. Bob]


Perhaps there is no effort to “know” what should/should not be “public?”

http://www.bespacific.com/mt/archives/014227.html

March 11, 2007

Nationwide Information Audit of Public Hazmat Documents Meets with Suspicion, Confusion And, Sometimes, Compliance

Press release: "A nationwide information audit, conducted as a prelude to Sunshine Week, found slightly more than four in 10 of the official gatekeepers willing – if wary – to provide copies of emergency response plans, which federal law makes public. Other local officials, however, reacted to requests with confusion, outright denials and sometimes by calling police to check out the auditors. Many weren’t sure who had the authority to release the reports, or even where the documents were located. More than a third of public officials audited refused to provide access to their local Comprehensive Emergency Response Plan – which is mandated by the Emergency Planning and Community Right-to-Know Act of 1986 as a public document. Another 20 percent provided only partial reports. Those denials stood in stark contrast to the experience of other auditors, many of whom were offered copies of the report in either paper or disc form; 48, or 12 percent, of the 404 communities put the reports online... The 1986 law not only says the plans are public, it also requires the local officials to advertise their availability once a year. In all, 162 news organizations participated as requestors, along with three student newspapers and eight League of Women Voters chapters. This report is built on a database of their experiences and offers a snapshot of the difficulties citizens may face when they request public information that may be considered sensitive."


This is more likely to reflect paparazzi than privacy.

http://www.connpost.com/localnews/ci_5413756

Juries have become shielded information

MICHEAL P. MAYKO mmayko@ctpost.com Article Last Updated: 03/11/2007 03:36:20 PM EDT

Dating back to the 11th century, public juries played a key role in the administration of justice. But as part of a growing trend to protect jurors' identities, clerks in Connecticut's federal courts have been refusing to release to the public the names and addresses of the members of a sitting jury.

"It's a ridiculous rule," said Norman Pattis, a Bethany lawyer with an expertise in constitutional rights. "It smacks of the sort of secret proceeding that caused so much furor in the state courts." The public can walk into any courtroom during jury selection and hear the juror prospects voice their names, hometowns, jobs and more. But don't try to check the names or spellings with a federal clerk afterward.




Somehow, I doubt companies have e-Discovery under control yet.

http://ralphlosey.wordpress.com/2007/03/10/aba-1st-annual-national-instutute-on-e-discovery/

ABA 1st Annual National Instutute on E-Discovery

... The last presentation was “E-Ethics: Practical Consideration and Ethical Issues in Electronic Discovery.” Here Magistrate Judge Paul Grimm of Baltimore, Maryland, made a strong impression with his practical approach. Judge Grimm has gone far deeper than most judges in the area of e-discovery, and has even helped developed a set of e-discovery protocals for the proper conduct of counsel in Maryland. I suggest you take a look at these well considered local rules. As Judge Grimm said, they make a good check list to be sure you cover everything.


A “big nasty” on the way?

http://news.com.com/2061-10791_3-6166231.html?part=rss&tag=2547-1_3-0-5&subj=news

Transcript: Intel top execs failed to retain antitrust memos

March 11, 2007 4:00 PM PDT

The U.K's Inquirer and The Register are both reporting on a 58-page court filing (PDF) released this weekend that reveals Intel's top execs may have been playing "Hide and Seek the Antitrust E-mails."

According to the documents, Intel's chairman Craig Barrett, CEO Paul Otellini, and sales chief Sean Maloney are on the list of employees believed to have deleted e-mails relevant to a lawsuit filed by Advanced Micro Devices.

... According to our previous report, Intel had said human error allowed documents--mainly e-mails--to slip through the cracks of a manual document-retention system put in place after AMD sued the larger chipmaker. Intel had instructed employees to move their e-mails from a PC to a hard drive. The company later admitted that some employees failed to follow these procedures. What was unknown until now, however, was that Intel's top brass were likely a part of that group.

According to a transcript quote from an AMD rep, Intel said that Otellini was "under the impression that IT was automatically backing up his email and so he did not need to retain them."




Think of this as one metric of concern to Privacy advocates. How long must/should data be kept?

http://techdirt.com/articles/20070308/181842.shtml

Arizona Politicians Realize The Unintended Consequences Of Tracking Technologies And Data Retention

from the not-all-good dept

One thing politicians often have trouble with is understanding the unintended consequences of various regulations they put in place. Unfortunately, all too often, they assume that there couldn't possibly be any unintended consequences and insist that their laws will do exactly what they're supposed to do. Unfortunately, that's rarely true. Many people have been worried that various laws to monitor people and retain data will have unintended consequences, but politicians for the most part seem to ignore that complaint. However, it seems like some Arizona politicians have discovered what unintended consequences look like. They were happy to hear that Arizona state police were making use of a new scanner system that would scan license plates to see if it spotted any stolen vehicles. The scanner would then store the information on the plates it scanned for 3 months. [It would be interesting to hear why that number was chosen... Bob] Then some people pointed out that the government was then retaining a pretty detailed database of where an awful lot of Arizona citizens might be at any point in time -- which seems like a pretty serious privacy violation. Luckily, rather than ignore the issue, the politicians are now proposing that the police ditch the data every 24 hours to avoid such problems. Of course, somehow it seems unlikely that the same politicians will realize that the exact same problems also apply to forcing ISPs to retain data on where their customers are surfing the internet.



It's not fair! They spend money on research and product/service improvement instead of silly lawsuits!”

http://yro.slashdot.org/article.pl?sid=07/03/11/1835252&from=rss

SCO Says IBM Hurt Profits

Posted by kdawson on Sunday March 11, @04:20PM from the and-a-bandaid-for-your-knee dept.

AlanS2002 sends in a link from a local Utah newspaper covering the SCO-IBM trial. The Deseret News chose to emphasize SCO's claim that IBM hurt SCO's relationship with several high-tech powerhouses, causing SCO's market share and revenues to plummet. "[A]n attorney for Lindon-based SCO said IBM 'pressured' companies to cut off their relationships with SCO. And 'the effect on SCO was devastating and it was immediate'..." As usual Groklaw has chapter and verse on all the arguments in the motions for summary judgement.



Hard to believe. I can't see the Tony Montana types sitting at a keyboard (or in one of my computer classes) but they can hire consultants...

http://www.pcauthority.com.au/feature.aspx?CIaFID=3349

Slang of the Crimeware Hackers

By Ed Dawson 12 March 2007 01:58PM

If you needed any proof that electronic crime and identity theft on the Internet are increasing, consider the words of Charles Cote.

"In 2006, it was more financially rewarding in the United States to trade in illegal financial information than to sell drugs," he told the Australian MediaConnect Kickstart conference this week.

Cote, the Country Manager for Fortinet Australia, providers of Universal Threat Management (UTM) security solutions, believes that professional hackers are forming new specialised crime-software syndicates, complete with their own illegal lexicon.

No comments: