Saturday, March 17, 2007

Same story, different day.

http://www.springfieldnewssun.com/hp/content/oh/story/news/local/2007/03/16/sns031707laptop.html

Laptop with city school employees' information stolen

By Andrew McGinn Staff Writer Friday, March 16, 2007

Nearly 2,000 current and former employees of Springfield City Schools are being notified their personal information was on a stolen laptop belonging to the state auditor's office.

... The payroll information had been requested by the state as part of an audit, she said.

The district mailed letters to the employees on Thursday.

... The laptop was stolen Feb. 22 from an auditor employee's vehicle parked at home in a garage, according to the letter.

Leaving equipment unattended in a vehicle is against office policy, said Susan Raber, director of public affairs for the state auditor. The employee, who lives in Hilliard, was given a verbal reprimand.

... The office doesn't need social security numbers to do audits and will stop asking clients for them, Raber said. [Now you tell me! Bob]



Costs of a data breach

http://www.jsonline.com/story/index.aspx?id=578307

Your bill: $536,000

Taxpayers' cost doubles for state to atone for allowing Social Security numbers on tax forms

By PATRICK MARLEY pmarley@journalsentinel.com Posted: March 15, 2007

Madison - Taxpayers will have to pitch in more than $500,000 to provide credit monitoring for people whose Social Security numbers were accidentally printed on tax booklets - twice the amount officials initially estimated. [No surprise here. Bob]

So far, 25,857 people have signed up for credit monitoring under a program offered by the state, which will cost taxpayers $536,425. [$25.00 per victim (see below) Bob] That number could climb to more than $677,000 because people can sign up for the program until March 31.

... In January, the Department of Revenue estimated taxpayers would have to pony up $232,000 at most because they expected no more than 8% of affected people to sign up [What if it his 90%? Bob] for credit monitoring. So far, more than 15% have done so.

... The state cut a deal with the printer, Ripon Community Printers, in January that requires the firm to pay $110,000 toward the credit monitoring. The balance - $536,425 so far - will fall to taxpayers.

The printer estimated it would spend $200,000 total because it also reprinted and resent the tax booklets and sent letters offering the credit monitoring.

... Sen. Ted Kanavas (R-Brookfield) said the department should have anticipated a higher response rate and forced the printer to pay a percentage of the total rather than a firm amount.

"That's just bad management on the part of the agency," he said. [QED Bob]



Absolutely no comment.

http://sev.prnewswire.com/publishing-information-services/20070315/AQTH06315032007-1.html

Google Tops the 11th Annual BusinessWeek 50 Ranking of Best Performing U.S. Companies

... 38 TJX



We knew this, right?

http://www.govtech.net/magazine/story.php?id=104461

More Than 100 Security Breaches Reported Under Law to Thwart ID Thieves

By News Release Mar 16, 2007

More than 100 security breaches have been reported to North Carolina Attorney General Roy Cooper's Consumer Protection Division under new laws that require businesses and government to let consumers know when their personal information may have been lost or stolen, Cooper said.

... Under North Carolina laws, state and local government as well as businesses must notify consumers if a security breach may have compromised their personal information. A total of 103 breaches that involved information about more than 500,000 North Carolina consumers have been reported since the laws took effect in 2005 and 2006.

Of those breaches, half involved the theft of laptops, computers or other equipment containing personal information. Nearly 20 percent of breaches were caused by unauthorized release or display of information, and nearly 18 percent were the result of hackers. Almost half of all breaches reported came from the financial services and insurance industry, while nearly ten percent were reported by state and local government agencies. Businesses have been required to report security breaches since December 1, 2005, and state and local governments have been required to report breaches since October 1, 2006.



Worth watching

http://www.f-secure.com/weblog/#00001143

Big Thinkers

Friday, March 16, 2007 Posted by Sean @ 13:07 GMT

BT – formerly known as British Telecom – conducts forums known as BT's Big Thinkers series.

F-Secure's Chairman of the Board, Risto Siilasmaa, was a panelist during a recent discussion along with Michael Barrett, the Chief Information Security Officer of PayPal. It was hosted by well-known security expert Bruce Schneier, and was moderated by Esther Dyson.

Security: not just a technical problem was the topic of discussion. It's a people issue as well.

The discussion is about an hour in length. It takes a minute or two for the video to load from BT's site, probably due to the demand at the moment. Be patient, it's worth the wait.



How do I scan thee? Let me count the ways...

http://www.infosecwriters.com/texts.php?op=display&id=546

Biometrics, What and How

by Moustafa Kamal on 16/03/07

Humans have used body characteristics such as face, voice, gait, etc. from the day that mankind existed to recognize each other. Some characteristics don’t change over time and some do. And since each on has a unique characteristics that no other share we humans have thought of using that in our daily life, The main aim of using it after 9/11 is for security reasons. So what characteristics do we use? Are they accurate? Can we depend on them in our daily life routine?

I have tried to cover all of the characteristics that are used in Biometrics, How they are used, and what are the disadvantages of using them. So I hope that you find this document useful…

This document is in PDF format. To view it click here.


There must be a market...

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9013408&taxonomyId=17&intsrc=kc_top

CEBIT : IBM researchers take on video surveillance privacy

James Niccolai

March 16, 2007 (IDG News Service) Researchers at IBM Corp. are trying to address privacy concerns about video surveillance systems, part of a broader effort by IBM to build a new business in the fast-growing surveillance market.

Concerns about security in cities, airports and other public places are causing a proliferation of video surveillance systems, but the increase has heightened concerns about privacy among regulators and the general public.

IBM hopes to alleviate the concerns with technology that can pick out faces in a video frame and automatically blur them, so that people's images -- and therefore their movements -- are not recorded, said Joachim Stark, director of digital video surveillance with IBM's global services group.

An obvious hurdle is identifying the potential suspects from innocent bystanders. Investigators often review closed-circuit video footage after a crime is committed, and blurring faces would defeat much of the point of doing surveillance.

One solution is to find ways to identify suspects automatically [Oh look, he came out of a mosque... Bob] so that only their faces are left unblurred. Video analytics software can already trigger an alert when a person leaves an object of a certain size on a station platform, for example, and walks off. After spotting such a behavior, a surveillance system could "rewind" the action in Tivo-like fashion and unblur a suspect's face from the moment the person enters the frame, Stark said.

Another option is to blur all the faces when the video is recorded, but allow investigators with the right access permissions to unmask them at a later date.

... The video surveillance market is growing at around 15 percent annually, Stark said. IBM hopes to distinguish itself with its database and middleware technologies, which can help store and analyze the vast quantities of video data.

Surveillance technologies have already come a long way. IBM's analytics software records metadata, or information about the data in a video, such as colors and the size of objects in a frame. If a witness reports seeing someone in a red sweater acting suspiciously, investigators can search for "red" in the surveillance software and pull up the relevant images.

Such systems can generate vast amounts of data, however, and IBM is looking at compression technologies to reduce the volume.



Attention virtual lawyers!

http://techdirt.com/articles/20070315/010624.shtml

Can A Web Crawler Enter Into A Contract?

from the seems-unlikely dept

The Technology & Marketing Law blog is discussing an interesting case where a woman put up some text on her website claiming that by visiting the website you were agreeing to the "contract" represented in the terms -- which included the fact that if you copied or distributed any content on the site, you agreed to pay large sums of money back to the woman. What happened next is probably pretty predictable. The Internet Archive archived a version of her page... and she tried to get money out of them. The Internet Archive went to court to have it declared that they did nothing wrong, and the woman countersued. Of course, she didn't just sue for breach of content, but copyright infringement, conversion, civil theft and racketeering (just to be safe). Racketeering certainly seems pretty extreme -- but then again so does claiming that by putting some simple text on your website anyone who visits the website (including automated web crawlers) enters into a binding contract. While the discussion focuses on whether or not a spider can enter into a clickwrap contract like that, an equally interesting question might be whether or not anyone can force people to give up their fair use rights. Right now, it seems that the courts are divided on that question -- though the argument that you cannot be forced to give up fair use rights makes a lot more sense based on the entire stated purpose of fair use rights. Still, the situation sounds quite similar to a discussion we had last year of a newspaper that tried to state on its website that fair use did not apply to its content. As for the question of whether or not something like the Internet Archive is fair use, at least one court has said that Google's cache is fair use, and that's quite similar to the Internet Archive. Either way, the case is still ongoing and should be interesting to follow. Hopefully the court will recognize that anyone who actually visits this woman's website actually violates that agreement by "making a copy" on their local hard drive -- which should help explain why the demand against copying is effectively meaningless.


Ditto

http://techdirt.com/articles/20070315/193857.shtml

Can A Telco Block Phone Calls To A Number They Don't Like?

from the they're-trying dept

If you're involved with startups these days, you've probably used FreeConference.com. It's become the de facto conference call system for many startups. Basically, it lets you create conference calls for just the cost of the long distance call to the number provided (usually in Iowa or Minnesota). Since many phone plans these days include unlimited long distance, there isn't even much of a cost for most users. I used to think that the business model behind FreeConference.com was to upsell people to more feature-complete conference calls (as well as ones that didn't provide a little jingle for FreeConference.com at the beginning -- for people who didn't want big name customers or partners knowing they were using a free service). However, many have suggested that the real business model was the same as those services that offered free international calls: arbitrage over termination fees. Since regulators put in place ridiculously high termination fees (the fees other telcos pay local telcos for connecting a call to that telco's end user) there was an arbitrage opportunity. These services could set up deals with the local telcos, drive many more calls to those local exchanges. The local telcos then get a ton of cash from the termination fees, and gives some of it back to the service that drove all that traffic. In the case of the free international calls, AT&T decided to sue the company for fraud.

However, it looks like the various telcos have taken a different strategy when it comes to FreeConference.com: they're simply blocking callers from calling that number. Think about that for a second, because it's quite troubling. The telco is deciding that they don't want you to be able to call certain numbers -- and then just blocking them, leaving no recourse. Apparently some people can still get through, but others are having trouble. It certainly has some similarities to the whole network neutrality debate. The FCC tends not to take kindly to telcos blocking anyone's ability to call anyone else -- though, in the past, it's usually smaller telcos doing the blocking, rather than the Kevin Martin's buddies at the big telcos. Either way, it seems pretty sleazy to suddenly block the ability to call certain numbers. The problem isn't with these services, but the bad regulations that allowed the small telcos to charge crazy termination fees in the first place. If the big telcos have a problem with it, they should take it up with whoever put those laws in place.



Wouldn't it be better to protect the victims rather than cripple the whistle blowers?

http://www.eweek.com/article2/0,1759,2104844,00.asp?kc=EWRSS03119TX1K0000594

Italy Bans Mobile Phones in Classrooms

March 16, 2007 By Reuters

ROME—Italy has banned schoolchildren from using mobile phones in class in an attempt to stop ringtones disrupting lessons and prevent pupils messing about with video cameras.

The rules force schools to discipline children who persist in using their phones, with punishments ranging from the confiscation of phones to excluding pupils from final exams.

The ban follows a series of incidents that have shocked Italians. In November, a video showing a disabled pupil being bullied by classmates, filmed on a mobile phone, caused outcry after it was posted on the Internet. In another, pupils filmed each other sexually harassing a female teacher. [“We would prefer not to know” Bob]



Just to clarify...

http://www.technewsworld.com/rsstory/56329.html

Google's Big Privacy Move - Close but No Cigar

By Katherine Noyes TechNewsWorld 03/16/07 7:40 AM PT

Google's announcement Wednesday that it will adopt new privacy measures designed to make it harder to connect searches with the individuals who request them has been met with mixed reaction. Privacy advocates have generally applauded the move, but they say Google's plan to erase key pieces of data between 18 and 24 months after a search is done is still not the right solution.

... the company now has announced that it will no longer save such identifying information at all beyond a certain point. Instead, it will erase key pieces of data [What they actually said was that they would “anonymize our server logs ” I take this to mean they will replace data that can easily identify you (your e-mail address, for example) with a random code that will make your identity non-obvious. I also suspect they will keep a table connecting your email address with the new random code – after all, they will want to ensure that as each month's search data is anonymized,” it can still be connected to the same individual's file. Or am I wrong? Bob] between 18 and 24 months after a search is done.

[Here's another take on this story: http://searchengineland.com/070314-180307.php ]



Good idea?

http://www.pogowasright.org/article.php?story=20070316171456832

Data-Mine Time in The Senate (commentary)

Friday, March 16 2007 @ 05:14 PM CDT - Contributed by: PrivacyNews - Fed. Govt.

Buried deep within the massive Homeland Security bill recently passed by the Senate is a provision that should give privacy advocates some much needed cheer. But it probably won't. Section 504 of the bill requires the federal government to report annually on its development and use of data-mining technologies. However, the provision does not prohibit the government from data mining. It only has to tell Congress what it's doing.

Source - InternetNews.com



So will the court smack SCO for wasting its time? (Transcripts included)

http://yro.slashdot.org/article.pl?sid=07/03/16/1255230&from=rss

The Score is IBM - 700,000 / SCO - 326

Posted by Zonk on Friday March 16, @09:57AM from the that's-some-impressive-evidence dept. Caldera The Courts Linux

The Peanut Gallery writes "After years of litigation to discover what, exactly, SCO was suing about, IBM has finally discovered that SCO's 'mountain of code' is only 326 scattered lines. Worse, most of what is allegedly infringing are comments and simple header files (like errno.h). These probably aren't copyrightable for being unoriginal and dictated by externalities and aren't owned by SCO in any event. Above and beyond that, IBM has at least five separate licenses for these elements, including the GPL, even if SCO actually owned those lines of code. In contrast IBM is able to point out 700,000 lines of code, which they have properly registered copyrights for, which SCO is infringing upon if the Court rules that it repudiated the GPL."



Inevitable?

http://hosted.ap.org/dynamic/stories/C/COURT_RECORDINGS?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Courts to Release Trial Tapes Online

By MATT APUZZO Associated Press Writer Mar 17, 2:58 AM EDT

WASHINGTON (AP) -- A computer and an Internet connection may soon be all that are needed for anyone to hear closing arguments in a corruption trial or listen to the testimony of a mob turncoat.

The federal judiciary approved a pilot program this week to make free audio recordings of court proceedings available online. Although a court's participation in the program is voluntary, U.S. District Judge Thomas F. Hogan, the executive committee chairman of the policy-making Judicial Conference, said he expects the system ultimately will be widely used.

... At present, recording devices and cameras are prohibited in all federal courtrooms. However, in some high-profile cases the Supreme Court releases audio recordings of oral arguments. Some federal trial courts, such as the one in Philadelphia, sell daily audio recordings of hearings.

... "As technology becomes more pervasive and access to recorded material becomes more a part of daily life, the courts are moving with the times," Siegel said.

... He said judges will have discretion over when to turn the recorder off, such as during an FBI informant's testimony or when a rape victim takes the stand. Ronald Collins, a scholar at the First Amendment Center, said lawyers will haggle [and the sun will rise in the east... Bob] over when that's appropriate.



Can I be private?

http://www.pogowasright.org/article.php?story=20070316135757776

Computer Protocols Changed to Insure Private Network

Friday, March 16 2007 @ 01:57 PM CDT - Contributed by: PrivacyNews - Minors & Students

Wesleyan will adjust its computer network access protocols in order to remain exempt from an order by the Federal Communications Commission that requires facilities-based Internet service providers to engineer their networks to assist law enforcement agencies in executing wiretap orders. The changes, intended to ensure that the university's network is viewed as "private" and thus exempt, include requiring log-ins for access to the campus wireless network, kiosks and library computers.

Source - The Wesleyan Connection

[From the article:

Analyses by EDUCAUSE and the American Council on Education support the use of two criteria in determining whether a college or university can hold itself exempt: it may not own the hardware that connects its network to the Internet, and it must authenticate all users who access the Internet from its network. The hardware Wesleyan uses is owned by the Connecticut Education Network.

No comments: