Friday, March 23, 2007

Why would this server be connected to the Internet in the first place? I wonder if all lawyers work this way?

http://www.canada.com/edmontonjournal/news/cityplus/story.html?id=79c9fff9-4b37-4958-9054-6b9bf5148672&k=55365

Client files unguarded on lawyer's server

'Extremely serious privacy breach,' detective says

Charles Rusnell The Edmonton Journal Thursday, March 22, 2007

EDMONTON - An unprotected computer server in a downtown Edmonton law office allowed access to hundreds of client files that included personal information such as driver's licence and social insurance numbers, work histories and criminal records.

"This is an extremely serious privacy breach," said Edmonton Police Det. Bob Gauthier, an expert in identity theft, who was shown samples of the records obtained by The Journal. "If I was one of these clients, I would be screaming."

... The private personal information was in the computer system of a local lawyer. When informed of the breach by The Journal on Wednesday, the lawyer was so shocked he could barely speak. [for a lawyer, that's shocked indeed! Bob]

He said he immediately shut down the system so there could be no further access.

He said he thought the system was secured by an encrypted password. [Clear indication of a non-techie. Bob] There is no indication that anyone else accessed the information.

The system was accessed by a man who had just started a job in a nearby building. Daniel Gallant said he brought his laptop to work because his employer had yet to set up his work computer. The laptop has a wireless card, which allows it to connect to any nearby wireless access point. Most such access points are password-protected, which means they can't be entered without a secret password.

Gallant, who said he is computer novice, said he was shocked to find the system was not password-protected. When he logged onto one network, he said he was invited to log onto one lawyer's database.

"I work in the social services field," Gallant said. "I understand about the importance of protection of privacy."

Gallant said he downloaded a few samples of documents. He later called the provincial privacy commissioner's office. [Bypassing the lawyer? Bob]

He said he was surprised when the privacy commissioner's office seemed uninterested in taking immediate action.

"Anyone could get access to that information," he said. "I was very disappointed. I expected them to tell me that there was some sort of penalty for not protecting the information."

Gallant said he killed the files out of his computer and did not distribute them to anyone else.

The Journal has sealed its copies of the documents.

Marilyn Mun, director of the provincial Freedom of Information and Protection of Privacy office, said her staff told Gallant to put his concerns in writing and send them and the documentary proof to their office.

"We get all sorts of people calling and making allegations," Mun said.

"And for that reason there is a process in place. We require that you put it in writing so that we have something that we can use to do an investigation."



This should not come as a shock... (see next article)

http://www.pogowasright.org/article.php?story=2007032220203946

CA: SSI Numbers Showing Up in Public Records

Thursday, March 22 2007 @ 08:20 PM CDT - Contributed by: Lyger - State/Local Govt.

Assemblyman Dave Jones couldn't believe the treasure trove of Social Security numbers he found on the California Secretary of State Web Site.

[...] "The state has literally been selling on the Internet an identity theft starter kit," said Assemblyman Jones (D-Sacramento). "It has sold Social Security numbers for a mere $6 each to any member of the public with an Internet connection and a credit card."

Source - abc7.com Related - DailyBreeze.com


Remember, this started with the TX attorney general saying the county clerks were in violation of the law, then retracting that, then the state wanted to pass a law exempting them from compliance... This sounds like bad law to me.

http://www.caller.com/ccct/local_news/article/0,1641,CCCT_811_5435136,00.html

Bill targets the removal of personal information

Social Security numbers would be obscured if the governor signs legislation [and if the gov doesn't? Bob]

By Denise Malan Caller-Times March 22, 2007

Social Security numbers would be obscured from public documents, upon request, [Do you know where your personal data is? If so, then you can opt out. Bob] under a bill approved by the Legislature and awaiting the governor's signature.

The bill would give county clerks a "reasonable amount of time" to remove - redact, in legal-speak - all but the last four digits of a person's Social Security number from public documents, including those filed electronically. [Why not change the program to do it automatically? Bob]

... The bill, filed by state Rep. Jim Keffer, R-Eastland, is a compromise between privacy concerns and the practicalities of removing Social Security numbers from all public documents in county clerk offices around the state. The numbers routinely are included on marriage license applications, child support liens, tax liens and court abstracts.

... However, people must file a written request to have the numbers redacted from records that already have been filed. Removing numbers from all records would have required the county to hire a redaction company, and Barrera said she is unsure how many people will request removal.

... The bill also eliminates penalties for county or district clerks who disclose Social Security numbers in the ordinary course of business. The current law provides for as much as $1,000 in fines and six months in jail for each offense.



Pretty good capsule summary... (There is a great little classification summary page too.)

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014071

Growing pressure for data classification

Jay Cline

March 22, 2007 (Computerworld) A storm is brewing over the silicon fields of corporate data — and companies that don’t classify their data are going to get rained on. Why? Three reasons. New security-breach notification laws being considered around the world will compel multinationals to know where their most sensitive data is. The recent implementation of a U.S. Supreme Court decision on e-discovery allows for fines to be levied against companies in federal litigation that don’t know where all their data is. And the decentralization of corporate data to mobile devices is heightening the risk of not having business-continuity plans that risk-rank critical data.

If you’re one of the 65% of companies polled by Computerworld last year that don’t routinely classify their data, you’ll want to forward this list to Legal and IT to help inject some urgency into the situation:

• Data classification for breach response. U.S. state laws on security-breach notification have been so successful in prodding companies to shore up their information security that Congress, and legislative bodies in Canada, Europe and Australia are now considering adopting similar measures. To comply with these laws and prevent these breaches from happening in the first place, companies are starting to inventory all their data that trip these notification triggers. (See Data Confidentiality Classifications table below.)

• Data classification for e-discovery. Last December, amendments to the Federal Rules of Civil Procedure recommended by the Supreme Court concerning the discovery of "electronically stored information" came into effect. Under the new rules, companies need to produce all relevant information much earlier in the litigation process and may be fined stiff penalties for stumbling across new information during a trial. To avoid these penalties and reduce the cost of e-discovery, companies are finally starting to implement comprehensive data-retention policies that routinely destroy old records. (See Data Retention Classifications table below.)

• Data classification for business continuity. The growing popularity in U.S. corporations of data-leak scanning software has shown them just how much of their data is flowing outside their organizations. Employees are increasingly e-mailing company files to their home e-mail accounts and storing them on their handheld devices and laptops. To ensure that a company can recover its operations in the event of a large-scale disaster, there has never been a greater need for companies to have a handle on where all of their mission-critical data is. (See Data Recovery Classifications table below.)

I can just hear the groans on the other end of your e-mail. "Three classification schemes? Are you crazy? This would be too expensive, and employees would never get it."

That’s what I thought, too, until I came across companies that have put this into practice. I can’t mention their names, but they’ve found basic data classification to cost less than any of their enterprise-technology implementations. And their employees intuitively understood the data classes after a minimal amount of training and awareness. In one company, 75% of employees could accurately identify the company’s data classifications after just three months of an awareness campaign.

It all comes down to two basic messages companies need to inculcate in employees from Day One on the job:

1. Don’t store privacy-restricted or mission-critical data on your laptop, mobile device, home computer or personal e-mail account.

2. If you have official company records, you need to store them in a special share-drive directory, since your personal drive and e-mail account will be routinely purged.

This isn’t rocket science. And with these basic rules understood across your company, you can build out more rigorous security, retention and business-continuity programs over time.

You could do that, or bet that your company will never experience a publicized security breach, federal trial or large-scale physical disaster. As the Information Age converges with the Age of Terror, these kinds of bets will increasingly determine the outcome of careers and fortunes.

Jay Cline is a former chief privacy officer of a Fortune 500 company and now president of Minnesota Privacy Consultants. You can reach him at cwprivacy@computerworld.com.



If congress says you can't do it... Offshore it! (Friendly governments share information, right?)

http://www.wired.com/news/technology/0,73046-0.html?tw=wn_politics_privacy_1

Son of TIA Will Mine Asian Data

By Sharon Weinberger 12:00 PM Mar, 22, 2007

Nearly four years after Congress pulled the plug on what critics assailed as an Orwellian scheme to spy on private citizens, Singapore is set to launch an even more ambitious incarnation of the Pentagon's controversial Total Information Awareness program -- an effort to collect and mine data across all government agencies in the hopes of pinpointing threats to national security.

... Retired U.S. Adm. John Poindexter, the architect of the original Pentagon program, traveled to Singapore to deliver a speech at the unveiling, while backers have already begun quietly touting the system to U.S. intelligence officials.

... Poindexter, who was also on the roster of people the Singaporeans were scheduled to meet with in the United States, never quite disappeared from the data-mining scene. In January of this year, he was elected to the board of BrightPlanet, a firm that boasts "the most powerful search, harvest and document federation technology available in the world." The company's press release announcing Poindexter's appointment noted the former national security adviser would "provide guidance in developing further contacts within the intelligence community."



Always interesting

http://www.privacydigest.com/2007/03/23/internet+security+threat+report+symantec+corp

Internet Security Threat Report - Symantec Corp.

March 23, 2007 - 6:11am — MacRonin

Internet Security Threat Report - Symantec Corp.: "The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a six-month period. It covers Internet attacks, vulnerabilities, malicious code, phishing, spam and security risks as well as future trends. The eleventh version of the report, released March 19, 2007, is now available."

[From the report:

Over the past two reporting periods, Symantec has observed a fundamental shift in Internet security activity. The current threat environment is characterized by an increase in data theft and data leakage, and the creation of malicious code that targets specific organizations for information that can be used for financial gain.



The what...

http://blogs.zdnet.com/BTL/?p=4708

Oracle sues SAP; alleges ‘corporate theft on a grand scale’

Posted by Larry Dignan @ 11:39 am March 22nd, 2007


...and the why?

http://www.infoworld.com/article/07/03/22/HNheartoforaclesapsuit_1.html?source=rss&url=http://www.infoworld.com/article/07/03/22/HNheartoforaclesapsuit_1.html

Maintenance contracts at heart of Oracle, SAP dispute

Oracle's suit against SAP is about business rivalry and theft, but it is also very much about third-party maintenance of software

By Nancy Gohring and Elizabeth Montalbano, IDG News Service

March 22, 2007



Sometimes justice sounds just right!

http://www.infoworld.com/article/07/03/23/HNbroadqual_1.html?source=rss&url=http://www.infoworld.com/article/07/03/23/HNbroadqual_1.html

Broadcom says Qualcomm violated duty to standards group

Qualcomm failed to divulge a pair of video-related patents, according to suit

By Dan Nystedt, IDG News Service March 23, 2007

A U.S. jury ruled that a failure by Qualcomm Inc. to disclose two patents to a video standards group means the company waived its rights to enforce the patents, which are now part of the H.264 video compression standard, Broadcom Corp. said Thursday.



Another technique for bypassing those pesky subpoenas?

http://techdirt.com/articles/20070322/065151.shtml

US Gamblers To Get Frozen Assets Back, Feds Still Looking For A Crime

from the there-must-be-a-crime-somewhere dept

Are the Feds going soft in the war on online gambling? For the last couple of months, gamblers in the US have been stuck in limbo as popular money transfer firm NETeller was unable to return to them funds that were being held by the company. While the government has gone after online gambling firms and the financial institutions that abet the business, it's not clear that the actual act of placing a bet online is illegal, so it didn't make sense to victimize gamblers themselves. It now appears that NETeller has reached a deal with the Department of Justice to return $55 million in frozen assets at some point in the next 75 days, although the details of this transfer have yet to spelled out. It's great that the DOJ is concerned about getting people their money back, but it appears it might have an ulterior motive here. As part of the agreement, NETeller will undergo a complete forensic audit that will allow the Feds a detailed look into how the whole business works. It bears repeating that NETeller isn't itself an online gambling firm. It's basically the European version of PayPal, and, as PayPal used to do, it helps people transfer money to online casinos. The company's founders were arrested back in January, but so far haven't been formally charged with anything, so it seems as if this forensic audit is basically a way for the Feds to figure out what, if anything, the NETeller founders can be charged with. Meanwhile, the cost and effort associated with this whole anti-gambling push continues to escalate, and it's still not clear who the victims are or why this is a government priority at all.



I expect “personal surveillance tools” will become a major market niche. Note that “Have fun...” will likely be the most common marketing slogan.

http://www.privacydigest.com/2007/03/21/have+fun+wiretapping+enemies+and+loved+ones+2recall

Have Fun Wiretapping Enemies and Loved Ones with 2ReCall

March 21, 2007 - 9:27pm — MacRonin

Have Fun Wiretapping Enemies and Loved Ones with 2ReCall: "New York based call recording company 2ReCall just recently launched their initial call recording product last week. The new service lets you record any US domestic outgoing call by first dialing into an 800 number and then number you want to call. The old fashioned way of recording calls consisted of Spy-vs-Spy type tape recorders and suction mics. VOIP changed that a bit, making it dead simple to grab the conversation as it passes through your phone client, although it leaves you chained to the desk. 2ReCall’s 800 number means you can record an outgoing call on any phone. Over the coming year the service will be able to record inbound calls as well, with the ultimate goal being a completely seamless solution that records all calls on the number.

When calls are recorded, they are stored on your online 2ReCall account in .wav or .mp3 format where you can download, review, and annotate them. Although the service works by 800 number, you must first buy a 500MB storage account for $4.95/month and pay 20 cents a minute or a 1GB account for $9.95/month and pay 15 cents a minute to use it.

Currently call recording is a rats nest of legal issues, with 38 states only needing one party’s permission and the other twelve needing both parties’ consent before recording a call. It gets complicated when calling between states. They cover the legal issues deeper in their FAQ.

While the service is geared to anyone needing to frequently record their calls (journalists, professionals, conference calls), the founders have already used the service to catch one stonewalling architect. The architect, who was reviewing plans for one of the founder’s developments, said he wouldn’t let him build a house on their property regardless of whether they met the development guidelines or not. Armed with the tape of their conversation, the reviewing architect backed down and settled the matter out of court.



Now drivers can do more than chat on their cell phones, they can make sweeping gestures...

http://news.com.com/2100-1039_3-6169697.html?part=rss&tag=2547-1_3-0-5&subj=news

Motion-sensing comes to mobile phones

By Marguerite Reardon Story last modified Fri Mar 23 05:53:28 PDT 2007

The same technology used in Nintendo's popular Wii video game console that lets you bowl strikes and hit tennis volleys like you're Venus Williams is also making its way into mobile handsets.



Could be the tool that makes the next “anti-Hillary” video?

http://blog.wired.com/geekdad/2007/03/quick_stop_moti.html

Wednesday, March 21, 2007

Quick Stop Motion Shorts

For years my kids and I have been making claymation episodes, doll- and figure-animations, paper cutout sequences, and fun time-lapse movies with our family handy-cam. With mixed results. Although fun, our primitive method of simply blinking the on-button has always been less than satisfactory. Our brain-dead way creates three problems for an animation: 1) the interval is too long (jerky movement), 2) you can't see what motion should be next, and 3) you can't edit out goofs when you make a boo-boo -- which is 100% certain.

It was with great joy that we discovered software that solves all three problems. iStopMotion is a one of those offerings. It works on the Mac, but there are PC versions of the same thing out there. With this inexpensive programs you connect a live video feed from your camera to your computer (via USB or Firewire) and then you control the film from your keyboard -- or this is cool -- via voice command! After you capture a frame, the program overlays that frame as transparent layer over the current camera view so you can see exactly where you need to move next. [Obvious? Bob] You can even request the last 5 frames (onion skinning animators call it) to get a sense of direction and trajectory, which allows a very fine tuning of the motion. And you can edit mistakes, and do redos on the fly. All this is simple enough that my 7-year-old could instantly manage it. Yet it is sophisticated enough that film students use this software for thesis projects. Making time-lapse films is even easier.

In fact, it's a perfect GeekDad enterprise because filming goes a lot quicker with more than one person invloved -- one moving things, one calibrating and clicking. And its also perfect for class rooms.

The joy of this tool is that your computer screen rather than your camera screen drives the animation. The downside is that you either need to do all your filming within cable reach of your desktop, or else on a laptop (with sufficient shade on the screen outdoors). The closer you can get your screen to your "stage" the better. When you are done animating, or time-lapsing, it is very easy to export the Quicktime file to iMovie to add a soundtrack and titles.

There are three programs in this genre and all three run on Mac OSX. I've tried all three (iStopMotion, FrameThief, and Stop-Motion Studio) and iStopMotion is by far the superior. It has the most features, ease of use, speed and stability. It is also the best designed. It's $40 after a free demo version.

For inspiration about what can be accomplished in a weekedn check out the entertaining examples completed by folks on the iStopMotion website.



Don't you love 'em?

http://www.newyorker.com/humor/cartoons/daily/animations

The New Yorker

The New Yorker has partnered with Ring Tales to present these animated versions of classic New Yorker cartoons.

[This one is for my PowerPoint class:

http://www.newyorker.com/humor/cartoons/daily/videos/2007/03/12/070312_softwaredevil

No comments: