Tuesday, April 24, 2007

Ahhh, say it ain't so!

http://www.poughkeepsiejournal.com/apps/pbcs.dll/article?AID=/20070423/BUSINESS/704230333

IBM: Tapes with personal data lost

By Craig Wolf Poughkeepsie Journal April 23, 2007

Data tapes containing the names and Social Security numbers of former IBM Corp. employes have been lost, the company confirmed today.

How many, the company officials aren't saying, but they have advised all affected people by letter and assured them that the data tapes were lost rather than stolen and that there has been no indication that any of the data has been used by anyone improperly.

The incident occurred Feb. 23 when a vendor transporting data lost them in Westchester County, spokesman Fred McNeese said. The names are of former IBMers and some who came back later to work at IBM.



Just going down their checklist of “things we haven't screw up yet”

http://www.washingtonpost.com/wp-dyn/content/article/2007/04/22/AR2007042201362_pf.html

FEMA's 'Unfortunate' Privacy Disaster

By Al Kamen Monday, April 23, 2007; A15

Sometimes when they are not busy dealing with natural disasters, FEMA folks just make up their own. We got this letter the other day from Glenn M. Cannon, assistant administrator in the Disaster Operations Directorate.

"Dear Disaster Generalist," he wrote to about 2,300 people on April 16, "an unfortunate administrative processing error at FEMA . . . has resulted in the printing of Social Security numbers on the outside address labels of Disaster Assistance Employee (DAE) . . . reappointment letters."

... Once it figured out what happened, FEMA sprang into action. Everyone affected will get "identity theft protection for one year free of charge," Cannon said.

But wait! That's not all! "Each affected [employee] will receive a personal telephone call to apologize and explain the actions FEMA will take to minimize the impact," he said. And from now on employees will be given personal identification numbers so the agency won't need to use Social Security numbers.



So we should increase the numbers when they tell us they notified nnnn people?

http://www.pogowasright.org/article.php?story=20070423100227921

Institutions only notify 62 percent of identity theft victims, Assistance Center reveals

Monday, April 23 2007 @ 10:02 AM CDT - Contributed by: PrivacyNews - Breaches

It came as a surprise to see that only 62 percent of identity theft victims are notified by financial institutions, according to the Identity Theft Assistance Center (ITAC) in Washington DC.

... In a survey conducted by the non-profit group, ITAC found that 38.4% of those poled (sic) who were victims of identity theft said they were notified by their financial services company. Another 23.3% said they were notified by another financial services company.

Source - Axcess News



I gotta take that “English as a second language” course...

http://business.guardian.co.uk/story/0,,2064181,00.html?gusrc=rss&feed=24

GM subsidiary paid conman for 'blagged' private data, court told

Rob Evans and David Leigh Tuesday April 24, 2007 The Guardian

Debt collectors linked to General Motors and private equity firm Cabot Square Capital were named yesterday in a court case over the black market in private information stolen from government databases.

A private investigator used by companies chasing vehicle hire purchase and bank debtors was convicted at Kingston magistrates court in south-west London. Nicholas Munroe, 32, of west London, conned civil servants into giving home addresses of more than 250 people over the phone. He was convicted of 44 offences of stealing and selling private data in a prosecution brought by Richard Thomas, the information commissioner, and fined £3,200 plus £5,000 costs.

GM subsidiary paid conman for 'blagged' private data, court told

The companies say they told the private investigator at the time not to break the law.

In a practice known as "blagging", conmen trick employees in banks, call centres and government departments into disclosing private details such as addresses or details of bank accounts, tax returns and mortgages. The blaggers often pretend to be from another section and use jargon and knowledge of computer systems to sound plausible. Prosecutions by Mr Thomas have shown that City law firms and national newspapers have used blaggers.

Mr Thomas has persuaded ministers that jail terms are needed to stamp out the trade and wants to prosecute companies that buy the information.


Ditto


http://www.smh.com.au/news/tv--radio/porn-and-privacy-big-brothers-big-bother/2007/04/23/1177180545710.html

Porn and privacy: Big Brother's big bother

David Braithwaite April 23, 2007 - 4:22PM

First it was porn, now it's privacy - a technical stuff-up on reality show Big Brother's website is said to have exposed the personal details of fans who signed up for its special features.

... Last Friday, Behind Big Brother revealed the official site was not using encryption technology on its credit card sign-up page, exposing users to having their details intercepted.

... Big Brother fans have to pay using a credit card to view the site's "premium content". However, the login and registration links on the official site have been disabled due to the security issues.

... Despite its tech staff being alerted to the privacy problem last night, Network Ten was still "looking into" it, a spokeswoman said.



Comments?

http://blogs.csoonline.com/personal_data_exposed_how_can_we_fix_this_mess

Personal data exposed! How can we fix this mess?

Submitted by Mintz Levin on Thu, 2007-04-19 21:55.

Part of the reason that business is interested in the implementation of a federal consumer data breach notification law is that there is currently a crazy quilt of state legislation -- 38 states and counting -- and compliance is difficult. Here are two perspectives on what “should” be included in a federal data breach notification law. What is your perspective? How would you define these elements at a federal level? Should a federal law be overly inclusive? Should encryption be a “safe harbor”?



Big day for reports

http://www.pogowasright.org/article.php?story=20070423163056550

Privacy and Civil Liberties Board Report Issued

Monday, April 23 2007 @ 04:55 PM CDT - Contributed by: PrivacyNews - Fed. Govt.

The Privacy and Civil Liberties Board has issued its First Annual Report to Congress:.

Privacy and Civil Liberties Oversight Board: First Annual Report to Congress March 2006 – March 2007 [PDF]

PogoWasRight.org Editor's note: In reading the report and their findings, note carefully this paragraph on p. 6 (footnotes omitted):

"As shown in the Board’s location, assigned roles, and authority, IRTPA did not create an independent watchdog entity in the nature of an inspector general. Rather, the statute created a Board that operates within the Executive Office of the President and ultimately reports to the President. The statute requires the Board to produce an annual report to Congress only “on [its] major activities” – not on all of its internal deliberations and recommendations. The statute expressly places the Board within the Executive Office of the President (EOP), an office whose sole purpose is to support the Executive. Consistent with that placement and with the goal of offering candid advice, the President has located the Board even more closely to him by placing it within the White House Office (WHO). As the statute explicitly acknowledges, all five Board Members (like other EOP and WHO employees) serve at the pleasure of the President."



Another report...

http://www.pogowasright.org/article.php?story=20070423124721515

CDT Unveils Draft Identity Principles

Monday, April 23 2007 @ 12:47 PM CDT - Contributed by: PrivacyNews - Other Privacy News

From CDT.org: As information-gathering technology improves and governments seek to bolster their capacity to identify individuals, questions surrounding how to manage individual identity have mounted. CDT today officially unveiled its draft Privacy Principles for Identity in the Digital Age, which seek to address those issues in a way that takes into account privacy, security, as well as the broader issues associated with identity. CDT Deputy Director Ari Schwartz discussed the principles at the Federal Trade Commission workshop "Proof Positive: New Directions for ID Authentication."

Privacy Principles for Identity in the Digital Age (Draft) [PDF]



The argument continues...

http://news.com.com/2100-1029_3-6178552.html?part=rss&tag=2547-1_3-0-5&subj=news

Canada, Mexico travel cards under privacy attack

By Anne Broache Story last modified Mon Apr 23 17:03:01 PDT 2007

WASHINGTON--A forthcoming travel identification card geared toward Americans who frequently cross U.S. borders into Mexico and Canada is drawing renewed criticism.

At a Monday workshop here, privacy advocates said they were puzzled that come summertime, the U.S. Department of State, in consultation with the Department of Homeland Security, still hopes to begin issuing so-called "passport cards" embedded with radio frequency identification (RFID) chips whose data can be skimmed by readers up to at least 20 feet away.

The technology, which is similar to the passes read by highway tollbooths, is already being used in other U.S. immigration documents and programs, but that doesn't make it any less troublesome, critics said at the first day of an identification workshop hosted by the Federal Trade Commission.

... In their most recent draft rules issued in October (PDF), government officials said they're leaning against using a chip that could be read from only a few inches away because it would require vehicles to slow down and hold out cards one at a time for scanning. It was unclear when the final rules would be released.



Surveillance is so easy and so readily accepted. Trust, but verify?

http://news.yahoo.com/s/nm/20070423/od_nm/divorces_uk_investigators_dc;_ylt=Ah6WKXyBQd_G8n_8Cc9vXbXMWM0F
Use of private sleuths rising in divorces?

By Elena Moya 1 hour, 52 minutes ago

LONDON (Reuters) - Almost half of Britain's divorcing couples used a private investigator last year to confirm, or deny, their suspicions about their spouse cheating on them, accountancy firm Grant Thornton said on Monday.



The counter-trend

http://news.yahoo.com/s/ap/20070423/ap_on_hi_te/fon_time_warner;_ylt=AvjTbJ71AiMKhp3Ydllkz0LMWM0F

Time Warner customers get Wi-Fi hotspots

By JESSICA MINTZ, AP Business Writer 2 hours, 38 minutes ago



Age discrimination?

http://hardware.slashdot.org/article.pl?sid=07/04/23/2348249&from=rss

French Voting Machines a "Catastrophe"

Posted by kdawson on Tuesday April 24, @02:18AM from the nous-ne-nous-tenons-pas-dans-les- lignes dept. Input Devices Politics Technology

eldavojohn writes "The electronic voting machine has soured another election. Some French voters have reportedly turned away in disgust after facing up to two hours in lines to use the machines. Further, the article reports, 'Researchers at Paul Verlaine University in Metz said that trials on two of the three machines used in France showed that four people out of every seven aged over 65 could not get their votes recorded.' This article concentrates primarily on usability and efficiency, but surprisingly mentions little (aside from user trust issues) about the security embodied in the machines or whether it was satisfactory. I think all three aspects are important to anyone aiming to produce voting machines. The manufacturer of these particular machines is France Élection."



Good summation for those who have been asleep for the last few years....

http://www.bespacific.com/mt/archives/014648.html

April 23, 2007

President’s Identity Theft Task Force Releases Comprehensive Strategic Plan to Combat Identity Theft

Press release: "Attorney General Alberto R. Gonzales and Federal Trade Commission Chairman Deborah Platt Majoras today announced the completion of the President’s Identity Theft Task Force strategic plan to combat identity theft. The strategic plan is the result of an unprecedented federal effort to formulate a comprehensive and fully coordinated plan to attack this widespread and destructive crime. The plan focuses on ways to improve the effectiveness of criminal prosecutions of identity theft; enhance data protection for sensitive consumer information maintained by the public sector, private sector, and consumers; provide more comprehensive and effective guidance for consumers and the business community; and improve recovery and assistance for consumers."

Related Documents:

Combating Identity Theft: A Strategic Plan, Final recommendations released April 23, 2007



Sound familiar?

http://techdirt.com/articles/20070423/002025.shtml

Wait, There Are Good Internet Laws?

from the just-kidding... dept

Law professor Eric Goldman has written up an article where he wanted to list out the best and worst internet-related laws out there. Coming up with "good" ones turned out to be a challenge, with just the law banning new internet access taxes and section 230 of the CDA making the list. Of course, you could argue that the safe harbor afforded by section 230 (protecting sites from the actions of their users) is based on so much common sense that there shouldn't need to be a law to back it up. Of course, when it comes to the "bad" list, there were way too many to choose from. The DMCA makes a couple of appearances (for different parts) and there are some other blasts from the past as well. It's pretty frustrating to read through the list, in part because so many of the "bad" laws aren't just bad, but were obviously bad from when they were proposed. Lots of people have pointed out why those laws would do more harm than good, but so far, politicians don't seem interested in correcting the mistakes they made with them. They passed the laws so they could claim they stopped some "bad" thing from happening online, even if the law did no such thing. It would be nice if politicians were actually held accountable for the unintended consequences of their bad laws -- especially when those laws do little to actually achieve what they were proposed to do.

No comments: