Tuesday, June 26, 2007

Note: Someone actually looked at this contractor's security. When they found a problem, someone took action! Contrast this with the credit card industry “audits” of TJX. Also, contrast this with the next article...

http://www.iht.com/articles/ap/2007/06/25/europe/EU-GEN-Germany-US-Patient-Data.php

U.S. Air Force says contractor's server had inadequate security, shut down

The Associated Press Monday, June 25, 2007

BERLIN: The U.S. military said Monday that a contractor's computer server used to process data from Air Force hospitals in Europe was found to have inadequate security, but there was no indication that any information had been compromised.

The contractor "found out about this during a routine inspection and then shut down the server," said Capt. Erin Macri, a spokeswoman for U.S. Air Forces in Europe.

"There was no breach and no information was lost, but because of changes to the privacy law we are obligated to inform the patients," [Is this true? Bob] she said. The name of the contractor was not released.

The computer server contained personal information of patients, including names and social security numbers. About 8 percent of patients who received care from USAFE medical facilities over the past two years had personal information on the server.

Individual notifications are under way for between 2,000 and 5,000 patients, Macri said.



What were they thinking? The ostrich is the best model for security managers to follow?

http://toledoblade.com/apps/pbcs.dll/article?AID=/20070625/NEWS24/70625016

Workers’ comp bureau admits to stolen information problem in the State's 2nd personal data compromise incident

BY JIM PROVANCE BLADE COLUMBUS BUREAU

COLUMBUS — For the second time in a month state officials have announced that personal information of Ohioans has been compromised by the theft of computerized data from a state employee.

Officials with the Ohio Bureau of Workers’ Compensation revealed this morning that a laptop computer stolen from the home of an employee nearly a month ago contained the names, Social Security numbers, and potentially the medical information of 439 injured workers.

... The BWC computer had been reported stolen more than two weeks before the bureau began to investigate what information it might have contained. That review was triggered only by the revelation that the state had a much bigger problem with the theft on June 10 of a backup data storage device containing personal information of what was believed then to be tens of thousands of Ohio employees.

I was concerned that there didn’t appear to be internal sensitivity around the urgency of what was on that computer,’’ said BWC Director Marsha Ryan, who said she wasn’t told of the May 30 theft until June 15.

... The bureau had no policy on how to respond to the theft of a laptop computer, but is developing one now.

... He said the laptop was the only item of significance taken in the May 30 burglary of the auditor’s home. The theft was reported to Columbus police and to the employee’s supervisor. Ms. Ryan was told when Gov. Ted Strickland held a press conference more than two weeks later to announce the much larger theft of a backup data storage device from the car of an intern.

... Mr. Strickland was told of the BWC laptop problem four days after his June 15 press conference, Mr. McCarthy said.

... The information on the stolen BWC laptop was password protected, but not encrypted. Some of the information contained on the laptop was deemed public information until the passage of recent legislation, Mr. McCarthy noted. Social Security numbers, however, were never considered to be public.



A new class action trend?

http://news.enquirer.com/apps/pbcs.dll/article?AID=/20070626/BIZ01/706260316/1076/BIZ

5/3 faces privacy suit

Lawyer says bank made improper credit inquiries

BY JON NEWBERRY | JNEWBERRY@ENQUIRER.COM

As Bellevue lawyer Steven Shane figures it, Fifth Third Bank has improperly accessed the credit information of thousands of consumers - including himself - so he's asking a federal judge to certify a class-action lawsuit against the bank for invading their privacy.

As evidence, Shane cites a handful of his clients' credit reports from the TransUnion credit agency, each indicating a credit inquiry in April 2006 by a Fifth Third office outside Chicago.

By law, a lender isn't allowed to access someone's credit information without a legitimate purpose, Shane said. He contends that Fifth Third broke the law because none of his clients named in the lawsuit had an active credit relationship with the bank.

... Shane is now seeking to add new plaintiffs after his office assistant noticed the same kind of inquiries - on the same date, by the same Fifth Third office - on the TransUnion credit reports of other clients.

... Since his clients otherwise have no connection, he figures that Fifth Third must have conducted thousands of such reviews. He wants the lawsuit certified as a class-action on behalf of other consumers who might not know.

... "If Fifth Third can do it, what's to prevent some other stranger from doing it?" he asked.



A logical response. We are not their customers...

http://www.usatoday.com/money/perfi/credit/2007-06-25-credit-freeze-usat_N.htm

Credit bureaus fight consumer-ordered freezes

By Byron Acohido and Jon Swartz, USA TODAY

... The CDIA has been scrambling for two years to get federal lawmakers to defuse the onrush of state laws empowering consumers to freeze access to their credit histories to prevent identity theft. It spent a record $1.4 million on federal lobbying in 2006, nearly double what it spent in 2004, according to the Center for Responsive Politics.



I'm not sure which of these drives us toward ubiquitous surveillance... Perhaps several? I will be interesting to see this expand over time. Might make an interesting research paper.

http://www.albrechtslund.net/index.php/?p=111

21 perspectives on surveillance

June 13, 2007 on 2:27 pm |

My good friend and colleague, Malene Charlotte Larsen, has produced an interesting list of perspectives on social networking. To me, it seems like a good way to get an overview of a given subject and I would like to do something similar for surveillance. So, from the top of my head, an open-ended taxonomy of surveillance perspectives:

... 17 The existential perspective

Surveillance is a part of human existence, both as watching and being watched, and it is therefore a key concept in understanding human life.



Can you say: “Potential for abuse?”

http://www.infoworld.com/article/07/06/25/Nexidia_1.html?source=rss&url=http://www.infoworld.com/article/07/06/25/Nexidia_1.html

Nexidia to roll out accent analyzer

Tool can be used before signing on with offshore customer service supplier

By Ephraim Schwartz June 25, 2007

Phonetic technology provider Nexidia will announce on Tuesday Language Assessor, an application that can test the verbal proficiency of non-native speakers. [Instantly identify illegal aliens? Bob]

... Language Assessor will use the same PSE technology to test speakers by identifying and rating the clarity of their pronunciation of words, phrases, proper names, slang, and nonstandard grammar patterns. [You sir are a foreigner... I'd say New Jersey. Bob]

Because there are a finite number of phonemes in any speech, Language Assessor is easily ported to languages other than English. [The French will order thousands, so they know who to mock! Bob]



Always an interesting mind...

http://www.ala.org/ala/washoff/washevents/woannual/annualconfwo.cfm

Former FISA Court Chief Judge Speaks in Open Session

On June 23, former Chief Judge of the Foreign Intelligence Surveillance Court Royce Lamberth spoke in an open session about the inner-workings of the secretive court and how it has changed since passage of the USA PATRIOT Act of 2001 at the American Library Association’s 2007 Annual Conference.

... Click To Play - Runtime: 1:08



Research/Perspective

http://www.bespacific.com/mt/archives/015245.html

June 24, 2007

Online Source of Consolidated Acts and Regulations of Canada

Online Source of Consolidated Acts and Regulations of Canada: "Welcome to the Department of Justice’s new Laws Web site. This new site is the result of the conversion to a completely new technical environment for consolidating federal Acts and regulations. The new environment makes it possible to update the data more frequently than was possible in the past and to provide several new features. The site has also been reorganized to provide a consistent and intuitive navigation model."



A simple recommendation: If you are thinking about purchasing a new application, try a few of the free ones first. You may find exactly what you need.

http://www.osalt.com/

Find open source software alternatives to well-known commercial software

Find alternatives for iTunes -> Amarok or Banshee

Or check-out Microsoft Access, Autocad or Norton Ghost on your own.

Recently added commercial software: Citrix, ACDSee and Final Cut Pro.

Our mission is to provide easy access to high quality open source alternatives to well-known commercial products. And remember that open source software is also a freeware alternative.



RSS is one of those technologies you will eventually use. Here is a great collection of tools.

http://mashable.com/2007/06/11/rss-toolbox/

The Ultimate RSS Toolbox - 120+ RSS Resources

June 11, 2007 — 11:35 PM PDT — by Stan Schroeder


...and for those with talent...

http://mashable.com/2007/06/23/photography-toolbox/

90+ Online Photography Tools and Resources

June 23, 2007 — 09:45 AM PDT — by Mashable Team

No comments: