Sunday, June 17, 2007

Strange in so many ways...

http://www.caller.com/news/2007/jun/16/professor-loses-student-data/

Professor loses student data

By David Kassabian Saturday, June 16, 2007

A flash drive holding information on about 8,000 current and former Texas A&M University-Corpus Christi students was lost by a mathematics professor while on vacation in Madagascar, university officials said Friday.

The flash drive -- a thumb-sized memory data storage device -- may have contained Social Security numbers and other identifying information for students of all classifications and majors enrolled [Why did he have it? Why take it to Madagascar? Bob] during the spring, summer and fall of 2006, said Marshall Collins, assistant vice president for marketing and communications at the university.

... Sterba-Boatwright was using the information for a statistical study, and it wasn't immediately clear why he took the records with him on vacation or if a violation of university policy occurred, Collins said.

... Sterba-Boatwright returned to the United States during the weekend and told university officials shortly after arriving back in the country that he noticed the flash drive was missing, Collins said. University officials waited until Friday [traditional 'bad news' day Bob] to notify via e-mail students whose information may have been compromised because it wasn't immediately clear what may have been on the flash drive, he said.

"That is what took a while -- when someone says I cannot find a flash drive and I believe those files were on it, we had to re-create what they could be," [because we had no inventory! Bob] Collins said. "We can only go by what he's telling us."



Follow-up: Getting accurate information on a security breach sometimes seems harder than getting a politician to give you a straight answer... Oh, wait. We are trying to get a politician to give us a straight answer!

http://www.columbusdispatch.com/dispatch/content/local_news/stories/2007/06/17/DATAFOLO.ART_ART_06-17-07_A1_H271P45.html

Bank data on stolen tape

Ongoing analysis determines that governments, school districts among those who may be affected

Sunday, June 17, 2007 3:43 AM By Mark Niquette THE COLUMBUS DISPATCH

Bank-account information for local governments, school districts and certain state employees and vendors was among the data on a computer backup tape stolen from an intern's car last week, Gov. Ted Strickland announced yesterday.

The stolen tape also contains bank-account numbers for Medicaid providers, retirement account numbers for teachers, plus Social Security numbers for more than 75,000 dependents of state employees, the governor said.

And there could be more: Strickland said the state knows other sensitive data is on the tape and an analysis continues. [...we don't bother inventorying this stuff, because it's not important ... Bob He has scheduled a news briefing today to report any new findings.

... Strickland continued to say yesterday that there is no evidence the data has been used, and that it's unlikely the tape could be accessed without specialized knowledge or equipment.

... Greg Knieriemen, vice president of Chi Corp., a suburban Cleveland company that specializes in data storage, backup and protection, said any protocol sending backup copies home with an employee is "way out of date."

Knieriemen, whose firm's clients include the state of Nevada and Ohio State University, also disputed Strickland's claim that it would be difficult to access personal information on the stolen tape. Without a high level of encryption, the information on the tape could be readily retrieved, he said.

"Everything that's tape-formatted, if it's not encrypted, can be read by basic computer software," Knieriemen said. "If it wasn't encrypted, (Strickland's) statement is pretty much a stretch."

The state has confirmed that the data on the stolen tape is not encrypted, and Strickland has issued an executive order calling for the development of a new protocol to encrypt sensitive data.



Wasn't this obvious?

http://www.pogowasright.org/article.php?story=20070617040858729

Analysis: Privacy, Security, and the Regional Health Information Organization

Sunday, June 17 2007 @ 04:08 AM CDT Contributed by: PrivacyNews

Regional health information organizations (RHIOs), which promote electronic exchange of patient information among participants, are grappling with a variety of privacy and security issues as they evolve. This study, based on a literature review, interviews, and an informal survey, examines some of the key issues that nine RHIOs encountered and their strategies for managing them.

The study found that privacy and security challenges are surmountable. A RHIO’s unique characteristics—the types of data shared, who participates, and its specific needs and priorities, among others—influence how an exchange addresses these challenges. Solutions are diverse and evolving.

The study also found that consumers play a limited role in privacy and policy decisions, even though they are important RHIO constituents. [Is this bad management? Bob] RHIOs could benefit from the experiences of and collaboration with others, and policymakers can help RHIOs navigate privacy and security issues and move toward sustainability.

Source - California HealthCare Foundation Related - Download Report [pdf]

(Props, Australian Health Information Technology) (blog)



Interesting legal strategy? Lots of legal responses suggested in the comments...

http://yro.slashdot.org/article.pl?sid=07/06/16/1940231&from=rss

Student Blogger Loses Defamation Case

Posted by kdawson on Saturday June 16, @05:47PM from the small-claims-is-a-bear dept.

An anonymous reader writes to tell us about Yaman Salahi, a UC Berkeley student and blogger, who lost a lawsuit brought against him by Lee Kaplan, a journalist for FrontPageMag.com. Kaplan had sued Salahi in California small claims court for tortious business interference and libel, in response to a blog Salahi had set up about him called "Lee Kaplan Watch." Salahi lost in small claims court and then lost an "appeal" — which is essentially a retrial by another small-claims judge. No written opinion was offered with either decision, though all other court filings are available. From Salahi's update on his blog:

"...because [Kaplan] sued me in small claims court, I did not have the protections of the anti-SLAPP [Strategic Lawsuits Against Public Policy] statute... I will never know why I lost the initial hearing, or why I lost the appeal, because small claims judges are not obligated to release written opinions with their rulings.... I will never have the opportunity to take this to a real appellate court where my first amendment rights might be protected."



What have we been saying? (I think they might have a slight case of Google-hate going on here too)

http://blog.wired.com/27bstroke6/2007/06/torrentspy_case.html

TorrentSpy Case Shows Privacy Policies and Practices Protect Companies, Too

By Ryan Singel Email June 14, 2007 | 5:48:55 PM

A recent court ruling regarding the server logs of a torrent search engine makes it clear that privacy policies and privacy practices protect users and companies alike, a lesson that Google should have learned in its case against the government but has not.

TorrentSpy, a BitTorrent search and tracker hosting site, is being sued (.pdf) by Hollywood moviie studios for allegedly enabling and encouraging people to illegally trade copyrighted material. Hollywood's lawyers wants the company to turn over its server logs as part of the discovery process, but the site says it doesn't keep logs.

However the presiding federal district court judge ordered the company to begin saving their logs since the company's servers 'save' the logs in RAM memory for about 6 hours before the info is tossed or overwritten. Essentially the magistrate judge Jacqueline Chooljian of California's Central District is ordering the company to hold onto information it normally decided to toss as part of its privacy policy promises to its users. The ruling is the first to say that temporary server logs count as electronic evidence under new court rules about electronic data that went into effect in 2006.

... A strong privacy policy won't keep a judge from ordering a company to log data, but it is a strong deterrent to such an order since one can argue it will destroy your user's trust. TorrentSpy included language which said that the privacy policy could change at any time. A policy that included categorical language such as we will never turn IP address information over to anyone would have held up way better in court.

But most importantly, TorrentSpy's practice of not keeping server logs is the best protection they could have given their users.

Google could easily do something similar. For instance on the user sign-up page, instead of opting user's in to a Web tracking system, they could offer a range of options -- from "Keep my data for 18 months" to "Clean out my data weekly. I'm not interested in personalization." It's technically very simple for Google to implement via a series of scheduled comparisons of user preferences against logs, but they seem wholly uninterested in being a privacy leader. For evidence of that, one need to look no farther than its unwillingness to tell the public how often it is subpoenaed and the fact that the company has no chief privacy officer.



Interesting. Will reporters attempt to identify who is paying for videos like these? A possible new form of “attack ad?”

http://www.technewsworld.com/rsstory/57878.html

Obama Groupies, Image Control and the Veracity of Viral Video

By Christi Parsons and John McCormick Chicago Tribune 06/17/07 4:00 AM PT

An unauthorized -- and racy -- YouTube music video promoting presidential candidate Barack Obama has put his camp in an odd position. A woman dances half-naked while lip-syncing Obama's praises, and she's also warmly kissing his photograph, yet another reminder that candidates have less and less control of their own images and messages when everybody has bandwidth.

Young people can make a difference in politics, Sen. Barack Obama says in a new campaign video, by speaking up about "the things that are making you passionate."

Elsewhere on YouTube, a very scantily clad young woman is doing exactly that -- in an unauthorized music video about her "Crush on Obama" that features her pole-dancing in a subway car and wearing a pair of "Obama" shorts that barely contain her enthusiasm for politics.

Word of the new music video was spreading swiftly on the Internet Thursday, and, with more than 55,000 views after less than a day, [55.001 Bob] it was on its way to becoming one of the site's most popular clips.

Thanks, I Guess?

The music video, the launch gimmick of a new political Web site, barelypolitical.com, put the Obama camp in an odd position. True, the woman in the music video is clearly declaring Obama "the best candidate," arguably a message they'd like to see going viral on the Web.

Trouble is, she's half-naked while lip-syncing Obama's praises, and she's also warmly kissing his photograph, yet another reminder that candidates have less and less control of their own images and messages when everybody has bandwidth.

To be sure, the campaigns are happy to use venues like YouTube as low-cost alternatives to expensive television ads and mailings. However, when the barrier to entry is as low as the click of a mouse, there's no way for them to control where their images go or how they are used.

Controlling the Narrative

Just ask Democratic Sen. Hillary Clinton, who watched in March as a video spread across the Web depicting her as an Orwellian tyrant in a reprise of the 1984 Apple ad. Republican Sen. John McCain got his, too, with a video in which he sang "Bomb Iran" to the tune of "Barbara Ann."

While a video of former Sen. John Edwards perfecting his hair for a mirror was making the rounds, his latest talk about poverty got a little lost in the noise.

"This is definitely a sign of the emerging of the grass roots," said Democratic consultant Jenny Backus, who is not working for any of the presidential candidates. "Campaigns can't control their own narrative all of the time anymore."

In addition, such "volunteer" Internet videos are free of the strict standards that apply to political ads on radio and television. The Federal Election Commission in 2006 decided it would regulate only paid political ads on the World Wide Web, saying that "the vast majority of Internet communication" would be free from campaign finance regulation.

That leaves the Web as the hottest place for stealthy operations working outside the official campaign command.

Genuine Admiration

In this case, some political strategists say, those within the age demographic who would typically pass along and seek out the "Crush on Obama" video are probably inclined to like it and not find it offensive.

A generation raised on MTV is arguably less likely to respond to an old-school political ad than to one that looks more like a Pussycat Dolls video featuring Timbaland.

Ben Relles, 32, one of the music video's creators, said he's a big Obama fan but that he and a friend put the piece together mainly for the pleasure of it.

He said the effort was not coordinated with the Obama campaign and that his intent is not just to sell merchandise.

"It's mostly for fun," he said, between appearances Thursday on MSNBC and Fox News.

Relles said the video cost about US$2,000 to create.

... For voters under 30, said one Democratic media strategist, videos made by unpaid volunteers are the equivalent of the old-fashioned neighbor-to-neighbor recommendation over the back fence. They're proliferating like viruses on the Web.

... In this case, the Obama team wants it to be clear that it had nothing to do with the video, but they're not objecting to the product placement, either.

... Obama's team is making its own YouTube play this week. A video featuring him talking into the camera for two minutes and asking for volunteers to send in recordings of their work was also one of the top-watched videos Thursday.

"Send us your stories," Obama says on the video. "And what we hope to do is over the next several months to stitch together these stories to illuminate for the entire country how this next generation wants to grab the baton and lead us forward."

Some supporters are taking that exhortation more seriously than others.



Research tool?

http://www.bespacific.com/mt/archives/015146.html

June 15, 2007

Chronicling America Site Now Offers 310,000 Newspaper Pages

Press release: "Program to Put Digitized Newspapers Online Makes Eight Awards - "Approximately 310,000 digitized newspaper pages, dating from 1900 to 1910, are now accessible through the Chronicling America Web site... New features in Chronicling America include: 80,000 pages have been added (including 11 new titles); The page display has been revised. Adobe Flash Player is no longer needed for viewing; Persistent links are now displayed for every title record and page view; The persistent link enables a user to always return to the same place on the site, and it can be used for citations and hyperlinking to specific newspaper pages or newspaper title information; and Searches can be saved."



Equipping America to spy on itself! (Clearly, all phones could do this and probably will in a few months...)

http://www.nytimes.com/2007/06/14/technology/14phone.html?ex=1339473600&en=1243e21678e2244f&ei=5088&partner=rssnyt&emc=rss

A Phone for the Sly Can Record Calls and Store Them on a Computer

By ROY FURCHGOTT June 14, 2007

... The phone, which makes calls over the Internet, can record your calls and save them on the hard drive of your computer.

... Of course, secretly recording calls is illegal in many states, which the Free.2 addresses by posting a warning on the screen of the other person’s computer (or inserting an occasional beep on calls to phones), alerting people that they are being recorded.


Related. A tool for instant justice, I love it!

http://www.newlaunches.com/archives/new_system_detects_calls_while_driving.php

New system detects calls while driving

Statistics show that driving while talking on the cell phone increases the chance of an accident by 400%. Though speaking on the cell phone while driving is not a crime in many states as of yet taking into consideration the statistics it will eventually be banned in all the states. A new company Highway and Safety control is releasing a device to automatically detect drivers talking on their cell phones. [I wonder how it knows it isn't the passenger? Bob] Instead of police officer needing to observe a cellphone in use, the system automatically detects a cell phone call and records which car was making the call. Already in use in a few European countries the system will make it to the US this fall it is designed to detect, identify and cite drivers who break cell phone us laws." . The company attaches a paint gun to mark the car, or even an EMP gun that can disable the offending cell phone. [Could we upgrade to a bazooka? Bob]


Ditto Remember this next time someone “helps” you set up your computer... Good overviwe of “what's possible”

http://digg.com/tech_news/Stalking_2_0_The_Websites_that_Track_Your_Every_Move_Voluntarily

Stalking 2.0: The Websites that Track Your Every Move (Voluntarily!)

So, you don ’t mind being followed and tracked? You don’t care if your friends can see what websites you’ve been to lately, what software you’ve been running, or even what music you’ve been listening to? Below, we round up 12 services that want to track your every move - voluntarily.

http://mashable.com/2007/06/16/stalking2/

No comments: