Friday, August 24, 2007

Note to lawyers: Make encryption of any/all of your data a contract requirement with consultants.

http://www.pogowasright.org/article.php?story=20070823075821232

Laptop with NYC retirees finance data stolen

Thursday, August 23 2007 @ 08:06 AM CDT Contributed by: PrivacyNews News Section: Breaches

A laptop loaded with financial information on as many as 280,000 city retirees was stolen from a consultant who took the computer to a restaurant, city officials said. The private consultant to the city Financial Information Services Agency had access to personal data about members of various city pension systems, mayoral spokesman Jason Post said Wednesday. The consultant told authorities Monday the portable computer had been stolen.

Source - Associated Press



We're so techie we forget to manage our systems?

http://www.pogowasright.org/article.php?story=20070824053829583

Monster.com took 5 days to disclose data theft

Friday, August 24 2007 @ 05:38 AM CDT Contributed by: PrivacyNews News Section: Breaches

Monster.com waited five days to tell its users about a security breach that resulted in the theft of confidential information from some 1.3 million job seekers, a company executive told Reuters.

... It wasn't until Wednesday, a day after Symantec issued the August 21 report, that Monster put a notice on its Web site, www.monster.com, warning users they might be the target of e-mail scams.

Monster then announced on Thursday that the details of some 1.3 million job seekers had been stolen. Fewer than 5,000 of those affected are based outside the United States, it said in a statement.

Source - Reuters

Related - Monster.com's notice page



Making five days look good... (“We'll get to it when we get to it. Right now were on a coffee break.”) Note that he had no time to take corrective action, but plenty of time to identify, contact, negotiate with(?), contract with, explain the situation, and analyze (read?) their report.

http://www.pogowasright.org/article.php?story=20070823175734992

Website Lockdown: Is Two Years Too Long?

Thursday, August 23 2007 @ 05:57 PM CDT Contributed by: PrivacyNews News Section: State/Local Govt.

More than two years ago, Theresa Sanchez was surfing the McLean County Recorder's website when she came across some startling information. Sanchez says, "The search was real simple, you could do it by name, and I got all these documents that I wasn't expecting."

Information such as friends' tax documents, complete with social security numbers. Sanchez immediately emailed recorder Lee Newcom asking for solutions, like using "masking" software or shutting down the site altogether.

... The website was locked down Wednesday...or 29 months later.

Newcom told us he was too busy for an on-camera interview Thursday, but by phone he told us the more than two year time gap was "...a reasonable time frame in the sense that national experts told me it was not a grave danger and I was attempting to handle the problem in as timely a fashion as I could."

Newcom also says he is not the gatekeeper for the public safety, saying "The law does not say I'm supposed to protect this data, the law only says I am suposed to make this data public."

Source - CentralIllinoisProud.com



Just in case you thought all government workers were competent or rational...

http://www.pogowasright.org/article.php?story=20070823075946370

Oak Forest worker won't face charges for holding others' tax forms

Thursday, August 23 2007 @ 08:02 AM CDT Contributed by: PrivacyNews News Section: Breaches

An Oak Forest public works employee will not face criminal charges after being accused of holding W2 employment records for several hours last week. But the employee could be subject to discipline from the city. Oak Forest city administrator Steve Jones said police concluded their investigation this week and determined the employee didn't commit a crime.

Source - Daily Southtown

[From the article: Last week, public works employees were responsible for disposing a file cabinet in a Dumpster at city hall.

Officials said four employees checked the cabinet before dumping, and none found any sensitive documents.

When the file cabinet was dumped, an employee found several W2 records that fell out of a drawer.



Interesting. Tennessee is a bastion of legal thought?

http://www.pogowasright.org/article.php?story=20070823175448150

U of Tennessee student says RIAA subpoena violates federal privacy law

Thursday, August 23 2007 @ 05:54 PM CDT Contributed by: PrivacyNews News Section: Minors & Students

A University of Tennessee student is attempting to quash an RIAA subpoena issued as part of the music industry's war against on-campus file-sharing. Doe #28 is taking a different tack than other defendants have, arguing that providing the information sought by the RIAA would violate his right to privacy under the Family Educational Rights and Privacy Act.

... Doe #28's argument is that the information sought by the RIAA—name, current and permanent addresses, phone numbers, e-mail addresses, and MAC address—is part of his educational records. Since neither Doe #28 nor his parents have waived that right, the RIAA should not be given the information, argues the defendant's motion to quash the subpoena.

At most, the plaintiffs should be provided with Doe's name and current address, according to Doe #28. Providing more information would put the defendant and his parents in the position of "being subjected to unwarranted telephone calls and unsolicited mail which is unreasonable."

Source - ars technica



Roar Mouse Roar! (Isn't this an example of a trend toward “global law”?)

http://politics.slashdot.org/article.pl?sid=07/08/23/1553232&from=rss

Antigua May Be Allowed To Violate US Copyrights

Posted by kdawson on Thursday August 23, @01:09PM from the wagging-the-dog dept.

Skleed refers us to the NYTimes for an article on the high-stakes case the US is losing before the World Trade Organization. So far the US has lost an initial hearing and two appeals on its policies regarding Antiguan offshore gambling sites. Now the lawyer pressing the case has asked for a rarely invoked, but codified, recourse under WTO rules: letting Antiguans copy and distribute American music, movies, and software. The game may be to get Hollywood and Microsoft, et al., to pressure Washington to cut a deal. But their influence may not be sufficient to move lawmakers on the question of online gambling. From the article: "But not complying with the decision presents big problems of its own for Washington. That's because Mr. Mendel, who is claiming $3.4 billion in damages on behalf of Antigua, has asked the trade organization to grant a rare form of compensation if the American government refuses to accept the ruling: permission for Antiguans to violate intellectual property laws by allowing them to distribute copies of American music, movie and software products, among others."



Apparently it's not just in the high tech areas that people can't see what's in front of them...

http://www.infoworld.com/article/07/08/23/Cogent-cable-attacked-with-saw-and-gun_1.html?source=rss&url=http://www.infoworld.com/article/07/08/23/Cogent-cable-attacked-with-saw-and-gun_1.html

Cogent: Cable was attacked with saw and gun

Network blackout not caused by gunshot, as originally suspected

By Robert McMillan, IDG News Service August 23, 2007

Guns, saws, and some very dim-witted thieves were all apparently involved in a network blackout that affected Internet users, primarily in the northeastern United States, earlier this week.

Cogent Communications said Thursday that a cable cut that occurred near Cleveland on Sunday night was caused by a saw, not by gunshot as first thought, but technicians struggling to replace the cut cable used a replacement cable that had been shot.



A $4.5 Billion Oops?

http://techdirt.com/articles/20070823/120536.shtml

Mary Meeker's YouTube Math Misses The Mark

from the back-in-the-news-together dept

YouTube's new ad overlays continue to engender a lot of discussion about their potential impact on the online video market. One person who is quite optimistic about the program is the infamous (but still employed at Morgan Stanley) Mary Meeker, who estimated that the new system would add a staggering $4.8 billion to Google's top line. But, as none other than Henry Blodget points out, there's a little problem with Meeker's analysis (via Valleywag). She mistakenly took CPM to mean 'cost per impression' rather than 'cost per thousand', meaning that her estimate was off by a factor of 1,000. In other words, by her own logic, the new ad system will contribute lead to a modest $4.8 million revenue bump, which is nothing compared to the $1.65 billion Google paid for the site. Meeker has been covering this space for a long time, so it's hard to imagine that she really didn't know what CPM meant. Perhaps she was just trying to rush out a quick report on the topic and didn't take the time to look it over. But you'd still think that such a huge figure would give her some pause and make her question some assumptions before coming out with such a bold pronouncement.



Maybe we could lay a false patent trail and then ambush the ambushers?

http://techdirt.com/articles/20070823/121611.shtml

EU Tests Out Its New 'Patent Ambush' Antitrust Law On Rambus

from the patent-ambush-indeed dept

Rambus has been involved in a whole series of lawsuits concerning its patents. If you don't recall, the company has been accused of sitting in on meetings for a standards body and then modifying its patent applications to cover technology included in the standard. Of course, once the patents were granted and the standards were set, Rambus basically went after everyone demanding licensing fees. The case has gone back and forth over the years in courts and in the US Federal Trade Commission -- who ruled that these actions were a violation of antitrust law. Over in Europe, it seems that officials feel that this is the perfect test case for a new kind of antitrust violation: "patent ambush." It's nice to see regulators realizing that abuse of patents should be considered an antitrust violation. Hopefully we'll see more of that going forward. Rambus, of course, claims this is nothing new, but it can't be good for them. In the meantime, as always when we post about Rambus, we wonder how long it will take for the company's stock holders to trash us for daring to question the company. Last time we wrote something negative about the company we got an email saying that "the authorities" had been alerted to our post. We wonder if "the authorities" have been alerted about the awful things European Union regulators are saying about Rambus as well.


Meanwhile, in the US... This sounds almost impossible to me (without an inside whistle blower)

http://techdirt.com/articles/20070821/200443.shtml

Another Good Patent Ruling: Standard For Willful Infringement Raised

from the courts-are-coming-to-their-senses dept

Just last week, we were talking about how the fear of being accused of "willful infringement" was once again distorting the purpose of the patent system. If you're found willfully infringing, rather than just accidentally infringing, the damages can be tripled. For that reason, many companies now have policies telling employees that they are not to search through patents, as any indication that they saw a specific patent could potentially be used as evidence of willful infringement. However, there is some good news on this front. The Against Monopoly blog points out that a new appeals court ruling has raised the bar on what is considered willful infringement to the point where the accuser must show "clear and convincing evidence that the infringer acted despite an objectively high likelihood that its actions constituted infringement of a valid patent." It's interesting to see this ruling come out of CAFC, the appeals court that handles patent cases. The Supreme Court has been slapping down CAFC decisions left and right lately, suggesting that it's unhappy with CAFC's previously lenient position on patents. Perhaps the folks at CAFC have gotten the message.



Knee-jerk or plain old jerk? If the information is public, why can't we search it automagically? If the information is not public (or classified) why would it be on the web site?

http://news.com.com/8301-13578_3-9765451-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Feds use robots.txt files to stay invisible online. Lame.

Posted by Declan McCullagh August 24, 2007 5:00 AM PDT

I noticed, when writing a story on Thursday about the bizarre claims by National Intelligence Director Mike McConnell, that the DNI is trying to hide from search engines. Its robots.txt file says, simply:

User-agent: *

Disallow: /

That blocks all search engines, including Google, MSN, Yahoo, and so on, from indexing any files at the Office of the Director of National Intelligence's Web site. (Here's some background on the Robots Exclusion Protocol if you're rusty.)

So I figured it would be interesting to see what other fedgov sites did the same. I wrote a quick Perl program to connect to federal government Web sites, check for the presence of a broad robots.txt exclusion, and report the results. By way of disclaimer, it's the same database I used in an article from early 2006, so it's probably a bit out-of-date.

The government sites that mark themselves as entirely off-limits via robots.txt:

http://www.dni.gov/robots.txt
https://gits-sec.treas.gov/robots.txt
http://thomas.loc.gov/robots.txt
http://www.erl.noaa.gov/robots.txt
http://www.nwd.usace.army.mil/robots.txt
http://www.tricare.mil/robots.txt

Some government sites favor one search engine over another (Customs and Border Protection bans all non-governmental search engines except Google; one Army Corps of Engineers site bans Alexa's spider; the Ginnie Mae agency bans Google's image search bot but not, say, Altavista's; the Minority Business Development Agency completely bans all crawlers but Google's; and one Bureau of Reclamation site bans Googlebot v2.1 but allows MSN's bot):

http://cbp.gov/robots.txt
http://www.nad.usace.army.mil/robots.txt
http://www.ginniemae.gov/robots.txt
http://www.mbda.gov/robots.txt
http://www.mp.usbr.gov/

And here are some sites that seem to have had trouble with misbehaving Web crawlers in the past:

http://www.cdc.gov/robots.txt
http://www.glerl.noaa.gov/robots.txt
http://www.usbr.gov/robots.txt
http://www.onr.navy.mil/robots.txt
http://www.senate.gov/robots.txt
http://www.usdoj.gov/robots.txt

Now, I'm the last person to suggest that using robots.txt to cordon off subsets of your Web site is somehow evil. At News.com, we use it to tell search engines not to index our "email story" pages, for instance, and on my own Web site I use it as well. Blocking misbehaving Web crawlers is important and necessary. And robots.txt may be appropriate when a Web site's address changes, which seems to have happened in the case of the National Oceanic and Atmospheric Administration's site in the first chunk of examples above, or when it becomes defunct, which seems to have happened with the Treasury Department's "gits-sec" Web site above.

But why should entire federal offices like the Director of National Intelligence want to remain invisible online? I can think of two reasons: (a) avoiding the situation of posting a report that turned out to be embarrassing and was discovered by Google and (b) letting the Feds modify a file such as a transcript without anyone noticing. (There have been allegations of the Bush administration altering, or at least creatively interpreting, transcripts before. And I've documented how a transcript of a public meeting was surreptitiously deleted -- and then restored.)

Neither situation benefits the public. In fact, I'd say it calls for a friendly amendment to the Robots Exclusion Protocol: Search engines should ignore robots.txt when a government agency is trying to use it to keep its entire Web site hidden from the public.



Niches gets nicher? I suppose you could slice out a narrower area of law, but this illustrates how simple it is to appear as an “expert” on the Internet.

http://www.financevisor.com/market/news_detail.aspx?rid=58552

Texas Explosion Law Web Site Launch

August 24,2007 12:00 AM EST

Texas Explosion lawyers, Williams Kherkher, launch an explosion resource website to discuss the legal issues involved in explosion accidents.

Houston, TX (FV Newswire) - In reaction to a long-standing legal issue within the realm of personal injury law, the law firm of Williams Kherkher, based in Houston, Texas, has launched Web site specifically meant to provide information and insight into the issues that surround explosions.

The Web site's URL is Texas Explosion Lawyer, and it provides the following information to those who choose to visit:

1. Information regarding Texas explosion legal issues;

2. Information regarding the law firm of Williams Kherkher;

3. Suggestions on how to proceed if a person has suffered as a result of an explosion;

4. Ways to contact the Texas explosion lawyers at Williams Kherkher.



Scorecard!

http://www.bespacific.com/mt/archives/015800.html

August 23, 2007

U.S. Government Manual 2007-2008

U.S. Government Manual 2007-2008: "The official handbook of the Federal Government, provides comprehensive information on the agencies of the legislative, judicial, and executive branches."



Try this next time you are faced with a “unique” project.

http://www.technewsworld.com/rsstory/58946.html

Mind Mapping Goes 3-D With Personal Brain

By John P. Mello Jr. TechNewsWorld 08/22/07 6:05 AM PT

Called "Personal Brain," recently released in its fourth edition, TheBrain Technologies' latest mind mapping software is amazingly easy to use, especially considering the complexity of the tasks that it's handling.

... Personal Brain is offered in three flavors: free, core (US$149.95) and pro ($249.95) and will operate on computers running Windows, OS X and Linux.

No comments: