Saturday, November 17, 2007

Rather than one lawsuit, we should have 26.5 million?

http://www.pogowasright.org/article.php?story=2007111618403785

Vets can sue VA over stolen laptop

Friday, November 16 2007 @ 06:40 PM EST Contributed by: PrivacyNews News Section: Breaches

The massive VA data breach affecting 26.5 million veterans and others in May 2006 resulted in a number of lawsuits which are still working their way through the courts. Today, U.S. District Judge James Robertson ruled that lawsuits filed by veterans against the government may go forward.

A number of veterans and veterans' organizations had filed suit, seeking class action status. In today's ruling, Judge Robertson held that only individuals may sue. According to an Associated Press account, he also threw out claims of constitutional violations and said the theft did not qualify as an "unauthorized disclosure" under the Privacy Act [Perhaps we need a new term: Negligent Disclosure or Disclosure by Bad management? Bob]

Source - Associated Press



Not clear if he stole them or they came from one of the other VA data spills...

http://www.pogowasright.org/article.php?story=20071116204433444

CA: Man arrested in theft of 1.8 million Social Security numbers from veterans

Friday, November 16 2007 @ 08:44 PM EST Contributed by: PrivacyNews News Section: Breaches

A man who purchased $5,600 in jewelry at a store in Tustin using three fraudulent credit cards, one belonging to actor Marlon Wayans, was arrested Thursday in Los Angeles after a months-long investigation, said Tustin police Lt. John Strain.

The investigation also uncovered from his home computer about 1.8 million Social Security numbers from the U.S. Department of Veteran Affairs, where Kim had been employed as an auditor. Veterans Affairs' officials have said only 185,000 numbers are at risk because many were repeated in the file.

Source - Orange County Register

[From the article:

Kim had worked at the Veteran Affairs office since 2003 when he was a student at USC but quit in February of this year when he discovered a background check would be conducted.



This happened in Ohio, where the theft of a laptop (from an employee's vehicle) was headline news for months. Apparently these auditors can't read.

http://www.pogowasright.org/article.php?story=2007111701215244

OH: Laptop with workers' personal information stolen from auditors

Saturday, November 17 2007 @ 01:21 AM EST Contributed by: PrivacyNews News Section: Breaches

A laptop stolen from a Kettering auditing firm contained personal information on employees of up to 10 businesses, including Springfield-based Ohio Masonic Home, officials said Friday.

Battelle & Battelle LLC (sic) would not disclose the number of individuals affected by the theft but Masonic Home officials said 600 of its employees' information was stored in the laptop.

Battelle was conducting the home's pension plan audit when the laptop was stolen last month from an employee's vehicle.

Source - Dayton Daily News



“Judge, it's simple. You gots your first class citizens – those who can see anything we have and then you gots your second class citizens who can't.”

http://www.pogowasright.org/article.php?story=20071116112534364

NH: Judge doubts basis of voter data law

Friday, November 16 2007 @ 11:25 AM EST Contributed by: PrivacyNews News Section: In the Courts

A Merrimack County judge said yesterday that she is "struggling" to understand the basis for a new law that allows the state to sell detailed voter data only to the major political parties. The Libertarian Party has filed suit asking the court to strike down the law as unconstitutional.

The attorney general's office argued at a hearing yesterday that the state's interest in protecting voter privacy allows it to limit who can buy the data. The file includes a voter's party registration history and year of birth.

Source - Concord Monitor


...as long as we're talking about who can see your data – here's the future. (At present, only all the advertisers can see this information.)

http://www.pogowasright.org/article.php?story=20071116163816732

More On the Law Blog’s Facebook Foray

Friday, November 16 2007 @ 04:38 PM EST Contributed by: PrivacyNews News Section: Internet & Computers

Earlier this month we posted on the legal privacy issues raised by Facebook’s new “Facebook Ads” strategy, in which it will attach names and photos of Facebook users to ads for products they like.

[...]

Well, get this Law Blog Facebook experience. Last Sunday the Law Blog purchased three tickets to “Bee Movie” on Fandango, the movie site. After we did this, Facebook automatically updated our profile to say, “Peter bought ‘Bee Movie’ on Fandango.”

Source - Wall Street Journal Law Blog

(Props, Concurring Opinions)


Here's how the Feds say they will share information...

http://www.pogowasright.org/article.php?story=20071116181259181

US Government Releases Information Sharing Privacy Principles

Friday, November 16 2007 @ 06:12 PM EST Contributed by: PrivacyNews News Section: Fed. Govt.

Via EPIC.org:

The US government has released its "National Strategy for Information Sharing." The strategy describes information sharing between state and local governments, the private sector and foreign governments, and includes the administration's "core privacy principles" for protecting privacy. Privacy guidelines, developed by the Attorney General and Director of National Intelligence, are built on these core principles.

Source - National Strategy for Information Sharing
Related - EPIC's page on Fusion Centers



Can software void a contract (also see next article)

http://techdirt.com/articles/20071115/181511.shtml

Cox Jamming Traffic Just Like Comcast

from the always-good-to-be-second... dept

You didn't think Comcast was the only company jamming certain types of traffic, did you? With all the heat on Comcast, it's no surprise that others are being discovered as well. For example, people are now noticing that cable provider Cox is using a very similar method to jam bittorrent uploads. It's too bad to hear this from a cable company that prided itself on actually being consumer friendly. Perhaps that means that Cox will actually admit to what it's doing, unlike Comcast. Of course, it also probably helps Cox that it wasn't the first one called out on this. Just like Sony took all the heat for the rootkit, even though the same rootkit was also found on CDs from other labels, it's likely that Comcast will take most of the heat for its bittorrent jamming.



Interesting question with examples...

http://www.securityfocus.com/columnists/458?ref=rss

Aye, Robot, or Can Computers Contract?

Mark Rasch, 2007-11-16

A contract is usually described as a "meeting of the minds." One person makes an offer for goods or services; another person sees the offer and negotiates terms; the parties enter into an agreement of the offer; and some form of consideration is given in return for the provision of something of value. At least that's what I remember from first year law school contracts class.

... Take for example, the recent case of Ticketmaster L.L.C. v. RMG Technologies, Inc., (U.S.D.C., Central District of California, October 16, 2007.) Ticketmaster, like many other Web sites has a "Terms of Use" that you must agree to before they will allow you to directly enter their Web site. These terms allow people to access the site only for non-commercial purposes, and do not permit the use of "automated devices" to access the service. Both the terms of use and certain technological measures are intended to prevent people from accessing the site more than once every three seconds and to limit the number of tickets that can be purchased during any individual visit.

The defendants, RMG, created a tool they called the "Ticket Broker Acquisition Tool" (TBAT) that would repeatedly visit the Ticketmaster site to acquire tickets from the site. Despite a lack of direct evidence that proved the defendants personally visited the Web site, or agreed to the terms of use, the court found that the nature of the tool itself made the defendant liable for the "infringing" cache copies of the Ticketmaster site which were copied by the tool. The court found that it was "highly likely" that the defendants received notice of the terms of use "by actually using the Web site."



Towards a completely virtual business model

http://www.roughtype.com/archives/2007/11/look_ma_no_serv.php

Look, ma, no servers

November 16, 2007

Robert Scoble notes the rise of "the serverless Internet company" that can launch and run a webwide business through the window of a browser. He writes of a recent conversation he had with Max Haot, the CEO of Mogulus, a site that lets people produce and broadcast video programs:

At one point Max seemed like he was joking around with me when he told me “we don’t own a single server.” I asked him FOUR more times to make sure I heard him right ... He nicely and calmly explained that, yes, every server the company owns is actually running on Amazon’s S3 and EC2 services.

... What's particularly noteworthy about Mogulus is that it shows how layers of utility computing services can be built atop a single shared infrastructure. Mogulus runs its business by drawing on computing and storage services provided by Amazon Web Services, allowing it to avoid any capital investment in computing gear. And then Mogulus offers a set of sophisticated computing services to its own customers, including video editing, storage, and transmission, that until recently would have themselves required big investments in expensive software and hardware.



Amusing, but likely to become increasingly common.

http://www.news.com/Police-Blotter-Can-a-cell-phone-camera-intimidate-a-witness/2100-1028_3-6219061.html?part=rss&tag=2547-1_3-0-5&subj=news

Police Blotter: Can a cell phone camera intimidate a witness?

By Declan McCullagh Story last modified Fri Nov 16 14:16:15 PST 2007

What: Massachusetts defendant acts like he's taking a photograph of an undercover officer with a cell phone camera.

When: Massachusetts appeals court rules on November 15.

Outcome: Defendant is found guilty of additional criminal offense of witness intimidation.

What happened, according to court documents and other sources: On December 1, 2004, David Casiano was on trial, facing criminal charges relating to drug possession, when he noticed that an undercover police officer was present to testify against him. With camera-equipped cell phone in hand, Casiano exited the court room and acted as if he was taking photographs of the undercover officer and other police officers who were in the hallway outside.

Those officers complained to the judge, who ordered that the phone be confiscated. Casiano was reported saying, after his phone was seized: "What do you think I am...stupid? [Yes, actually. Bob] I already e-mailed the pictures to my house before you took the phone."

A court officer who was asked to inspect the cell phone could not find any photographs of either the undercover officer or any of the other police officers, and couldn't even determine whether the phone was capable of sending e-mail messages.

That led Casiano, 37, to be additionally charged with witness intimidation. (A local news report says he pleaded guilty to and went to jail for trespassing charges related to his original drug charges. Court records say the jury returned a not-guilty verdict on the original drug charge.)

During his subsequent trial on the witness intimidation charge, Casiano essentially invoked the I-was-just-kidding defense. He produced an affidavit from T-Mobile saying his cell phone wasn't even operational on the day of the incident. But the judge rejected it, saying the affidavit was not relevant, apparently on grounds that the threat of a photograph was what mattered. Casiano was found guilty, and he also lost on appeal.

No comments: