Thursday, November 22, 2007

When you are a surveillance state, someone holds the data you gather. (Planning to surveil is not the same as planning to safeguard the data gathered.)

http://www.pogowasright.org/article.php?story=20071122051952428

UK: 2,111 data disasters blamed on disc row bunglers

Thursday, November 22 2007 @ 05:30 AM EST Contributed by: PrivacyNews News Section: Breaches

THE bungling Government department responsible for losing 25 million people's personal details in the post was hit by more than 2,100 reported breaches of security in the past year alone.

And 41 laptops – many containing sensitive financial details relating to members of the public – were stolen from employees at HM Revenue and Customs (HMRC) over the last 12 months, demolishing any notion that the loss of two computer discs containing the details of child benefit claimant was a "one-off" error.

HMRC's record of data losses came to light as it emerged that the National Audit Office (NAO), to which the HMRC was sending the discs, specifically asked for many sensitive details to be filtered out and not sent to it.

But HMRC officials refused to separate the details the NAO wanted to audit from those it did not need – like parents' names and bank details – because it would be "too burdensome" and costly to separate them. [This was true in Shakespeare's time... Bob]

Source - Yorkshire Post



This may be worth following. It simply extends the logic we want applied to organizations... (Add this to the potential cost of identity theft?)

http://www.pogowasright.org/article.php?story=20071121152103579

Strange Case Takes Identity Theft to New Level

Wednesday, November 21 2007 @ 03:21 PM EST Contributed by: PrivacyNews News Section: In the Courts

Imagine having your identity stolen -- and then someone uses your personal information to commit a crime. Sound bad enough? Then imagine you get sued for not protecting your own identity.

Those are the allegations in a lawsuit filed in Clark County. This case is taking some of the issues surrounding identity theft to a new level.

Source - LasVegasNow.com



You can read this book online....

http://www.bespacific.com/mt/archives/016609.html

Engaging Privacy and Information Technology in a Digital Age

Engaging Privacy and Information Technology in a Digital Age, James Waldo, Herbert S. Lin, and Lynette I. Millett, Editors, Committee on Privacy in the Information Age, National Research Council.

  • "Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly boundaryless options for collecting, saving, sharing, and comparing information trigger consumer worries. Online practices of business and government agencies may present new ways to compromise privacy, and e-commerce and technologies that make a wide range of personal information available to anyone with a Web browser only begin to hint at the possibilities for inappropriate or unwarranted intrusion into our personal lives. Engaging Privacy and Information Technology in a Digital Age presents a comprehensive and multidisciplinary examination of privacy in the information age. It explores such important concepts as how the threats to privacy evolving, how can privacy be protected and how society can balance the interests of individuals, businesses and government in ways that promote privacy reasonably and effectively? This book seeks to raise awareness of the web of connectedness among the actions one takes and the privacy policies that are enacted, and provides a variety of tools and concepts with which debates over privacy can be more fruitfully engaged. Engaging Privacy and Information Technology in a Digital Age focuses on three major components affecting notions, perceptions, and expectations of privacy: technological change, societal shifts, and circumstantial discontinuities. This book will be of special interest to anyone interested in understanding why privacy issues are often so intractable."



Another resource?

http://www.bespacific.com/mt/archives/016605.html

November 21, 2007

Breaking Down Digital Barriers: When and How ICT Interoperability Drives Innovation

This series is a project of the Berkman Center for Internet & Society at Harvard Law School and Research Center for Information Law at University of St. Gallen. Authors, John Palfrey and Urs Gasser.



and yet another...

http://www.bespacific.com/mt/archives/016601.html

November 21, 2007

Intelligence Guide Available on CD-ROM

The U.S. Department of Justice's (DOJ) Office of Community Oriented Policing Services (COPS) has released "Law Enforcement Intelligence: A Guide for State, Local, and Tribal Law Enforcement Agencies CD-ROM." This guide is an electronic version of the 2004 print publication. The guide is targeted to managers, supervisors, and officers tasked with developing or reinvigorating their intelligence function. The CD also includes other related documents such as The National Criminal Intelligence Sharing Plan (NCISP) and Fusion Center Guidelines. For more information on COPS and other resources provided by COPS, please visit the COPS Web site.



Substitute “test” for “Violate” and I like the idea! (Discounts for good security?)

http://techdirt.com/articles/20071121/164444.shtml

Is It A Good Idea To Violate The Security Of Your Customers If They're Security Ignorant?

from the asking-for-serious-trouble dept

Rich Kulawiec writes in to point out that security expert Dan Geer is suggesting that merchants violate the security of customers they deem as security risks. His argument is, basically, that there are two types of users out there: those who respond "yes" to any request -- and therefore are likely to be infected by multiple types of malware doing all sorts of bad things -- and those who respond "no" to any request, who are more likely to be safe. Thus, Geer says merchants should ask users if they want to connect over an "extra special secure connection," and if they respond "yes," you assume that they respond yes to everything and therefore are probably unsafe. To deal with those people, Geer says, you should effectively hack their computer. It won't be hard, since they're clearly ignorant and open to vulnerabilities -- so you just install a rootkit and "0wn" their machine for the duration of the transaction.

As Kulawiec notes in submitting this: "Maybe he's just kidding, and the sarcasm went right over my (caffeine-starved) brain. I certainly hope so, because otherwise there are so many things wrong with this that I'm struggling to decide which to list first." Indeed. I'm not sure he's kidding either, but the unintended consequences of violating the security of someone's computer, just because you assume they've been violated previously are likely to make things a lot worse. This seems like a suggestion that could have the same sort of negative unintended consequences as the suggestion others have made about creating "good trojans" that go around automatically closing the security holes and stopping malware by using the same techniques employed by the malware. Both are based on the idea that people are too stupid to cure themselves, and somehow "white hat" hackers can help fix things. Now, obviously, plenty of people do get infected -- but using that as an excuse to infect them back, even for noble purposes, is only going to create more problems in the long run. Other vulnerabilities will be created and you're trusting these "good" hackers to do no harm on top of what's been done already, which is unlikely to always be the case. No, security will never be perfect and some people will always be more vulnerable -- but that shouldn't give you a right to violate their security, even if for a good reason.



It would be a huge (but impressive) research project to start connecting all of these laws and show what they have in common – and where the innovation seems to be.

http://www.pogowasright.org/article.php?story=20071121144551461

Whose rules apply to the Web?

Wednesday, November 21 2007 @ 02:45 PM EST Contributed by: PrivacyNews News Section: Internet & Computers

[...]

Applying existing laws to the Internet is a murky business. For years, courts and lawyers have questioned whether copyright laws written for the physical world should carry the same weight in the digital world, where duplicating products takes only the click of a mouse.

But sorting out which laws govern online activities could prove even more difficult, Internet experts say. After all, how do you draw jurisdictions for something called the "World Wide Web"? Facebook.com is based in California, and the data for those social ads can fly through wires in a dozen states before they reach your computer in New York. So which states' laws apply?

Facebook argues that it's none of the above. Because its content crosses many state borders, the site is protected from local rules by the US Constitution's Commerce Clause, says Chris Kelly, Facebook's chief privacy officer. "State laws aren't supposed to interfere with interstate commerce," [Does law = interference? Bob] he says. That's the domain of federal law.

Source - Christian Science Monitor



The world continues to change...

http://techdirt.com/articles/20071120/123845.shtml

The Rise Of The Writer-Entrepreneur

from the ch-ch-ch-changes dept

Marc Andreessen points us to a great article by the LA Times's Patrick Goldstein exploring the rise of alternative business models in Hollywood. Rupp points out that the most successful filmmakers in Hollywood—Steven Spielberg, Peter Jackson, John Lasseter, George Lucas—have worked outside the traditional studio system, starting their own companies and producing great movies without constant meddling from studio bosses. He notes that venture capital has begun flooding into Hollywood, allowing more and more creative types to bypass the studios and get financing for their creative projects directly. And, of course, the Internet will soon make it radically easier to market and distribute independent films. Probably the most important point Goldstein makes is that going outside the studio system isn't just about making more money. An even more important consideration for many writers is maintaining creative control. Those big studio budgets can come with a lot of studio meddling in the finished products, and studio executives are often bad judges of what makes a good movie. Here, too, there are parallels to Silicon Valley's startup culture. Larry and Sergey famously tried to sell their search technology in the late 1990s, only to find that the incumbents thought that nobody would be interested in a better search engine. Luckily, they had no trouble raising venture capital and launching their own company. By the same token, the next time a writer gets fed up with the studios mangling his scripts, perhaps he'll have the opportunity to prove he can do it better by raising some venture capital and producing the movie himself.



Is this a step toward pictographs? (Might be a great way to obtain clip art...)

http://www.researchbuzz.org/wp/2007/11/21/merriam-webster-launches-online-visual-dictionary/

Merriam-Webster Launches Online Visual Dictionary

21st November 2007

Merriam-Webster has leaded up with QA International to launch a new online visual dictionary, which contains information on over 20,000 terms and more than 6,000 illustrations. Visual Dictionary Online is available at http://www.visualdictionaryonline.com.



Well, there goes the tourist industry! (Unless they are planning to stream the video?)

http://www.pogowasright.org/article.php?story=20071121131304813

Talking camera aimed at sex on the beach

Wednesday, November 21 2007 @ 01:13 PM EST Contributed by: PrivacyNews News Section: Surveillance

The big booming voice Martin County in Florida beachgoers might hear next year along the sandy shores will not be coming from the heavens. It may be Martin County officials trying to scare off people looking for sex on the beach.

The county is exploring the idea of installing "talking" cameras at several of the public beaches to ward off or catch people engaged in public sex.

Source - Dayton Daily News

PogoWasRight.org Editor's Comment: how about using talking cameras aimed at government employees to warn them or catch them when they are engaged in transmitting or shipping unencrypted data? [Or focused on those empty desks we're paying people to sit at. Or at any of a thousand other key points in government... Bob]

No comments: