Saturday, November 24, 2007

Sound familiar?

http://www.pogowasright.org/article.php?story=20071123171648667

(updated) Police investigate security breach of patient records in N.L.

Friday, November 23 2007 @ 05:16 PM EST Contributed by: PrivacyNews News Section: Breaches

Police are investigating whether computer hackers viewed sensitive patient information, including test results on HIV and hepatitis, that was on a Newfoundland government computer.

[...]A news release said the material involved included "names, health numbers, age, sex, physician and test results for infectious diseases, including HIV and hepatitis."

[...]No patients have been informed of the security breach and the Health Department doesn't expect to have information on the incident until a private consultant has examined the computer involved over the next few days.

Source - CBC



Automated legal review? Very interesting!

http://www.pogowasright.org/article.php?story=20071123164059377

PIPWatch: Privacy technology for Canadian Internet users

Friday, November 23 2007 @ 04:40 PM EST Contributed by: PrivacyNews News Section: Internet & Computers

For many of us, reading the privacy policies of our favourite websites isn’t exactly a thrilling prospect. It’s a bit like getting in the recommended daily intake of fruit and vegetables. Sure, it’s one of the keys to strong muscles, mental sharpness and avoiding scurvy, but it’s not always enjoyable.

Enter the Personal Information Protection Toolbar or PIPWATCH. A pilot project run by the University of Toronto’s Information Policy Research Program, PIPWATCH is a web browser toolbar designed to help Canadian Internet users find out if their favourite websites comply with Canadian privacy legislation, in particular the Personal Information Protection and Electronic Documents Act (PIPEDA).

Source - Office of the Privacy Commissioner of Canada



Good for a laugh? Unfortunately, no...

http://www.pogowasright.org/article.php?story=20071123112818998

Review Article: European versus American Liberty: A Comparative Privacy Analysis of Antiterrorism Data Mining

Friday, November 23 2007 @ 11:28 AM EST Contributed by: PrivacyNews News Section: Other Privacy News

Abstract of article by Francesca Bignami:

It is common knowledge that privacy in the market and the media is protected less in the United States than in Europe. Since the terrorist attacks of September 11, 2001, it has become obvious that the right to privacy in the government sphere too is protected less in the United States than in Europe. This Article brings alive the legal difference by considering the case-real in the United States, hypothetical in Europe-of a spy agency’s database of call records, created for the purpose of identifying potential terrorists. Under U.S. law such an antiterrorism database might very well be legal. But under European law the very same database would clearly be illegal. Numerous barriers to transatlantic cooperation on fighting terrorism and cross-border crime have been created by this legal difference. The Article considers the reasons for the transatlantic difference-surprising in view of the common wisdom that Americans are more suspicious of government interferences with individual liberty than are Europeans. Based on the transatlantic comparison, this Article concludes with a number of recommendations for the reform of U.S. information privacy law, chief among them being the creation of an independent privacy agency.

Source - Full-text Article, Boston College Law Review [pdf]


Same author

http://www.pogowasright.org/article.php?story=20071123113615795

Article: Towards a Right to Privacy in Transnational Intelligence Networks

Friday, November 23 2007 @ 11:36 AM EST Contributed by: PrivacyNews News Section: Other Privacy News

Abstract of article by Francesca Bignami:

Antiterrorism intelligence sharing across national borders has been trumpeted as one of the most promising forms of networked global governance. By exchanging information across the world, government agencies can catch terrorists and other dangerous criminals. Yet this new form of global governance is also one of the most dangerous. Even at the domestic level, secrecy and national security imperatives have placed intelligence agencies largely beyond legal and democratic oversight. But at the global level, accountability is missing entirely. Global cooperation among national intelligence agencies is extraordinarily opaque. The nature of the international system compounds the problem: these actors do not operate within a robust institutional framework of liberal democracy and human rights. Safeguarding rights in the transnational realm when governments conspire to spy, detain, interrogate, and arrest is no easy matter. Privacy is one of the most critical liberal rights to come under pressure from transnational intelligence gathering. This Article explores the many ways in which transnational intelligence networks intrude upon privacy and considers some of the possible forms of legal redress. Part II lays bare the different types of transnational intelligence networks that exist today. Part III begins the analysis of the privacy problem by examining the national level, where, over the past forty years, a legal framework has been developed to promote the right to privacy in domestic intelligence gathering. Part IV turns to the privacy problem transnationally, when government agencies exchange intelligence across national borders. Part V invokes the cause celebre of Maher Arar, a Canadian national, to illustrate the disastrous consequences of privacy breaches in this networked world of intelligence gathering. Acting upon inaccurate and misleading intelligence provided by the Canadian government, the United States wrongfully deported Arar to Syria, where he was tortured and held captive by the Syrian Military Intelligence Service for nearly one year. Part VI begins the constructive project of redesigning transnational networks to defend the right to privacy, with the safeguards of European intelligence and police networks serving as inspiration for transnational networks more broadly. These European systems feature two types of privacy safeguards: multilateral standards, to which all network parties must adhere, and unilateral standards, applicable under the law of one network party and enforced against the others through the refusal to share intelligence with sub-standard parties. Moving to the global realm, this Article concludes that the multilateral avenue is more promising than the unilateral one. Multilateral standards require consensus on common privacy norms, and consensus will be difficult to achieve. Notwithstanding this hurdle, multilateral privacy standards are crucial, for they will both enable the cooperation necessary to fight serious transnational crime and provide for vigorous protection of basic liberal rights.

Source - Full-text article, Michigan Journal of International Law [pdf]



No doubt there are open source, automatic voip-tapping tools available – here's the other end of the spectrum. (Comments suggest this would even protect communications if you were forced to turn over the key...)

http://it.slashdot.org/article.pl?sid=07/11/23/1324201&from=rss

Protecting IM From Big Brother

Posted by Zonk on Friday November 23, @06:29PM from the another-mark-in-my-file dept. Security Communications The Internet

holden writes "Ian Goldberg, leading security researcher, professor at the University of Waterloo, and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk on protecting your IM conversations. He discusses OTR and its importance in today's world of warrant-less wire tapping. OTR users benefit from being able to have truly private conversations over IM by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An avi of the talk is available by http as well as by bittorrent and a bunch of other formats."



Playing war takes on a whole new meaning...

http://slashdot.org/article.pl?sid=07/11/24/0653238&from=rss

Technology Leveling The Playing Field In Modern War

Posted by Zonk on Saturday November 24, @06:12AM from the to-the-detriment-of-the-armed-forces dept.

The IEEE spectrum site has up an article written by the author Robert N. Charette describing the 'empowerment of the individual to conduct war' through technology. In the piece, entitled Open-Source Warfare, Charette describes the cheap, inexpensive, but clever ways that militants are adapting to modern warfare.

"As events are making painfully clear, [counterterrorism expert John Robb] says, warfare is being transformed from a closed, state-sponsored affair to one where the means and the know-how to do battle are readily found on the Internet and at your local RadioShack. This open global access to increasingly powerful technological tools, he says, is in effect allowing 'small groups to...declare war on nations.' Need a missile-guidance system? Buy yourself a Sony PlayStation 2. Need more capability? Just upgrade to a PS3."



Another list with some new (to me) stuff!

http://www.bespacific.com/mt/archives/016616.html

November 23, 2007

101 Best Web Freebies - BusinessWeek

101 Best Web Freebies - BusinessWeek.com scoured the Internet for the most useful free products and services available online that you probably don't know about, by Douglas MacMillan. This 45 screen slideshow includes graphics and links to recommended products by category - tech tools, personal finance, career, entertainment, print media, research, health, online learning, PC security.



Dilbert explains why companies hire stupid people...

http://www.unitedmedia.com/comics/dilbert/archive/images/dilbert2007111111124.gif

Friday, November 23, 2007

This may be the most common break in the security chain. Management review.

http://www.pogowasright.org/article.php?story=20071122113943904

(follow-up) U.K. Tax Office Says Computers Alerted Employees to Data Loss

Thursday, November 22 2007 @ 11:39 AM EST Contributed by: PrivacyNews News Section: Breaches

The U.K. government department at the heart of a probe into how tax officials lost personal data and bank details on 25 million people said the computer system would have alerted senior staff that the information was being downloaded.

``It would normally come out in a printout and be passed to a senior manager,'' Patrick O'Brien, a spokesman for Revenue and Customs, said in an interview. “You would know about it. It would immediately raise an alarm.''

The comments lend weight to claims yesterday by the opposition Conservatives that senior officials at Revenue and Customs had authorized the release of the data. [If the notification's purpose is to alert management so they can stop data theft, isn't failure to act an indication that the action was approved? Bob] Chancellor of the Exchequer Alistair Darling, who called the data loss ``catastrophic,'' said it was the result of a junior member of staff breaking the rules.

Source - Bloomberg



Another not-so-pressing need.

Ziepod.com - Helping You Reach and Manage Podcasts

Ziepod.com is a tool that helps you find and manage audio content for your iPod. When you use Ziepod.com you can find and rate different podcasts. Ziepod.com helps you find podcast by allowing you to easily subscribe to them and by giving you pop up notifications of when there is new content or episodes.

The Ziepod is free but only deals with audio podcasts. For video and audio management you can look at Ziepod+ which you can buy on the site.

http://www.ziepod.com/


Related

http://ask.metafilter.com/76702/What-are-the-most-intellectually-stimulating-podcasts

What are the most intellectually stimulating podcasts?

November 20, 2007 9:01 AM RSS feed for this thread Subscribe

What podcasts will make me more intelligent just by listening to them?



It surprises me that there aren't more sites like this – collections on a (more or less) narrow topic...

http://www.killerstartups.com/Web-App-Tools/psychantenna--Find-Psych-Related-Sites-via-RSS/

PsychAntenna.com - Find Psych Related Sites via RSS

PsychAntenna is a portal for discovering psychology related sites, blogs, reviews, and podcasts using RSS feeds. Users will first need to grab an RSS reader of their choice. Next, they can search through the site’s database to find content that matches their interest. The preview button can be used to get a glimpse of that site’s focus. Lastly, users subscribe to sites by hitting the subscribe button. Sites are arranged by type, e.g. blogs, journals, websites, and podcasts.

http://www.psychantenna.com/



This has a ways to go, but a very interesting idea! (Want to bet the publishers pay to have their authors included?)

http://www.killerstartups.com/Video-Music-Photo/bookvideos--Go-Behind-the-Scenes-of-Your-Fav-Books/

BookVideos.tv - Go Behind the Scenes of Your Fav Books

BookVideos.tv is a social community site which deals with books, their authors, and video. The highlight of BooksVideos are, of course, the author videos. It is here that you get an up close and personal glimpse of some of your favorite authors along with their take on the writing process, principle themes, and their inspirations.

http://www.bookvideos.tv/science_fiction/index.html



Make your kids play this online game! (Now think of a site where you get rewarded for doing your homework...)

http://www.killerstartups.com/Web20/moola--A-Great-and-Possibly-Lucrative-Time-Waster/

Moola.com - A Great and Possibly Lucrative Time Waster

Moola describes itself as the first ‘massively multiplayer rewards game’. Basically, it’s not only a super entertaining time waster, it’s also a potentially lucrative way to counter-productively while away work hours. Anyone, you included, can win up to $10.7 million dollars (that’s real money, nothing of that Linden stuff), simply by engaging in a little playtime. You get a penny upon signing up. From there, you’re supposed bet that penny against other users in games of chance/skill. Whoever wins takes the pennies and moves up a level. The loser gets a penny to start over again. To win the millions you’ll have to win 30 times in a row. You’ll need to sign up for an instant invite, and before each game there’s a short commercial, but if it gives you the winning penny, that’s really not much to ask of you. So far, over 4 million dollars have been won in the games.

http://www.moola.com/moopubs/login/index.jsp



Interesting stuff, if you have the tools...

http://www.designvitality.com/blog/2007/09/photoshop-text-effect-tutorial/

Photoshop Text Effects Round-Up: 51 Text Effect Tutorials Every Designer Should See

Posted by Justin

Text and the way it looks is a major part of any design. A great design can be cheapened if the text on the page looks wrong. Any logo is almost entirely text. From water to fire, these 51 tutorials will show you how to create any style of text you want.

Thursday, November 22, 2007

When you are a surveillance state, someone holds the data you gather. (Planning to surveil is not the same as planning to safeguard the data gathered.)

http://www.pogowasright.org/article.php?story=20071122051952428

UK: 2,111 data disasters blamed on disc row bunglers

Thursday, November 22 2007 @ 05:30 AM EST Contributed by: PrivacyNews News Section: Breaches

THE bungling Government department responsible for losing 25 million people's personal details in the post was hit by more than 2,100 reported breaches of security in the past year alone.

And 41 laptops – many containing sensitive financial details relating to members of the public – were stolen from employees at HM Revenue and Customs (HMRC) over the last 12 months, demolishing any notion that the loss of two computer discs containing the details of child benefit claimant was a "one-off" error.

HMRC's record of data losses came to light as it emerged that the National Audit Office (NAO), to which the HMRC was sending the discs, specifically asked for many sensitive details to be filtered out and not sent to it.

But HMRC officials refused to separate the details the NAO wanted to audit from those it did not need – like parents' names and bank details – because it would be "too burdensome" and costly to separate them. [This was true in Shakespeare's time... Bob]

Source - Yorkshire Post



This may be worth following. It simply extends the logic we want applied to organizations... (Add this to the potential cost of identity theft?)

http://www.pogowasright.org/article.php?story=20071121152103579

Strange Case Takes Identity Theft to New Level

Wednesday, November 21 2007 @ 03:21 PM EST Contributed by: PrivacyNews News Section: In the Courts

Imagine having your identity stolen -- and then someone uses your personal information to commit a crime. Sound bad enough? Then imagine you get sued for not protecting your own identity.

Those are the allegations in a lawsuit filed in Clark County. This case is taking some of the issues surrounding identity theft to a new level.

Source - LasVegasNow.com



You can read this book online....

http://www.bespacific.com/mt/archives/016609.html

Engaging Privacy and Information Technology in a Digital Age

Engaging Privacy and Information Technology in a Digital Age, James Waldo, Herbert S. Lin, and Lynette I. Millett, Editors, Committee on Privacy in the Information Age, National Research Council.

  • "Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly boundaryless options for collecting, saving, sharing, and comparing information trigger consumer worries. Online practices of business and government agencies may present new ways to compromise privacy, and e-commerce and technologies that make a wide range of personal information available to anyone with a Web browser only begin to hint at the possibilities for inappropriate or unwarranted intrusion into our personal lives. Engaging Privacy and Information Technology in a Digital Age presents a comprehensive and multidisciplinary examination of privacy in the information age. It explores such important concepts as how the threats to privacy evolving, how can privacy be protected and how society can balance the interests of individuals, businesses and government in ways that promote privacy reasonably and effectively? This book seeks to raise awareness of the web of connectedness among the actions one takes and the privacy policies that are enacted, and provides a variety of tools and concepts with which debates over privacy can be more fruitfully engaged. Engaging Privacy and Information Technology in a Digital Age focuses on three major components affecting notions, perceptions, and expectations of privacy: technological change, societal shifts, and circumstantial discontinuities. This book will be of special interest to anyone interested in understanding why privacy issues are often so intractable."



Another resource?

http://www.bespacific.com/mt/archives/016605.html

November 21, 2007

Breaking Down Digital Barriers: When and How ICT Interoperability Drives Innovation

This series is a project of the Berkman Center for Internet & Society at Harvard Law School and Research Center for Information Law at University of St. Gallen. Authors, John Palfrey and Urs Gasser.



and yet another...

http://www.bespacific.com/mt/archives/016601.html

November 21, 2007

Intelligence Guide Available on CD-ROM

The U.S. Department of Justice's (DOJ) Office of Community Oriented Policing Services (COPS) has released "Law Enforcement Intelligence: A Guide for State, Local, and Tribal Law Enforcement Agencies CD-ROM." This guide is an electronic version of the 2004 print publication. The guide is targeted to managers, supervisors, and officers tasked with developing or reinvigorating their intelligence function. The CD also includes other related documents such as The National Criminal Intelligence Sharing Plan (NCISP) and Fusion Center Guidelines. For more information on COPS and other resources provided by COPS, please visit the COPS Web site.



Substitute “test” for “Violate” and I like the idea! (Discounts for good security?)

http://techdirt.com/articles/20071121/164444.shtml

Is It A Good Idea To Violate The Security Of Your Customers If They're Security Ignorant?

from the asking-for-serious-trouble dept

Rich Kulawiec writes in to point out that security expert Dan Geer is suggesting that merchants violate the security of customers they deem as security risks. His argument is, basically, that there are two types of users out there: those who respond "yes" to any request -- and therefore are likely to be infected by multiple types of malware doing all sorts of bad things -- and those who respond "no" to any request, who are more likely to be safe. Thus, Geer says merchants should ask users if they want to connect over an "extra special secure connection," and if they respond "yes," you assume that they respond yes to everything and therefore are probably unsafe. To deal with those people, Geer says, you should effectively hack their computer. It won't be hard, since they're clearly ignorant and open to vulnerabilities -- so you just install a rootkit and "0wn" their machine for the duration of the transaction.

As Kulawiec notes in submitting this: "Maybe he's just kidding, and the sarcasm went right over my (caffeine-starved) brain. I certainly hope so, because otherwise there are so many things wrong with this that I'm struggling to decide which to list first." Indeed. I'm not sure he's kidding either, but the unintended consequences of violating the security of someone's computer, just because you assume they've been violated previously are likely to make things a lot worse. This seems like a suggestion that could have the same sort of negative unintended consequences as the suggestion others have made about creating "good trojans" that go around automatically closing the security holes and stopping malware by using the same techniques employed by the malware. Both are based on the idea that people are too stupid to cure themselves, and somehow "white hat" hackers can help fix things. Now, obviously, plenty of people do get infected -- but using that as an excuse to infect them back, even for noble purposes, is only going to create more problems in the long run. Other vulnerabilities will be created and you're trusting these "good" hackers to do no harm on top of what's been done already, which is unlikely to always be the case. No, security will never be perfect and some people will always be more vulnerable -- but that shouldn't give you a right to violate their security, even if for a good reason.



It would be a huge (but impressive) research project to start connecting all of these laws and show what they have in common – and where the innovation seems to be.

http://www.pogowasright.org/article.php?story=20071121144551461

Whose rules apply to the Web?

Wednesday, November 21 2007 @ 02:45 PM EST Contributed by: PrivacyNews News Section: Internet & Computers

[...]

Applying existing laws to the Internet is a murky business. For years, courts and lawyers have questioned whether copyright laws written for the physical world should carry the same weight in the digital world, where duplicating products takes only the click of a mouse.

But sorting out which laws govern online activities could prove even more difficult, Internet experts say. After all, how do you draw jurisdictions for something called the "World Wide Web"? Facebook.com is based in California, and the data for those social ads can fly through wires in a dozen states before they reach your computer in New York. So which states' laws apply?

Facebook argues that it's none of the above. Because its content crosses many state borders, the site is protected from local rules by the US Constitution's Commerce Clause, says Chris Kelly, Facebook's chief privacy officer. "State laws aren't supposed to interfere with interstate commerce," [Does law = interference? Bob] he says. That's the domain of federal law.

Source - Christian Science Monitor



The world continues to change...

http://techdirt.com/articles/20071120/123845.shtml

The Rise Of The Writer-Entrepreneur

from the ch-ch-ch-changes dept

Marc Andreessen points us to a great article by the LA Times's Patrick Goldstein exploring the rise of alternative business models in Hollywood. Rupp points out that the most successful filmmakers in Hollywood—Steven Spielberg, Peter Jackson, John Lasseter, George Lucas—have worked outside the traditional studio system, starting their own companies and producing great movies without constant meddling from studio bosses. He notes that venture capital has begun flooding into Hollywood, allowing more and more creative types to bypass the studios and get financing for their creative projects directly. And, of course, the Internet will soon make it radically easier to market and distribute independent films. Probably the most important point Goldstein makes is that going outside the studio system isn't just about making more money. An even more important consideration for many writers is maintaining creative control. Those big studio budgets can come with a lot of studio meddling in the finished products, and studio executives are often bad judges of what makes a good movie. Here, too, there are parallels to Silicon Valley's startup culture. Larry and Sergey famously tried to sell their search technology in the late 1990s, only to find that the incumbents thought that nobody would be interested in a better search engine. Luckily, they had no trouble raising venture capital and launching their own company. By the same token, the next time a writer gets fed up with the studios mangling his scripts, perhaps he'll have the opportunity to prove he can do it better by raising some venture capital and producing the movie himself.



Is this a step toward pictographs? (Might be a great way to obtain clip art...)

http://www.researchbuzz.org/wp/2007/11/21/merriam-webster-launches-online-visual-dictionary/

Merriam-Webster Launches Online Visual Dictionary

21st November 2007

Merriam-Webster has leaded up with QA International to launch a new online visual dictionary, which contains information on over 20,000 terms and more than 6,000 illustrations. Visual Dictionary Online is available at http://www.visualdictionaryonline.com.



Well, there goes the tourist industry! (Unless they are planning to stream the video?)

http://www.pogowasright.org/article.php?story=20071121131304813

Talking camera aimed at sex on the beach

Wednesday, November 21 2007 @ 01:13 PM EST Contributed by: PrivacyNews News Section: Surveillance

The big booming voice Martin County in Florida beachgoers might hear next year along the sandy shores will not be coming from the heavens. It may be Martin County officials trying to scare off people looking for sex on the beach.

The county is exploring the idea of installing "talking" cameras at several of the public beaches to ward off or catch people engaged in public sex.

Source - Dayton Daily News

PogoWasRight.org Editor's Comment: how about using talking cameras aimed at government employees to warn them or catch them when they are engaged in transmitting or shipping unencrypted data? [Or focused on those empty desks we're paying people to sit at. Or at any of a thousand other key points in government... Bob]

Wednesday, November 21, 2007

“We don't need no stinking security!”

http://www.timesonline.co.uk/tol/news/uk/article2907495.ece

Taxman loses sensitive personal data on 25m people

Tax chief quits and 7.2 million families warned to check their bank accounts for fraud after personal data lost in post

Nico Hines and Philip Webster, Political Editor of The Times November 20, 2007

The personal and bank details of 25 million people - almost every child in the country as well as their parents and carers - have been lost by HM Revenue & Customs, the Government admitted today.

Names, addresses, dates of birth, employment and bank details all went missing when two CDs containing the information were mislaid.

Alistair Darling told the House of Commons that the discs containing the highly sensitive information failed to arrive after they were sent in the ordinary internal mail between government departments.

... The Chancellor admitted that HMRC had made the same mistake on several occasions in the past six months.

... “Let us be clear about the scale of this catastrophic mistake,” he said. “His department has compromised the security and safety of every family in the land.”

... On October 18, CDs carrying the personal details of every Child Benefit claimant were sent to the National Audit Office by a junior member of HMRC. The package was not recorded or registered.

When it was discovered that those CDs had never reached their destination the information was posted again – this time by recorded delivery, but still against protocol.

... He sought to assure potential victims of identity theft that they would be recompensed in the event of any bank account losses. [That probably won't amount to much... Bob]


Related?

http://www.pogowasright.org/article.php?story=20071121064707643

One million UK employees admit to losing confidential data

Wednesday, November 21 2007 @ 06:47 AM EST Contributed by: PrivacyNews News Section: Breaches

HMRC is not alone in failing to protect confidential information. According to a new survey from Navigant Consulting, conducted by YouGov, more than one million employees in Britain (four per cent of all working adults) have lost, or had stolen a laptop computer; personal digital assistant; thumb-drive; CD; or floppy disk containing confidential information about customers, suppliers, staff or financial information, and a further 12 per cent – almost three and a half million people – claim that this has happened to a work colleague.

... "Our survey shows that 17 per cent of the British work force now uses a company laptop at home – that’s nearly five million people – and indicates that working from home is an established working practice rather than a trend," says Andrew Durant. "Yet only 25 per cent of these said that their laptops are encrypted to protect the confidential information they contain".

"In addition, more than 11 million employees - 39 per cent of workers and/or their colleagues – save data onto a PDA, thumb-drive, CD, or other device, to work from home. It is unrealistic to expect employees to stop using technology to work more flexibly, and frankly reckless for companies not to put measures in place to protect their confidential information in view of this change in working habits. [Well said. Bob]

Source - PersonnelToday.com



I suppose this could be a theft just for the laptops and loose change, but it makes you wonder – was the crook ignorant of the nature of the office he was entering?

http://www.pogowasright.org/article.php?story=20071120163300922

11 laptop PCs stolen from Brussels embassy

Tuesday, November 20 2007 @ 04:37 PM EST Contributed by: PrivacyNews News Section: Breaches

Eleven laptop computers were stolen from the Japanese Embassy in central Brussels earlier this month, leading to fears that personal information on about 12,700 Japanese living in Belgium may have been exposed, the embassy said Wednesday.

... Some of the stolen computers held electronic data on matters such as the expats' residence certification, overseas voting registration and passport information, according to the embassy. The residence certification contains details such as a person's name, birthdate, permanent address in Japan, occupation, family information and passport number.

Source - Daily Yomiuri



Innovation is where you find it...

http://it.slashdot.org/article.pl?sid=07/11/20/2335208&from=rss

The Evolving Face of Credit Card Scams

Posted by kdawson on Tuesday November 20, @08:13PM from the caveat-clickor dept. Security The Almighty Buck

An anonymous reader writes "The 12 Angry Men have a followup to their piece on the cross-sell scam credit card companies have begun using. Their new article concerns another evolving scam being employed, where users are racking up huge fees and charges on cards that have never even been activated. The article goes deep into the standard way the scam plays out, as well as detailing some interesting history on how credit applications are processed, and where they are typically (and frighteningly) subject to tampering."


...and here is our response...

http://www.siliconvalley.com/news/ci_7497332?nclick_check=1

Online crooks often escape prosecution

JUSTICE DEPARTMENT DECLINES NEARLY THREE OF FOUR CASES

By Ryan Blitstein Mercury News Article Launched: 11/18/2007 01:37:59 AM PST

Even as online crime has mushroomed in the past few years into a multibillion-dollar problem, federal prosecution of Internet crooks nationwide has not kept pace, a Mercury News analysis shows.

In nearly three of four cases, federal prosecutors are choosing not to pursue the computer-fraud allegations that investigators bring them. And whether a case is prosecuted appears to vary widely, depending upon where the crime is committed or who the victims happen to be.



No surprise... Is it?

http://www.pogowasright.org/article.php?story=20071120150328281

Having an affair at work? Your email may be subject to open records laws

Tuesday, November 20 2007 @ 03:03 PM EST Contributed by: PrivacyNews News Section: Workplace Privacy

A Kentucky judge has ruled that the state must turn over e-mails to a man who filed under the state's open records law for emails sent between his wife and a man with whom he believed she was having an affair. Franklin County Circuit Judge Phillip J. Shepherd granted the request, reasoning that the two employees were state workers who were on the job when they sent the emails, and hence, they were subject to open records laws.

Source - Associated Press



We're going to face this. Might as well start looking at the implications.

http://developers.slashdot.org/article.pl?sid=07/11/20/2052212&from=rss

Maryland To Tax Custom Programming and Computer Services

Posted by kdawson on Tuesday November 20, @05:48PM from the strangling-the-golden-goose dept. Government Programming The Almighty Buck

mcwop writes "Early this morning Maryland passed legislation to apply a new 6% sales tax to 'custom computer programming' and other computer- and hardware-related services. Computer industry groups lobbied hard against the measure to no avail. Purchasers of IT services may find that in-house IT and buying out-of-state become attractive options, as well as cutting money out of other projects."



Security is one – although they see it as improved surveillance.

http://science.slashdot.org/article.pl?sid=07/11/21/0215224&from=rss

Technology Innovation Areas For 2025

Posted by kdawson on Wednesday November 21, @05:10AM from the i-just-want-my-rocket-car dept. Biotech Businesses Technology

Kyle Spector writes "A global futurist research firm convened an expert panel to forecast the major areas and potential advances in technology innovation through the year 2025. This blog entry contains the full list of 12 areas and some details about each, including personalized medicine, distributed energy, pervasive computing, and nanomaterials."



Dilbert on backups...

http://www.unitedmedia.com/comics/dilbert/archive/images/dilbert2002222371121.gif

Tuesday, November 20, 2007

Justice be damned! It's the money!

http://www.eweek.com/article2/0,1759,2218682,00.asp?kc=EWRSS03119TX1K0000594

Massachusetts AG Slams TJX Consumer Settlement Sale

November 19, 2007 By Evan Schuman

Massachusetts Attorney General Martha Coakley, who is heading the multi-state attorney general probe of TJX, is opposing a part of the proposed settlement of the consumer class-action case.

In a letter Nov. 15 to the federal judge overseeing the cases outlining her objections, according to documents filed in federal court Nov. 16.

... Her objection was not so much with the sale itself, but with having it included as a part of the official settlement. The difference? If it's in the official settlement, it increases how much money the consumer lawyers involved in the case get for their fee.

... The attorneys general who signed the letter represent Arkansas, Connecticut, Illinois, New Jersey, Ohio, Oregon, Tennessee, Vermont and California. In March, there were 34 states involved in the probe. There was no word what happened to the other 24 states and whether they endorse the letter's comments.



You might ask yourself how they could be unaware...

http://www.pogowasright.org/article.php?story=20071119133146779

Survey Says 62 Percent of Companies Believe Missing Computers Go Unnoticed; Consumers Fear Identity Theft

Monday, November 19 2007 @ 01:31 PM EST Contributed by: PrivacyNews News Section: Breaches

... Absolute's survey of its consumer customers had 1842 qualified respondents while 402 companies responded to the corporate survey. A summary of each can be found below. For additional results from both surveys, please visit: http://www.absolute.com/resources/computer-theft-statistics-complete-survey.asp

[...]

One in five (20%) companies reported experiencing a data breach in the past and believe that the majority (61%) of data breaches are perpetrated by internal employees. However, one in five (20%) also believe that sensitive data has been breached that no one in the company is aware of. What kind of data is being exposed? 39% have had confidential business information lost, 22% have had employee information breached, 22% have had customer information misplaced and 16% have had Social Security numbers stolen.

Source - Trading Markets


...here's how.

http://www.pogowasright.org/article.php?story=20071119171437475

Global State of Information Security Study

Monday, November 19 2007 @ 05:14 PM EST Contributed by: PrivacyNews News Section: Breaches

A new security survey shows organizations are strong on infrastructurer but are weak on monitoring and enforcement. Whilst India improves information security safeguards, China leaves room for improvement. Organizations worldwide are investing in infrastructure but lagging in implementation, measurement and review of security and privacy policies according to the 5th annual Global State of Information Security Survey 2007, a worldwide study by CIO magazine, CSO magazine and PricewaterhouseCoopers.

{...}Other survey results show privacy continues to be high profile but not necessarily high priority for security executives. Most companies report gains in privacy safeguards however there are a few key areas in which companies still tend to be weak. Only one-third (33 percent) of respondents keep an accurate inventory of user data or the locations and jurisdictions where data is stored.

Similarly, only one-quarter (24 percent) keep inventory of all third parties using customer data. Encryption of data at rest also remains a low priority even though it is the source of many data leakage issues. Less than half of respondents report encrypting data residing on databases and laptops (50 percent and 42 percent respectively).

Source - 4Hoteliers.com



It was a good idea (clearly identifies what could be done) but it was doomed to failure because the lawyers weren't getting paid...

http://ralphlosey.wordpress.com/2007/11/18/federal-judge-tries-experimental-method-to-resolve-a-major-e-discovery-dispute-in-a-non-adversial-manner/

Federal Judge Tries Experimental Method to Resolve a Major e-Discovery Dispute in Non-Adversial Manner

District Court Judge William Haynes, Jr. in Nashville recently tried to move litigants out of a traditional adversarial approach to e-discovery, and into a more cooperative kumbaya mode. How did he do it? He scheduled a hearing and requested all of the attorneys and their IT experts to be present. Then when they arrived, he asked all of the lawyers to leave so that the experts could work things out in peace.



Are you reading this? Then you're in deep trouble!

http://techdirt.com/articles/20071119/015956.shtml

The Infringement Age: How Much Do You Infringe On A Daily Basis?

from the a-lot-more-than-you-might-think dept

Boing Boing points us to a paper from John Tehranian, called Infringement Nation: Copyright Reform and the Law/Norm Gap (pdf), which attempts to show how far out of whack copyright laws are, with the simple tale of a hypothetical law professor (coincidentally named John, of course) going about a normal day, tallying up every big of copyright infringement he engages in. Replying to an email with quoted text? Infringement! Reply to 20 emails? You're looking at $3 million in statutory damages. Doodle a sketch of a building? Unauthorized derivative work. Read a poem outloud? Unauthorized performance. Forward a photograph that a friend took? Infringement! Take a short film of a birthday dinner with some friends and catch some artwork on the wall in the background? Infringement!

"By the end of the day, John has infringed the copyrights of twenty emails, three legal articles, an architectural rendering, a poem, five photographs, an animated character, a musical composition, a painting, and fifty notes and drawings. All told, he has committed at least eighty-three acts of infringement and faces liability in the amount of $12.45 million (to say nothing of potential criminal charges). There is nothing particularly extraordinary about John’s activities. Yet if copyright holders were inclined to enforce their rights to the maximum extent allowed by law, he would be indisputably liable for a mind-boggling $4.544 billion in potential damages each year. And, surprisingly, he has not even committed a single act of infringement through P2P file sharing. Such an outcome flies in the face of our basic sense of justice. Indeed, one must either irrationally conclude that John is a criminal infringer—a veritable grand larcenist—or blithely surmise that copyright law must not mean what it appears to say. Something is clearly amiss. Moreover, the troublesome gap between copyright law and norms has grown only wider in recent years."

While the paper calls this "infringement nation," it clearly goes beyond our nation. We are living in the "infringement age," where it's impossible not to infringe on copyrights every single day -- yet many people still don't understand why it makes sense to change copyright laws to make them more reasonable.

Monday, November 19, 2007

At minimum, individuals who have their personal information stolen must find the value of their relationship with the organization spilling the data has diminished in value. (Although, I find it hard to think less of the VA than I did before they lost my data...)

http://www.pogowasright.org/article.php?story=20071119072348287

Identity Theft Resource Center Releases Identity Theft: The Aftermath 2006

Monday, November 19 2007 @ 07:23 AM EST Contributed by: PrivacyNews News Section: Breaches

The Identity Theft Resource Center(R) released an important report today discussing the impact of identity theft victimization. This report was not based on a census survey but rather one that invited confirmed victims of identity theft in 2006 to respond to a series of 44 questions. These ranged from the emotional impact this crime has had on their lives and their ability to recover their good name to the financial loss to the business community in goods and services.

The following are highlights of The Aftermath 2006 study. Tables and additional data can be found in the full report on the website: http://www.idtheftcenter.org

  • Uses of victim information: Nearly two-thirds of the 2006 sample reported that their personal information had been used to open a new credit line in their name, 29% reported their information was used for obtaining new cable/utility, and another 27% reported the imposter made charges to the victims' existing credit card accounts.

  • Cost to Business: In 2006, respondents estimated the total value of all charges on fraudulent accounts in their name at $87,303. These figures ranged from $50 to $500,000. This reflects an increase of 78% from 2004 to 2006.

  • Victim Time Spent: In The Aftermath 2006, victims spent an average of 97 hours repairing the damage done by identity theft to an existing account used or taken over by the thief. In cases where a new account was created, respondents in the 2006 study reported an average of 231 hours to clean up the mess. In some cases, respondents used such expressions "eight years and still working on it," "too many to count" or "endless."

  • Costs to Victim: Respondents spent an average of $1,884 dollars in out-of-pocket expenses for damage done to an existing account only. These expenses include: postage, photocopying, childcare, travel, purchasing police or court records.

Source - Press Release

Related - Full Report



Because...

http://www.pogowasright.org/article.php?story=20071119070800200

Data “Dysprotection:” breaches reported last week

Monday, November 19 2007 @ 07:08 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee. Source - Chronicles of Dissent



Evidence that many no longer trust Comcast?

http://slashdot.org/article.pl?sid=07/11/19/0442202&from=rss

Comcast Targets Unlicensed Anime Torrenters

Posted by Zonk on Monday November 19, @01:23AM from the hard-to-get-your-jpop-fix-without-it dept. Anime Businesses Networking The Internet

SailorSpork writes "According to a thread on the forums of AnimeSuki, a popular anime bittorent index site, Comcast has begun sending DCMA letters to customers downloading unlicensed fan-subtitled anime shows via bittorrent. By 'unlicensed', they mean that no english language company has the rights to it. The letters are claiming that the copyright holder or an authorized agent are making the infringement claims, though usually these requests are also sent to the site itself rather that individual downloaders. My question is have they really been in contact with Japanese anime companies, or is this another scare tactic by Comcast to try and reduce the bandwidth use of their heavier customers now that their previous tactics have come under legal fire?"



We need a law like this in the US!

http://it.slashdot.org/article.pl?sid=07/11/19/0554235&from=rss

Losing Personal Info On A Laptop Could Get You Charged

Posted by Zonk on Monday November 19, @06:10AM from the going-to-need-handcuffs dept. Security Government Privacy IT

E5Rebel writes "The UK's data protection watchdog has called for legislation that would punish corporate or government officials with access to the public's personal data ... who lose it. Unencrypted laptops with this personal information which are lost or stolen will see their owners facing criminal charges. 'HM Revenue and Customs is among the organisations that have recently suffered high profile data security breaches as a result of laptops being lost or stolen. The HMRC laptop containing taxpayer data was encrypted - but other organisations have often failed to encrypt their machines.'"


Some people are getting a jump on the law...

http://www.pogowasright.org/article.php?story=20071119071205860

Professor appeals fine

Albrecht seeks to clear penalty issued for lost flash drive

By: Adam Louis Issue date: 11/19/07 Section: Campus

Accounting professor William David Albrecht will appeal his case after the University charged him $9,810.58 for losing a flash drive containing sensitive information last May.

The flash drive contained P00 numbers of approximately 1,600 students and alumni, and, in addition, the social security numbers of 199 alumni. It was reported missing May 30, 27 days after Albrecht first noticed the flash drive had gone missing.



Is this an act of cyberwar? Sort of a trade embargo?

http://slashdot.org/article.pl?sid=07/11/18/1824230&from=rss

China In the Habit of Copying And Redirecting US Sites?

Posted by Zonk on Sunday November 18, @04:42PM from the not-the-way-you-play-the-game dept.

Want to know why US web companies have trouble making it China? gaz_hayes passed us a link to the blog commiepod, which suggests that successful US websites are targeted by 'Chinese government backed companies.'

"These companies copy the site, deploy it on a .cn domain, and then DNS poison or forcefully lower the bandwidth the US site. Just a few weeks ago google.com and google.cn were DNS poisoned across the entire Chinese internet and were being redirected to their Chinese competitor Baidu. This probably explains Google's 3rd quarter market share in China."

This is a fairly serious accusation; anyone else have first-hand experiences that would back this up?



Research? Entertainment!

http://www.researchbuzz.org/wp/2007/11/18/directory-of-museum-podcasts-and-other-museum-information/

Directory of Museum Podcasts and Other Museum Information

18th November 2007

I love finding Web sites for niches I didn’t know existed. In this case it’s a Web site devoted to podcasts for museums, with some additional information about museum blogs. Museumpods is at http://www.museumpods.com/index.html.

... There’s a directory of museum and educational widgets, a number of listings and directories (including a Museum Exhibition Design Firm Directory, Museum Open Source Directory (short), museum jobs, and more.


Related

http://www.bespacific.com/mt/archives/016560.html

November 18, 2007

British Museum Launches Searchable Collection Database

"Welcome to the British Museum collection database. When complete, it will contain a record of every object in the Museum collection. This is the first release and contains records for the collection of two-dimensional works (almost entirely drawings, prints and paintings) from all over the world. New records and images are being added every week as work on the database continues... The entire database contains records for more than 1,698,000 objects. It is still in its early stages, and work is continuing to improve the information recorded in it. In many cases it does not represent the best available knowledge about the objects. This is being added as fast as possible, but will take many years."

  • Collection database search - Currently 262,565 objects in the collection are available online 98,745 of these have one or more images. This currently comprises the Museum’s collection of 2-dimensional pictorial art."

  • Rembrandt reaches the web - James Fenton taps into an online treasure trove, Saturday November 10, 2007, The Guardian: "...The website is unrestricted and you can print off any image. A battle was won before this was allowed to happen, and the result is that anyone - student, teacher or amateur - can get hold of a decent A4 reproduction of the drawing or print they are interested in, for personal use. For scholarly use, there will shortly be an automatic downloading option that gives a free image (for use in a scholarly article or book) of a suitable quality for reproduction. This is going to make an amazing difference in academic life, and it is part of a general trend (begun by Mark Jones at the V&A) of public institutions not charging for educational use of copyright material."



As I start my Small Business Management class, these articles are useful.

http://blogs.cnet.com/8301-13505_1-9819669-16.html?part=rss&subj=news&tag=2547-1_3-0-5

21st Century "abundance" business models: Lessons from Google and Red Hat for Facebook and open source

Posted by Matt Asay November 18, 2007 1:50 PM PST

... 20th Century software business models focus on scarcity because they're founded upon 20th Century conceptions of property (actually, their origin is a few centuries older than that, but never mind). Scarcity is the absolute wrong way to build a software business in the 21st Century with the rise of digitization. It is pointless and fruitless to insist that the digital world act like the physical/analog world and build business models that conform to this false view of the world. To thrive in the new software world, we need to embrace its changes rather than fight them.

... To get at the principle, it's useful to look at the successful business models of a few 21st Century pioneers, including Google and Red Hat:


Does this suggest a business model to you?

http://www.techcrunch.com/2007/11/19/google-magazine/

Google Magazine?

Michael Arrington

An interesting patent was granted to Google on November 8, titled “Customization of Content and Advertisements in Publications.”

A number of blogs picked it up and speculated that Google may soon begin to offer users the ability to create customized, printed magazines from Internet content. And print ads included in the magazine would be customized, too.



Image manipulation. Make your own evidence?

http://www.news.com/8301-13580_3-9819054-39.html?part=rss&subj=news&tag=2547-1_3-0-5

'Seam carving' photo resizing now for video

Posted by Stephen Shankland November 19, 2007 4:00 AM PST

MONTEREY, Calif.--In August, researchers unveiled a new way of shrinking or expanding photos called seam carving. Now it turns out the technique applies to video, too.



Dilbert explains why consultants get the big bucks...

http://www.unitedmedia.com/comics/dilbert/archive/images/dilbert2666690071119.gif

Sunday, November 18, 2007

Because IT management doesn't seem to learn from the mistakes of others-- Hackers on the other hand...

http://it.slashdot.org/article.pl?sid=07/11/17/218240&from=rss

Which E-Commerce System Will Fail This Season?

Posted by Zonk on Saturday November 17, @05:21PM from the big-of-a-dire-prediction dept. Christmas Cheer The Almighty Buck Businesses The Internet IT

Esther Schindler writes "Every year, there's some retailer whose e-commerce or supply chain fails. And it's a big deal, since the holiday shopping season can make or break their year. The IT challenge encompasses everything from server scalability to supply chain management to search engine optimization to database cajoling to business integration to... well, come to think of it, just about everything. To explore this, CIO.com has a big package of articles examining "Black Friday" and its implications, entitled E-Commerce and Supply Chain Systems Gird for Black Friday. Topics covered include online shopping and holiday IT failures. Despite all this—and at least ten years of industry experience in e-commerce sales—we all just know that someone will make yet another big mistake. I wonder who it'll be this year?"



“We don't need no stinking warrant!” (Must be a liberal thing...)

http://www.pogowasright.org/article.php?story=20071117165347118

Police to search for guns in homes

Saturday, November 17 2007 @ 04:53 PM EST Contributed by: PrivacyNews News Section: State/Local Govt.

Boston police are launching a program that will call upon parents in high-crime neighborhoods to allow detectives into their homes, without a warrant, to search for guns in their children's bedrooms.

[...]

The officers will travel in groups of three, dress in plainclothes to avoid attracting negative attention, and ask the teenager's parent or legal guardian for permission to search. If the parents say no, police said, the officers will leave.

If officers find a gun, police said, they will not charge the teenager with unlawful gun possession, unless the firearm is linked to a shooting or homicide.

Source - Boston.com

(Props, LewRockwell.com)



Colleges will ask for any data they know high schools collect and never delete. If some schools supply the information and others don't can colleges make decisions based on what they know?

http://www.pogowasright.org/article.php?story=20071117163246585

Schools balk at disclosing offenses

Saturday, November 17 2007 @ 04:32 PM EST Contributed by: PrivacyNews News Section: Minors & Students

High schools across the country are resisting demands from hundreds of colleges to disclose students' criminal and disciplinary records on applications, worried that minor offenses could stigmatize applicants as troublemakers and keep them from being accepted.

Source - Boston Globe


Are these people overreacting?

http://arstechnica.com/news.ars/post/20071116-employees-gone-wild-online-ii-special-teacher-edition.html

Employees gone wild (online) II: Special Teacher Edition

By Jacqui Cheng | Published: November 16, 2007 - 02:05PM CT

... "the fact that a student can attempt to contact an OEA member who has a profile on these sites lends itself to the possible interpretation of an improper relationship."



The best thing we can say about Colorado is, “We're not Bosnia” Perhaps we teach the legislature how to Google?

http://www.bespacific.com/mt/archives/016557.html

November 17, 2007

Institute of Museum and Library Services Publishes FY 06 State Library Report

"The Institute of Museum and Library Services (IMLS) issued its first library statistics report on state library agencies, on state library agencies in the 50 states and the District of Columbia for state fiscal year (FY) 2006. The State Library Agency Report for FY 2006 [released November 2007] includes a wide array of information on topics such as libraries’ Internet access, services, collections, staff, and revenue, and is used by state and federal policymakers, researchers, and others."

  • "This report marks the first release of library statistics data from the Institute of Museum and Library Services. It contains data on state library agencies in the 50 states and the District of Columbia for state fiscal year (FY) 2006. The data were collected through the State Library Agencies (StLA) Survey, the product of a cooperative effort between the Chief Officers of State Library Agencies (COSLA), the U.S. National Commission on Libraries and Information Science (NCLIS), the National Center for Education Statistics (NCES), and the U.S. Census Bureau. This cooperative effort makes possible the 100 percent response rate achieved for this survey. The frame or source of the list of respondents for this survey is based on the list that COSLA maintains of state library agencies. The FY 2006 survey is the 13th in the StLA series. The data upon which this report is based are final."



If they truly believe it is impossible to make a profit, they should be willing to sell their existing networks for $1. Anyone want in? (My take was they were doing this to block free access.)

http://hardware.slashdot.org/article.pl?sid=07/11/17/1220228&from=rss

EarthLink Says No Future for Municipal Wi-Fi

Posted by CowboyNeal on Saturday November 17, @09:38AM from the well-not-with-that-attitude dept. Wireless Networking The Internet

Glenn Fleishman writes "EarthLink dropped its final bombshell on city-wide Wi-Fi, saying that it wouldn't put more money in and was talking to their current deployed cities about the future. The company had won bids in dozens of cities, and then backed out of the majority of them before building or finalizing contracts a few months ago. The remaining towns they were building out, like New Orleans, Anaheim, and Philadelphia, will ostensibly be turned off unless local officials come up with scratch or a plan of their own. EarthLink pioneered the model of free-for-fee networks, where there would be no cost or upfront commitment from cities, and EarthLink would charge for network access. Apparently, you can't make money that way."