Saturday, December 01, 2007

In with a bang, out with a whimper... Someone at TJX had the right strategy (and the nerve) to make this potential disaster a minor bump in the road. Might make a great case study!

http://www.pogowasright.org/article.php?story=20071130103352988

(follow-up)TJX settles with Visa, Fifth Third Bank

Friday, November 30 2007 @ 10:33 AM EST Contributed by: PrivacyNews News Section: Breaches

TJX Companies Inc. said Friday it reached a settlement with Visa Inc. and Fifth Third Bancorp for potential claims regarding a massive security breach that put consumers' credit card data at risk.

The discount clothing retailer will pay up to $40.9 million in pre-tax recovery payments to eligible U.S. Visa issuers who issued payment card accounts identified to Visa by Fifth Third or TJX. At least 80 percent of the issuers must accept by Dec. 19 for the settlement to finalize.

... The company said in September it had settled customer class action lawsuits in the United States, Canada and Puerto Rico. It did not specify the settlement cost, but noted that its estimated costs were included in a $107 million reserve included in its second-quarter report for fiscal 2008 and its estimate of $21 million in costs expected in fiscal 2009. The $107 million figure includes costs from other lawsuits not included in the customer class actions, the Framingham, Mass.-based company said.

Source - CNN Money

Related - Visa and TJX Agree to Provide U.S. Issuers up to $40.9 Million for Data Breach Claims (Press Release)



This is a good group to target.

http://www.pogowasright.org/article.php?story=2007113010382233

MA: 150,000 Bay State seniors notified of Prescription Advantage security breach

Friday, November 30 2007 @ 10:38 AM EST Contributed by: PrivacyNews News Section: Breaches

Thousands of senior citizens are being notified of a security breach at the state’s Prescription Advantage program that could lead to their identities being hijacked.

The breach was detected in late August and appears to be limited to a handful of members enrolled in the state’s prescription drug insurance plan for seniors, state officials said.

[...] Ms. Goodwin confirmed that a perpetrator was caught and charged, but she declined to identify the individual or to say if the suspect worked for the Prescription Advantage program.

Source - SouthCoastToday.com



Summarize the data. Too much detail is easy to match to individuals.

http://techdirt.com/articles/20071130/114005.shtml

There's No Such Thing As An Anonymized Dataset

from the statistical-analysis dept

Slashdot reports that a pair of computer scientists have figured out how to de-anonymize the "anonymous" data set that Netflix released as part of its million-dollar contest to improve its recommendation algorithm. The researchers found that the set of less-popular movies a user has rated tends to uniquely identify that user. By comparing movie ratings on IMDB with the ratings in the Netflix data set, the researchers were often able to uniquely pair a particular IMDB user with a corresponding Netflix user. And that meant the researcher would instantly have access to all of the user's Netflix ratings, which Netflix users presumably expected to remain private. While movie ratings might seem innocuous at first glance, the authors point out that one's movie ratings can often reveal potentially embarrassing personal details, including a user's views on politics, religion, and homosexuality. This isn't the first time a company has released "anonymous" data regarding its users that turned out not to be so anonymous. Last year, AOL got in a lot of hot water when it released a data set of search queries that turned out to be quite easy to link back to the users conducting the searches. The lesson here is that companies should be very reluctant to release private customer data, even if they believe they have "anonymized" it. Anonymization is surprisingly difficult, and you can never be sure you've done it successfully; it's always possible that someone will find a way to link records back to the people they represent. Wherever possible, companies needing to release data should either aggregate it in a way that avoids revealing information about individuals, or they should carefully limit who has access to the data sets, to avoid having the data sets become publicly available. Simply stripping out the "username" field doesn't cut it.



Everything you ever wanted to know...

http://jurist.law.pitt.edu/monitor/2007/11/terrorism-congress-and-president.php

Terrorism, Congress and the President [Harvard Law School]

Wednesday, November 14, 2007 9:46 PM ET

Dealing with Terrorism: What Congress and the President Should Do, Harvard Law School, November 14, 2007 [discussing what changes they think should be adopted to better deal with the legal issues that have become controversial in dealing with the war on terror, including interrogation techniques, detention facilities, surveillance, and torture]. 1 hr. 22 minutes. Additional event details here. Watch recorded video.



For my web site class (I got 21 hits for Dave Brubeck)

http://www.killerstartups.com/Web-App-Tools/WuZAMcom---Download-MP3s-For-Free/

WuZAM.com - Download MP3's For Free

WuZAM.com is a site where you can search for your favorite songs and artist and download free MP3’s.

http://www.wuzam.com/

Friday, November 30, 2007

As we were told...

http://www.pogowasright.org/article.php?story=20071130025635744

(follow-up) Banks denied class status against TJX

Friday, November 30 2007 @ 02:56 AM EST Contributed by: PrivacyNews News Section: Breaches

In a legal victory for TJX Cos., a federal District Court judge in Boston yesterday told banks suing the Framingham retailer for damages following its massive data breach that they cannot pursue their claims as a class.

Technically, Judge William G. Young's decision to deny class certification does not end the claims against TJX by banks that want the parent of stores including TJ Maxx and Marshalls to pay for the costs of reissuing credit and debit cards following a computer system breach by unknown hackers through last year.... But the decision will make it harder for plaintiffs to proceed, since they will now have to pursue claims individually and many may decide it isn't worth the expense, said lawyer Stefan L. Jouret, a litigator at Donovan Hatem LLP in Boston.

Source - Boston Globe

Related - Court Opinion [pdf]



Still following with interest...

http://www.pogowasright.org/article.php?story=20071129180509673

(follow-up) Battle over VA's data breach heads to mediation

Thursday, November 29 2007 @ 06:05 PM EST Contributed by: PrivacyNews News Section: Breaches

Lawyers for people who sued the Veterans Affairs Department over last year's data breach will begin mediation with government attorneys in the weeks ahead and will update the federal judge overseeing the case in early 2008. Earlier this month, U.S. District Judge James Robertson dismissed several aspects of the case but said the handful of plaintiffs sufficiently made the claim that the department failed to safeguard their personal information, as required by the Privacy Act. The action was brought to the U.S. District Court for the District of Columbia as a potential class-action representing each of the estimated 26.5 million veterans whose data could have been jeopardized in the incident. The FBI eventually recovered the stolen equipment and said the files were not accessed.

Source - Government Executive



Funny that a Japanese firm is still using such old technology...

http://www.pogowasright.org/article.php?story=20071129184205260

Dentsu May Have Lost Disks Containing Shareholder Information

Thursday, November 29 2007 @ 06:42 PM EST Contributed by: PrivacyNews News Section: Breaches

Dentsu Inc., Japan's largest advertising agency, said it may have lost three CD-ROMs that contained personal information on about 54,000 shareholders.

The three disks containing data that included shareholders' names and addresses went missing from the Tokyo headquarters, it said in a statement to the Tokyo Stock Exchange yesterday. The disks did not include shareholders' telephone numbers and bank accounts, it said.

Source - Bloomberg



Attacks on infrastructure. (How do we know this guy shouldn't be at Guantanamo?)

http://www.infoworld.com/article/07/11/29/Insider-charged-with-hacking-California-canal-system_1.html?source=rss&url=http://www.infoworld.com/article/07/11/29/Insider-charged-with-hacking-California-canal-system_1.html

Insider charged with hacking California canal system

A former employee hacked the computer system that controls water flow in central California irrigation canals, highlighting security holes in the nation's infrastructure

By Robert McMillan, IDG News Service November 29, 2007

A former employee of a small California canal system has been charged with installing unauthorized software and damaging the computer used to divert water from the Sacramento River.



Why lawyers should have some computer training in addition to that e-discovery training.

http://www.privacydigest.com/2007/11/29/did+fed+lawyer+use+geeks+call+erase+govt+computer+evidence

Did Fed Lawyer Use Geeks-on-Call to Erase Gov't Computer Evidence?

November 29, 2007 - 8:45am — MacRonin

Scott Bloch, head of the Office of Special Counsel who has been under investigation for retaliation against employees and failure to investigate whistleblower cases, is under suspicion for using Geeks-on-Call to erase all the files on his office computer last year as well as laptops belonging to two of his former deputies.

Bloch claims that he had Geeks-on-Call delete all of his computer files and erase his hard drive because his computer had been seized by a virus. But he apparently bypassed his own agency's IT department when he brought in the outside geeks to do the clean-up. And, as the Wall Street Journal reports, the receipt for the work makes no mention of a virus.

Furthermore, the kind of erase Geeks-on-Call conducted on his computer -- a seven-level wipe -- is considered excessive for treating a virus. As the head of Geeks-on-Call's Washington office told the WSJ, "We don't do a seven-level wipe for a virus."

Such thorough wipes are generally conducted on machines when an individual or company is getting ready to sell them. A wipe like this is also effective if someone wants to prevent forensic investigators from recovering data on a machine.

Bloch says that no files related to investigations were affected by the wipe.

(Read Original Article - Via Threat Level.)



What's wrong with this logic? DHS is operating a system for (and apparently under the control of) the Brits. Let's assume they reciprocate.

http://www.pogowasright.org/article.php?story=20071129115815616

Privacy Impact Assessment for the DHS / UKvisas Project

Thursday, November 29 2007 @ 11:58 AM EST Contributed by: PrivacyNews News Section: Fed. Govt.

Recently the United Kingdom (UK) enacted legislation requiring the submission of biometric data by almost all individuals filing applications for UK visas. Officials from the UK and Department of Homeland Security (DHS) have agreed that individuals who are physically located in the United States (US) may provide the requisite biometrics and limited biographical information at U.S. Citizenship and Immigration Services (USCIS) Application Support Centers (ASCs) for forward transfer to the UK in support of the adjudication of applications for visas. USCIS will temporarily retain the submitted biometric and biographical records until the UK provides confirmation that the transfer of data was successful. USCIS will delete the biometric and biographical records immediately after it receives that confirmation.

Report - Privacy Impact Assessment for the DHS / UKvisas Project [pdf] (Nov. 14, 2007)

[From the report:

... Any potential privacy risk associated with the inadvertent disclosure of personally identifiable information is mitigated by the almost instantaneous transfer of the data to the UK utilizing secure encrypted transfer methods, followed by the rapid deletion of the record from USCIS IT systems. [Do they mean: “inadvertent disclosure” must happen quickly? (Say at computer processing speeds?) And therefore there is no need for security like encrypting the data they gather? Bob]

... The role of the ASC is strictly a front-end data gathering agent and will not involve performing any data accuracy checks.

... The fact that the data is not stored [of course it is! Bob] by USCIS should negate the need for any unique safeguards.

... 9.2 Describe how data integrity, privacy, and security were analyzed as part of the decisions made for your system.

The biometrics and biographical information that are being gathered on behalf of the UK are being

stored for an extremely limited period of time in a USCIS system. [In other words, they weren't analyzed? Bob]

9.3 What design choices were made to enhance privacy?

The biometrics and biographical information that are being gathered on behalf of the UK are being

stored for an extremely limited period of time in an USCIS system. [Also not done? Bob]


Related “Hey, if you're not doing anything wrong...”

http://www.pogowasright.org/article.php?story=2007112912012743

Domestic Spying, Inc.

Thursday, November 29 2007 @ 12:01 PM EST Contributed by: PrivacyNews News Section: Surveillance

A new intelligence institution to be inaugurated soon by the Bush administration will allow government spying agencies to conduct broad surveillance and reconnaissance inside the United States for the first time. Under a proposal being reviewed by Congress, a National Applications Office (NAO) will be established to coordinate how the Department of Homeland Security (DHS) and domestic law enforcement and rescue agencies use imagery and communications intelligence picked up by U.S. spy satellites. If the plan goes forward, the NAO will create the legal mechanism for an unprecedented degree of domestic intelligence gathering that would make the U.S. one of the world's most closely monitored nations. Until now, domestic use of electronic intelligence from spy satellites was limited to scientific agencies with no responsibility for national security or law enforcement.

Source - CorpWatch

(Props, Infowarrior.org)


Related “If it was good enough for Big Brother...”

http://www.pogowasright.org/article.php?story=2007113005530642

Movie: LOOK

Friday, November 30 2007 @ 05:53 AM EST Contributed by: PrivacyNews News Section: Surveillance

The Post 9/11 world has forever changed the notion of privacy. There are now approximately 30 million surveillance cameras in the United States generating more than 4 billion hours of footage every week. And the numbers are growing. The average American is now captured over 200 times a day, in department stores, gas stations, changing rooms, even public bathrooms. No one is spared from the relentless, unblinking eye of the cameras that are hidden in every nook and cranny of day-to-day life.

On Dec. 14, a new movie, LOOK, will open in Los Angeles and New York City. It is shot entirely from the perspective of surveillance cameras, and from the trailers, it looks to be a chilling look at the surveillance society we are becoming.

Source - LOOK: Official Movie Website


Related

http://www.pogowasright.org/article.php?story=20071130023553225

Yet more erosion of the Fourth Amendment?

Friday, November 30 2007 @ 02:35 AM EST Contributed by: PrivacyNews News Section: In the Courts

In a 2-1 decision, the 9th Circuit Court of Appeals ruled that collecting DNA evidence from nonviolent drug offenders does not violate their privacy rights.

Judge M. Margaret McKeown wrote for the majority that the law was constitutional:

In sum, we agree in principle with the other circuits that have considered the issue, and hold that in the case before us, requiring Kriesel to comply with the 2004 amendment to the DNA Act is constitutional because the government’s significant interests in identifying supervised releasees, preventing recidivism, and solving past crimes outweigh the diminished privacy interests that may be advanced by a convicted felon currently serving a term of supervised release.

Judge Betty B. Fletcher dissented:

The majority holds, with an air of shrugging inevitability, that without a warrant, without probable cause, indeed without any suspicion whatsoever, the federal government may seize and repeatedly search the DNA of all federal felons on supervised release, regardless of their offense or their likelihood to re-offend. They sanction the inclusion of that DNA in a massive and permanent computer database, the sole purpose of which is to aid generalized criminal investigation. This offends not only the Fourth Amendment but our precedents. I respectfully dissent.

Court Opinion- U.S.A. v Kriesel [pdf]

Related - AP: DNA Samples OK for Nonviolent Felons



Tools & Techniques Network Security

http://hardware.slashdot.org/article.pl?sid=07/11/30/1325228&from=rss

New Way to ID Invisible Intruders on Wireless LANs

Posted by Zonk on Friday November 30, @08:45AM from the you-have-laboured-to-produce-a-biologic dept. Wireless Networking IT Technology

Bergkamp10 writes "Australia's University of Technology in Queensland has created a groundbreaking new system that can detect invisible intruders on wireless LANs. Wireless networks have been almost impossible to thoroughly secure as they possess no clearly defined boundaries, instead they are defined by the quality and strength of the receiving antenna. QUT Information Security Institute researcher Dr Jason Smith has invented a new system to detect eavesdropping on unencrypted networks [That's not how I read it... Bob] or active hijackings of computer sessions when a legitimate user who is logged onto the network leaves the connection. Smith has created a series of monitoring techniques that when used together can detect both attackers and configuration mistakes in network devices."



Husband 101: If you don't like washing dishes, be sure to drop a few the first time the wife asks you to help...

http://techdirt.com/articles/20071128/173150.shtml

Recounting Touch-Screen Elections In Ohio

from the problems-galore dept

Joseph Beck writes "Here in the Cleveland area there are a few election races that must be recounted because the final results were close. The county uses touchscreen machines from Diebold. The machines print a paper ballot that is reviewed by the voter. State law calls for those paper ballots to be used for the recount. The problem is, some of those ballots did not print properly because of paper jams and malfunctions, and are not readable. The Ohio Secretary of State has declared that those votes can be counted by simply reprinting the paper ballot from the memory card. Of course that defeats the purpose of a voter-verified audit trail, but she says it is acceptable. The next day the news came out that the number of unreadable ballots was actually 20% of all ballots. [If my printer failed that often I'd shoot it (and the guy who sold it to me.) Bob] A spokesman for Diebold said "That is a percentage that prompts us to do further investigation." I'm sure they'll get right on it."

Anyone want to take odds on how long it will take before Diebold or another e-voting supporter uses this failure as an example of why they were better off without a voter-verifiable paper trail in the first place? Diebold and others have always used the "well, paper receipts jam" excuse in the past, meaning the companies have little incentive to come up with ways to prevent such paper jams.



Inevitable that someone would take on such a tempting target.

http://techdirt.com/articles/20071130/003324.shtml

Oregon Attorney General Fighting Back Against RIAA Lawsuits

from the messed-with-the-wrong-attorney-general dept

Over the summer, we wrote about a lawsuit someone had filed against the RIAA in Oregon, claiming that the RIAA's investigation tactics were illegal, since the firm it used to sniff out unauthorized users, MediaSentry, was not a licensed investigator in Oregon. This seemed like a relatively weak claim (or at least one focused on the letter of the law more than the spirit). However, it appears that argument has caught the attention of Oregon's Attorney General who already is unhappy with the RIAA. You may recall that earlier this month, the Attorney General stood up to the RIAA after it tried to get the University of Oregon to identify students. It was surprising to see the AG get involved in such an issue, but clearly, he believes the RIAA is going to far. [More likely, he found out how vulnerable they were in his earlier investigation... Bob] The RIAA responded to his filing, opposing the motion, of course. And now the Attorney General has responded, not just about this particular issue, but slamming the RIAA on a number of fronts, [AG check, RIAA makes a “buy the pot” bet, then AG raises “all in” Read 'em and weep RIAA. Bob] suggesting that the RIAA may be in a bit more hot water than it believed. He repeats the argument that the RIAA's investigation techniques are illegal and then goes on to slam the evidence the RIAA has, how it's gathered, how it uses these cases to squeeze money out of unsophisticated people and many other points about these RIAA cases. The response then points out why this is an important matter for the Attorney General to take a stand on and how it would like to get some answers from the RIAA:

"Because Plaintiffs routinely obtain ex parte discovery in their John Doe infringement suits, as they themselves have pointed out, their factual assertions supporting their good cause argument are never challenged by an adverse party and their investigative methods remain free of scrutiny. They often settle their cases quickly before defendants obtain legal representation and begin to conduct discovery.... While the University is not a party to the case, Plaintiffs' subpoena affects the university's rights and obligations. Plaintiffs may be spying on students who use the University's computer system and may be accessing much more than IP addresses. The University seeks the Court's permission to serve the attached interrogatories on Plaintiffs and conduct telephonic depositions of the individuals who investigated the seventeen John Does named in this lawsuit to determine 1) what their investigative practices are and 2) whether they have any additional information with which to identify the John Does."

It looks like the RIAA may have messed with the wrong university in the wrong state.



Keep current

http://www.bespacific.com/mt/archives/016679.html

November 29, 2007

Annual McAfee Virtual Criminology Report

McAfee Virtual Criminology Report - Cybercrime: The Next Wave - The annual McAfee global cyber trends study into organized crime and the Internet in collaboration with leading international security experts, November 2007.

  • "For this report we consulted with more than a dozen security specialists at top institutions such as NATO, the FBI, SOCA, the Center for Education and Research in Information Assurance and Security (CERIAS), the International Institute for Counter -Terrorism in Israel and the London School of Economics. These experts are also on the front lines in the fi ght against cybercrime every day, and we asked for their insights on the state of this dangerous underworld - as well as their predictions on where it’s going next...the experts agree that cybercrime has evolved significantly in complexity and scope. Espionage. Trojans. Spyware. Denial-of-service attacks. Phishing scams. Botnets. Zero-day exploits. The unfortunate reality is that no one is immune from this malicious industry’s reach — individuals, businesses, even governments. As the world has flattened, we’ve seen a significant amount of emerging threats from increasingly sophisticated groups attacking organizations around the world. And it’s only going to get worse..."


Ditto

http://www.bespacific.com/mt/archives/016683.html

November 29, 2007

Agencies to Issue Proposed Rules and Guidelines that Address Accuracy and Integrity of Consumer Report Information and Rules to Allow Direct Disputes

Press release: "The Federal Trade Commission and the federal financial regulatory agencies (the Agencies) have approved proposed regulations and guidelines to help ensure the accuracy and integrity of information provided to consumer reporting agencies and to allow consumers to directly dispute inaccuracies with financial institutions and other entities that furnish information to consumer reporting agencies. This information is widely used to determine eligibility for credit, employment, insurance, and rental housing. The proposal would implement section 312 of the Fair and Accurate Credit Transactions Act of 2003, which amends the Fair Credit Reporting Act."



Light reading... Scanned as images, not available as text?

http://slashdot.org/article.pl?sid=07/11/29/2048204&from=rss

Carnegie Mellon's Digital Library Exceeds 1.5 Million Books

Journal written by cashman73 (855518) and posted by Zonk on Thursday November 29, @08:30PM from the might-just-be-enough-to-read dept. Education Books The Internet

cashman73 writes "Most Slashdot readers are probably familiar with Google's book scanning project, a collaboration with several major universities to digitize works of literature, art, and science. But Google may have been beat to the punch this time -- about a decade ago, Carnegie Mellon University embarked on a project to scan books into digital format, to be made available online. Today, according to new reports, they now have a collection of 1.5 million books, the equivalent of a typical university library, available online."



Keeping the world safe for democracy!

http://www.gigalaw.com/news/2007/11/anti-spam-software-firm-wins-trademark.html

Anti-Spam Software Firm Wins Trademark Case with Hormel

Spam Arrest LLC, a provider of software and services aimed at stopping e-mail spam, said it won a five-year legal battle against Hormel Foods Corp to keep its trademark. Spam Arrest said a three-judge panel found that Hormel's trademark "does not extend to computer software for filtering spam."

Read the article: Reuters | Posted: 11/29/2007 05:20:00 PM | Permalink



Worth a look?

http://digg.com/motorsport/Gas_price_interactive_map_launches

Gas price interactive map launches

Mapquest launched a new interactive map service today called Mapquest Gas Prices. It feels much more like a fresh website than, say, the government's site designed to do a similar job.

http://www.autobloggreen.com/2007/11/29/new-mapquest-gas-price-interactive-map-launches-also-finds-loca/



I gotta try this! Imagine me on the cover of “National Curmudgeon!”

http://www.killerstartups.com/Web-App-Tools/magmypic--Put-Your-Face-On-The-Cover-Of-A-Magazine/

MagMyPic.com - Put Your Face On The Cover Of A Magazine

You have visited your friend’s MySpace page and have seen photos of them on the cover of People magazine. Don’t be fooled, they are not famous, they are using fun applications to create magazine covers that feature their photo. MagMyPic.com is a site that does just this. You can upload any image you like and turn it into your own custom magazine cover. Choose from a list of different popular magazines such as National Geographic, People, Vogue, Rolling Stone, Sports Illustrated, and more. Creating your custom cover is easy and then you can send it to who ever you want and post it on your social networks and sites. You can take a look at other covers that where made on the site, there is a whole section to browse through. You can also subscribe to any of the magazines whose cover is featured on the site. [Buying the rights, cheap? Good for the magazines! Bob] MagMyPic.com is a great site to have fun at and to pick up a subscription while you are at it.



Illustration of poorly thought out security.

http://www.michaelsalamon.com/?p=20&redirect=1129

Thursday, November 29, 2007

What weighs more than privacy?

http://www.pogowasright.org/article.php?story=20071128085136207

Ariz. judges favor some privacy for nameless e-mails

Wednesday, November 28 2007 @ 08:51 AM EST Contributed by: PrivacyNews News Section: In the Courts

The state Court of Appeals on Tuesday spelled out new privacy protections for those who use the Internet to send anonymous messages.

In the first ruling of its kind in Arizona, the judges said those who believe they have been harmed by anonymous Internet postings or e-mail cannot use Arizona courts to discover the identity of the senders unless they can prove their interests outweigh the privacy of those who originated the messages.

Source - Arizona Daily Star
Related - Commentary and Ruling [pdf] at EFF.



New numbers.

http://www.pogowasright.org/article.php?story=20071128084030908

If Security Is Expensive, Try Getting Hacked

Wednesday, November 28 2007 @ 08:40 AM EST Contributed by: PrivacyNews News Section: Breaches

Oops. Last week, the British government conceded that it had misplaced 25 million private records of its citizens. That blunder was just the latest in a series of embarrassing data debacles--remember how retailer TJX lost 45 million customers' credit card details to hackers in January? Altogether, 2007 will go down in the record books as a thoroughly lousy year for keeping information private.

[...] A set of case studies released Wednesday by the Ponemon Institute surveyed 35 companies that had experienced data breaches and found the average cost of a private information leak in 2007 to be $6.3 million, up from $4.8 million in 2006. .... Of the $198 average cost of each personal record lost this year, about $18 was spent on finding new customers to replace those who fled following a breach--up from $14.50 spent on customer acquisition in 2006 and just $7 in 2005. Companies are also spending more on public relations damage control after data security incidents: 3% of data breach costs are now associated with post-breach P.R., compared with just 1% last year, and practically nothing in 2005.

Source - Forbes

Related - InformationWeek: The Cost Of Data Loss Rises



It takes too long to resolve these...

http://www.newsfactor.com/story.xhtml?story_id=13000BY44X2M

Amazon Wins Privacy Battle with Feds

By Frederick Lane November 28, 2007 10:39AM

In a June opinion that was just unsealed on Tuesday, Magistrate Stephen Crocker acknowledged that the FBI had no particular interest in what Amazon's customers were reading, but he said that the request by the FBI for information on some 24,000 Amazon customers was still troubling. "It is an unsettling and un-American scenario," he wrote.

A federal magistrate in Madison, Wisconsin has harshly criticized the FBI for its aggressive efforts to force Amazon.com to reveal the identities of more than 24,000 individuals who purchased used books from Robert D'Angelo, the subject of a tax fraud investigation.

In the summer of 2006, a grand jury investigating the allegations issued a subpoena to the online bookseller, ordering it to produce the information requested by government agents. The government hoped to contact individuals who had purchased books from D'Angelo and obtain information that they could use as evidence against him. Amazon refused to provide the identities of specific purchasers to the FBI and moved to quash the subpoena.


Why anonymous is good!

http://www.gigalaw.com/news/2007/11/critical-blogs-shine-light-on-judges.html

Critical Blogs Shine Light on Judges' Actions

A handful of legal blogs that have started in South Florida in the past two years that have shone a spotlight on the justice system. Supporters credit the blogs with providing valuable information about the inner workings of the court system, and bringing change. Critics counter that the blogs can be venues for inaccurate information and unsubstantiated personal attacks.

Read the article: law.com | Posted: 11/28/2007 05:00:00 PM | Permalink



This should be useful for almost everyone...

http://www.bespacific.com/mt/archives/016673.html

November 28, 2007

Report - The Search is On: State CIO Starting Points for E-Discovery

National Association of State Chief Information Officers - The Search Is On: State CIO Starting Points for E-Discovery
November 2007
: "In its September 2007 Issue Brief entitled Seek and Ye Shall Find? State CIOs Must Prepare Now for E-Discovery!, NASCIO raised the importance of State CIO involvement in e-discovery and the need for collaborative state electronic records management activities to properly address e-discovery requests. In this follow-up Research Brief, NASCIO provides starting points for State CIOs to improve the state’s ability to successfully address legal requests for electronic information.

Topics include:

  • Getting Started on Electronic Records Management

  • Managing an Electronic Records Management Initiative

  • The Role of Records Retention Schedules · The Challenge of Retrieving Electronic Information

  • Electronic Records Management Training and Awareness for State Employees



Work from home...

http://www.infoworld.com/article/07/11/27/Survey-quarter-US-workers-telecommute-regularly_1.html?source=rss&url=http://www.infoworld.com/article/07/11/27/Survey-quarter-US-workers-telecommute-regularly_1.html

Survey: A quarter of U.S. workers telecommute regularly

While more workers would like permission to work off-site, management is often wary of the possibilities, survey also finds

By Chris Kanaracus, IDG News Service November 27, 2007

A survey released Tuesday by Citrix Online found that 23 percent of American workers regularly do their jobs from someplace besides the office, and that 62 percent of respondents who cannot work off-site would like to.


...and Google (eventually) will tell your boss which bar you are actually in!

http://hardware.slashdot.org/article.pl?sid=07/11/28/2325223&from=rss

Google Maps GPS Simulator

Posted by samzenpus on Wednesday November 28, @07:32PM from the google-where-you-are dept. Google Cellphones Handhelds

garbletext writes "A new version of Google Maps introduced this week includes a beta feature dubbed My Location that was designed to simulate the GPS experience on mobile phones and handheld devices that do not include GPS hardware, like Apple's iPhone. Essentially, the My Location feature takes information broadcast from mobile towers near non-GPS equipped mobile phones to approximate the device's current location on the map down to about 10 city blocks. "It's not GPS, but it comes pretty close (approximately 1000m close, on average)," the Mountain View, Calif.-based search giant explained on its website. "We're still in beta, but we're excited to launch this feature and are constantly working to improve our coverage and accuracy." The My Location feature is currently available for most web-enabled mobile phones, including Java, BlackBerry, Windows Mobile, and Nokia/Symbian devices."



For the Security (Hacker) toolkit

http://www.downloadsquad.com/2007/11/27/open-up-almost-any-file-with-universal-extractor/

Open up almost any file with Universal Extractor

Posted Nov 27th 2007 5:00PM by Brad Linder

Universal Extractor lets you peek inside the contents of EXE and MSI files.


Ditto (Trolling for Class Action?)

http://www.privacydigest.com/2007/11/28/eff+releases+reports+and+software+spot+interference+internet+traffic

EFF Releases Reports and Software to Spot Interference with Internet Traffic

November 28, 2007 - 12:36pm — MacRonin

San Francisco - In the wake of the detection and reporting of Comcast Corporation's controversial interference with Internet traffic, the Electronic Frontier Foundation (EFF) has published a comprehensive account of Comcast's packet-forging activities and has released software and documentation instructing Internet users on how to test for packet forgery or other forms of interference by their own ISPs.



General tools & tips (The templates alone are worth it)

http://www.cogniview.com/convert-pdf-to-excel/post/the-excel-magician-70-excel-tips-and-shortcuts-to-help-you-make-excel-magic/

The Excel Magician: 70+ Excel Tips and Shortcuts to help you make Excel Magic

Are you working with Excel and want take your Excel skills to the next level? Or do you want to learn Excel and don’t know where to start? Check out these 70+ tips and shortcuts that will help you make Excel Magic.


Another list. I'll happily waste hours looking at these sites.

http://www.readwriteweb.com/archives/tutorial_sites.php

A Big List of Sites That Teach You How To Do Stuff

Written by Josh Catone / November 28, 2007



I wonder if it includes cell phone courtesy?

http://hosted.ap.org/dynamic/stories/J/JAPAN_CELL_PHONE_COLLEGE?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Cell Phone College Class Opens in Japan

By YURI KAGEYAMA AP Business Writer Nov 28, 8:29 AM EST

TOKYO (AP) -- Japanese already use cell phones to shop, read novels, exchange e-mail, search for restaurants and take video clips. Now, they can take a university course.



For my web site class

http://www.killerstartups.com/Web-App-Tools/gifup--Create-Fun-Animation/

GIFUP.com - Create Fun Animation

GIFUP is your personal GIF generator to make anamiations.

http://www.gifup.com/


Ditto

http://www.killerstartups.com/Web-App-Tools/genfavicon--Create-Your-Own-Icon/

Genfavicon.com - Create Your Own Icon

Genfavicon.com is a site that features an application that allows you to create an icon out of the image of your choice. Simple select your image, by pasting in the URL address or uploading the image. Then choose which part of the image you wish to make the icon by dragging the mouse and cutting the desired shape.

http://www.genfavicon.com/

Wednesday, November 28, 2007

Inside job or simple passwords?

http://www.pogowasright.org/article.php?story=20071127171256226

(update) Convio: Hacker used employee's password

Tuesday, November 27 2007 @ 05:12 PM EST Contributed by: PrivacyNews News Section: Breaches

The Associated Press is reporting that a hacker used an employee's password to get at Convio's data.

Prior Coverage- here, here, here, and here.



They're kidding, right?

http://www.pogowasright.org/article.php?story=20071128032646480

FTC report: identity theft fell; results disputed

Wednesday, November 28 2007 @ 03:26 AM EST Contributed by: PrivacyNews News Section: Breaches

Identity theft among Americans is down, according to a belated — and controversial — report issued by the Federal Trade Commission on Tuesday.

The FTC says 8.3 million adults, or 3.7% of all Americans over the age of 18, were victims of identity theft in 2005. That's far fewer people than the 10 million the FTC reported in 2003.

The results, released more than three years after the last FTC report, immediately drew skepticism from computer security experts, who say a surge in cybercrime is feeding an increase in identity-theft-related cases.

"The numbers are unreliable," says Avivah Litan, an analyst at market researcher Gartner. (IT) Litan wrote a report, released this year, that showed an increase in identity-theft among American adults, to 15 million, in the 12-month period ended in August 2006. "The methodology is flawed. I think that's why they delayed the report," she says.

Source - USA Today

Related - FTC Report [pdf]



A whole new lexicon?

http://www.pogowasright.org/article.php?story=20071128035057114

Robert Ellis Smith: Scary Stuff

Wednesday, November 28 2007 @ 03:50 AM EST Contributed by: PrivacyNews News Section: Other Privacy News

Government and corporate officials responsible for compliance with privacy laws in Canada and Europe are using a whole new language in 2007. Much of the jargon has passed by the American public. So listen up. This is important.

At their annual meeting this fall in Montreal, there was little of the traditional talk among the international privacy people about the nuts and bolts of data protection. Instead, there were urgent and distressed discussions about "uberveillance," "ambient technology," "ubiquitous computing," [Hey! I made the list! Bob] "ingest­ible bugs" and nanotechnology.

Source - Forbes

(Props, Realtime IT Compliance)



This is new...

http://www.pogowasright.org/article.php?story=20071127150653379

NY Court of Appeals Allows Defendants to Privately Question Plaintiff's Doctors

Tuesday, November 27 2007 @ 03:06 PM EST Contributed by: PrivacyNews News Section: In the Courts

In a major decision today from New York's highest court, defendants have been granted permission to privately interview the treating physicians of a personal injury plaintiff after the close of discovery. In permitting this, the Court appears to have cast aside the privacy provisions of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The decision in Arons v. Jutkowitz is expected to open a small floodgate of attempts by insurance companies and defense lawyers to privately approach treating physicians without the knowledge or permission of the patients and take statements without their counsel or any court reporter being present.

Source - New York Personal Injury Law Blog


On the other hand...

http://www.pogowasright.org/article.php?story=20071127150924271

Feds cancel Amazon customer ID request

Tuesday, November 27 2007 @ 03:09 PM EST Contributed by: PrivacyNews News Section: In the Courts

Federal prosecutors withdrew a request for a subpoena seeking the identities of thousands of people who bought used books through online retailer Amazon.com Inc. after U.S. Magistrate Judge Stephen Crocker ruled that customers have a First Amendment right to keep their reading habits private from the government and that the subpoena might have a chilling effect on people ordering books online.

In his opinion, which he recently unsealed over prosecutor's objections, Judge Crocker wrote:

"The subpoena is troubling because it permits the government to peek into the reading habits of specific individuals without their knowledge or permission," Crocker wrote. "It is an unsettling and un-American scenario to envision federal agents nosing through the reading lists of law-abiding citizens while hunting for evidence against somebody else."

Source - Associated Press



Plenty of time...

http://www.bespacific.com/mt/archives/016653.html

November 27, 2007

New Privacy Rules Imminent, Another Privacy Change Contemplated

US Courts: "New rules providing privacy protection for case files posted online in the federal district, bankruptcy and appellate courts are scheduled to take effect December 1, 2007. Some of the rules represent a change in Judicial Conference policy. Meanwhile, a Judicial Conference committee is studying a related privacy issue: Whether courts should restrict Internet access to plea agreements in criminal cases, which may contain information identifying defendants who are cooperating with law enforcement investigations. The new rules were proposed by the Judicial Conference in accordance with the E-Government Act of 2002, which requires that each court make publicly available online any document filed electronically. The rules require parties to redact certain personal information from each filing. The Act required the Supreme Court to prescribe rules “to protect privacy and security concerns related to electronic filing of documents and the public availability..of documents filed electronically.” The new privacy rules include Civil Procedure Rule 5.2, Criminal Rule 49.1 and Bankruptcy Rule 9037. Appellate Rule 25 was amended to incorporate the new privacy directive. The rules can be found here."



I can read all week!

http://www.bespacific.com/mt/archives/016661.html

November 27, 2007

Universal Digital Library Completes 1.5 Million Book Digitization Milestone

News.com: "The Universal Digital Library, a book-scanning project backed by several major libraries across the globe, has completed the digitization of 1.5 million books and on Tuesday made them free and publically available. The online library offers full text downloads of works that are in the public domain, or for which the copyright holder has been given permission to make available. Having the backing of prominent institutions such as the Bibliotheca Alexandrina in Alexandria, Egypt, however, the collection goes far beyond the widely available classics, though those are there, too..." According to the director of intellectual property for the Universal Digital Library, Michael Shamos, "But once books are digitized and stored on servers around the world, it becomes impossible for any one government to destroy all the copies of a book. Once it's there it remains immortal."



Onward to their doom?

http://yro.slashdot.org/article.pl?sid=07/11/27/2130227&from=rss

Stay Lifted, Novell Vs. SCO Can Go Forward

Posted by kdawson on Tuesday November 27, @05:11PM from the please-turn-to-chapter-seven dept.

A number of readers suggest we check out Groklaw, where PJ is reporting that a bankruptcy judge has granted Novell's request to lift the stay so that its trial against SCO can proceed in Utah. The judge concluded that Judge Kimball is the best one to decide how much SCO owes Novell, and that SCO cannot make any "reorganization" plans — including any "fire sale" of assets — until it knows this figure.



How to be a geek-law icon!

http://yro.slashdot.org/article.pl?sid=07/11/27/1552214&from=rss

A Discussion of SCO's Fate With Groklaw's Pamela Jones

Posted by Zonk on Tuesday November 27, @12:08PM from the going-down-the-tubes dept. The Courts Caldera Unix

An anonymous reader writes "The SCO Group's current fate can be neatly summarized by the title of Pamela Jones' very first article on the case, back in May 2003 — 'SCO Falls Downstairs, Hitting its Head on Every Step.' In the intervening years PJ and Groklaw can be credited with unearthing and exposing many of the flaws in SCO's case, most notably, obtaining and publishing the 1994 settlement in the USL vs BSDi case. An article at the ITPro site interviews PJ about SCO, the impact of Groklaw and future of free software and the law."



Two of my favorite things: Lists & Free! How can I resist?

http://www.creditpanda.com/blog/2007/17-ways-to-get-free-books

17 Ways to Get Free Books

You can never have too many books, so we are delighted to share with you some ways to get them for free. From children’s books to technical books, there are numerous resources that offer literature for free. Some of the following sites offer actual printed books, while others feature electronic books (aka “ebooks”). Please bear in mind that the list is alphabetized, not ordered by importance.



http://www.researchbuzz.org/wp/2007/11/27/search-multimedia-academic-lectures-by-keyword/

Search Multimedia Academic Lectures — By Keyword

27th November 2007

Technology Review has an interesting article on a new offering from MIT — a tool that allows users to search over 200 academic lectures by keyword. The Lecture Browser is available at http://web.sls.csail.mit.edu/lectures/ .

I think this site is supposed to work in Firefox but I had no luck. I would get the “searching” window and no actual results. It worked fine in IE. [Shame on MIT! Bob]

Tuesday, November 27, 2007

I want to hear this!

http://yro.slashdot.org/article.pl?sid=07/11/27/0215220&from=rss

RIAA Must Divulge Expenses-Per-Download

Posted by kdawson on Tuesday November 27, @12:34AM from the treble-damages-are-for-wimps dept. The Courts Music

NewYorkCountryLawyer writes "The Court has ordered UMG Recordings, Warner Bros. Records, Interscope Records, Motown, and SONY BMG to disclose their expenses-per-download to the defendant's lawyers, in UMG v. Lindor, a case pending in Brooklyn. The Court held that the expense figures are relevant to the issue of whether the RIAA's attempt to recover damages of $750 or more per 99-cent song file, is an unconstitutional violation of due process."



It all comes down to one man who says, “No!”

http://arstechnica.com/news.ars/post/20071126-why-the-riaa-may-be-afraid-of-targeting-harvard-students.html

Why the RIAA may be afraid of targeting Harvard students

By Eric Bangeman | Published: November 26, 2007 - 10:46PM CT

Earlier this month, the RIAA announced that it had sent off yet another wave of prelitigation settlement letters to college campuses across the US. This time, the recording industry targeted 16 schools, including almost the entire membership of the Ivy League. There was one notable Ivy school missing from the roster, one that has failed to appear in any of the RIAA's press releases: Harvard.

... There may be another factor at work here: hostility towards the RIAA's campaign on the part of Harvard Law School professors Charles Nesson and John Palfrey, who run the law school's Berkman Center for Internet & Society. Responding to the RIAA's claim that its litigation strategy has "invigorated a meaningful conversation on college campuses about music theft, its consequences and the numerous ways to enjoy legal music," the profs called on Harvard to not betray the "trust and privacy" of its students.

... Should the RIAA decide to send prelitigation settlement letters to Harvard, chances are good that 1) the letters will not be passed on, and 2) some of the best and brightest at Harvard Law School will get involved in a big way. That doesn't look too appealing, especially when the campaign isn't going as smoothly as the RIAA would like.



Automating “cooperation”

http://techdirt.com/articles/20071126/031729.shtml

MPAA Trying To Rootkit Universities?

from the how-nice-of-them dept

Just as the MPAA is strongly pushing for a new law that would require universities to take proactive measures to prevent unauthorized file sharing from happening on university networks, the group is also apparently pushing certain universities to install some MPAA-sponsored software to monitor network usage. However, after examining this "toolkit" some are noticing that it appears a lot more like a "rootkit" than a "toolkit." Depending on how a university's network is configured, it could actually reveal a lot of private info to the outside world. The software also phones home to the MPAA, despite promising not to report back any information. There are a few other oddities as well. While it could password protect some of the exposed content, it never prompts the user to do so -- and, at the same time, it disables logging who accesses the pages revealing all the info. While it could all be a coincidence, effectively the MPAA has made it so that it (and others) can spy on university network usage without being tracked in many cases. People in the article note the similarity to the Sony rootkit situation, where software designed to "protect" actually opened up huge security vulnerabilities.



Also points to several videos...

http://www.pogowasright.org/article.php?story=20071126182853855

Recent Research Commissioned by Microsoft on Data Governance and Role Collaboration

Monday, November 26 2007 @ 06:28 PM EST Contributed by: PrivacyNews News Section: Internet & Computers

Hi, I am Brendon Lynch, Director of Privacy Strategy in Microsoft’s Trustworthy Computing group. Among other things, my team’s work includes engagement with external privacy stakeholders and advising Microsoft product groups on data governance strategies.

I wanted to highlight some interesting research we recently conducted which explores how different roles within organizations are collaborating to protect personal information.

Source - Microsoft Privacy Team: The Data Privacy Imperative (blog)

Monday, November 26, 2007

It must be real – 60 Minutes says so...

http://www.news.com/8301-10784_3-9822842-7.html?part=rss&subj=news&tag=2547-1_3-0-5

60 Minutes on TJX computer security

Posted by Michael Horowitz November 25, 2007 6:40 PM PST

I just finished watching Leslie Stahl do a piece called Hi-Tech Heist on 60 Minutes in which she describes the theft of credit card and other personal information from TJX. These are a couple quick Defensive Computing thoughts on the subject.



Again, because...

http://www.pogowasright.org/article.php?story=20071126074016166

Data “Dysprotection:” breaches reported last week

Monday, November 26 2007 @ 07:40 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



How about: “Trust, but verify?” Isn't this a case where the Judge is assuming all corporations are evil and CEOs are guilty until proven innocent?

http://ralphlosey.wordpress.com/2007/11/25/book-em-danno-hawaiian-judge-sanctions-company-for-trusting-its-top-officers-after-one-goes-tech-and-wipes-his-lap-tops-allegedly-to-hide-porn/

Book ‘em Danno”: Hawaiian Judge Sanctions Company for Trusting its Top Officers after One Wipes His Lap Tops, Allegedly to Hide Porn

A federal court in Hawaii recently imposed severe sanctions against a company for facilitating spoliation by trusting its top officers not to intentionally destroy evidence. In re Hawaiian Airlines, Inc., Debtor; Hawaiian Airlines, Inc. v. Mesa Air Group, Inc., 2007 WL 3172642 (Bkrtcy. D. Hawai’i, Oct. 30, 2007). Defendant’s Chief Financial Officer panicked after he received a litigation hold notice and wiped files from his lap tops. The plaintiff later claimed these files would have proved its case. The CFO said no, he was just trying to hide porn, but the judge didn’t believe him, and threw the book at ‘em instead.

... Big mistake, according to United States Bankruptcy Judge Robert F. Faris. The defendant should not have trusted its employees, even its top officers. It should have assumed they might disobey the hold notice and the law. Mesa should have assumed its people would respond to a hold notice by destroying evidence, not preserving it. It should not only have sent out a hold notice, it should have made backup copies of the hard drives of all of its employees who might have discoverable ESI on their computers. That way, if they responded to the hold notice by deleting incriminating evidence, the company would still have a backup copy of everything to produce to the other side. (For this strategy to work the company would have to make these copies in a stealth manner before the hold notice is sent.)



http://www.socialtext.com/node/317

What is Collaboration 2.0?

November 15, 2007 - 9:44pm

Jay Cross, a leading thinker on informal learning and Web 2.0, recently released an interesting paper on the state of collaboration. His firm Internet Time Group LLC has provided guidance to companies like Cisco, IBM, Sun, Genentech, Merck, Novartis, HP, among others.

This is particularly timely considering all the public debate right now about the future of online communications and social interactions following the Slate article on 'The Death of Email' or Thomas Hawk's Digital Connection blog post.

[Link to the paper: http://internettime.pbwiki.com/inatt2



Strategy? What strategy?

http://it.slashdot.org/article.pl?sid=07/11/26/0643230&from=rss

More Evidence That XP is Vista's Main Competitor

Posted by Zonk on Monday November 26, @07:15AM from the xtc-vs-adam-ant dept. Windows Microsoft IT

Ian Lamont writes "Computerworld is reporting that Windows XP Service Pack 3 runs MS Office 10% faster than XP SP2 — and is 'considerably faster' than Vista SP1. XP SP3 isn't scheduled to be released until next year, but testers at Devil Mountain Software — the same company which found Vista SP 1 to be hardly any faster than the debut version of Vista — were able to run some benchmarking tests on a release candidate of XP SP3, says the report. While this may be great news for XP owners, it is a problem for Microsoft, which is having trouble convincing business users to migrate to Vista."



How to be hip? Includes that old favorite: Streisand effect I look up words my students use, but they are more often just mis-spellings...

http://www.bespacific.com/mt/archives/016633.html

November 25, 2007

Web Site Tracks New Words and Phrases Along With Definitions

"Word Spy is devoted to lexpionage, the sleuthing of new words and phrases. These aren't "stunt words" or "sniglets," but new terms that have appeared multiple times in newspapers, magazines, books, Web sites, and other recorded sources."



Scrooge (pre-ghost visit) would like the idea! Even offers a few suggestions... (See next article)

http://www.technewsworld.com/rsstory/60446.html

Nothing Says Holiday Cheer Like Free Software

By Pam Baker LinuxInsider Part of the ECT News Network 11/26/07 4:00 AM PT

To save money this holiday season, you could break out the construction paper and rubber cement and make something really, um, nice; or you could take a quick cruise on the Web, download a few free applications, put them on a thumb drive and really make someone's holiday. It's your choice. No pressure. Put down the safety scissors, please.



And how could I not love this? Something for everyone?

http://digg.com/tech_news/Master_List_of_the_Best_101_Lists

Master List of the Best 101 Lists

Comprised of everything from Mozilla, CSS tips, Ubuntu, to freelancing and increasing traffic, and even some humorous links from some of the top sites on the net including Lifehacker and Problogger.

http://fresh-perspectives.net/2007/11/best-101-lists.html