Saturday, December 22, 2007

Is this common? First report I've read where the police are actively looking for the victims. (No doubt, so they can add burglary to the charges...) Would (should?) this cost be passed on to a TJX?

http://www.pogowasright.org/article.php?story=20071222072718335

TX: Police Tracking Down ID Theft Victims

Saturday, December 22 2007 @ 07:27 AM EST Contributed by: PrivacyNews News Section: Breaches

With six arrests so far in the case, police have begun trying to track down what appear to be hundreds of victims in an identity theft ring that targeted South Texans.

Authorities raided a home on Eagle Drive back on Dec. 6.

U.S. Marshals, assisted by police, found drugs stacks of cash and stolen property, including checkbooks and credit cards.

.... To track down victims, investigators have to go through the evidence including lock boxes containing stolen credit cards and checkbooks.

"It's hard to say," Lt. Lauren White of the Corpus Christi Police Department said, leafing through evidence, "but there's probably 20 different IDs in here from different people."

Source - KRISTV.com



Your tax dollars at work: Training the next generation of crooks?

http://www.pogowasright.org/article.php?story=2007122207190954

Personal Information Included In Prison Probe

Saturday, December 22 2007 @ 07:19 AM EST Contributed by: PrivacyNews News Section: Breaches

Social workers' notes on troubled families and the names, addresses and license numbers of drivers who were in accidents are among the information processed by inmates in a prison program now under investigation for a possible security breach.

The DataCon center at York Correctional Institution in Niantic remains closed a week after Department of Correction officials shut it down. The center enters and scans data for at least 11 state agencies that, collectively, deal with information about many Connecticut residents.

[...]According to the DOC, DataCon has operated securely at York — both as a money-saving service to the state and as an occupational training program for inmates — for 10 years. DataCon employs approximately 50 female inmates for pennies per hour.

Source - The Day



Re-taking control

http://politics.slashdot.org/article.pl?sid=07/12/22/026216&from=rss

Norway Mandates Government Use of ODF and PDF

Posted by Zonk on Friday December 21, @10:30PM from the playing-nice-with-everyone dept. Government Politics Linux Technology

siDDis writes "Earlier this year Slashdot mentioned that Norway was moving towards mandatory use of ODF and PDF. Now it's official: the Norwegian government has mandated the use of open document formats from January 1st, 2009. There are three formats that have been mandated for all documentation between authorities, users and partners. HTML for all public information on the Web, PDF for all documents where layout needs to be preserved and ODF for all documents that the recipient is supposed to be able to edit. Documents may also be published in other formats, but they must always be available in either ODF or PDF."



Tools & Techniques: The Stalkers Toolkit This should give us the address of most politicians, including Osama?

http://www.pogowasright.org/article.php?story=20071221090959986

Details of Unlisted Number Address "Exploit" Revealed

Friday, December 21 2007 @ 09:09 AM EST Contributed by: PrivacyNews News Section: Internet & Computers

Greetings. After due consideration, some expert advice, and since the firm involved obviously feels that they're not doing anything wrong (will everyone else agree?), I've decided to release the details of the unlisted number to address lookup "exploit" I outlined in Psst! Wanna Know the Street Address for an Unlisted Number? -- please see that entry for the background on this situation. This "exploit" is still up and running as of a few minutes ago.

As noted previously, this technique is extremely successful at revealing the street addresses for U.S. landline (non-mobile) telephone numbers, including those aforementioned unlisted numbers. The returned information isn't 100% accurate for all queries and some numbers are missing -- I suspect stale data in certain situations -- but it's very "good" overall.

[...]The company under discussion is Acceller, Inc., and you can visit their services access page at:

In the upper right-hand corner of the page, you'll find a "Search For Offers" form where a phone number may be entered -- then click "Compare Offers Now" -- it's that simple. (Note: You may need to have cookies enabled for this to work, and Internet Explorer may perform better than other browsers in some cases for these queries.)

Enter a phone number, watch the bouncing ball for 10 seconds or so, and then you stand an excellent chance of seeing a street address revealed for U.S. non-mobile numbers (along with the various service offerings available at that address, of course).

Source - Lauren Weinstein's Blog

(Props, Infowarrior mail list)



Could be interesting. I'm teaching a web site class in January, this could be an interesting rubric...

http://techdirt.com/articles/20071221/154105.shtml

Get College Credit For Being Famous Online

from the and-what-did-you-major-in? dept

It's certainly no secret that in an age of changing business models for content creators, that understanding the nature of online marketing is important. Huge industries have grown up around online marketing, viral marketing and word of mouth marketing. But, when it gets right down to the core, it's about figuring out ways to get attention -- and it appears that one college professor is imparting that message quite clearly to his students in a class where the entire goal is for students to become famous online. It apparently doesn't matter how they become famous, but their grades depend on it. The class, at Parsons The New School for Design, has 15 students, all vying to be more famous than one another. What's amusing is that, as the semester wound down and more subtle means of becoming internet famous were proving ineffective, many in the class resorted to the old short-term standby: posting videos of scantily-clad women on blogs and using suggestive titles. You can check out the class blog to judge for yourself how famous the students have become.


Speaking of which...

http://www.killerstartups.com/Web-App-Tools/AppJetcom---Instant-Web-Programming/

AppJet.com - Instant Web Programming

Want to make or host a web application and think it’s not so easy? Using AppJet you can write and run applications on your browser. Applications are programmed on a web based text editor in the very simple Javascript programming language. Javascript is used on both the server and client side. The only thing you have to do to get your own application is to type up your code and save it. Then the application is published to a website where it runs when anyone goes to the site. They don't require you to know lots of different programming languages, and the process drastically is simplified by getting your work hosted online. AppJet.com provides a place for beginner programmers and experienced developers alike to build simple web apps with minimal fuss.

http://appjet.com/



For those of us fascinated by language...

http://digg.com/educational/Top_7_Ways_to_Overhaul_Your_English_Online

Top 7 Ways to Overhaul Your English Online

blog.shankarganesh.com — Thesauri and dictionaries are only a good beginning if you are looking to seriously straighten out your language skills online.

http://blog.shankarganesh.com/2007/12/21/how-to-improve-your-english-online/



Interesting report on the ed-u-bidness

http://www.bespacific.com/mt/archives/016886.html

December 21, 2007

New GAO Reports: Budget Issues, Military Health Care, Veterans' Benefits, Higher Education

  • Budget Issues: Accrual Budgeting Useful in Certain Areas but Does Not Provide Sufficient Information for Reporting on Our Nation's Longer-Term Fiscal Challenge, GAO-08-206, December 20, 2007

  • Military Health Care: Cost Data Indicate That TRICARE Reserve Select Premiums Exceeded the Costs of Providing Program Benefits
    GAO-08-104, December 21, 2007

  • Veterans' Benefits: Improved Operational Controls and Management Data Would Enhance VBA's Disability Reevaluation Process, GAO-08-75, December 6, 2007

  • Higher Education: Tuition Continues to Rise, but Patterns Vary by Institution Type, Enrollment, and Educational Expenditures, GAO-08-245, November 28, 2007

Friday, December 21, 2007

No mention of encryption. No reason why this data wasn't transferred electronically (taking minutes rather than days).

http://www.pogowasright.org/article.php?story=20071220120822163

NY: Dormitory Authority loses worker data

Thursday, December 20 2007 @ 12:08 PM EST Contributed by: PrivacyNews News Section: Breaches

Almost 800 state employees are wondering if their information has slipped into the wrong hands.

The state Dormitory Authority is trying to find five computer tapes containing the social security numbers, birth dates and other personal information of the employees.

The tapes were sent from Albany by overnight delivery on Monday to the state authority's office in Manhattan. When the package was arrived, it was empty.

Source - WNYT



Always inventive – seldom thoughtful. (They do encrypt the data, God Bless Them!)

http://www.pogowasright.org/article.php?story=20071220115305263

(follow-up) Computer stolen from service center

Thursday, December 20 2007 @ 11:53 AM EST Contributed by: PrivacyNews News Section: Breaches

The Connecticut Department of Motor Vehicles is notifying 155 customers that their personal information may have been on a computer stolen from a mobile service center vehicle while it was being repaired.

Both the DMV and the State Police have begun investigations into the recovery of the stolen equipment.

Authorities say the personal data on the computer included name, address, date of birth, license number, photo and signature. It is unlikely that the data could be accessed due to a number of security features, including a software program that triggers a deletion of the data when the computer is turned on. [Suggesting that state workers never turned their computers on? Bob]

Source - ABC



Well, you learn something new every day...

http://www.pogowasright.org/article.php?story=20071220180151591

SC: School Employees' Personal Data Stolen

Thursday, December 20 2007 @ 06:01 PM EST Contributed by: PrivacyNews News Section: Breaches

Hundreds of current and former Greenville County School District employees had personal information stolen from computers accessing state insurance information, prompting an investigation by federal Homeland Security officials.

The district notified employees last week that the computers had been compromised and that employees' personal information was taken, including their names, home phone numbers and Social Security numbers.

Homeland Security said that school employees were among several governmental agencies across the state whose employees were hit by data thieves.

Source - WYFF

Related - letter sent to employees

[From the article:

According to a release, the school district says it was informed about the security breach by state information security officials, who learned of it from the Department of Homeland Security, which monitors government computers for suspicious activity.



“Hey, we could have asked for a spinal tap and one of your kidneys...” (Or we could use your refusal as proof.)

http://www.pogowasright.org/article.php?story=20071221070423147

TX: Blood to be drawn from DWI suspects

Friday, December 21 2007 @ 07:04 AM EST Contributed by: PrivacyNews News Section: State/Local Govt.

El Paso police will use search warrants to get blood samples from suspected drunken drivers who refuse breath tests in a controversial pilot program that begins tonight.

The temporary "no-refusal program" is patterned after similar efforts in a few other Texas cities, including Houston, where it has raised invasion-of-privacy issues. It has immediately compelled constitutional questions in El Paso.

Source - El Paso Times



...soon it will be built into every Craftsman tool and every Kenmore appliance! Did they learn this from Sony?

http://techdirt.com/articles/20071220/164410.shtml

Sears.com: Join Our Community... So We Can Spy On Your Every Online Move

from the ouch dept

Rich Kulawiec writes in to let us know that Sears.com and Kmart.com (owned by Sears) have been inviting visitors to those sites to "join our community." However, rather than joining any actual community, what you appear to be doing is installing spyware that reports on your every move online. It's actually a trick to get you to install Comscore's tracking app. Comscore has been accused in the past of distributing spyware surreptitiously, which the company vehemently denies -- but it's hard to see how this is above board. It's certainly worse than Facebook's Beacon fiasco. What happens is that you are asked if you want to "join the community," and then, without clearly explaining what the software does, Comscore's tracking software is installed. After that, all of your online activities -- including to "secure" sites like banking sites -- is sent directly to Comscore, despite Sears' website insisting that none of the data you share will go to anyone but Sears. As for the "community," it doesn't seem like there is one. The security researcher who signed up for the community says that once the software is installed, there's no obvious indicator that it's installed or running -- and he received no "communications" from the so-called community whatsoever. Basically, it sounds like it's just a trick to get you to install this tracking software while hoping you'll forget about it.



How else will politicians know which second class citizens to call, email, text, and otherwise annoy? Perhaps we should form the “Don't bother me” Party?

http://www.pogowasright.org/article.php?story=20071221065529892

WA: An inappropriate invasion of voters' right to privacy (commentary)

Friday, December 21 2007 @ 06:55 AM EST Contributed by: PrivacyNews News Section: State/Local Govt.

Many Washington voters will be shocked and offended to learn that their private votes will not be counted in the Feb. 19 presidential primary unless they make a "political party declaration." That declaration will be provided to the political parties and will be publicly available under the state public records act.

Under our populist traditions, a voter previously could make a primary-election choice for president in the privacy of the voter's booth, confident that the vote would be counted and the privacy of his or her party selection would be protected.

Source - Seattle Times



But don't we want to be famous? Where is the rulebook here?

http://www.wired.com/techbiz/people/magazine/15-12/st_thompson

Clive Thompson on the Age of Microcelebrity: Why Everyone's a Little Brad Pitt

By Clive Thompson Email 11.27.07 | 12:00 AM

... Microcelebrity is the phenomenon of being extremely well known not to millions but to a small group — a thousand people, or maybe only a few dozen. As DIY media reach ever deeper into our lives, it's happening to more and more of us. Got a Facebook account? A whackload of pictures on Flickr? Odds are there are complete strangers who know about you — and maybe even talk about you.

... Some of the newly microfamous aren't very happy about all the attention. Blog pioneer Dave Winer has found his idle industry-conference chitchat so frequently live-blogged that he now feels "like a presidential candidate" and worries about making off-the-cuff remarks. Some pundits fret that microcelebrity will soon force everyone to write blog posts and even talk in the bland, focus-grouped cadences of Hillary Clinton (minus the cackle).

... In essence, I'm sending out press releases. Adapting to microcelebrity means learning to manage our own identity and "message" almost like a self-contained public relations department. "People are using the same techniques employed on Madison Avenue to manage their personal lives," says Theresa Senft, a media studies professor and one of the first to identify the rise of microcelebrity. "Corporations are getting humanized, and humans are getting corporatized."



Why passwords are never enough.

http://digg.com/microsoft/How_to_Retrieve_a_Lost_Windows_Password_5

How to Retrieve a Lost Windows Password watch!

5min.com — Offers hope for my XP-Pro notebook I haven't used in months and can't remember my login. What a dummy. Talk about secure. They say: "Even though it can be difficult to retrieve a lost password, it can be done"

http://www.5min.com/Video/How-to-Retrieve-a-Lost-Windows-Password-4512



Probably won't replace the Oscars, but amusing.

http://www2.csoonline.com/exclusives/column.html?CID=33394

Privacy: The Worst Quotes of the Year

From massive data breaches to insidious new ways to deliver ads online, we found plenty of privacy lowlights in 2007. So many, in fact, that we’re introducing a new award. Ladies and gentlemen, the 2007 Privvy Awards for outstanding quotability regarding privacy.

By Scott Berinato



Doesn't free speech mean we are free to laugh at what you say?

http://techdirt.com/articles/20071220/010156.shtml

Judge Points Out That Lawyer Ranking Site Is Free Speech... Even If It's Dumb

from the that-whole-free-speech-thing dept

Earlier this year, we wrote about a new website, Avvo, that had created an algorithm to try to "rank" lawyers based on quality. It should come as no surprise, of course, that some lawyers (e.g., the low-ranked ones) weren't particularly pleased with such a system and some of them got together to sue the site as a class action suit -- on behalf of poorly ranked lawyers around the world. While you can certainly understand why lawyers would be upset at such a site, just because you're upset about something doesn't make it illegal. And, just as judges have repeatedly pointed out that things like Google's search rankings are protected free speech as opinions, a judge has dismissed the lawsuit against Avvo, noting that the rankings are merely opinions and that's protected free speech. That's not to say that the judge thinks Avvo is particularly useful. In fact, he points out how ridiculous the rankings are -- but that doesn't mean they're illegal. Chalk one up for free speech online.

Thursday, December 20, 2007

One to follow?

http://www.xconomy.com/2007/12/19/class-action-lawsuit-unfolding-in-boston-against-webloyalty-fandango-priceline/

Class-Action Lawsuit Unfolding in Boston Against Webloyalty, Fandango, Priceline, and Various Web Retailers Alleges Widespread “Coupon Click Fraud”

Seth Shulman 12/19/07

It is every online shopper’s nightmare (that is, if you awake to know it has even happened). You’re at the computer buying movie tickets, flowers, or pet food and, after completing your purchase, an enticing pop-up comes on the screen offering a $10 rebate. You type in your e-mail address to take advantage of the offer and the next thing you know, wham! You just unwittingly transferred your credit card number to a company you’ve never heard of and enrolled yourself in a dubious “rewards” program charging you $10 per month in perpetuity.

... No matter the outcome, the case is being watched closely in both legal and financial circles. Lawyers say the suit could help shape the way laws governing online transactions are interpreted and enforced. Investors note that Webloyalty’s type of business, known as part of the so-called “lead generation” field, is a tempting and profitable branch of e-commerce. But, they say, any revelations from the case about deceptive practices would certainly give many would-be investors pause.



To the “If you're not guilty...” agruement, we should add “If you are totally clueless...”

http://www.pogowasright.org/article.php?story=20071219121635905

Se: Klüft touts computer chip implants

Wednesday, December 19 2007 @ 12:16 PM EST Contributed by: PrivacyNews News Section: Non-U.S. News

Swedish athletes Carolina Klüft and Stefan Holm have caused a stir on the home front by proposing radical measures to ensure that top level competitors refrain from taking performance-enhancing drugs.

Klüft and Holm, reigning Olympic champions in the heptathlon and high-jump events, both agreed that competitors at the highest level should either have computer chips implanted into their skin or GPS transmitters attached to their training bags to help keep track of their movements at all times.

Source - The Local



Video guidelines.

http://googleblog.blogspot.com/2007/12/new-privacy-tips-video-series.html

New privacy tips video series

12/19/2007 11:30:00 AM Posted by Jane Horvath, Senior Privacy Counsel

In order to give you the best possible information about the privacy settings for our products, we asked the engineers and product managers who actually designed them to explain how they work in a series of new videos we released today on our YouTube Privacy Channel. These videos feature Googlers sharing privacy tips, like how to use Google Chat’s “Off the Record” feature, how to limit the number of people who can view your Picasa photos, how to unlist your phone number from Google search results, and how to make the details of your Google Calendar entries private.



If you wanted to alter votes in an election... or if you wanted to hide the fact that you already had...

http://blog.wired.com/27bstroke6/2007/12/election-softwa.html

Election Software Lost in Transit

By Kim Zetter EmailDecember 19, 2007 | 5:21:41 PMCategories: E-Voting, Election '08

More than a hundred computer chips containing voting machine software were lost or stolen during transit in California this week.

Two cardboard shipping tubes containing 174 EPROMs loaded with voting machine software were sent via Federal Express on December 13th from the secretary of state's office in Sacramento to election officials in nineteen California counties that use optical-scan voting machines made by Diebold Election Systems. But on Monday, two shipping tubes arrived empty to one of these counties.



Thank God the logic doesn't extend to political ads.... (Perhaps this is to make up for the fine the US had to pay the EU for an illegal trade practice?)

http://techdirt.com/articles/20071219/162808.shtml

Why Should Google, Microsoft & Yahoo Have To Pay Fines For Casino Advertising?

from the makes-no-sense dept

The pointless US campaign against online gambling has snared another bunch of innocent victims. A few years back, the DOJ started a new program: rather than trying to stop online gambling directly (since all were operating outside of the US), it would simply go after websites that ran ads from casinos. The problem is that this would appear to be a free speech violation. Unfortunately, that hasn't stopped the folks in the Justice Department from applying pressure to companies -- and it looks like the three big search engines have caved. Google, Yahoo and Microsoft have agreed to pay a combined $31.5 million for running ads from gambling sites in the past (the fines are to be paid as a mixture of cash, donations to charity and public service announcements). The companies aren't admitting guilt -- which seems reasonable because they're not guilty of anything. None of these companies was involved in illegal online gambling. None of these companies even embraced or endorsed illegal online gambling. As platform providers for ads, they simply allowed others to buy ads on their sites for online gambling sites. There shouldn't be any liability directly on those search engines -- but it's tough to fight the US gov't, and since the amounts are relatively small, it's not a huge surprise that the companies settled. It is unfortunate, though. No matter whether you are for or against online gambling, there's simply no reason to go after the search engines. If the ads themselves were illegal, go after those who bought the ads.



“Copyright is as copyright does.” F. Gump

http://techdirt.com/articles/20071219/020622.shtml

Copyright, Defamation, Bloggers, DMCA, Safe Harbors, Cease-And-Desists And Anonymity... Oh My!

from the we've-got-it-all-in-this-case dept

Well, here's a lawsuit that's got all the hot button issues going around these days, and yet has received very little publicity. Both Eric Goldman and Sam Bayard provide detailed legal breakdowns of what happened (and it may take a couple reads to grasp all the details), but let's try to summarize (some of it's good, some of it's bad). Basically, there was a site that has a few anonymous bloggers posting about politics. One of those anonymous bloggers, going under the name "Tom Paine" posted something accusing the CEO of a company of something that the CEO believed was defamatory. The company sent the blog a cease-and-desist letter, demanding that Paine's post be removed. That cease-and-desist letter was then posted to the blog by a different anonymous blogger, using the name "d2."

Here's where things get interesting. The company had registered the cease-and-desist with the copyright office, and then claimed that d2 was violating the copyright. We've seen a few other companies try to do this, and the idea that a boilerplate cease-and-desist letter is copyrightable is highly questionable -- and, even if it can be covered by copyright, there are strong fair use arguments for a blogger being able to post it. Unfortunately, though, the court felt otherwise, and decided that just because the company had registered the copyright on the document, that's all the evidence it needed to say the document was covered by copyright, and posting it could be considered infringement. If that stands, it could be disastrous to plenty of other bloggers (and the Chilling Effects archive) who post the ridiculous C&Ds they receive. Indeed, this ruling may prove to have a true "chilling effect" itself. Hopefully, though, a few more high profile cases of this nature will eventually have it made clear that posting a C&D is perfectly legitimate.

But, wait... there's more! In claiming copyright infringement, the company didn't just go after d2, but used the DMCA to subpoena for information on both d2 and Tom Paine -- even though Tom Paine had absolutely nothing to do with posting the cease-and-desist, and was accused of defamation, not copyright infringement. Luckily, the court saw right through that one, and decided that there was no reason to identify Tom Paine over the copyright issue. And, of course, we don't even get to touch on the questions concerning the rights to anonymity, as well as the safe harbors provided by the company that runs the blog concerning the speech of its users -- all of which are a part of the case as well. So, if you've got some time and want to dig through all the gory legal details, go ahead. But the summary is that there's a bit of good (in that a company that tried to misuse the DMCA to unmask an anonymous blogger was denied -- even if it's a bad sign that the company even thought to use the DMCA in this manner) and there's a lot of bad (in suggesting that it may be infringement to post a generic cease-and-desist). I would imagine this is not the last we'll be hearing of this case.



“Surprise surprise!” G Pyle

http://techdirt.com/articles/20071218/014045.shtml

SEC Computer System Not So Great For Catching Insider Trading

from the whoops dept

Well if the FBI can have a terrible computer system that's useless at catching terrorists, should it really be much of a surprise that the SEC has a computer system that isn't particularly useful at catching insider trading? That, at least, is the word from the Government Accountability Office (GAO) in its latest report to Congress. Apparently the GAO found that the SEC's computer system can't even search referrals from its own investigators concerning insider trading. Of course, what's not clear (at least from the article) is how much the SEC paid for this computer system... and how much more it will cost to get one that's actually useful.



No wonder we can't catch Osama, all our resources are devoted to listen to the phone!

http://blog.wired.com/27bstroke6/2007/12/fbi-recorded-27.html

FBI Recorded 27 Million FISA 'Sessions' in 2006

By Ryan Singel EmailDecember 19, 2007 | 6:36:32 PMCategories: Privacy, Sunshine and Secrecy

At the end of 2006, the FBI's Telecommunications Intercept and Collection Technology Unit compiled an end-of-the-year report touting its accomplishments to management, a report that was recently unearthed via an open government request from the Electronic Frontier Foundation.

Strikingly, the report said that the FBI's software for recording telephone surveillance of suspected spies and terrorists intercepted 27,728,675 sessions.

Twenty-seven million is a staggering number given that the FBI only got 2,176 FISA court orders in 2006 from a secret spy court using the Foreign Intelligence Surveillance Act.

According to the math that means each court order resulted in 12,742 "sessions," all in regards to phone, not internet, surveillance.



Who'd a thunk it?

http://www.techmeme.com/071219/p45#a071219p45

At 71, Physics Professor Is a Web Star

CAMBRIDGE, Mass. — Walter H. G. Lewin, 71, a physics professor, has long had a cult following at M.I.T. And he has now emerged as an international Internet guru, thanks to the global classroom the institute created to spread knowledge through cyberspace.

http://www.nytimes.com/2007/12/19/education/19physics.html?ei=5088&en=78ff7cfea904d7b1&ex=1355720400&adxnnl=1&partner=rssnyt&emc=rss&adxnnlx=1198155874-oYRhkE7RRtxSaw3Ds6l8VA

Wednesday, December 19, 2007

I read this as a good response. Am I missing something?

http://www.pogowasright.org/article.php?story=20071219023511258

S&K Famous Brands web site security breach

Wednesday, December 19 2007 @ 07:04 AM EST Contributed by: PrivacyNews News Section: Breaches

S&K Famous Brands has informed the New Hampshire DOJ of a security breach on October 24, 2007 involving its web site, www.skmenswear.com. The breach put customers' names, addresses, and credit card numbers and expiration dates at risk. The total number of customers affected was not indicated.

In its disclosure to NH, S&K included a phony email to a customer that triggered its investigation. [They listened to a customer? How unusual! Bob] S&K reports that when they were unable to quickly determine whether the web site had been hacked or an email to a customer had been intercepted, they disabled the online store. [Safety first? How unusual! Bob] They then notified credit card issuers, purged or masked credit card data going back seven years, [Ah well, no one is perfect. Bob] and changed all usernames and passwords on the system. They also arranged for a forensics security audit and notified law enforcement.

In their notification to customers, S&K states they had discovered "unauthorized access" to their online store.

Source - Notification Letter to NH DOJ [pdf]



The beginning of the end? TJX seems to have been able to estimate the costs very accurately. I wonder how they did that?

http://www.pogowasright.org/article.php?story=20071219051523345

(follow-up) N.E. banks, TJX reach agreement on breach

Wednesday, December 19 2007 @ 07:04 AM EST Contributed by: PrivacyNews News Section: Breaches

TJX Cos. and New England banks yesterday said they have agreed to settle a high-profile lawsuit over payment card security practices in the wake of the record-setting data breach at the Framingham retailer that compromised up to 100 million accounts.

...Specifics weren't disclosed, but the deal won't add to the $256 million TJX previously had budgeted to deal with the breach, a spokeswoman said yesterday.

In addition to settling with the banks, the figure is meant to cover previous settlements with payment card company Visa International Inc. for up to $40.9 million in costs, and with a class of consumers.

TJX still faces claims from an Alabama bank and probes by federal and state officials.

Source - Boston Globe



We knew this was coming (from Israel) – now: is it a good thing? I think so.

http://www.pogowasright.org/article.php?story=20071219040115104

Behavior scrutinized at O'Hare

Wednesday, December 19 2007 @ 07:01 AM EST Contributed by: PrivacyNews News Section: Other Privacy News

Security screeners schooled in the psychology of observation are on the job at O'Hare International Airport, pulling aside passengers whose behavior may be a tipoff of hostile intentions, the nation's transportation security chief told the Tribune Monday. The federal behavior detection officers are on the lookout for passengers displaying extraordinary stress and fear, or signs of deception during questioning, all earmarks of terrorists who may be on scouting missions to find weak links in airport security, said Kip Hawley, administrator of the U.S. Transportation Security Administration.

Source - Chicago Tribune



Some downsides are very far down... This one could ruin your entire day.

http://www.pogowasright.org/article.php?story=20071219014047594

The Unimaginable...Identity Theft Victim Mistakenly Labeled a Vicious Cop Killer

Wednesday, December 19 2007 @ 07:01 AM EST Contributed by: PrivacyNews News Section: Breaches

Last night Jim Defede and CBS4 News out of Miami, FL aired an exclusive interview with Kevin Wehner the victim of an identity theft whose picture was mistakenly released to the national news while police here were hunting for a cop killer. The Suspect had gone on a shooting rampage that left one officer dead and three others wounded. It was a horrifying day.

.... The police had been intentionally misled by the girlfriend of the "real" killer. She gave them the name and drivers license of Kevin Wehner...an innocent identity theft victim.

... Kevin suddenly realized how it was his name became tied to the on-going events unfolding in South Florida. He was a victim of identity theft and had been struggling to clear his credit identity for years. He had filed various police reports and requests for investigations with the police and the Department of Motor Vehicles. He knew his credit had been ruined -but now he was in shock that he was being called a killer. He feared for his life, rightfully so, and the lives of his family.

Source - American Chronicle



Ethics 101: How to beat the competition.

http://it.slashdot.org/article.pl?sid=07/12/18/215258&from=rss

Major Australian ISP Pulls OpenOffice

Posted by kdawson on Tuesday December 18, @04:55PM from the can't-stand-the-competition dept. Software IT

thefickler writes

"Australia's largest Internet service provider Telstra BigPond has removed OpenOffice from its unmetered file download area following the launch of its own, free, hosted, office application, BigPond Office. The removal of OpenOffice was brought to TECH.BLORGE's attention by a reader, who complained to Telstra BigPond's support department about no longer being able to download OpenOffice updates. The support people were quite open about why OpenOffice was no longer available, i.e. because it was perceived to be competitive with BigPond Office."



Interesting yes, useful?

http://www.bespacific.com/mt/archives/016851.html

December 18, 2007

Digital Economy Fact Book 2007

"The Ninth Edition of The Progress & Freedom Foundation's Digital Economy Fact Book (188 pages, PDF) was released [December 14, 2007]...The resource guide features an expanded section on international data, reflecting the global importance of the digital economy."



WARNING: Highly addictive! (Learn a few new words and end world hunger at the same time.)

http://freerice.com/

Tuesday, December 18, 2007

The two main purposes of gathering all this data are to: 1) spill it to criminals and 2) protect our citizens from Osama bin Lauden

http://www.pogowasright.org/article.php?story=20071217131552369

UK: Millions of L-driver details lost

Monday, December 17 2007 @ 01:15 PM EST Contributed by: PrivacyNews News Section: Breaches

Updated to replace url

The Government has lost the records of more than three million learner drivers from a "secure facility" in Iowa.

Transport Secretary Ruth Kelly told the Commons that the latest security breach did not include personal data such as credit card or bank details.

... Ms Kelly was then forced to concede to MPs: "In May this year, Pearson Driving Assessments Ltd, a private contractor to the Driving Standards Agency, informed the agency that a hard disk drive had gone missing from its secure facility in Iowa City, Iowa. The hard disk drive contained the records of just over three million candidates for the driving theory test."

The records contained the L-driver's name, postal address, phone number, the test fee paid, their test centre, a code indicating how the test was paid for and an e-mail address.

Source - Guardian


Purpose number one...

http://www.pogowasright.org/article.php?story=20071217072227340

UK: Details of 160,000 children lost in London

Monday, December 17 2007 @ 07:22 AM EST Contributed by: PrivacyNews News Section: Breaches

All deliveries of patient information in London have been halted, and the chief executive of NHS London has begun a review of data transfer arrangements after a CD containing details of 160,000 children was lost.

The encrypted CD containing names addresses and dates of birth was lost in transit from BT to St Leonard’s Hospital, Hackney in an incident that occurred on 14 November.

However, fears the CD could contain enough information to enable ID theft, or place children at risk, have been allayed thanks to BT and the NHS trust concerned – City and Hackney PCT - following NHS data protection procedures.

Source - E-Health Insider
Related - Daily Mail



This is novel. I doubt anyone could be convicted if “willful” is the criteria – just send your boss an e-mail once a year saying “we gotta do more!”

http://www.pogowasright.org/article.php?story=20071217170343355

UK: Civil servants face prison for leaving the public open to identity theft

Monday, December 17 2007 @ 05:03 PM EST Contributed by: PrivacyNews News Section: Breaches

Civil servants face being jailed for gross failures to safeguard personal information under a clampdown in response to the loss of discs with child benefit records of 25 million people.

Ministers have accepted proposals to create new criminal penalties to cover the most serious breaches of data protection law after current powers were criticised as being too weak.

Government sources told The Times that the offence of wilfully abusing data could carry a maximum term of two years’ imprisonment rather than a fine under plans being considered.

Source - TimesOnline



Ohio does it again. It's almost as if someone was conspiring to make them look bad.

http://www.pogowasright.org/article.php?story=2007121706574390

OH: Glitch reveals sealed adoption records

Monday, December 17 2007 @ 06:57 AM EST Contributed by: PrivacyNews News Section: Breaches

A glitch in Ohio’s troubled child-welfare system is revealing information from sealed adoption records, a data breach some child advocates say is a massive violation of confidentiality. The data breach involves children who were adopted out of the foster-care system and now are enrolled in a children’s health insurance program in 35 Ohio counties, said Dennis Evans, spokesman for the Ohio Department of Job and Family Services.

.... In some cases, when medical personnel use the number on the Medicaid cards to look up health records, the system emits sealed data such as a birth mother’s name.

Source - Ohio.com



Your government loves you...

http://www.pogowasright.org/article.php?story=20071217074525542

How Easy is it to Get Tax Information from the IRS? Very.

Monday, December 17 2007 @ 07:45 AM EST Contributed by: PrivacyNews News Section: Breaches

.... I decided to do a little investigation and see just how easy it would be to call and get someone at the IRS to fax me my life. What I found out shocked me and it should shock you, as well.

..... Before calling, I had setup a free eFax number using the K7 Service that ICWT wrote about recently and provided that number to the representative. A few minutes later, I had in my hand completely uncensored transcripts for the 2005 and 2006 tax years which disclosed - among other things - my employer, where I went to school and who was paying me as an independent contractor as well as how much each was paying me. It also disclosed the fact that I got unemployment compensation in Ohio and how much I got. The file contains extensive personal information on me, so it has been heavily redacted so that my own identity doesn’t wind up being converted for someone else’s use.

... To get the info, all you need is a name, social security number, date of birth and mailing address. Oh yes, they do ask you if you are the named taxpayer. You have to say yes. Tough security, huh?

Source - ICWT: In Corruption We Trust (blog)



...because...

http://www.pogowasright.org/article.php?story=20071217065354863

Data “Dysprotection:” breaches reported last week

Monday, December 17 2007 @ 06:53 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



Where there's a will there a way.

http://it.slashdot.org/article.pl?sid=07/12/17/1754257&from=rss

New Vista Random Numbers to Include NSA Backdoor?

Posted by ScuttleMonkey on Monday December 17, @04:15PM from the advice-is-to-never-enable-it.-Ever. dept.

Schneier is reporting that Microsoft has added the new Dual_EC-DRBG random-number generator to Vista SP1. This random-number generator is the same one discussed earlier that may have a secret NSA backdoor built into it.



Since government is finding ways around the Tabor amendment, we will start sinking in the rankings...

http://www.bespacific.com/mt/archives/016835.html

December 17, 2007

Economic Ranking of All 50 States Released

"This new publication by the American Legislative Exchange Council, Rich States/Poor States: ALEC-Laffer State Economic Competitiveness Index, by Arthur B. Laffer and Stephen Moore, is an invaluable resource for state lawmakers and citizens to evaluate their state’s fiscal and economic policies, while analyzing their results and ramifications."



Interesting. We pass illegal laws and then pay to keep them.

http://www.siliconvalley.com/news/ci_7743402?nclick_check=1

U.S., EU agree on compensation over online gambling ban

Associated Press Article Launched: 12/17/2007 09:09:21 AM PST

GENEVA - The United States will provide the European Union with new trade concessions in mail services and warehousing as part of a compensation deal over Washington's refusal to lift restrictions on Internet gambling, the European Union said Monday.

Monday, December 17, 2007

You know you've screwed up when Harvard makes you a case study.

http://yro.slashdot.org/article.pl?sid=07/12/17/0314218&from=rss

A Legal Analysis of the Sony BMG Rootkit Debacle

Posted by kdawson on Monday December 17, @01:21AM from the bad-ideas-just-keep-on-coming dept. Security Sony

YIAAL writes "Two lawyers from the Berkeley Center for Law and Technology look at the Sony BMG Rootkit debacle: 'The Article first addresses the market-based rationales that likely influenced Sony BMG's deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG's internal strategizing demonstrates a failure to adequately value security and privacy. [Remember, this is a Japanese company. Their culture is not our culture. Bob] After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures, the Article examines law, the third vector of influence on Sony BMG's decision to release flawed protection measures into the wild, and argues that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict these harms on the public.' Yes, under 'even the most charitable interpretation' it was a lousy idea. The article also suggests some changes to the DMCA to protect consumers from this sort of intrusive, and security-undermining, technique in the future."



This was inevitable. I suspect there are many other products to locate and capture communications originating in the workplace.

http://www.infoworld.com/article/07/12/17/Software-tracks-messages-sent-to-and-from-BlackBerrys_1.html?source=rss&url=http://www.infoworld.com/article/07/12/17/Software-tracks-messages-sent-to-and-from-BlackBerrys_1.html

Software tracks BlackBerry messages

Gwava's software makes sense of BlackBerry Enterprise Server logs, CEO says

By Nancy Gohring, IDG News Service December 17, 2007

Gwava, a developer of security software, plans to introduce on Monday a new product that lets enterprises easily track and find text messages and phone calls that BlackBerry users send and receive.

The software should appeal to enterprises that need to comply with regulations that require them to track employee communications.



Another alternative to the RIAA? (Okay, no movies yet, but you see my point?)

http://www.killerstartups.com/Web-App-Tools/RightsAgentcom---Protect-Your-Content/

RightsAgent.com - Protect Your Content

RightsAgent.com protects your content and makes sure you get credit for your work. RightsAgent.com lets you register online where you publish and collect all of your content in one personal feed which interested individuals can subscribe to. This feed is very useful because your audience will always be able to access your content no matter what site it is posted on. The subscription gives you direct contact with your audience. RightsAgent.com gives you commercial licensing options which will give you control over how your content can be republished. When your content is licensed you are reaching a larger audience and your popularity grows. RightsAgent.com can help you reach more people and at the same time protect your rights to your content.

http://rightsagent.com/



Gotta be useful to someone?

http://www.bespacific.com/mt/archives/016822.html

December 16, 2007

International and Foreign Legal Research: A Coursebook

International and Foreign Legal Research: A Coursebook, by Marci Hoffman Associate Director, International & Foreign Law Librarian, University of California, Berkeley, School of Law Library and Mary Rumsey, Foreign, Comparative & International Law Librarian, University of Minnesota Law School Library, Martinus Nijhoff Publishers, Leiden / Boston (2007).

Select individual chapters to see a detailed table of contents, updated information on sources, and sample exercises.

Sunday, December 16, 2007

It's not always organizations who don't know any better – sometimes it's the ones who claim to know it all... (Remember, it's not IF, it's WHEN)

http://www.pogowasright.org/article.php?story=20071215140042398

Deloitte partner, principal confidential information on stolen laptop

Saturday, December 15 2007 @ 02:00 PM EST Contributed by: PrivacyNews News Section: Breaches

A laptop containing the personal information of an undisclosed number of Deloitte & Touche partners, principals and other employees was stolen while in possession of a contractor responsible for scanning the accounting firm's pension fund documents, SCMagazineUS.com learned today.

The computer contained confidential data, including names, Social Security numbers, birth dates, and other personnel information, such as hire and termination dates, according to a Dec. 6 letter Deloitte sent to victims. Some of the information belonged to people working at Deloitte subsidiaries.

Source - SC Magazine

(Props, Fergie's Tech Blog)

[From the article:

The laptop, stolen during Thanksgiving week, was protected by a password but was not encrypted, according to the letter. [Interesting how most reporters are now asking this question... Bob]

... “What is particularly egregious about this situation is that Deloitte is a ‘noted' security expert with seminars, whitepapers, service lines, etc.,” he told SCMagazineUS.com in an email today. “One would think there would be security and encryption standards for all sensitive personal data, whether managed internally or by outside vendors.”

... In addition we have an ongoing program to identify vendors who access confidential information regarding our personnel and to confirm that they have implemented appropriate protections.” [Either this was in effect, but not followed or it is new. Bad either way. Bob]



It was the phony police dog that did it...

http://www.computerweekly.com/Articles/2007/12/14/228612/police-impersonators-steal-kit-worth-1m-from-verizon.htm

Police impersonators steal kit worth £1m from Verizon UK

Author: Ian Grant Posted: 14:23 14 Dec 2007

Robbers stole computer equipment from a Verizon Business datacentre in London after persuading staff they were police chasing criminals they had seen on the building's roof.

Verizon confirmed the theft, saying "On 6 December 2007 at approximately 2117 GMT the Verizon Business UK's facility experienced an equipment-related incident.



I'm not a lawyer, but this looks important to me... Question: Would this apply to the personal data I “loaned” to TJX to complete my credit card transaction?

http://www.mondaq.com/article.asp?articleid=55338

United States: Conversion of E-Data

13 December 2007 Article by Nick Akerman

Originally appeared in The National Law Journal, October 1, 2007.

... ‘Thyroff’ Opened Another Route To Remedy Data Theft

The CFAA’s monopoly on the protection of computer data changed dramatically early this year with a decision from New York’s highest court in Thyroff v. Nationwide Mutual Insurance Co., 8 N.Y.3d 283 (N.Y. 2007). The court abandoned the tangible/intangible property distinction and held that conversion applies to computer data. This article examines the holding in Thyroff, how it extended the law of conversion that has been developing in other state jurisdictions and the practical differences between conversion and a cause of action based on the CFAA.

... Thyroff abandoned the merger doctrine for two reasons. First, it recognized that "[a] document stored on a computer hard drive has the same value as a paper document kept in a file cabinet." Id. At 292. Second, the court relied on the pervasive use of computer data to replace paper documents and determined that "the tort of conversion must keep pace with the contemporary realities of widespread computer use." Id. at 292. As the court stated, "society’s reliance on computers and electronic data is substantial, if not essential," and "[c]omputers and digital information are ubiquitous and pervade all aspects of business, financial and personal communication activities." Id. at 291-92.



“Hello, Mr. Berkowitz, this is the dog next door...”

http://yro.slashdot.org/article.pl?sid=07/12/15/1846234&from=rss

Beamed Sonic Advertising Is Coming

Posted by kdawson on Saturday December 15, @02:57PM from the told-you-i-was-hearing-voices dept. Privacy

newtley writes in with a story from Ad Age a few days back. "Advertisers are determined to get into your head by one means or another, and Holosonic Research Labs has found yet another way of invading your privacy in the name of forcing you pay attention. You're walking down a street in New York when all of a sudden, a woman's voice whispers 'Who's that? Who's There?' No, you weren't having a psychotic episode; you were being subjected without your permission to 'sound in a narrow beam, just like light.' It was coming at you from a rooftop speaker seven stories up."



“Those who do not study history are doomed to repeat it” Georges Santayana

http://slashdot.org/article.pl?sid=07/12/15/2327235&from=rss

Computer History Museum's YouTube Channel

Posted by kdawson on Saturday December 15, @10:43PM from the way-it-was dept. Television Technology

Doctor-R writes "The Computer History Museum in Mountain View, CA has created a new YouTube channel for videos of their lecture series. Newest is the Dec 10 panel on the 25th Anniversary of the Commodore 64. Currently there are 23 lectures available and the 7-minute Museum overview."



Is this easy enough for a e-garage sale?

http://www.killerstartups.com/eCommerce/Spotmerchantcom---The-Complete-Online-Store-Solution/

Spotmerchant.com - The Complete Online Store Solution

Spot Merchant offers templates to build and manage online stores, without the need to install software. They target small- and medium-sized web2.0 store owners. Users are able to choose from a list of functions and pricing models, ranging from $36 to $296 per month, that allow the owner to clearly display items, track inventory, and pay with Google Checkout and PayPal. Spot Merchant seeks to provide both the owner and customer with a template that is user-friendly and generates sales results. A store can be set up in a matter of minutes, and Spot Merchant offers free trials to ensure that it is the right solution for the vendor.

http://www.spotmerchant.com/