Friday, February 22, 2008

Because there is a market for data on individuals...

http://www.pogowasright.org/article.php?story=20080221184332137

Reed Elsevier Buys ChoicePoint for $3.6B

Thursday, February 21 2008 @ 06:43 PM EST Contributed by: PrivacyNews News Section: Businesses & Privacy

ChoicePoint Inc., a 1997 spinoff of credit agency Equifax, is being acquired by the parent of LexisNexis in a cash deal worth $3.6 billion, a major premium for a company that weathered an embarrassing breach of its database, federal investigations and a stock-trading probe of its top two executives. ,p> The deal combines ChoicePoint's data and analytics assets with LexisNexis' technology, a marriage that will strengthen the combined entity's ability to meet growing demand for their services, especially in the insurance field.


...and the industry response.

http://www.bespacific.com/mt/archives/017575.html

February 21, 2008

EPIC Raises Issue of Privacy in Response to Reed Elsevier Acquisition of ChoicePoint

Press release: "Reed Elsevier to acquire ChoicePoint for a total cost of $4.1 billion (£2.1 billion/€2.8 billion) payable in cash. This comprises an equity value of $3.5 billion and the assumption of $0.6 billion of net debt. Combination of ChoicePoint with the LexisNexis Risk Information and Analytics Group will create a risk management business with $1.5 billion in revenues and a leading position in the fast growing risk management marketplace...ChoicePoint has a leading position in providing unique data and analytics to the attractive insurance sector (over 50% of Choicepoint's $982 million revenue and 80% of its business operating income from continuing operations in 2007) and highly complementary products and new capabilities in the screening, authentication and public records areas."

  • EPIC: "Reed-Elsevier, corporate parents of Lexis-Nexis, has made a move to acquire Choicepoint, the databroker. Consumer privacy will be seriously affected if the merger is approved without any privacy safeguards. The previous Google-Doubleclick merger involving two large databases of personal information similarly raised privacy as well as antitrust issues. Choicepoint is a large player in the commercial databroker market and has been the target of an EPIC privacy complaint and an FTC investigation and fine for the privacy harms its business practices cause. For more see EPIC's page on Choicepoint."



If TJX isn't liable and Visa is contractually immune, who is left holding the bag?

http://www.pogowasright.org/article.php?story=20080221184938464

Banks: Losses From Computer Intrusions Up in 2007

Thursday, February 21 2008 @ 06:49 PM EST Contributed by: PrivacyNews News Section: Breaches

U.S. financial institutions reported a sizable increase last year in the number of computer intrusions that led to online bank account takeovers and stolen funds, according to data obtained by Security Fix. The data also suggest such incidents are becoming far more costly for banks, businesses and consumers alike.

Source - Security Fix blog



Is this the future?

http://www.pogowasright.org/article.php?story=20080221220418620

Librarian Takes Sprint Nextel & Wells-Fargo To Small Claims Court And Wins

Thursday, February 21 2008 @ 10:04 PM EST Contributed by: PrivacyNews News Section: Breaches

Last December, Theodore Karantsalis received a letter from Sprint, where he was a customer, telling him that someone who banks with Wells-Fargo—where he's not a customer—was presented with his invoice and personal data when they logged into their Wells-Fargo Checkfree account. The customer contacted Sprint, and Sprint contacted Karantsalis. Karantsalis decided that he'd deal with the issue on his own instead of bringing a lawyer into it or throwing his hands up in frustration, so he took both companies to small claims court.

Source - The Consumerist

[From the article:

Is the objective to make the consumer whole, in the sense of getting them to the point financially where they would have been the data privacy booboo never happened?

Is it to make it much more likely that the wrong will never be repeated, sparing other consumers of the headache? Is it to make money for the consumer? Is it, dare I say, to make moneys for the law firms?

The recent TJX lawsuits, for example, could be said to have failed for their consumer plaintiffs on all of those objectives, other than making money for the law firms and even that money was rather paltry


speaking of whom...

http://www.pogowasright.org/article.php?story=20080222062158625

Insurance Company Reimburses TJX Almost $19 Million For Data Breach

Friday, February 22 2008 @ 06:21 AM EST Contributed by: PrivacyNews News Section: Breaches

In the middle of a better-than-expected earnings report from TJX on Wednesday, the retailer whose databreach of 100 million cards was the worst in credit card history reported that it was paid somewhat less than $19 million by its insurance company.

Referring to $178 million the chain had set aside to deal with data-breach-related costs, TJX said that on Jan. 26, 2008, "TJX reduced the reserve by $19 million, primarily due to insurance proceeds with respect to the computer intrusion, which had not previously been reflected in the reserve, as well as a reduction in estimated legal and other fees as the Company has continued to resolve outstanding disputes, litigation and investigations."

Source - StoreFrontBackTalk



We were discussing this last night. It's not “can you...” it's “how quickly can you...”

http://yro.slashdot.org/article.pl?sid=08/02/22/026256&from=rss

Cell Phone Encryption Exploit Demonstrated

Posted by Soulskill on Friday February 22, @02:09AM from the wiretapping-on-the-cheap dept.

Saxophonist brings us a story from Forbes about security researchers who demonstrated a new method for breaking the encryption on GSM cellular signals. The presentation was made at the recent Black Hat conference, and it's notable for the fact that the technique only requires "about half an hour with just $1,000 in computer storage and processing equipment." The researchers also claim to have found a faster method, which they intend to market for $200,000 - $500,000. Quoting: "Undetectable, 'passive' systems like the one that Muller and Hulton have created aren't new either, though previous technologies required about a million dollars worth of hardware and used a "brute force" tactic that tried 33 million times as many passwords to decrypt a cell signal. All of that means, Hulton and Muller argue, that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years. 'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."



...and we'd also like to know...

http://www.kpho.com/news/15356620/detail.html?rss=pho&psp=news

ASU May Require Mental Illness Disclosure

POSTED: 12:11 pm MST February 20, 2008

MESA, Ariz. -- An Arizona State University committee considering ways to improve campus safety in the wake of recent campus shootings may suggest that students be required to disclose their mental health histories.

Lawmakers and university administrators in other states, particularly Virginia and Florida, have been pushing measures to open students' private psychological records to schools and police.



The debate continues.

http://blogs.cnet.com/8301-13554_1-9876062-33.html?tag=bnpr

Electronic voting and partial audits

Posted by Michael Horowitz February 21, 2008 10:15 AM PST

On February 16th fellow CNET blogger Robert Vamosi wrote an item headlined "With improvements, e-voting could be good, says researcher." I think that e-voting is a very bad thing and that no "improvements" will ever convert it to a good thing. But I'm not an expert on the subject, so I asked Rebecca Mercuri, a specialist in computer security and electronic voting, if she would like to respond to the claim made by the "researcher" in question. Mercuri has appeared many times on the Personal Computer Show to discuss electronic voting, which is where our paths previously crossed. Her response is below.

No comments: