Thursday, April 03, 2008

Granted it's only a footnote, but what were these lawyers smoking at the time?

http://www.pogowasright.org/article.php?story=20080402184934948

Administration Asserts No Fourth Amendment for Domestic Military Operations

Wednesday, April 02 2008 @ 06:49 PM EDT Contributed by: PrivacyNews News Section: Fed. Govt.

Today's Washington Post reports on a newly released memo, "Memorandum for William J. Haynes II, General Counsel of the Department of Defense Re: Military Interrogation of Alien Unlawful Combatants Held Outside the United States" (March 14, 2003) , which which was declassified and released publicly yesterday. Balkinization has commentary on the very troubling opinion.

While the newly released memo focuses on "asserting that federal laws prohibiting assault, maiming and other crimes did not apply to military interrogators," it contains a footnote referencing another Administration memo that caught our eye:

... our Office recently concluded that the Fourth Amendment had no application to domestic military operations. See Memorandum for Alberto R. Gonzales, Counsel to the President, and William J. Haynes, II, General Counsel, Department of Defense, from John C. Yoo, Deputy Assistant Attorney General and Robert J. Delahunty, Special Counsel, Re: Authority for Use of Military Force to Combat Terrorist Activities Within the United States at 25 (Oct 23, 2001). (emphasis added)

Source - EFF



I thought we we done with this – have they waited until the end of the first quarter to close this deal? Sort of spreading the pain?. I wonder what else is hanging. (Note: this does not help customers.)

http://www.pogowasright.org/article.php?story=20080402123614187

MasterCard Reaches Agreement with TJX to Provide Issuers Worldwide up to $24 million for Data Breach Claims

Wednesday, April 02 2008 @ 12:36 PM EDT Contributed by: PrivacyNews News Section: Breaches

MasterCard Worldwide today announced it has reached an agreement with The TJX Companies Inc. (TJX) to offer an Alternative Recovery Program to MasterCard issuers affected by the previously announced data breach of TJX.

The agreement calls for TJX to provide up to $24 million to support an Alternative Recovery Program to settle claims made by issuers to recover costs and losses they claimed to have incurred in connection with the breach. Issuers must have previously filed claims and agree to the Alternative Recovery Program's terms to be eligible for compensation funded by the agreement.

Source - PR Newswire

[From the article:

The agreement is contingent upon the acceptance of issuing financial institutions representing at least 90 percent of the claimed-on MasterCard accounts. [Think it will fly? Bob]



Not a big privacy breach, but these are the worker bees, so I expect them to have a bit more interest in privacy legislation in the future...

http://www.pogowasright.org/article.php?story=20080402194700996

Aides’ private info exposed

Wednesday, April 02 2008 @ 07:47 PM EDT Contributed by: PrivacyNews News Section: Breaches

PogoWasRight.org editor's note: not everyone might consider this a privacy breach, but I do, so I am including it under breaches. -- Dissent.

Furious senior House aides are demanding committee action against a website that has posted their bank account numbers, signatures, home addresses and children’s names that are included in financial disclosure documents.

Some are demanding legal action against the website LegiStorm, which since February has been posting congressional documents online as a way to increase transparency in government. Aides have brought their complaints to the House Administration Committee and the clerk of the House.

Staffers, however, are unsatisfied so far and say they may protest by refusing to turn in personal disclosure forms by the May 15 deadline. They worry the online information could lead to identify theft or their being targeted by criminals, and some are pleading for intervention from lawyers at the House General Counsel’s office.

Source - The Hill

[The web site: http://www.legistorm.com/

[From the article:

LegiStorm founder Jock Friedly has refused to remove the names of children, home addresses and staffers’ signatures. In defending his company, he said it is up to the House and Senate to remove information from the forms if it is sensitive.

“If they fell down on their jobs, it’s not our fault,” he said.



Tools & Techniques “What's in your backyard?”

http://www.news.com/8301-10784_3-9909638-7.html?part=rss&subj=news&tag=2547-1_3-0-5

Homeland Security: We're ready to launch spy satellite office

Posted by Anne Broache April 2, 2008 9:00 PM PDT

WASHINGTON--A plan to expand the number of government police and security agencies that can tap into detailed satellite images is proceeding, despite concerns from Congress, the head of the U.S. Department of Homeland Security said Wednesday.

During a roundtable discussion with bloggers and journalists here, Secretary Michael Chertoff said a "charter has been signed" to create a new office, which will serve as a clearinghouse for requests from law enforcement, border security, and other domestic homeland security agencies to view feeds from powerful satellites. It will be called the National Applications Office.

... As part of its efforts to detect network intrusions in real time, Homeland Security has said it plans to expand use of an existing system known as Einstein, that will, among other things, monitor visits from Americans and foreigners [Isn't that pretty much everybody? Bob] visiting .gov Web sites. The set-up is in place at 15 federal agencies, but Chertoff has asked for $293.5 million from Congress in next year's budget to roll it out governmentwide.



Tools & Techniques Think of it as the convergence of wiretapping with anything electronic...

http://blog.wired.com/27bstroke6/2008/04/democratic-lawm.html

Democratic Lawmaker Vouches for Bush Administration's Secret Plan to End Cyber War

By Kevin Poulsen April 02, 2008 | 2:39:13 PM

You'd think by this point House Democrats would be a little leery when the Bush administration comes up a new threat that it says can only be combated by a secret, warrantless NSA surveillance program requiring assistance from the private sector.

... The op-ed doesn't elaborate on what kind of secret cyber security programs they're hoping to keep out of the public view -- probably because, you know, they're secret.

But in a January New Yorker story -- the one where McConnell first made the comparison between September 11 and hack attacks -- we find these details.

In order for cyberspace to be policed, internet activity will have to be closely monitored. Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the authority to examine the content of any e-mail, file transfer, or web search. "Google has records that could help in a cyber-investigation," he said. Giorgio warned me, "We have a saying in this business: 'Privacy and security are a zero-sum game.'"


Related?

http://news.zdnet.co.uk/security/0,1000000189,39378374,00.htm

US reveals plans to hit back at cyber threats

Tom Espiner ZDNet.co.uk Published: 02 Apr 2008 17:27 BST

The US Air Force Cyber Command is developing capabilities to inflict denial of service, confidential data loss, data manipulation, and system integrity loss on its adversaries, and to combine these with physical attacks, according to a senior US general.



This is called “A grasp of the obvious” (Depressing chart in the article states that only 9% of companies surveyed encrypted data to protect privacy...)

http://www.pogowasright.org/article.php?story=20080402124109250

Data Loss Problems Still Not A Priority At Most Companies

Wednesday, April 02 2008 @ 12:41 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

The tech industry's out to thwart data breaches at supermarkets, on social networks, in banks and schools, and across government and business, but it has a long way to go to get out the word about available products.

Identity theft remains a big issue, yet relatively few companies plan to use data loss prevention products on their computers. Makers of such products hope regulations will boost the market.

[...] Many data security purchases have been reactive, says RSA's Corn. But he sees three trends changing this. One is a rising interest in how to protect data on network endpoints such as PCs and laptops.

Another is that more firms, spurred in part by regulations that force companies to disclose data breaches, are trying to get a handle on the sensitive information they keep. A third driver is that firms are doing more to codify policies around data — determining where data should and shouldn't go.

Source - Investors.com


Related (This is what happens when security is not a priority?)

http://www.pogowasright.org/article.php?story=2008040219011435

The Identity Theft Resource Center Reports That Data Breaches More Than Doubled in 2008 First Quarter

Wednesday, April 02 2008 @ 07:01 PM EDT Contributed by: PrivacyNews News Section: Breaches

Data breaches disclosed by Hannaford Bros Supermarket Chain, GE Money, and Georgetown University are just some of the 167 breaches reported during the first quarter of 2008, according to the non-profit Identity Theft Resource Center (ITRC). This is more than double the first quarter in 2007 (76 breaches).

.... The 2008 ITRC Breach Report, as of 3/31/2008, reflects 167 reported breaches, more than 1/3 of the total number of breaches for calendar 2007. ITRC also categorizes these breaches into the following areas: Business (35.9%); Educational (25.2%); Government/Military (18%); Medical/Healthcare (13.8%); and Banking/Credit/Financial (7.2%). These 2008 Breach Reports are available on the ITRC website: www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml

Source - Yahoo!

[From the article:

These 2008 Breach Reports are available on the ITRC website: (www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml) ITRC will also provide comparison information from previous years.


Related Security Training can't hurt.

http://www.pogowasright.org/article.php?story=20080403062731656

Don't blame 'stupid users' for data breaches

Thursday, April 03 2008 @ 06:27 AM EDT Contributed by: PrivacyNews News Section: Breaches

Security breaches that can be traced back to the actions of one individual are not the fault of one "stupid" employee but rather a failure to educate and engage the whole workforce around the importance of good security practice, according to a leading academic.

Source - ZDNet



AKA “The Embarrassing Question Source Book” (Not that politicians can be embarrassed.

http://www.bespacific.com/mt/archives/018005.html

April 02, 2008

Congressional Pig Book 2008: Annual Compilation of Pork-Barrel Projects in Federal Budget.

News release: "Citizens Against Government Waste (CAGW) today released the 2008 Congressional Pig Book, the latest installment in an 18-year exposé of pork-barrel spending...In fiscal year 2008, Congress stuffed 11,610 projects (the second highest total ever) worth $17.2 billion into the 12 appropriations bills. That is a 337 percent increase over the 2,658 projects in fiscal year 2007, and a 30 percent increase over the $13.2 billion total in fiscal year 2007. Alaska led the nation with $556 in pork per capita ($380 million total), followed by Hawaii with $221 ($283 million) and North Dakota with $208 ($133 million). CAGW has identified $271 billion in total pork since 1991."


Related Should Colorado's congressbeings do better?

http://www.cnn.com/2008/POLITICS/04/02/pork.spending/index.html?eref=rss_topstories

updated 5:12 p.m. EDT, Wed April 2, 2008

'Pig Book' names congressional porkers



Is this as logical as it seems to me?

http://www.pogowasright.org/article.php?story=20080403062943305

Making Available != Distribution, Says Court in London-Sire v. Doe

Thursday, April 03 2008 @ 06:29 AM EDT Contributed by: PrivacyNews News Section: In the Courts

As we mentioned yesterday, a New York court in Elektra v. Barker gave a boost to the recording industry by ruling that an offer to distribute a file on a P2P network can infringe the distribution right, even if no one ever actually downloaded it from you. Well, on the same day, a Massachusetts court in London-Sire v. Doe ruled just the opposite, holding that "merely exposing music files to the internet is not copyright infringement" (we just received the ruling today).

EFF filed an amicus brief in this case (formerly known as Atlantic v. Does 1-21), and our arguments appear to have found a more receptive audience in Boston that they did in New York City (the judge thanks us for our participation on page 11). The 52-page ruling is the most extensive analysis yet of the recording industry's "making available" argument, which claims that you infringe copyright merely by having a song in your shared folder, even if no one ever downloads it.

Source - EFF



A good bad example. How not to introduce biometric tools

http://www.pogowasright.org/article.php?story=20080402180827239

AU: Ku-ring-gai High students 'forced' to accept ID scans

Wednesday, April 02 2008 @ 06:08 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

A SYDNEY high school has been accused of intimidating students into having their fingerprints scanned for a new attendance monitoring system, and branding parents who object as "idiots".

Parents of students at Ku-ring-gai High School in Sydney's north say their children have been bullied into taking part in a trial of the scheme introduced this week.

Source - Herald Sun



Tools & Techniques Perhaps this will be integrated into your on-board GPS?

http://hosted.ap.org/dynamic/stories/T/TECHBIT_SPEED_TRAPS?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

New Mobile Service Fights Speed Traps

By ANICK JESDANUN AP Internet Writer Apr 2, 4:39 PM EDT

NEW YORK (AP) -- In a modern equivalent of flashing your headlights to warn other motorists of police speed traps, you can now warn fellow drivers with a cell phone or personal digital assistant about speed traps, red-light cameras and other threats to ticket-free driving.

And as you approach a known threat, you'll get an audio alert on your mobile device.

The developer of Trapster, Pete Tenereillo, said the system, which requires punching in a few keys such as "pound-1" to submit information to Trapster's database, should comply with laws banning talking on cell phones.



Interesting?

http://www.techcrunch.com/2008/04/02/zillow-disrupts-lending-market-with-mortgage-marketplace/

Zillow Disrupts Lending Market With Mortgage Marketplace

Mark Hendrickson April 2 2008

Zillow, the site where you can find pricing estimates and other info about houses around the United States, aims to disrupt the online lending market with the launch of its Mortgage Marketplace.

No comments: