Thursday, June 05, 2008

Is “how big” really an important issue in breach disclosure?

http://www.pogowasright.org/article.php?story=20080603133358351

Exclusive: AT&T notifies employees of laptop theft

Wednesday, June 04 2008 @ 08:12 AM EDT Contributed by: PrivacyNews News Section: Breaches

PogoWasRight.org has learned that a laptop containing an unencrypted file with names, Social Security numbers and salary and bonus payments for AT&T management employees was stolen from an employee's vehicle on May 15. No customer or client data were on the stolen laptop. The extent of the breach is currently unknown as AT&T repeatedly declined to disclose the number of employees affected "as a matter of policy."

AT&T also declined to divulge the location of the theft because law enforcement is still investigating and the company does not want to alert the thief that the laptop contains personal information. As of today, the laptop has not been recovered, but AT&T believes that the theft was a random theft for the hardware and not for the data.

Employees were first alerted to the theft on the evening of May 22nd by email from Bill Blase, Senior Executive Vice President - Human Resources. In a letter (page 1 of 2) and companion Q&A (.doc) provided the following day, AT&T indicated that the laptop was password-protected but that security protocols had not been followed. [Interesting that they give employees an option... Bob] AT&T spokesperson Walt Sharp confirmed to PogoWasRight.org that the data should have been encrypted but had not been. The employee in question was disciplined by the company, but no further details were provided.

When asked whether the employees were all from one geographic area or location, Sharp replied that the employees were spread out across AT&T's locations.

AT&T is offering free credit monitoring to those affected, and states that it is reminding employees of their responsibilities to protect personal data. The telecom also says that it is "in the process of encrypting devices," but that may be small comfort to those whose data were on the stolen laptop.

"I'm very disappointed in my company," said one affected employee. "Eight days passed before we were notified. And, it took up to another ten days to be informed about requesting a fraud alert and to be given instructions for signing up for credit watch. It is pathetic that the largest telecom company (based on revenue) in the world doesn't encrypt basic personal information. I receive company internal emails reminding me to contact our legislators about relieving the company of the burdens of regulation. What happened here shows the company isn't ready to have those burdens lifted."



“Dude, we gotta work at our own pace!”

http://www.pogowasright.org/article.php?story=20080605062211291

Ca: 32,000 farmers' data on stolen laptop

Thursday, June 05 2008 @ 06:22 AM EDT Contributed by: PrivacyNews News Section: Breaches

It took more than two months for a federal government agency to alert 32,000 farmers, including 7,000 Manitobans, that their private information was in unknown hands after a laptop was stolen.

... Although the theft happened March 30, Canadians weren't sent letters until last week informing them their social insurance numbers, bank account numbers and other data had been stored on a laptop stolen from the Canadian Canola Growers Association (CCGA).

Source - Winnipeg Free Press

[From the article:

The laptop was password-protected and secured with biometric fingerprinting, said CCGA general manager Rick White, but the data was not encrypted. He said the organization is now encrypting computer data in light of the theft. [They had months (years) to get this practice in place before the theft – now they've implemented it in mere weeks? Bob]



Is this the first “hardware virus?” Could China eventually use this technology to print robot spies anywhere they want? (Think miniature Mars rovers)

http://hardware.slashdot.org/article.pl?sid=08/06/04/2312227&from=rss

Machine Prints 3D Copies Of Itself

Posted by samzenpus on Thursday June 05, @07:57AM from the breed-like-robots dept. Robotics Technology

TaeKwonDood writes

"Automated machines have been around for decades. They have basically been dumb devices that do simple assembly tasks. But RepRap takes that a step further because, instead of assembling pre-fabricated parts, it creates 3-D objects by printing them — squirting molten plastic in layers — and then building them up as the plastic solidifies. It works on coat hooks, door handles and now it can even make working copies ... of itself. The miracle of additive fabrication, coming soon to a robotic overlord near you."



Because we can, we must. (Also known as the “Stand back! I've got my hands on technology and I know how to mis-use it!” syndrome.)

http://www.pogowasright.org/article.php?story=20080604132710927

Study secretly tracks cell phone users outside US

Wednesday, June 04 2008 @ 01:27 PM EDT Contributed by: PrivacyNews News Section: Surveillance

Researchers secretly tracked the locations of 100,000 people outside the United States through their cell phone use and concluded that most people rarely stray more than a few miles from home. more stories like this

The first-of-its-kind study by Northeastern University raises privacy and ethical questions for its monitoring methods, which would be illegal in the United States.

Source - Boston.com

[From the article:

The study, published Thursday in the journal Nature, opens up the field of human-tracking for science and calls attention to what experts said is an emerging issue of locational privacy.

... They started with 6 million phone numbers and chose the 100,000 at random to provide "an extra layer" of anonymity for the research subjects, he said. [So... They could have studied all 6 million? Bob]

Barabasi said he did not check with any ethics panel. Hidalgo said they were not required to do so because the experiment involved physics, not biology.



Looks like we are applying what we learned in Baghdad domestically...

http://dcist.com/2008/06/04/mpd_to_seal_off.php

June 4, 2008

Police to Seal Off D.C. Neighborhoods

Can you say Police State? The Examiner has the scoop on a controversial new program announced today that would create so-called "Neighborhood Safety Zones" which would serve to partially seal off certain parts of the city. D.C. Police would set-up checkpoints in targeted areas, demand to see ID and refuse admittance to people who don't live there, work there or have a “legitimate reason” to be there.



Several questions occur: Is this a bump that will fade with time? Is there a correlation between 'abstainers' and IQ? Will abstentions become probable cause?

http://news.slashdot.org/article.pl?sid=08/06/04/2234235&from=rss

Data Retention Proven to Change Citizen Behavior

Posted by samzenpus on Wednesday June 04, @10:04PM from the I-always-feel-like-somebody's-watching-me dept. Government Privacy

G'Quann writes

"A new survey shows that data retention laws indeed do influence the behavior of citizens (at least in Germany). 11% had already abstained from using phone, cell phone or e-mail in certain occasions and 52% would not use phone or e-mail for confidential contacts. This is the perfect argument against the standard 'I have nothing to hide' argumentation. Surveillance is not only bad because someone might discover some embarrassment. It changes people. 11% at least."



Questions: Is the “Factual Declaration of Innocence” an indication that the presumption of innocence is no longer in force and now we need proof of innocence?

http://www.pogowasright.org/article.php?story=20080604162225345

Alaska's Personal Information Protection Act

Wednesday, June 04 2008 @ 04:22 PM EDT Contributed by: PrivacyNews News Section: State/Local Govt.

For the past four years we have worked together with other legislators in a true bipartisan effort to pass legislation to protect the identity of individual Alaskans. In the modern world of electronic commerce and massive databases, it is now common place to read headlines detailing the latest data breach and steps that can be taken by people to protect themselves. However, as the concern by Alaskan consumers grew, it became increasingly apparent that Alaska laws lagged behind most states when it came to personal information protection. With that in mind we set out to develop a solution to help you better protect yourself. These efforts resulted in the passage of House Bill 65 this year, and Alaska is now poised to become a leader in protecting individuals' personal information while allowing modern commerce to continue.

Source - Sen. Gene Therriault & Re. John Coghill



Was that ever the primary intent? I thought it was to allow the victims some notice before their credit went south?

http://www.pogowasright.org/article.php?story=20080605061447596

Researchers say notification laws not lowering ID theft

Thursday, June 05 2008 @ 06:14 AM EDT Contributed by: PrivacyNews News Section: Breaches

Over the past five years, 43 U.S. states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published a state-by-state analysis of data supplied by the U.S. Federal Trade Commission (FTC).

"There doesn't seem to be any evidence that the laws actually reduce identity theft," said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors.

Source - Computerworld Related - Do Data Breach Disclosure Laws Reduce Identity Theft? [pdf]


Related? (Or am I just trying to look smart by quoting a Harvard working paper?

http://hbswk.hbs.edu/item/5947.html

Coming Clean and Cleaning Up: Is Voluntary Disclosure a Signal of Effective Self-Policing?

Published: June 4, 2008 Paper Released: May 2008 Authors: Michael W. Toffel and Jodi L. Short



Is this “caving in?”

http://www.dallasnews.com/sharedcontent/dws/bus/stories/DN-amazon_03bus.ART.State.Edition1.33a0ebc.html

Amazon collecting sales tax from New York customers

09:59 PM CDT on Monday, June 2, 2008 By MARIA HALKIAS / The Dallas Morning News mhalkias@dallasnews.com

Amazon.com is giving up its sales tax advantage in New York temporarily, while its edge in Texas continues to be investigated.



Is this an indication that activity in the identity spoofing (what would you call it?) area is heating up?

http://www.pogowasright.org/article.php?story=20080605061903970

EFF Asks Judge to Block Unmasking of MySpace User

Thursday, June 05 2008 @ 06:19 AM EDT Contributed by: PrivacyNews News Section: In the Courts

The Electronic Frontier Foundation (EFF) asked a judge in Illinois Wednesday to reject an attempt to identify an anonymous MySpace user who allegedly posted fake profiles of an Illinois official because the request would violate both the First Amendment and federal statute.

In May, Cicero Town President Larry Dominick asked a Cook County Circuit Court judge to order the disclosure of the identities of the author of two MySpace profiles that allegedly included defamatory comments and unnamed privacy violations. In its amicus brief, however, EFF argues that the petition violates the First Amendment right to remain anonymous until a litigant can demonstrate a viable legal claim.

Source - EFF



Also good for creating logos that look like coats of arms? (White hat over crossed computers?)

http://www.killerstartups.com/Web-App-Tools/makeyourcoatofarms-com-make-your-own-coat-of-arms/

MakeYourCoatOfArms.com - Make Your Own Coat Of Arms

Make Your Coat of Arms is a site that allows you to do just that.

If you are interested in learning more about family crests and coats of arms, Make Your Coat of Arms offers an E-course you can take on the site to help give you more information.

You can have your coat of arms printed on a wide selection of merchandise from pet apparel to stationary.

http://www.makeyourcoatofarms.com/



A cute little hack...

http://digg.com/arts_culture/How_to_Sneakily_Read_Books_at_Work_Awesome_Website

How to Sneakily Read Books at Work [Awesome Website!]

readatwork.com — The folks at the New Zealand Book Council have created a truly ingenious way to read more at work. Read At Work turns your desktop into a full screen, realistic PC looking desktop with folders, start button, recycle bin, the works. All the folders contain writings of famous authors and New Zealand locals. Your boss won't know you're reading a book!

http://www.readatwork.com/



Very cool! Something for my web site class, but you should at least give it a look. So easy even I can do it!

http://www.befunky.com/

BeFunky.com

BeFunky helps people turn their offline personalities into powerful online visual expressions.

• Cartoonizer - an online application that allows users to turn images and videos into digital paintings, cartoons and comics.

• Uvatar – a digital visual identity tool that takes the avatar concept to an extraordinary new level by letting users create a more accurate digital representation of themselves.



At last, my blog has found a home! A tool for multi-taskers?

http://dvice.com/archives/2008/06/rsstroom_reader.php

RSStroom Reader shows where you think blogs belong

No comments: