Friday, August 15, 2008

Ode to Personal Data

How do I store thee? Let me count the ways.

I store thee on the page, the disk and any other media

My computer can reach, all being out of sight

(with apologies to Elizabeth Barrett Browning)

http://breachblog.com/2008/08/14/pennine.aspx

New and expectant mothers' information in a lost diary

Posted by Evan Francen at 8/14/2008 11:00 PM

A hospital trust has apologised to hundreds of new and expectant mothers after a midwife lost a diary containing their names and addresses.

[Evan] This is the first breach that I recall involving a handwritten diary [Where is your HIPAA data? Bob] on The Breach Blog. I wanted to include this breach because I want to emphasize that information security as a discipline is holistic. Information security aims to reduce the risk of unauthorized disclosure, modification and destruction of information, no matter what form (electronic, printed, handwritten, spoken, etc.).



Could this be stretched to include all “behavior based” advertising?

http://www.pogowasright.org/article.php?story=2008081505331861

Class action suit hits Facebook and affiliates with breach of privacy

Friday, August 15 2008 @ 05:33 AM EDT Contributed by: PrivacyNews

The biggest and most significant legal action against now-leading social network Facebook was filed on Tuesday, and will actually test the theory of whether its Beacon behavior sharing program constituted a criminal conspiracy.

On Tuesday, a group of 18 California residents including some who publicly complained last year that Facebook's controversial Beacon feature was sharing too much of their personal online habits with the rest of the world, sued Facebook and many of its more prominent Beacon partners, including Blockbuster and Overstock.com. They're not only claiming Facebook and its partners conspired to invade their privacy, but they're citing a California penal code that may have been originally intended to outlaw information-gathering Trojan horse programs, in a move which could leave Beacon's participants criminally liable.

Source - Beta News

[From the article:

What Beacon did -- and what nobody is disputing -- is deploy a Web browser-based scheme that waited until it received an indication that its user was doing something on a Beacon affiliate's Web site, such as purchasing an item or looking through a given catalog page or watching a video. There was a particular event code for each action, and that code was then transmitted to Facebook. Although users were supposed to be notified that this was happening by way of pop-ups, the lawsuit claims, no such pop-ups generally appeared.


The next Class Action?

http://yro.slashdot.org/article.pl?sid=08/08/15/0240221&from=rss

Time Warner Cable Box Rental Inspired Antitrust Lawsuit

Posted by timothy on Friday August 15, @07:43AM from the but-they-lobbied-hard-for-this-territory dept. The Courts Television The Almighty Buck United States

EmagGeek writes

"Matthey Meeds, a real-estate agent, was so irritated about having to pay the monthly rental fee that on Tuesday he filed an antitrust suit against Time Warner Cable and its 84 percent owner, Time Warner Inc. The suit alleges that, by linking the provision of premium cable services to rental of the cable box, the companies have established illegal tying arrangements. 'Time Warner's improper tying and bundling harms competition,' Meeds' lawsuit states. 'Since the class can only rent the cable box directly from Time Warner, manufacturers of cable boxes are foreclosed from renting and/or selling cable boxes directly to members of the class at a lower cost.' I pay Comcast over $25/mo for my two DVRs. I'd love to just be able to buy them or build my own. I can't wait to see how this unfolds."



Lots of harm but no foul? (They must have tenure.)

http://www.pogowasright.org/article.php?story=2008081412471555

University computers invaded by hackers

Thursday, August 14 2008 @ 12:47 PM EDT Contributed by: PrivacyNews

Hackers gained access to the University of Otago staff email server recently and used it to send out an estimated 1.55 million spam emails in 60 hours, after tricking four staff members into revealing their login details.

... The staff members responded to "spear phish" emails which claimed to be from the IT department and asked people to reconfirm their user names and passwords or their email access would be withdrawn.

Source - Otago Daily Times

[From the article:

The four staff members who revealed their passwords had not been disciplined, he said. [They must be covered by the ADA... Bob]

"The information security office has a policy of having a good discussion with campus users whose accounts have been compromised . . . [Are brass knuckles involved? Bob]



(The future of research?) The only way to check all possible legal issues (for example) would be to assemble a world-wide team of computer law experts, right?

http://techdirt.com/articles/20080814/0245581974.shtml

Getting Insight Into The Challenges Created By Digital Nomads

from the join-in dept

If you haven't been paying attention to the Techdirt Insight Community lately, I wanted to let you know of a fun new project that's taking place there. It's new series of expert discussions in the Insight Community, sponsored by Dell, about the various challenges created by the rise of "digital nomads." With a growing number of people being able to work from anywhere with just a computing device and an internet connection, both companies and individuals are finding a variety of new challenges -- from how to strike that work/life balance, to keeping a team on the same page, to dealing with security issues, to just dealing with the basic challenges of carrying stuff around and finding connectivity. We're putting the best content together and creating something of a living digital whitepaper with input from a variety of folks. If you're a member of the community, log in and contribute. If you're not a member, join now and contribute your insight (and maybe earn some money for your efforts).


Related? Apparently even the big boys don't have the resources (or the will?) to check the laws in the countries they do business in...

http://techdirt.com/articles/20080814/1910501984.shtml

Indian Court Demands Google Hand Over Anonymous Blogger's Identity

from the anonymity-not-allowed dept

It would appear that Google is discovering some of the differences in the legal system in India as compared to the US. Just after we wrote about how Google (along with Microsoft and Yahoo) were sued over ads, there are some stories coming out about how an Indian court has ordered Google to hand over the identity of an anonymous blogger who was criticizing an Indian company, Gremach Infrastructure Equipments & Projects Ltd. While anonymous speech is somewhat protected (within certain limits) in the US, that's not the case in many other countries. As the link above notes, this may force Google to change the way it does business in India.

In some ways, this is just another example of a problem that many folks have been asking about for years. On a borderless web, how do you know whose jurisdiction covers what? If the blogging all occurred on US servers hosted by a US company, should they be covered by US laws... or Indian laws? Or, even, some other country entirely? If you agree that once it's on the internet, it can be covered by laws in other countries, you end up with a bad result: the worst, strictest laws suddenly become the laws everywhere. That's a ridiculous outcome, but it's exactly where things go when you start suing an American company concerning content hosted in America under laws from another country.



Ditto

http://techdirt.com/articles/20080814/1330471983.shtml

Google, Microsoft And Yahoo Sued In India For Not Preventing Sex Selection Ads

from the misunderstanding-liability dept

India unfortunately doesn't have the equivalent of section 230 of the CDA, which prevents service providers from being sued for the actions of their users. That's why Google, Microsoft and Yahoo are all facing a lawsuit over certain types of ads in India. Apparently it's illegal in India to advertise any technique or product designed to influence the sex of a child. However, such ads have been appearing on all three sites. The problem, though, is that the liability should be on those who are actually buying the advertising. They're the parties who are really breaking the law. Yet, because Google, Microsoft and Yahoo are easier targets (and have a lot more money), that's who gets targeted.



“Of course we over-react – it's what we do best!”

http://www.schneier.com/blog/archives/2008/08/uk_police_seize.html

August 15, 2008

UK Police Seize War on Terror Board Game

They said -- and it's almost to stupid to believe -- that:

the balaclava "could be used to conceal someone's identity or could be used in the course of a criminal act".

Don't they realize that balaclavas are for sale everywhere in the UK? Or that scarves, hoods, handkerchiefs, and dark glasses could also be used to conceal someone's identity?

... Buy yours here; I first blogged about it in 2006.



Shocking! Does this establish a precedent for Yahoo? Will they be expected to challenge all take down notices? (If not, why not?)

http://yro.slashdot.org/article.pl?sid=08/08/15/017231&from=rss

YouTube Stands Up To IOC Over Free Tibet Video

Posted by timothy on Friday August 15, @05:10AM from the good-light-on-a-bad-light dept. Censorship Google Government The Courts

Ian Lamont writes

"The International Olympic Committee has withdrawn a DCMA takedown notice that targeted a two-minute long YouTube video of a Students for a Free Tibet protest at the Chinese consulate in New York. The video shows protesters gathering outside the building at night and projecting images of the Olympic symbol, 'tank man,' Tibetan riot footage and clips of victims of the Chinese police crackdown in Tibet. After receiving the request, YouTube contacted the IOC and asked if it really planned to pursue a claim. The IOC retracted the notice and the video was reposted within hours. Stanford Law School's Center for Internet and Society praised YouTube for 'going out of its way to do more than it's required to do under the law to protect free expression.'"


Related

http://digg.com/tech_news/Sharing_2999_Songs_199_Movies_Becomes_Safe_in_Germany

Sharing 2999 Songs, 199 Movies Becomes ‘Safe’ in Germany

torrentfreak.com — Prosecutors in a German state have announced they will refuse to entertain the majority of file-sharing lawsuits in future. It appears that only commercial-scale copyright infringers will be pursued, with those sharing under 3000 music tracks and 200 movies dropping under the prosecution radar.

http://torrentfreak.com/sharing-2999-songs-199-movies-becomes-safe-in-germany-080814/



Why those stupid [insert name of stupid political party here] bastards! How could they be so ignorant!

http://news.slashdot.org/article.pl?sid=08/08/14/2032234&from=rss

30% of Americans Want "Balanced" Blogging

Posted by timothy on Thursday August 14, @05:01PM from the why-do-you-hate-america's-children? Dept. The Media Censorship Government The Internet United States Politics

Cutie Pi writes

"In a recent Rasmussen poll looking at the public's attitudes toward a possible revival of the fairness doctrine by the Democrats, a surprisingly large percentage of those polled seek fairness doctrine mandates (originally intended for public airwaves) to cover the Internet as well. It is encouraging that a minority of people feel that way, but Democrats say 'hands-off the Internet ... by a far smaller margin than Republicans and unaffiliated voters. Democrats oppose government-mandated balance on the Internet by a 48% to 37% margin. Sixty-one percent (61%) of Republicans reject government involvement in Internet content along with 67% of unaffiliated voters.'"


Related Why those stupid [determine name of stupid political party and enter here] bastards! How could they be so ignorant!

http://www.pogowasright.org/article.php?story=20080814123950945

Subpoena seeks to unmask anonymous bloggers

Thursday, August 14 2008 @ 12:39 PM EDT Contributed by: PrivacyNews

McALESTER, Okla. Police detectives seeking the identities of bloggers who criticized McAlester officials on an online message board delivered a subpoena to the site's operator, who says he won't cooperate with investigators.

Two police detectives delivered the subpoena on Aug. 12 to Harold King, who operates the Web site McAlester Watercooler. The subpoena orders King to provide details by Aug. 16 on 35 bloggers posting under pseudonyms on King's site.

Source - First Amendment Center

[From the article:

A list of 35 names is a witch hunt,” King told the McAlester News-Capital.

King said he researched posts under those pseudonyms and found one common denominator: All had written critically about District Attorney Jim Miller.



Tools & Techniques: For the hacking database

http://howto.wired.com/wiki/Hot_Wire_Your_Car

Hot Wire Your Car

From Wired How-To Wiki

Nine times out of ten, the words "hot wire" summon images of car thievery. Of course, anyone who's been stranded in a hostile environment without their car keys knows better. Here's the trick to getting your vehicle moving again.



The second report is interesting...

http://www.bespacific.com/mt/archives/019045.html

August 14, 2008

New GAO Reports: Drug Control, TSA Has Developed a Risk-Based Covert Testing Program

  • Drug Control: Cooperation with Many Major Drug Transit Countries Has Improved, but Better Performance Reporting and Sustainability Plans Are Needed, GAO-08-784, July 15, 2008 - "Each year, criminal organizations transport hundreds of tons of illegal drugs from South America to the United States through a 6 million square mile "transit zone" including Central America, the Caribbean, the Gulf of Mexico, and the eastern Pacific Ocean. Since fiscal year 2003, the United States has provided over $950 million to support counternarcotics efforts in transit zone countries, which historically lacked the capacity to interdict drugs."

  • Transportation Security: TSA Has Developed a Risk-Based Covert Testing Program, but Could Better Mitigate Aviation Security Vulnerabilities Identified Through Covert Tests, GAO-08-958, August 08, 2008 - "Without systematically recording reasons for test failures, such as failures caused by screening equipment not working properly, as well as reasons for test passes, TSA is limited in its ability to mitigate identified vulnerabilities..."

[Find the report at: http://www.gao.gov/new.items/d08958.pdf

No comments: