NOTE: There should be a link to purchase this book on the Privacy Foundation site, http://www.privacyfoundation.org/ but I don't see one yet. But you can go here: http://west.thomson.com/productdetail/141317/40613565/productdetail.aspx Buy several, they'll make great stocking stuffers!
This summarizes just the Data Breach side of Privacy
http://www.pogowasright.org/article.php?story=20081107053602802
UK: Data loss claims 280 million victims since 2006
Friday, November 07 2008 @ 05:36 AM EST Contributed by: PrivacyNews
Over 280 million people have had their personal details lost because of data breaches in the past three years, according to the first KPMG data loss study.
The KPMG Data Loss Barometer (PDF) found that in 46 per cent of cases the data was not password-protected or encrypted, while in 62 per cent of cases the data was lost rather than stolen.
Source - Computing.co.uk
Related? One possible reason why breaches occur?
http://www.pogowasright.org/article.php?story=20081107080010193
Study: Breaches May Not Affect User Behavior
Friday, November 07 2008 @ 08:00 AM EST Contributed by: PrivacyNews
More than half of employees will continue using Internet applications even after they become aware of a security problem with that application, according to a study scheduled to be published next week.
In the study, which was conducted by Ponemon Institute and sponsored by Palo Alto Networks, end users were confronted with "breaches" -- such as data losses or malware -- affecting the Internet applications they use each day. The idea was to see how their online behavior would change as a result of hearing about the breach.
Source - Dark Reading
Even the CIA needs to follow procedure.
http://www.pogowasright.org/article.php?story=20081107063119853
AU: AFP security breach exposed
Friday, November 07 2008 @ 06:31 AM EST Contributed by: PrivacyNews
From the oh-this-is-very-very-bad dept.
CONFIDENTIAL Australian diplomatic cables and police documents were left in open files on a computer and read by guests at a hotel in the Nepalese capital, Kathmandu.
At least 20 police photographs of the charred bodies of plane crash victims, including those of two Victorians, were also left in open files on a computer and could be seen by guests for three weeks. The security breach included information about an Australian Federal Police agent meeting a CIA operative in Kathmandu last month.
... The security breach included a seven-page document detailing priorities and strategies for the AFP's office in Bangladesh, including information about sharing intelligence with foreign agencies.
One document marked "protected" detailed a meeting an AFP agent had with a secret foreign military organisation where sensitive security intelligence was discussed, including recent terrorist attacks in India.
Source - The Age
Here's an interesting Case Study. (Not enough fact to be sure, so make some up as needed.) It looks like the extortionist sent samples of customer data, but there is no proof that it was obtained by hacking into their system. How should the company proceed?
http://www.pogowasright.org/article.php?story=20081106133112432
Express Scripts Warns of Potential Large Data Breach Tied to Threat
Thursday, November 06 2008 @ 01:31 PM EST Contributed by: PrivacyNews
Express Scripts (Nasdaq:ESRX), one of the largest pharmacy benefit management companies in North America, today announced that it has received a letter from an unknown person or persons trying to extort money from the company by threatening to expose millions of the company's patients' records.
The letter included personal information of 75 members, including their names, dates of birth, social security numbers, and in some cases, their prescription information. The company said it has notified the affected members. It also immediately notified the FBI, which is investigating the crime. The company also said that it is conducting its own investigation with the help of outside experts in data security and computer forensics. The letter arrived in early October.
Source - Global Newswire Related - Express Scripts Supports Site [Correct URL: http://www.esisupports.com/
I am starting to see reactions by regualtory bodies that point out the failure of management to manage. How refreshing!
http://www.pogowasright.org/article.php?story=20081106085259943
Mortgage Company Settles Data Security Charges
Thursday, November 06 2008 @ 08:52 AM EST Contributed by: PrivacyNews
A Texas-based mortgage lender has settled Federal Trade Commission charges that it violated federal law by failing to provide reasonable security to protect sensitive customer data. The lender made the data vulnerable, the complaint alleges, by allowing a third-party home seller to access the data without taking reasonable steps to protect it. A hacker compromised the data by breaking into the home seller’s computer, obtaining the lender’s credentials, and using them to access hundreds of consumer reports.
According to the FTC’s complaint, Premier Capital Lending, Inc. (Premier) violated the FTC’s Safeguards and Privacy Rules, as well as Section 5 of the FTC Act. The proposed settlement bars deceptive claims about privacy and security, and requires the company to establish a comprehensive information security program and hire an independent third-party security professional to review the program every other year for 20 years.
Source - FTC Related - Agreement Containing Consent Order
[From the FTC article:
The FTC complaint alleges that Premier violated the Safeguards Rule because it:
allowed a home seller to use its account for accessing credit reports in order to refer purchasers for financing without taking reasonable steps to verify the seller’s procedures to handle, store, or dispose of sensitive personal information;
failed to assess the risks of allowing a third party to access credit reports through its account;
failed to conduct reasonable reviews of credit report requests made on its account by using readily available information (such as management reports and invoices) to detect signs of unauthorized activity; and
failed to assess the full scope of credit report information stored and accessible through its account and thus compromised by the hacker.
Related? Some of the technology that would be used to evaluate customer queries
http://www.pogowasright.org/article.php?story=20081106140208894
Article: Search Query Log Privacy is a Balancing Act
Thursday, November 06 2008 @ 02:02 PM EST Contributed by: PrivacyNews
Search engines have numerous technical measures at their disposal to enhance the privacy of their stored query logs, CDT's Alissa Cooper explains in the journal "ACM Transactions on the Web." The article assesses seven of these techniques against three sets of criteria: (1) how well the technique protects privacy, (2) how well the technique preserves the utility of the query logs for search engine companies, and (3) how well the technique might be implemented on an individual basis as a user control. For search engine companies navigating an increasingly complex privacy landscape, it is likely that these kinds of techniques in combination with policy measures will ultimately be required to develop a strategy that protects privacy and maintains the utility of query logs for many different purposes.
Source - CDT: Search Query Log Privacy Article [pdf]
Speed is one measure of the concern management has about any data breach. What does sloth suggest?
http://www.pogowasright.org/article.php?story=20081106150601587
Countrywide still hasn't notified everyone (follow-up)
Thursday, November 06 2008 @ 03:06 PM EST Contributed by: PrivacyNews
Seen elsewhere....
... As of yet, not all Countrywide customers have been notified. The letters are still being printed and sent out.
“It’s starting to dwindle down, we hope; there is a lot of evidence that needs to be sifted through – computer programs and e-mail files,” explained Bauwenf. “As [investigators] find things, we contact the customers.”
Source - The Village News
[From the article:
Even if a letter has not been received, sources say Countrywide loan customers should call their lenders to see if they are at risk. [If they don't know you were a victim, they will most likely say “No worries, Mate!” How does that impact their credibility? Bob]
[Offhand, I'm not certain when this occurred, but the article suggests they have been “working” on it for months: Bob] In August, the Federal Bureau of Investigation (FBI) released a statement pertaining to their findings in an investigation on the matter.
New technology, same old problems. Until we re-invent the same solutions.
http://www.pogowasright.org/article.php?story=20081106155700691
Ringleader's Privacy Problem: No Opt-Out Of Tracking
Thursday, November 06 2008 @ 03:57 PM EST Contributed by: PrivacyNews
NebuAd might think it had problems with privacy advocates, but that's nothing compared to what's in store for nascent mobile ad networks. One such network, Ringleader Digital, has unveiled its new "media stamp" -- a cookie-like item that creates and stores profiles about cell users based on the mobile sites they visit. Unlike online advertising cookies, however, the media stamps are stored on Ringleader Digital's servers and not browsers, which means users can't delete them.
Source - Media Post
[From the article:
Ringleader Digital collects information based on characteristics of the device, but says it can gather enough data this way to create unique, "anonymous" stamps for every mobile phone user.
"We track devices, not individuals," the company said in a privacy statement issued today. Ringleader Digital adds that it doesn't collect mobile phone number, names, addresses or other so-called "personally identifiable information." [So how will you write a law to cover the privacy of the information they do collect? Bob]
Remembering the old adage: “Marketer see, Marketer do” I expect this will catch on. Fortunately, the politicians probably won't use it for four years – but expect testing in two.
http://www.pogowasright.org/article.php?story=2008110616400778
NZ: Peters' direct mail angers hundreds targeted
Thursday, November 06 2008 @ 04:40 PM EST Contributed by: PrivacyNews
Winston Peters has been sending direct mail and setting up webpages in the names of random Kiwis, to the horror of some of those targeted who believe their privacy has been invaded.
New Zealand First have received 400 complaints about the marketing technique but at the same time, it has driven 66,000 people to their website. [66,000 trumps 400 every time. Bob]
Source - The New Zealand Herald
Since the election wasn't even close, there was no need for the press to agonize over voting machine failures. (E-CHAD) But this article seems to suggest broader problems.
http://www.huffingtonpost.com/shannyn-moore/stolen-election-in-alaska_b_141704.html
Stolen Election from Alaska?
Shannyn Moore Posted November 6, 2008 | 04:39 AM (EST)
... In Alaska, more people voted for George W. Bush in 2004 than for Sarah Palin on Tuesday despite an identical 61-36 margin of victory.
... The second woman to ever make a presidential ticket; and she's one of our own. Despite that, we're supposed to believe that overall participation DECREASED by 11%. Not only that, but this historic election both nationally and for Alaska HAD THE LOWEST ALASKA TURNOUT FOR A PRESIDENTIAL RACE EVER!!! That makes sense. REALLY??? Something stinks.
Big Brother seems to have won big in several elections – and sometimes without them.
http://www.pogowasright.org/article.php?story=20081106164454296
CA: Roseville will open hotel guest registries to police (follow-up)
Thursday, November 06 2008 @ 04:44 PM EST Contributed by: PrivacyNews
Joining Sacramento, San Diego and San Jose, Roseville has adopted an ordinance requiring motel and hotel operators to give police officers access to guest registries.
Without debate or question, [Indicating pre-purchased politicians? Bob] the Roseville City Council on Wednesday night approved the local law that police said was a necessary tool to investigate crimes and to keep tabs on probationers and parolees.
The new ordinance requires police access to the following registry information about guests: name, address, vehicle description, date of arrival and departure, number of guests and room number for each guest. The ordinance does not authorize access to guests' credit card or private payment information.
Source - sacbee.com
Related The Internet equivalent of Black Helicopters
http://yro.slashdot.org/article.pl?sid=08/11/07/0337205&from=rss
UK Outlines Plan For Internet Black Boxes
Posted by timothy on Friday November 07, @04:50AM from the but-don't-panic-they'll-say-don't-panic-on-them dept. Privacy Communications The Internet
RobotsDinner writes
"In what sounds like a dystopian sci-fi plot, the Home Office has made public plans to outfit the country's Internet with upstream data recorders to log pretty much everything that passes through. 'Under Government plans to monitor internet traffic, raw data would be collected and stored by the black boxes before being transferred to a giant central database. The vision was outlined at a meeting between officials from the Home Office and Internet Service Providers earlier this week.'"
Related Think of it as the camels nose in the tent.
http://mobile.slashdot.org/article.pl?sid=08/11/07/0252224&from=rss
Project Turns GPS Phones Into Traffic Reporters
Posted by timothy on Friday November 07, @06:42AM from the then-it's-mandatory dept. Cellphones Transportation Science
narramissic writes
"Starting on Monday, researchers from Nokia and UC Berkeley will kick off the Mobile Millennium project. The researchers hope that thousands of volunteers will download a free Java program that figures out by their movement and location when they are driving, and then transmits that information to the project's servers, which then crunch it into a Bay Area traffic map. 'The whole concept here is that if everyone shares just a little bit of what they're seeing ... then everyone can benefit by seeing the conditions ahead of them,' said Quinn Jacobson, a research leader with Nokia in Palo Alto."
Related
http://www.pogowasright.org/article.php?story=20081106164301622
German Coalition Under Fire for Backing Online Investigation
Thursday, November 06 2008 @ 04:43 PM EST Contributed by: PrivacyNews
Germany's Grand Coalition government has reached an agreement on the finer details of the so-called BKA (or "Federal Criminal Police Office") Law. It will allow German security services to monitor suspected civilians more closely, without people knowing that they're being watched.
Significantly, it also gives the Federal Criminal Police for the first time the right to act preventatively, foiling crimes before they happen. [“Ve could tell he vas thinking about resisting arrest, so ve had to Taser him.” Bob]
Online espionage has been one of the biggest sticking points during debates in Berlin. Under the new proposal investigations can still monitor online activities secretly using so-called Trojan software, but only if a judge deems that there is good reason to do so.
Source - dw-world.de
Related... To Big Brother and Marketing and Invasion of Privacy in every conceivable way...
http://www.pogowasright.org/article.php?story=20081107052650139
Windows 7 knows where you are
Friday, November 07 2008 @ 05:26 AM EST Contributed by: PrivacyNews
Windows 7 has a new programming interface designed to make it a whole lot easier for software to figure out where in the world a PC and its user are located.
That should make it easier for a whole new range of location-based services [AKA: Advertising Bob] from finding nearby friends to LoJack-like PC tracking programs. Even search could be a whole lot better if the search engine knew where you were. Indeed, searchers often enter their city with their location to try and get just that benefit. [That's called “Opt In” Bob]
... At the same time, broader use of location-based services could also open up a range of privacy concerns.
Those issues--and how to handle them--was the subject of a discussion this week at the Windows Hardware Engineering Conference (WinHEC) here.
Source - Cnet
Related Agreement is simple, compliance is not.
http://tech.slashdot.org/article.pl?sid=08/11/06/230254&from=rss
Craigslist Agrees With State AGs To Curb "Erotic Services" Ads
Posted by timothy on Thursday November 06, @06:21PM from the right-to-pursue-happiness dept.
The New York Times reports that Craigslist has reached an agreement with 40 state attorneys general to tame its notoriously unruly "erotic services" listings. Clever diplomacy: according to the article, Craigslist "said that it will charge erotic services vendors a small fee for each ad — about $10, Mr. Buckmaster said — and require that they use a credit card for the payment. It will donate the money to charities that combat child exploitation and human trafficking. This, theoretically, will let the company confirm not just a phone number but also an identity." I hope they work on cleaning the weird spammers from the ordinary personal ads, too.
Related Something for Nutshell, Volume Two...
http://www.pogowasright.org/article.php?story=20081107055247503
Mass: Get ready for data privacy regs
Friday, November 07 2008 @ 05:52 AM EST Contributed by: PrivacyNews
Companies and lawyers are working overtime to comply with new data-privacy regulations that will take effect on Jan. 1, giving Massachusetts what observers say are the nation’s strictest rules governing sensitive customer and employee information.
The new regulations, announced in September by the Massachusetts Office of Consumer Affairs and Business Regulation, will require companies to safeguard with firewalls all personal data belonging to any Massachusetts resident, and encrypt it whenever it is transmitted or saved on a portable device such as a laptop or a flash drive.
.... For now, uncertainty remains regarding companies based outside of Massachusetts that work with customers or employees in the commonwealth. The Office of Consumer Affairs and Business Regulation has left it up to the Attorney General’s Office to determine whether the regulation would be enforced against such entities.
Source - Mass High Tech
Tools & Techniques Now you can carry your wall-sized TV with you!
http://hardware.slashdot.org/article.pl?sid=08/11/06/1816203&from=rss
The Pocket-Sized Projector Has Arrived
Posted by timothy on Thursday November 06, @01:48PM from the wistful-longing-fills-my-chest-cavity dept. Displays Technology
mallumax writes
"David Pogue of New York Times has reviewed the Pico, which is a pocket projector from Optoma. The review is quite entertaining (Pogue projects the images on to a plane's ceiling, leaving passengers baffled) and detailed. The highlights are: It is a pocket-sized projector which runs on batteries and can project images and videos from a variety of sources like iPhone, iPod and DVD players with a 480x320px resolution, with a maximum screen size of 65 inches at 8.5 feet. It uses a non-replaceable 10,000 hour LED lamp and a DLP chip from Texas Instruments. The battery lasts for 90 minutes and can be recharged through USB or with its own power cord. The device weighs 115g and comes with an inbuilt speaker which is practically useless. If you want one, it will set you back by $430."
No comments:
Post a Comment