It is hard to encrypt paper...
Warning to students after their personal data is lost
ANDREW DENHOLM, Education Correspondent January 26 2008
The personal details of nearly 1500 Scottish students have been lost in the post in a new case of wholesale data loss by government services.
The Scottish Funding Council (SFC), which distributes money to universities and colleges on behalf of the government, said paper copies of a survey of students from seven colleges went missing two weeks ago.
According to the SFC, eight boxes of the completed surveys were sent by courier from a market research company in Glasgow to an Edinburgh consultancy firm, but only three arrived.
Attention Class Action lawyers? They are relying on users to have the appropriate anti-virus software to stop/remove the virus.
Best Buy Sold Infected Digital Picture Frames
By GREGG KEIZER, Computerworld, IDG January 23, 2008
Best Buy Co. Inc. sold digital picture frames during the holidays that harbored malicious code able to spread to any connected Windows PC, the big box retailer has confirmed. It is not recalling the frames, however.
What Best Buy called "a limited number" of the 10.4-in. digital frames sold under its in-house Insignia brand were "contaminated with a computer virus during the manufacturing process," according to a notice posted on the Insignia site last weekend. [ http://www.insignia-products.com/news.aspx?showarticle=13 ] The frame which went by the part number NS-DPF10A has been discontinued, and all remaining inventory pulled, Best Buy added.
... Best Buy did not specify the number of virus-loaded frames that had ended up in customers' hands, but said in a second notice posted today that it is continuing to investigate and is "connecting with our customers who may have been impacted." [No indication how this is being done... Bob]
... Only Windows PCs are vulnerable, said Best Buy's notices, and then only if the picture frame were to be connected to the computer via the included USB cable. Frames like digital cameras are designed to connect to PCs so that images can be downloaded from the machine to the frame.
We can, therefore we must? Shouldn't surprise anyone...
http://yro.slashdot.org/article.pl?sid=08/01/26/1339249&from=rss
German Govt Skype Interception Trojans Revealed
Posted by CmdrTaco on Saturday January 26, @09:27AM from the trojan-man dept.
James Hardine writes "Wikileaks has released documents from the German police revealing Skype interception technology. The leaks are currently creating a storm in the German press. The first document is a communication by the Ministry of Justice to the prosecutors office, about the cost splitting for Skype interception. The second document presents the offer made by Digitask, the German company secretly developing Skype interception, and holds information on pricing and license model, high-level technology descriptions and other detail. The document is of global importance because Skype is used by tens or hundreds of millions of people daily to communicate voice calls and Skype (owned by Ebay, Inc) promotes these calls as being encrypted and secure. The technology includes interception boxes, key forwarding trojans and anonymous proxies to hide police communications."
Interesting. I wonder how often this happens since it seems easy for Verizon to hide/ignore. How would you get their attention?
http://www.gearlive.com/news/article/q108-our-verizon-fios-customer-service-nightmare/
Our Verizon FiOS customer service nightmare: Why won’t they protect my private customer information?
Andru Edwards Posted by Andru Edwards Friday January 25, 2008 10:17 am
... So it’s been 8 months since we have had FiOS installed, and for that entire 8 months, my personal information has been freely available to another FiOS customer who I do not know.
Sure to pass unnoticed?
http://googleblog.blogspot.com/2008/01/celebrating-data-privacy.html
Celebrating data privacy
1/25/2008 03:48:00 PM Posted by Jane Horvath, Senior Privacy Counsel; Peter Fleischer, Global Privacy Counsel; and Shuman Ghosemajumder, Business Product Manager for Trust and Safety
Last year, the Council of Europe had a great idea. Based on polling that showed that 70% of Europeans did not understand how their personal data was being protected, the Council decided to hold the first annual Data Protection Day on January 28, 2007. Privacy experts visited schools and universities, launched information campaigns, and held press conferences in locations throughout Europe, informing and educating consumers about their personal data rights and protections.
Lack of understanding about data protection on the Internet is not only a European issue, it's a global one. As more and more personal information comes online every day, it's increasingly important that users all over the world understand both the benefits and potential risks of online data sharing, and the tools at their disposal to control and manage the data they share online. In recognition of the global importance of data protection, the U.S. and Canada have joined 27 European countries to celebrate Data Privacy Day 2008 this Monday, January 28th.
As part of the day's events, we'll join legal scholars, privacy professionals, and government officials from Europe and the U.S. at an international data privacy conference being held at Duke University in Durham, North Carolina. We'll also contribute to efforts to raise awareness and promote understanding of data privacy issues by releasing the third video in our privacy series ("Google Privacy: A Look at Cookies") on our YouTube Privacy Channel. This video offers a closer look at how cookies work and how web sites and advertisers use them to personalize our online experiences. We've also developed a privacy booklet (pdf-web version coming soon!) that you can download to get an in-depth look at our privacy practices and approach, and have co-sponsored the creation of educational materials on teen online privacy for parents and educators. The goal of all these efforts is to help educate you about online data privacy so that you can make more informed choices about how you use online products and services.
We hope that you'll take a few minutes on Monday to learn something new, and that Data Privacy Day reinforces existing global efforts to educate consumers about online data collection, use, and protection.
Perhaps we should copy Swiss law?
Antipiracy group's tactics violate Swiss law
Logistep, which supplies information on suspected file sharers to law firms around the world for use in copyright violation cases, has until Feb. 9 to respond to charges
By Jeremy Kirk, IDG News Service January 25, 2008
... Under Swiss law, the identity of a subscriber to an ISP can only be revealed during the course of a criminal case, not a civil one, Schaefer said. The IP address of a computer controlled by the subscriber is considered "personal" information.
I suspect this will become common, why spend money to increase the risk of a data spill? (And it still looks like a cool laptop.)
HP introduces thin client disguised as a laptop
With data storage and system management handled remotely, HP Compaq 6720T Mobile Thin Client reduces risk of data loss, but could be hard sell for many users
By Agam Shah, IDG News Service January 24, 2008
In an effort to push mobility into thin clients, Hewlett-Packard is adding a laptop with minimal storage and wireless networking features to its lineup.
The HP Compaq 6720T Mobile Thin Client has 1GB of internal flash storage and will be more of a terminal than a full-blown PC, with data storage and system management handled from a remote server, the company said Thursday. The laptop boots off Windows XP Embedded OS in the flash module.
Because data isn't stored on the laptop, there is less risk of a company losing data, said Thai Nguyen, HP worldwide product marketing manager for thin clients.
.. Along with better security and easier system management, thin-client architecture uses less power than traditional PCs, said Klaus Besier, vice president for thin clients at HP. The thin-client laptop does not have a fan or moving parts such as a hard drive.
The product is targeted at vertical industries such as health care and insurance, Nguyen said.
What an interesting ruling. Does that mean that publishing the letter on my blog will deny the lawyer profits from the sale of copies? Perhaps it will jeopardize sale of the movie rights.
http://techdirt.com/articles/20080125/18070575.shtml
Court Says You Can Copyright A Cease-And-Desist Letter
from the free-speech? dept
Back in October, we wrote about a law firm that was claiming a copyright on the cease-and-desist letters it sent out, and insisting that it was a violation to repost them. It's long been believed that cease-and-desist letters that have no new creative expression and are merely boilerplates are likely not covered by copyright. On top of that, preventing someone from copying a cease-and-desist letter or posting it on their own website seems like a pretty severe First Amendment violation. The group Public Citizen hit back against this law firm's claims, but surprisingly, a judge has now agreed that you can copyright cease-and-desist letters (thanks to Eric Goldman for emailing over the link). The news was announced in a press release by the lawyer in question, who claims this means he can now sue anytime someone posts one of his cease-and-desist letters. He also goes on to slam those who believe free speech means being able to talk about the fact that a company is bullying them:
"The publication of cease and desist letters is an easy way for scofflaws to generate online 'mobosphere' support for illegal activity and, until today, many businesses have been hesitant to take action to address some of the lawlessness online because of possible retaliation and attacks."
To which I would respond: "The copyrighting of cease-and-desist letters is an easy way for law firms to bully small companies who have committed no wrong, but who have no real recourse to fight back against an attempt to shut them up via legal threat. Until today, many companies who were being unfairly attacked by companies and law firms misusing cease-and-desist letters to prevent opinions from being stated, had a reasonable recourse to such attacks, and could draw attention to law firms that used such bullying tactics to mute any criticism." This is an unfortunate ruling and can only serve to create a serious chilling effect on free speech.
There was an article yesterday about an ISP that had no email backup. Perhaps the problem is broader than even I (a mildly cynical guy) believe.
http://www.eweek.com/c/a/Storage/Most-Companies-Walk-a-HighWire-Email-Risk-Without-a-Net/
Most Companies Walk a High-Wire E-Mail Risk Without a Net
By Chris Preimesberger 2008-01-24
A new survey reveals that more than half of all businesses have no e-mail backup and recovery plan in place.
A new study confirms what a great many people in IT already suspected: Companies of all sizes are vulnerable to costly and damaging e-mail outages because they trust their messaging infrastructure to a single server [What we call a single point of failure Bob] and do not have an adequate backup and recovery plan in case of a disaster.
ApplicationContinuity.org surveyed 434 IT professionals responsible for e-mail continuity in small (0-99 employees), medium (100-999 employees) and large (1,000 or more employees) enterprises. ResearchCorp.org provided the analysis.
The goal was to determine whether companies are prepared to deliver e-mail continuity—particularly for Microsoft Exchange—and whether companies have a plan in place to secure e-mail communication during a local or sitewide failure or downtime event.
... Key findings included the fact that less than half of the respondents have a reactive disaster recovery plan in place; only 46 percent of respondents have currently implemented a high-availability solution of some type, and the definition varies widely to include data backup solutions that do not deliver high availability of business-critical applications such as e-mail.
Only 21 percent of respondents have implemented a disaster avoidance strategy, while 29 percent of midsized companies are operating with only a single Exchange server, and have no application continuity plan in place. More than 50 percent of the responding companies that have a continuity solution in place for Exchange are only backing up files or file systems, and are not backing up the Exchange application for an immediate recovery in the event of a server failure or site outage.
... "Companies clearly recognize the mission-criticality of e-mail, with 95 percent of surveyed companies viewing it as essential to business operations," said Eric Burgener, senior analyst with The Taneja Group.