Saturday, April 12, 2008

An insider commits an (almost) undetectable theft of data. I wonder if this was one of the rare HIPAA audits?

http://www.phiprivacy.net/?p=239

Apr-11-2008

Thousands of ID thefts at NYC hospital

From ABC Eyewitness News:

The personal information of thousands of patients at New York-Presbyterian/Weill Cornell Medical Center may have been compromised.

A Federal investigation and a NewYork-Presbyterian Hospital internal audit have uncovered the possible theft of personal identity information, including names, phone numbers, and in some cases social security numbers, of approximately 40,000 hospital patients.

Authorities do not believe [Translation: Hope & pray Bob] that any health-related information was included.

Full story - ABC


More

http://www.phiprivacy.net/?p=241

Apr-11-2008

Patients’ Data Stolen, Hospital Says

The New York Times provides some additional details on the breach involving NewYork-Presbyterian Hospital/Weill Cornell Medical Center:

The theft — which occurred over the past several years and included patients’ names, phone numbers and Social Security numbers — was discovered during a federal investigation, and the hospital was notified in January, the spokeswoman, Myrna Manners, said. An internal audit by the hospital confirmed the theft, she said.

The hospital does not believe that any medical information was stolen, Ms. Manners said, adding that there is no evidence that the stolen information has been used.

She declined to identify the employee who the hospital believes stole the data.

“We obviously deeply regret that this has happened,” she said, adding that the hospital, at East 68th Street and York Avenue, was trying to contact all patients involved.

Investigators were looking into the possibility that the theft could be part of a larger criminal scheme, Ms. Manners said.

The United States attorney’s office for the Southern District of New York was investigating the theft, a spokeswoman said, along with the United States Postal Inspection Service and the United States Secret Service. She declined to give details of the investigation.

Comment: if the hospital was notified in January, why are patients first being notified now? Did the federal investigators ask them to delay notification, or did it just take the hospital that long to figure out whom to notify? And how would they know that the stolen information hasn’t been used? Have they run checks on all 40,000 patients to determine if they’ve been the victims of ID theft?



Taking the quiet route.

http://www.pogowasright.org/article.php?story=20080412082626598

Stolen laptop contains Siemens employee data

Saturday, April 12 2008 @ 08:26 AM EDT Contributed by: PrivacyNews News Section: Breaches

Yet another company laptop stolen from an employee's home is causing worry for employees. This time, the laptop stolen from an employee's home on March 26th belonged to Siemens [pdf], and it contained names, birthdates, and SSN of approximately 3,542 employees.

Neither the notification to the NH DOJ nor the notification to employees specifically mentioned whether the data or laptop were encrypted.

The company does not seem to have offered their employees free credit monitoring.



If the company doesn't ask the right questions, don't expect the bloggers to hold back...

http://www.phiprivacy.net/?p=245

Apr-12-2008

UniCare discovers more members affected by web exposure breach than previously identified

On April 2, Sean Doolan of Hinman Straub, lawyers for UniCare, notified the New Hampshire Department of Justice that:

Approximately one year ago, it was discovered that a computer server that contained protected health information (PHI) was not properly secured by a third party vendor for a period of time, which caused the PHI of certain UniCare members to be temporarily accessible via the internet.

The PHI contained member ID numbers (which in some cases included a social security number) and certain pharmacy/medical data that pertained to the member or the member’s dependents enrolled under the member’s health plan. We quickly initiated an assessment and secured the PHI. We implemented additional security measures to ensure that similar incidents do not recur.

We also notified the members who we determined might have been impacted. On December 27, 2007, we discovered that the PHI of additional members might have been accessible via the internet at the time of this incident. [Either their idea of “Quickly” differs from mine or it took them almost a year to find this out? Bob] UniCare is addressing this issue with the vendor. Upon notification of the loss, UniCare immediately initiated an investigation into the matter. UniCare has no indication at this time that any instances of identity theft related to this situation have occurred.

A copy of the notification letter being sent out to those newly identified as having been affected was attached to the letter to the DOJ.

Comment:

Was this incident related to the WellPoint breach described by PogoWasRight.org that had been reported to WellPoint by a customer in February 2007? It may well have been, since some files that said UniCare were exposed via Google indexing and caching back then. But WellPoint spokespeople claimed this week that the exposure (only) affected 1350 people — a statistic that PogoWasRight.org questions.

It seems like there will still be much more to be revealed and explained. And now added to the list is why did it take almost a year before UniCare realized that there were more people affected by the web exposure? Did UniCare bring in an outside security firm to investigate and assess the problem when they first became aware of the exposure, or did they just conduct an internal investigation whereby the same people that may have failed to adequately secure the server and files in the first place would be asked to find all of their own mistakes?



Ah! Something to discuss at the Privacy Foundation's next seminar... I think it makes sense as part of the strategy to achieve a quick and favorable resolution. Also, I think it likely this will become a standard tool in the civil litigation world. Perhaps hosting these blogs is a business opportunity?

http://www.law.com/jsp/article.jsp?id=1207904890877

Battle Erupts Over Duke University Lacrosse Players' Web Site

Vesna Jaksic The National Law Journal April 11, 2008

The latest twist in the Duke University lacrosse case concerns the players' media strategy, with Duke officials trying to shut down a Web site about the case.

Lawyers for Duke University, the city of Durham and the Duke University Health System have objected in federal court to the Web site run by the players' legal and communications team, http://www.dukelawsuit.com/. The Web site is regularly updated with information about the case and includes briefs from both sides.

The lawyers have said the Web site, as well as a press conference and media alerts sent by the players' legal team, violate rules of the North Carolina Professional Conduct and have a likelihood of prejudicing proceedings. In court papers, the lawyers said the Web site "is aimed at attacking the character, credibility, and reputation of the Duke Defendants."

Lawyers for the 38 Duke lacrosse players from the 2006 season have filed an opposing brief, saying the rule does not apply to civil cases and that most of the information on the Web site and revealed at the press conference is available through public records. They said the city officials' attempt to silence the players "gives a new meaning to the concept of gall," and said city officials fueled negative publicity about the players when the case surfaced in 2006.



Business Opportunity! Sell Police Detectors to British Crooks!

http://www.pogowasright.org/article.php?story=20080411102949480

UK: Metropolitan Police to be fitted with tracking devices

Friday, April 11 2008 @ 10:29 AM EDT Contributed by: PrivacyNews News Section: Workplace Privacy

London's 31,000 police officers are set to be fitted with a tracking device to monitor their movements while on duty under a scheme by the Metropolitan Police.

Technology services firm Telent will provide the police service's officers with an Automated Personal Location System (APLS), which would use police radios to accurately pin-point the location of officers on duty.

Source - PersonnelToday.com



The blog is a bit of a rant (this is the only post) but you get the idea... It would seem smarter to make the public announcement yourself, rather than let the victims control the information.

http://www.pogowasright.org/article.php?story=20080411111239878

Helio security breach results in access to customers' personal information

Friday, April 11 2008 @ 11:12 AM EDT Contributed by: PrivacyNews News Section: Breaches

Helio has sent a notification letter to some customers that a security breach may have resulted in the acquisition of their personal information such as names, addresses, telephone numbers, dates of birth and last four digits of their Social Security numbers. A copy of the notification letter was uploaded to the Specific Randomness blog by one of their customers.

A spokesperson for the Los Angeles-based provider of mobile devices and services, Rick Heineman, tells PogoWasRight.org that the company became aware of the problem a very short time ago, and immediately started working with local and national law enforcement. On April 4, they notified a portion of the customers in their database of the problem that some of their personal information -- but no financial information -- may have been accessed.

Due to the ongoing investigation, the company would not disclose the nature of the breach in terms of whether it was due to hacking or some other type of event. Nor would they indicate how many customers they notified, other than to reiterate that it was not all of their customers [Translation: They missed one... Bob] whose data were at risk.

Helio wants to remind its customers that they will not receive any phone calls from Helio [but you can expect many phishing e-mails. They should specify how they will communicate and how to authenticate that communication! Bob] about the incident, and if anyone calls claiming to be from Helio, customers should not give out any personal information and should report the call to law enforcement.



God help us if this catches on here... (Perhaps a Name-that-blog contest? Hillary's Hilarity?)

http://techdirt.com/articles/20080411/115829825.shtml

Malaysian Politicians Go From Hating Blogs To Requiring Them In Record Time

from the well-how-about-that dept

It would appear that some politicians in Malaysia have gone through quite a transformation when it comes to blogging. Almost exactly one year ago, some Malaysian politicians got into a bit of an argument with some bloggers and started trashing the entire concept of blogging -- leading to some politicians there declaring that all bloggers needed to register themselves with the government if they wanted to keep blogging. That resulted in an uproar, and the politicians backed down on the registration requirement. In fact, they started to check out blogs a little more carefully, and even liked what they saw. By the end of that same month, the government agreed to set up a special government agency to follow blogs and interact with bloggers to respond to any concerns they might have. Fast forward a year and not only do some of the original leading critics of blogging have their own blogs, but the ruling political party is now requiring many of its political candidates to blog. Anyone who wants a "youth post" needs to have a blog. The guy in charge of the party's youth wing explained: "All candidates must have blogs. If not, they are not qualified to be leaders."

So they've gone from hating blogs to requiring them in about a year. To be fair, a lot of this is politically motivated. Apparently the opposition has been getting plenty of attention because its leader has a popular blog. So this is likely a politically motivated response. Also, it seems almost equally as extreme as the original plan to require bloggers to register. Not everyone should blog. Not everyone wants to blog. Requiring a politician to have a blog, even if it's helpful, seems a bit extreme. It certainly won't lead to good content if people are forced to blog, rather than blogging for a good reason.


Related? Perhaps a Dems vs. Repubs breakdancing contest? An 'Idle American' lack-of-talent show?

http://techdirt.com/articles/20080411/024555821.shtml

Congress Makes YouTube Promise To Host Representatives' Videos Sans Ads

from the following-the-rules dept

Apparently Congressman Kevin McCarthy happened to be one of a very small number of folks in Congress who actually bothered to read some of the rules that Congress is supposed to abide by. In doing so, he realized that all those Congressional Representatives putting videos on YouTube are probably breaking the rules, which say that Representatives can't be doing stuff on commercial sites. When he first brought this to the attention of other Reps, they basically told him to ignore it, since everyone else did [Translation: Rules is for Fools Bob] -- but eventually Congress decided to fix [Translation: A benefit recognized only by the politicians involved. Bob] the problem. Of course, they didn't fix it by changing the rules... but by putting out a request for a webhosting site to host their videos in a non-commercial manner. YouTube was the only site to agree to do so, so now your Congresscritters can continue posting to YouTube, and (apparently) you won't see ads on their YouTube pages. I can't decide if I'm happy that Congress decided to actually follow its own rules, or worried about them spending time on something as silly as this.



This might be an interesting research tool.

http://www.pogowasright.org/article.php?story=20080411114811841

Public comments to FTC re Online Behavioral Advertising

Friday, April 11 2008 @ 11:48 AM EDT Contributed by: PrivacyNews News Section: Fed. Govt.

A linked index of public comments in response to the FTC request for comments concerning online behavioral advertising and self-regulator principles can be found on the FTC's web site. The submissions include Google's comments [pdf]. Today, Microsoft issued a press release summarizing its submission to the FTC.


Related. “Let's be real careful with legislators and people who are likely to sue – the rest can fend for themselves...”

http://www.pogowasright.org/article.php?story=20080411165845773

Microsoft Proposes Tiered Privacy in Online Advertising

Friday, April 11 2008 @ 04:58 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Microsoft has proposed a tiered approach to protecting the privacy of people targeted by online advertising, saying advertisers should get permission before using sensitive, personally identifiable information to deliver ads.

Source - NY Times



Wasn't there a congressional ruling (law?) to hold off on taxing the Internet? Has that expired? Will China and other countries comply?

http://news.slashdot.org/article.pl?sid=08/04/12/0415223&from=rss

New York to Implement an 'Amazon Tax'

Posted by ScuttleMonkey on Saturday April 12, @01:34AM from the death-and-taxes dept. Government The Almighty Buck The Internet

theodp writes

"NY Governor David Paterson is expected to sign a bill requiring online retailers to collect sales taxes on purchases shipped to the state, even if they have no operations or employees working there. The so-called 'Amazon tax', which applies to Internet retailers who derive sales through affiliate programs, would end what for many New Yorkers had been tax-free shopping and generate an estimated $50M in revenue this fiscal year. Experts predict that other states could follow suit with similar provisions."



For my geek friends (and my hacking students?)

http://digg.com/design/Incredible_Firefox_Keyboard_Shortcuts_You_May_Not_Know_About

Incredible Firefox Keyboard Shortcuts You May Not Know About

[The link is down, so use: http://duggmirror.com/design/Incredible_Firefox_Keyboard_Shortcuts_You_May_Not_Know_About/

Friday, April 11, 2008

“The full extent of our lack of knowledge has yet to be determined...”

http://www.pogowasright.org/article.php?story=20080411061619133

ME: Possible information 'breach’ exposes student files

Friday, April 11 2008 @ 06:16 AM EDT Contributed by: PrivacyNews News Section: Breaches

Due to what Information Technology (IT) is calling a "possible breach," confidential information was accessible to anyone with a Bowdoin username and password for an unknown length of time. [Translation: Access was limited to “everybody” Bob] The data included student Social Security numbers, insurance information, lists of students on medical and disciplinary leave, internal health center contracts and employee reviews, yearly budgets, and e-mails.

A folder containing the private files of Caitlin Gutheil, the former student health program administrator who departed Bowdoin last month for another job, was discovered unsecured on the College's "Microwave" server. The Orient became aware on Wednesday that private student data was exposed after receiving a tip. The editors immediately notified IT, which professed no prior knowledge of the breach. The folder was no longer accessible as of Thursday night.

Source - The Bowdoin Orient Related - Information breach (editorial)

[From the article:

The files included every enrolled student's insurance company, policy number, and policy holder—often a parent.

... "We have no reason at this time to believe that any of the information was actually accessed, transferred to, or used by anyone off campus," Davis wrote in the e-mail. [Translation: “We don't know what happened.” Bob]


Related. Update to the story involving Rep. Joe Barton. Remember: “The situation looks darkest just before it goes entirely black.”

http://www.washingtonpost.com/wp-dyn/content/article/2008/04/09/AR2008040903680.html

Stolen NIH Laptop Held Social Security Numbers

By Rick Weiss and Ellen Nakashima Washington Post Staff Writers Thursday, April 10, 2008; Page A05

Social Security numbers for more than 1,200 participants in a National Institutes of Health study were stored on a stolen laptop containing their medical records, putting those patients at risk of identity theft, agency officials said yesterday.

NIH officials had initially assured the more than 3,000 patients whose records were on the laptop that the computer's contents -- unencrypted, in violation of federal policy -- did not contain any information that could put their identity or finances at risk.

But an ongoing review of the computer's last-known contents, [relying on a review of backups means anything since the last backup (or anything not specified for backup) is unknowable. Bob] performed on data backed up from the laptop before it was stolen, has found a file that, unbeknownst to the lead researcher, had been loaded onto the laptop by a research associate.

That file included Social Security numbers for at least 1,281 of the 3,078 patients enrolled in the multi-year study, which is sponsored by the NIH's National Heart, Lung and Blood Institute (NHLBI).



If security is not an issue, you don't need to know where your data resides and you have no reason to plan a response to an incident.

http://www.pogowasright.org/article.php?story=20080411063109705

(follow-up) Georgia Patients’ Records Exposed on Web for Weeks

Friday, April 11 2008 @ 06:31 AM EDT Contributed by: PrivacyNews News Section: Breaches

A company hired by the State of Georgia to administer health benefits for low-income patients is sending letters to notify tens of thousands of residents that their private records were exposed on the Internet for nearly seven weeks before the error was caught and corrected, a company spokeswoman said on Thursday.

The records of as many as 71,000 adults and children enrolled in the Medicaid or PeachCare for Kids programs were inadvertently posted on Feb. 12, said Amy Knapp, a spokeswoman for the company, WellCare Health Plans Inc., whose headquarters are in Tampa, Fla.

The company learned [Translation: Someone outside the company told them. Otherwise the wording would read, “The company discovered...” Bob] on March 28 that the information was publicly accessible, Ms. Knapp said, and it took five more days to remove all the data, [Translation: “We didn't think it was important enough to just cut the internet connection.” Bob] which included names, Social Security numbers, birth dates, Medicaid or PeachCare for Kids numbers, and dates of eligibility for insurance programs.

Source - Tuscaloosa News



Are you smarter than the combined resources of the Government-who-hate-the-USA club?

http://it.slashdot.org/article.pl?sid=08/04/10/2235215&from=rss

Inside the Secret War Against Internet Spies

Posted by Soulskill on Thursday April 10, @07:07PM from the war-on-malware dept.

ahess247 brings us a lengthy BusinessWeek story on the increasing amount of attacks against the US government's online presence as well as its contacts in the private sector. Hackers are gaining a greater awareness of where valuable data might reside, and that awareness is leading to more precise, more sophisticated attacks. Quoting:

"The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. 'It's espionage on a massive scale,' says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. 'They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands,' Croom says. Cyber attackers 'are not denying, disrupting, or destroying operations--yet. But that doesn't mean they don't have the capability.'"



Will the government give me a cell phone so I can be alerted too? All terrorists have cell phones, so they will get the alert. Or maybe the government will require proof that I am not a terrorist before alerting me? Fortunately none of these questions will impact the strategy: sell more cell phones.

http://www.technewsworld.com/rsstory/62537.html

National Mobile Alert System Gets Legs, Head Still Missing [and therefore the brain... Bob]

By Chris Maxcer TechNewsWorld 04/10/08 11:26 AM PT

The Federal Communications Commission on Wednesday laid the groundwork for a national mobile alert system that would send participating citizens text messages on their cell phones in the event of a national or local emergency.



New technologies require new or amended procedures. If your strategy is revenue these make sense, if not, this is attempted murder.

http://techdirt.com/articles/20080410/011257809.shtml

Cities Caught Illegally Tampering With Traffic Lights To Increase Revenue Of Red Light Cameras

from the this-again? dept

Just last month there was the latest in a rather long line of reports noting that red light cameras tend to increase the number of accidents because people slam on their brakes to stop in time, leading to rear-ending accidents. Time and time again studies have shown that if cities really wanted to make traffic crossings safer there's a very simple way to do so: increase the length of the yellow light and make sure there's a pause before the cross traffic light turns green (this is done in some places, but not in many others). Tragically, it looks like some cities are doing the opposite! Jeff Nolan points out that six US cities have been caught decreasing the length of the yellow light below the legal limits in an effort to catch more drivers running red lights and increasing revenue. This is especially disgusting. These cities are actively putting more people in danger of serious injury or death solely for the sake of raising revenue -- while claiming all along that it's for safety purposes. Is it any surprise that one of the six cities is Dallas? Remember, just last month Dallas decided it wasn't going to install any more red light cameras because fewer tickets had hurt city revenue.



The technique one firm describes for “anonymizing” personal identification is worthless... But then, how would they deliver a “personalized ad” to you if they don't know who you are?

http://www.pogowasright.org/article.php?story=20080410174206856

American ISPs already sharing data with outside ad firms

Thursday, April 10 2008 @ 05:47 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Multiple American ISPs are sharing customer data with outside firms that deal in so-called behavioral ad targeting, and according to one of these firms, the Silicon Valley-based NebuAd, roughly 10 per cent of all US web surfers are affected.

These ad companies, which also include the Sonora, California-based Front Porch, won't say which ISPs have adopted their services. But two internet service providers, the Georgia-based Knology and the Sprint-spin-off Embarq, admit to using such platforms on a test basis, and according to multiple users who've posted their stories to Broadband Reports, NebuAd is tracking data on Wide Open West, an ISP serving the Chicago area.

Source - The Register



Ah for the good old days...

http://news.bbc.co.uk/2/hi/technology/7340315.stm

Computer viruses hit one million

The number of viruses, worms and trojans in circulation has topped the one million mark.

The new high for malicious programs was revealed by security firm Symantec in the latest edition of its bi-annual Internet Security Threat Report.

The vast majority of these programs have been created in the last twelve months, said Symantec.


Related. More depressing statistics.

http://www.infoworld.com/article/08/04/10/Top-botnets-control-1M-hijacked-computers_1.html?source=rss&url=http://www.infoworld.com/article/08/04/10/Top-botnets-control-1M-hijacked-computers_1.html

Top botnets control 1M hijacked computers

SecureWorks survey estimates the top 11 botnets are capable of flooding the Internet with more than 100 billion spam messages every day

By Gregg Keizer, Computerworld April 10, 2008

... Joe Stewart, director of malware research at SecureWorks, presented his survey at the RSA Conference, which opened Monday in San Francisco. The survey ranked the top 11 botnets that send spam; by extrapolating their size, Stewart estimated the bots on his list control just over a million machines and are capable of flooding the Internet with more than 100 billion spam messages every day.



Perhaps MLB's lawyers are on steroids? In a few years it won't matter, since baseball is a dying sport.

http://techdirt.com/articles/20080409/175754805.shtml

Why Should Newspapers Agree To MLB's Rules On How They Can Report On Baseball Online?

from the no-need-to-compromise dept

Back in February, we noted that Major League Baseball (MLB) was following the NFL down the extremely slippery slope of putting in place restrictions concerning how reporters could report on baseball online. This included things like only very short video clips could be posted online, no more than 7 photos, and all non-text content had to be removed in 72-hours. If that all sounds like preventing reporters from doing their job, you'd be correct. As I suggested at the time, the answer should be for newspapers to simply ignore the rules and if MLB pulls their press passes to buy their reporters tickets to the games (rather than using press passes) or see how the teams feel without press coverage. While it appears that newspapers certainly were upset about these restrictions, rather than doing anything serious about it, they've apparently negotiated a "compromise." [Because being non-confrontational is more important than ethics... Bob] The compromise allows newspapers to now host more video and audio content than the original restrictions, but everything still needs to be removed within 72-hours unless there's a special exemption.

This is, of course, absolutely ridiculous. While it's perfectly legal (reporters don't need to get press passes, so the team can restrict them), it sets a tremendously bad precedent that journalists are allowing any outside control over how they can report on a game. This is all stemming from MLB's incorrect belief that it "owns" everything having to do with Major League Baseball -- and then wanting to artificially limit it so it can sell it to fans. Note that we're not just talking about actual game data here -- but interviews with the players that are conducted by the journalists. [If MLB asserts that they own these interviews, that means neither the players nor the news organization have an ownership interest, right? Bob] There's simply no legitimate reason why newspapers should allow MLB to dictate what it can do with that content or how it can report on it. All that this will do is serve to limit the kind of innovative reporting and community building that the MLB should be encouraging. It's a top down approach by an organization who thinks that only it can decide how people get access to news and info about the game. But it's going to stop newspapers from putting in place their own, perhaps more useful, services for fans, and that will only serve to limit the fanbase. It's upsetting that MLB would even try to do this and it's a travesty that newspapers acquiesced, even to the supposed "compromise" solution. It's opening the door to the MLB telling them what they can report on and any newspaper person should know better.



I suspect this could also be useful in record retention (with an eye for e-discovery) with only minor additions..

http://www.bespacific.com/mt/archives/018072.html

April 10, 2008

PREMIS Data Dictionary for Preservation Metadata, version 2.0

News release: "Together with its supportging documentation, the PREMIS Data Dictionary provides a comprehensive, practical resource for implementing preservation metadata in digital archiving systems. Preservation metadata is defined as information that preservation repositories need to know to support digital materials over the long term. This document is a revision of Data Dictionary for Preservation Metadata: Final report of the PREMIS Working Group, issued in May 2005. The PREMIS Data Dictionary is a specification that emphasizes metadata that may be implemented in a wide range of repositories, supported by guidelines for creation, management and use, and oriented toward automated workflows. It is technically neutral in that no assumptions are made about preservation technologies, strategies, syntaxes, or metadata storage and management."


Related? Could this also be an e-discovery tool?

http://www.economist.com/displaystory.cfm?story_id=11002939

Start making sense

Apr 9th 2008 From Economist.com

Big and small companies are getting into the business of building an intelligent web of linked data

... The idea is that any website can send a jumble of text and code through Calais and receive back a list of “entities” that the system has extracted—mostly people, places and companies—and, even more importantly, their relationships. It will, for instance, be able recognise a pharmaceutical company's name and, on its own initiative, cross-reference that against data on clinical trials for new drugs that are held in government databases. Alternatively, it can chew up a thousand blogs and expose trends that not even the bloggers themselves were aware of.

http://www.opencalais.com/



These will be useful in my Statistics class...

http://science.slashdot.org/article.pl?sid=08/04/10/2055222&from=rss

Psychologists Don't Know Math

Posted by Zonk on Thursday April 10, @05:32PM from the one-plus-one-equals-your-mother dept. Math Medicine The Almighty Buck

stupefaction writes

"The New York Times reports that an economist has exposed a mathematical fallacy at the heart of the experimental backing for the psychological theory of cognitive dissonance. The mistake is the same one that mathematicians both amateur and professional have made over the Monty Hall problem. From the article: "Like Monty Hall's choice of which door to open to reveal a goat, the monkey's choice of red over blue discloses information that changes the odds." The reporter John Tierney invites readers to comment on the goats-and-car paradox as well as on three other probabilistic brain-teasers."

Thursday, April 10, 2008

“Gentlemen, start your Class Actions!”

http://www.pogowasright.org/article.php?story=2008040917193399

Court holds Privacy Act "actual damages requirement" does not require pecuniary harm

Wednesday, April 09 2008 @ 05:19 PM EDT Contributed by: PrivacyNews News Section: In the Courts

I'm breaking blog silence to report on an amazing decision out of the DC Circuit holding that the federal Privacy Act's requirement that Plaintiffs show actual damages does not require pecuniary harm but can be met by a showing of emotional distress. Am. Fed'n of Gov't Employees v. Hawley, D.D.C., No. 07-00855, 3/31/08.

> [T]he plaintiffs' alleged injury is not speculative nor dependent on any future event, such as a third party's misuse of the data, the court said. The court finds that plaintiffs have standing to bring their Privacy Act claim.

Source - Stanford Law School CIS

Am. Fed'n of Gov't Employees v. Hawley.pdf



“Yes, it's public information, but we never thought it would be available to the public!”

http://www.washingtonpost.com/wp-dyn/content/article/2008/04/08/AR2008040803034.html

House Staffers Livid Over Web Site

Financial Information Being Posted Is Too Personal, Aides Say

By Paul Kane Washington Post Staff Writer Wednesday, April 9, 2008; Page A17

Working from a cramped loft apartment a mile from the Capitol, a small Internet company has sparked a privacy rights battle with hundreds of angry top House staffers upset that the Web site has begun posting details about their personal finances.

In an unusual conflict over constitutional rights, the aides argue that the recent disclosures leave them highly vulnerable to identity theft. But the Web site, LegiStorm, contends that it has a First Amendment right to publish already public information about some of the Capitol's most powerful players -- the high-level staffers -- and is creating a new check against potential corruption.

http://www.legistorm.com/



Related? (see also the dancing cop story, below)

http://www.nebraska.tv/Global/story.asp?S=8142329&nav=menu605_2

Small Kansas company airs Wal-Mart's unguarded video moments

Associated Press - April 9, 2008 2:44 PM ET

A Kansas-based company is selling access to three decades of internal meeting videos it made for retail giant Wal-Mart.

Flagler Productions of Lenexa says it opened the archive after Wal-Mart unexpectedly stopped using the firm in 2006 -- taking away the majority of its business.

The videos, filmed at management conferences and shareholder meetings, include male managers parading in drag and top executives in candid discussions on corporate strategy and hiring practices.

Among those paying the $250-an-hour research fee are plaintiffs attorneys suing Wal-Mart and union organizers.

Wal-Mart spokespeople say the company's not happy to see the archive open to the public but haven't said if it will pursue legal action.

Flagler officials say Wal-Mart never signed a contract so has no legal right to the videos.



More on the “discarded property” argument. Fingerprints, like skin cells or hair, are “abandoned” and therefore okay for anyone to collect and use. (I wonder if they would feel the same if I followed them around picking up used coffee cups and vacuuming the chairs they sat on?)

http://www.pogowasright.org/article.php?story=20080410062152806

Security czar pushes biometrics; Critics raise privacy issues

Thursday, April 10 2008 @ 06:21 AM EDT Contributed by: PrivacyNews News Section: Fed. Govt.

The U.S. homeland security czar says Canadians shouldn't fear plans to expand international sharing of biometric information such as fingerprints.

Michael Chertoff says a person's fingerprints are like footprints.

"They're not particularly private," Chertoff said in an interview yesterday during a brief visit to Ottawa.

"Your fingerprint's hardly personal data, because you leave it on glasses and silverware and articles all over the world."

Source - The Kingston Whig-Standard

[From the article:

At an international meeting next month, the U.S. Federal Bureau of Investigation plans to present further details of a project known as the "Server in the Sky" [Give it a cutesy name and everyone will love it? Bob] that would allow the four countries to compare biometric records on known or suspected terrorists.

... Chertoff says... ...The people who argue against information sharing don't understand that information sharing in many ways is the best protection for privacy, and not a threat to privacy."



It's not lying, it's “Political Marketing”

http://blog.aclu.org/index.php?/archives/608-Did-Mukasey-Lie-About-the-911-Call.html#comments

Wednesday, April 9, 2008

Did Mukasey Lie About the 9/11 Call?

Salon's Glenn Greenwald has been chasing down the story behind the comments Attorney General Michael Mukasey made in a speech in San Francisco last week. In the speech, Mukasey claimed that a pre-9/11 call from an "Afghan safe house" to a number somewhere in the U.S. wasn't intercepted because of the intelligence community's inadequate wiretapping capabilities under FISA. Mukasey implied that 9/11 could have been prevented if that call had been intercepted.

Greenwald pointed out yesterday that there are only two possibilities:

(1) The Bush administration concealed this obviously vital episode from the 9/11 Commission and from everyone else, until Mukasey tearfully trotted it out last week; or,

(2) Mukasey, the nation's highest law enforcement officer, made this story up in order to scare and manipulate Americans into believing that FISA and other surveillance safeguards caused the 9/11 attacks and therefore the Government should be given more unchecked spying powers.



Is this question as absurd as I (and most of the commenters) think it is? If not, should the power companies get a share of the profits from anyone who uses electricity?

http://tech.slashdot.org/article.pl?sid=08/04/09/2249235&from=rss

Who Pays for Rebuilding the Internet?

Posted by samzenpus on Wednesday April 09, @10:54PM from the anyone-but-me dept. The Internet The Almighty Buck

pcause writes

"The Internet (physical as opposed to technical) was really not designed for applications that want to use maximum bandwidth all of the time, such as P2P and streaming video. Here in the US we've seen Comcast try to balance the demands of P2P traffic with other traffic and its backbone capacity. In the UK, a flame war has broken out between the BBC and ISPs about the same issue. So the question is who pays? Should the content owners, who make the profits pay for the extra infrastructure or should the consumer pay?"



Signs of things to come?

http://www.technewsworld.com/rsstory/62522.html?welcome=1207828718

Adobe Grabs a Slice of Video 2.0 Pie

By Katherine Noyes TechNewsWorld 04/09/08 2:23 PM PT

Adobe's launch Wednesday of Adobe Media Player gives the company a toehold in the online video space. Additionally, say analysts, Adobe gains a leg up in competing with Microsoft's Silverlight platform, which is a competitor to Flash. That the player supports high-definition video standards helps as well.

Adobe on Wednesday announced that its Adobe Media Player 1.0 is now available as a free download.

... Meanwhile, Adobe also announced on Wednesday Adobe TV, a new network in Adobe Media Player with a series of shows that provide expert instruction and original series programming about Adobe products. [Yes there is lots of free entertainment, but this should suggest uses of this product to all sorts of organizations. Bob]



Hey! Give the guy a break. (but the tag line on the video is true...) Does the store have the right to “publish” this video?

http://www.aolvideoblog.com/2007/07/23/police-office-caught-dancing/

Police Officer Caught Dancing

Posted Jul 23rd 2007 8:39AM by Meredith R., Videologist Chief of Staff

Filed under: Music to Your Ears

Everyone's guilty of singing in the car or the shower when we think no one is watching. This police officer, however, got caught by a security camera in a convenience store -- dancing himself silly.



Dilbert explains “change management”

http://www.unitedmedia.com/comics/dilbert/archive/images/dilbert2008458440410.gif

Wednesday, April 09, 2008

The TJX model?

http://www.pogowasright.org/article.php?story=20080408213000153

Hannaford Bros. yanks ads from TV station for reporting

Tuesday, April 08 2008 @ 09:30 PM EDT Contributed by: PrivacyNews News Section: Breaches

The Hannaford supermarket chain says it's pulling advertising from WGME-TV.

The Scarborough-based company says it's doing that for what it calls "aggressive" reporting of a security breach that put the credit and debit card information of millions of consumers at risk.

Source - WCAX

[From the article:

WGME says it asked Hannaford if its coverage included any factual errors, but Hannaford only says the coverage has been too "aggressive." The station says it made several attempts to ask Hannaford for more information, but got no response.


...and as hardware gets smaller it becomes easier to steal...

http://www.pogowasright.org/article.php?story=20080408123529384

Stolen hardware basis for most breaches

Tuesday, April 08 2008 @ 12:35 PM EDT Contributed by: PrivacyNews News Section: Breaches

While the number of unique variants of malicious software more than quadrupled in 2007, lost laptops and storage devices -- not malicious software -- were the most common cause of a data breaches, security firm Symantec said in its latest Internet Security Threat Report released on Tuesday.

The report, based on data from more than 40,000 network devices and 120 million systems running Symantec software, found more than 700,000 new threats in the 2007, an increase of 468 percent over 2006. The attacks increasingly focused on stealing confidential information, with 68 percent of the top-50 threats targeting confidential information in the second half of 2007, up from 53 percent during the same period in 2006.

Source - Security Focus



Forgive me if I translate this from Gov-Speak

http://www.infoworld.com/article/08/04/08/Chertoff-says-DHS-project-will-lock-down-federal-computers_1.html?source=rss&url=http://www.infoworld.com/article/08/04/08/Chertoff-says-DHS-project-will-lock-down-federal-computers_1.html

Chertoff: DHS project will lock down federal computers

At the RSA conference, DHS head Michael Chertoff discussed the 'reverse Manhattan Project' to secure U.S. government computer systems

By Robert McMillan, IDG News Service April 08, 2008

U.S. Homeland Security Secretary Michael Chertoff said his agency is working on a "reverse Manhattan Project" to help secure the federal government's computer systems. [The security of our computers is abysmal... Bob]

... Chertoff said he would like to see the federal government develop an early warning system that could mitigate cyber attacks before they occur. [There is a place for psychics in government. Bob]



Once Privacy has been breached, there is no going back?

http://www.pogowasright.org/article.php?story=20080409054305970

UK: Formula 1 boss loses 'orgy' video legal battle

Wednesday, April 09 2008 @ 05:43 AM EDT Contributed by: PrivacyNews News Section: In the Courts

The High Court today refused to grant an injunction stopping the News of the World putting a 90-second extract of an "intrusive and demeaning" video involving motorsport boss Max Mosley and five prostitutes on its website.

Mr Justice Eady, in London, said the events, which were chronicled in the newspaper last month under the heading "F1 boss has sick Nazi orgy with 5 hookers", had received massive worldwide coverage, both in newspapers and on various websites.

Anyone who wished to access the footage could easily do so, and there was no point in barring the News of the World from showing what was already available.

Source - The Independent

[The link to the video is in the article. Not that I would ever watch such a thing (at least until the site recovers from the volume of hits) Bob]



Question: Was this a smart edit (never challenge a hacker) or is it an indication that they have already been hacked? Might make one of those interest (ever so polite) “questions” for the Prime Minister: “Would the PM kindly explain the Big-Brother-like revisions his respected but clearly incompetent minister made recently...”

http://www.pogowasright.org/article.php?story=20080409054022795

UK: Transcript disappears minister's 'hack-proof' ID register claim

Wednesday, April 09 2008 @ 05:40 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

At the end of February Home Office minister Meg Hillier explained the UK ID scheme security system to the Home Affairs Committee. "The National Identity Register, essentially," she said, "will be a secure database; ...hack-proof, not connected to the Internet... not be accessible online; any links with any other agency will be down encrypted links."

Except she didn't, apparently, because by the time the Committee session transcript was published, here, Hillier words had become: "The National Identity Register, essentially, will be a secure database; it will not be accessible online; any links with any other agency will be down encrypted links."

Source - The Register



What chance this will have an impact in the US?

http://www.theusdaily.com/articles/viewarticle.jsp?id=354137&type=Internet

Google defends user data policy after EU report

By Eric Auchard 04/08/08

SAN FRANCISCO (Reuters) - Google Inc on Monday defended a policy of retaining data on Web users for up to 18 months as necessary to improve search results, responding to an EU report that saw no need for search services to keep personal data beyond six months.

... The long-anticipated set of recommendations for how European data protection laws should be applied to Web search services was published on Friday and can be found at http://tinyurl.com/5yukzm.



Tools & Techniques You can find all kinds of fun stuff on the Internet...

http://www.news.com/8301-10784_3-9914896-7.html?part=rss&subj=news&tag=2547-1_3-0-5

Breaking into a power station in three easy steps

Posted by Elinor Mills April 8, 2008 6:58 PM PDT

"I will tell (you) how to break into a nuclear reactor," Ira Winkler, president of security firm ISAG said as he launched into his presentation on "How to Take Down the Power Grid" at RSA 2008 on Tuesday night.

... Below is a video showing a staged cyber attack on a power station that Winkler showed during his presentation:



Hacking: too easy to be a question on the final exam. (Doesn't a telecom provider have a “duty” to protect access to user accounts?)

http://consumerist.com/376845/flawed-security-lets-sprint-accounts-get-easily-hijacked

Flawed Security Lets Sprint Accounts Get Easily Hijacked

We found you can hijack a Sprint user's account as long as you know their cellphone number, just a smidge about them, and have half a brain. Once inside, you have total access to their account. You could change their billing address, order a whole bunch of cellphones sent to a drop location, and leave the victim paying the bill. There's also the stalker's wet dream: add GPS tracking to their cellphone and secretly watch their every movement from any computer.



Tools & Techniques (Creating and maintaining second class citizens) Mission creep.

http://techdirt.com/articles/20080407/174926781.shtml

Special License Plates Let Certain California State Employees Avoid Tolls, Red Light Cameras

from the abusing-the-system dept

With all the fuss recently over red light cameras, Boing Boing points us to a fascinating story about how somewhere around one million Californians have special license plate that basically shield them from toll booth transponders and red light cameras. Basically, the system was originally designed for police, putting their license plate info in a special secret database to shield home addresses from criminals who might want to hurt them. That system is no longer needed because DMV records are all now private. But one of the unintended consequences of the system was that it became nearly impossible to send a remotely recorded ticket (such as via a toll booth reader or a red light camera) to the guilty party -- since you couldn't get their address. It even works in some cases when people are pulled over by police, because once the plate is looked up the record indicates that the plate is in this protected category, so officers often let the driver off for being "protected."

To make matters worse, California has made it quite easy for state employees of all different types to get their license plate on the list, and from the sound of it, at least a few folks are abusing the privilege. The article found some who owed tens of thousands of dollars in unpaid fines for abusing toll lanes. It seems clear that many state employees are aware of these "benefits." The article notes that museum security guards actually made sure to include a clause in a recent labor agreement that would allow them to get these secret plates. At this point, it would appear there's simply no reason to keep these secret license plates in existence, but they're still there basically just to be used by folks who want to disobey traffic laws and get away with it for free, no matter how often they're caught.



Dilbert explains how to deal with the generation gap

http://www.unitedmedia.com/comics/dilbert/archive/images/dilbert2006112580409.gif

Tuesday, April 08, 2008

My nominee for a Privacy Guardian Award! (No, they don't exist. I just made that up. No one has ever qualified before...)

http://www.pogowasright.org/article.php?story=20080407163357198

Redbox Shows Businesses How To Properly Handle A Data Breach

Monday, April 07 2008 @ 04:33 PM EDT Contributed by: PrivacyNews News Section: Breaches

Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country, and on Friday they announced that they'd found credit card skimmers attached to three of their kiosks. What's surprising is that they 'fessed up so quickly, and in a highly public manner—they've got the text "SECURITY ALERT" at the top and bottom of their website, and the email they sent to their members is detailed, forthright, and helpful, and reposted in its entirety—along with photos of sample card skimmers—on their site. Attempts at identity theft no longer surprise us, but a competent handling of the issue by a company is pretty amazing. [Amen! Bob]

Source - The Consumerist blog



Isn't this similar to putting your trash out for collection? (Wouldn't this put an end to all those CSI TV shows?)

http://www.phiprivacy.net/?p=214

Apr-7-2008

Do People Have a Reasonable Expectation of Privacy in Abandoned DNA?

Information privacy lawyer Dan Solove has a commentary on the recent news article in the New York Times, “Lawyers Fight DNA Samples Gained on Sly,” in which he writes:

[…]

DNA is sensitive information in many people’s books, but it is also very hard to keep contained. We leave traces of DNA everywhere we go — in hair and skin we shed, in saliva, etc. It is quite easy for law enforcement officials to obtain our DNA.

DNA is one illustration of where the current Fourth Amendment regime doesn’t work very well with information privacy. It works well with papers and things — we can hide papers away in our homes or in bags, and we can have protection in our homes. But information in today’s Information Age often is hard to contain. It is hard to tuck away. The result is that our personal information is increasingly in places where the police no longer need warrants and probable cause.

Read the full commentary at Concurring Opinions


Related? The Gov-inator is not someone to make angry...

http://www.phiprivacy.net/?p=218

Apr-8-2008

Schwarzenegger Calls For Stronger Privacy Of Medical Records

Catharine Paddock, PhD has an article in Medical News Today about the recent revelations of privacy breaches at UCLA and how Governor Arnold Schwarzenegger is calling for stronger protections. Schwarzenegger himself has been in the situation of celebrity patient and reports that his privacy was invaded, too. What he describes, however, is more than just employee “snooping.” Paddock writes:

The Governor told the Times that every time he left the operating room he was told that people were going through his file. They “had white coats on”, he said, and they had snuck into the hospital, “They had nothing to do with the hospital staff at all,” he told the paper. [Did the hospital have a duty to protect those records? Bob]

Source: Medical News Today



If your organization received an email that claimed your security wasn't working, would you A) Ignore it. (Who do these people think they are?) B) Ask someone to look into it. C) Have you legal department send a letter threatening to sue?

http://www.pogowasright.org/article.php?story=20080407090404471

EXCLUSIVE: WellPoint exposed members' personal info, Rx records on the web

Monday, April 07 2008 @ 09:04 AM EDT Contributed by: PrivacyNews News Section: Breaches

Thousands of files on wellpoint.com containing what appear to be well over a million records -- many with members’ personal information or prescription information -- were indexed and cached by Google last year. WellPoint disallowed indexing of files and got them removed from Google's cache, but the data remained unencrypted and connected to the internet, where they could be accessed without any login or password for over a year.

In February 2007, just a few months after WellPoint, Inc. learned that a backup tape with unencrypted personal information on 196,000 Anthem Blue Cross and Blue Shield members had been stolen from Concentra Preferred Systems, they learned that a CD with unencrypted records on 75,000 of its Empire Blue Cross and Blue Shield members had been lost in transit. While in the midst of responding to this second data loss, WellPoint (WLP) was contacted by a customer who alerted them that thousands of files containing unencrypted and sensitive members’ records on the wellpoint.com domain had been indexed and cached by Google.

Based on screenshots of Google’s cached results provided to PogoWasRight.org, it took more than a month and a half before all of the files were removed from Google’s cache. But WellPoint’s members’ data were still vulnerable long after WellPoint was notified of security issues in February 2007. A year later, the company still maintained what appear to be at least three domains with all of the previously exposed files accessible to the world via your nearest web browser – no login or password required.

Following up on a tip from www.answerability.org, PogoWasRight.org learned that many of the files contained records that included members’ names, dates of birth, their member IDs (which appeared to be Social Security numbers in some of the earlier files), doctors’ names and the doctors’ DEA numbers, and the name and dosage of their prescriptions. Some files contained a few hundred records, while other files contained tens of thousands of records.

Other files labeled as being from WellPoint Pharmacy Management UniCare HMO contained pharmacy records sorted by diagnosis and name of provider’s group, with the member’s full name, age, the name of the doctor, the name of their pharmacy, the name of the medication, the date that the prescription was filled, and the cost. Files containing UniCare HMO records for members with diabetes, asthma, organ transplant patients, patients on narcotics/stadol, and prenatal patients were all there online for easy viewing by anyone.

All told, and as crude estimates, there may have been over 2,000,000 unique records exposed on the web, affecting over 100,000 unique individuals or what may total even hundreds of thousands of individuals. WellPoint did not respond to several inquiries about the total number of records or the total number of individuals whose records were cached in Google.....

Full story here


Related. (A bit of editorializing)

http://www.pogowasright.org/article.php?story=200804071031308

WellPoint breach highlights gaps in federal health privacy laws (commentary)

Monday, April 07 2008 @ 10:31 AM EDT Contributed by: PrivacyNews News Section: Breaches

A previously undisclosed breach involving WellPoint, Inc. reported on PogoWasRight.org today describes a web exposure incident involving unencrypted prescription records on the wellpoint.com domain. But that unintentional exposure was just part of a bigger story, because members’ information that was cached in Google remained unencrypted and accessible via the web without any password or login required for over a year.

When the largest commercial health insurer in the country exposes or leaves our personal health information vulnerable, it undermines the public's confidence in e-health databases connected to the internet. But our trust and confidence are also undermined if it turns out to be the case that we were never told that our health data were exposed because disclosure and notification were not mandated by any federal law.

Source - Chronicles of Dissent blog

[From the article:

As I understand it, the federal law known as HIPAA does not require those in possession of protected health information and who are covered by HIPAA to inform federal regulators of breaches. Nor does HIPAA require them to notify patients, members, or customers of breaches involving their health information. HIPAA requires covered entities — which generally includes health insurers — to “mitigate harm” in the event of a breach, but if there are no Social Security numbers, credit card numbers, or financial account numbers involved, then some might ask, “Where is the harm?”


Related (Slow reactions are common.)

http://www.pogowasright.org/article.php?story=20080407164728820

Army Shuts Down Site for Scrubbing

Monday, April 07 2008 @ 04:47 PM EDT Contributed by: PrivacyNews News Section: Breaches

A spreadsheet containing a "hidden" column of Social Security numbers belonging to about two dozen officers and civilian employees of one Army agency was left on the agency's website for five months after being notified of the presence of the personal information. (emphasis added by Dissent)

The Army's Acquisition Support Center has temporarily shut down its website to scrub the information from the spreadsheet, following FederalNewsRadio's request for an interview.

Source - Federal News Radio



“It is a waste of my valuable time to steal credit card data. I can buy all I want – cheap and fast.”

http://www.pogowasright.org/article.php?story=20080408061510170

Stolen identities going cheap

Tuesday, April 08 2008 @ 06:15 AM EDT Contributed by: PrivacyNews News Section: Other Privacy News

Fierce competition among identity thieves has driven the prices for stolen data down to bargain-basement levels, which has forced crooks to adopt mainstream business tactics to lure customers, according to a new report on Internet security threats.

Credit card numbers were selling for as little as US40 cents each and access to a bank account was going for $US10 in the second half of 2007, according to the latest twice-yearly Internet Security Threat Report from Symantec released Tuesday.

Source - The Age

Related - Dark Reading: New Crimeware-as-a-Service Market Thriving



This is very interesting – from several perspectives.

http://www.bespacific.com/mt/archives/018043.html

April 07, 2008

Intelligence Community Information Sharing Strategy

News release: "The Office of the Director of National Intelligence is announcing the first-ever strategy to improve the ability of intelligence professionals to share information, ultimately strengthening national security. The document, titled the U.S. Intelligence Community Information Sharing Strategy, complements a related national strategy that President Bush released last year. The document responds to needs identified in the 9/11 and WMD Commission reports, as well as mandates in executive orders and the 2004 Intelligence Reform and Terrorism Prevention Act."

[Of particular interest to me is the switch from “Need to Know” to “Responsibility to Provide” Bob]



Oh lookie there, the Emperor has no clothes! (The difference between “We can't” and “We don't want to”

http://www.pogowasright.org/article.php?story=2008040712213391

Ca: Letter to the Commissioner of the RCMP

Monday, April 07 2008 @ 12:21 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

The Privacy Commissioner of Canada, Jennifer Stoddart, sent the following letter to the Commissioner of the RCMP, regarding provisions of the Privacy Act for public interest disclosures.

William J.S. Elliott
Commissioner of the RCMP
Headquarters Bldg
1200 Vanier Parkway
Ottawa, ON K1A 0R2

Dear Mr. Elliot:

My Office has noted with interest the statements made to the media on March 24 and 25, 2008 that the RCMP refuses to disclose, for operational and privacy reasons, statistics regarding the use of taser guns by their members. For your information, Canada’s privacy laws take into account that there are occasions when it is appropriate and reasonable to disclose personal information without consent. The Privacy Act, which protects personal information of individuals held by government institutions and agencies, does contain a provision for public interest disclosures.

Source - Office of the Privacy Commissioner of Canada

[From the article:

A Fact Sheet prepared by this Office and entitled The Privacy Act: Not an excuse to promote secrecy sets out the specific circumstances in which government institutions may disclose personal information without the individual’s consent. We have attached this Fact Sheet for your perusal.

[Get the fact sheet at: http://www.privcom.gc.ca/fs-fi/02_05_d_29_e.asp


Related?

http://www.pogowasright.org/article.php?story=20080407162233435

Article: Data Mining and the Security-Liberty Debate

Monday, April 07 2008 @ 04:22 PM EDT Contributed by: PrivacyNews News Section: Other Privacy News

Abstract:

In this essay, written for a symposium on surveillance for the University of Chicago Law Review, I examine some common difficulties in the way that liberty is balanced against security in the context of data mining. Countless discussions about the trade-offs between security and liberty begin by taking a security proposal and then weighing it against what it would cost our civil liberties. Often, the liberty interests are cast as individual rights and balanced against the security interests, which are cast in terms of the safety of society as a whole. Courts and commentators defer to the government's assertions about the effectiveness of the security interest. In the context of data mining, the liberty interest is limited by narrow understandings of privacy that neglect to account for many privacy problems. As a result, the balancing concludes with a victory in favor of the security interest. But as I argue, important dimensions of data mining's security benefits require more scrutiny, and the privacy concerns are significantly greater than currently acknowledged. These problems have undermined the balancing process and skewed the results toward the security side of the scale.

Citation:

Solove, Daniel J., "Data Mining and the Security-Liberty Debate" . University of Chicago Law Review, Vol. 74, p. 343, 2008 Available at SSRN: http://ssrn.com/abstract=990030 (free full-text article)



Is this the result of the “We gotta do something!” syndrome?

http://techdirt.com/articles/20080407/170226779.shtml

It's Time To Play The Game: What's Comcast Blocking Now?

from the answer:-everything? dept

Broadband Reports highlights a new research report out of the University of Colorado suggesting that Comcast has changed its traffic shaping system such that it's sending RST packets for any kind of TCP traffic at times,[“As user volumes goes up, customer service goes down.” Bob] rather than just for BitTorrent traffic. Comcast has responded saying that this is not the planned change it had announced a couple weeks ago. In fact, the company itself seems confused about the report -- but given the company's own unwillingness to admit to what it was doing in the past, it's hard to know how honest the company is being. Of course, it could just be a technical error. Considering that Comcast's earlier efforts included an accidental jamming of Lotus Notes, a technical mistake might make the most sense.



Oxymoron alert: Legal Ethics I am torn. This may be simple extortion, but if it works as desired isn't it a good business strategy? Perhaps if the letters came from a non-lawyer?

http://techdirt.com/articles/20080407/002030770.shtml

File Sharing Pre-Settlement Letters In Europe Get Lawyer Banned For Six Months

from the extortion-not-appreciated dept

Earlier this year, we wrote about how common it was becoming for companies to send out "pre-settlement" letters to people they haven't yet accused of a crime. While these are well-known for groups like the RIAA, they're also used by big retailers and were famously used by DirecTV against anyone it thought might have been stealing satellite TV. The letter basically demands an upfront payment to get the company not to sue. And, of course, the letter includes all sorts of threatening legalese about how going to court will be expensive and time consuming, suggesting that it's much easier to just pay up. While these "extortion-lite" letters in the US grow in popularity, it looks like folks in Europe aren't so willing to let them pass. A lawyer representing Logistep, a company that has recently run into trouble in both Italy and Switzerland for its tactics in trying to sniff out file sharers, has been banned from practicing law for six months by the Paris Bar Council. The lawyer had been sending out these types of letters demanding 400 euros not to sue, and the Paris Bar apparently felt this was rather problematic. Somehow I doubt we'll see the same sort of thing happen in the US any time soon.



Are we missing a great scientific research opportunity here? Unlike driving while chatting/texting, here we could (in only a generation or two) determine if Darwin was right! If these people have a higher than normal mortality rate, they should be gone from the gene pool rather quickly (and because we start them so young, perhaps before they can reproduce.) Think about it – and look for Christian Fundamentalist to oppose the legislation.

http://techdirt.com/articles/20080403/144230741.shtml

Next Thing To Ban: Walking While Talking On A Mobile Phone

from the no-chatting-for-you dept

Last month we pointed to some recent studies about how people walking while talking on mobile phones tend to do things that are riskier than those not talking on mobile phones and jokingly asked when politicians would start proposing bans on walking-while-talking, to go along with the popular bans on driving while talking. It didn't take long at all, actually. Parker Mason writes in to let us know that an Illinois lawmaker has proposed a ban on talking on a mobile phone while in a crosswalk. Combine that with jaywalking and you could really piss off a person who wasn't actually doing something dangerous. Actually, this isn't the first time such a thing has been proposed. Last year a similar law was proposed in New York, though I don't believe it went anywhere. It's nice that politicians want to protect people, but at some point you really have to ask why people can't take responsibilities for their own actions?


Another People-are-too-stupid-to-live-without-our-guidance-law?

http://www.wdbj7.com/Global/story.asp?S=8127995

April 7, 2008

Virginia 1st state to require Internet safety lessons

RICHMOND, Va. (AP) -- Virginia is the first state to mandate that public schools offer Internet safety classes for all grade levels -- and it's one of many measures being taken nationally to protect young Web users.



I suspect this will become a favorite target of hackers. Politicians would do well to avoid those aroma-therapy devices. Perhaps we should make them mandatory?

http://www.infoworld.com/article/08/04/08/When-roses-wont-do-e-mail-a-frangrance_1.html?source=rss&url=http://www.infoworld.com/article/08/04/08/When-roses-wont-do-e-mail-a-frangrance_1.html

When roses won't do, e-mail a frangrance

NTT Communications will test a service that allows users to send fragrances from their cell phones

By Martyn Williams and Chiara Castañeda, IDG News Service April 08, 2008



Resource? I can see this expanding to become useful...

http://google-latlong.blogspot.com/2008/04/all-news-thats-fit-to-print-on-map-new.html

All the news that’s fit to print on a map: The New York Times in Google Earth

Monday, April 7, 2008 at 8:14 AM Posted by Wei Luo, Tech Lead Manager, Google Earth

I read a lot of news by surfing the Internet, as do many of my colleagues and friends, and I've always dreamed of a way to browse news based on geography. What's happening in Paris today? What are the top headlines in Japan?

,,, To experience this new way of getting your daily dose of news, launch the latest version of Google Earth and make sure the "Geographic Web" folder is turned on. Click on a New York Times placemark and you will see the latest news and features pertaining to that geographic region. Want to see more than just headlines? Click on the "Show this layer" button at the top of the preview bubble and you'll get a list of news articles dating back one month.



Alert Homeland Security! Drive an Ice Cream truck, go directly to Guantanamo!

http://www.thelocal.se/10952/20080407/

Swedish ice cream trucks 'a form of torture'

Published: 7 Apr 08 12:30 CET

Selling ice cream and candy with enticing melodies ought to be outlawed because it is connected to child obesity.

The suggestion comes from Bo Sjöberg, a professor at the Sahlgrenska Academy in Gothenburg, who compares the repetition of ice cream trucks’ jingle with modern torture methods.