Saturday, November 22, 2008

Another side of the Privacy coin. “Protect your customers data like your own?” No links to the nude photos – ask your local McDonalds for an Adult Happy Meal w/links.

http://www.pogowasright.org/article.php?story=2008112205011075

AR: Private Photos Posted Online, Lawsuit Claims

Saturday, November 22 2008 @ 05:01 AM EST Contributed by: PrivacyNews

A Bella Vista couple has sued McDonald's for at least $3 million after nude photographs of the woman were allegedly taken off her husband's misplaced cell phone and posted on the Internet.

Phillip and Tina Sherman say Phillip left his cell phone at McDonald's on Sixth Street in Fayetteville on July 5. Tina Sherman then began receiving offensive calls and text messages about the pictures, then learned her pictures, which she had sent her husband, had been posted on-line along with her name, address and phone number.

The Web site allegedly described how McDonald's employees retrieved the pictures from a phone left at the restaurant.

Source - NWAonline.com



Helping to define a “reasonable expectation of Privacy” and what it is worth?

http://www.pogowasright.org/article.php?story=2008112205091987

Sienna Miller gets £53k for press intrusion

Saturday, November 22 2008 @ 05:09 AM EST Contributed by: PrivacyNews

Sienna Miller has reached a settlement with an agency of paparazzi photographers over claims of harassment and invasion of privacy.

The actor had sued Big Pictures and its founder Darryn Lyons over what she described as intolerable intrusions by pursuing photographers.

Yesterday the agency agreed to pay £53,000 in damages and costs as part of a settlement. It includes an undertaking that the agency will not pursue Miller - by car, motorcycle or on foot - or "doorstep" her at her home or that of her family. The agency will be allowed to take pictures when she goes to bars, nightclubs or restaurants, is out in public, or at a "red carpet" event.

Source - Guardian



It's not war! It's ABC “Aggressive Browsing from China” Think of the old fable of an infinite number of monkeys typing on an infinite number of typewrites eventually producing “War & Peace” Now think of a billion Chinese teenagers trying random URLs (www.random.random.MIL) and random passwords and reporting all successes to a central database.

http://news.slashdot.org/article.pl?sid=08/11/21/2319241&from=rss

Chinese Hacking of American Military Networks On the Rise

Posted by Soulskill on Friday November 21, @06:23PM from the secure-the-international-tubes dept. Government Security The Military United States

Anti-Globalism writes with this excerpt from the Guardian:

"China is stealing sensitive information from American computer networks and stepping up its online espionage, according to a US congressional panel. Beijing's investment in rocket technology is also accelerating the militarization of outer space and lifting it into the 'commanding heights' of modern warfare, the advisory group claims. ... A summary of the study, released in advance, alleges that networks and databases used by the US government and American defense contractors are regularly targeted by Chinese hackers. 'China is stealing vast amounts of sensitive information from US computer networks,' says Larry Wortzel, chairman of the commission set up by Congress in 2000 to investigate US-China issues."

The full study addresses these issues and others relating to the US-China relationship (PDF).



Might be worth a listen if you can't read...

http://news.cnet.com/8301-12640_3-10105508-91.html?part=rss&subj=news&tag=2547-1_3-0-5

Security Bites 122: IBM sees security challenges ahead

Posted by Robert Vamosi November 21, 2008 1:20 PM PST

Last month, IBM released a report (PDF) identifying the security challenges facing enterprises in the next two to five years.

... Kris Lovejoy, director of Governance and Risk Management and Corporate Security Strategy at IBM, spoke with CNET's Robert Vamosi about the report. She cites nine trends companies should be watching:

1. Securing virtualized environments
2. Alternative ways to delivery security

3. Securing mobile devices
4. Managing risk and compliance
5. Identity governance
6. Information security
7. Predictable security of applications
8. Protecting the evolving network
9. Sense and respond physical security

Listen now: Download today's podcast



So... Does this suggest that the Bush administration was 50 times more verbose than Clinton or that Clinton was 50 times more efficient? (or that politicians only learned how to use e-mail in the last 8 years? or...)

http://news.slashdot.org/article.pl?sid=08/11/22/1312245&from=rss

Bush Administration's E-Mail Deluge May Overload Archive System

Posted by Soulskill on Saturday November 22, @09:16AM from the hello-sir-madam dept. Government Communications United States Technology

Lucas123 writes

"The Clinton administration generated 32 million e-mails. Bush's administration has generated 50 times as much data — 140TB, 20TB of which is email — which soon will have to be archived through a new government-built records management system. The new system may not be up to the task because the technology behind it may not be able to handle the sheer volume of data along with the fact that the Bush administration has been slow in providing the National Archives and Records Administration (NARA) with needed information about the records, according to a Computerworld story. Questions have also been raised about millions of missing e-mails from between March 2003 and October 2006. 'It wasn't until this summer that an intensive effort began to share information,' said Ken Thibodeau, director of NARA's Electronic Records Archives."



I was discussing (debating) this with Professor Soma just the other day. This sounds more like his idea than my idea... Damn, but I hate losing arguements!

http://news.cnet.com/8301-13578_3-10105776-38.html?part=rss&subj=news&tag=2547-1_3-0-5

The key to innovation: Privately owned fiber?

Posted by Stephanie Condon November 21, 2008 4:20 PM PST

... While Congress has taken steps to promote universal broadband, a new working paper from the New America Foundation suggests a peculiar route to fostering the nation's next great innovators: allowing consumers to purchase and own their own fiber-optic connection.

In their paper Homes with Tails (PDF), Columbia Law School professor and NAF Fellow Tim Wu and Google Policy Analyst Derek Slater lay out a proposal in which a community would establish a collectively-owned fiber trunk cable that would lead to individually-owned lines into people's homes.

Such an architecture would be "akin to a condominium complex--also a radical form of property not too long ago," Slater said.



No doubt the IRS will want to follow suit. “This is common practice in other countries, we should have the right to do it too!”

http://www.pogowasright.org/article.php?story=20081122045258536

UK: Revenue in storm over disclosure of taxpayer data to researchers

Saturday, November 22 2008 @ 04:52 AM EST Contributed by: PrivacyNews

A year after HM Revenue & Customs lost 25m people's personal data it is writing to some taxpayers telling them it will pass on their names and details to a market research company – unless told not to do so before next Tuesday.

Source - Telegraph

[From the article:

"This may well be a criminal offence as it does not seem to fall within any of the disclosure gateways allowed by the Commissioners For Revenue & Customs Act 2005."

But a spokesman for HMRC said: "The research company receives the data on the same strictly confidential basis that we do. They are subject to rigorous security checks before their appointment. [Doesn't that make you feel all warm and fuzzy? Bob]



“We do this to kill off the ones with weak hearts. It makes our job easier...”

http://www.pogowasright.org/article.php?story=20081121091205714

UK: Department of Health tops lost laptop rankings

Friday, November 21 2008 @ 09:12 AM EST Contributed by: PrivacyNews

The Government loses a computer a week, according to figures unearthed by the Conservative Party.

Shadow housing minister Grant Shapps wrote to ministers in six departments asking them "What (a) equipment and (b) data was lost by [their] Department in the last 12 months?"

Cumulatively, he discovered the Government has lost 53 computers and laptops over the course of 2008. He also found that 36 BlackBerries had gone missing, together with 30 mobile phones and four memory sticks. However the losses could be greater, as the Ministry of Defence and the Home Office declined to provide figures.

The Department for Health was the biggest culprit losing 14 laptops, though quite what happened to these machines we may never know as the "Department does not differentiate between stolen, missing or lost equipment." [Translation: Management doesn't give a damn. Bob]

Source - IT PRO



“Sure we were wrong, but you have to admit we were right before we drop the charges.” A cautionary tale for my Computer Forensics students. (Law Students: Who would you sue to right this wrong?)

http://www.pogowasright.org/article.php?story=20081121175501481

Connecticut drops felony charges against Julie Amero, four years after her arrest

Friday, November 21 2008 @ 05:55 PM EST Contributed by: PrivacyNews

The unbelievable story of Julie Amero concluded quietly Friday afternoon at Superior Court in Norwich, with the state of Connecticut dropping four felony pornography charges.

Amero agreed to plead guilty to a single charge of disorderly conduct, a misdemeanor. Amero, who has been hospitalized and suffers from declining health, also surrendered her teaching license.

Source - Hartford Courant

[From the article:

In June of 2007, Judge Hillary B. Strackbein tossed out Amero's conviction on charges that she intentionally caused a stream of "pop-up" pornography on the computer in her classroom and allowed students to view it. Confronted with evidence compiled by forensic computer experts, Strackbein ordered a new trial, saying the conviction was based on "erroneous" and "false information."

But since that dramatic reversal, local officials, police and state prosecutors were unwilling to admit that a mistake may have been made -- even after computer experts from around the country demonstrated that Amero's computer had been infected by "spyware."

... The case also caught the attention of computer security experts [enough to have a wikipedia entry! Bob] from California to Florida, who read about Amero's conviction on Internet news sites. Recognizing the classic signs of a computer infected by malicious adware, volunteers examined computer records and the hard drive and determined that Amero was not responsible for the pornographic stream on her computer.

The state never conducted a forensic examination of the hard drive and instead relied on the expertise of a Norwich detective, with limited computer experience. Experts working for Amero ridiculed the state's evidence, saying it was a classic case of spyware seizing control of the computer.

... Among other things, the security experts found that the Norwich school system had failed to properly update software that would have blocked the pornography in the first place.



Oceania is not at war with Eastasia. We have never been at war with Eastasia. Eastasia is our old and trusted ally. (Does BT stands for “Brother Too” or “Brother Two”? I forget.)

http://yro.slashdot.org/article.pl?sid=08/11/22/0221226&from=rss

BT Silences Customers Over Phorm

Posted by Soulskill on Saturday November 22, @12:06AM from the lalala-i-can't-hear-you dept. Privacy Communications Networking

An anonymous reader writes

"The Register reports that BT, the UK's dominant telecom and internet service provider, has 'banned all future discussion of Phorm and its "WebWise" targeted advertising product on its customer forums, and deleted all past threads about the controversy dating back to February.' Phorm is a controversial opt-out system for delivering targeted advertising that intercepts traffic passing through an ISP in order to profile subscribers via an assigned unique ID based on their online activities. Subscribers can opt-out at the Webwise website but are opted-in again if the Phorm cookie is cleared. Firefox users can install Melvin Sage's Firephorm add-on to manage their interaction with Phorm and Webwise."



Almost a PowerPoint article...

http://www.forbes.com/2008/11/21/data-breaches-cybertheft-identity08-tech-cx_ag_1121breaches.html

Banking's Data Security Crisis

Andy Greenberg, 11.21.08, 10:00 AM EST

During the past year, banks have lost more of their customers' personal data than ever before.

Countrywide Financial may have become a poster child for U.S. financial institutions ruined by poisonous subprime loans--but junk assets, it turns out, weren't the only element of Countrywide's inner workings that were rotten.

So, allegedly, was one senior financial analyst in the company's subprime mortgage division. According to the reports of FBI officials who arrested him in August, 36-year-old Rene Rebollo spent his Sunday nights last summer copying a total of more than 2 million of Countrywide's customer records to a flash drive and selling the data to identity thieves. [Beware of employees who work voluntary overtime! Bob]

... According to numbers released Nov. 18 by the data breach tracking organization Identity Theft Resource Center, financial institutions were responsible for more than half the 33 million personal records known to be lost in all reported data breaches so far this year, compared with just 7% of known lost records in 2007.



DHS uses WinZip to encrypt their files. Simple step by step guide in Appendix A. Remember this next time a laptop computer goes missing...

http://www.pogowasright.org/article.php?story=20081121092336690

Handbook for Safeguarding Sensitive Personally Identifiable Information at DHS

Friday, November 21 2008 @ 09:23 AM EST Contributed by: PrivacyNews

The DHS Privacy Office "Handbook for Safeguarding Sensitive PII at DHS" applies to every DHS employee, contractor, detailee and consultant. The document sets minimum standards for how personnel should handle Sensitive PII in paper and electronic form during their everyday work activities at DHS.

Source - Handbook for Safeguarding Sensitive Personally Identifiable Information At The Department of Homeland Security [pdf, 19 pages]


Related

http://www.pogowasright.org/article.php?story=20081121143755272

New guidelines push agencies to build in IT security controls upfront

Friday, November 21 2008 @ 02:37 PM EST Contributed by: PrivacyNews

Guidelines on evaluating information security at agencies soon will be revised to better address concerns about protecting personal information and to incorporate risk assessments into processes for building computer systems, said a panel of government officials on Thursday.

In December, the National Institute of Standards and Technology will release for comment an updated version of Special Publication 800-53, "Recommended Security Controls for Federal Information Systems," which will include a new appendix of controls agencies can put in place to ensure privacy. The appendix lays out guidelines for considering identifiable personal information when developing security plans for IT systems. Applications that contain Social Security numbers, for example, would incorporate stricter access controls to prevent unauthorized individuals from accessing or downloading the data.

Source - NextGov

Special Publication 800-53 "Recommended Security Controls for Federal Information Systems"

SP 800-39, "Managing Risk From Information Systems"


Completely unrelated, but it seems to be a day for handbooks and guides

http://www.bespacific.com/mt/archives/019875.html

November 21, 2008

Rule of Law Handbook 2008

Library of Congress, Federal Research Division: Rule of Law Handbook 2008, The Judge Advocate General's Legal Center and School, U.S. Army Center for Law and Military Operations



Oh gee, it couldn't happen to a nicer bunch of guys!

http://news.slashdot.org/article.pl?sid=08/11/21/1644213&from=rss

RICO Class Action Against RIAA In Missouri

Posted by kdawson on Friday November 21, @12:49PM from the take-'em-down-dano dept. The Courts Music

NewYorkCountryLawyer writes

"In Atlantic Recording v. Raleigh, an RIAA case pending in St. Louis, Missouri, the defendant has asserted detailed counterclaims against the RIAA for federal RICO violations, fraud, violation of the Computer Fraud and Abuse Act, prima facie tort, trespass, and conspiracy. The claims focus on the RIAA's 'driftnet' tactic of suing innocent people, and of demanding extortionate settlements. The RICO 'predicate acts' alleged in the 42-page pleading (PDF) are extortion, mail fraud, and wire fraud. The proposed class includes all people residing in the US 'who were falsely accused ... of downloading copyrighted sound recordings owned by the counterclaim Defendants and making them available for distribution or mass distribution over a P2P network and who incurred costs and damages including legal fees in defense of such false claims' or 'whose computers used in interstate commerce and/or communication were accessed ... without permission or authority.' [I particularly like that one! Bob] This is the second class action of which we are aware against the RIAA and the Big 4 recording companies, the first being the Oregon class action brought by Tanya Andersen, which is presently in the discovery phase."



It has been a long time coming, but come it did.

http://news.slashdot.org/article.pl?sid=08/11/21/1849215&from=rss

Final Judgment — SCO Loses, Owes $3,506,526

Posted by timothy on Friday November 21, @02:15PM from the seems-charitable-to-sco dept. The Courts Caldera Unix Linux

Xenographic writes

"SCO has finally lost to Novell, now that Judge Kimball has entered final judgment against SCO. Of course, this is SCO we're talking about. There's still the litigation in bankruptcy court, which allowed this case to resume so that they could figure out just how much SCO owes, which is $3,506,526, if I calculated the interest properly, $625,486.90 of which will go into a constructive trust. And then there's the possibility that SCO could seek to have the judgment overturned in the appeals courts, or even the Supreme Court when that fails. Of course, they need money to do that and they don't really have much of that any more. Remember how Enderle, O'Gara and company told us that SCO was sure to win? I wonder how many people have emailed them to say, 'I told you so.'"



MineInternet data yourself! (There is a free version.)

http://www.pogowasright.org/article.php?story=20081121172237797

When Everyone Can Mine Your Data

Friday, November 21 2008 @ 05:22 PM EST Contributed by:PrivacyNews

Roelof Temmingh has a knack for stirring up trouble. The 35-year-old South African electronic engineer has fought legal battles with financial institutions, developed theoretical models for cyberterrorism and served as a technical adviser for a book about how hackers could take over the continent of Africa.

But Temmingh's latest exploit could make the most last impact. He has created a tool he calls Maltego that lets just about anybody do the kind of data mining that in the past only fraud investors, government specialists and hackers typically could do.

Source - Forbes

[From the article:

The commercial product isn't cheap--$430 a year--but the Pretoria-based Paterva, the company that Temmingh founded as he developed Maltego, offers a watered-down version free. Law enforcement, government and intelligence agencies can apply for a 10% discount.

... Worried about information leaks your company? Input lists of employees from your rival companies, and Maltego can graphically depict how they might be related to your employees. It can also provide likely e-mail address, phone numbers and personal Web sites--and then use this information to add a new layers to the investigation.

http://www.paterva.com/maltego/



Is this news?

http://news.slashdot.org/article.pl?sid=08/11/21/1458214&from=rss

US Officials Flunk Test On Civic Knowledge

Posted by samzenpus on Friday November 21, @03:06PM from the you-are-what-you-elect dept.

A test on civic knowledge given to elected officials proved that they are slightly less knowledgeable than the uninformed people who voted them into office. Elected officials scored a 44 percent while ordinary citizens managed an amazing 49 percent on the 33 questions compiled by the Intercollegiate Studies Institute. "It is disturbing enough that the general public failed ISI's civic literacy test, but when you consider the even more dismal scores of elected officials, you have to be concerned," said Josiah Bunting, chairman of the National Civic Literacy Board at ISI. The three branches of government aren't the Nina, the Pinta, and the Santa Maria?

[Take the test: http://www.americancivicliteracy.org/resources/quiz.aspx

[I did: You answered 32 out of 33 correctly — 96.97 % [It was a typo, honest! Bob]

Friday, November 21, 2008

A bad news, good news story: With celebrity comes stalkers. With the Presidency come the Secret Service!

http://www.pogowasright.org/article.php?story=20081121054252762

Obama's cell phone records breached

Friday, November 21 2008 @ 05:42 AM EST Contributed by: PrivacyNews

Records from a cell phone used by President-elect Obama were improperly breached, apparently by employees of the cell phone company, his transition team said Thursday.

Spokesman Robert Gibbs said the team was notified Wednesday by Verizon Wireless that it appears an employee improperly went through billing records for the phone, which Gibbs said Obama no longer uses.

In an internal company e-mail obtained by CNN, Verizon Wireless President and CEO Lowell McAdam disclosed Wednesday that "the personal wireless account of President-elect Barack Obama had been accessed by employees not authorized to do so" in recent months.

Source - CNN

[From the article:

Gibbs said that anyone viewing the records likely would have been able to see phone numbers and the frequency of calls Obama made, but that "nobody was monitoring voicemail or anything like that." [...and we have the NSA's word on that! Bob]



Here in Texas, it just takes a mouse click to publish your personal information. To remove it, simply file form C-22 in quituplicate with the appropriate clerks five days prior to publication.

http://www.pogowasright.org/article.php?story=20081120184306497

El Pasonas Must Request To Remove Private Info From Web Site

Thursday, November 20 2008 @ 06:43 PM EST Contributed by: PrivacyNews

The job of the county clerk's office is to simply preserve and record public and vital records of individuals in the community. The county clerk said it's not against the law to publish these records on the Internet, but she's working on a system to remove identifying information.

Your personal documents that could contain identifying information are public records. And it's easy to get to when ithey're published on the county Web site. It's an identity theft issue that should concern everyone.

... If you've ever filed any documents in the El Paso County Court, you should check the Web site to see if there's private information. If there is, you need to request a redaction, and you can do that by calling the county clerk's office or going to the Web site and filing out a form giving specific instruction as to what information to remove.

Source - KFOX TV

[From the article:

Briones explains it's not against the law to publish these records; in fact, it's her job. But she said her office is working on obtaining the software needed to remove private information from public records.



What information do you need to commit this crime? Detailed credit card purchases?

http://pokedandprodded.health.com/2008/11/18/fake-fda-agents-target-people-who-buy-drugs-online/

Fake FDA Agents Target People Who Buy Drugs Online

By Theresa Tamkins | November 18, 2008

... The FDA says scam artists claiming to be “FDA special agents” have been phoning people and threatening them with prison if they don’t cough up a pile of cash, typically thousands of dollars.

... The targets are generally people who have already been the victims of credit card fraud, or who have purchased drugs on the Internet or over the phone.



Should “punishment” be based on volume or procedures?

http://www.pogowasright.org/article.php?story=20081121055730180

UK: EDS goes unpunished for data loss (follow-up and update)

Friday, November 21 2008 @ 05:57 AM EST Contributed by: PrivacyNews

Justice secretary Jack Straw has been accused of letting EDS get away with " a slap on the wrist" after losing a hard drive containing sensitive personal data on prison staff.

... In a Commons statement on the outcome of the inquiry Straw revealed that the hard drive contained bank details, addresses, National Insurance numbers and dates of birth on 256 staff, and not 5,000 as originally reported.

... Straw said that EDS "is taking appropriate action", including disciplinary action "if necessary", and that National Offender Management Service (Noms) staff face disciplinary action for concealing the news from ministers.

Source - computing.co.uk Related - BBC




Privacy as a strategic weapon? Don't stand behind the bazooka!

http://www.pogowasright.org/article.php?story=20081120084310564

Does AT&T’s Newfound Interest in Privacy Hurt Google?

Thursday, November 20 2008 @ 08:43 AM EST Contributed by: PrivacyNews

When I first read about the formation of a new privacy think tank in Washington funded initially by AT&T, my first instinct was to see it in light of the company’s battle against Google. And I do think that is part of the story, but I also think the new group has the potential to do some real good.

.... Several commentators, including Zachary Roth of Talking Points Memo and Jeff Chester of the Center for Digital Democracy, have seen this as a business group trying to block any new government intervention in the advertising business. My take is that this fits more into the movement by a lot of companies to undercut the growing power of Google. Microsoft has spent a lot of time talking about privacy in Washington because it sees the topic as Google’s Achilles heel.

Source - NY Times



Take every opportunity to NOT talk about your failures...

http://www.pogowasright.org/article.php?story=20081120132028331

8 Corporations No-Shows At ID Theft Hearing

Thursday, November 20 2008 @ 01:20 PM EST Contributed by:PrivacyNews

They were targeted by an international ring of computer thieves -- so why did a number of large retail chains fail to notify customers in California about the theft of sensitive credit information?

That question was left unanswered Wednesday in a Capitol hearing about identity theft, as eight corporations were no-shows.

According to a federal indictment, all eight corporations were victimized through identity theft and stolen data by a large international ring of hackers.

Office Max, Barnes & Noble, Sports Authority, TJX -- also known as TJ Maxx -- DSW, and Dave & Buster's, Boston Market and Forever 21 opted to ignore the invitation from the Assembly Judiciary Committee.

Source - KCRA

Comment: maybe the Assembly Judiciary Committee should extend another "invitation" a little more forcefully? The companies who did not notify customers need to explain when they first found out that they had had a breach and whether customers were then notified, and if not, why not. -- Dissent



This looks interesting, but I'm having problems accessing the PDF.

http://www.bespacific.com/mt/archives/019866.html

November 20, 2008

National Intelligence Council Report - Global Trends 2025- A Transformed World

Global Trends 2025: A Transformed World, November 2008 - "We prepared Global Trends 2025: A Transformed World to stimulate strategic thinking about the future by identifying key trends, the factors that drive them, where they seem to be headed, and how they might interact. It uses scenarios to illustrate some of the many ways in which the drivers examined in the study (e.g., globalization, demography, the rise of new powers, the decay of international institutions, climate change, and the geopolitics of energy) may interact to generate challenges and opportunities for future decisionmakers. The study as a whole is more a description of the factors likely to shape events than a prediction of what will actually happen."



Will this ruling cause other states to adopt similar laws?

http://blog.wired.com/27bstroke6/2008/11/state-can-ban-p.html

State Can Ban Prescription Data Mining, Appeals Court Rules

By Ryan Singel November 20, 2008 8:11:43 PM

Data-mining companies have no constitutional right to buy prescription data in order to help pharmaceutical companies lobby doctors to prescribe their brand-name drugs, a federal appeals court ruled Monday.

The 3-0 decision by the U.S. 1st Circuit Court of Appeals re-instates New Hampshire's 2006 ban on the commercial use of prescription information which is routinely bought from insurers and pharmacy benefit managers by data mining companies. That information includes the names of the doctor, patient and drug.

The companies sell the profiles to drug companies, whose 'detailers' then canvass doctors, buy lunches and give them free samples in order to influence what drugs they sell -- an effective marketing technique the industry spends $4 billion a year on.

[From the article:

The plaintiffs, who are in the business of harvesting, refining, and selling this commodity, ask us in essence to rule that because their product is information instead of, say, beef jerky, any regulation constitutes a restriction of speech. We think that such an interpretation stretches the fabric of the First Amendment beyond any rational measure.

The court also ruled that even if the state did stifle free speech with its ban on sharing or selling the information for commercial use, it would still be constitutional since the state has a vested interest in keeping health costs low.



The heavy hitters have been waiting for a case they could use to batter the RIAA. Perhaps this is it? More likely, the RIAA will back away.

http://news.slashdot.org/article.pl?sid=08/11/20/1830237&from=rss

Lessig, Zittrain, Barlow To Square Off Against RIAA

Posted by timothy on Thursday November 20, @01:47PM from the ensemble-cast dept. The Courts Music

NewYorkCountryLawyer writes

"The RIAA's case in Boston against a 24-year-old grad student, SONY BMG Music v. Tenenbaum, in which Prof. Charles Nesson of Harvard Law School, along with members of his CyberLaw class, are representing the defendant, may shape up as a showdown between the Electronic Frontier and Big Music. The defendant's witness list includes names such as those of Prof. Lawrence Lessig (Author of 'Free Culture'), John Perry Barlow (former songwriter of The Grateful Dead and cofounder of the Electronic Frontier Foundation), Prof. Johan Pouwelse (Scientific Director of P2P-Next), Prof. Jonathan Zittrain (Author of 'The Future of the Internet — And How to Stop It'), Professors Wendy Seltzer, Terry Fisher, and John Palfrey, and others. The RIAA requested, and was granted, an adjournment of the trial, from its previously scheduled December 1st date, to March 30, 2009. (The RIAA lawyers have been asking for adjournments a lot lately, asking for an adjournment in UMG v. Lindor the other day because they were so busy preparing for the Tenenbaum December 1st trial ... I guess when you're running on hot air, you sometimes run out of steam)."


Related: The Internet as a disintermediator.

http://news.cnet.com/8301-13526_3-10104750-27.html?part=rss&subj=news&tag=2547-1_3-0-5

Byrne/Eno succeed in cutting out the middleman

Posted by Matt Rosoff November 20, 2008 5:01 PM PST

Back in August, I noted that the new David Byrne/Brian Eno album, Everything That Happens Will Happen Today, was available in its entirety as a free streaming audio file.

They also put up a free download of one track, "Strange Overtones." Later, they offered several packages to purchase--from downloads-only for $8.99 to a deluxe package with a hardbound book, screensaver, and extra songs for $69.99.

Turns out that this release and marketing strategy was driven by Topspin Media, which is led by former Yahoo Music Vice President Ian Rogers.

A couple weeks ago, Rogers spoke at a Grammy-sponsored event in Seattle and, as Idolator reports, the results of the Byrne/Eno experiment have worked out quite well for the artists. After eight weeks of digital-only sales, the duo have already grossed what they would have earned from a typical record company advance for artists of their expected sales profile. And that's without any physical CDs--they don't drop into retail stores until November 30.

As Nine Inch Nails has already shown, the key for established artists is to reach out to their "superfans" and give them opportunities to feel like they're part of an exclusive club. In the case of Byrne/Eno, it really worked: of the people who entered an e-mail address, more than 50 percent opened the subsequent e-mail, and more than 20 percent eventually purchased music through the site.

I'm a David Byrne fan--I've bought most of his solo CDs (which range from OK to great), and have seen him in concert a few times (always outstanding). Sure enough, as soon as I found out that I could buy a physical CD through the site, that's what I did. I guess I'm not a superfan, as I didn't spring for the $70 deluxe package, but I did buy tickets for Byrne's Seattle stop as soon as I heard they were going on sale.



First rule of hacking: Use someone else's identity. (We They call it “e-deniability”)

http://www.pogowasright.org/article.php?story=20081120183448616

Ca: RCMP not charging rights watchdog over hacking allegations

Thursday, November 20 2008 @ 06:34 PM EST Contributed by: PrivacyNews

The RCMP will not pursue charges against the Canadian Human Rights Commission over allegations that its investigators hacked an Ottawa woman's wireless internet account to conceal their identity on websites under investigation for hate speech, the National Post has learned.

A parallel investigation of the same incident by the Privacy Commissioner remains ongoing.

Source - National Post

[From the article:

In his testimony, Alain Monfette, director of Bell Canada's law enforcement support team, read out the name and address of a woman, coincidentally a Bell Canada employee, whose computer IP address matched that of Jadewarr at the time in question, according to the Florida-based owner of stormfront.org, Don Black.

Neither the CHRC lawyers nor Mr. Lemire's team had ever heard of her. She has no connection to CHRC investigators, but she did have a laptop computer with a wireless connection, and the address Mr. Monfette gave for her apartment in downtown Ottawa is near the CHRC offices.

This led to speculation that CHRC staff were illegally using an innocent woman's internet account to hide behind her identity when investigating target websites, a claim Mr. Lemire made in a formal complaint to police, while also posting detailed photographs and schematics of her apartment building. That investigation is now concluded without charges.



It's not that there is no competition. It's simply that most competitors want to (make their life easier / screw their customers) too.

http://tech.slashdot.org/article.pl?sid=08/11/20/1633231&from=rss

CRTC Rules Bell Can Squeeze Downloads

Posted by samzenpus on Thursday November 20, @12:21PM from the throttle-away dept. The Internet

pparsons writes

"Bell Canada Inc. will not have to suspend its practice of 'shaping' traffic on the Internet after a group of companies that resell access to Bell's network complained their customers were also being negatively affected. The Canadian Radio-television and Telecommunications Commission today released a decision that denied the Canadian Association of Internet Providers' request that Bell be ordered to cease its application of the practice to its wholesale customers."



Forensic niche: “If you build it, they will come.” (Not as simple as it sounds.)

http://blog.wired.com/27bstroke6/2008/11/professor-sees.html

Experimental Shoe-Print Database Sees the Soles of Criminals

By Ryan Singel November 20, 2008 1:58:37 PM

Dr. Sargur Srihari, a computer science professor, is building a search engine populated with thousands of shoe images scraped from internet shoe stores that would let police forensics units submit a photo of a shoe print from a crime scene and quickly learn the gender, size and brand of shoe a killer or thief was likely wearing.



Not ready for prime time, but I can see this technology enabling a computer ballet. (en-point and click?)

http://tech.slashdot.org/article.pl?sid=08/11/21/0215233&from=rss

Oblong's g-speak Brings "Minority Report" Interface To Life

Posted by timothy on Friday November 21, @12:50AM from the staged-mock-up-or-real-time-control? Dept. GUI Displays Input Devices

tracheopterix writes

"Oblong Industries, a startup based in LA has unveiled g-speak, an operational version of the notable interface from Minority Report. One of Oblong's founders served as science and technology adviser for the film; the interface was an extension of his doctoral work at the MIT Media Lab. Oblong calls g-speak a 'spatial operating environment' and adds that 'the SOE's combination of gestural i/o, recombinant networking, and real-world pixels brings the first major step in computer interface since 1984.'"

The video shown on Oblong's front page is an impressive demo.



Soon every toddler will be quoting this study!

http://games.slashdot.org/article.pl?sid=08/11/20/1755213&from=rss

Study Recommends Online Gaming, Social Networking For Kids

Posted by Soulskill on Thursday November 20, @01:02PM from the seeing-the-writing-on-the-wall dept.

Blue's News pointed out a report about a study sponsored by the MacArthur Foundation which found that online gaming and social networking are beneficial to children, teaching them basic technical skills and how to communicate in the Information Age. The study was conducted over a period of three years, with researchers interviewing hundreds of children and monitoring thousands of hours of online time. The full white paper (PDF) is also available.

"For a minority of children, the casual use of social media served as a springboard to them gaining technological expertise — labeled in the study as 'geeking out,' the researchers said. By asking friends or getting help from people met through online groups, some children learned to adjust the software code underpinning some of the video games they played, edit videos and fix computer hardware. Given that the use of social media serves as inspiration to learning, schools should abandon their hostility and support children when they want to learn some skills more sophisticated than simply designing their Facebook page, the study said."



Attention teachers: There are worse things that plagerism...

http://www.pogowasright.org/article.php?story=20081120183852698

Texas Professor Fired For Vigilante Justice on Plagiarism

Thursday, November 20 2008 @ 06:38 PM EST Contributed by: PrivacyNews

Loye Young, adjunct professor at Texas A&M International University, utilized unconventional measures to combat plagiarism in the classroom. Young warned students that he would publicly fail and humiliate anyone caught lying, cheating, or stealing. “If students don’t know that they will be prosecuted, this will not stop,” he said. “You need to have a deterrent, and it needs to be public.” When he caught six students cheating in his management information systems course, Young published a story about the students on his online course blog – detailing the identification of each student, that he planned to report them to university officials and that each would receive a failing grade in the course. In response to these actions, university administrators promptly fired Young for violating the Family Educational Rights and Privacy Act (FERPA), which bars the release of students’ educational records without their permission.

Source - AACRAO



For my website class (so they can explain it to me)

http://digg.com/tech_news/Giz_Explains_Every_Video_Format_You_Need_to_Know

Giz Explains: Every Video Format You Need to Know

gizmodo.com — Once upon time, video codecs and formats were really only the concern of AV nerds, anime freaks and hardcore not-so-legal movie downloaders. Now, even the most part-time of geeks has to deal with them. The zen of knowing what bits of data to pull out to make big data chunks smaller —make for better quality video while taking up less space

http://gizmodo.com/5093670/giz-explains-every-video-format-you-need-to-know



Okay, this could be interesting, but if my wife sees it, I'll have life size pictures of the horse all over the house!

http://www.killerstartups.com/Video-Music-Photo/stickyfan-com-make-posters-out-of-pictures

Stickyfan.com - Make Posters Out Of Pictures

http://www.stickyfan.com

StickyFan is a service whereby you submit a digital photograph and it is turned into a poster that you can order through the web. This solution is initially geared towards fathers who have child athletes and want to show off their little superstars in a big way, but it is theoretically possible to order posters that take babies and pets as the starting point, too. In fact, the service is even suitable for car lovers and hot rods aficionados.

Pricing starts at US$ 20, and the posters themselves are made to adhere to any surface, be it a wall or a window. These can also be moved at will.

Thursday, November 20, 2008

Perhaps the leak was not the result of “simple ignorance”

http://www.pogowasright.org/article.php?story=20081119154116815

Police scour BNP membership to find officers breaching ban (follow-up)

Wednesday, November 19 2008 @ 03:41 PM EST Contributed by: PrivacyNews

Note from Dissent: as if we needed any additional reminders of why breaches matter even if they do not pose a risk of financial ID theft, the BNP breach in the UK is a serious reminder as jobs may be lost , people may be harassed, or worse....

Every police force in the UK was tonight scouring the leaked British National party membership list for names of serving officers, after the Merseyside force confirmed it was investigating one officer's links to the far-right party.

The Prison Service pledged to oust any employee on the list and far-right supporters spoke of fear for their livelihoods as the BNP was plunged into crisis.

Party officials complained that hundreds of members had received threatening or abusive telephone calls within hours of the list being posted on the internet, and feared that the episode could lead to a damaging slump in support and membership.

Source - Guardian

[From the article:

A handful of those contacted by the Guardian said their names appeared by mistake, claiming to have no interest in the BNP. "We're absolutely horrified by this," said a retired teacher from West Yorkshire, who has appeared on the list with her husband. "We're absolutely devastated and wondering if we offended someone and they applied to the BNP with our names as a joke. We're contacting lawyers but what can we do?"



Is there any reason to consider this a CyberWar tactic?

http://blog.wired.com/defense/2008/11/army-bans-usb-d.html

Under Worm Assault, Military Bans Disks, USB Drives

By Noah Shachtman November 19, 2008 6:12:30 PM

The Defense Department's geeks are spooked by a rapidly spreading worm crawling across their networks. So they've suspended the use of so-called thumb drives, CDs, flash media cards, and all other removable data storage devices from their nets, to try to keep the worm from multiplying any further.

The ban comes from the commander of U.S. Strategic Command, according to an internal Army e-mail. It applies to both the secret SIPR and unclassified NIPR nets. The suspension, which includes everything from external hard drives to "floppy disks," is supposed to take effect "immediately." Similar notices went out to the other military services.



Getting into databases is easy. Knowing you are in the database, determining what information is attached to your name and getting it corrected/removed is almost impossible.

http://www.washingtonpost.com/wp-dyn/content/article/2008/11/19/AR2008111903710.html

Little Data Disclosed In Files, Activists

Material's Sensitivity Is Cited by Agency

By Lisa Rein and Josh White Washington Post Staff Writers Thursday, November 20, 2008; Page B02

Activists whose names and groups were improperly entered into a Maryland State Police database that tracks terrorism suspects said yesterday that the agency has failed to disclose the extent of the surveillance and why it was done.

The American Civil Liberties Union of Maryland released the police files of 19 of the 53 people who police say were wrongly entered into state and federal databases. Attorneys for the civil liberties union, which represents 28 activists, said the police have not explained why the files are heavily redacted, raising more questions than answers.

"We are nowhere near approaching full disclosure of what they did, why they did it and who they did it to," ACLU staff attorney David Rocah said at a news conference in Baltimore. He called the redactions, the events police chose to track, and the inclusion of some people in the database and not others "random and haphazard."


Related: You can never have too much surveillance.

http://www.pogowasright.org/article.php?story=20081120060342135

New York Police Fight With U.S. On Surveillance

Thursday, November 20 2008 @ 06:03 AM EST Contributed by: PrivacyNews

An effort by the New York Police Department to get broader latitude to eavesdrop on terrorism suspects has run into sharp resistance from the Justice Department in a bitter struggle that has left the police commissioner and the attorney general accusing each other of putting the public at risk.

Source - NY Times

[From the article:

The Police Department, with the largest municipal counterterrorism operation in the country, wants the Justice Department and the Federal Bureau of Investigation to loosen their approach to the federal law that governs electronic surveillance. But federal officials have refused to relax the standards, and have said requests submitted by the department could actually jeopardize surveillance efforts by casting doubt on their legality. [Wow! This from the folks who brought us unlimited warrantless wiretapping! Bob]



We will also mandate a class called “The Joy of Big Brother” wherein students will learn to rat on their parents and friends... Look, it would be so much easier if you just handed us your wallet so we could copy everything... (Thanks Gary)

http://www.insidehighered.com/news/2008/11/19/oig

Nov. 19

Privacy Concerns About U.S. Database

As a general rule, big government databases aren’t especially popular, and higher education’s recent experiences with them — be they the relatively new federal database to track foreign students in the wake of September 11, or a proposed “unit records” database to track the academic success of students as they move through the educational system — have generated controversy.

Little wonder, then, that advocates for colleges and students are more than a little concerned — okay, freaked out — by a plan by the U.S. Department of Education’s Office of Inspector General to gather personally identifiable information from nine existing databases [Translation: They already have the data Bob] of grant, loan and contract recipients into one giant “data analytics system” and by the Education Department’s decision to waive certain privacy rules for the new records system. [“Hey, if Google and e-Bay and all those other folks can change their privacy policy whenever they want, so can we!” Bob


Related? Perhaps this is how they will use the Education Database – listing known or suspected drug dealers in each school...

http://blog.wired.com/27bstroke6/2008/11/us-drug-czar-po.html

U.S. Drug Czar Posts Roadmap to Buying Dope in San Francisco

By Kevin Poulsen November 19, 2008 3:49:39 PM

Vacationers traveling to San Francisco and hoping to score some weed have a great new resource at their disposal, courtesy of the U.S. government: a Google map mashup that shows the locations of all the medical marijuana dispensaries in the City by the Bay.

The map, posted on the blog of the Office of National Drug Control Policy, denotes the locations of 71 pot sellers with tiny cannabis leaf icons. The map also pinpoints all the Starbucks stores — just the thing for smokers looking to satisfy their munchies with an overpriced croissant.



This pretty much defines a “lock in.” It also defines poor planning.

http://tech.slashdot.org/article.pl?sid=08/11/19/189246&from=rss

London's Oystercard Gets New Contract, But Same Suppliers

Posted by timothy on Wednesday November 19, @01:15PM from the captain-amazing-wears-no-glasses dept. Transportation Security

nk497 writes

"Over the summer, the London travelcard ticketing system — called Oyster — fell over twice, forcing the transport authority to offer free travel to the six million Londoners using the system. After that, it cut its contract with the supplier of the system, a consortium called TranSys. But now, Transport for London has signed a new contract to replace the TranSys one — with the same two companies that made up the TranSys consortium. Sure, that should fix everything."



Outsourcing Perhaps Mexico could expand its Consulates to include a Hospital?

http://www.newsweek.com/id/169827?from=rss

Ultimate Outsourcing

Now, Mexican medicine. American companies are building hospitals south of the border to serve refugees from an ailing health-care system.

By Tina Peng Newsweek Web Exclusive Nov 19, 2008 Updated: 1:29 p.m. ET Nov 19, 2008

... Older Americans who live near the Mexican border have always crossed in search of dental care and pharmaceutical drugs, neither of which are fully covered by Medicare, according to Prof. David Warner, who studies cross-border health care at the University of Texas's LBJ School of Public Affairs.

This growing demand for lower-cost procedures is fueling an increase in hospital construction, often in developing countries and targeted in part at foreign customers. Mexico's largest private-hospital chain, Grupo Empresarial Angeles, is building 15 new hospitals over the next three years and hopes foreigners will make up 20 percent of their patients by 2010, up from 5 percent now.


Related Outsource the UAW too?

http://www.huffingtonpost.com/jane-hamsher/chinese-want-to-buy-the-b_b_144920.html

Jane Hamsher Posted November 19, 2008 01:02 PM (EST)

Chinese Want To Buy the Big 3 Automakers

It appears that the Chinese car makers SAIC and Dongfeng have plans to acquire the Big 3:

A take-over of a large overseas auto maker would fit perfectly into China's plans. As reported before, China has realized that its export chances are slim without unfettered access to foreign technology. The brand cachet of Chinese cars abroad is, shall we say, challenged. The Chinese could easily export Made-in-China VWs, Toyotas, Buicks. If their joint venture partner would let them. The solution: Buy the joint venture partner. Especially, when he's in deep trouble.



With a little Photoshopping, you could make up those Post Office posters now and save time later!

http://www.bespacific.com/mt/archives/019857.html

November 19, 2008

New Member Pictorial Directory: 111th Congress

New Member Pictorial Directory: 111th Congress - View images of the new members of the 111th Congress.



Sometimes you just can't wait.

http://www.bespacific.com/mt/archives/019861.html

November 19, 2008

Federal Register Announces Launch of New Electronic Public Inspection Desk

News release: "The Office of the Federal Register has created an Electronic Public Inspection Desk to provide free worldwide electronic access to public documents. For the first time in the 72-year existence of the daily Federal Register, the documents on file are available for viewing anytime, anywhere. Every Federal business day, anyone with access to a computer now can read critical documents governing Federal regulations relating to business, health, and safety as soon as the documents are placed on file. To view these documents, go to www.federalregister.gov. See "View Documents on Public Inspection" on the left hand side. This new desk grants the public access to documents that will be published in the next day's Federal Register as early at 8:45 a.m. EST. Previously, such documents could only be seen by viewing the documents physically located at the Office of the Federal Register in Washington, D.C."



My Risk Analysis classes make similar “calculators” for other “events” It is simple to do.

http://www.infoworld.com/article/08/11/19/How_much_does_spam_cost_you_Google_will_calculate_1.html?source=rss&url=http://www.infoworld.com/article/08/11/19/How_much_does_spam_cost_you_Google_will_calculate_1.html

How much does spam cost you? Google will calculate

Google Message Security calculator determines how many days and dollars your company loses in productivity to spam

By Robert McMillan, IDG News Service November 19, 2008

How much is spam costing your company? Google unveiled a nifty little calculator Wednesday to help you add it up.

It's part of a marketing campaign for Google Message Security, the online spam-filtering service based on the Postini technology Google acquired last year. "We know in these tougher economic times that companies are trying to figure out how they can save," said Adam Dawes, a Google product manager.



This is likely to be a truly bad idea, yet I suspect it will be inevitable. Think of the implications of development in the hands of individuals who see no need to document or explain their asumptions of how the organization works. Every organization can have their own 'sub-prime' application!

http://www.infoworld.com/article/08/11/20/47NF-codeless-dev_1.html?source=rss&url=http://www.infoworld.com/article/08/11/20/47NF-codeless-dev_1.html

A future without programming

Code-free application builders allow business people to take development into their own hands. Where does that leave the coders?

By Tom Kaneshige November 20, 2008

A few years ago, self-proclaimed nondeveloper Kevin Smith worked for a software company that tried to build a project tracking tool using Microsoft .Net. Some 15 developers spent a year with little success. "After burning though a million dollars and still without a product, the company called it quits," says Smith, now managing partner of NextWave Performance, a consultancy in Denver, Colo.

NextWave took up the idea but ran into similar timetable and budgetary overruns. "I said, 'I'll learn to code and do it myself,'" a frustrated Smith recalls. His search eventually led him to Coghead, a Web app for code-free development of Web apps -- and Smith built key components of the tracking tool in less than 30 days.

"I was showing my business partner some of this stuff the other day and he turned to me and asked, 'How do traditional developers stay in business?'" Smith says. "It's such a game changer. I think it turns developers from wizards who read the magic book and know the syntax into business analysts who understand the processes and goals of what they're trying to achieve."

Such views may be a bit far-fetched, but it's true that do-it-yourself application development has never been more appealing. With IT budgets being squeezed, along with the growing dysfunctional relationship between IT staff and managers, it's no wonder the promise of cheap "codeless" development that sidesteps IT resonates loudly with businesspeople. "We also have a whole new wave of business users that are not intimidated by the notion of application development," says Mike Gualtieri, analyst at Forrester.



For my website class. Also some links to other amusing tools...

http://www.killerstartups.com/Video-Music-Photo/convertmytube-com-convert-youtube-videos

ConvertMyTube.com - Convert YouTube Videos

http://www.convertmytube.com

There is a fair number of online applications that aim to make the experience of using YouTube a more realized one. Preeminently among them are the tools for capturing and converting video files stored at the popular hosting service. The one we are discussing right now falls squarely into that category.

In general terms, all you have to do is cut and paste the corresponding YouTube URL into the provided box and hit the “Convert & Download” button.

... And the one aspect that can be modified is actually the one that should not be bypassed, namely the file extension. This is important if only because it will enable you to rest assured the converted file will be viewable in different setups (like PCs and Macs) and devices (like iPods and iPhones).



Every teacher/research librarian dreams it could be this easy! ('cause some people need to be insulted.)

http://digg.com/comedy/Let_me_google_that_for_you

"Let me google that for you..."

letmegooglethatforyou.com — For all those people that find it more convenient to bother you with their question rather than google it for themselves.

http://letmegooglethatforyou.com/

Wednesday, November 19, 2008

I'm not aware of the data breaches mentioned in this article, but then they are ancient in “Internet time”

http://www.pogowasright.org/article.php?story=20081119061920499

MA: Teen pleads guilty to hacking spree

Wednesday, November 19 2008 @ 06:19 AM EST Contributed by: PrivacyNews

From his home in Worcester, he called 911 in Seattle and Georgia, reporting nonexistent crimes that resulted in SWAT teams being dispatched.

..... Dshocker obtained stolen credit card numbers and purchased items over the Internet. To evade arousing suspicion of credit card companies, he had packages sent to the homes of the card holders whose identities he had stolen. But before the packages arrived at their destinations, a confederate who worked at a major shipping company would reroute the packages to Dshocker's home, the indictment said.

From January 2008 to May 2008, he made 911 calls to police departments across the country, reporting bomb threats or that an armed gunman was at a school - hoaxes known as "swatting." To disguise his identity on those calls, he used a process of fooling caller identification equipment with stolen names and phone numbers, known as caller ID spoofing, the indictment said. He obtained addresses and phone numbers for the hoax by hacking into the records of Internet service providers.

Court records said he gained access to corporate computer systems, including the networks of Charter Communications, Road Runner, and Comcast, and would steal information about customers.

Source - Boston.com

[From the article:

From November 2005 to January 2008 he had controlled "botnets," networks of thousands of computers infected with a malicious software code, according to the indictment.



Who else do we know who “has a little list?” The “Lord High Executioner” and the Democrats.

http://www.pogowasright.org/article.php?story=20081118171238414

UK: Victims cannot sue party (follow-up and update)

Tuesday, November 18 2008 @ 05:12 PM EST Contributed by: PrivacyNews

Thousands of BNP members whose details were leaked will not be able to sue either the far-right group or the disgruntled former member suspected of publishing the list, leading lawyers said last night.

Although there was a “clear breach” of data protection law in publishing the list, the legal remedies available to those affected are sparse. Members will not be able to sue the BNP itself, Hugh Tomlinson, QC, a leading data protection lawyer, said. “It’s unlikely they’d have a remedy against the BNP, which seems to be a victim of someone unlawfully obtaining sensitive information which it held.

Source - Times Online

Update: Another article in Times Online reports:

More than 12,000 names, home addresses, telephone numbers and e-mail contact details were included in a major breach of data protection.

The identities and ages of school-children with family memberships were also disclosed. Some supporters were listed with comments such as “discretion required – employment concerns”. A number even had their hobbies recorded.

The BNP said that the revelation could leave its members vulnerable to violent attack.


Related? The cost of a security breach is trending up. Isn't this a good thing? (Of course in the UK, most breaches are from government agencies.)

http://www.pogowasright.org/article.php?story=20081118104825151

UK: Fines likely for data breaches

Tuesday, November 18 2008 @ 10:48 AM EST Contributed by: PrivacyNews

The UK’s privacy and data protection watchdog, the Information Commissioner’s Office (ICO), is seeking the power to fine businesses up to 10 per cent of their revenues for breaking data laws.

That penalty is the maximum punishment the Financial Services Authority can impose on companies that breach financial regulations. The ICO believes it should be able to enact the same penalty for companies that commit ‘serious and reckless breaches [of the Data Protection Act] resulting in harm to individuals’. The maximum penalty currently available to the ICO is £5,000.

Source - growthbusiness.co.uk


Related? No reason to do this since the law didn't go into effect until after the Christmas buying season...

http://www.pogowasright.org/article.php?story=20081118132449836

Mass. delays enforcement of data security regs

Tuesday, November 18 2008 @ 01:24 PM EST Contributed by: PrivacyNews

The Massachusetts’ Office of Consumer Affairs and Business Regulation is postponing the compliance date for its identity theft data security regulations in light of the current economic crisis.

The general compliance deadline for the state’s 201 CMR 17 regulations was initially set for Jan. 1, 2009, but officials have pushed it to May 1. E

Source - GCN


Probably related too... Everything seems to be today.

http://www.pogowasright.org/article.php?story=20081119060705659

Congress Warned of Google Privacy & Security Risks After Google Markets Services to Staffers on Hill; New Video Shows Privacy Problems With Gmail

Wednesday, November 19 2008 @ 06:07 AM EST Contributed by: PrivacyNews

Consumer Watchdog released a new on-line video exposing privacy problems with Google's Gmail service and other Google applications in the wake of Google's recent marketing efforts on Capitol Hill. At a speech in Washington D.C. today, Google CEO Eric Schmidt acknowledged the group's privacy concerns and expressed an interest in addressing them. He said his concern was balancing performance and speed of the system with privacy and security demands.

The video -- which can be viewed at http://www.consumerwatchdog.org/google -- shows that whether you use Google's Gmail or not, Google reads the contents of your emails, if the recipient uses Gmail. Consumer Watchdog also highlighted how the "auto save" function in many Google applications creates an unprotected communication for users even before a message is sent or a document submitted. Previously Consumer Watchdog had called on Google to adopt Secure Sockets Layer (SSL) protection for transmission of information as a default.

Source - MarketWatch Press Release



Another technology that is spreading faster than thoughtful ways to control it.

http://www.pogowasright.org/article.php?story=2008111815453021

RFID Chips: A Privacy And Security Pandora's Box?

Tuesday, November 18 2008 @ 03:45 PM EST Contributed by: PrivacyNews

A research article published in the current issue of the International Journal of Intellectual Property Management suggests that Big Brother could be opening a privacy and security Pandora's Box if human rights, particularly regarding data protection are not addressed in the design of new RFID applications.

Source - Science Daily Press Release

[From the article:

Their increasingly widespread deployment means individuals do not necessarily know when, how and what kind of information about them is being transmitted at any given time from an RFID in a passport, in their shopping bags, or even when they visit the library



Antitrust alert? Or something Microsoft should have done years ago?

http://it.slashdot.org/article.pl?sid=08/11/18/2319243&from=rss

Microsoft To Offer Free Anti-Virus Software

Posted by kdawson on Tuesday November 18, @09:19PM from the another-industry-done-gone dept. Microsoft Security

Dynamoo writes

"The good news is that Microsoft have announced free anti-virus software for consumers, dubbed Morro, available late next year. The bad news is... well, exactly the same. Although Microsoft's anti-malware products are pretty good, this move could drive many competitors out of business and create a dangerous security monoculture; major rivals will be lawyering up already. On the other hand, many malware infections could be prevented even by basic software. So is this going to be a good or bad thing overall?"



You should get coffee while your computer boots...

http://news.slashdot.org/article.pl?sid=08/11/18/1754236&from=rss

Should You Get Paid While Your Computer Boots?

Posted by kdawson on Wednesday November 19, @12:02AM from the define-work-and-give-two-examples dept.

An anonymous reader notes a posting up at a law blog with the provocative title Does Your Boss Have to Pay You While You Wait for Vista to Boot Up?. (Provocative because Vista doesn't boot more slowly than anything else, necessarily, as one commenter points out.) The National Law Journal article behind the post requires subscription. Quoting:

"Lawyers are noting a new type of lawsuit, in which employees are suing over time spent booting [up] their computers. ... During the past year, several companies, including AT&T Inc., UnitedHealth Group Inc. and Cigna Corp., have been hit with lawsuits in which employees claimed that they were not paid for the 15- to 30-minute task of booting their computers at the start of each day and logging out at the end. Add those minutes up over a week, and hourly employees are losing some serious pay, argues plaintiffs' lawyer Mark Thierman, a Las Vegas solo practitioner who has filed a handful of computer-booting lawsuits in recent years. ... [A] management-side attorney... who is defending a half-dozen employers in computer-booting lawsuits... believes that, in most cases, computer booting does not warrant being called work."



At last, Quality videos

http://news.cnet.com/8301-17939_109-10102144-2.html?part=rss&subj=news&tag=2547-1_3-0-5

Monty Python launches YouTube Channel, tells users to stop stealing

Posted by Don Reisinger November 19, 2008 5:28 AM PST

Monty Python, the iconic comedy series, has launched a YouTube channel. And although the page features a slew of clips from the show, most noteworthy is its featured video, which blames users for "ripping" the show off.

"For three years you YouTubers have been ripping us off, taking tens of thousands of our videos and putting them on YouTube," it says on the Monty Python YouTube page. "Now the tables are turned. It's time for us to take matters into our own hands.

"We know who you are, we know where you live and we could come after you in ways too horrible to tell. But being the extraordinarily nice chaps we are, we've figured a better way to get our own back: We've launched our own Monty Python channel on YouTube.



Research... Honest!

http://www.bespacific.com/mt/archives/019845.html

November 18, 2008

LIFE photo archive hosted by Google

"Search millions of photographs from the LIFE photo archive, stretching from the 1750s to today. Most were never published and are now available for the first time through the joint work of LIFE and Google."