Thursday, June 04, 2009

Lessons in non-disclosure disclosure? What do victims need to know?

http://www.databreaches.net/?p=4482

OIS Commentary: And some walls will come tumbling down

June 3, 2009 by admin Filed under: Breach Laws, Breach Reports, Commentaries and Analyses, Federal, Healthcare Sector, ID Theft, Insider, Legislation, Lost or Missing, Theft, U.S.

One of yesterday’s posts on PHIprivacy.net reports a data breach involving Kelsey-Seybold Clinic that has not been reported in the mainstream media. I contacted Kelsey-Seybold after a site visitor alerted me to the breach. The report is frustratingly short on details, though, because Kelsey-Seybold could — and did — simply ignore questions it did not to want to answer. Perhaps they provided their patients with a fuller disclosure, and I hope they did, but the contrast between their approach to voluntary public disclosure and that of Johns Hopkins Hospital is striking.

Thankfully, when the HITECH Act provisions incorporated in Public Law 111-5 (ARRA) go into effect, entities who have stonewalled reporters or bloggers or who otherwise try to keep breaches out of the media will probably have to rethink their public relations and disclosure approach. Although not all breaches involving personal health information (PHI) will have to be publicly disclosed, many more will, and the notice and notification provisions in the law include both publishing a notice in prominent media outlets and notifying the federal government who will post the breach on a public web site maintained by Health & Human Services (HHS).

Under the contents of notification provisions of HITECH, we still won’t necessarily know how many patients were affected in any particular breach (other than it affected 500 or more), and it is not clear to me whether saying a “laptop was stolen was from an employee” would suffice for the brief description of if the entity would have to include the location of the theft (from the office, vehicle, home, etc.), but I am hopeful that we will get more information than we have gotten to date.

The breach notification requirements under the HITECH Act go into effect 30 days after the date that interim final regulations are promulgated, which was to be no later than 180 days after the date of enactment of the law in February. If HHS does publish the regulations by August 16, 2009, the breach notification obligations should go into effect mid-September. Maybe I’ll post a countdown clock on the site so that I have something to look forward to.



Is Canada heading down the UK's surveillance path? Will the “It's for the children” argument prevail?

http://www.victimsfirst.gc.ca/news-nouv/nr-cp/doc_ma202009.html

Federal Ombudsman for Victims of Crime Recommends Changes to Address Internet-Facilitated Child Sexual Abuse

OTTAWA (Ontario), June 2, 2009 - The Office of the Federal Ombudsman for Victims of Crime (FOVC) today released its first special report Every Image, Every Child which makes nine recommendations to the federal government on how to address the difficult issue of internet-facilitated child sexual abuse.

  • introducing legislation to make it mandatory for Internet service providers to give law enforcement basic customer name and address information upon request; [“We don't need no stinking warrant! Bob]

  • requiring internet service providers to keep data and internet surfing records for longer periods to ensure that evidence is not destroyed; and [“Because we can make evidence out of anything!” Bob]

  • making it a criminal offence to refuse to give law enforcement a password or encryption information during an investigation. [“You ain't got no privacy!” Bob]

… The complete report, along with a backgrounder summarizing the recommendations and a statistical summary, is available by calling the Office toll-free at: 1-866-481-8429.



Technology makes it easy for the untrained to perform complex tasks. As long as the computer does what the programmer intends, this might work. The problem would seem to be: can you anticipate everything? Would the computer know it was looking at samples/evidence on an attorney's computer or a doctor's or a teachers?

http://yro.slashdot.org/story/09/06/03/1951209/UK-Police-Want-Plug-In-Computer-Crime-Detectors?from=rss

UK Police Want Plug-In Computer Crime Detectors

Posted by timothy on Wednesday June 03, @04:20PM from the type-I-errors-type-II-errors-and-bonus-privacy-invasion dept. Privacy Government Security Hardware

An anonymous reader writes

"UK police are talking to private companies about using plug-in USB devices that can scour the hard drive of any device they are attached to, searching for evidence of illegal activity. The UK's Association of Chief Police Officers is considering using commercial devices that can perform targeted searches of text, pictures and computer code on hard drives, allowing untrained cops to detect anything from correspondence on stolen goods to child pornography. Police in the UK are desperate for a way of slashing the backlog of machines seized by the police in raids, with many forces having a backlog that will take a year to process." Maybe they shouldn't seize so many computers.



(Is their logic in wisdom or wisdom in logic?) You will attract lawsuits or even new legislation if your efforts are devoted to pointing out how poorly bureaucrats do their jobs.

http://www.pogowasright.org/article.php?story=20090603093030696

Court: Virginia Watchdog can continue to publish some SSNs

Wednesday, June 03 2009 @ 09:30 AM EDT Contributed by: PrivacyNews

It may seem somewhat ironic in light of a breach report I posted elsewhere yesterday, but U.S. District Judge Robert Payne issued a permanent injunction yesterday that allows Virginia privacy advocate B. J. Ostergren to continue posting some Social Security numbers on her web site, The Virgina Watchdog.

The case raised First Amendment issues. Judge Payne had previously ruled that a Virginia law designed to reduce identity theft was unconstitutional as it applied to Ostergren's web site. Now, in determining the scope of a permanent injunction, he analyzed the situation as if the web site was a newspaper that did -- and will continue to -- publish truthful information that was lawfully obtained.

In a ruling that took the state to task for what it hasn't done to protect SSNs, he wrote:

"The relevant case law is clear that, if the State wishes to claim that the confidentiality of a certain piece of information is a State interest of the highest order, then the State should not make that information publicly available."

And reviewing the current status of the state's redaction efforts, Judge Payne notes:

"The State has furnished no justification for why the land records of clerks that have not completed redaction have not simply been removed from the internet until the redaction is complete. The necessary inference drawn from the choices of the General Assembly .... is that the State is of the view that having the documents available on the internet is of greater importance to the State than protecting confidentiality of the SSNs in those records."

In trying to balance Ostergren's First Amendment rights against the very real issues concerning ID theft, Judge Payne held that Ostergren could continue to use the SSN-containing public records of "State legislators, State Executive Officers, and Clerks of the Court, those who can actually act to correct the problem" while prohibiting the use of SSNs of "innocent members of the public who did nothing to cause the problem and who can do nothing to change the law or appropriate or expend funds to address the problem."



On the other hand...

http://www.pogowasright.org/article.php?story=20090603124927978

Judge Tosses Telecom Spy Suits -- EFF and ACLU to Appeal

Wednesday, June 03 2009 @ 12:49 PM EDT Contributed by: PrivacyNews

A federal judge on Wednesday dismissed lawsuits targeting the nation’s telecommunication companies for their participation in President George W. Bush’s once-secret electronic eavesdropping program.

In his ruling, U.S. District Judge Vaughn Walker upheld summer legislation protecting the companies from the lawsuits. The legislation, which then-Sen. Barack Obama voted for, also granted the government the authority to monitor American’s telecommunications without warrants if the subject was communicating with somebody overseas suspected of terrorism.

Source - Threat Level

Update: EFF and the ACLU plan to appeal the dismissal of the suits:

The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) California and Illinois affiliates are planning to appeal the decision to the 9th U.S. Circuit Court of Appeals, arguing that FISAAA is unconstitutional.

"We're deeply disappointed in Judge Walker's ruling today," said EFF Legal Director Cindy Cohn. "The retroactive immunity law unconstitutionally takes away Americans' claims arising out of the First and Fourth Amendments, violates the federal government's separation of powers as established in the Constitution, and robs innocent telecom customers of their rights without due process of law."

Read the press release.



Arrogance, thy name is Ballmer... Other companies will likely do the same, but they won't irritate people by throwing it in their face.

http://www.bloomberg.com/apps/news?pid=20601087&sid=ah5YH8sw_VzI

Ballmer Says Tax Would Move Microsoft Jobs Offshore (Update3)

By Ryan J. Donmoyer

June 3 (Bloomberg) -- Microsoft Corp. Chief Executive Officer Steven Ballmer said the world’s largest software company would move some employees offshore if Congress enacts President Barack Obama’s plans to impose higher taxes on U.S. companies’ foreign profits.

“It makes U.S. jobs more expensive,” Ballmer said in an interview. “We’re better off taking lots of people and moving them out of the U.S. as opposed to keeping them inside the U.S.”



Not as neatly laid out as Bing, but along the same lines.

http://www.bespacific.com/mt/archives/021505.html

June 03, 2009

Google Squared Now Live

"Google Squared is a search tool that helps you quickly build a collection of facts from the Web for any topic you specify.

  • Facts about your topic are organized as a table of items and attributes (we call them "Squares" for fun).

  • Customize these Squares to see just the items and attributes you're interested in.

  • See the websites that served as sources for the information in your Square.

  • Save and share Squares with others."



Hard to remember the time when many people had never even heard of the Internet.

http://www.bespacific.com/mt/archives/021509.html

June 03, 2009

Internet Use Triples in Decade, Census Bureau Reports

"New data from the U.S. Census Bureau show that 62 percent of households reported using Internet access in the home in 2007, an increase from 18 percent in 1997, the first year the bureau collected data on Internet use. Sixty-four percent of individuals 18 and over used the Internet from any location in 2007, while only 22 percent did so in 1997. Among households using the Internet in 2007, 82 percent reported using a high-speed connection, and 17 percent used a dial-up connection."


Related This trend was pretty easy to predict, but it still seems far from adequate. Prices need to fall farther and 'on demand' libraries need to be huge.

http://tech.slashdot.org/story/09/06/04/0159210/Music-Streaming-to-Overtake-Downloads?from=rss

Music Streaming to Overtake Downloads

Posted by samzenpus on Thursday June 04, @02:41AM from the how-do-you-steal-a-stream dept. Music The Internet

Barence writes

"Streaming will overtake download services to become the dominant force in the online music industry, according to industry insiders. The claim comes in the wake of the PRS cutting the amount of royalties streaming services have to pay songwriters to about a third. Sites will now pay the PRS 0.085p per track, compared to the 0.22p they paid previously. On-demand streaming services still have to pay the record labels about 1p for every track streamed, however. Steve Purdham, CEO of music service We7, says the move will accelerate the growing trend towards online streaming which has seen newcomers such as his site and Spotify attract millions of users in less than a year. 'Over the next 12-24 months you'll see a move towards listening [online],' Purdham told PC Pro. 'Why do you actually need to have something downloaded on your PC? The streaming idea is really the future.'"


Related “If you build it, the taxman will come.” Evasion is easy. Enforcement is hard.

http://news.slashdot.org/story/09/06/03/2050231/Download-Taxes-As-a-Weapon-Against-File-Sharing?from=rss

Download Taxes As a Weapon Against File-Sharing

Posted by timothy on Wednesday June 03, @05:08PM from the nothing-too-original-because-hey-this-is-hollywood dept.

An anonymous reader writes

"An examination of a new "digital downloads" taxation law in Washington State suggests that files downloaded via file sharing programs may be covered by the law — meaning that you may be expected to pay taxes based on 'the value of the digital product ... determined by the retail selling price of a similar digital product.' Thus, if you were to download music or movies and not pay the taxes, would you be liable for tax evasion charges? How much do you want to bet the RIAA will push exactly that claim?"

No comments: