http://www.pogowasright.org/?p=7910
Webcamgate: Lawyers seek restraining order against district
February 21, 2010 by Dissent
A lawsuit alleging that the Lower Merion School District in Pennsylvania remotely activated security software on laptops issued to students and spied on students in their homes is shaping up to be a significant case for those interested in surveillance issues, the Fourth Amendment, and/or student privacy. In the most recent developments, the FBI and Montgomery County prosecutors are looking into the case and the plaintiffs filed a motion for an emergency temporary restraining order against the school district.
The lawsuit, filed February 11, alleges
invasion of Plaintiff’s privacy, theft of Plaintiff’s private information and unlawful interception and access to acquired and exported data and other electronic communications in violation of the Electronic Communications Privacy Act, the Computer Fraud Abuse Act, the Stored Communications Act, 1983 of the Civil Rights Act, the Fourth Amendment of the United States Constitution, the Pennsylvania Wiretapping and Electronic Surveillance Act and Pennsylvania common law.
The case, which stems from a November 2009 incident involving high school sophomore Blake Robbins, started a buzz on the Internet after Cary Doctorow of BoingBoing and then Courthouse News covered the case. By the end of the next day, on February 18, the school district issued a statement acknowledging that the Apple laptops had a security feature that enabled remote activation of the web cam, but they insisted that it was only used to trace missing or stolen laptops. They also indicated that the feature had now been disabled. In a statement by the Superintendent, they explained how the software worked:
Upon a report of a suspected lost, stolen or missing laptop, the feature was activated by the District’s security and technology departments. The tracking-security feature was limited to taking a still image of the operator and the operator’s screen. This feature has only been used for the limited purpose of locating a lost, stolen or missing laptop. The District has not used the tracking feature or web cam for any other purpose or in any other manner whatsoever.
Lower Merion School District spokesman Doug Young subsequently stated that the feature had been used 42 times, but only to locate missing laptops, 28 of which were recovered. Young also indicated that “only two technology department employees were authorized to activate the cameras [“Unauthorized” is not the same an “unable” Do they log activation? Bob] and only to locate missing laptops.”
According to the lead plaintiff, however, his laptop was never lost or missing and he never reported it as such. According to an interview Blake Robbins gave to NBC, Assistant Principal Lindy Matsko allegedly confronted him in Nov. 2009 for engaging in “improper behavior” at his home and showed him photos of him taken remotely with the web cam:
Robbins claims that the “pills” the school observed were Mike & Ike candy. The allegations confuse things even more because even if the district suspected a student was doing drugs at home, unless there’s a law I am not aware of, they do not have the legal authority to engage in warrantless surveillance off school grounds. And of course, they claim that they have only used the feature in cases of missing laptops.
The FBI is now involved in the case and is looking at whether any federal wiretap laws were broken. Federal subpoenas have reportedly been issued. Montgomery County prosecutors are also looking into the case to see if any criminal investigation is warranted.
On Friday, the plaintiffs filed for an emergency temporary restraining order and permanent injunction against the district. In its motion, the plaintiffs allege that:
notwithstanding Defendants’ public pronouncement in response to Plaintiffs’ institution of their class action that the embedded camera was only activated to and employed to investigate lost or stolen laptops, a number of the affected class members were interviewed by various news media outlets yesterday, which interviews reveal that the embedded web camera was turned on indiscriminately by Defendants as evidenced by the illumination of a small green light adjacent to the camera that indicated its activation, as has been reported by a number of members of the class.
The plaintiffs seek the injunction because without a court order, they say, there is nothing to prevent the school district from reactivating the security feature. On Thursday, they served the district’s lawyers with a litigation hold letter to preserve all electronic evidence.
In the meantime, Eugene Volokh and Orin Kerr have offered some thoughts on the merits of the plaintiffs’ claims, which, after one gets over the initial outbursts of understandable indignation, may not be as compelling as the complaint might suggest. The comments on the blog entries are also well worth reading, as there seems to be disagreement as to whether the Electronic Communications Privacy Act applies.
The following clip is from another school district, this one in the Bronx:
In this case, the students knew they could be monitored.
If you or your child has a school-provided laptop with a web cam for home use, better safe than sorry: put a post-it or the always-useful duct tape over it.
[Story corrected to reflect that students at IS 339 knew they were being monitored].
Huh! Maybe there are jobs for my Computer Security students!
75% of Enterprises Have Suffered Cyber Attacks, Costing $2M+ On Average
Posted by CmdrTaco on Monday February 22, @09:34AM
coomaria writes
"OK, even allowing for the fact this comes from a newly published study (PDF) from a security company, that's still one heck of a statistic. The fact that it's Symantec, and so has access to perhaps more enterprises than most, makes it a double-heck with knobs on. Or how about this one for size: 'every enterprise, yes, 100 percent, experienced cyber losses in 2009.'"
(Related) Then again, maybe not. So much for “Best Practices”
http://www.phiprivacy.net/?p=2030
Data security breaches often triggered by carelessness
By Dissent, February 22, 2010 8:03 am
Pamela Lewis Nolan reports:
Often the biggest threat to your practice and patient data is not an outside hacker or a snooping employee — it’s somebody’s forgetfulness.
[...]
Credant Technologies, a Dallas-based data protection solutions company, noted in a 2008 survey that although more than a third of health care professionals store patient data on laptops, smartphones and USB memory sticks, most do not adequately secure the data.
[...]
Encrypting the data can eliminate the HIPAA obligation to notify patients of a lost device, under a provision that allows an exception if the data cannot be accessed. But in most cases, encryption is not being done.
The Healthcare Information and Management Systems Society, in a survey released in November 2009, found that despite the strengthening of HIPAA regulations, health care organizations have made relatively few changes to their security policies and procedures. For example, only 39% reported using mobile device encryption.
Read more on American Medical News.
Using Facebook or Twitter 'could raise your insurance premiums by 10pc'
… "Criminals are becoming increasingly sophisticated in their information gathering, even using Google Earth and Streetview to plan their burglaries with military precision. Insurance providers are starting to take this into account when they are assessing claims and we may in future see insurers declining claims if they believe the customer was negligent."
The King want's to know...
http://www.pogowasright.org/?p=7930
Should public speakers be required to reveal their identities?
February 22, 2010 by Dissent
Today’s Beaufort Observer has a point-counterpoint and commentary on the issue of anonymous public speech:
The Raleigh News & Observer has an article today (2-22-10) that we find interesting and know that some of you will also. How do we know? Because the issue is often raised by some of our readers. The issue? Whether people who make public comments should have to identify themselves.
The N&O piece is a point/counterpoint format. Katherine Lewis Parker of the NC ACLU argues that people who address public bodies in open session should not have to give their name and address for the public to hear. N&O staff writer Matthew Eisley argues they should, saying that it promotes better behavior.
We agree with Parker. We did not used to, but because of the experience we have had here we do now.
Do they teach US law in India?
http://www.bespacific.com/mt/archives/023578.html
February 21, 2010
New on LLRX.com: Law Firms Now Outsourcers?
LLRX.com: Law Firms Now Outsourcers? - With the recent announcement that UK law firm Eversheds will launch its own outsourcing business, Ron Friedmann addresses the question of what exactly is law firm outsourcing, and how does it differ from where lawyers are located.
For my Presentation classes – how to give a bad powerpoint presentation
For my Computer Forensic classes JPG Only!
http://www.makeuseof.com/dir/imageerrorlevelanalyser-image-error-level-analysis/
Image Error Level Analyser: See if an image has been digitally manipulated
… Image Error Level Analyser compares the error levels of different parts of the image and if there is a significant difference, highlights them as being digitally altered.
The tool is dead simple to use and is based on the image forensic research by Neal Krawetz. To use the tool, simply upload any JPG file from the web and click submit. IELA will than show you the original image along with the analyzed image highlighting the areas with significantly different error rates. The possible alterations include changing the brightness, hue, saturation of the area or touching up colors.
No comments:
Post a Comment