WebCamGate: Apparently they had no accurate log of these “events?” Wouldn't that be sufficient evidensc?
http://www.philly.com/inquirer/local/20100309_District_hires_firm_to_probe_computer_camera_use.html
District hires firm to probe computer camera use
By Derrick Nunnally Inquirer Staff Writer
The Lower Merion School District has hired a New York defense company as it investigates alleged surveillance using student-issued laptop computers' built-in cameras.
L-3 Communications, which specializes in surveillance and secure communications, is being asked to determine how many times the computers' cameras were turned on and what data were captured, Board President David Ebby said last night at a school board meeting at Lower Merion High School.
Axiomatic: If you don't have control of your records, you can't know what was complrimised without extensive research. This one is small, but typical. They underestimated by a mere 100%. (so far)
http://www.databreaches.net/?p=10562
Update: UTMB sends more letters to possible ID theft victims
March 9, 2010 by admin
Cindy George reports that the University of Texas Medical Branch at Galveston breach reported last month was bigger than originally thought and more people have now been notified. At least 10 people have self-identified as victims of identity theft:
One month after mailing letters to 1,200 patients whose confidential information may have been stolen in 2009, the University of Texas Medical Branch at Galveston this week sent 1,200 letters to other patients whose financial data could have been breached by the same person.
Katina Rochelle Candrick, who has been charged with identity theft in unrelated cases, is suspected of accessing credit card and banking information while employed by a UTMB contractor.
In February, the medical branch mailed letters to patients whose names, addresses, Social Security numbers and insurance information are believed to have been accessed by Candrick while she was working for MedAssets, a company hired to assist with billing third-party payers.
Read more in the Houston Chronicle.
Employes, can't live with them, can't put them on the rack! But I can certainly fire them for violating company policies.
http://www.databreaches.net/?p=10570
Analyst Study Shows Employees Continue to Put Data at Risk
March 10, 2010 by admin
From the press release, results of the annual “Human Factor in Laptop Encryption” study by Absolute Software and the Ponemon Institute:
This year’s expanded study was conducted in the United Kingdom, Canada, France, Germany and Sweden, in addition to the United States. The study found that 15% of German and 13% Swedish business managers have disengaged their encryption solution. In contrast, 52% of Canadian, 53% of British, and 50% of French business managers have disengaged their encryption, while U.S. business managers are the most likely to circumvent company data security policy – topping the survey at 60%.
While Germans and Swedes disengage their encryption solutions less often, they may not be encrypting all their information: 49% of Swedish IT managers said that a lost or stolen laptop resulted in a data breach and German IT managers slightly less at 46%. Similarly, 50% of Canadian IT managers reported a data breach as a result of a lost or stolen laptop. IT managers from the U.S. had the highest percentage at 72%, followed closely by the U.K at 61%. France came in at the lowest with only 28% [Why? Is it the cheese? (More likely, bad reporting.) Bob] of IT managers saying that a lost or stolen laptop resulted in data breach.
Other key findings for the U.S. in this year’s study include the following:
95% of IT practitioners report that someone in their organization has had a laptop lost or stolen and 72% report that it resulted in a data breach. Only 44% report that the organization was able to prove the contents were encrypted.
33% of IT practitioners believe encryption makes it unnecessary to use other security measures, whereas 58 percent of business managers believe this to be the case.
62% of business managers surveyed agree that encryption stops cyber criminals from stealing data on laptops versus only 46% of IT practitioners who feel the same way.
36% of business managers surveyed record their encryption password on a document such as a post-it note to jog their memory or share the key with other individuals. In contrast, virtually none of the IT practitioners record their password on a private document or share it with another person.
Copies of the study are available at: www.absolute.com/human-factor.
What is worse than legalese? Obsolete furrin' legalese. Them dang furriners is crazy!
http://www.pogowasright.org/?p=8213
Article 29 Working Party Provides Guidance On Data Controller/Processor Concepts
March 10, 2010 by Dissent
Wim Nauwelaerts writes:
Who is in “control” of personal data and who merely processes personal data on behalf of a data “controller”? These are essential questions for purposes of compliance with EU data protection requirements, yet answering them can be quite problematic in practice. The EU Data Protection Directive defines the controller as the person or entity that determines, alone or jointly with others, the purposes and the means of the processing of personal data. The processor, on the other hand, is the person or entity that processes personal data on behalf of the controller. Applying these concepts to a practical case may have been straightforward in the early days of the Directive, but in today’s Web 3.0, RFID and cloud computing environments many are perceiving the controller and processor distinction as archaic and, most importantly, unworkable in practice. At the same time, under the current legal regime the distinction is crucial in order to determine who is responsible for compliance with EU data protection rules, what Member State laws apply, and which data protection authorities are competent to supervise data processing operations.
Read more on Hogan & Hartson’s Chronicle of Data Protection.
I read this as virtually gutting the company – LifeLock reads it as “no big deal”
http://www.pogowasright.org/?p=8201
LifeLock Will Pay $12 Million to Settle Charges by the FTC and 35 States That Identity Theft Prevention and Data Security Claims Were False
March 9, 2010 by Dissent
LifeLock, Inc. has agreed to pay $11 million to the Federal Trade Commission and $1 million to a group of 35 state attorneys general to settle charges that the company used false claims to promote its identity theft protection services, which it widely advertised by displaying the CEO’s Social Security number on the side of a truck.
In one of the largest FTC-state coordinated settlements on record, LifeLock and its principals will be barred from making deceptive claims and required to take more stringent measures to safeguard the personal information they collect from customers.
“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said FTC Chairman Jon Leibowitz.
… The FTC’s complaint charged that the fraud alerts that LifeLock placed on customers’ credit files protected only against certain forms of identity theft and gave them no protection against the misuse of existing accounts, the most common type of identity theft. It also allegedly provided no protection against medical identity theft or employment identity theft, in which thieves use personal information to get medical care or apply for jobs. And even for types of identity theft for which fraud alerts are most effective, they do not provide absolute protection.
… In addition to its deceptive identity theft protection claims, LifeLock allegedly made claims about its own data security that were not true.
According to the FTC, LifeLock routinely collected sensitive information from its customers, including their social security numbers and credit card numbers. The company claimed:
“Only authorized employees of LifeLock will have access to the data that you provide to us, and that access is granted only on a ‘need to know’ basis.”
“All stored personal data is electronically encrypted.”
“LifeLock uses highly secure physical, electronic, and managerial procedures to safeguard the confidentiality and security of the data you provide to us.”
The FTC charged that LifeLock’s data was not encrypted, and sensitive consumer information was not shared only on a “need to know” basis.
… The FTC will use the $11 million it receives from the settlements to provide refunds to consumers. It will be sending letters to the current and former customers of LifeLock who may be eligible for refunds under the settlement, along with instructions for applying. Customers do not have to contact the FTC to be eligible for refunds. Up-to-date information about the redress program can be found at 202-326-3757 and at www.ftc.gov/lifelock.
Source: Federal Trade Commission
Note: LifeLock issued a press release, that you can read here. It says, in part:
The FTC and State Attorneys General action, which resulted from an examination of old practices and products, has no impact on LifeLock’s current services. Nothing changes because this was based on activity from over two years ago.
Will we see the same thing in the US?
http://www.phiprivacy.net/?p=2197
Patients’ medical records go online without consent
By Dissent, March 10, 2010 7:11 am
Kate Devlin reports from the U.K.:
Patients’ confidential medical records are being placed on a controversial NHS database without their knowledge, doctors’ leaders have warned.
Those who do not wish to have their details on the £11 billion computer system are supposed to be able to opt out by informing health authorities.
But doctors have accused the Government of rushing the project through, meaning that patients have had their details uploaded to the database before they have had a chance to object.
The scheme, one of the largest of its kind in the world, will eventually hold the private records of more than 50 million patients.
But it has been dogged by accusations that the private information held on it will not be safe from hackers.
Read more in the Telegraph.
Your government likes things orderly, not necessarily logical.
http://www.phiprivacy.net/?p=2199
Six newly revealed breaches on HHS site
By Dissent, March 10, 2010 7:34 am
It seems that using the new HHS/OCR web site will be even more difficult to use than I anticipated, as they are sorting breach reports by the date of breach, not date that the incident was added to their site, so I have to review the entire list to see what’s been added instead of just looking for what’s new at the top of the list.
In any event, here are six more breach reports that have been added to their web site, below.
Why I have a rude phrase tattooed on my bald spot.
http://www.bespacific.com/mt/archives/023706.html
March 09, 2010
CRS — Satellite Surveillance: Domestic Issues
Satellite Surveillance: Domestic Issues, Richard A. Best Jr. Specialist in National Defense, Jennifer K. Elsea, Legislative Attorney, February 1, 2010
"This report provides background on the development of intelligence satellites and identifies the roles various agencies play in their management and use. Issues surrounding the current policy and proposed changes are discussed, including the findings of an Independent Study Group (ISG) with respect to the increased sharing of satellite intelligence data. There follows a discussion of legal considerations, including whether satellite reconnaissance might constitute a “search” within the meaning of the Fourth Amendment; an overview of statutory authorities, as well as restrictions that might apply; and a brief description of executive branch authorities and Department of Defense directives that might apply. The report concludes by discussing policy issues Congress may consider as it deliberates the potential advantages and pitfalls that may be encountered in expanding the role of satellite intelligence for homeland security purposes.
Economics according to Google. The entire slideshow is available from Scribd.
http://techcrunch.com/2010/03/09/google-hal-varian-news-never-made-money/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29
Google’s Chief Economist: “Newspapers Have Never Made Much Money From News”
by Erick Schonfeld on Mar 9, 2010
Earlier today, Google chief economist Hal Varian gave a presentation to an FTC workshop on the changing economics of the newspaper industry. We all know that newspaper ad revenues have been falling off a cliff for years. Many media companies blame Google and are trying to put the genie back in the bottle with partial metered models for online news.
Google is understandably on the defensive, trotting out Varian to paint an unemotional picture with as much data as he can muster. But the picture he paints is a dour one for print media. For instance, the chart above shows the decline of overall newspaper ad revenues. Newspapers have taken huge hits in classifieds advertising (in blue) and national brand advertising (in red). The online portion (green) is still too small to make much of a difference.
The collapse in print ad revenues is coming from two places: the overall ad recession of the past couple years and the shift to online news consumption. Here are some telling stats from Varian’s presentation, which is also embedded below:
About 40% of internet users say read news on the Web every day.
Time spent on online news sites is only about 70 seconds per day, compared to 25 minutes spent reading a print edition.
Online news readers tend to read at work, not for leisure, so they don’t have much time to stick around and are thus worth less to advertisers.
Overall, less than 5 percent of newspaper ad revenues come from the online editions.
Search engines account for 35 to 40 percent of “traffic to major U.S. news sites,” according to comScore.
The cost of printing and distributing print editions, makes up about half the cost, while editorial operations only make up 15 percent.
Varian concludes: “Newspapers could save a lot of money if the primary access to news was via the internet.” It sounds like he agrees with Netscape founder and investor Marc Andreessen, who recommends that newspapers “burn the boats” carrying their dying print businesses.
“The fact of the matter is that newspapers have never made much money from news,” says Varian. They make money from “special interest sections on topics such as Automotive, Travel, Home & Garden, Food & Drink,, and so on.” The problem is that on the Web, other niche sites which cater to those categories are a click away, leaving the newspapers with sections which are harder to sell ads against, such as sports, news, and local.
This is so “let's keep doing it the old way.” We're going to send students out into a world where they will face all these “distractions” (information sources?) so why not see who can use them to excell (“A”) and who gets overwhelmed (“F”)
http://news.slashdot.org/story/10/03/10/019234/Professors-Banning-Laptops-In-the-Lecture-Hall?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29
Professors Banning Laptops In the Lecture Hall
Posted by kdawson on Wednesday March 10, @08:14AM
Pickens writes
"The Washington Post reports that professors have banned laptops from their classrooms at George Washington University, American University, the College of William and Mary, and the University of Virginia, among many others, compelling students to take notes the way their parents did: on paper. A generation ago, academia embraced the laptop as the most welcome classroom innovation since the ballpoint pen, but during the past decade it has evolved into a powerful distraction as wireless Internet connections tempt students away from note-typing to e-mail, blogs, YouTube videos, sports scores, even online gaming. Even when used as glorified typewriters, laptops can turn students into witless stenographers, typing a lecture verbatim without listening or understanding. 'The breaking point for me was when I asked a student to comment on an issue, and he said, "Wait a minute, I want to open my computer,"' says David Goldfrank, a Georgetown history professor. 'And I told him, "I don't want to know what's in your computer. I want to know what's in your head."' Some students don't agree with the ban. A student wrote in the University of Denver's newspaper: 'The fact that some students misuse technology is no reason to ban it. After all, how many professors ban pens and notebooks after noticing students doodling in the margins?'"
Your personal library in the cloud.
http://www.killerstartups.com/Web-App-Tools/ibisreader-com-a-tool-for-reading-books-on-the-go
IbisReader.com - A Tool For Reading Books On The Go
http://www.ibisreader.com/
Is there a better time to review a tool for reading books on your computer and mobile now that the price and the release date for the iPad have finally been confirmed, and interest in the “Kindle Killer” is stronger than ever?
This particular tool goes by the name of Ibis Reader, and it will provide you with a supple user interface for the reading of books in your desktop or mobile device of choice. That can be an iPhone, and Android or a Nexus One. The way this reader works means that you can z oom the text in and out at will, and that the application (which is wholly web-based) will remember where it was that you left last time and display the relevant page when you open the book again.
Besides, your online library is kept as dynamic as possible since you can discover new titles to read based on these that you have already favorited. It is also important to mention that your titles are hosted in a cloud library, and you don’t need to sync anything in order to read them. Anywhere you can access the Internet is bound to suffice.
Read more: http://www.killerstartups.com/Web-App-Tools/ibisreader-com-a-tool-for-reading-books-on-the-go#ixzz0hmtShkpS
What an Online Class can be...
http://www.killerstartups.com/Web20/bigbluebutton-org-online-education-made-easy
BigBlueButton.org - Online Education Made Easy
http://www.bigbluebutton.org/
Big Blue Button is a new platform that intends to make online education something that just anybody could access to and benefit from. It comes complete with all the features that one would expect to see in such a setting: chat, webcam, a list of participants and the option to have access to the desktop of the one who is imparting the class. The presenter has the option to share files such as Word docs and PDFs, whereas voice over IP is fully integrated. All that students need in order to take part of a conference is a decent pair of speakers and a microphone in case there is something that needs clarification.
The best thing might as well be that this platform is usable by just anybody, from colleges and universities to single individuals that want to teach a language or something similar. And the fact that Big Blue Button is open source is also a big plus - those with the necessary knowledge will be capable of honing it even more minutely, and make it meet specific demands - demands that the development of a tool for global consumption couldn’t warrant, but that can make things far easier on individual teachers.
For my Statistics class – they need to recognize bad statistics when they see them. The first map in the report shows where they sampled – heavily weighted to the north-east.
http://www.bespacific.com/mt/archives/023697.html
March 08, 2010
Report: 100 Percent of Fish in U.S. Streams Found Contaminated with Mercury
News release: "In a new study conducted by the U.S. Geological Survey (USGS), every single fish tested from 291 freshwater streams across the United States was found to be contaminated with mercury. "This study shows just how widespread mercury pollution has become in our air, watersheds and many of our fish in freshwater streams," said Interior Secretary Ken Salazar.
[From the USGS site:
Fish-Hg concentrations at 27 percent of sampled sites exceeded the U.S. Environmental Protection Agency human-health criterion of 0.3 micrograms per gram wet weight. Exceedances [Government speak for “more than our arbitrary limit” Bob] were geographically widespread, although the study design targeted specific sites and fish species and sizes, so results do not represent a true nationwide percentage of exceedances.
How to “know” you have mastered a tool.
http://www.wired.com/wiredscience/2010/03/heidegger-tools/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29
Your Computer Really Is a Part of You
By Brandon Keim March 9, 2010 4:37 pm
An empirical test of ideas proposed by Martin Heidegger shows the great German philosopher to be correct: Everyday tools really do become part of ourselves.
… Chemero’s experiment, published March 9 in Public Library of Science, was designed to test one of Heidegger’s fundamental concepts: that people don’t notice familiar, functional tools, but instead “see through” them to a task at hand, for precisely the same reasons that one doesn’t think of one’s fingers while tying shoelaces. The tools are us.
A challenge for my students, most of whom (to my horror) have never listened to jazz!
http://www.wired.com/underwire/2010/03/miles-davis-monster-giveaway/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29
Get Jazzed for Monster Miles Davis Giveaway
By Scott Thill March 8, 2010 6:37 pm
One of the 20th century’s most influential musicians, Miles Davis shredded the jazz envelope for decades until his passing in 1991.
You can sample most of that shredding in Wired.com’s expansive, expensive giveaway featuring the Miles Davis: The Complete Columbia Album Collection box set, a Miles-branded iPod, T-shirt and USB stick, as well as a pair of Monster Miles Davis Tribute High Performance In-Ear Speakers.
The street value of the prize package is well over $1,000, but its artistic value is priceless.
… In fact, the only thing that sucks about this giveaway is that we can’t win it ourselves.
But you can, and all you have to do is tell us why you deserve to win. Post a comment below telling us why Miles could be the greatest jazz artist of all time and you’ll be entered in the random drawing. Comments must be entered by 12:01 a.m. PST March 12.