“You were serious about dat?” Joe
Pesci in “My Cousin Vinny”
By Dissent,
October 3, 2011
Sue Dremman reports that a lawsuit has
been filed against Stanford Hospital & Clinics and its former
vendor, Multi-Specialty Collection Services, LLC. You can read about
it on Palo
Alto Online. This is one of those cases where I really do view a
breached entity as a victim because SHC seems to have done everything
right but they’ll still take the reputation hit and incur costs.
Keeping in mind that this is just SHC’s
side of the story and we have yet to hear from MSCS:
Stanford officials
said Multi-Specialty Collection Services, a California company,
provided business and financial support to the hospitals.
Multi-Specialty was operating under a contract that
specifically required it to protect the privacy of the patient
information. The hospital sent the data to
Multi-Specialty in an encrypted format to protect its
confidentiality.
A hospital
investigation found that Multi-Specialty prepared an electronic
spreadsheet from the data that had patient names, addresses and
diagnosis codes. The company sent the spreadsheet to
a third person who was not authorized to have the information and who
posted it on a website.
“This
mishandling of private patient information was in complete
contravention of the law and of the requirements of MSCS’s contract
with SHC and is shockingly irresponsible. SHC regrets that its
patients’ confidentiality was breached and is committed to
protecting the health and privacy of all of its patients,” the
hospital said.
Read more on Palo
Alto Online.
Probably not that big an increase.
I'll bet they just didn't look for or notice most of them in earlier
years...
GAO:
Federal network security breaches spike 650 percent
October 3, 2011 by admin
Aliya Sternstein reports:
Reports of network
security incidents at federal agencies have soared 650 percent during
the past half-decade, jeopardizing the confidentiality and integrity
of sensitive government information, federal auditors charged in a
congressionally mandated report.
The most prevalent
types of cyber events included infections from malicious code — 30
percent of incidents; violations of acceptable use policies; and
intrusions into networks, applications and other data resources,
states a Government Accountability Office report
released on Monday.
Read more on NextGov.
[The audit report:
http://www.gao.gov/new.items/d12137.pdf
[From the NextGov
article:
The main reason agency computers are
vulnerable to contamination is departments have failed to implement
security controls, according to the audit. Agencies do not always
adequately train personnel responsible for system security, regularly
monitor safeguards, successfully fix vulnerabilities or resolve
incidents in a timely fashion.
I would expect nothing less. After
all, this is what they said they didn't do, but then said they did,
but then blamed on the users.
suraj.sun sends word that a recent
Facebook patent application details
specific methods for tracking its users while they're using other
websites. Michael Arrington pointed
out over the weekend that this follows explicit statements from
Facebook employees that the social networking giant has "no
interest in tracking people." Quoting the Patent
Application:
"In one
embodiment, a method is described for tracking information about the
activities of users of a social networking system while on another
domain. The method includes maintaining a profile for each of one or
more users of the social networking system, each profile identifying
a connection to one or more other users of the social networking
system and including information about the user. The method
additionally includes receiving one or more communications from a
third-party website having a different domain than the social network
system, each message communicating an action taken by a user of the
social networking system on the third-party website. The method
additionally includes logging the actions taken on the third-party
website in the social networking system, each logged action including
information about the action."
(Related) “It's the user's fault
that they didn't opt-out of the feature they didn't know about, but
we were kind enough to opt them into...”
How
To Avoid Appearing In Social Ads In Facebook & LinkedIn
… A social advertisement works in a
very straightforward way: if you, by a coincidence or whatever
reason, have liked a Facebook page or ad, your friends will see your
“like” next time they see the same advertisement. You might feel
comfortable with that, however most people are not aware of the fact
that by simply “liking” something (and thus expressing a passive
form of appreciation), they also start recommending the same thing to
their friends. LinkedIn launched
a somewhat similar form of social advertising this summer.
Another disturbing thing is that in
both systems, you find yourself automatically
“opted-in” the social advertising system. Yes, you
can opt out, but only if you know about the system and can spend a
little effort and a few minutes of your time to do a quick research
on how to disable it for your profile. So here’s a quick guide for
those who feel they don’t want to participate in social advertising
at LinkedIn and Facebook.
Microsoft did what?
U.S.
Privacy Laws Also Extend to Noncitizens
October 3, 2011 by Dissent
Tim Hull reports:
A federal law that
protects the privacy of emails and other electronic communications
extends to foreign nationals, the 9th
Circuit ruled Monday, allowing Microsoft to protect the emails of
an Indian citizen accused of fraud in Australia.
Read more on Courthouse
News.
What’s particularly nice about this
case is that it was Microsoft that made the motion to
quash. I love it when businesses try to protect
consumer’s privacy – in this case, by asserting that ECPA
protected the privacy of noncitizens as well as citizens.
The parallel with the beeper is that
someone has to actually follow the beeps – very similar to
following the car. With GPS, you bug the car and go have coffee
while it records everything.
Privacy
advocates’ amicus brief in United
States v. Jones
October 3, 2011 by Dissent
CDT has uploaded the amicus brief filed
by itself, EFF, Matt Blaze, Andrew J. Blumberg, Roger L. Easton, and
Norman M. Sadeh in United States v. Jones, a case that asks
whether a warrant is required under the Fourth
Amendment to attach a GPS device to a vehicle.
You can read the brief here.
As I understand it, there seems to be two main arguments in their
brief: (1) that GPS is not equivalent to beeper technology, which
simply augments an officer’s sensory capabilities; and (2) the
massive amounts of detailed information compiled automatically by GPS
systems violates the public’s sense of still having some reasonable
expectation of privacy in public.
Briefs, documents, and more background
on the case can be found on SCOTUSblog.
Should all these questions be addressed
before using the technology? (I'd say no.)
With
Shooting Caught On Officer’s “Chest-Cam,” Tech Precedent To Be
Set
The rising number of cameras recording
activity on the street and on the job makes for an interesting new
set of problems. I examined a few in my Surveillant
Society post, and one
has just emerged that could set a serious precedent for the
application of tech in criminal cases.
On September 25, an Oakland police
officer pulled over a car and the suspect got out and fled. The
officer chased him, and during a struggle the suspect was shot and
killed.
… It would be another sadly typical
escalation with a lethal end, except that the officer in question had
at some point flipped on his “chest-cam,” a relatively recent
development in policing where a Flip-type pocket cam (in this case a
Vievu model) is attached to the
uniform and turned on under certain circumstances. The presence of
this camera is leading to a few potentially major legal questions
given the stakes of the case
First, when are officers required to activate the camera?
Second,
how is the footage handled?
Can
the officer in question view the footage before giving a statement?
At
what level should this kind of tech decision be legislated?
It's not lying, it's enhancing the
truth!
"Torrent Freak has an
interesting interview with a former private investigator who was
hired to track people who pirated software and movies. He relates
some
of the tactics used to make evidence more appealing to police,
the media and lawmakers. He said, 'We discussed the formula for
extrapolating the potential street value earnings of "laboratories"
and we were instructed to count all blank
discs in our seizure figures as if they were potential product.
Mr. Gane also explained that the increased loss approximation
figures were derived from all forms of impacts on decreasing cinema
patronage right through to the farmer who grows the corn for
popping.' Regarding the head of AFACT, the article notes, 'Gane
understood that the media was an essential tool towards AFACT's goal
of getting tougher copyright legislation in place. And for this
purpose, it was a good idea to bend the truth a bit.'"
This could be a serious pain in the
posterior..
"The Patent Examiner blog has
the incredible story of Innovatio IP, a patent troll that recently
acquired a portfolio of patents that its lawyers (what, you think
there are any employees?) appear to believe cover
pretty much any Wi-Fi implementation. They've been suing coffee
shops, grocery stores, restaurants and hotels first — including
Caribou Coffee, Cosi, Panera Bread Co, certain Marriotts, Best
Westerns, Comfort Inns and more. ... The lawyer representing the
company, Matthew McAndrews, seems to imply that the company believes
the patents cover everyone who has a home
Wi-Fi setup, but they don't
plan to go after such folks right now, for 'strategic' reasons."
Isn't this covered in “Economics for
Politicians who want to Do Something?”
Minimum
wage harming job opportunities for young
The latest “convergence” makes
Cable TV vulnerable... (Remember the IBM ad that claimed every song
by every artist would be available on demand? Extend that to any
media...)
Google
paying $100 million for YouTube content, report says
Google is taking aim at the cable
industry by putting up $100 million to develop original content for
dozens of new YouTube channels, according to a Wall
Street Journal report.
… The report comes as competition
heats up for consumers' entertainment dollars. Amazon and Dish
Network recently announced forays into streaming content to challenge
Netflix, which has been experiencing a subscriber backlash after a
price increase in its DVD-and-streaming plan.
As part of its Kindle Fire unveiling
last week, Amazon announced it was bundling
its new tablet computer with a free one-month subscription to
Amazon Prime, which gives customers access to more than 11,000 movies
and TV shows for $79 a year. The week before, Dish unveiled the
"Blockbuster
Movie Pass," a bundle of services that offers streaming
video and discs and games by mail to existing customers for $10 a
month.
The future is so yesterday...
INFOGRAPHIC:
Got The Internet? Then Never Leave Home Again
Our infographic today comes from
College At Home and shows
all the different things you can do online which allows you to never
leave your home.
No comments:
Post a Comment