I could probably write these press
releases myself. All it takes is a bit of obfuscation, double-think
and chutzpah...
By Dissent,
October 7, 2011
Three unencrypted
computer backup tapes containing patient billing and
employee payroll data have been reported missing from a Nemours
facility in Wilmington, Delaware. The tapes were
stored in a locked cabinet following a computer systems conversion
completed in 2004. [I wonder if they had been seen since then? Bob]
The tapes and locked cabinet were reported missing on September 8,
2011 and are believed to have been removed on or about August 10,
2011 during a facility remodeling project.
There is no indication that the tapes
were stolen or that any of the information on them has been accessed
or misused. Independent security experts retained by Nemours
determined that highly specialized equipment [a tape
reader Bob] and specific technical
knowledge [How to push the “ON” button? Bob] would be
necessary to access the information stored on these backup tapes.
There are no medical records on the
tapes.
“This is an isolated incident
unrelated to patient care and safety,” said David J. Bailey, M.D.,
President and Chief Executive Officer. “The privacy of our
patients, their families, and our employees and business partners is
a high priority to all of us at Nemours.”
The information on the tapes dates
principally between 1994 and 2004 and relates to approximately 1.6
million patients and their guarantors, vendors, and employees at
Nemours facilities in Delaware, Pennsylvania, New Jersey and Florida.
The missing backup tapes contained
information such as name, address, date of birth, Social Security
number, insurance information, medical
treatment information, and direct deposit bank account
information.
Nemours is notifying individuals who
may have been affected and offering them one year of free credit
monitoring and identity theft protection as well as call center
support. Additionally, Nemours is taking immediate steps to
strengthen its data security practices. These include moving
towards encrypting all computer backup tapes [not actually encrypting
the backups, but thinking about possibly scheduling a planning
meeting to consider forming a committee to evaluate potential
processes that might eventually lead to a procedure, etc. Bob]
and moving non-essential computer backup tapes to a secure off-site
storage facility.
Source: Nemours Press Release
Identity theft seems to be the hot new
“Franchise” for criminals.
More
than 100 arrested in massive NYC theft ring
… In total, 111 people were
arrested and more than 85 are in custody; the others are still being
sought. Five separate criminal enterprises operating out of Queens
were dismantled. They were hit with hundreds of charges, said Queens
District Attorney Richard Brown, calling it the largest fraud case
he'd ever seen in his two decades in office.
… The enterprise had been operating
since at least 2010 and included at least one bank and restaurants,
mostly in Queens. Authorities say the graft operated like this:
At least three bank workers, retail
employees and restaurant workers would steal credit card numbers in a
process known as skimming, in which workers take information from
when a card is swiped for payment and illegally sell the credit card
numbers. Different members of the criminal enterprise would steal
card information online.
The numbers were then given to teams of
manufacturers, who would forge Visas, MasterCards, Discover and
American Express cards.
… The plastic would be given to
teams of criminal "shoppers" for spending sprees at
higher-end stores including Apple, Bloomingdale's and Macy's. The
groups would then resell the merchandise oversees to locations in
China, Europe and the Middle East.
All told, more than $13 million was
spent on iPads, iPhones, computers, watches and fancy handbags from
Gucci and Louis Vuitton, authorities said.
Each new technology ignores the lessons
learned by earlier technologies...
October 07, 2011
Wired
Reports Keylogger Computer Virus Has Infected U.S. Drone Fleet
Danger
Room: "A computer virus has infected the cockpits of
America’s Predator and Reaper drones, logging pilots’ every
keystroke as they remotely fly missions over Afghanistan and other
warzones. The virus, first detected nearly two weeks ago by the
military’s Host-Based
Security System, has not prevented pilots at Creech Air Force
Base in Nevada from flying their missions overseas. Nor have there
been any confirmed incidents of classified information being lost or
sent to an outside source. But the virus has
resisted multiple efforts to remove it from Creech’s
computers, network security specialists say. And the infection
underscores the ongoing security risks in what has become the U.S.
military’s most important weapons system."
[From the article:
“We keep wiping it
off, and it keeps coming back,” says a source familiar
with the network infection, one of three that told Danger Room about
the virus. “We think it’s benign.
But we just don’t know.”
… The specialists don’t know
exactly how far the virus has spread. But they’re sure that the
infection has hit both classified and unclassified machines at
Creech.
… But despite their widespread use,
the drone systems are known to have security flaws.
Many Reapers and Predators don’t encrypt the video
they transmit to American troops on the ground. In the summer of
2009, U.S. forces discovered “days
and days and hours and hours” of the drone footage on the
laptops of Iraqi insurgents . A $26
piece of software allowed the militants to capture the video.
The first job for any bureaucracy is to
survive and grow. Solving problems is contrary to this goal.
White
House Issues ‘WikiLeaks’ Order to Secure Classified Data
… The so-called “WikiLeaks
Order” (.pdf) was issued by President Obama on Friday and
largely focuses on establishing committees, offices
and task forces to work on implementing a balance between
the needs of federal agencies to access classified data and the
necessity of securing that data against improper usage and leaks.
It looks like the next Privacy
Foundation seminar will address how lawyers calculate/estimate/guess
Damages following a Privacy Breach. Articles like this one lead me
to ask my lawyer friends if there is a polite way to initiate a
lawsuit – i.e. one that suggests a settlement is possible without
the need to mount a “full court press” defense? What are the
signals?
Citigroup
Sued by Cardholders Over May Security Breach
October 7, 2011 by admin
Patricia Hurtado reports:
Citigroup Inc.
(C), the third-largest U.S. bank, was sued by cardholders over a May
computer security breach that affected more than
360,000 accounts.
Kristina and
Steven Orman of Northport, New York, sued Citigroup in federal court
in Manhattan today, seeking to represent victims of the hacking in a
class-action, or group, lawsuit. Money was stolen from their bank
account and their credit cards were illegally used by third parties
following the breach, they said.
Read more on Bloomberg.
[From the article:
“Defendants have taken no steps that
adequately or effectively protect cardholders against illegal use of
the cardholders’ sensitive and extensive financial records since
the breach,” the Ormans alleged in the complaint. They seek
unspecified damages.
Citigroup said in June that the breach,
affecting 1.5 percent of its card customers in North
America, was discovered at Citi Account Online during
routine monitoring.
… Citigroup also failed to disclose
how it concluded that “more sensitive information like social
security numbers, birth dates, card expiry dates and CVV card
security codes were not compromised,” according to the complaint.
(Related)
Ameritrade
lawsuit settlement approved
October 7, 2011 by admin
In one of the longer-running databreach
lawsuits, a court has now approved the settlement in the Ameritrade
case. Associated Press reports
that the deal will cost Ameritrade between $2.5 million and $6.5
million. Settlement details are available online at
www.accountdatasettlement.com.
Obvious in retrospect.
Google
Adds More Security to Google+ [News]
… Previously, Plus users could only
make content private after it was made public to one or more of their
Plus Circles. But now you can select privacy controls before
content is posted.
...and let's not forget, maybe they're
better than everyone else?
Google
and the antitrust inquiry: Fighting shadows
As Google’s federal antitrust case
winds
its way through the halls of justice in Washington, investigators
for the Federal Trade Commission and the Justice Department will have
to consider some fundamental questions about how to
apply antitrust law to a company whose primary products are free
— and whose monopoly was arguably gained not through coercive
relationships but through the power of an algorithm. In other words,
what does the word “monopoly” even mean when applied to a
web-based entity like Google? Are network effects a
barrier to entry, as some have argued, or are online monopolies
inherently more fragile than their real-world cousins?
At least I can use Google to find
a book I might want to read, then actually purchase it or have my
library run it down.
October 07, 2011
The
Song of the Sirens: Google Book's Project and Copyright in a Digital
Age
The
Song of the Sirens: Google Book's Project and Copyright in a Digital
Age, Clarice Castro and Ruy De Queiroz, September 1, 2011
- "Numerous scholars have highlighted the extraordinary book-scanning project created by Google in 2004. The project aims to create a digital full text search index which would provide people with online access to books and assist research. A few months after the original idea started being implemented, the Authors Guild and the Association of American Publishers-AAP filed a class-action lawsuit, claiming that Google Book’s Project violated copyright law in the United States. The main contention was that the books which were not under public domain could not have been scanned without permission and compensation for authors and publishers. Google’s Book Project radically changed its character from the time of its birth until the negotiation of an Amended Settlement Agreement - ASA with the plaintiffs. It has raised serious controversies not only regarding different aspects of the future of the Internet but also over the issue of privatization of knowledge. Those in favour of the initiative highlight the astonishing accomplishment of Google, allowing us to access books more easily than ever before in human history. However, their claim is as dangerous as the song of the sirens. While at first sight Google tells a tale of extraordinary inclusion, it excludes those who cannot pay to access snippets or limited view of around 80% of the books available. We will also discuss the Amended Settlement Agreement of Google with the Author’s Guild and its failure on March, 2011. Finally, we will explore the concept of “fair use,” or “exceptions and limitation on copyright,” which provides for full access to books to any individual, library or archive as long as they are used for educational or scientific purposes."
For my CJ students... Isn't his
something Facebook already does for free?
"The FBI by mid-January will
activate
a nationwide facial recognition service in select states that
will allow local police to identify unknown subjects in photos,
bureau officials told Nextgov. The federal government is embarking
on a multiyear, $1 billion dollar overhaul of
the FBI's existing fingerprint database to more quickly and
accurately identify suspects, partly through applying other biometric
markers, such as iris scans and voice recordings."
(Related) Not sure I agree, but this
might be interesting to kick around...
Forensic
DNA Could Make Criminal Justice Less Fair
For my Data Mining and Data Analytic
students
October 07, 2011
Six
Provocations for Big Data
Six
Provocations for Big Data, Danah Boyd and Kate Crawford
- "The era of Big Data has begun. Computer scientists, physicists, economists, mathematicians, political scientists, bio-informaticists, sociologists, and many others are clamoring for access to the massive quantities of information produced by and about people, things, and their interactions. Diverse groups argue about the potential benefits and costs of analyzing information from Twitter, Google, Verizon, 23andMe, Facebook, Wikipedia, and every space where large groups of people leave digital traces and deposit data. Significant questions emerge. Will large-scale analysis of DNA help cure diseases? Or will it usher in a new wave of medical inequality? Will data analytics help make people’s access to information more efficient and effective? Or will it be used to track protesters in the streets of major cities? Will it transform how we study human communication and culture, or narrow the palette of research options and alter what ‘research’ means? Some or all of the above? This essay offers six provocations that we hope can spark conversations about the issues of Big Data. Given the rise of Big Data as both a phenomenon and a methodological persuasion, we believe that it is time to start critically interrogating this phenomenon, its assumptions, and its biases.
(This paper was presented at Oxford
Internet Institute’s A
Decade in Internet Time: Symposium on the Dynamics of the Internet
and Society on September 21, 2011.)"
(Related)
Data Mining: DHS Needs to Improve
Executive Oversight of Systems Supporting Counterterrorism,
GAO-11-742, Sep
7, 2011
Shocking!
"ISPs
are wildly exaggerating the cost of increased internet traffic,
according to a new report. Fixed and mobile broadband providers have
claimed their costs are 'ballooning' because of the expense of
delivering high-bandwidth services such as video-on-demand. However,
a new report from Plum Consulting claims the cost per additional
gigabyte of data for fixed-line ISPs is between €0.01-0.03 per GB.
The report labels claims of ballooning costs a 'myth.'"
Also shocking: How dare anyone suggest
that politicians “get it!”
"Apparently there are some
politicians who 'get it.' At least it seems that way after reading
an entry on the blog of Rick Falkvinge (founder of the Swedish
Pirate Party). He says the Green party group, fifth largest in the
European Parliament, has officially adopted several of the Pirate
Party's stances in a
new position paper (PDF). The Greens say, 'the copyright
monopoly does not extend to what an ordinary person can do with
ordinary equipment in their home and spare time,' adding that a
20-year protection term is more reasonable than 70 years. They go on
to say, 'Net Neutrality must be guaranteed,' and also mention DRM:
'It must always be legal to circumvent DRM restrictions, and we
should consider introducing a ban in the consumer rights legislation
on DRM technologies that restrict legal uses of a work.'"