Monday, January 09, 2012


I have long since reached my frustration point. Increasingly I am seeing calm, rational security & privacy bloggers starting to lose it with those who should be responsible... This post is typical. If nothing else, a poor response will raise your negative profile.
Ca: Computers with personal info stolen from Waterloo Region District School Board
January 8, 2012 by admin
I wasn’t even going to mention this breach on this blog. I originally intended to just add it to DataLossDB, but when I read it, I was somewhat put off by the school board’s actions and statements so I decided to comment on it here.
Jeff Hicks reports:
Nine computers stolen from the Waterloo Region District School Board’s education centre in Kitchener on Dec. 1 contained personal information about individuals.
So, should parents and families be worried?
“If there are risks associated with the content, we will contact families directly,” said board chair Catherine Fife on Friday after the first media release was issued on the month-old break-in and theft.
So more than one month after the theft, the board still hasn’t determined if there are risks and hasn’t contacted anybody directly? Why not? Are they working round the clock on this or did they take the holidays off or..?
“I think, as a board, we are being responsible by sharing the information and letting the public know that a breach has occurred.”
No details on what type of personal information was contained on the laptops, used by staff, were released by the Board on Friday.
The number of people or families with information at risk was not released.
Families should be grateful that the board disclosed that there had been a breach a month after the fact and without any details? This is what the board considers being responsible? Seriously?
More than one month after a breach, the board should not only have notified employees or parents of students who might have been affected but they should have made a public disclosure that contains some actual… what’s that word I’m looking for…. oh, right: details.
The board says the computers conform to industry standards and highly specialized knowledge would be needed to bypass security to get at the information.
“They may not be able to access that information,” Fife said. “It’s a layered process.”
This has nothing to do with computers conforming to industry standards. It has everything to do with the school board having good security protocols in place and the employees complying with them. Are we to infer that the files or the drives weren’t actually encrypted?
[...]
Board staff are working on a list of individuals whose information was on the stolen computers.
Why isn’t that list compiled already? Were there thousands of individuals or students whose names needed to be compiled? Did the board have current backups of all of the nine laptops’ drives?
I know that Canada has different breach disclosure and breach notification requirements than U.S. states do, but I would hope that the Privacy Commissioner of Ontario, Dr. Ann Cavoukian, would open a sua sponte investigation into this incident to determine if Waterloo Region District School Board had adequate security and privacy protections in place and whether their breach response is reasonable or not. If I were a parent of a student in that district, I’d want to know why we hadn’t already been informed of the breach and what data was on it from our family.
This was the school board’s second disclosed breach in the past six months. The first, disclosed in August, involved two microfilm tapes containing data on over 2,250 students that went missing in the mail to them from a firm in Winnipeg. After that breach, the board changed to using a courier service. It was never disclosed when that loss actually occurred or what security was on the microfilm tapes.
Maybe the Waterloo Region District School Board has a reasonable explanation why notification has been delayed in its most recent breach. Maybe they don’t. But so far, their “disclosure” leaves this blogger with more questions than answers.


“...because parents don't know how to raise children.” Do you suppose the school would allow parents to see all the data on their children?
MO: Parkway’s use of fitness monitors raises privacy questions
January 9, 2012 by Dissent
Mary Shapiro:
When is the line crossed between better health and surveillance?
In early 2012, wristwatch-like devices called Polar active monitors will be used by older students in PE classes at all 18 Parkway elementary schools. District officials say the devices should help improve the students’ fitness and academic achievement.
Later this school year, the district plans to collect data about activity levels and even sleep patterns for a week at a time. It will have the students wear the devices round the clock.
Some parents and legal experts are raising privacy concerns about at least that aspect of the program.
Read more on STLtoday.com.
[From the article:
Cara Bauer, PTO president at Shenandoah Valley and mother of a son in first grade and a daughter in fifth grade, said she's heard about the monitors from her daughter, Caroline. She said her daughter doesn't like wearing one and calls them "the funny watch."
"I wish Parkway would let parents know what's going on with the program," Bauer said.
… Neil Richards, a professor of law with Washington University in St. Louis who teaches privacy and civil liberties courses, said he feels the plan for the devices constitutes "a major privacy issue."
"The school district eventually will be engaging in surveillance of kids' sleep and exercise patterns outside the school day," he said.
… And wearing them voluntarily doesn't eliminate privacy concerns, Richards said.
"They'll create a record of medical information about children around the clock," he said. "Even if it serves laudable public health goals, it's a fairly Orwellian step for a school district to engage in."


We have seen this coming for years. Ever since accountants brought Apple II's with Visicalc into the office. After extensive legal research and with years of professional experience I can definitively state that the correct answer is “Is pendeo...” or perhaps “Il dépend... ” – in either case that translates to “it depends...”
"As companies increasingly enable employees to bring their own devices into business environments, significant legal questions remain regarding the data consumed and created on these employee-owned technologies. 'Strictly speaking, employees have no privacy rights for what's transmitted on company equipment, but employers don't necessarily have access rights to what's transmitted on employees' own devices, such as smartphones, tablets, and home PCs. Also unclear are the rights for information that moves between personal and corporate devices, such as between one employee who uses her own Android and an employee who uses the corporate-issued iPhone. ... This confusion extends to trade secrets and other confidential data, as well as to e-discovery. When employees store company data on their personal devices, that could invalidate the trade secrets, as they've left the employer's control. Given that email clients such as Outlook and Apple Mail store local copies (again, on smartphones, tablets, and home PCs) of server-based email, theoretically many companies' trade secrets are no longer secret.'"


Very interesting idea. Are you reading this RIAA? (Is this a return to the communication methods we used before Gutenberg locked us into text?)
An anonymous reader writes with this snippet from The Conversation:
"According to the Wall Street Journal, camera manufacturer Kodak is preparing to file for Chapter 11 bankruptcy, following a long struggle to maintain any sort of viable business. The announcement has prompted some commentators to claim that Kodak's near-demise has been brought on by: a failure to innovate, or a failure to anticipate the shift from analogue to digital cameras, or a failure to compete with the rise of cameras in mobile phones. Actually, none of these claims are true. Where Kodak did fail is in not understanding what people take photographs for, and what they do with photos once they have taken them."
Continues the reader:
"Looking at camera data from Flickr, of images uploaded in 2011, camera phones only make up 3% of the total. Dedicated cameras from Canon, Nikon and yes, Kodak were used to take 97% of the images. What Kodak failed to understand is that people have switched from taking photos for remembering and commemorative reasons to using photos for identity and communication. The shift changes the emphasis away from print to social media platforms and dedicated apps."


Another example of the “not invulnerable” Google?
Open Source Maps Gain Ground as Google Paywall Looms
Nestoria is one of those companies that was told it would have to start paying real money for Google Maps. When Google couldn’t tell it exactly how much, Nestoria kicked Mountain View to the curb and switched to OpenStreetMap, a free, collaborative effort to map the globe.
But that’s only part of the story. Nestoria’s “free and open” map data is actually served up by MapQuest, the once and future mapping outfit that ruled the web before Google Maps stole its thunder.
… OpenStreetMap, or OSM, is yet another example of a project that manages to compete with a massive tech company simply by crowdsourcing a problem. Much like Wikipedia challenged Encyclopedia Britannica and Linux took on Microsoft Windows, OpenStreetMap is battling Google Maps, and at least in some cases, it’s winning.


Your phone as guidebook?
January 08, 2012
DC.gov - applications built by DC government
Via DC Apps - Users may Browse Categories: Education, Public Safety, Economic Development, Infrastructure, Government Operations, Health and Human Services, About DC. Also includes links to Best applications built by individuals/companies.
  • Apps include: DC Police Crime Mapping, Where is my Bus?, DC Wi-Fi Hot Spot Map, AreYouSafe DC, find a metro dc, DC Multimodal Crime Finder


Is this an example of “Book 2.0?” Writing as a collaborative act?
January 07, 2012
Government As a Platform
Government As a Platform Copyright © 2010 O’Reilly Media, Inc.
  • You are reading the text of an O’Reilly book that has been published (Open Government). However, the author of this piece—Tim O’Reilly—understands that the ideas in this chapter are evolving and changing. We’re putting it here to get feedback from you—what are your ideas? This chapter uses the Open Feedback Publishing System (OFPS), an O’Reilly experiment that tries to bridge the gap between manuscripts and public blogs."


Perspective: Perhaps Internet TV isn't ready for prime time? Or perhaps the couch is a more comfortable place to watch zombie movies?
How People Watch TV Online And Off
… Just in terms of audience reach, Nielsen estimates that almost 145 million people watch video online in the U.S., compared to about 290 million who watch traditional TV. So the penetration of online video is already about half of the overall TV-watching population.
Yet for all the video people watch on the web, it is still a tiny fraction of how much they watch on TV in terms of time spent. In a report put out yesterday on the State of the Media summarizing 2011 data, Nielsen estimates Americans spend an average of 32 hours and 47 minutes a week watching traditional TV. They only spend an average of 3 hours and 58 minutes a week on the Internet, and only 27 minutes a week watching video online. All those billions of videos watched online still only represent 1.4 percent of the time spent watching traditional TV.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)