Spin me a story that
doesn't include self-contradictory statements.
San
Jose State University officials deny hacker’s data theft claims
July 2, 2012 by admin
Robert Salonga reports:
San Jose State
University officials are denying a computer hacker’s
claims he stole a wealth of sensitive personal data from its largest
student-run campus enterprise.
Monday,
a hacker going by “S1ngularity” announced via Twitter that he
infiltrated a server for the Associated Students of SJSU, a
student-run nonprofit that oversees a host of campus services. It is
separate from the university, with its own IT infrastructure, meaning
no school data was affected.
The
university acknowledged an intrusion occurred
but has not corroborated [Not the same as “can not”
or “can definitely refute” Bob] the hacker’s boasts
of posting information like students’ Social Security and driver’s
license numbers.
Read more on The
Mercury News.
[From the article:
New York-based data security firm Identity Finder plucked the
announcement from the obscurity of Web forums and alerted media
organizations, saying it analyzed nearly four gigabytes of
unencrypted data the hacker posted, including email addresses,
passwords, and perhaps most disturbingly, 10,000 Social Security
numbers.
Aaron Titus, the firm's chief privacy
officer, said the numbers were valid but not accompanied by names.
The university reached a similar
conclusion.
"We have found no
evidence to suggest (Social Security numbers) have been compromised,"
[Except of course the 10,000 numbers that were compromised. Perhaps
they mean they can't (haven't yet?) matched them to students? Bob]
Harris said.
Looks like a new case
study for their Class Action class...
University
of Florida notifies former law students about privacy breach
July 2, 2012 by admin
This sounds very much like the incident
University of
North Florida reported last month, but it’s a
new/separate announcement
from the University of Florida:
University of
Florida officials are notifying 220 former law school students
and applicants who had sought a roommate online [Where does the SSAN
come in here? Bob] in the early 2000s through the Levin
College of Law that their Social Security numbers were accessible on
the Web.
Discovered in May,
the information was removed immediately from the UF servers. Also,
Google has since removed the files where the information was cached.
Roommate-matching
software required Social Security numbers for access, [So the login
system was compromised, not the ads for roommates Bob]
but that information was not visible to anyone using the software or
roommate database. The College of Law stopped using the software in
the mid-2000s.
The university
does not know whether the information was accessed for unlawful
purposes. Florida law requires the university to notify individuals
if a potential loss of personal identification information has
occurred so that protective steps can be taken. Some guidelines to
safeguard personal identification information is provided on UF’s
privacy website at http://privacy.ufl.edu.
“It is
regrettable that this instance occurred,” said Susan Blair, UF’s
chief privacy officer. “We are working diligently to purge and
protect the personal identifying information of our students and
prospective students.”
Letters were
mailed June 25 to nearly all of the individuals with personal
information listed in the database, but contact information was not
available for two law school applicants. Concerned individuals may
call UF’s Privacy Office Hotline toll-free at 1-866-876-HIPA.
“You were serious about that?”
Joe Pesci as Vinny Gambini in that great courtroom drama, My
Cousin Vinny
Cybercrime
disclosures rare despite new SEC rule
July 2, 2012 by admin
Embedded in revisions
to a proposed cybersecurity law are some provisions on mandatory
breach notification. Richard Lardner reports:
The chairman of
the Senate Commerce, Science and Transportation Committee, Sen. Jay
Rockefeller, D-W.Va., is adding a provision to cybersecurity
legislation that would strengthen the reporting requirement. The
SEC’s cybersecurity guidance issued in October is not mandatory.
[Apparently not, Vinny Bob] It was intended to update
for the digital age a requirement that companies report “material
risks” that investors want to know.
Rockefeller’s
measure would direct the SEC’s five commissioners to make clear
when companies must disclose cyber breaches and spell out steps they
are taking to protect their computer networks from electronic
intrusions.
“It’s crucial
that companies are disclosing to investors how cybersecurity risks
affect their bottom lines, and what they are doing to address those
risks,” Rockefeller said riday.
Read more from AP.
Police invent the
“e-Oops!” There is a big difference between “We can do it”
and “We know what we're doing” (Don't they know you should never
believe what you read on the Internet?)
Police
intercept online threat, raid wrong house
… please place yourself inside the
stomach of 18-year-old Stephanie Milan as she sat at home watching
the Food Network and was overtaken by a harsh queasiness.
For her door was broken down and in
walked a SWAT team, which was not in the mood to make her a burrito.
The
Evansville Courier-Press offers that the ingredients of this raid
were somewhat confused.
The SWAT team was looking for computer
equipment, which, if you're a SWAT team, you tend to search by
breaking doors down.
This computer equipment, police
believed, had been used to post threats (including references to
explosives) against the police and members of police officer's
families, via Topix.com.
This computer, police believed, was at
the Milan family's Evansville, Ill., house.
Actually, what the police believed was
that the threats had been posted using Milan's Wi-Fi. Hence the
draconian manner of entry.
… However, local police Chief Billy
Bolin said the police had no way of knowing if
Milan's Wi-Fi had been appropriated by persons unknown. [Hence the
“Guilty until proven innocent” raid? Bob]
… The police, though, claim they
now know who the miscreants might be and have agreed to repair the
front door. A grenade they tossed inside seems to have caused a
little carpet-staining, too.
The police are still in
possession of Stephanie Milan's computer, and one can only
hope that the case is resolved soon.
Undoubtedly a topic we
should explore at a future Privacy Foundation seminar...
July 01, 2012
Pew
- The Future of Smart Systems
The
Future of Smart Systems, by Janna Anderson, Lee Rainie. June 29,
2012
- "By 2020, experts think tech-enhanced homes, appliances, and utilities will spread, but many of the analysts believe we still won’t likely be living in the long-envisioned ‘Homes of the Future.’ Hundreds of tech analysts foresee a future with “smart” devices and environments that make people’s lives more efficient. But they also note that current evidence about the uptake of smart systems is that the costs and necessary infrastructure changes to make it all work are daunting. And they add that people find comfort in the familiar, simple, “dumb” systems to which they are accustomed. [Or in using smart systems in dumb ways Bob] Some 1,021 Internet experts, researchers, observers, and critics were asked about the “home of the future” in an online, opt-in survey. The result was a fairly even split between those who agreed that energy- and money-saving “smart systems” will be significantly closer to reality in people’s homes by 2020 and those who said such homes will still remain a marketing mirage."
Something to consider, students.
I gotta think about this...
Privacy
Is the Problem: United States v. Maynard and a Case for a New
Regulatory Model for Police Surveillance
July 2, 2012 by Dissent
A new article by Matthew Radler:
Privacy Is the Problem: United States v. Maynard and a
Case for a New Regulatory Model for Police Surveillance 80 Geo.
Wash. L. Rev. 1209 (2012) [PDF]
Abstract:
Inescapably, the
debate in the United States about law enforcement’s use of
electronic surveillance is defined in terms of privacy. Whether
discussed by courts, commentators, or legislators, the principal and
often the only justification put forth for regulating the use of a
given technology by the police is that it invades an interest somehow
described as private. But as surveillance technology has extended to
conduct that takes place on public property and in plain view of
society at large, this rationale for regulation has become incapable
of justifying the rules that result. This demand for privacy-based
rules about public-conduct surveillance reached its apex (thus far)
in 2010 in United States v. Maynard, the appellate decision affirmed
on other grounds by the Supreme Court’s property-based ruling in
United States v. Jones. Maynard’s theory of privacy rights in the
context of police use of tracking devices—that they are violated by
the mere aggregation of data—is so vulnerable to circumvention by
police agencies that its efficacy as a basis for regulation is
questionable at best. This Note proposes an
alternative rationale for regulation of public-conduct surveillance,
as well as a theory of institutional harm and an alternative
rulemaking authority—an administrative agency—to address
public-conduct surveillance issues.
In an era when
police action is the primary determinant of who is con victed of
crimes, without meaningful review via trial, unchecked
surveillance renders the judiciary a rubber stamp for
local executive power; the demand for an ex ante record restores the
supervisory role of the courts over police conduct. Preserving that
institutional role, instead of protecting an increasingly
difficult-to-justify notion of individual privacy in public behavior,
provides a durable rationale, and ensuring that it is given full
effect will require administrative, rather than judicial or
legislative, oversight.
This is clever!
Is
There a Breach in the Dam Holding Back Damage Actions for Alleged
Privacy Breaches?
July 2, 2012 by Dissent
Christopher Wolf writes:
Two recent federal
cases alleging privacy violations in the mobile context have been
allowed to proceed based on novel damages allegations. While neither
cases recognized a property interest in personal information per
se, the courts allowed cases involving mobile devices and
alleged privacy violations to proceed, finding allegations sufficient
that
(a) the
plaintiffs paid more for their devices than they would have paid had
they known their personal information would be misused, and
(b) that the
battery and data usage costs arising from unwanted collection and
sharing of personal information constitutes actionable damages.
Thus, these cases
may open the door for more novel indirect financial injury claims
arising from the allegedly improper collection and use of personal
information. The long-standing presumption that mere exposure of
personal data is insufficient for standing and damage actions may
become irrelevant if plaintiffs are able to link the exposure to
increased costs of device usage.
Read more on Hogan Lovells Chronicle
of Data Protection.
Encrypted communications double, still
not a problem since they could read everything...
"Federal and state court orders
approving the interception of wire, oral or electronic communications
dropped
14% in 2011, compared to the number reported in 2010. According
to a report issued by the Administrative Office of the United States
Courts a total of 2,732 wiretap applications were authorized in 2011
by federal and state courts, with 792 applications by federal
authorities and 1,940 applications by 25 states that provide reports.
The reduction in wiretaps resulted primarily from a drop in
applications for intercepts in narcotics offenses, the report noted."
[From
the report:
In 2011, encryption was reported during
12 state wiretaps, but did not prevent officials from
obtaining the plain text of the communications.
No good deed goes
unpunished. Security (or privacy) actions have reactions. This is
fertile ground for hackers.
"Twitter is going
to clamp down on abuse and 'trolling' according to its CEO Dick
Costolo. Actions could include hiding replies from users who do not
have any followers or biographical information. The difficulty is
that moves to stop trolling could also curtail
the anonymous Tweets which have been useful for
protest in repressive regimes."
A backup for GPS?
"BAE Systems has developed a
positioning solution that it claims will work
even when GPS is unavailable. Its strategy is to use the
collection of radio frequency signals from TV, radio and cellphone
masts, even WiFi routers, to deduce a position. BAE's answer is
dubbed Navigation via Signals of Opportunity (NAVSOP). It
interrogates the airwaves for the ID and signal strength of local
digital TV and radio signals, plus air traffic control radars, with
finer grained adjustments coming from cellphone masts and WiFi
routers. In any given area, the TV, radio,
cellphone and radar signals tend to be at constant frequencies and
power levels as they are are heavily regulated — so positions could
be calculated from them. "The real beauty of
NAVSOP is that the infrastructure required to make it work is already
in place," says a BAE spokesman — and "software defined
radio" microchips that run NAVSOP routines can easily be
integrated into existing satnavs. The firm believes the technology
could also work in urban concrete canyons where GPS signals cannot
currently reach."
The problem with squeezing
this into one page is, you need the page to be at least wall size to
read it...
July 01, 2012
A
Visual Guide to NFIB v. Sebelius
Follow up to The
Health Care Law - Government Resources, Commentary and Analysis,
see A Visual Guide to NFIB v. Sebelius: Competing Commerce Clause
Opinion Lines 1789-2012, Colin P. Starger, University of Baltimore
School of Law, June 30, 2012 - Download
via SSRN.
- Though Chief Justice Roberts ultimately provided the fifth vote upholding the Affordable Care Act (ACA) under the Tax Power, his was also one of five votes finding the ACA exceeded Congress’ power under the Commerce Clause. The doctrinal basis for Roberts’ Commerce Clause analysis was hotly contested. While Roberts argued that the ACA’s purported exercise of Commerce power “finds no support in our precedent,” Justice Ginsburg accused the Chief Justice of failing to “evaluat[e] the constitutionality of the minimum coverage provision in the manner established by our precedents.” These diametrically opposed perspectives on “precedent” might prompt observers to ask whether Roberts and Ginsburg considered the same cases as controlling. This Visual Guide shows that though the justices agreed on relevant cases, they disagreed on which opinions within those cases properly stated the law. Both Roberts and Ginsburg implicitly adopted the reasoning of prior dissents and concurrences as well as majority opinions. The map illustrates how competing lines of Commerce Clause opinions constitute a long-running doctrinal dialectic that culminated – for now – in NFIB v. Sebelius. This Visual Guide is a single-page PDF "poster" designed to serve as quick reference to the doctrinal debate."
Perspective: What Google
thinks are the keys to competing in the Cloud?
"The Compute
Engine announcement at Google I/O made it clear that Google
intends to take Amazon EC2 head on. Michael Crandell, who has been
testing out Compute Engine for some time now, divulges
deeper insights into the nascent IaaS, which, although enticing,
will have a long road ahead of it in eclipsing Amazon EC2. 'Even in
this early stage, three major factors about Google Cloud stood out
for Crandell. First was the way Google leveraged the use of its own
private network to make its cloud resources uniformly accessible
across the globe. ... Another key difference was boot times, which
are both fast and consistent in Google's cloud. ... Third is
encryption. Google offers at-rest encryption
for all storage, whether it's local or attached over a network.
'Everything's automatically encrypted,' says
Crandell, 'and it's encrypted outside the processing of the VM so
there's no degradation of performance to get that feature.'"
This could be huge!
"Graphene once again proves
that it is quite possibly the most miraculous material known to man,
this time by making
saltwater drinkable. The process was developed by a group of MIT
researchers who realized that graphene allowed for the creation of an
incredibly precise sieve. Basically, the regular atomic structure of
graphene means that you can create holes of any size, for example the
size of a single molecule of water. Using
this process scientist can desalinate saltwater 1,000 times faster
than the Reverse Osmosis technique."
[From the article:
Desalination might sound boring, but
it’s super important. Around 97% of the planet’s water is
saltwater and therefore unpotable, and while you can remove
the salt from the water, the current methods of doing so are
laborious and expensive. Graphene stands to change all that by
essentially serving as the world’s most awesomely efficient filter.
If you can increase the efficiency of desalination by two or three
orders of magnitude (that is to say, make it 100 to 1,000 times more
efficient) desalination suddenly becomes way more attractive
as a way to obtain drinking water.
No comments:
Post a Comment