How to budget for Security...
The
staggering cost of a data breach
September 28, 2012 by admin
Occasionally, I check Global Payments’
site for information on what their breach(es) last year cost them.
Here’s what they reported in their SEC 10-K/A filing today:
For the year ended
May 31, 2012, we have recorded $84.4 million of expense associated
with this incident. Of this amount, $19.0 million represents the
costs we have incurred through May 31, 2012 for legal fees, fees of
consultants and other professional advisors engaged to conduct the
investigation and various other costs associated with the
investigation and remediation. An additional $67.4 million
represents an accrual of our estimate of fraud losses, fines and
other charges that will be imposed upon us by the card networks. We
have also recorded $2.0 million of insurance recoveries based on
claims submitted to date as discussed below. We based our estimate
of fraud losses, fines and other charges on our understanding of the
rules and operating regulations published by the networks and
preliminary settlement discussions with the networks. As such, the
final settlement amounts and our ultimate costs associated with fraud
losses, fines and other charges that will be imposed by the networks
could differ from the amount we have accrued as of May 31, 2012.
… Currently we
do not have sufficient information to estimate the amount or range of
additional possible loss.
… We expect to
incur additional costs associated with investigation, remediation and
demonstrating PCI DSS compliance and for the credit monitoring and
identity protection insurance we are providing to
potentially-affected individuals. We will expense such costs as they
are incurred in accordance with our accounting policies for such
costs. We currently anticipate that such additional costs may be $55
to $65 million in fiscal 2013. We anticipate that we may receive
additional insurance recoveries of up to $28 million.
Realizing that their estimates may be
off if they do not yet know what the fines will actually be, they’re
talking about approximately $145 – $150 million for everything,
with maybe $28 million reimbursed? That’s a lot of money….
Could a Secure third-party repository
keep this data private until there is a eral need? i.e. avoiding
concerns about police “browsing” the data without
authorization...
Boston
Police Store License Plate Data For “Intelligence” Purposes
September 28, 2012 by Dissent
Kade Crockford writes:
This summer ACLU
affiliates all around the country filed
open-records requests seeking information about how government
agencies are using automated license plate readers. One set
of records, released this week to the ACLU of Massachusetts by
the police department here in Boston, provides a snapshot of the
data-collection practices that are taking place around the nation.
The records reveal
that the Boston police collect an average of 3,630
license plate reads per day and store the information for
90 days, unless officers decide they want to hold
onto it forever, “for investigatory or intelligence
purposes and for discovery/exculpatory evidence.”
Read more on the ACLU’s
blog.
One of the downsides of automated
Copyright checking? Also another example of the failure of “Torrents
are for stealing copyrighted works” philosophy.
An anonymous reader points out the
recent trouble of author Cody Jackson, who wrote a book called
Learning to Program with Python. He offers
the book for sale, but also gives it away for free, and he
used the CC-BY license. In order to distribute the book, he posted
links to his torrent of it. Unfortunately, this cause Google to
suspect
his AdSense account for his website. Even after removing the
links, he was unable to get in contact with Google's AdSense team to
get
his accounts restored. After his story was picked
up yesterday by Techdirt, somebody at Google "re-reviewed"
his case and finally
reinstated his account. Jackson had this to say: "One good
thing about this is that it has helped raise awareness of the
problems with corporate copyright policies and copyright regulation
as a whole. When a person is unable to post his/her
own products on the 'net because someone fears copyright infringement
has occurred, there is a definite problem." This
follows a few high-profile
situations
in which copyright enforcement bots have knocked down perfectly
legitimate content.
Background. It could happen to you...
Price Watterhouse Coopers did the review.
EPIC
FOIA Uncovers Google’s Privacy Assessment for Consent Order
Compliance
September 28, 2012 by Dissent
From EPIC:
Through a Freedom
of Information Act request to the Federal Trade Commission, EPIC has
obtained Google’s
initial privacy assessment. The assessment was required by a
settlement
between Google and the FTC that followed from a 2010
complaint filed by EPIC over Google Buzz. The FTC has withheld
from public disclosure information about the audit process,
procedures to assess privacy controls, techniques to identify privacy
risks, and the types of personal data Google collects from users.
EPIC intends to challenge the agency withholdings. For more
information, see EPIC:
Federal Trade Commission, EPIC:
Google Buzz, and EPIC: Open
Government
The e-Sheriff knows best?
"The Lancaster County Sheriff’s
Office has seen an increase in scammers using unsecured Wi-Fi
connections to steal identities and mask their crimes during the past
six months, Sheriff Terry Wagner said. ... So deputies spent the past
few weeks finding
unsecure connections and sending 40 to 50 letters to let people
know about the potential dangers of strangers accessing their network
connections. 'You're just opening yourself up for a series of
potential pitfalls,' Chief Deputy Jeff Bliemeister said. ...
Bliemeister said only businesses like coffee
shops that offer Internet connections to customers need unsecured
Internet connections. [And perhaps
libraries? Or schools? Or other groups providing free access to the
Internet? Bob]
A quick legal summary for Law School
students with no time to read?
...and I am close to solving “Life,
the Universe and Everything”
"A new paper from Professor
Jason Mazzone at the University of Illinois calls for federal
laws to regulate what happens to digital accounts after the
account holder's death. Mazzone argues that Facebook
and other online services have policies for deceased users' accounts
that do not adequately protect the individual property and privacy
interests at stake. The full
text of the paper (called "Facebook's Afterlife") is
also available: "
The world, she is a changing...
"California Governor Jerry
Brown has signed SB
1052 and 1053,
authored by state senator Darrell Steinberg, to create
free textbooks for 50 core lower-division college courses. SB
1052 creates a California Open Education Resources Council, made up
of faculty from the UC, Cal State, and community college systems.
The council is supposed to pick 50 core courses. They are then to
establish a 'competitive request-for-proposal process in which
faculty members, publishers, and other interested parties would apply
for funds to produce, in 2013, 50 high-quality, affordable, digital
open source textbooks and related materials, meeting specified
requirements.' The bill doesn't become operative unless the
legislature funds it — a questionable process in California's
current political situation. The books could be either newly
produced (which seems unlikely, given the 1-year time frame stated)
or existing ones that the state would buy or have free access to.
Unlike former Gov. Schwarzenegger's failed K-12 free textbook
program, this one specifically defines what it means by 'open
source,' rather than using the term as a feel-good phrase; books
have to be under a CC-BY (or CC-BY-SA?) license, in XML format.
They're supposed to be modularized and conform to state and W3C
accessibility guidelines. Faculty would not be required to use the
free books."
(Related) Is this the way eBooks
(eTextbooks in particular) should work?
Why
a 17th-Century Text Is the Perfect Starting Point for Reinventing the
Book
Good morning, class. I'd like you all
to open your books to Act I, Scene 2, Line 398.
Pages rustle as everyone flips through
their books in search of that spot.
"Usually there's a whole lot of
shuffling," says Bryn Mawr professor Katharine Rowe. But not if
the class is using an
app she and Notre Dame professor Elliott Visconsi built. [A
bit pricy at $9.99 but less than a textbook Bob] In their
app of Shakespeare's Tempest students can just enter "1.2.398"
and be transported there immediately. Or, alternatively, search for
the words: "Full fathom five thy father lies."
… The features of their Tempest
app go far, far beyond search. Readers can listen to actors perform
the script (and the text will scroll along as they do). For key
passages, they can compare a set of alternative theatrical
interpretations. They can see expert commentaries embedded in the
text's margins. Teachers can leave their own comments and questions
for their students. Students can respond, ask questions, and chat
about the text. It is a fully realized digital book, an embodiment
of a pedagogy that values interaction between a reader and an author
and among readers themselves.
Again, some bits and clips, just for my
amusement...
… Bret Victor has
responded to Khan Academy’s new computer science
curriculum with an amazing essay, Learnable
Programming. This is a must-read. My favorite quote: “For
fuck’s sake, read ‘Mindstorms’.” Indeed. I’m really really
really hoping that, having claimed to have been so inspired by
Victor’s Inventing on Principle
talk, that everyone who’s now building a learn-to-program startup
(whether it’s a for-profit like Codecademy or a not-for-profit like
Khan Academy) actually reads some goddamn Seymour Papert. Please.
… Math teacher Dan Meyer has
released some updates
to 101questions, his
math site that lets you explore and respond to videos and photos that
in turn prompt math-related questions and, in Meyer’s words,
“perplexity.” New features to 101questions include file
uploading and downloading and better sharing.