An (over)abundance of caution? Why
tell users it's because of an error? How vulnerable is Facebook?
Facebook
blocks NBC site after reported hack
It seems Facebook is blocking links to
NBC.com after the TV network's site was compromised earlier today.
… Reports about NBC's brief
security breach surfaced
earlier today. The network confirmed the hack, adding that no
user information was compromised. Other companies, like Bitly and
Google, are taking precautions after the breach by warning users
before they enter NBC.com that there might be a problem with
security.
Reacting to a true invasion of privacy.
As I mentioned in previous
posts, Johns
Hopkins’ first breach statement about OB/GYN patients who may have
been secretly photographed or videotaped by a physician included a
reference to “counseling” for patients. Since this was the first
time I’ve ever seen a reference to “counseling” in a breach
notification statement and it struck me as a potentially meaningful
way to help mitigate harm from the breach, I contacted Johns Hopkins
to inquire as to the scope of the counseling and whether it might
include face-to-face counseling for patients who were distraught over
having been secretly taped.
Today I received a statement from Johns
Hopkins:
We are offering
his patients free, face-to-face, professional counseling services
that focus on crisis response, stabilization, and referrals for
longer term treatment if/when needed. The counselors providing this
service are masters and doctorate level clinicians with a minimum of
5 years general practice experience, though most have more than that.
We are committed to working with people through stabilization; if
conditions are assessed that indicate longer term treatment is
appropriate, we will assist in making an appropriate referral. This
means if the client has health insurance, we will work with that plan
to find a therapist; if not, we will refer to a community mental
health resource.
As I have seen them do in the past,
Johns Hopkins is once again rising to the challenge of a breach, and
while I realize some will not find their response satisfactory, I am
impressed with their offer.
This breach is a nightmare for many
patients who still don’t know whether they were among those who
were photographed or videotaped, for those who worry that the doctor
may have uploaded videos to gynecology fetish web sites, for the
doctor’s family, and for the hospital. Seldom do I see breaches
with such potential for psychological harm and/or for making patients
afraid to trust doctors. Whatever Johns Hopkins can do to mitigate
the harm caused by the doctor’s actions, I sincerely hope it helps.
Attention IT Departments! Did you get
one for your CEO? (The benefits of good Lobbyists)
"Some two million people have
bought cell-phone wireless signal boosters and have been using them
to get better communication between their phones and distant cell
towers. But now, the
FCC says they all have
to turn their boosters off and ask permission from their
providers, and register their devices with those providers, before
they can turn them back on."
[From the article:
Major carriers haven't said how the
registration process will work, but one conceivable outcome is that
they could charge customers an extra fee to use boosters, like they
do with other
devices that improve signals.
Wireless boosters are "saving the
carriers money by not making them build more towers, but now
they can charge you for improving the holes in their own network,"
Feld said.
Better than a tin foil hat? Perhaps we
could adapt them to an urban environmant?
"Ever wonder how al-Qaeda
operates under the watchful eye of the U.S. Army? Well, the
Associated Press found a
list of 22 of their tips and tricks on avoiding drone strikes.
Most of it consists of the obvious: stay in the shadows or under
thick trees, don't use wireless communications. However, there are
also some less obvious solutions, like the $2,595 Russian 'sky
grabber, which can track the drones. Their
document (PDF) also suggests covering your roof and car with
broken glass. They also claim good snipers can take out the
reconnaissance drones, which fly at a lower level. Now the question
is: will all of this still be relevant during the robo-apocalypse?"
The Privacy of Mobile Apps...
February 22, 2013
MEF
Global Privacy Survey - challenges and opportunities
"Mobile apps offer consumers fun
and functionality via the one device that stays with them throughout
the day. The explosion of the apps ecosystem is driven by new
business models where many apps are free or heavily discounted
which of course consumers love, but where developers monetize the
information they collect on their users. The report,
supported by AVG Technologies, was
carried out in partnership with mobile specialists On
Device Research to understand global consumer understanding and
perceptions of apps that gather and use personal data such as address
book information and location. The ten country study of 9,500
respondents reveals consumer attitudes towards the use of their
personal information by mobile app providers, scrutinizing
four key factors of privacy, Transparency, Comfort, Security and
Control."
There are good reasons to share medical
data as long as it is done within the rules. What do you mean,
“There are no rules?”
Some collaboration or sharing of
patient information seems potentially useful, even if it is money
motivating the sharing. Julie Bird reports:
Hospitals are
looking to large drugstore chains, their vast databases and
patient-outreach resources to help reduce hospital readmission rates.
With medication
discrepancies doubling the risk of hospital readmissions, contracting
with drugstores to monitor for prescription conflicts and follow up
with patients is well worth the expense, healthcare researcher Jane
Brock tells
Colorado Public Radio.
Now that Medicare
payments are at risk if too many patients come back within 30 days of
discharge, hospitals have even more incentive to pursue drugstore
partnerships.
Read more on FierceHealthcare.
Of course, I’d feel a bit better if we didn’t read of so many
cases where pharmacies improperly dispose of patient prescription
records, but the concept of follow-up to discharge is a good one. I
just wonder if patients are informed of this program and that their
data will be shared while they are in-patient.
The question is, can anyone create
truly anonymous data? If I know you are a Professor of Business Law
at a certain Wyoming University, drive a Ferrari and have an
extensive wine cellar, that sort of makes identification simple.
(Okay, I led about the Ferrari – but only because I can't spell
Maseratti.)
Organisations
should be able to process pseudonymised data without the consent of
individuals, a European Parliament committee has proposed.
The Industry,
Research and Energy Committee (IREC) has outlined changes it would
like to see made to the European Commission’s draft Data Protection
Regulation which was originally published last year. One of those
changes should be to list the processing of pseudonymised data as a
“legitimate interest” of data controllers, it said.
Read more on Out-Law.com
So could a business take two already
self-pseudonymized databases (i.e., databases that use user-generated
pseudonyms) and aggregate them and process the larger database
without user consent? How exactly would this work?
(Related) What databases are available
to help de-anonymize data? (Another government “Trust us!”
fails...)
The Government
Accountability Office released a report
this week with a scary conclusion: The Census Bureau, tasked with
collecting personal information on every single American, has not
adequately protected this data. Specifically, the GAO found, the
Census Bureau is not fully prepared in cybersecurity, making
Americans’ information vulnerable to hackers.
Read more on TownHall.com.
[From the article:
Many security protocols have been left
"partially implemented" or "not implemented."
This includes inadequate password protection and leaving some
databases completely unencrypted.
(Related) Sharing when anonymity is
not an issue?
Human Services - Sustained and
Coordinated Efforts Could Facilitate Data Sharing While Protecting
Privacy, GAO-13-106,
Feb 8, 2013
We can learn from bad legislation. (We
should learn to elect people who stay within their areas of
expertise.)
State lawmakers
all across the country busy at work crafting ridiculous,
head-spinning laws can take the day off. There is no way they can top
this.
A new bill
proposed in the Illinois State Senate looks to completely wipe out
any form of anonymity on the internet by requiring that the operators
of basically any website on the entire internet take down any comment
that isn’t attached to an IP, address, and real name-verified
poster.
It’s called the
Internet
Posting Removal Act and was introduced on February 13th by
Illinois General Assembly veteran Ira
I. Silverstein [D].
Read more on WebProNews.
And yes, the bill’s language is really as bad as you might expect.
Worse legislation: “We're mad and we
want to shoot someone... Anyone.”
New amendment that
would make internet service providers disclose the identity of users
who commit crimes online. If providers refuse they
will become suspects in criminal cases instead of the users.
Read more on RT.com.
Why did this take so long?
"Three independent bookstores
are taking Amazon and the so-called Big Six publishers (Random House,
Penguin, Hachette, HarperCollins, Simon & Schuster and Macmillan)
to court in an attempt to level
the playing field for book retailers. If successful, the lawsuit
could completely change how ebooks are sold. The class-action
complaint, filed in New York on Feb 15., claims that by entering into
confidential agreements with the Big Six publishers, who control
approximately 60 percent of print book revenue in the U.S., Amazon
has created a monopoly in the marketplace that is designed to control
prices and destroy independent booksellers."
“Hey! We're smarter than those
guys!” A big win for Google?
A Wisconsin
appeals court has ruled in favor of a Milwaukee area law firm that
paid to use the names of a competing firm in Internet search engines
to promote its own link.
The 1st District
Court of Appeals ruled Thursday Cannon & Dunphy did not violate
Habush, Habush & Rottier’s right of privacy.
Read more on PostCrescent.com
Not just for the inordinately
curious...
February 21, 2013
Open
States: Legislative Data Across All 50 States
Amy Ngai, Sunlight Foundation: "Do
you ever find yourself looking up state legislative information?
Instead of hopping from one legislative website to the next, Open
States allows you to search and explore legislative data from all
50 states, D.C. and Puerto Rico -- from a single site. The free tool
also lets you identify your state legislator, review their votes,
track bills and discover upcoming events at your state house."
Eight will get you 10 that eventually
every state with cassinos will follow suit.
Nevada
governor signs online gambling bill law after measure fast-tracked
through Legislature
… Nevada wanted to beat New Jersey,
its East Coast casino rival, to the online gambling punch. New
Jersey Gov. Chris Christie previously vetoed an online wagering bill
but has indicated he may sign an amended version next week.
Perspective
Is
Republic's $19 cell phone service too good to be true?
… Republic
Wireless's $19 a month plan, which includes unlimited voice, text
messaging, and data, is a hard deal to beat. In fact, I don't know
of any other cell service that can compete at that price. But your
instincts about a "catch" are justified.
… Republic is able to offer its
service so cheaply because it uses Wi-Fi to handle most of the calls,
text messages, and data sessions instead of a cellular network.
… Because Republic
believes that its customers will be in Wi-Fi hotspots more often than
they won't be, it's able to eat the cost of connecting via
Sprint's network and thus keep the cost of its service lower than its
competitors' prices.
The phone used on Republic's network is
configured to make calls and send text messages over either Wi-Fi or
a cellular network. This means that users don't have to launch a
separate app to make calls over Wi-Fi. The phone is able to detect
which network is available and which one is best for the call. If no
Wi-Fi is available or the signal is too weak, the phone automatically
dials the number over Sprint's cellular network. Users can also
manually turn off the Wi-Fi calling feature to use Sprint's network.
… The other potential drawback is
that in order to use Republic's service, you must buy a Republic
device.
An interesting KickStarter project with
some real interest...
myIDkey is a voice-activated,
fingerprint secure Bluetooth / USB Drive that displays passwords and
personal info online and on the go.
No comments:
Post a Comment