Saturday, March 02, 2013

Gather ye court victories while ye may
Justice is still a-flying:
And this same court that smiles to-day
To-morrow will be kicking your butt!
More good news for the state of South Carolina: a judge has dismissed a lawsuit against them filed by former state Sen. John Hawkins over their massive hack in 2011. Although the ruling is not yet available online, Meg Kinnard of Associated Press reports:
In an order obtained by The Associated Press, Circuit Judge G. Thomas Cooper Jr. said the lawsuit had failed to prove that Gov. Nikki Haley [She of “The Haley Effect” Bob] and other government officials had harmed the public by conspiring to keep news of the hacking secret. The order also said the lawsuit couldn’t show [“had not shown” Bob] that anyone had been harmed because of the breach.
“There is no injury that the Court can currently remedy, as no actual harm has been alleged,” Cooper wrote.
The media coverage does not indicate the fate of the complaint against TrustWave, but in a tweet responding to that question, Meg Kinnard indicated that claims against TrustWave were also dismissed.
Of course, I don’t expect this to be the end of litigation. As some people come forward to claim they became victims of fraud or identity theft, I expect to see other litigation against the state where they may be able to survive a challenge on standing.


Does any law talk about how long notification can be delayed? Or how promptly victims should be contacted? Is there a nutral third-party who could notify without giving away details? (You're a victim, but we can;t yet reveal the source.)
Most people I know want law enforcement to investigate some breaches and realize that, sometimes, that results delaying notification of those affected by a breach. But when does delay in notification become unreasonable or too long?
Charles Sweeney reports that Samaritan Hospital in Troy, New York delayed notification from November 2011 – when it determined there was improper access to a patient’s file – until now because of a sheriff’s investigation. In this case, an employee of Rensselaer County Jail seemingly exceeded her authorized access to the hospital’s database. The hospital reportedly did not notify HHS of the breach at the time on the advice of their legal counsel. [Any reason mentioned? Bob]
So… is there ever a point where if an investigation is taking time, patients should still be notified? Isn’t the point of notification to protect and help the patient whose PHI has been breached and who may be at risk of harm or adverse consequences as a result of a breach? One might think that if a breach is serious enough to trigger a criminal investigation, it may also be serious enough to impact the patient. If so, is notification delayed, notification denied?
HITECH requires covered entities to notify individuals within 60 days, except that there is an exemption for law enforcement investigations:
Section 164.412(a), which is based on the requirements of 45 CFR 164.528(a)(2)(i) of the Privacy Rule, provides for a temporary delay of notification in situations in which a law enforcement official provides a statement in writing that the delay is necessary because notification would impede a criminal investigation or cause damage to national security, and specifies the time for which a delay is required. In these instances, the covered entity is required to delay the notification, notice, or posting for the time period specified by the official.
From the wording, the intent was to allow a temporary delay. Fourteen months is not a temporary delay, and yet I can find nothing in HITECH that sets an absolute limit.
I do not know why the hospital didn’t notify HHS of the breach. I do not know why the sheriff’s office took 14 months to investigate or whether any charges have been or will be filed. All I know is that a 14-month delay in notification doesn’t strike me as acceptable.


...and if the court says, “No?” Think for a second about what a “significant interpretation” might mean. e.g. is spying on Senators Okay?
Steven Aftergood writes:
Several members of the Senate Intelligence Committee wrote to the Foreign Intelligence Surveillance Court this month to ask the Court to prepare summaries of classified opinions that represent significant interpretations of the Foreign Intelligence Surveillance Act in order to facilitate their declassification and public release.
Read more on FAS.


An entire new field with no recognized “Best Practices” for security or privacy.
"Now that President Obama's federal health care reform is past its major political hurdles — and with renewed focus on out-of-control costs in healthcare — companies that sell 'big data' software are licking their chops. The reason: Healthcare has huge piles of information that is being used in new ways, to track patient admissions, spending, and much more. From hospitals to insurance companies, they'll all need new ways of crunching those numbers. It's basically an entirely new field that will dwarf the spending growth in traditional data-heavy industries like finance, retail and marketing, a Microsoft regional sales GM says."


“Any sufficiently advanced technology is indistinguishable from magic a threat to the status quo
"Organizations like the EFF and ACLU have been raising the alarm over increased government surveillance of U.S. citizens. Legislators haven't been quick to respond to concerns of government spying on citizens. But Texas legislators are apparently quite concerned that private citizens operating hobby drones might spot environmental violations by businesses. Representative Lance Gooden has introduced HB912 which proposes: 'A person commits an offense if the person uses or authorizes the use of an unmanned vehicle or aircraft to capture an image without the express consent of the person who owns or lawfully occupies the real property captured in the image. ('Image' is defined as including any type of recorded telemetry from sensors that measure sound waves, thermal, infrared, ultraviolet, visible light, or other electromagnetic waves, odor, or other conditions.)' Can you foresee any unintended consequences if this proposal becomes law?"
Another reader notes that New Hampshire has introduced a similar bill: "Neal Kurk, a Republican member of New Hampshire's House of Representatives knows that those drones present a growing privacy concern, and in response has introduced a bill that would ban all aerial photography in the state. That is, unless you're working for the government. The bill, HB 619-FN (PDF), is blessedly short, and I suggest reading the whole thing for yourself." Here's part of the bill: "A person is guilty of a class A misdemeanor if such person knowingly creates or assists in creating an image of the exterior of any residential dwelling in this state where such image is created by or with the assistance of a satellite, drone, or any device that is not supported by the ground."


Buy my new T-shirt: “A paranoid government is a dangerous government.”
Feds Say Man Deserved Arrest Because Jacket Said ‘Occupy Everything’
A Florida man deserved to be arrested inside the Supreme Court building last year for wearing a jacket painted with “Occupy Everything,” and is lucky he was only apprehended on unlawful entry charges, the Department of Justice says.
The President Barack Obama administration made that assertion in a legal filing in response to a lawsuit brought by Fitzgerald Scott, who is seeking $1 million in damages for his January 2012 arrest inside the Supreme Court building. He also wants his arrest record expunged.
What’s more, the authorities said the former Marine’s claim that he was protected by the First Amendment bolsters the government’s position (.pdf) because the Supreme Court building’s public interior is a First Amendment-free zone.


“Surprise, surprise, surprise!” G. Pyle
"This last week, the Copyright Alert System was rolled out. Now that everyone is getting a better idea of what the alert system looks like, criticisms are building against the system. Freezenet says that the mere fact that ISPs are using a browser pop-up window opens the floodgates for fraudsters to hijack the system and scam users out of money. The EFF criticized the system because the educational material contains numerous flaws. Meanwhile, Web Pro News said that this system will also hurt small business and consumers."


“Become a surgeon in your spare time! Just knock out your neighbor, push this robot's button and remove the organ of your choice!”
Law firms seek victims of 'bad robot surgery'
… In a surreal twist to the ads you often see for legal help with accidents, arrests, or debt, law firms in Louisiana and Alabama are fishing for victims of what they call "bad robot surgery."
The ad below from Becnel Law Firm, LLC and Riley & Jackson looks like something that would play in the background of a sci-fi film, but it's serious. The campaign Web site Badrobotsurgery.com says, "Robotic surgery can severely injure the bowel, bladder, and blood vessels. Some of these injuries can even occur without the surgeon knowing it, which can lead to severe complications if left untreated."
In a video on the site, Alabama surgeon Francois Blaudeau says Intuitive Surgical's wildly popular da Vinci robot surgery system has injured patients who are having their prostate or uterus removed. He adds that the robot may not be properly insulated, causing burns or "even vascular injuries causing death."


Should be Okay as long as the “Oops, I didn't mean to Click that!” button is still open source...
Amazon Patents Gravity-Based Links to Pull You In
Amazon has patented a system that pulls the pointer toward a link or button, just the thing to help you click links — and buy products associated with those links.


How else might this concept be used? “Hopeless Quest: The Search for logic in Congress?”
"Scientists from Cancer Research UK are working with Amazon, Facebook and Google to design and develop a mobile game aimed at speeding up the search for new cancer drugs. The first step is for 40 computer programmers, gamers, graphic designers and other specialists to take part in a weekend "GameJam" to turn the charity's raw genetic data into a game format, with a working title of GeneRun. 'We're making great progress in understanding the genetic reasons cancer develops. But the clues to why some drugs will work and some won't are held in data that needs to be analysed by the human eye — and this could take years,' said Carlos Caldas at Cancer Research UK's Cambridge Institute. 'By harnessing the collective power of citizen scientists we'll accelerate the discovery of new ways to diagnose and treat cancer much more precisely.'"


For my Math classes...
How Fast Would a Small Meteor Travel?


For my “Intro to IT” class.
… If you’re an avid user of RSS readers, one solution to keep up with notifications, is to load them all into Google Reader (if you’re not a fan of Google Reader, we’d definitely recommend Feedly as a slick alternative when it comes to keeping up with RSS feeds).
The reason you might want to use a method like this is for the convenience of having all of your notifications in one place, and while you can keep up with what people are saying to you, or writing on your wall – by not being directly on your Facebook account or Flickr page, you can maintain a certain level of productivity. If you don’t want to get sucked into your social networks, just knowing what’s going on without being able to interact can be a good way to stay up to date.
Another advantage to using RSS feeds to keep up with your social network notifications is that if Facebook or Twitter happen to be blocked by your ISP or at your place of work, you can still see what other people are saying, bypassing any sort of blocks that might exist.


Proof that “Ignorant” people vote! (Some of them vote in the legislature...)
… The Oklahoma legislature passed the HB 1674, the Scientific Education and Academic Freedom Act this week (or as Esquire called it, the “Dare To Be Ignorant Protection Act of 2013,” which prevents schools from penalizing students for their stances on “controversial” science topics like global warming and evolution.
… The Higher Learning Commission, the regional agency that accredits the University of Phoenix, has recommended that the institution be put on probation. According to The Wall Street Journal, “probation was recommended after a review team concluded the University of Phoenix has ‘insufficient autonomy’ from Apollo, its parent company and sole shareholder, that complicates the board’s ability to manage the institution and maintain its integrity.”
ShowMe, maker of an interactive whiteboard iPad app, has launched a Kickstarter campaign to fund a new app it’s building called Markup, which will enable teachers to grade (essay) assignments (with a stylus) on an iPad.

No comments: