“We
didn't have the time to do it right, but we found the time to do it
over...”
Doesn't
the fact that they immediately changed their practices after the loss
impact their liability?
By Dissent,
January 18, 2013 7:09 pm
Chris Cobb reports:
Montfort Hospital
officials were scrambling on Friday to reassure thousands of patients
that an unsecured USB data key lost by a hospital employee did not
contain intimate details of their health issues.
Information on the
USB key, downloaded from a Montfort computer in contravention of
hospital rules, contained information on more than 25,000 patients,
all of whom have been sent a letter of apology and reassurance signed
by Montfort’s chief privacy officer El Mostafa Bouattane.
The mass-mailed
letter addressed to “Dear Patient”’ tells patients only that
the USB key disappeared “despite our standard
precautions” and contained just basic person information
— “your name, summary data relating to the type of service you
received, the date of service and a code referring to your provider’s
name.” (“Provider” is the patient’s doctor).
Read more on Ottawa
Citizen.
[From the article:
The employee has now been
“re-sensitized” to security issues and is back at work, he added,
but she wasn’t suspended or otherwise penalized.
… We decided there was no malice,
hacking or other illegal activity involved.”
The Montfort, previously equipped with
both encrypted and non-encrypted computers, has
upgraded its systems with new privacy technology that does
not allow data to be download onto USB keys that are not similarly
encrypted, added Marleau.
… Carolyne Chaput, who had X-rays
taken at the Montfort in October, said Friday that the letter came to
her home Thursday “out of the blue” and she found
it was extremely vague.
I
wouldn't give up a valuable tool like that unless I had another (next
generation ) tool ready to go, or better already installed and
working.
Red
October espionage platform unplugged hours after its discovery
Key parts of the infrastructure
supporting an espionage campaign that targeted governments around the
world reportedly have been shut down in the days since the five-year
operation was exposed.
… The research uncovered more than
60 Internet domain names used to run the sprawling command and
control network that funneled malware and received stolen data to and
from infected machines. In the hours following the report, many of
those domains and servers began shutting down, according to an
article
posted Friday by Kaspersky news service Threatpost.
Are we heading toward “universal
breach notification?”
New
bill asks companies to notify EU of security breaches
Proposed legislation in the European
Union would force tech companies that have access to user data --
such as Facebook, Google, and Microsoft -- to report any security
breaches to local cybersecurity agencies, the Financial Times
reported
today.
“We know what's best for students,
parents don't!”
School
Kicks Out Sophomore in RFID Student-ID Flap
A Texas high school on Friday barred a
girl from attending class as part of the fallout from a legal flap
that began when the sophomore refused to wear around her neck an
RFID-chip student ID she claims is the “Mark of the Beast,”
lawyers connected to the brouhaha said.
… The devout Christian sued the
district, and last week a Texas federal judge concluded the
15-year-old’s right of religion was not breached, a decision a
federal appeals court left intact Wednesday. That’s because the
school district, the lower court ruled, eventually agreed to
accommodate the girl and allow her to remove the RFID chip while
still demanding that she wear the identification like the other
students.
… U.S. District Judge Orlando
Garcia’s ruling gave the girl and her family until Friday to decide
whether to go to a different school or comport. She appealed
to the New Orleans-based 5th U.S. Circuit Court of Appeals, arguing
that adorning herself with the ID card, even one without an RFID
chip, amounted to discriminating against her “sincerely held
beliefs.”
… Money is the main motive behind
the school using the RFID chips.
Like most state-financed schools, the
district’s budget is tied to average daily attendance. If a
student is not in his seat during morning roll call, the district
doesn’t receive daily funding for that pupil because the school has
no way of knowing for sure if the student is there.
“Yeah, that used to be a privacy
option, now it's a search feature!”
On
Facebook, users can no longer hide from search results
In the wake of its “graph
search” announcement, Facebook removed the ability for users to
opt out of appearing in search results on the site, as noted by
Quartz.
Because graph search relies on the content of profiles to fuel its
results, the move will allow more comprehensive returns on searches
but may violate the privacy of users who previously relied on that
feature.
A useful case study for Copyright law
students? OR Something for the Copyright lawyers to blather about?
Hands
On With Kim Dotcom’s New Mega: This Service Could Dismantle
Copyright Forever
Kim Dotcom's Mega officially launches
tomorrow, but we're already in. From
the membership plans we showed you this morning, the service
might look like it's just another online storage locker like Dropbox
or Google Drive. But it's way more than that. Mega is a weapon
aimed straight at copyright rights holders. It's maybe the most
private, invincible file-sharing service of all time.
When you first sign in, you see
(instead
of a big red button coyly promising to change the world) a simple
drag-and-drop upload tool. A Mega upload tool.
From there, you're immediately prompted
to agree to terms and conditions. Our
resident lawyer told us they're not very well written, but in
essence, they absolve Mega for any liability whatsoever for and
naughty things you might do with the service. Smart Move, Kim.
… So what's to stop Mega from going
down just the way Megaupload did? Mega's privacy, which is a
no-foolin' stroke of genius. See, all of your files
are encrypted locally before they're uploaded, so Mega has
no idea what anything is. It could be family photos or work
documents, or an entire discography of your favorite band. Poof:
online and easy to share. And importantly, Mega doesn't have the
decryption key necessary to get in. See? It's a masterstroke of
copyright subversion.
It
never hurts to redundantly repeat and reiterate the basics...
(Related)
How else does one get the attention of
(for example) people who use the XYZ website?
"You don't
necessarily have to a hacker to be viewed as one under federal law.
ProPublica breaks down acts of 'hacktivism' to see what
is considered criminal under the Computer Fraud and Abuse Act.
It points out that both Aaron Swartz and Bradley Manning were charged
under the CFAA. Quoting: 'A DDoS attack can be charged as a crime
under the CFAA, as it “causes damage” and can violate a web
site’s terms of service. The owner of the site could also file a
civil suit citing the CFAA, if they can prove a temporary server
overload resulted in monetary losses. ... The charges for doxing
depend on how the information was accessed, and the nature of
published information. Simply publishing publicly available
information, such as phone numbers found in a Google search, would
probably not be charged under the CFAA. But hacking into private
computers, or even spreading the information from a hack, could lead
to charges under the CFAA.'"
I read a LOT of articles every day, so
I will give this a try.
When was the last time you read a whole
article? Not two or three paragraphs and then clicked on to the next
one, but the whole thing. What about an article that was more than
1000+ words? The fact is, it’s difficult to read on the web.
There are a number of things that could be blamed from ads along side
of content that are distracting to our click-happy habits of
constantly opening more and more links in our browser.
A developer by the name of Richard
Wallis saw this problem too and he created a solution. That solution
is a browser extension and a bookmarklet that removes
the potential distractions from around the page, but it
also addresses something else that he feels is actually the reason
behind our poor reading habits online.
In his
blog post, he explained his reasoning:
The problem is
scrolling. Scrolling is a brilliant way to display a map or an Excel
spreadsheet on a computer. But it’s a terrible way to display
text.
That’s because
scrolling moves the text on a page. And moving text, even if it’s
under your control, will break your reading rhythm.
… MagicScroll certainly isn’t the
only web reading aid out there, there’s Clearly,
Instapaper,
iReader,
and Readability,
which are among my favorites.
Don't have Chrome?
Just drag the following link to your bookmarks bar:
For
my amusement...
… San Jose
State University has partnered with the online education
startup Udacity to
offer 3 online classes for credit. Although Udacity has been at the
forefront of the
recent MOOC-hype, these classes aren’t really “MOOCs.”
They aren’t massive — just 100 students apiece. They aren’t
open — they’re limited to a select group of SJSU, community
college, and high school students. They aren’t free. The credits
will cost $150 a piece. MOOCs or not, this is pretty big news. My
write-up is here.
… In related news, ACE
(the American Council on Education) will evaluate 4 Udacity
courses for credits. ACE
announced in November that it was similarly evaluating Udacity’s
competitor Coursera to see if its courses could be eligible for
credit.
… A
survey from Scholastic finds that the number of kids reading
e-books has nearly doubled since 2010. Despite the
interest expressed by those age 6 to 19 about e-books, 80% said that
they still read books for fun “primarily in print.”
This is the start of my HTML5
collection
Here’s
the Interactive Site That Will Make You an HTML5 Devotee
… Designer and developer Jongmin
Kim has taken
it upon himself to explore the language’s bleeding edge with
his Form Follows Function
web project, which demonstrates and expands HTML5′s most
aesthetically interesting capabilities.
So can my students rent textbooks?
This week Amazon has unveiled Kindle
book rentals in an extremely quiet fashion, opting to test it out
with the public before doing any sort of press on the topic – but
you can try it out right this minute if you wish. What you’re
going to be doing here is renting a title for a certain amount of
time, with the price going up based on how many months you’d like
to keep it around. Thirty day increments appear at the moment to be
the turn-over for how much you’ll be paying, 30, 60, 90, and 120
day periods being available for less than a dollar difference.
… If you
have a peek at one of the very, very few titles available with
rentals thus far by the name of Theories of International Politics
and Zombies (courtesy of tipster Karen at Zats
Not Funny, you’ll find that the Buy Price is (as it usually is)
a little more than half of the price of the list price. The
rent price, then, is less than half that cost – 80% off the
original list price. Of course that’s the price to rent
a digital copy for 30 days instead of owning the original print book
forever, but the price difference is extremely important to the
author in the end.