Monday, February 27, 2006

Man Pleads Not Guilty in Voting Device Case - Los Angeles Times A word processor accused of stealing damaging documents about electronic voting machine manufacturer Diebold Election Systems was arraigned Tuesday on three felony counts. Stephen Heller was charged in Los Angeles Superior Court with felony access to computer data, commercial burglary and receiving stolen property. He pleaded not guilty. "It's a devastating allegation for a whistle-blower," said Blair Berk, Heller's attorney. "Certainly, someone who saw those documents could have reasonably believed that thousands of voters were going to be potentially disenfranchised in upcoming elections." The charges arise from Heller's alleged disclosure two years ago of legal papers from the Los Angeles office of international law firm Jones Day, which represented Diebold at the time. Heller was under contract as a word processor at Jones Day. The documents included legal memos from one Jones Day attorney to another regarding allegations by activists that Diebold had used uncertified voting systems in Alameda County elections beginning in 2002. In the memos, a Jones Day attorney opined that using uncertified voting systems violated California election law and that if Diebold had employed an uncertified system, Alameda County could sue the company for breaching its $12.7-million contract. The documents also revealed that Diebold's attorneys were exploring whether the California secretary of state had the authority to investigate the company for alleged election law violations. 6:21:15 PM  PermaLink   / trackback []

Diebold Whistle-Blower Charged With Felony Access. Diebold Whistle-Blower Charged With Felony Access. Vicissidude writes "An employee of law firm Jones Day found legal memos showing that their client, Diebold Election Systems, had used uncertified voting systems in Alameda County elections beginning in 2002 - violating California election law. The whistle-blower turned over the memos to the Oakland Tribune, which published the legal memos on its website in April 2004. The company's AccuVote-TSx model was subsequently banned in May 2004. Now, the whistle-blower, Stephen Heller, has been charged in L.A. Superior Court with felony access to computer data, commercial burglary, and receiving stolen property. If convicted on all three counts, Heller could face up to three years and eight months in state prison. Blair Berk, Heller's attorney state, "Certainly, someone who saw those documents could have reasonably believed that thousands of voters were going to be potentially disenfranchised in upcoming elections." Sandi Gibbons, spokeswoman for the L.A. County district attorney's office rebuts, "He's accused of breaking the law... If we feel that the evidence shows beyond a reasonable doubt in our minds that a crime has been committed, it's our job as a criminal prosecutor to file a case.""  [Slashdot: Your Rights Online] 6:18:15 PM  PermaLink   / trackback []

bit-tech.net | A conversation with Cory Doctorow Cory Doctorow is something of an online legend. He's famous for a number of things: for being a great Sci-Fi writer, for his work as a copyright activist, and for being co-editor of what Technorati has suggested is the Most Linked-to Blog in the World, Boing Boing. Now resident in London, we took a trip down to the capital to talk to Cory about his blogs, his writing and his opinions on the world of content and DRM. 6:15:54 PM  PermaLink   / trackback []

Doctorow on DRM and Activism. Doctorow on DRM and Activism. Might E. Mouse writes "Cory Doctorow, co-editor of 'the world's most linked-to' blog, BoingBoing, spoke recently at an event in London, UK. Afterwords, he gave an interview with bit-tech discussing topics like DRM and the commercialization of podcasting. He was particularly scathing towards the BBC. From the article: 'If you're in the UK, hold the BBC to account. Why is it shipping the IMP, a DRM crippled player? Is there a point in the future where the BBC imagines that bits are going to get harder to copy? And that the IMP will solve its problem? Really, what the BBC is saying is that there's two ways you can get its content after it airs on the TV; one is that you can get it through the IMP and have a crippled experience, the other is that you can be a criminal.'" [Slashdot: Your Rights Online] 6:13:54 PM  PermaLink   / trackback []

Preparing for electronic medical records in New York -- Newsday.com The doctor's office is involved in a federally funded effort to figure out how to create a system in which every American has an electronic medical record. The Bush administration wants to make the conversion by 2014, aiming to reduce medical errors and save lives. But first researchers in the Hudson Valley and 11 other areas around the country are trying to answer some basic questions: How will the system work? How will a lab in Wichita communicate with a doctor in Washington? How do you encourage doctors to sign on? "We do believe this is going to happen," said Neil de Crescenzo, a vice president with IBM Business Consulting Services, which is involved the project. "It's just going to happen in smaller chunks, which hopefully will become larger and larger chunks." [...] From the patient's point of view, there are issues of security (keeping your psychiatric records out of the hands of hackers) and privacy (keeping your psychiatric records from your podiatrist). Dr. Deborah Peel of the Patient Privacy Rights Foundation, for instance, claims there are far too few privacy safeguards being considered by government officials in general. Given the cost and controversies, the government is taking a step-by-step approach. In November, the Department of Health and Human Services awarded $18.6 million in contracts to four groups to create electronic health information network prototypes. The IBM-led consortium is working in the Hudson Valley and two areas in North Carolina. The other consortia creating pilot systems elsewhere are led by Accenture, Computer Sciences Corp., and Northrup Grumman. 5:53:30 PM  PermaLink   / trackback []

Massachusetts Institute of Technology and HID collaborate to address RFID privacy concerns : Contactless News Smart card solutions provider HID has partnered with tech-savvy MIT in Cambridge to facilitate a "dialogue" on RFID security, ID, and privacy issues while promoting an online RFID research resource. A steering committee of MIT researchers and industry veterans will develop content for the new web site. 5:48:42 PM  PermaLink   / trackback []

Orwell did not guess the worse half of it. Orwell did not guess the worse half of it. Orwell missed the fact that much of the privacy threat would come from the private sector, where there are few meaningful, legally mandated controls. It will be up to government, however, to decide if we need to accept the current fact that we have no privacy and have to 'get over it.' [Network World on Privacy] 5:45:36 PM  PermaLink   / trackback []

FTC settles with CardSystems over data breach. FTC settles with CardSystems over data breach. Credit card processing company CardSystems agreed to settle with the FTC over allegations that it failed to protect consumer data, resulting in millions of dollars in fraudulent purchases. [Computerworld Privacy News] 5:43:59 PM  PermaLink   / trackback []

Update: Group backs new identity manager tool. Update: Group backs new identity manager tool. IBM and Novell announced their support today for an open-source project aiming to give users more control over how information such as passwords and financial details is shared across multiple Web sites [Computerworld Privacy News] 5:42:13 PM  PermaLink   / trackback []

Update: N.H. state server eyed in possible credit card data breach - Computerworld  FEBRUARY 22, 2006  - The FBI, the Department of Justice and New Hampshire officials are investigating a potential security breach after a malicious application was found on a state Division of Motor Vehicles (DMV) server during a routine security check last week. The state's Office of Information Technology said in a statement that no evidence has been found that indicates any user credit card information was accessed. Residents who used the state server for transactions were warned to keep an eye on their credit card transaction histories, but state officials said no illegal credit card use has been reported. The server held only credit card numbers, with no other personal information. New Hampshire state CIO Richard C. Bailey Jr. said it is still not clear how the freeware known as Cain & Abel, which is a password-recovery program for Microsoft products, was placed on the server. That could have been done from inside the state's system or over the Internet. No other instances of the application have been found on other servers in the state network, Bailey said. Originally, Bailey said a computer worm called Cain & Abel was found on the server, but he later corrected his description, calling it a malware application. 5:40:36 PM  PermaLink   / trackback []

Common Insecurity - Computerworld  What do people who renew their driver's licenses, buy hard liquor or donate to a home for elderly and disabled veterans have in common? In New Hampshire, people who did any of those things within the past six months may have had their credit card numbers stolen because of computer security issues (see N.H. state server eyed in possible credit card data breach ). No, there hasn't been a rash of hacker attacks or virus outbreaks. All three groups are potential victims of a single piece of malware found earlier this month on one state-owned server. How it got there is now under investigation. Why all those different victims ended up on one server is a different problem. 5:37:05 PM  PermaLink   / trackback []

Cyberthieves Silently Copy Your Passwords as You Type - New York Times Most people who use e-mail now know enough to be on guard against "phishing" messages that pretend to be from a bank or business but are actually attempts to steal passwords and other personal information. But there is evidence that among global cybercriminals, phishing may already be passé. In some countries, like Brazil, it has been eclipsed by an even more virulent form of electronic con -- the use of keylogging programs that silently copy the keystrokes of computer users and send that information to the crooks. These programs are often hidden inside other software and then infect the machine, putting them in the category of malicious programs known as Trojan horses, or just Trojans. 5:31:35 PM  PermaLink   / trackback []

Businesses back new professional body to raise IT security standards A new professional body for information security professionals launched today (Monday 27 February) will help raise the standards of IT security across the UK, leading employers have said. 5:28:25 PM  PermaLink   / trackback []

eDiscovery Challenges. eDiscovery Challenges. In this paper, Tom Olzak explores the challenges of eDiscovery (Electronic Discovery) followed by recommendations that might help avoid the high costs of compliance [^] or non-compliance. By Tom Olzak. [Infosec Writers Latest Security Papers] 5:23:52 PM  PermaLink   / trackback []

Junk ads are migrating to blogs, instant messages, and cell phones. Spam Mutates. Junk ads are migrating to blogs, instant messages, and cell phones. [PCWorld.com - Latest News Stories] 5:21:19 PM  PermaLink   / trackback []

Government Not Entitled to Google Records, CDT Argues. Government Not Entitled to Google Records, CDT Argues. In the dispute over the federal government's demand that Google turn over millions of search terms to assist the government in its defense of an Internet censorship law, CDT last Friday, February 24, filed a brief arguing that, in its search function, Google is covered by the Electronic Communications Privacy Act, which prohibits certain online service providers from disclosing customer records under the kind of subpoena the government is using in this case. The issue is scheduled for oral argument before a federal judge in San Jose on March 13. [Center for Democracy and Technology] 5:19:55 PM  PermaLink   / trackback []

Dutch police target 23 Nigerian gangs. Dutch police target 23 Nigerian gangs. Only the beginning? Dutch police say they are targeting another 23 Nigerian gangs after the arrest of 12 suspects as part of a joint US/Dutch investigation into 419 money-making schemes. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:17:04 PM  PermaLink   / trackback []

Yahoo! link confirmed in second Chinese dissident case. Yahoo! link confirmed in second Chinese dissident case. 'Auxiliaries of Beijing' Court papers about cyberdissident Li Zhi confirm that Yahoo! collaborated with the Chinese authorities, according to media watchdog Reporters Without Borders. Yahoo! and local competitor Sina both provided evidence that allowed the Chinese to imprison Li. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:15:17 PM  PermaLink   / trackback []