Tuesday, March 28, 2006

Philadelphia Inquirer | 03/27/2006 | Consumer Watch | The risk of your tax-return sale Last week's news that the Internal Revenue Service wants to adopt rules that would plainly allow tax preparers, with a taxpayer's consent, to sell tax returns to marketers sparked a firestorm of protest from taxpayers around the country. It's not clear yet whether the IRS's response will douse or fan the flames. In interviews and e-mails last week, IRS officials said consumer and privacy-rights advocates were wrong in contending that the proposed rules would weaken taxpayers' privacy by enabling tax preparers to cash in on the mother lode of financial information they amass as they fill out clients' tax returns or process them via the Internet. Why? Because the IRS says that tax preparers already have that option - and have since the current rules were adopted in 1974. "Accountants and other tax-return preparers have had the ability for 32 years to sell tax-return information - with the consent of the taxpayers - to any third party," IRS spokeswoman Nancy Mathis said. The Washington Post referred to the IRS's statement about the 1974 rules as "a little-known fact." But to critics of the new rules, it wasn't "fact" at all. "That's their interpretation," said Chi Chi Wu, a specialist in consumer tax issues at the National Consumer Law Center. "Reading the regulations, our interpretation is that a tax preparer can't sell tax information for marketing purposes to a third party." Is it going on already? Who's right? As a nonlawyer, I really can't say, so I'll spare you most of the arcane details. The IRS says it pretty much comes down to a subtle distinction between the meanings of two words, use and disclose, in the 1974 regulations - though it acknowledges that the old rules don't actually define either word. Consumer groups critical of the IRS's plan focus on the agency's own words. In announcing the rules in December, the IRS said it would end a prohibition on preparers' providing tax-return information to unrelated companies for marketing purposes, adding that "taxpayer privacy interests are adequately protected" by the consent requirements. 12:21:28 PM  PermaLink   / trackback []

Survey Highlights Need to Better Protect Consumer "Data at Rest" When asked about the importance of securing data and the confidence in how well data is secured using encryption technology, there was a significant split among respondents to a recent survey conducted by Ingrian Networks Inc. Fifty-four percent of financial services IT executives agreed or strongly agreed that encrypting "data at rest" is a high priority for their organization, while 39% disagreed or strongly disagreed that it is a high priority. "The financial services industry is at a crossroads when it comes to security in general and enterprise encryption strategies in particular," says Lane F. Cooper, director, InfoTech and author of the study. "While a tremendous amount of effort is being expended by the financial services sector to protect communications and information resources through increasingly hardened perimeter security measures, the fact remains that most organizations are likely to experience a significant security incident in the foreseeable future. Encryption is the last line of defense should a major breach occur, and huge segments of the financial services sector are not well prepared to protect this data at rest. There is a growing realization in the industry that this needs to be addressed. The research conducted by InfoTech strongly suggests that we can expect to see encryption play a much larger role in the security mix of financial services organizations by the end of the decade." 12:18:29 PM  PermaLink   / trackback []

Two justices eye driver privacy case - Boston.com Supreme Court Justices Antonin Scalia and Samuel Alito said Monday they were concerned that a bank could be forced to pay billions of dollars for buying Florida residents' vehicle records. Justices refused to step in and stop a class-action lawsuit filed by a Florida driver under a federal privacy law against Fidelity Federal Bank & Trust. In an unusual move, Scalia wrote to explain that the court may be interested later in reviewing the case "depending on the course of proceedings." Alito, the newest member of the court, joined Scalia. At issue in the case is whether the Florida drivers had to prove actual damage to recover money under the Driver's Privacy Protection Act. The bank paid a penny each for names and addresses of more than a half million people who registered vehicles with the state. The company hoped to interest the car owners in refinancing their debt. The company paid $5,656 to the state for the records of about 565,000 drivers in Palm Beach, Martin and Broward counties. "This case presents an important question of statutory construction -- whether `actual damages' must be shown before a plaintiff may recover under the Driver's Privacy Protection Act," Scalia wrote. 12:15:09 PM  PermaLink   / trackback []

New sites let users find and report phishing. New sites let users find and report phishing. Security vendors are launching two Web sites aimed at helping people report and avoid phishing attacks. [Computerworld Privacy News] 12:10:23 PM  PermaLink   / trackback []

CDT Commends FEC For Protecting Political Speakers. CDT Commends FEC For Protecting Political Speakers. The FEC today approved a series of rule changes that exempt bloggers from most federal campaign finance regulations. CDT believes that the FEC adopted the strongest protections for small speakers possible under the statutory framework set by Congress. The FEC rules strike an appropriate balance between competing concerns, and CDT believes Congress should not undercut what the FEC has done. CDT maintains that certain of the provisions of H.R. 4900 would provide broader or more comprehensive protection for individuals than the FEC rules, but that the FEC rules offer a very strong set of protections. [Center for Democracy and Technology] 11:55:35 AM  PermaLink   / trackback []

Jabber creator launches online identity project. Jabber creator launches online identity project. The founder of the Jabber open-source instant messaging software believes that he has a way to simplify the thorny problem of online identity. Over the weekend, developer Jeremie Miller launched a new project, called MicroID, designed to give users a way to authoritatively prove that they are the authors of blog postings and Web sites. [Identity mangement news] 11:54:01 AM  PermaLink   / trackback []

And it's causing a rift in the open-source community The release of a new open-source security package has sparked debate over how many Mandatory Access Control applications Linux really needs, and if more than one would just dilute volunteer efforts. Novell Inc. of Provo, Utah, recently released the source code for its recently acquired Linux security application, AppArmor. It also set up a project site in hopes of attracting outside developers to further refine the program. MAC software tackles the growing problem of applications executing malicious tasks on their host systems. It keeps profiles of routine actions that each application on a computer usually takes. When a program starts behaving in an unusual fashion, the MAC software can call on the operating system to halt that errant operation. Novell has stressed that AppArmor is easier to use than SELinux, another MAC program first developed by the National Security Agency. Novell admits that SELinux tackles mandatory access control with more rigor than AppArmor, but questions if most users really need that degree of protection. "There needs to be a better way to deploy [MAC] so that the average systems administrator doesn't need to go through three weeks of training," said Frank Rego, products manager for Novell. 11:51:58 AM  PermaLink   / trackback []

NPR's Justice Talking: Whose Internet Is It? NPR's Justice Talking: Whose Internet Is It? This is an audio file of a show on Net Neutrality featuring, among others, PK's Art Brodsky and Dave McClure of the U.S. Internet Industry Association. [Public Knowledge - Breaking News] 11:49:25 AM  PermaLink   / trackback []

The e-Crime Congress 2006. March 30 & 31 2006. The e-Crime Congress 2006 will seek to challenge conventional attitudes on e-Crime and examine how business, government and law enforcement can continue to work together in order to tackle a threat that undermines public confidence in the Internet as a viable and secure commercial medium for the future. 11:46:46 AM  PermaLink   / trackback []

GENERAL INFORMATION - Computer Forensics Tool Testing Program The CFTT project at NIST has posted a document for public review and comment: Test Plan for Digital Data Acquisition Tool Test Assertions and Test Plan: http://www.cftt.nist.gov/DA-ATP-pc-01.pdf Please send comments to CFTT@NIST.GOV by December 12, 2005.This project is supported by the U.S. Department of Justice's National Institute of Justice (NIJ), federal, state, and local law enforcement, and the National Institute of Standards and Technology (NIST) to promote efficient and effective use of computer technology in the investigation of crimes involving computers. Numerous other sponsoring organizations from law enforcement, government, and industry are providing resources to accomplish these goals. There is a critical need in the law enforcement community to ensure the reliability of computer forensic tools. A capability is required to ensure that forensic software tools consistently produce accurate and objective test results. The goal of the Computer Forensic Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) is to establish a methodology for testing computer forensic software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware. The results provide the information necessary for toolmakers to improve tools, for users to make informed choices about acquiring and using computer forensics tools, and for interested parties to understand the tools capabilities. Our approach for testing computer forensic tools is based on well-recognized international methodologies for conformance testing and quality testing. 11:45:16 AM  PermaLink   / trackback []

Microsoft Opens IE Bug Database. Microsoft Opens IE Bug Database. Users will be able to report bugs found in the Web browser. [PCWorld.com - Latest News Stories] 11:40:06 AM  PermaLink   / trackback []

Researcher: DRM Has Deep Flaws. Researcher: DRM Has Deep Flaws. DRM won't protect the music and film industries from illegal file sharing, researcher says. [PCWorld.com - Latest News Stories] 11:38:42 AM  PermaLink   / trackback []

Small Businesses Get Security Help. Small Businesses Get Security Help. Business group, tech vendors launch a program to protect against data breaches. [PCWorld.com - Latest News Stories] 11:37:14 AM  PermaLink   / trackback []