Thursday, October 26, 2006

Study: Customers don't want data handled by outside vendors. Study: Customers don't want data handled by outside vendors. Customers whose data is exposed in a security breach involving a third-party vendor are less forgiving than when their data is lost by the company they do business with, according to a study of data breaches by the Ponemon Institute. [Computerworld Privacy News] 9:59:45 PM  PermaLink   / trackback []

Health care privacy law: All bark, no bite? - The Red Tape Chronicles - MSNBC.com Two years ago, when Bill Clinton had heart surgery performed in New York's Columbia Presbyterian Medical Center, 17 hospital employees -- including a doctor -- peeked at the former president's health care records out of curiosity. Earlier this year, Boston-based Brigham and Women's Hospital repeatedly faxed patient admission sheets to a nearby bank by accident. The faxing continued even after bank employees warned the hospital. In Hawaii, Wilcox Memorial Hospital lost a thumb drive containing personal information on every one of its 120,000 current and former patients. None of the institutions involved in these incidents has been fined under the highly touted medical privacy law, known as HIPAA (Health Insurance Portability and Accountability Act). In fact, there have been 22,664 HIPAA privacy-related complaints filed since the privacy rule took effect in 2004, and not a single institution has been fined for privacy lapses, according to the Department of Health and Human Services, which enforces HIPPA. It's not clear that any of the three incidents above generated HIPAA privacy complaints, so the total number of privacy-related incidents is no doubt higher. Health privacy advocates are crying foul. One even calls HIPAA a "charade." "It's a huge charade imposed on the public at great expense," said Twila Brase, president of the Citizens' Council on Health Care, a Minnesota patient-rights group. "The real scandal ... is that they called it a privacy rule." 9:57:32 PM  PermaLink   / trackback []

IT Conversations: Michael Copps - Network Neutrality, Broadband and Media Ownership Federal Communications Commissioner Michael Copps states that all is not well in Washington when it comes to technology policy. He argues that the continued trend in media consolidation, with fewer organizations owning more and more properties that allow them to control both content and distribution, will be further exacerbated by recent decisions by the FCC. In August 2005, the FCC reclassified broadband as Title I, Information Services rather than Title II, Telecommunication Services. This decision rendered the non-discrimination obligations attached to telecom traffic no longer applicable to broadband. Commercial providers can now choose to implement traffic management policies, and thereby restrict how individuals use the Internet. Mr. Copps acknowledges there is no guarantee that a concentration of providers with limited competition will implement traffic management policies and restrict how individuals use the Internet, but history has shown that when organizations have both the technology and the commercial incentive they will try. In response to the August 2005 decision by the FCC Mr. Copps and fellow commissioners drafted a statement of principles that outlines four principles to encourage broadband deployment and preserve and promote the open and interconnected nature of public Internet. This statement planted the seed for what has now become a national discussion on net-neutrality. Mr. Copps characterizes net neutrality as the "third rail" of the larger debate over media consolidation. He strongly believes that both of these issues pose a significant threat to innovation, diversity, and the independent voices critical to maintaining a robust civic dialogue in any democratic society. While it is Washington's responsibility to maintain openness, he believes it is the responsibility of the high tech community to play an active role in the process to insure that voices from both sides are heard, not just those of the well funded vested interests. 9:52:43 PM  PermaLink   / trackback []

Analyst: Online ID fraud is hyped; real problem is off-line. Analyst: Online ID fraud is hyped; real problem is off-line. Although online identity fraud incidents get headlines, the bigger problem is off-line, according to analysts at Javelin Strategy & Research.  [Computerworld Privacy News] 9:10:40 PM  PermaLink   / trackback []

Botnets Threaten National Infrastructure and Security. Botnets Threaten National Infrastructure and Security. Real world case outlines how botnets brought down infrastructure of Central American country [GT: Security and Privacy] 9:06:00 PM  PermaLink   / trackback []

Web Site Launched to Battle Identity Crime. Web Site Launched to Battle Identity Crime. International Association of Chiefs of Police and Bank of America team up to address need for awareness and education programs [GT: Security and Privacy] 9:02:07 PM  PermaLink   / trackback []

Web users lack privacy control If you don't like what your favorite Internet search engine or e-commerce site does with information it collects about you, your options are limited to living with it or logging off. Major search engines, for instance, all keep records of your searches for weeks, months or even years, often tied to your computer's Internet address or more. Retailers, meanwhile, generally presume the right to send marketing e-mails. Although online companies have become better at disclosing data practices, privacy advocates say the services' stated policies generally don't give consumers real choice. "None of them have gotten to the point of giving a lot of controls in users' hands," said Ari Schwartz, deputy director of the technology watchdog group Center for Democracy and Technology. Privacy policies "are about notice ... not about control." Recent developments from companies losing laptops containing sensitive data to Time Warner Inc.'s AOL releasing customers' search terms have again turned the spotlight on Internet privacy. But the push for stronger federal protections is countered by Attorney General Alberto Gonzales' desire to require Internet providers to preserve customer records to help prosecutors fight child pornography. Officials have released few details, though they say any proposal would keep the data in company hands until the government seeks a subpoena or other lawful process. 8:59:52 PM  PermaLink   / trackback []

Push intensifies for personal data rules change | InfoWorld | News | 2006-10-23 | By Paul Meller, IDG News Service Calls for a change to international rules on data transfers intensified Monday when two leading trade associations called on U.S. and European Union decision-makers to take action.   The American Chamber of Commerce to the European Union (AmCham EU) and the International Chamber of Commerce (ICC) "urgently call upon decision-makers on both sides of the Atlantic to deliver real progress on international transfers of personal data, a matter of growing concern for businesses worldwide," the trade groups said in a statement. The call for action comes as more and more companies face legal uncertainty sparked by the very different approach to data privacy in the U.S. and Europe. In recent weeks SWIFT, a Belgian financial data transfer company, has been found guilty of handing over personal data to U.S. authorities in breach of European data protection laws. SWIFT was forced to hand over the data by U.S. officials investigating terrorist financing. Meanwhile, European airlines are being forced by the U.S. to break European data protection laws by handing over personal details about passengers flying to the U.S. Failure to hand over the information, including passengers' names, addresses and credit card details, would result in them losing landing rights at U.S. airports, or being fined up to $6,000 per passenger. 8:54:54 PM  PermaLink   / trackback []

Report Shows Sharp Rise in the Cost of Data Breaches. Report Shows Sharp Rise in the Cost of Data Breaches. Study shows 31 percent increase in financial impact of data loss incidents since 2005 [GT: Security and Privacy] 8:47:42 PM  PermaLink   / trackback []

Platinax Small Business News - Firefox 2 releases privacy storm The most-awaited Firefox 2.0 was launched by the Mozilla Foundation yesterday - and immediately generated a storm of protests over privacy issues. Key to privacy concerns is that Mozilla have set up their long-awaited phishing protection feature on Firefox 2.0 - but to use it properly, you have to send Google a record of every single website you visit. A cookie will record all your behaviour data when using Firefox and provide the information free to Google, who can then use that information for their own commercial purposes. Although, the feature does require an explicit opt-in, it's an unwelcome trade-off for many Firefox users, who believe that there is no reason to tie-in phishing protection with providing free data to a billion-dollar multinational. The concerns may be damaging to the Mozilla Foundation - who have long had a close relationship with Google - and who became a "for-profit" business last year. The provision of free tools and services simply for the purposes of collecting user data has become a habit with Google in recent years, and especially raised privacy concerns - not simply on the data collection, or how it may be used - but also how it may be collected by government agencies. However, the overall situation is that Google are probably not actually doing anything in terms of data collection and retention than many other major Internet Service Providers are already doing. Microsoft, Yahoo!, AOL, Amazon, and telecoms companies already store and retain vast amounts of private and often personally identifiable data, via their own service provisions, which are then used for commercial purposes. The simple truth is that online privacy is already a mess, and that internet users are simply are often not allowed to determine how their personal data may be collected, used, or processed. [via Privacy.org] 8:45:19 PM  PermaLink   / trackback []

California shoppers, Schwarzenegger is watching you - CNN.com Gin or vodka? Ford or BMW? Perrier or Fiji water? Does the car you buy or what's in your fridge say anything about how you'll vote? Gov. Arnold Schwarzenegger's campaign thinks so. Employing technology honed in President Bush's 2004 victory, the Republican governor's re-election team has created a vast computer storehouse of data on personal buying habits and voter records to identify likely supporters. Campaign officials say the operation is the largest of its kind in any state, at any time. Some strategists believe consumer information can reveal a voter's politics even better than a party label can. "It's not where they live, it's how they live," said Josh Ginsberg, the Schwarzenegger campaign's deputy political director. The idea is an outgrowth of techniques that businesses have long used to find new customers. Using publicly available data, the Bush campaign in 2004 knew voters' favorite vacation spots, religious leanings, the music and magazines they liked, the cars they drove. Few people might realize how much information is publicly available, for a price, about their lifestyles. Companies collect and sell consumer information they buy from credit card companies, airlines and retailers of every stripe. Using microtargeting, as the practice is known, Bush's campaign teased out supporters in swing states such as Ohio. Schwarzenegger -- whose political operation is run by two Bush veterans, campaign manager Steve Schmidt and strategist Matthew Dowd -- is ripping a page from that book. 8:39:40 PM  PermaLink   / trackback []

Canada's privacy chief hails Microsoft's Seven Laws of Identity. Canada's privacy chief hails Microsoft's Seven Laws of Identity. On surviving the identity Big Bang The Information and Privacy Commissioner of Ontario has published a plan for automated internet privacy that is backed by Microsoft. Dr Ann Cavoukian has called for programmers to embed privacy capabilities in software. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 7:47:47 PM  PermaLink   / trackback []

Home Office thumbs up for Yeovil pub fingerprint plan. Home Office thumbs up for Yeovil pub fingerprint plan. But crime stats raise questions The extent of interest among local authorities to install fingerprinting security in pubs and clubs around the country has been revealed by the police brains behind the pilot scheme in Yeovil. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 7:46:03 PM  PermaLink   / trackback []

Amnesty calls for action on internet freedom. Amnesty calls for action on internet freedom. Bloggers united, will never be defeated... Amnesty International is calling on the bloggers of the world to unite to defend the freedoms of their brother bloggers in countries such as China, Iran, and Tunisia. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 7:20:09 PM  PermaLink   / trackback []

EFF Releases FAQ to Help Bloggers Investigate the Government. EFF Releases FAQ to Help Bloggers Investigate the Government. EFF has updated the Legal Guide for Bloggers to include a new section on the Freedom of Information Act (FOIA), the federal open government law. The FAQ explains how bloggers can use the FOIA to ask for government records, get processing fees waived, and what to do if an agency denies a request. It also shows online journalists how to take advantage of the FOIA's special treatment for news media requesters. For more information about EFF's FOIA work, check out the FLAG Project. Learn what you can do to support bloggers' rights here. [EFF: Deep Links] 7:18:06 PM  PermaLink   / trackback []

Secunia Claims Second IE 7 Flaw. Secunia Claims Second IE 7 Flaw. Security firm finds a bug that could allow hackers to spoof Web sites; Microsoft says there's an issue. [PC World: Latest Technology News] 7:16:26 PM  PermaLink   / trackback []

Feds keep losing your data If you can't trust the federal government with your personal information, who can you trust? A new report from the House Government Reform Committee finds that no fewer than 19 federal agencies have experienced security breaches since January 2003 -- a total of 788 cases of people's confidential data either being lost or stolen. Because the federal government has no disclosure requirements in the event of security breaches, "few of these incidents have been reported publicly," (ed. emphassi added) the report finds, adding that data losses have become "a government-wide occurrence." "Only a small number of the data breaches reported to the committee were caused by hackers breaking into computer systems online," it says. "The vast majority of data losses arose from physical thefts of portable computers, drives and disks, or unauthorized use of data by employees." The report also finds that many security breaches involved companies that signed contracts with the government to manage data or information technology. Agencies that admitted experiencing multiple incidents over the past three years include the Internal Revenue Service, the Social Security Administration, the Centers for Medicare and Medicaid Services, and the Department of Homeland Security. For identity thieves, these breaches alone constitute a virtual treasure trove of U.S. citizens' most sensitive data. "The United States government is very, very sloppy with the data that it collects," said Barry Steinhardt, chief privacy watchdog for the American Civil Liberties Union. 7:14:29 PM  PermaLink   / trackback []

Verisign backs Vista security green streak | The Register The Mozilla Foundation risks losing the browser battle if it fails to keep up with Microsoft by incorporating new security technology into Firefox, a Verisign exec has claimed. According to Verisign product marketing director Tim Callan, the "loose collection of technoanarchists" which make up the open source development community has frustrated efforts to build new security features into its new browser. Verisign is at the RSA Europe Conference in Nice talking up a new breed of online security certificate. The padlock encryption symbol used by browsers has been effectively meaningless for some time, and consumer paranoia surrounding fraud remains a barrier to using online commerce for many. In response, the verification industry in the form of the CA browser forum has come up with extended validation SSL, where the certificate really is a guarantee of kosher status. Honest. 3:59:30 PM  PermaLink   / trackback []

Slashdot | Extended Validation SSL, More Secure or Just a Racket? Nalfeshnee writes "The Register is reporting on the new 'Extended Validation SSL' cert currently being touted by Verisign. Vista and IE7 will be using this but not, apparently, Firefox anytime soon. For this the Verisign Product Marketing Director Tim Callan squarely blames the Firefox dev team for 'not keeping up' with their new technology. However, the whole thing just seems to be a way for Verisign to enjoy ridiculous markup on selling 'more secure' certs." 3:53:51 PM  PermaLink   / trackback []

Slashdot | How to Hack the Vote and Steal the Election divisionbyzero writes "Many people have asked for it so that the government will have to deal with it. So here it is: a guide to stealing an election that uses electronic voting machines written by Jon Stokes over at Arstechnica. From the article: "In all this time, I've yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are, six years after the Florida recount. So now it's time to hit the panic button: In this article, I'm going to show you how to steal an election."" 3:37:33 PM  PermaLink   / trackback []

A New Campaign Tactic: Manipulating Google Data - New York Times Fifty or so other Republican candidates have also been made targets in a sophisticated "Google bombing" campaign intended to game the search engine's ranking algorithms. By flooding the Web with references to the candidates and repeatedly cross-linking to specific articles and sites on the Web, it is possible to take advantage of Google's formula and force those articles to the top of the list of search results. The project was originally aimed at 70 Republican candidates but was scaled back to roughly 50 because Chris Bowers, who conceived it, thought some of the negative articles too partisan. The articles to be used "had to come from news sources that would be widely trusted in the given district," said Mr. Bowers, a contributor at MyDD.com (Direct Democracy), a liberal group blog. "We wanted actual news reports so it would be clear that we weren't making anything up." Each name is associated with one article. Those articles are embedded in hyperlinks that are now being distributed widely among the left-leaning blogosphere. In an entry at MyDD.com this week, Mr. Bowers said: "When you discuss any of these races in the future, please, use the same embedded hyperlink when reprinting the Republican's name. Then, I suppose, we will see what happens." 3:33:23 PM  PermaLink   / trackback []

Slashdot | New Campaign Tactic - Google Bombing jeian writes "My Direct Democracy, a liberal group blog, is trying out a new campaign tactic -- Google bombing. From the New York Times article: 'Searching Google for Peter King, the Republican congressman from Long Island, would bring up a link to a Newsday article headlined King Endorses Ethnic Profiling.' Google's policy has typically been to not intervene and let the algorithms work by themselves, but could this change if Google-bombing becomes a common tactic?" 3:30:50 PM  PermaLink   / trackback []