| |
|
Friday, February 23, 2007
|
|
There was a time not long ago when a trip
across the border from the United States to Canada was accomplished
with a wink and a wave of a driver's license. Those days are over. Take the case of 55-year-old Lake Tahoe resident Greg Felsch.
Stopped at the border in Vancouver this month at the start of a planned
five-day ski trip, he was sent back to the United States because of a
DUI conviction seven years ago. Not that he had any idea what was going
on when he was told at customs: "Your next stop is immigration.'' Felsch was ushered into a room. "There must have been 75
people in line," he says. "We were there for three hours. One woman was
in tears. A guy was sent back for having a medical marijuana card. I
felt like a felon with an ankle bracelet.''
[...] Welcome to the new world of border security.
Unsuspecting Americans are turning up at the Canadian border expecting
clear sailing, only to find that their past -- sometimes their distant
past -- is suddenly an issue. While Canada officially has barred travelers convicted of
criminal offenses for years, attorneys say post-9/11
information-gathering, combined with a sweeping agreement between
Canada and the United States to share data, has resulted in a spike in
phone calls from concerned travelers. They are shocked to hear that the sins of their youth might
keep them out of Canada. But what they don't know is that this is just
the beginning. Soon other nations will be able to look into your past
when you want to travel there.
[...]
"From the time that you turn 18, everything
is in the system,'' says Lucy Perillo, whose Canada Border Crossing
Service in Winnipeg, Manitoba, helps Americans get into the country. [...] So it isn't as if rules have stiffened. But
what has changed is the way the information is gathered. In the wake of
9/11, Canada and the United States formed a partnership that has
dramatically increased what Lesperance calls "the data mining'' system
at the border. The Smart Border Action Plan, as it is known, combines
Canadian intelligence with extensive U.S. Homeland Security
information. The partnership began in 2002, but it wasn't until
recently that the system was refined. "They can call up anything that your state trooper in Iowa
can,'' Lesperance says. "As Canadians and Americans have begun
cooperating, all those indiscretions from the '60s are going to come
back and haunt us.'' [...] The lesson, the attorneys say, is that if you
must travel to Canada, you should apply for "a Minister's Approval of
Rehabilitation" to wipe the record clear. Oh, and by the way, if you don't need to travel to Canada,
don't think you won't need to clear your record. Lesperance says it is
just a matter of time before agreements are signed with governments in
destinations like Japan, Indonesia and Europe. "This,'' Lesperance says, "is just the edge of the wedge.''
5:25:44 PM 
|
|
Canadian Border Tightens Due to Info Sharing. blu3 b0y writes "The San Francisco Chronicle is reporting that new information sharing agreements have made it as easy for a Canadian border officer to know the full criminal records of US citizens as it is for their local police. As a result, Canadian officials are turning away American visitors for ancient minor convictions, including 30-year-old shoplifting and minor drug possession convictions. Officials claim it's always been illegal to enter Canada with such convictions without getting special dispensation, they just had no good way of knowing about them until recent security agreements allowed access. One attorney speculates it's not long before this information will be shared with other countries as well, causing immigration hassles worldwide." [Slashdot: Your Rights Online]
4:21:12 PM
|
|
Mass. Bill Would Make Retailers Pay for Data Breaches. Lawmakers in Massachusetts are poised to consider legislation that would force retailers who suffer data breaches to cover the costs associated with any fraud-related losses by their customers, according to a story in today's Wall Street Journal (link is by subscription only).
The bill, sponsored by Rep. Michael A. Costello (D), would make any company (retailer, bank or data processor) financially liable if it is the operator of the system that is hacked. The bill doesn't cover other types of credit-card fraud, such as those perpetrated by means of a lost or stolen card."
The legislation also "would mandate that companies whose security systems are breached assume full financial responsibility for any fraud-related losses, costs associated with the canceling and reissuing of cards, and -- in cases of identity theft -- the freezing of accounts and credit information. The bill would apply to any company doing business in Massachusetts, wherever it may be based."
While this is a state measure, it's hard to ignore the nationwide impact of the California data breach notification law that took effect in 2003. It seems like everyone is getting data breach or loss notices these days (my wife and I received one last week). Now, some 35 states have laws on the books that mimic the California law.
You can bet that a ton of businesses will be keeping a close eye on the debate surrounding this Massachusetts bill. It's worth noting that the intent behind this bill is very similar to a legislative idea sketched out earlier this year by House Financial Services Committee Chairman Barney Frank, a Democrat who just happens to hail from Massachusetts. [Security Fix]
12:16:34 PM
|
|
What would you do as chief information security officer. Becoming the chief information security officer (CISO) of a corporation makes you a strategic IT advisor to business management, the chief information officer, and the rest of the information technology staff. Just as no company is the same as another, the job of CISO -- or alternately, "chief security officer," which might include physical security as well -- isn't either. The four security professionals who share their priorities with us make it clear there's nothing cookie-cutter about the top IT security job.
[CSO Online Data Security Briefing]
11:56:57 AM
|
|
Data Breach Hits Close to Home. I took some time off work last fall to spend with my wife, who had just been diagnosed with a golf-ball-sized tumor in her brain that needed to be removed. With the help of a few well-connected friends, we were privileged to have her seen by one of the top neurosurgeons in the world, a surgical ninja at The Johns Hopkins Hospital in Baltimore.
The surgery was a great success, and the wife is just fine now. She carries nary a lingering symptom, visible scar or traumatic memory from the ordeal, save perhaps for the seemingly endless stream of bills and letters from our health insurance provider.
That is, until last week, when she returned from the mailbox with a letter from the hospital alerting us that she was among some 83,000 Hopkins patients whose hospital records may have been compromised on account of a lost backup tape.
According the letter, the lost tape contained data on new patients seen between July 4 and Dec. 18, 2006, or who had changes to their demographic information during that time. Among the data stored on the tape was the patient's name, mother's maiden name, father's name, race, sex, birth and medical record number. However, Hopkins was emphatic that there was no medical or Social Security data on the tapes.
I must have read the letter three times in all, and at first I was pretty alarmed. But looking back now, I must say I don't think I've ever read a more thorough breach notification. The letter explained in detail what they thought happened to the backup tape and listed a number of reasons why Hopkins believed the risk to patient privacy was low in this case (many other medical data breach notifications I've read ask you simply to accept their pat answer that there is little chance of the data being misused). The hospital created a very informative Web site for affected patients, and listed a toll-free number for people who don't have Internet access. [Security Fix]
11:54:10 AM
|
|
|
© Copyright 2007 Paul Hardwick.
Last update: 3/4/07; 10:43:35 AM.
|
|
|
