Archive for Privacy
Author: Dave Lewis
April 23, 2008 at 1:32 pm · Filed under Legal Aspects, Privacy
From Threat Level/Wired:
Federal agents at the border do not need any reason to search through travelers’ laptops, cell phones or digital cameras for evidence of crimes, a federal appeals court ruled Monday, extending the government’s power to look through belongings like suitcases at the border to electronics.
The unanimous three-judge decision reverses a lower court finding that digital devices were “an extension of our own memory” and thus too personal to allow the government to search them without cause. Instead, the earlier ruling said, Customs agents would need some reasonable and articulable suspicion a crime had occurred in order to search a traveler’s laptop.
On appeal, the government argued that was too high a standard, infringing upon its right to keep the country safe and enforce laws. Civil rights groups, joined by business traveler groups, weighed in, defending the lower court ruling.
The 9th U.S. Circuit Court of Appeals sided with the government, finding that the so-called border exception to the Fourth Amendment’s prohibition on unreasonable searches applied not just to suitcases and papers, but also to electronics.
Well, there are always ways to store your data elsewhere and not carry it on your laptop. This is not meant with the criminal element in mind. But, if you have business information on your system that you are afraid might be gathered in the course of a search (don’t laugh, it happens in France) then encrypt it or leave it at home. There are ways to hide your data in plain sight. Here is, one of my favs, the USB watch.
Or the James Bond-esque USB pen. No, it doesn’t shoot poison darts with this particular model.
Article Link
Author: Dave Lewis
April 22, 2008 at 7:58 am · Filed under Access Control, Education, Privacy
In the world of bad ideas we have seen a remarkable array. There was hair in a can, the car-b-q and the pocket fisherman to name a few. Sure they have camp value but, you wouldn’t rely on any of them as a matter of practice. So, why then do people hand over their passwords for chocolate? Or, as in this case, for convenience of an online service.
Maybe that’s just it.
People have so many passwords that they are falling out of their ears in a lot of cases. Passwords are frequently viewed by the average user as little more than an irritant. They’re not given the importance that people might assign to the banking PIN number. This type of thinking inevitably leads to sticky notes on computers and inane passwords such as “password”, “letmein” and “secret”.
Today (Monday) I read about a service called Clipperz on the Web Worker Daily. This is an online service that will store your passwords for you. Maybe my professional paranoia of the last decade+ as a security operator has rotted my brain but, how is this realistically a good idea?
No ill will intended to the folks at Clipperz. I’m sure they have all the right intentions and have taken proper steps to ensure security.
From Web Worker:
Obviously, security and privacy are a consideration when using such a service. I liked that no personally identifying information is required for registration, not even an email address. On the security side, Clipperz says that all data is encrypted or decrypted locally at the browser level and that even your secure passphrase is never saved or sent to the server. They make the source code available for security review and I found no indication from anyone who questioned their methods.
That isn’t the part that gets me. It’s the message that this conveys to the user. Sure, you don’t know me but, trust me.
I’ll store your password for you.
Want some chocolate?
Article Link
Author: Dave Lewis
April 6, 2008 at 9:29 am · Filed under Privacy
Um, huh? A couple in Pennsylvania is suing Google to the tune of $25K+ for “pain and suffering” after their house showed up on Google Street View. The house was purchased for $163,000 according to “The Smoking Gun“. So, this begs the question. Just how ugly is their house that it would cause that much pain and suffering?
From Boston.com:
Aaron and Christine Boring bought the home in Franklin Park, a Pittsburgh suburb, in October 2006 for a “considerable sum of money,” according to their 10-page lawsuit filed Wednesday in Allegheny County Common Pleas Court.
“A major component of their purchase decision was a desire for privacy,” the lawsuit said.
The suit targets the company over images on its website, which allows users to find street-level photos by clicking on a map. To gather the photos, Google uses vehicles with mounted digital cameras to take pictures up and down the streets of major metropolitan areas.
The Borings say the images of their home on the Google site had to be taken from their long driveway, labeled “Private Road,” and that violated their privacy.
“There’s no merit to this action,” Google spokesman Larry Yu said. “It is unfortunate litigation was chosen to address the concern because we have visible tools, such as a YouTube video, to help people learn about imagery removal and an easy-to-use process to facilitate image removal.”
Yes, but, then they couldn’t have the chance to win the lottery if they had followed the steps.
Article Link (via slashdot)
Tags: Privacy, Google Sued, Google Street View
Author: Dave Lewis
March 25, 2008 at 7:26 am · Filed under Privacy, Web Security
Due to a case of ‘whoops’ the popular social networking site, Facebook, punted on privacy Monday.
From the Associated Press:
The Associated Press verified the loophole Monday after receiving a tip from a Byron Ng, a Vancouver, Canada computer technician. Ng began looking for security weaknesses last week after Facebook unveiled more ways for 67 million members to restrict access to their personal profiles.
But the added protections weren’t enough to prevent Ng from pulling up the most recent pictures posted by Facebook members and their friends, even if the privacy settings were set to restrict the audience to a select few.
After being alerted Monday afternoon, Facebook spokeswoman Brandee Barker said the Palo Alto-based company fixed the bug within an hour.
“We take privacy very seriously and continue to make enhancements to the site,” she said.
The latest lapse serves as another reminder of the perils of sharing sensitive photos and personal information online, even when Web sites pledge to shield the information from prying eyes.
It’s good to see that Facebook fixed the problem quickly. But more importantly people have to realize that they’re always taking a chance when putting private information onto a website over which they have no control. There is no real guarantee that your information will be safe. Have a long pause before you post things on a site such as Facebook (not beating on them). Never know who could be looking.
Article Link
Author: Dave Lewis
March 24, 2008 at 7:16 am · Filed under Legal Aspects, Privacy
From the Globe and Mail:
Eighteen months ago, Lakehead University in Thunder Bay, Ont., had an outdated computer system that was crashing daily and in desperate need of an overhaul. A new installation would have cost more than $1-million and taken months to implement. Google’s service, however, took just 30 days to set up, didn’t cost the university a penny and gave nearly 8,000 students and faculty leading-edge software, said Michael Pawlowski, Lakehead’s vice-president of administration and finance.
U.S.-based Google spotlighted the university as one of the first to adopt its software model of the future, and today Mr. Pawlowski boasts the move was the right thing for Lakehead, saving it hundreds of thousands of dollars in annual operating costs. But he notes one trade-off: The faculty was told not to transmit any private data over the system, including student marks.
The U.S. Patriot Act, passed in the weeks after the September, 2001, terrorist attacks in the United States, gives authorities the means to secretly view personal data held by U.S. organizations. It is at odds with Canada’s privacy laws, which require organizations to protect private information and inform individuals when their data has been shared.
Article Link
Tags: Google, Google Privacy, Patriot Act
Author: Dave Lewis
March 21, 2008 at 8:19 pm · Filed under Privacy
Wow, just freaking wow.
From NewTeeVee:
If you have some tinfoil handy, now might be a good time to fashion a hat. At the Digital Living Room conference today, Gerard Kunkel, Comcast’s senior VP of user experience, told me the cable company is experimenting with different camera technologies built into devices so it can know who’s in your living room.
The idea being that if you turn on your cable box, it recognizes you and pulls up shows already in your profile or makes recommendations. If parents are watching TV with their children, for example, parental controls could appear to block certain content from appearing on the screen. Kunkel also said this type of monitoring is the “holy grail” because it could help serve up specifically tailored ads. Yikes.
That’s it, uncle.
If anyone needs me I’ll be in the fall out shelter drinking Tang.
Article Link
Tags: Comcast Surveillance, Comcast, Invasion Of Privacy
Author: Dave Lewis
March 19, 2008 at 10:35 am · Filed under Legal Aspects, Privacy
The German government seems to have managed to run into a road block…the courts. With a raft of, well, interesting legislation coming out of the German government of late it really comes as little surprise that the German court has jammed a stick in their spokes.
From Reuters:
A reaction to bomb attacks in Madrid and London in the last few years, the law obliges telecom firms to keep a record of who contacted whom, and the time and location of calls.
The Federal Constitutional Court ruled data may be stored, but details may only be transferred to investigators in the event of inquiries into serious crime.
The decision was the latest in a series of rulings against tighter security measures introduced by Chancellor Angela Merkel and previous governments and it drew praise from civil liberty campaigners who want greater data protection and privacy rights.
“The grand coalition (of Merkel’s Christian Democrats and Social Democrats) should finally draw the lesson of these verdicts and stop crossing the limits of constitutionality on citizen rights,” said Claudia Roth from the Greens party.
The data in question was originally supposed to be retained by ISPs for six months. No word on who would’ve had to foot the bill on the cost of the additional storage if the bill had passed.
Article Link
Author: Dave Lewis
March 19, 2008 at 10:11 am · Filed under Politics, Privacy, Web Security
From Network World:
With voting in Pennsylvania’s presidential primary just a month away, the state was forced to pull the plug on a voter registration Web site Tuesday after it was found to be exposing sensitive data about voters in the state.
The problem lay in an online voter registration application form that was designed to simplify the task of registering to vote. State residents used it to enter their information on the Web site, which then generated a printable form that could be mailed to state election officials. Pennsylvania’s Department of State disabled the registration form late Tuesday after being informed of the vulnerability by IDG News Service.
Because of a Web programming error, the Web site was allowing anyone on the Internet to view the forms, which contained data such as the voter’s name, date of birth, driver’s license number and political party affiliation. On some forms, the last four digits of social security numbers could also be seen.
“Upon learning of this situation, the Department of State acted immediately to disable the specific page,” said Department of State Spokeswoman Leslie Amoros in an e-mail message.
Ouch. So much for commissioning testing before roll out. After checking the site I was presented with an invalid cert. Hmm.
Article Link
Author: Dave Lewis
March 17, 2008 at 1:19 pm · Filed under Freedoms, Privacy
Hmmm, I’m starting to get that raised eyebrow feeling more often than not. Earlier this month we saw that the Aussie police want to have carte blanche search warrants for computer systems. Now we see that the UK police want to record the DNA of kids as young as 5 “in case” they might commit a crime later on. This is based on “if they exhibit behaviour indicating they may become criminals in later life”.
Um, ex-squeeze me? So, if little Billy hits Johnnie over the head with a plastic hammer at recess he could become a violent felon later on? Weak, very weak.
From the Guardian UK:
‘If we have a primary means of identifying people before they offend, then in the long-term the benefits of targeting younger people are extremely large,’ said Pugh. ‘You could argue the younger the better. Criminologists say some people will grow out of crime; others won’t. We have to find who are possibly going to be the biggest threat to society.’
Pugh admitted that the deeply controversial suggestion raised issues of parental consent, potential stigmatisation and the role of teachers in identifying future offenders, but said society needed an open, mature discussion on how best to tackle crime before it took place. There are currently 4.5 million genetic samples on the UK database - the largest in Europe - but police believe more are required to reduce crime further. ‘The number of unsolved crimes says we are not sampling enough of the right people,’ Pugh told The Observer. However, he said the notion of universal sampling - everyone being forced to give their genetic samples to the database - is currently prohibited by cost and logistics.
Civil liberty groups condemned his comments last night by likening them to an excerpt from a ’science fiction novel’. One teaching union warned that it was a step towards a ‘police state’.
Next thing they’ll be trotting out phrenology. Rent the Minority Report to get a glimpse of just how bad things could get. Albeit, a sci-fi but still you get the idea.
Article Link
Author: Dave Lewis
February 29, 2008 at 7:48 am · Filed under Data Security, ID Theft, Privacy
With the ever increasing upsurge in personal data theft it should comes as little surprise that healthcare providers have landed in the cross hairs. We have seen incidents all over, including here in Toronto last year. Identity theft is a lucrative and thriving business. More resources need to be either allocated or better utilized to help combat this problem. After having conducted security audits on healthcare providers in the past it really is no surprise that they are getting picked on by the bad guys.
From PC World:
“There is definitely an uptick in attacks,” says Dr. John Halamka, CIO at both Beth Israel Deaconess Medical Center and Harvard Medical School in the Boston area. “Privacy is the foundation of everything we do. We don’t want to be the TJX of healthcare.” TJX is the Framingham, Mass-based retailer which last year disclosed a massive data breach involving customer records.
Dr. Halamka, who this week announced a project in electronic health records as an online service to the 300 doctors in the Beth Israel Deaconess Physicians Organization, acknowledges computers in healthcare are sometimes compromised as spam relays or to host unauthorized content such as porn.
“It gives attackers a means to distribute it,” says Halamka. While he has seen no evidence of attackers targeting healthcare networks to steal patient data for financial gain, other security experts say that dangerous trend is well underway.
Dangerous trend? Well, yeah. Porn is really the least of their problems. It really shouldn’t come as a surprise to people that this targeting is going on. Where is a bank robber going to go for income? Well, a bank. And the identity thief will go where the information is. Namely, yours.
Now, with the impending HIPAA audits approaching at any point it would seem that folks are giving this problem sharper focus in the US.
Article Link
Tags: Healthcare Data Security, HIPAA, Identity Theft
« Previous entries ·
Next entries »
