A pro-consumer ID Theft bill was recently co-written by a tech-savvy legislator and Chris Soghoian a blogger, focusing on providing strong incentives for businesses to encrypt private and confidential consumer data, and requiring businesses to post data breech reports online to notify their customer base. (it requires more than this, but this is what interested me)
Before this bill even left committee it was reduced from 72 lines to a paltry 17, however the stipulation that confidential and private information remains encrypted survived the decimation.
United Press International has posted a disturbing analysis of recent “cyber” attacks against Tibet advocacy groups, particularly in the US. The article outlines increasingly common behavior that is rarely reported because the victims, often corporations, typically do not like to advertise their breach.
Van Horenbeeck told United Press International that the attacks used e-mails purporting to come from known associates of the victims with attachments containing malicious code — so-called Trojan horse software — that stole e-mail and contact data, passwords and other information and covertly sent it on the Internet to special command servers.
We often use common sense to determine whether or not we should trust an email. If it’s from an address we don’t recognize or references a conversation we never participated in it sets off red flags. But, when the email looks like it’s coming from a person you know and simply continues an ongoing conversation you’re familiar with it causes us to lower our guard.
Earlier this week Facebook announced new, long awaited, privacy controls. The new controls are meant to try and salvage the social network’s declining image as a protector of privacy and silence the growing volumes of critics. The new features allow you to micro-manage which types of users may view what information. You can now configure your photo gallery to be available to friends of friends, your work history for close friends only, and your contact information invisible to anyone.
Perhaps most heralded was the ability for university students to allow only other students to view their profiles if they wished, essentially making it impossible for cases like the Ryerson student who was threatened with expulsion for having a Facebook study group.
The new feature sounds fantastic until you realize that there is nothing stopping anyone from changing their status from student to, alumni, or professor. So creating controls designed to lock out a specific user type become useless because anyone may choose to be any user type they so choose, and may change as many times as they wish, at any time.
The bill didn’t pass and it has some people a little upset. For a pro-bill critique of the situation head on over to this blog. Below is an excerpt that discusses why it was rejected. For counter points, check out the preceding link.
In one of the more bizarre statements Kathleen Bizarro (I’m not making that name up), EVP of the NH Hospital Association stated the bill would “essentially put a halt to the development of electronic medical records.” The medical establishment went on to state that the bill was too onerous, would restrict a physicians ability to provide good care, and that it would exceed existing federal laws (HIPAA).
When does email filtering go too far? It’s a matter of opinion for most of us but Wirral’s Rape and Sexual Abuse Centre in Liverpool UK thinks that it may have found an example everyone can agree on.
A COUNSELLING organisation is struggling to bid for support – because a council’s email system blocks the word “sexual”… Despite months of protests about the web “profanity” filter, service co-ordinator Jo Wood has been told she must ring the council every time she clicks “send”.
BusinessWeek now reports that the Indian government may be backing down after it had hinted that RIM may be barred from operating in the country if it didn’t allow for back door monitoring.
There’s a great post available over at Realtime Community which outlines what happens after a privacy breach and how companies have to deal with it. The article serves as kind of a step by step guide to guiding your organization out of the crisis.
Do not use legal phrases, such as “alleged violations,” “freezing assets,” “deliberate concealment,” and so on that are commonly used by lawyers but rarely by the typical consumer. I have actually seen phrases such as these within notification communications. Using legal phrases just confuses most recipients and makes them think the organization trying to put something over on them.
Of course you could always avoid the entire debacle in the first place by using something like this to protect your organization’s email. :) Click here for the full article.
I stumbled upon an interesting article today about India’s spy agencies threatening to shutdown RIM unless the company releases its encryption keys to the fuzz.
An interesting article from the Washington Post is available here titled “New Ways to Manage Health Data“. It’s a great introduction to the foundation of the debate over putting Personal Health Records (PHRs) online. There’s been a lot of controvery lately after Google announced it would be entering the race to put our health records online.
Lately, Internet giants Microsoft and Google have upped the ante, developing sites that combine PHRs with search engines and other services. … The new capabilities raise the value of PHRs — as well as the risk from breaches of privacy. And as the records sites grow in number and sophistication, privacy advocates are stepping up their warnings, especially about PHRs offered by health insurers.
There are serious issues of security and how these PHR’s would be controlled and transferred between providers and repositories that warrant further debate.
Thanks for giving us a heads up about this video Karn. The video features safety tips from Marc Saltzman who also shares advice for identifying phishing and spoofing attempts, and protecting yourself from online fraud and identity theft. The videos being distributed by eBay, a company that has been damaged by phishers hijacking their brand.