Group items tagged

The Homeland Security Department's privacy office will hold a conference to explore the use of social media as if affects security and privacy. The "Government 2.0: Privacy and Best Practices" conference will be held June 22 to June 23 in Washington and is open to the public. The workshop is meant to help agencies use Web 2.0 technologies in ways to protect privacy and security, and to explore the best practices for implementing President Barack Obama's memo on open government that was released in January, according to a notice published in the federal register April 17. Panelists will discuss topics such as transparency and participation in government, privacy and legal concerns brought by the government's use of social media, and how the government can best use the technologies while protecting privacy rights during the conference, DHS officials said. DHS is asking for comments by June 1 on topics such as: * How the government is using social media. * The risks, benefits and operational concerns that come from government use of the technologies. * Privacy, security and legal issues raised by the government's use of social media. * Recommendations on best practices for government use of the technologies.

Why Google isn't ready to be an Enterprise vendor

At the Google (NSDQ: GOOG) I/O developer conference this week, Google Inc. will host more than 80 technical sessions on all of the Google apps and platforms we've come to know -- Android, Chrome, App Engine, Web Toolkit, AJAX and others. When reviewing the Google I/O Schedule this morning, I was disappointed by what could not be easily found. The conference will run this week, May 28 to 29, in San Francisco, and Google is expecting more than 2,000 attendees. Unfortunately, a long perusal of the schedule shows plenty of tracks with Search, Scale, and Performance in the title -- but only one track with Security. What about Privacy? Well, there's no tracks highlighting data privacy, either. There is a session that covers federated identity management, Practical Standards-based Security and Identity in the Enterprise. And it looks promising, but federated authentication and authorization is more about making sure applications and people can interact securely, not that an application, itself, is inherently secure.

Legislation to reform the Federal Information Security Management Act of 2002 will be introduced in the Senate on Tuesday, a Senate staffer who helped draft the bill told a panel at the RSA Conference in San Francisco on Thursday. Erik Hopkins' presentation provided further evidence that the White House could assume greater control in coordinating federal government security. In the panel - The New FISMA: Security Finally Transcends Compliance - Hopkins offered a diagram illustrating the bill that showed a cyber office reporting directly to the president. Hopkins, who works for the Senate Committee on Homeland Security and Governmental Affairs, was the third federal official addressing conference attendees to suggest the White House will be given more authority in safeguarding federal government information systems. On Wednesday, Obama administration cybersecurity advisor Melissa Hathaway - who last week submitted to the president an assessment of federal cybersecurity policy - said the White House must lead federal government cybersecurity efforts. A day before, National Security Agency Director Keith Alexander said NSA would not lead the nation's cybersecurity efforts, suggesting a greater role for the White House. Hopkins said the benefits of FISMA reform includes improved coordination of security efforts, better economies of scale and greater situational awareness of security threats such as knowing where they originate and how the government will respond.

1:53:26 - Jun 29, 2007 Recorded at the 8th www.ToorCon.org Information Security Conference, Sept 30th and Aug 1st, 2006 in San Diego, California. Content produced by www.MediaArchives.com --- PRIVACY IS DEAD - GET OVER IT, with Steven Rambam. This talk will include numerous examples of actual data and investigative online resources and databases, and will include an in-depth demonstration of an actual online investigation done on a volunteer subject. (The subject is Rick Dakan, a noted author, who will be present.) (From CNN: "...Rambam was scheduled to discuss how he dug up -- in just over four hours of searching private and public databases -- more than 500 pages worth of data on Rick Dakan, who was attending the conference and had agreed to participate in the project. "All I had given him was my e-mail and name," Dakan said. "He knew everywhere I'd lived, every car I had driven, and even someone else in Alabama who was using my Social Security number since 1983.Emphasis will be placed on discussing the "digital footprints" that we all leave in our daily lives, and how it is now possible for an investigator (or government Agent) to determine a person's likes and dislikes, religion, political beliefs, sexual orientation, habits, hobbies, friends, family, finances, health and even the person's actual physical whereabouts at any given moment, solely by the use of online data and related activity

The Obama administration is trying to take the lead on a number of technology issues, including cybersecurity, network neutrality and broadband availability. But one prominent omission is privacy, a topic about which the administration has said very little. At the Computers, Freedom and Privacy conference in Washington on Tuesday, one administration official did address privacy somewhat. Susan Crawford, a member of the National Economic Council looking after science and technology policy, listed some of the efforts by the Federal Trade Commission to press for new rules for behavioral advertising. But she didn't mention that all of those rules were written under the Bush administration. Peter Swire, an Ohio State law professor who served on the Obama transition team, offered one reason it might be difficult for the administration to find its voice on privacy. There is a split, he told the conference, between the typical view of privacy among technology experts and the emerging view of people brought up in the social networking, Web 2.0 world.

Proof that George Bush was actually protecting us by limiting access to government information!

At the National Archives and Records Administration's annual conference Thursday, one keynote speaker asked the crowd of several hundred how many of the archivists in attendance were sold on the use of social media. Only a smattering raised their hands. Clearly, it's a challenge for the government to figure out how to navigate complex archival and e-discovery regulations that require it to capture and store all sorts of new content in the age of social media, cloud computing, and seemingly endless storage. "The federal government is in a constantly evolving records environment," Adrienne Thomas, acting archivist of the United States, said in a luncheon speech to the conference. "These are exciting and challenging times." Obama administration ambitions toward cloud computing and more openness only make that issue more complicated. "Many of us in the federal records administrations have struggled with the implications of this new direction," Paul Wester, director of modern records programs at the National Archives, said in an interview. "We deeply believe in transparency and openness, but we are concerned about FOIA, HIPAA, the Privacy Act, personally identifiable information, and compliance with the Disability Act and Federal Records Act."

"Google Inc. co-founder Sergey Brin Wednesday said the Internet giant "screwed up" by collecting personal data through wireless networks and promised new oversight as European officials pledged to open investigations of the data collection. Authorities in Germany, Spain and Italy said Wednesday they were investigating Google and its Street View service, which uses camera-equipped vehicles to take street images and mark the location of Wi-Fi networks. Mr. Brin, speaking the same day at Google's developer conference in San Francisco, said the company would put "more internal controls in place" to prevent such data captures in the future, including the hiring of outside help. "Trust is very important to us," Mr. Brin said. "We're going to do everything we can to preserve that trust.""

G apologizes. Again, better to ask forgiveness... If users remain silent & gvt doesn't prosecute, why comply?

Insulin pumps are vulnerable to determined hackers who could also remotely mess up the readings of blood-sugar monitors, Jerome Radcliffe, a security researcher who has diabetes revealed at the Black Hat computer security conference, Las Vegas, Nevada. In other words, a hacker could cause a diabetic patient to receive either too much or too little insulin.

"On January 20, 2009, Heartland Payment Systems reported discovering malicious software in its payment processing system, a security breach of potentially massive magnitude given that the company's handles 100 million transactions per month for more than 250,000 businesses. While the monetary and data loses following from the penetration of Heartland's systems -- the compromise that lasted for months -- are still being determined, the financial impact on Heartland's stock price alone was devastating. " The breach, in conjunction with the economic downturn, led to the loss of about $500 million in shareholder value, more than three-quarters of the company's market capitalization, two months after the news was announced. And then there's the cost of more than several dozen breach-related lawsuits filed against the company this year and related expenses. According to slides presented in August at a National Retail Federation Conference by Robert O. Carr, Heartland's founder, chairman and CEO, the breach cost the company $32 million in legal fees, fines, settlements, and forensics during just the first half of the year.

URAC, the leading health care accreditation and education organization, announced today the recent Healthcare Information and Management Systems Society (HIMSS) annual conference raised important questions about consumer privacy and security around electronic health records (EHR). (Logo: http://www.newscom.com/cgi-bin/prnh/20030501/URACLOGO ) "There is no doubt that electronic health records are coming. The question is whether or not consumers' privacy is a key issue or an afterthought," said Alan P. Spielman, President and CEO of URAC. "A lot of forces are driving the push for EHR. However, it is important that standards go hand-in-hand with policy so that it doesn't become the Wild West with every vendor and health care provider using different terms." The rules set by the Health Insurance Portability and Accountability Act (HIPAA) are integral to the widespread adoption of EHR. However, the rules can be confusing for consumers and providers. URAC was the first organization to offer HIPAA Privacy Accreditation. The organization now offers comprehensive standards for both HIPAA Privacy and HIPAA Security accreditation. These standards are applicable to all personal health information storage formats and exchanges claims transactions and are designed for many different types of health care organizations including both Covered Entities (CE) and Business Associates (BA). They also require an ongoing compliance program that identifies, tracks and makes the necessary changes in response to a federal or state regulatory change.

When ethical hackers track down computer criminals, do they risk prosecution themselves? Security researchers at this week's Usenix conference in Boston believe this is a danger, and that ethical hackers have to develop a uniform code of ethics for themselves before the federal government decides to take action on its own. One such researcher introduced himself by saying "Hi, I'm Dave Dittrich, and I'm a computer criminal." Dittrich, senior security engineer and researcher at the University of Washington's Information School, has not been unlucky enough to be prosecuted. But ten years ago, he took actions to disrupt distributed denial-of-service attacks which he says could have been construed as criminal, he says. Working within the University of Washington Network, Dittrich says he "copied files from one host in Canada that was caching malicious software and logs of compromised hosts," allowing him to gain a fuller understanding of the nascent distributed denial-of-service tools, and to inform the operators of infected Web sites that a problem existed.

An eBay Inc. effort to broaden communication through the popular Twitter Web-messaging service highlights the hurdles facing corporate users of online social media. The growing Twitter audience also attracted the attention of eBay's lawyers, who last month required Mr. Brewer-Hay to include regulatory disclaimers with certain posts. Some followers think the tougher oversight is squelching Mr. Brewer-Hay's spontaneous, informal style. His experience shows the tension that can arise as more companies tap social media to reach investors, customers and others. Eighty-one Fortune 500 companies sponsor public blogs, including Wal-Mart Stores Inc., Chevron Corp. and General Motors Corp., according to the Society for New Communications Research. Of those blogs, 23 link to corporate Twitter accounts. On Thursday, a Johnson & Johnson executive reported for the first time on the health-care giant's annual meeting via Twitter, which allows users to post "tweets" of as many as 140 characters via text messages and the Web. Such efforts raise thorny questions. Blogs and tweets can run afoul of Securities and Exchange Commission regulations on corporate communications. But sanitizing such posts risks hurting credibility with online audiences. The online auctioneer launched a corporate blog in April 2008. Two months later, blogger Richard Brewer-Hay began "tweeting" -- posting updates on Twitter -- about Silicon Valley technology conferences, eBay's quarterly earnings calls and other topics.

Obama administration cybersecurity advisor Melissa Hathaway, in her much anticipated speech before the RSA Conference on Wednesday, suggested that the findings of a study she submitted Friday to President Obama calls for cybersecurity policy to be run from the White House. "The White House must lead the way forward with leadership that draws upon the strength, advice and ideas of the entire nation," said Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils. Scant on details, Hathaway in her 2,400-word speech did not explain how federal cybersecurity should be governed, even if it's based in the White House. Two months ago, President Obama charged Hathaway to head up a team to review current cybersecurity policies and processes. "It can be said that the federal government is not organized appropriately to address this growing problem because responsibilities for cyberspace are distributed across a wide array of federal departments and agencies, many with overlapping authorities and none with sufficient decision authority to direct actions that can address the problem completely," Hathaway said. "We need an agreed way forward based on common understanding and acceptance of the problem." Hathaway said the team she assembled addressed all missions and activities associated with the information and communications infrastructure, including the missions of computer network defense, law enforcement investigations, military and intelligence activities and the intersection of information assurance, counter intelligence, counter terrorism, telecommunications policies and general critical infrastructure protection. Task force members held more than 40 meetings with different stakeholder groups during the 60 days and received and read more than 100 papers that provided specific recommendations and goals, she said. "We identified over 250 needs, tasks, and recommendations," Hathaway said. "We also solicited input from gov

A typical lost or stolen laptop costs employers $49,246, mostly due to the value of the missing intellectual property or other sensitive data, according to an Intel-commissioned study made public Wednesday. "It is the information age, and employees are carrying more information on their laptops than ever before," according to an analysis done for Intel by the Michigan-based Ponemon Institute, which studies organizational data-management practices. "With each lost laptop there is the risk that sensitive data about customers, employees and business operations will end up in the wrong hands." The five-month study examined 138 laptop-loss cases suffered over a recent 12-month period by 29 organizations, mostly businesses but also a few government agencies. It said laptops frequently are lost or stolen at airports, conferences and in taxis, rental cars and hotels. About 80 percent of the typical cost - or a little more than $39,000 - was attributed to what the report called a data breach, which can involve everything from hard-to-replace company information to data on individuals. Companies then often incur major expenses to prevent others from misusing the data. Lost intellectual property added nearly $5,000 more to the average cost. The rest of the estimated expense was associated with such things as investigative costs, lost productivity and replacing the laptop. Larry Ponemon, the institute's chairman and Advertisement founder, said he came up with the cost figure based on his discussions with the employers who lost the laptops. When he later shared his findings with the companies and government agencies, he said, some of their executives expressed surprise at the size of the average loss. But he noted that one of the employers thought the amount could have been even higher.

Plans by Internet service providers to deliver targeted adverts to consumers based on their Web searches threaten online privacy and should be opposed, the founder of the Web said Wednesday. "I just want to know that when I click on a link it is between me and the Web, and the Internet service provider is not going to immediately characterise me in different categories for advertising or insurance of for government use," Tim Berners-Lee told a Web conference in Madrid. "The postman does not open my mail, the telephone company does not listen to my telephone conversations. Internet use is often more intimate than those things," he added. New software called Webwise allows Internet service providers to show adverts to their clients based on their Web browsing habits instead of based on the content of a single Web page as currently happens. Several British Internet service providers, including BT and Virgin Media, have said they are considering using the software, which is aimed at making the Web more financially profitable for advertisers. With the help of other scientists at the European Organisation for Nuclear Research (CERN), Berners-Lee set up the Web in 1989 to allow thousands of scientists around the world to stay in touch. The WWW technology -- which simplifies the process of searching for information on the Internet -- was first made more widely available from 1991 after CERN was unable to ensure its development, and the organisation made a landmark decision two years later not to levy royalties.

A year after Microsoft (NSDQ: MSFT) chief research and strategy officer Craig Mundie urged the technology industry to come together to create a more trustworthy Internet, the company's vision of End to End Trust is starting to take shape. At the RSA Conference this year, Scott Charney, Microsoft's corporate VP of Trustworthy Computing, plans to deliver a progress report on his company's campaign to move beyond the password as a means of authentication.

As health care providers determine how they will take advantage of the $19 billion allocated in the stimulus package to help jumpstart advances in health information technology (HIT), consumer appetite for electronic health records (EHRs), online tools and services is also growing, according to the results of the 2009 Deloitte Survey of Health Care Consumers (www.deloitte.com/us/2009consumersurvey). While only 9 percent of consumers surveyed have an electronic personal health record (PHR), 42 percent are interested in establishing PHRs connected online to their physicians. Fifty-five percent want the ability to communicate with their doctor via email to exchange health information and get answers to questions. Fifty-seven percent reported they'd be interested in scheduling appointments, buying prescriptions and completing other transactions online if their information is protected. Technologies that can facilitate consumer transactions with providers and health plans, like integrated billing systems that make bill payment faster and more convenient, are also appealing to nearly half (47 percent) of consumers surveyed. The survey of more than 4,000 U.S. consumers 18 and over was released today at the Healthcare Information and Management Systems Society (HIMSS) Annual Conference held in Chicago. It is the second annual study examining health care consumers' attitudes, behaviors and unmet needs conducted by the Deloitte Center for Health Solutions offering health care industry leaders and policymakers a timely look at how health care consumerism is evolving. "Consumers are increasingly embracing innovations that enhance self-care, convenience, personalization and control of personal health information," said Paul H. Keckley, Ph.D., executive director, Deloitte Center for Health Solutions. "Consumers want a bigger say in their health care decisions. Consumer demand for HIT and its potential impact on reforming the system has never been stronger." Despite strong con

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations. The legislation, which echoes a measure proposed by one of their Democratic colleagues three years ago, would impose unprecedented data retention requirements on a broad swath of Internet access providers and is certain to draw fire from businesses and privacy advocates. "While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," U.S. Sen. John Cornyn, a Texas Republican, said at a press conference on Thursday. "Keeping our children safe requires cooperation on the local, state, federal, and family level." Joining Cornyn was Texas Rep. Lamar Smith, the senior Republican on the House Judiciary Committee, and Texas Attorney General Greg Abbott, who said such a measure would let "law enforcement stay ahead of the criminals."

A Microsoft-led group set up three years ago has backed away from its original goal of pushing for comprehensive U.S. privacy legislation. Originally, the Consumer Privacy Legislative Forum was set up to bring a diverse array of consumer companies, technology vendors and even advocacy groups together and help drive privacy legislation. But now the group has been renamed the Business Forum for Consumer Privacy and is instead being billed as "an organization focused on fostering innovation in consumer privacy governance," according to the group's new mission statement. The Forum has released a white paper at the International Association of Privacy Professionals conference held in Washington this week. "What the organization is doing is developing the framework that would make new governance possible," said Martin Abrams, an adviser to the Forum who is executive director with the Centre for Information Policy Leadership at Hunton & Williams, an international law firm. Two of the Forum's original members, Symantec and the Center for Democracy and Technology, say they have dropped out. Eastman Kodak has also dropped out, according to Abrams. He was not authorized to say who the current members are, but the group appears to include Microsoft, Hewlett-Packard, eBay and Google. U.S. consumers are covered by a patchwork of state and federal laws that are confusing for companies, and which often force consumers to work hard to protect their own data. Many of the Forum's members would like to change things, but it appears that coming up with legislative proposals was too much.

To address important consumer privacy concerns associated with online behavioral advertising, the staff of the Federal Trade Commission today released a set of proposed principles to guide the development of self-regulation in this evolving area. Behavioral advertising is the tracking of a consumer's activities online - including the searches the consumer has conducted, the Web pages visited, and the content viewed - in order to deliver advertising targeted to the individual consumer"s interests. For more than a decade, the FTC has engaged in investigation, law enforcement, studies, and other privacy developments to protect consumers' privacy online. Concepts used to develop the principles emerged from the agency's longstanding privacy program and, more recently, from two conferences hosted by the FTC. In the fall of 2006, a three-day public hearing, "Protecting Consumers in the Next Tech-ade," examined technology developments that could raise consumer protection policy issues, including privacy, over the next decade. This past November, building on the Tech-ade hearings, the FTC hosted a Town Hall entitled "Ehavioral Advertising: Tracking, Targeting, and Technology," to focus in on privacy issues raised by behavioral advertising. "The purpose of this proposal is to encourage more meaningful and enforceable self-regulation to address the privacy concerns raised with respect to behavioral advertising. In developing the principles, FTC staff was mindful of the need to maintain vigorous competition in online advertising as well as the importance of accommodating the wide variety of business models that exist in this area," according to its proposal "Behavioral Advertising: Moving the Discussion Forward to Possible Self-Regulatory Principles." The proposal states that behavioral advertising provides benefits to consumers in the form of free content and personalized advertising but notes that this practice is largely invisible and unknown to consumers. To address the