Group items tagged

Even as the Canadian government is fighting against "Buy American" policies that discriminate against Canadian firms, the federal government appears to be quietly continuing with policies that effectively block U.S. firms from winning some kinds of federal contracts. Case in point: a contract worth $150 million to help relocate nearly more than 18,000 public servants every year was awarded to the only Canadian bidder in mid-August. American firms were interested in the contract but say they were essentially blocked from the bidding because of a provision that personal information about Canadians cannot be stored on computerized databases outside of Canada. Canada Post, a Crown corporation, is about to award its own multimillion-dollar relocation services contract and it, too, has effectively blocked U.S. companies from bidding with a requirement that personal information be stored only on computers in Canada.

The fuss over Facebook's attempt to modify the contract with its millions of users has died down for the moment, and I haven't noticed any of my friends closing their account or even significantly changing their behaviour in protest despite the widespread coverage. The problem started in early February when Facebook updated the section on its site which establishes the legal agreement with its users. Like most people who use it I didn't notice the change, and even though Facebook clearly knows who I am and how to contact me I didn't get a message or see a notification in my news feed about it. This is pretty common practice on the web, where long legal contracts are agreed with a click of a mouse and sites update them at will because they contain a clause saying that you accept the changes if you carry on using the site. Term paper Unlike laws passed by Parliament, which have to be properly promulgated to those affected, contracts can evidently be changed without any proper notice.

It's not exactly what anyone might expect to find at a garbage dump in Ghana. Journalism students from the University of British Columbia discovered intact hard drives containing secret international security data and personal information at a digital dumping ground in Ghana, said their teacher, Peter Klein. Mr. Klein, a producer for the PBS television program Frontline and an Emmy Award winning journalist, said the drives included information about U.S. Homeland Security and Pentagon defence contracts as well as social security numbers, credit card numbers, and family photos. The dumps are frequented by criminal gangs in the country, he said. The findings are part of a project by Mr. Klein's graduate students investigating electronic waste, or e-waste. The team also travelled to Guiyu, China, and India, piecing together the afterlife of discarded computers, drives and parts. To find out if cyber criminals could get information stored on the computers, the students bought several hard drives from vendors near the Ghana dumps to test at home in Vancouver. One of the drives came from Northrop Grumman, a large U.S. military contractor. It contained "details about sensitive, multimillion-dollar U.S. government contracts" as well as contracts with the defence intelligence agency and NASA, according to a synopsis of the project on the PBS website.

A court has handed Blockbuster a preliminary defeat in a potential class-action lawsuit filed as a result of its participation in Facebook's ill-fated Beacon ad program, which notified members about their friends' e-commerce activity. U.S. District Court Judge Barbara Lynn in Dallas ruled that the case could proceed in court even though Blockbuster's contract with users calls for any disputes to be heard by an arbitrator rather than in court, and also says that users waive their right to file a class action lawsuit. Lynn determined that Blockbuster's contract with users was "illusory" because the agreement said that movie rental store could change the terms and conditions at any time. A Blockbuster spokesperson declined to comment on the case or state whether the company will appeal. The decision is a blow to Blockbuster because individual consumers would have had a difficult time bringing cases one-by-one against the company. But the decision paves the way for attorneys to argue that all consumers affected by Blockbuster's participation in Beacon should be able to proceed as a class. Internet law expert Venkat Balasubramani said Lynn's decision invalidating Blockbuster's user agreement was potentially far-reaching because many Web companies reserve the right to make changes to their terms of service. "It seems broad and could have impact on the terms of service used by a lot of different companies," he said.

Exactly one week after the Heartland Payment Systems (HPY) breach was first announced to the public, the first lawsuit has been filed against the payments processor. The class action lawsuit filed Tuesday by Chimicles & Tilellis LLP of Haverford, PA in the U.S. District Court for the District of New Jersey on behalf of Woodbury, MN resident Alicia Cooper, asserts that Heartland "made unreasonably belated and inaccurate statements concerning the breach." The complaint says Heartland does not appear to be offering any credit monitoring services or other relief to consumers affected by the breach. Chimicles & Tilellis' complaint also says in addition to the questionable timing of the announcement of its breach, (Read Heartland Class Action suit PDF) "there are materially misleading statements and omissions in Heartland's public description of the breach and its consequences." Heartland announced the breach in a press release on the same morning of President Barack Obama's inauguration. The law firm says it is suing on behalf of consumers whose sensitive financial information was compromised in the data breach at Heartland. The complaint raises a claim pursuant to the New Jersey Consumer Fraud Act, and asserts causes of action for negligence, breach of implied contract, breach of contracts to which Plaintiffs and Class members were intended third party beneficiaries, breach of fiduciary duty, and negligence. The payments processor did not disclose how many credit card account numbers were compromised as a result of the breach. Heartland is the fifth largest payment processor in the country and handles 100 million transactions per month for more than 250,000 small retailers, gas stations, restaurants and other small and midsized companies. The suit also states that Heartland only became aware of the breach after it was notified of patterns of fraudulent credit card activity by VISA and MasterCard. "Analysts have stated that the fact that Heartland did not detect th

Imagine this nightmare scenario: You've contracted with a vendor to enter personnel data into a new computer system. You give the vendor confidential data regarding your employees, including their Social Security numbers, addresses, names of dependents, health records and bank account routing numbers. Then the vendor notifies you that employee data was somehow stolen or lost. What do you do? It happens more often than anyone would like to admit. The Federal Trade Commission estimates that 9 million Americans have their identities stolen each year. More than 262 million records have been breached since January 2005

"Barack Obama's consumer-friendly FCC is asking Verizon Wireless to explain why it recently doubled Early Termination Fees for its customers. The company has until Dec. 17 to explain "the rationale" behind the higher fees. The inquiry comes after Sen. Amy Klobuchar (D-Minn) introduced a bill that would curb the penalties customers are required to pay for early cancellation of a wireless contract. On Nov. 15, Verizon raised the early termination fee for "advanced devices" to $350, from $175 earlier. "

First quarter federal reports show Google lobbied on the electronic medical records provisions of the federal economic stimulus act, contradicting the Internet giant's earlier claims that Consumer Watchdog's report of its effort was "100 percent false." Google's report shows a total expenditure of $880,000 on lobbying during the period including on "online health-related initiatives; issues relating to online personal health records, including in connection with H.R. 1: American Recovery and Reinvestment Act of 2009." Google also contracted with an outside firm, the Podesta Group, which independently reported lobbying for Google on "health information technology" and "online privacy." King and Spalding LLP also independently reported lobbying for Google on "online health-related initiatives, including health information technology provisions in H.R. 1, The American Recovery and Reinvestment Act." After the nonprofit, nonpartisan Consumer Watchdog reported the "rumored" lobbying in January, Google contacted a charitable foundation about withdrawing Consumer Watchdog's funding. In a letter to Google CEO Eric Schmidt released today, Consumer Watchdog said the company owes the group an apology. Read Consumer Watchdog's letter here: http://www.consumerwatchdog.org/resources/LtrSchmidt042209.pdf. "It is now clear from public records that Google was lobbying Congress relating to online personal health records in connection with the economic stimulus act... What else could Google have been seeking except to be excluded from the Health Insurance Portability and Accountability Act (HIPAA) provisions on privacy and forbidding sale of records? Please tell us," wrote Jamie Court, Consumer Watchdog president and John M. Simpson, consumer advocate. "There is a simple way to resolve this," the letter said. "Publicly release all the substance of Google's lobbying efforts on H.R. 1. Google knows the drill: organize the information and make it universally accessible and useful."

A Swiss insurance worker lost her job after surfing popular social network site Facebook while off sick, her employer said Friday. The woman said she could not work in front of a computer as she needed to lie in the dark but was then seen to be active on Facebook, which insurer Nationale Suisse said in a statement had destroyed its trust in the employee. "This abuse of trust, rather than the activity on Facebook, led to the ending of the work contract," it said. The unnamed woman told the 20 Minuten daily she had been surfing Facebook in bed on her iPhone and accused her employer of spying on her and other employees by sending a mysterious friend request which allows access to personal online activity. Nationale Suisse rejected the accusation of spying and said the employee's Facebook activity had been stumbled across by a colleague in November, before use of the social network site was blocked in the company.

China has denied allegations that it hacked into a Pentagon IT system and recovered plans for the Joint Strike Fighter (JSF). The combat aircraft which is to be procured by Britain as well, is being produced by Lockheed Martin. In allegations first reported in the Wall Street Journal, hackers stole "several terabytes of data related to design and electronics systems". The most sensitive data however on weapons systems and its stealth technology was not breached since it is kept on computers not connected to the internet. IT experts have said that they suspect the hackers came from China although it will be difficult to identify their exact origins. Hacking into IT systems as complex as the DoD's would require the help and capabilities of another government. Recovering data on the JSF would allow countries or rogue groups who could face the aircraft in future conflicts to develop counter measures based on the aircraft's weaknesses. The Chinese strongly denied that the breach originated from their country. "China has not changed its stance on hacking. China has always been against hacking and we have cracked down very hard on hacking. This is not a Chinese phenomenon. It happens everywhere in the world," a spokesperson for the Foreign Ministry said. This is not the first time the JSF's security has been breached. Early on in the contract the DoD and Lockheed Martin admitted that there was no universal IT security policy for the 1,200 sub contractors and that leaks may have occurred. BAE subsequently admitted that their IT security for JSF material was lax and that leaks could have occurred. Britain is scheduled to buy 150 of the aircraft by 2018.

Parents of 18,541 Metro Nashville students will receive letters next week outlining a security breach that put their children's Social Security numbers online for three months. Advertisement Boston-based Public Consulting Group Inc., which holds a five-year, $2.6-million-a-year contract with the state to collect student data from various districts, corrected the error March 31 after a parent using Google to search her daughter's name found it - along with personal data for the students and 6,000 parent names. Art Staehling learned Wednesday that his teenage daughter was on the list and said he's concerned what could happen to her identity. "I find it hard to believe that an established company had a problem of this magnitude," Staehling said. The consulting group will pay for parents of affected children to check all family members' credit reports through Experian and for a year of monitoring. One of the group's owners, Stephen Skinner, said the error happened when workers running a test Dec. 28 on random student data inadvertently stored a file to an insecure directory. They discovered the error March 5 and took down the file, which contained student names, gender, race or ethnicity, date of birth, Social Security number and, in some cases, parent names. But they were unaware Google's search engine had already found the file and indexed it. That's how the parent, who is also a Metro schools employee, found out about the breach weeks later. Public Consulting Group worked with Google to take the information down.

A leading technology advisor to President Obama said in a research note for his investment firm today that privacy and net neutrality will be among the biggest telecommunications issues facing the Federal Communications Commission and the administration going forward. Analyst Blair Levin, who was the co-lead of Obama's technology and innovation team along with nominated FCC Chair Julius Genachowski, wrote in a Stifel Nicolaus research note that the economic crisis and change of administration will shift the focus of telecom policy away from traditional phone companies to "Internet/edge" players. Indeed, Google and other Web video and voice companies like Skype have been increasingly active in recent years at the FCC, pushing particularly for net neutrality rules that would prevent carriers from blocking or charging more for certain content that travels over the Web. Levin said in a note that net neutrality will emerge again as an issue in the new administration for wireless networks. On the other hand, there won't likely be a push for new net neutrality rules for cable, DSL, and fiber network carriers at the FCC. "(There is a) consensus emerging that disputes about whether a wireline network management tool is 'reasonable' (or is actually blocking or degrading traffic) to be resolved on a case-by-case basis," Levin wrote in the note with analysts Rebecca Arbogast and David Kaut. It would be a tough climb to impose rules that force wireless carriers to open their networks. Apple and AT&T successfully argued to lawmakers and regulators to keep their exclusive iPhone contract. Skype's petition to the FCC to force carriers to allow any handset or software to operate on any network was shot down by former FCC Chairman Kevin Martin. He said the biggest "sleeper" issue will be privacy. With a major overhaul of healthcare records to the Web, the rise in behavioral advertising and cloud computing, where information is stored in computers strung across many geographies

The inability to discard worthless items even though they appear to have no value is known as compulsive hoarding syndrome. Ben Rothke explains why it's a bad habit in the world of IT security. The inability to discard worthless items even though they appear to have no value is known as compulsive hoarding syndrome. If the eccentric Collyer brothers had a better understanding of destruction practices, they likely would not have been killed by the very documents and newspapers they obsessively collected. While most organizations don't hoard junk and newspapers like Homer and Langley Collyer did, they do need to keep information such as employee personnel records, financial statements, contracts and leases and more. Given the vast amount of paper and digital media that amasses over time, effective information destruction policies and practices are now a necessary part of doing business and will likely save organizations time, effort and heartache, legal costs as well as embarrassment and more. In December 2007, the Federal Trade Commission announced a $50,000 settlement with American Mortgage Company of Northbrook, Illinois, over charges the company violated the FTC's Disposal, Safeguards, and Privacy rules by failing to properly dispose of documents containing consumers' credit and personally identifiable information. In announcing the settlement, the FTC put all companies on notice that it is taking such failures seriously. A $50,000 settlement might seem low when measured against the potential for financial harm to individuals as a result of the company's negligence, but in addition to the negative PR for American Mortgage, the settlement includes an obligation to obtain an audit, every two years for the next 10 years, from a qualified, independent, third-party professional to ensure that its security program meets the standards of the order. Any similar failures by this company during the next decade will be met with more severe punishment. That, indeed, is a

Hackers broke into the Federal Aviation Administration's computer system last week, accessing the names and national identification numbers of 45,000 employees and retirees, a union leader says. Tom Waters, president of American Federation of State, County and Municipal Employees Local 3290, said FAA officials briefed union leaders Monday about the security breach. FAA spokeswoman Laura Brown confirmed the agency's computers were hacked last week. Story continues below ↓advertisement | your ad here Waters said union leaders were told hackers gained access to two files. One file had the names and Social Security numbers of 45,000 employees and retirees on the FAA's rolls as of February 2006. Social Security is the U.S. government-directed pension system, and in the absence of a national identity card, other people's social security numbers can be used to steal identities for illicit purposes. Waters said the other file contained medical information that was encrypted. "These government systems should be the best in the world, and apparently they are able to be compromised," said Waters, an FAA contracts attorney. "Our information technology systems people need to take a long hard look at themselves and their capabilities. This is malpractice in their world." FAA officials told union leaders the incident was the first of its kind at the agency. But Waters said his union complained about three or four years ago about an incident in which employees received anti-union mail that used names and addresses that appeared to be generated from FAA computer files.

In May 2008, the Office of the National Coordinator for Health Information Technology (ONC) awarded an approximately $450,000 contract to Booz Allen Hamilton to assess and evaluate the scope of the medical identity theft problem in the U.S. Medical Identity Theft Medical identity theft is a specific type of identity theft which occurs when a person uses someone else's personal health identifiable information, such as insurance information, Social Security Number, health care file, or medical records, without the individual's knowledge or consent to obtain medical goods or services, or to submit false claims for medical services. There is limited information available about the scope, depth, and breadth of medical identity theft. Dr. Robert Kolodner, National Coordinator for Health Information Technology, has noted that medical identity theft stories are being documented at an increasing rate, bringing to light serious financial, fraud, and patient care issues. ONC recognizes that health IT is an important tool to combat the threat of medical identity theft. We are seeking input from the public and other government agencies to better understand how health IT can be utilized to prevent and detect medical identity theft as well as build consumer trust in electronic health information exchange. ONC believes it is imperative to obtain a more comprehensive understanding of this issue from a variety of perspectives, and to create an open forum for dialogue to work proactively to address medical identity theft. Medical Identity Theft final report. The report summarizing health IT and medical identity theft issues raised at the town hall was completed January 15, 2009 and sets forth potential actions the Federal government and other stakeholders can undertake in working toward prevention, detection, and remediation of medical identify theft.

The authorities in Brussels fired a warning shot across the bows of online advertisers today, signalling new rules to combat surfer profiling and breaches of privacy in the interests of commercial gain. In the strongest denunciation of the conduct of online advertisers, Meglena Kuneva, the European commissioner for consumer affairs, argued that personal data has become "the oil of the internet and the new currency of the digital world". She warned that surfers' privacy rights were being abused by the amassing of personal information and its supply to advertisers who targeted individuals who were often unaware of what was happening. "From the point of view of commercial communications the world wide web is turning out to be the world wild west. This could be very damaging," Kuneva told a meeting of industry professionals and analysts in Brussels. "Consumer rights must adapt to technology, not be crushed by it. The current situation with regard to privacy, profiling, and targeting is not satisfactory." The commissioner outlined European laws regulating the protection of privacy, commercial contracts, and countering discrimination, and indicated that the regulations were failing to keep up with the pace of developments on the internet. She called on the online advertising industry to come up with a voluntary code of conduct to protect consumer and privacy rights, but clearly signalled that the EU authorities would probably have to legislate to prevent abuses. The volume of personal data collected on the internet was growing exponentially and was increasingly being used for commercial purposes by tracking surfers' browsing habits, using cookies, and making the information available for individual profiling and targeting of consumers, she said.

Consumers save their e-mail and documents on Google's data centers, put their photos on Flickr and store their social lives on Facebook. Now a host of companies including Amazon and Microsoft wants government agencies to similarly house data on their servers as a way to cut costs and boost efficiency. But federal officials say it's one thing to file away e-mailed jokes from friends, and another to store government data on public servers that could be vulnerable to security breaches. The push toward "cloud computing," so named because data and software is housed in remote data centers rather than on-site servers, is the latest consumer technology to migrate to the ranks of government. Companies such as Amazon and Salesforce, which do not typically sell services to the government, want a piece of the business. Google opened a Reston office last year to sell applications such as Google Docs to federal employees. Silicon Valley-based Salesforce, which has focused on selling to corporations, established a team dedicated to government contracting. Microsoft spent $2.3 billion in 2007 to build data centers for cloud computing, and IBM, Sun Microsystems and HP want to provide the government cloud.

Hartmut Mehdorn's days as the boss of German rail operator Deutsche Bahn look to have come to an end as the embattled executive offers his resignation amid a damaging, ongoing data privacy scandal. Mehdorn said he was offering to go because the "destructive debates" over his future were damaging the company. "I have made an offer to terminate my contract with the supervisory board chairman," Mehdorn said Monday, March 20, at a press conference to announce Deutsche Bahn's annual financial results. "I assume that a successor will be appointed before the summer holidays" begin in July. Mehdorn, who has run the state-owned firm since 1999, has been under increasing pressure ever since it was revealed earlier this year that Deutsche Bahn accessed confidential staff data as far back as 1998.

Hackers, possibly from Asia, have stolen about a decade's worth of personal information on current and former UC-Berkeley students, the university announced Friday. The breaches involved records dating to 1999 at the school's health center that included Social Security numbers, health insurance information, immunization history and the names of treating physicians. No other treatment-related records were stolen, the university said, although self-reported medical histories of students who studied abroad were hacked. The school on Friday sent e-mails and letters to 160,000 people, including about 3,400 Mills College students who used or were eligible for University of California-Berkeley medical services. About 97,000 people are most at risk because their names and Social Security numbers could be connected by the hackers, said Steve Lustig, the university's associate vice chancellor for health and human services. "What's been taken is bits of data that the thief might put together into an identity," he said. The university traced the hackers back to Asia, possibly China, but the exact origin could not be pinpointed. UC and FBI investigators are probing the breaches, which apparently occurred over several months. An FBI spokesman said the agency was informed of the hacking immediately, but declined to provide more information. The thefts were discovered about a month ago, but system administrators did Advertisement not realize the breadth of the attack until April 21. The hackers disguised their work as routine operations and then left taunting messages for UC-Berkeley employees, said Shelton Waggener, the university's associate vice chancellor for information technology. The thieves accessed the information through the university Web site, he said. "You should think of it as a public building," Waggener said. "They got into the building properly, but then they broke into secure areas." Administrators at Mills College, which contracts with UC-Berkeley for

Hunch.com helps users search for answers -- but first, it performs a detailed search on the users themselves. Launching today after a year in development, Hunch aims to supply users with computer-generated advice on thousands of lifestyle and consumer questions: What kind of dog should I buy? What should I get dad for Father's Day? Which book by George Orwell would I like? Most important, though, Hunch is not a search engine. Rather than scouring the open Web for information, as Google, Microsoft's new Bing and scores of others do, or collating written opinions, as Amazon.com does, Hunch computes answers by comparing what it knows about you to what it knows about people like you. "Ultimately, what we're doing is providing a kind of shortcut through human expert systems," said Hunch founder Caterina Fake, who also started Flickr.com, the popular photo-sharing site that was acquired by Yahoo in 2005. By first inviting users to answer as many as 1,500 questions about themselves -- an addictive kind of personality test that involves such diverse questions as political orientation, relationship status and whether you believe in UFOs and keep your closet organized -- Hunch looks to assemble a demographic profile whose depth could rival anything in the commercial universe. The New York company also believes that users stand to benefit from this kind of large-scale data farming -- not just from getting better answers, but also from discovering the many microdemographics to which they belong. Hunch also says it will not sell user data to marketers. But this promise, written into the site's privacy policy, is not precisely a legal contract, said Siva Vaidhyanathan, a new-media scholar at the University of Virginia, and the difference leaves the data it collects in a fuzzy domain.