Group items tagged

A group of computer scientists at the University of Washington has developed a way to make electronic messages "self destruct" after a certain period of time, like messages in sand lost to the surf. The researchers said they think the new software, called Vanish, which requires encrypting messages, will be needed more and more as personal and business information is stored not on personal computers, but on centralized machines, or servers. In the term of the moment this is called cloud computing, and the cloud consists of the data - including e-mail and Web-based documents and calendars - stored on numerous servers.

Hackers will soon gain a powerful new tool for breaking into Oracle Corp's database, the top-selling business software used by companies to store electronic information. Security experts have developed an easy-to-use, automated software tool that can remotely break into Oracle databases over the Internet to simulate attacks on computer systems, but cybercrooks can use it for hacking. The tool's authors created it through a controversial open-source software project known as Metasploit, which releases its free software over the Web. Chris Gates, a security tester who co-developed the Metasploit tool, will unveil it next week at the annual Black Hat conference in Las Vegas, where thousands of security experts and hackers will gather to exchange trade secrets. "Anyone with no skill and knowledge can download and run it," said Pete Finnigan, an independent consultant who specializes in Oracle security and who advises large corporations and government agencies.

Privacy and civil liberties advocates are urging lawmakers working on the forthcoming economic stimulus package to ensure that any language to spur adoption of electronic medical records includes meaningful security safeguards. The American Civil Liberties Union, Consumer Action, the National Association of Social Workers, Patient Privacy Rights and others sent letters to House Speaker Nancy Pelosi, Senate Majority Leader Harry Reid and President-elect Barack Obama Wednesday asking them to ensure individuals can control the use of their medical records and protect them from what they believe is a thriving industry of firms that share and sell medical data. "We all want to innovate and improve health care, but without privacy our system will crash as any system with a persistent and chronic virus will," Patient Privacy Rights executive director Ashley Katz said at a Capitol Hill briefing. Katz said her group has been pleased with progress that the House Energy and Commerce, and Ways and Means committees made last year.

Every time you get online, your privacy comes under attack. Whether it's an overbearing End User License Agreement, contact forms, or just website cookies, there are literally millions of ways that you can let your private information slip away online. One of the best ways to fight invasions of your privacy is to get informed and learn how to prevent it. Read on to find advice, organizations, and other resources that can help you keep your privacy safe online. Guides & Articles These resources have specific advice and information for protecting your online privacy. 1. EFF's Top 12 Ways to Protect Your Online Privacy: Read this guide from the Electronic Frontier Foundation to learn how you can protect private information online. 2. Frequently Asked Questions about Online Privacy: Get answers to questions about online privacy and safety from this resource. 3. Is Your PC Watching You? Find Out!: This article from CNN will help you figure out if your privacy is being violated through your PC. 4. Nameless in Cyberspace: Anonymity on the Internet: Find out why the right to anonymity online is so important to have by reading this article. 5. Consumer Privacy Guide: The Consumer Privacy Guide offers a variety of resources and information for protecting your privacy online. 6. This Email Will Self-Destruct: Learn about email security measures that you can take to protect your privacy. 7. Anti-Spam Resources: Visit this guide to learn how to stop receiving junk email. 8. All About Internet Privacy and Security: Read this guide to learn about security terms and Internet privacy settings. 9. Online Privacy: The Complete Guide to Protect You: WebUpon's guide discusses steps you can take to protect your online privacy. 10. Social Networking and Safety Online: Read this guide to learn how to practice common sense on social networking sites. 11. Internet privacy: Wikipedia's entry on Internet privacy offers a broad view at staying private o

The Federal Trade Commission is planning three public discussions, starting in December, devoted to technology and consumer privacy. According to the FTC, the roundtables will address topics such as social networking, cloud computing, online advertising and mobile marketing, the goal being "to determine how best to protect consumer privacy while supporting beneficial uses of the information and technological innovation." Behavioral advertising, in particular, has come under fire by privacy groups. Earlier this month, Electronic Frontier Foundation, Consumers Union and other related organizations called for stronger rules limiting what kinds of personal information are collected by marketers and how long they can hold on them.

Chase Bank has sent out data breach notification letters to an undisclosed number of customers after a computer tape with customers' personal information was reported missing from a third-party vendor's storage facility. Tom Kelly, spokesperson for New York-based Chase, the commercial/consumer banking arm of financial giant JPMorgan Chase, says the vendor -- which he would not name -- confirmed it received and maintained the tape, and that its offsite facility had been searched thoroughly after the tape disappeared. Kelly would not say if the data on the tape was encrypted, but says its data can be read only with special equipment and software. "We have no evidence to indicate any of the information has been viewed or used inappropriately," Kelly says. A local ABC News station in Louisville, KY first reported the missing data tape and the notification letters being sent in August. Kelly says the notification letters are being sent out in batches, but would not say how long the tape has been missing, nor what type of customers' information (credit or banking) was on the tape. The electronic files, according to the notification letter, may have included names, addresses and Social Security numbers, but did not include any banking or financial information. Affected customers are being offered a free one-year subscription to the bank's identity protection program, Kelly says. For more information on 2009 data breaches involving financial institutions, see this interactive timeline

Healthcare organizations are losing more than just names, addresses and Social Security numbers. When their data gets stolen, patients lose the privacy of their medical conditions, treatments and medications while at the same time falling prey to identity theft, medical billing fraud and other criminal schemes. Theft of electronic medical records is on the rise, and the implications are getting more serious. In a 2008 survey of identity theft victims, the Identity Theft Resource Center found that 67% had been charged for medical services they never received and 11% were denied health or life insurance due to unexplained reasons.

Both panels that advise the national coordinator for health IT plan to focus on privacy and security standards needed to support meaningful use of electronic health records when they meet later this month, according to notices in today's Federal Register. The Health IT Policy Committee, led by Dr. David Blumenthal, the national coordinator for health IT, will direct more of its discussion at its upcoming Sept. 18 meeting on health information privacy and security as it makes progress in defining meaningful use under the stimulus law, according to the notice. Likewise, the companion Health IT Standards Committee, which meets Sept. 15, will concentrate on refining standards recommendations made by its privacy and security work group. At the Standards Committee's previous meeting Aug. 20, its privacy and security workgroup presented standards for authentication, authorization, auditing and secure data transmission of health information in EHR products as well as the infrastructure that hosts them. The work of the panel includes protecting data inside an enterprise as well as data exchange between enterprises, "because security is an end to end process," noted Dr. John Halamka, the committee's chairman in a post on his blog, "Life as a Healthcare CIO."

Travelers arriving at U.S. borders may soon be confronted with their laptops, PDAs, and other digital devices being searched, copied and even held by customs agents -- all without need to show suspicion for cause. Notices are being proposed by the Privacy Office at the U.S. Department of Homeland Security (DHS), which last week released a report approving the suspicionless searches of electronic devices at U.S. borders. The 51-page Privacy Impact Assessment also supported the right of U.S. Immigration and Customs Enforcement agents to copy, download, retain or seize any content from these devices, or the devices themselves, without assigning any specific reason for doing so.

"As Congress makes headlines on healthcare and financial industry oversight reform, online data privacy watchdogs are hammering away behind the scenes on the Hill. A joint hearing on online and offline data collection scheduled for later this week, and a planned series of Federal Trade Commission data privacy events have advocacy groups from as far away as California visiting Washington to make sure their voices are heard. "What we're concerned about is the amount of surveillance and tracking going on without consumer consent," said Lee Tien, senior staff attorney at the San Francisco-based Electronic Frontier Foundation. Though often skeptical of government regulation, EFF recently joined lobbying groups including Center for Digital Democracy in recommending that Congress pass clear consumer privacy legislation. "

"As the federal government readies the third iteration of Einstein, privacy concerns over the intrusion detection system were voiced at a Senate hearing on Tuesday. Philip Reitinger, Department of Homeland Security deputy undersecretary for the National Protection and Programs Directorate, told the Senate Committee on the Judiciary's Subcommittee on Terrorism and Homeland Security that DHS envisions deploying Einstein 3 as an intrusion prevention system. Einstein 1 monitors network flow and Einstein 2 detects system intrusions. "This more robust version of Einstein would provide the federal government with an improved early warning and an enhanced situational awareness; the ability to automatically detect malicious activity; and the capability to prevent malicious intrusions before harm is done," Reitinger said. But Gregory Nojeim, senior counsel and director of Project Freedom, Security and Technology at the Center for Democracy and Technology, cited press accounts that Einstein 3 would rely on pre-defined signatures of malicious code that might contain personally identified information, and threaten the privacy of law-abiding citizens. "While Einstein 2 merely detected and reported malicious code, Einstein 3 is to have the capability of intercepting threatening Internet traffic before it reaches a government system, raising additional concerns," Nojeim testified. Einstein 3 reportedly could operate within the networks of private telecommunications companies, and Nojeim wondered if the technology could analyze private-to-private communications. "If Einstein were to analyze private-to-private communications, that would likely be an interception under the electronic surveillance laws, requiring a court order," he said. "

"Big Brother is watching. That is the message corporations routinely send their employees about using email. But recent cases have shown that employees sometimes have more privacy rights than they might expect when it comes to the corporate email server. Legal experts say that courts in some instances are showing more consideration for employees who feel their employer has violated their privacy electronically. Driving the change in how these cases are treated is a growing national concern about privacy issues in the age of the Internet, where acquiring someone else's personal and financial information is easier than ever. "Courts are more inclined to rule based on arguments presented to them that privacy issues need to be carefully considered," said Katharine Parker, a lawyer at Proskauer Rose who specializes in employment issues. In past years, courts showed sympathy for corporations that monitored personal email accounts accessed over corporate computer networks. Generally, judges treated corporate computers, and anything on them, as company property. Now, courts are increasingly taking into account whether employers have explicitly described how email is monitored to their employees."

"A key, centrist digital rights group is set to put out a report calling for strong federal privacy laws and guidelines to regulate the growing tracking and targeting of Americans online. It argues that the self-regulation approach that industry fights for just hasn't worked. The online ad industry has "historically failed to fully implement its self-regulatory principles," according to the 34-page draft report by the Center for Democracy and Technology. CDT is a centrist D.C. group that works with and is substantially funded by the tech industry, including companies like Facebook, Google and AOL that are deeply invested in targeted ads. "Recently revised self-regulatory principles still fall short (.pdf) even as written," charges the draft, obtained by Wired.com. These tough words spearhead a new tactic for a group more used to convening inside-the-Beltway tech policy forums than launching ACLU-style send-outraged-e-mail campaigns. The CDT, which splintered off from the rabble-rousing Electronic Frontier Foundation 15 years ago, is also planning to launch a "Take Back Your Privacy" campaign on Thursday, designed to garner support for its call for comprehensive federal privacy legislation. Dozens of tech firms, known and obscure, record users' behaviors as they interact with search engines, blogs, e-commerce sites and even government websites. The tracking goes on in the background with little knowledge by consumers and even less oversight from government authorities. The tech industry - like others subject to potentially blunt-forced government regulation - has argued that policing itself was enough to prevent egregious privacy intrusions that could proliferate without any real chance individuals would even be aware of them."

"The Electronic Frontier Foundation said it sued the Justice Department and other U.S. agencies to get information about their policies for using social networks including Facebook and Twitter in investigations, data collection and surveillance. The civil rights group said in a complaint filed yesterday in federal court in San Francisco that the government has used social-networking sites in conducting investigations and hasn't clarified the scope of that use or whether there are any restrictions or oversight to prevent abuses. The EFF said in its complaint that it is seeking the information to "help inform Congress and the public about the effect of such uses and purposes on citizens' privacy rights and associated legal protections." It cited news articles that reported police searching Facebook photos for evidence of underage drinking and an FBI search of an individual's home after the person sent messages on Twitter during the G-20 Summit notifying protesters of police movements. Facebook, based in Palo Alto, California, is the world's largest social networking site with more than 300 million users who post photos, messages and other information on their own free Facebook pages. Twitter, based in San Francisco, is a free Web service with 58 million users that lets people send 140- character messages, called "tweets," to multiple followers. EFF, also based in San Francisco, filed Freedom of Information Act requests with federal agencies in October. None of the agencies had completed processing the requests by the applicable 20-day deadline, according to the complaint. The lawsuit seeks a court order for the government to process the requests and produce documents."

Hospital CIOs, chief information security officers, and privacy officers are working diligently to keep their names off that wall. But they are dealing with a regulatory environment that is still in flux. A final rule that will strengthen HIPAA privacy and security safeguards is due out before the end of the year. HHS also has proposed a rule for the accounting of disclosures from electronic records. The biggest shift under way may be a new enforcement regime as the HHS Office for Civil Rights (OCR) shifts gears from only reacting to data breach reports to begin random audits of the privacy and security safeguards of large and small providers and their business associates. Another new wrinkle under the HITECH Act is that state attorneys general can file civil lawsuits for HIPAA violations.

The statement did not indicate whether the information was paper-based or downloaded electronic information, and hospital officials were not immediately available for comment. The information likely was paper-based because "it appears the patients impacted by the incident were limited to individuals born between 1988 and 1992," according to the statement.

Feds would spend $20 billion on health IT if Senate and House agree in coming weeks. The House-passed version of the economic stimulus bill includes about $20 billion in spending for health IT. The bill, known as H.R. 1 or the American Recovery and Reinvestment Act of 2009, would make Medicare and Medicaid providers and hospitals eligible for incentive payments for using certified e-health records technology. It also supports health information exchanges, standards development and conformance testing, a chief privacy officer for health IT and other aspects of health IT. The portion of the bill called the Health Information Technology for Economic and Clinical Health Act -- the Hitech Act, for short -- and health IT spending provisions passed largely unchanged from the bills introduced earlier this month. The Senate is expected to take up a similar bill in the first week of February. The Senate bill now calls for $23 billion in health IT spending. Once it is passed, a House-Senate conference will need to resolve differences between the bills. Congressional leaders aim to send President Barack Obama the bill by mid-February.

Jan 15, 2009 There may be only a handful of days left in the Bush administration, but the brouhaha over White House e-mail retention policies promises to continue right up to the last day. A federal court yesterday extended a preservation order to ensure that the outgoing administration does everything it can to recover any missing White House e-mails. The White House IT staff now has five days to scour workstations for missing e-mail before administration data records are archived on Jan. 20. The ruling, by U.S. District Judge Henry Kennedy Jr., also orders staff of the Executive Office of the President (EOP) to relinquish any digital media that may contain e-mails from March 2003 and October 2005. The legal action is the latest resulting from a lawsuit filed in September 2007 by the National Security Archive against the EOP, seeking to preserve and restore White House e-mails it alleged were missing. "There is nothing like a deadline to clarify the issues," Tom Blanton, the National Security Archive's director, said in a statement. "The White House will complain about the last-minute challenge, but this is a records crisis of its own making." The Archive, an independent nongovernmental research institute based at George Washington University, is a repository of government records and does not receive U.S. government funding. The Citizens for Responsibility and Ethics in Washington (CREW), a left-wing public advocacy group, also filed suit, but its legal action was subsequently consolidated with the Archive's legal action, which is taking place in the U.S. District Court for the District of Columbia. Last May, the White House's top tech staffer acknowledged that three months of data were missing from backup tapes. In earlier testimony before a congressional committee, White House technical staff said millions of e-mails from the past eight years could potentially have been erased. Also yesterday, Magistrate Judge John M. Facciola held an emergency status con