Group items tagged

Monster.com is advising its users to change their passwords after data including e-mail addresses, names and phone numbers were stolen from its database. The break-in comes just as the swelling ranks of the unemployed are turning to sites like Monster.com to look for work. The company disclosed on its Web site that it recently learned its database had been illegally accessed. Monster.com user IDs and passwords were stolen, along with names, e-mail addresses, birth dates, gender, ethnicity, and in some cases, users' states of residence. The information does not include Social Security numbers, which Monster.com said it doesn't collect, or resumes. Monster.com posted the warning about the breach on Friday morning and does not plan to send e-mails to users about the issue, said Nikki Richardson, a Monster.com spokeswoman. The SANS Internet Storm Center also posted a note about the break-in on Friday. USAJobs.com, the U.S. government Web site for federal jobs, is hosted by Monster.com and was also subject to the data theft. USAJobs.com also posted a warning about the breach. Monster.com has been checking for misuse of the stolen information but hasn't yet found any, it said. It has made changes since discovering the break-in but won't discuss them because it doesn't discuss security procedures publicly and because it is still investigating the incident, Richardson said. She also would not disclose the volume of data stolen, but said the company decided it would be prudent to alert all of its users via its Web site.

China has denied allegations that it hacked into a Pentagon IT system and recovered plans for the Joint Strike Fighter (JSF). The combat aircraft which is to be procured by Britain as well, is being produced by Lockheed Martin. In allegations first reported in the Wall Street Journal, hackers stole "several terabytes of data related to design and electronics systems". The most sensitive data however on weapons systems and its stealth technology was not breached since it is kept on computers not connected to the internet. IT experts have said that they suspect the hackers came from China although it will be difficult to identify their exact origins. Hacking into IT systems as complex as the DoD's would require the help and capabilities of another government. Recovering data on the JSF would allow countries or rogue groups who could face the aircraft in future conflicts to develop counter measures based on the aircraft's weaknesses. The Chinese strongly denied that the breach originated from their country. "China has not changed its stance on hacking. China has always been against hacking and we have cracked down very hard on hacking. This is not a Chinese phenomenon. It happens everywhere in the world," a spokesperson for the Foreign Ministry said. This is not the first time the JSF's security has been breached. Early on in the contract the DoD and Lockheed Martin admitted that there was no universal IT security policy for the 1,200 sub contractors and that leaks may have occurred. BAE subsequently admitted that their IT security for JSF material was lax and that leaks could have occurred. Britain is scheduled to buy 150 of the aircraft by 2018.

The US Department of Justice has asked for yet another extension to the judicial oversight of Microsoft's antitrust compliance in order to give the company more time to update its technical documentation. The original judgment had already been extended once to late 2009, but now the DOJ wants it extended again for another 18 months. The sanctions on Microsoft, which were agreed to in 2002 and originally set to expire in November 2007, are aimed at preventing the company from retaliating against hardware vendors that ship computers with alternatives to Microsoft's software products. An additional set of sanctions mandating interoperability API licensing had already been extended for another two years. When it came time for the decree to be lifted, however, Judge Colleen Kollar-Kotelly decided that Microsoft failed to provide protocol specification documents to competitors as required by the agreement. Because of this, she extended the oversight until November of 2009. In a document filed with Judge Colleen Kollar-Kotelly on Thursday, the DOJ requested another extension to her oversight of Microsoft's antitrust settlement, apparently because it feels Microsoft still has a ways to go before meeting the requirements. At the same time, a joint status report from Microsoft and the plaintiffs states that all parties seem to think that things are almost ready. "It is clear to Plaintiffs that Microsoft has made substantial progress in improving the technical documentation over the last two years," reads the report. "While the entire project has taken longer than any of the parties anticipated, the project is nearly complete." The request marks a reversal of the DOJ's previous position that it took in 2007 when it decided not to ask for an extension of the settlement while the attorneys general of ten states (the so-called California and New York Groups) pushed for extensions. At that time, the DOJ stated that it didn't believe that the standard for such an extension had b

The following is an excerpt from the book The Truth About Identity Theft. In this section of Chapter 11: Social Engineering (.pdf), author Jim Stickley explains how easy it really is to hack a password. People often ask me how hard it is to hack a password. In reality, it is rare that I ever need to hack someone's password. Though there are numerous ways to gain passwords on a network and hundreds, if not thousands, of tools available to crack encrypted passwords, in the end I have found that it is far easier to simply ask for them. A perfect example of this type of attack was a medium-sized bank that I was testing recently. The bank's concern was related to the new virtual private network (VPN) capabilities it had rolled out to a number of its staff. The VPN allowed staff to connect directly to their secured network while at home or on the road. There is no doubt that a VPN can increase productivity, but there are some pretty major risks that can come with that convenience. The bank explained that the VPN was tied into its Active Directory server. For people who are not technical, basically this just means that when employees log in via the VPN, they use the same credentials they use to log on to their computer at the office. So I went back to my office, sat down, and picked up the phone. The first call I made was to find out the name of an employee in the IT department. I called the company's main line to the bank, pressed 0, and asked to speak with someone in the IT department. I was asked what I was calling about, so I told the employee I was receiving emails from that bank that seemed malicious. I could have used a number of excuses, but I have found that if you tie in an unhappy customer with a potential security issue, your call gets further up the food chain. In this case, I reached a man who I will call Bill Smith. I made up a story about the email, and after a few minutes, he was able to explain to me that I had called the wrong bank and it was actuall

Social networking phenomenon Facebook has beaten out arch-rival and former market leader MySpace by most measures of popularity, except the one that pays the bills. While Facebook has outpaced MySpace in bringing in members - it has 175 million active users at the latest count, compared with around 130 million for MySpace - it has struggled make money from them. While MySpace is closing in on $1 billion in revenues, Facebook generated less than $300 million in sales last year, reports say. Indeed, Facebook's efforts to drum up revenue have led to it repeatedly becoming the target of some of the biggest online privacy protests on the Web. Its most recent fight earlier this month followed Facebook's attempt to redefine its own rules and assert ownership over anything its members posted on the site. The company has since backed off and is rethinking its policies. Why hasn't Facebook benefited from the vaunted "network effect" that makes such services more valuable the more its adds members and connections between them? After all, Facebook is spreading quickly in nearly 100 languages, while MySpace has focused on the United States and five other markets where Web advertising flourishes. The answer may lie in the origins of the five-year-old site started by then Harvard University student Mark Zuckerberg. Its appeal at the outset was that it was a place where users could share tidbits of their personal lives with selected friends and acquaintances. This blurred the distinction between a private space and a public one. MySpace is more explicitly a public place where friends hang out in the equivalent of a cafe or a club and the aim is often to meet new people. Most of all, MySpace is a place to share music with other fans.

Google has moved forward the debate about privacy and Internet advertising, in its typical way, with deceptively simple engineering and a willingness to impose its way on others. On Wednesday, Google became the last of the big advertising companies to start keeping track of where Internet users surf online so ads can be shown to people based on what they might be interested in buying. In its approach to ad targeting, the company is responding to calls by the Federal Trade Commission and others to be more clear with users' information and control over the information it collects. It has created a window into part of its database, so users can see that Google has deduced that they are interested in "Anime & Manga" comics, or "Alternative-Punk-Metal" music or travel to Afghanistan. (Yes, those are on its list of 600 interest categories.) It also built technology to allow your browser to remember that you don't want Google (or its DoubleClick unit) to remember anything about you. It is more robust than the opt-out system used by many companies that rely on cookies in browsers. These are technical feats that other ad companies said would be too hard.

The Data Protection Directive is old-fashioned and out of date, a report published by the UK's privacy regulator the Information Commissioner's Office (ICO) has said. Commissioner Richard Thomas said that the European Union must change its legislation. The ICO commissioned RAND Europe to investigate whether or not 1995's EU Data Protection Directive was a good basis for Europe-wide data protection law. The research concluded that the law was flawed and needed to be updated. It found that the law must be clearer about what it seeks to achieve, that it should be better at forcing organisations to protect personal data in their charge, that it should encourage a more strategic approach to enforcement and that it does not deal well enough with the export of personal data outside the EU. Thomas said that the Directive, on which the UK's Data Protection Act is based, is outmoded. "The Directive is showing its age. Modern approaches to regulation mean that laws must concentrate on the real risks that people face in the modern world, must avoid unnecessary burdens, and must work well in practice," he said. "Organisations must embed privacy by design and data protection must become a top level corporate governance issue." RAND said that the Directive would be improved by its fundamental approach to ensuring data privacy being changed. It said that the law should focus on the protection of individuals and the security of their data, and not on the processes that lead to that. "The stronger, results oriented approach described in this report aims to protect data subjects against personal harm resulting from the unlawful processing of any data, rather than making personal data the building block of data protection regulations," said the report. "It would move away from a regulatory framework that measures the adequacy of data processing by measuring compliance with certain formalities, towards a framework that instead requires certain fundamental principles to be respected

Feds would spend $20 billion on health IT if Senate and House agree in coming weeks. The House-passed version of the economic stimulus bill includes about $20 billion in spending for health IT. The bill, known as H.R. 1 or the American Recovery and Reinvestment Act of 2009, would make Medicare and Medicaid providers and hospitals eligible for incentive payments for using certified e-health records technology. It also supports health information exchanges, standards development and conformance testing, a chief privacy officer for health IT and other aspects of health IT. The portion of the bill called the Health Information Technology for Economic and Clinical Health Act -- the Hitech Act, for short -- and health IT spending provisions passed largely unchanged from the bills introduced earlier this month. The Senate is expected to take up a similar bill in the first week of February. The Senate bill now calls for $23 billion in health IT spending. Once it is passed, a House-Senate conference will need to resolve differences between the bills. Congressional leaders aim to send President Barack Obama the bill by mid-February.

IT and business both understand the need to protect regulated customer and business data -- so long as they're in business, analysts say. Here's a look at how some folding businesses are falling short protecting data and the possible liabilities for the IT group and CIO. From HIPPA to Sarbox, a slew of regulations to protect customer and employee data force CIOs to step lively to comply. The punishment for failure to do so is costly and even dire. But once a company folds-and more are folding every week given the economy-what happens to that data? Who in the business and IT could be hit by the splatter if it all hits the fan? "Certain companies have been disposing of records containing sensitive consumer information in very questionable ways, including by leaving in bags at the curb, tossing it in public dumpsters, leaving it in vacant properties and/or leaving it behind in the offices and other facilities once they've gone out of business and left those offices," says Jacqueline Klosek, a senior counsel in Goodwin Procter's Business Law Department and a member of its Intellectual Property Group. "In addition, company computers, often containing personal data, will find their ways to the auction block," she adds. "All too often, the discarded documents and computer files will sensitive data, such as credit card numbers, social security numbers and driver's licenses numbers. This is the just the kind of data that can be used to commit identity theft." Discarded and unguarded data is now low-hanging fruit for criminal harvesters and corporate spies. "Recent client activity supports that competitors are beginning to buy up such auction devices specifically with the intention of trying to salvage the data," says James DeLuccia, author of IT Compliance & Controls. "Hard drives are being removed and sold online, or whole servers are sold via Craigslist and Ebay." In some cases, the courts insist data be sold during a bankruptcy. "Company servers, once I restore

Educating consumers about what behavioral targeting is and is not up to, deep within the cookies of their browser, seems to be a bit like alternative energy development. Pretty much everyone says the industry should be doing more about it, and yet it is hard to see where and with whom it starts. Most online materials related to BT are pitched to one end of the value chain, marketers. It's not clear to me that most of the companies in this space are even comfortable talking directly to consumers, let alone taking the time to develop an accessible language to describe their process. Specific Media controls the BehavioralTargeting.com domain and uses it to educate marketers about its methods. Even the Wikipedia entry for this field is really an explanation for advertisers. This is understandable, since most people who are familiar with the term likely come from the industry. But it seems to me the industry misses an opportunity to practice more often, and in more places, what it knows ultimately needs to be done. You guys need to find better, clearer, simpler ways to explain what it is you are doing in our browsers -- and why you are doing it. And what are the real benefits and risks a consumer incurs by tacitly agreeing to your presence? Isn't every possible point of contact with a suspicious consumer a teachable moment? In an earlier post, I recounted how I struck some retargeting gold when FetchBack tagged and remarketed me during my travels online. An opt-out option is clearly available at the front page of the FetchBack site. Unfortunately, from there you either opt-out (kick over to the Network Advertising Initiative site) or click into a long scrolling privacy policy that doesn't actually get around to explaining retargeting until a few screens down.

Heartland Payment Systems, the sixth-largest payments processor in the U.S., announced Monday that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud. Meanwhile, Forcht Bank, one of the 10 largest banks in Kentucky, told its customers it would begin reissuing 8,500 debit cards after being informed by its own card processor of a possible breach. In the case of Heartland, while the company continues to assess the damages inflicted by the attack, Robert Baldwin, the company's president and CFO, says law enforcement has already noted that the attack against his company is part of a wider cyber fraud operation. "The indication that it is tied to wider cyber fraud operation comes directly from conversations with the Department of Justice and the U.S. Secret Service," Baldwin says. The company says it believes the breach has been contained. Heartland, headquartered in Princeton, NJ, handles approximately 100 million transactions per month, although the number of unique cardholders is much lower. "It is still a question as to the percentage of the data flow they were able to get," Baldwin says, adding he would not speculate on the number of cards potentially exposed. Specifics surrounding when the breach occurred are still being analyzed. But Baldwin says two forensic auditing teams have been working on the breach analysis and investigation since late 2008, after Heartland received the notification from Visa and MasterCard. The investigation began immediately after the credit card companies told Heartland they saw suspicious activity surrounding processed card transactions. Described by Baldwin as "quite a sophisticated attack," he says it has been challenging to discover exactly how it happened.

It's funny. Was it just a month ago that we were enjoying the holiday respite, wondering what 2009 would have in store for us? Mind you, I didn't have any delusions. After the breaches, news events and regulatory issues of 2008, I didn't think we were going to turn the calendar page and emerge in a new world of a healthy economy and soaring consumer confidence. But neither did I think, four weeks later, we'd already have our first major security breach of the year - Heartland Payment Systems (HPY) and that it would so dominate our industry's attention. I get it, though, why we're so enamored of this case. It speaks to our biggest fears, first of all, that unknown electronic assailants can sneak into our systems and pry away our customers' names and critical information. Then there's the unknown enormity - we truly don't know how big this breach was. And, finally, it hits home. For you, the banking institution, you're the one left replacing your customers' cards and explaining why. For me, the banking customer ... well, mine is one of the banks doing the explaining. Needless to say, we're monitoring accounts closely. So, we were among the first to break the Heartland story when it first broke last Tuesday, and we've continued to follow it closely. After the initial media surge, where we saw news outlets and solutions providers tripping over one another to opine over what they think happened to Heartland and what it all means, here is what I believe we've learned so far from the case: 1) The Damage Goes Far Beyond the Breach. Heartland execs absolutely did the right thing by stepping forward last week and saying "We were breached," but the company has suffered for it ever since. The market responded to the news by gutting the company's value from over $14 per share last Tuesday to a low of just under $8 this week. Reputationally, you just can't measure the damage - Heartland is now synonymous with "breach," and that's a tough tag to shake. Unable to answer quest

On Monday, U.K.-based digital rights organization Open Rights Group submitted an open letter to major online media players, urging them to prevent ISP-level behavioral targeting firm Phorm from tracking user interactions on their Web sites. The letter, sent to Google, AOL, Microsoft, Facebook, Yahoo, Amazon and Ebay, said, "[ORG] believes that it is clearly in your company's interest, it is in the interests of all of your customers, and it will serve to protect your brand's reputation, if you insist that the Phorm/Webwise system does not process any data that passes to or from your website." "We have received the letter and are giving it careful consideration from privacy and business perspectives," a spokesperson for AOL and its social network Bebo told ClickZ News. Similarly, in reference to the ORG correspondence, a Google spokesperson told ClickZ, "We've received the ORG's letter, but we're still considering the points they raised, so we don't have a response to make at this time." According to information published on the British Telecom Web site (one of Phorm's ISP-partners,) site owners can specifically request that their properties are not "scanned" by Phorm's technology, by contacting the firm directly. Phorm announced deals with three major U.K. ISPs over a year ago, but its technology is still yet to be fully deployed. BT has, however, carried out live trials of the platform with some of its customers. Phorm's CEO, Kent Ertugrul, claims that BT will implement his company's technology by the end of the year, but BT itself remains less committed to that timeline. Both AOL and Google have vested interests in the behavioral targeting space, although not in the controversial area of deep packet inspection (DPI), in which Phorm's technology lies. AOL-owned Tacoda targets ads based on users' activity across a range of partner sites, but does not directly intercept ISP-data. Google also announced this month that it will begin testing similar behavioral targe

Both panels that advise the national coordinator for health IT plan to focus on privacy and security standards needed to support meaningful use of electronic health records when they meet later this month, according to notices in today's Federal Register. The Health IT Policy Committee, led by Dr. David Blumenthal, the national coordinator for health IT, will direct more of its discussion at its upcoming Sept. 18 meeting on health information privacy and security as it makes progress in defining meaningful use under the stimulus law, according to the notice. Likewise, the companion Health IT Standards Committee, which meets Sept. 15, will concentrate on refining standards recommendations made by its privacy and security work group. At the Standards Committee's previous meeting Aug. 20, its privacy and security workgroup presented standards for authentication, authorization, auditing and secure data transmission of health information in EHR products as well as the infrastructure that hosts them. The work of the panel includes protecting data inside an enterprise as well as data exchange between enterprises, "because security is an end to end process," noted Dr. John Halamka, the committee's chairman in a post on his blog, "Life as a Healthcare CIO."

A company that monitors P2P networks says it found details about the president's helicopter, Marine One, on a computer in Tehran. Pittsburgh station WPXI reports. Bob Boback, CEO of Tiversa, said, "We found a file containing entire blueprints and avionics package for Marine One. … What appears to be a defense contractor in Bethesda, MD had a file sharing program on one of their systems that also contained highly sensitive blueprints for Marine One," Boback said. Retired Gen. Wesley Clark, an adviser to Tiversa, added: We found where this information came from. We know exactly what computer it came from. I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went. It's no accident the information wound up in Iran, the company said. Countries like Iran, Pakistan, Yemen, Qatar and China are "actively searching for information that is disclosed in this fashion because it is a great source of intelligence," Boback said. Rep. Jason Altmire said he will ask Congress to investigate the risk to national security of this sort of exposure. Cnet's Charles Cooper interviewed the Tiversa's Sam Hopkins (Cooper says he's the CEO but the original report said Boback is CEO; the company website doesn't list executives), who said someone at the company was running a Gnutella client - possible a buggy one. Hopkins said it's hardly an unusual occurence - although presumably the usual breaches aren't so closely connected to the President. Everybody uses (P2P). Everybody. We see classified information leaking all the time. When the Iraq war got started, we knew what U.S. troops were doing because G.I.'s who wanted to listen to music would install software on secure computers and it got compromised. … We see information flying out there to Iran, China, Syria, Qatar-you name it. There's so much out there that sometimes we can't keep up with it. Bottom line: P2P is the big

It is hard work looking for a job, Matt Sawyer said. "Well with the economy being down right now, it's pretty hard," said Sawyer. Like most job hunters, Matt is posting his resume on various online job sites. But you have to be careful when sending out your personal information over the Internet, privacy expert Pam Dixon said. "The problem is, if you don't use it correctly, it can come back to haunt you," she said. Dixon runs the World Privacy Forum and warns job hunters to be cautious with their personal information when posting their resume. "In fact any competent job site will give you the option of hiding your personal information," said Dixon. Scam artists have been known to steal personal information from resumes and use it to apply for credit. That is why Dixon said you should only include your first initial and last name, no full names, when writing your resume. She also said not to include your phone number or address. Dixon said you should create an email address that is temporary and just use it for your job search. Dixon said scam artist will even call people from their resume and ask for detailed information like a copy of their driver's license or social security number or even their credit card information. The scammers will claim it's for a background check but it's only to steal from the job seeker. Matt admits if he was approached for a job he might give away too much information. "I think when people first get that call and they're real excited about it, they might just jump into it and go ahead and do it," he said.

Concerned that Google knows too much about you? The company provides many ways to protect your privacy online -- you just need to find them. Here are six good ones. 1. Know your privacy rights: Use the Google Privacy Center. This site includes all of Google's privacy policies, as well as privacy best practices for each of its products and services. Although the "legalese" of privacy policies can be difficult to understand, Google's Privacy Channel offers a library of short YouTube videos with practical tips on protecting your data when using Google products and services. Try the "Google Search Privacy" and "Google Privacy Tips" series. 2. Protect your content on the services you use. Some content that Google stores for you, such as photos uploaded in Picasa Web Albums, are public by default. You can protect your privacy when you upload photos by choosing the appropriate checkbox. Choices include "unlisted" (accessible only if you have the Web link, and not indexed by Web search engines) or private (viewable only by named users who must sign in). Another example: You can take a Google Chat "off the record" if you don't want the instant messaging transcript stored. In contrast, Google Latitude, which tracks your whereabouts by way of GPS-enabled cell phones, does not share your location data by default. You must authorize others to see it. Latitude stores your last known location, but not your history. 3. Turn off the suggestion feature in the Chrome browser. By default, Chrome retains a history of Web sites you've visited -- and the full text of those pages -- so it can try to guess which Web address you want as you type in the "Omnibox." You can turn the feature off by going to "Under the Hood" under Options and unchecking the "Use a suggestion service" box. You can also select other privacy options, including surfing in Chrome's "incognito" mode. 4. Turn off Web History. You may have turned on the Web History option, also called Personalized Search, when yo

IT security typically has been deemed one of those services best provided in-house. But the stigma attached to outsourcing security and Security as a Service -- namely that an outsider does not know your company well enough to protect it -- may be falling away, as businesses look for more ways to cut costs. Certainly, some heavy-hitter providers believe attitudes are changing. This month, McAfee Inc. announced its new SaaS Security Business Unit. Headed by former Hewlett-Packard Co. SaaS executive Marc Olesen, the unit will oversee all McAfee products delivered over the Internet, including security scanning services, Web and email security services and remote managed host-based security software and hardware. Meanwhile, last April, IBM launched some hosted and managed services that it says help midsized businesses better manage risk and improve the security of their IT systems, all while offering cost savings over traditional products. Indeed, much of IBM's security strategy during the next 24 months will focus on moving security technologies into the cloud and expanding its managed services offerings, said Jason Hilling, an enterprise services business line executive with IBM Internet Security Systems. That includes providing some hosted implementations of technologies that once were located only at the customer premises. "Because the economy is struggling, I think there will be enough excitement in the marketplace over the cost benefits of Security as a Service that we are going to see a much higher degree of willingness to look at it as a real viable option," Hilling said. Hilling contended that a midmarket company with between 500 and 700 employees can realize costs savings from 35% to upwards of 60% by doing security as a managed service. Savings diminish as the deployment gets larger and more complicated, and the costs of managed services escalate. Yet outsourcing security is not just about cost. The world is becoming very hostile, said Sadik Al-Abdulla,

Bring up the subject of digitizing medical records and you're likely to get a paradox of a discussion. Everyone thinks it will help save money and improve health care, and everyone has grave reservations. Get ready to hear more as a massive economic stimulus bill works its way through Congress, which includes IT health care spending measures. Although lawmakers are close to pulling the trigger. ensuring the privacy of patients' electronic health records (EHR) remains a top concern. "I very firmly believe that the Achilles heel of health IT is privacy," said Sen. Jim Whitehouse, a Rhode Island Democrat who chaired a hearing this morning examining the appropriate safeguards government should insist on before it doles out billions of dollars to help providers computerize patients' records. Champions of health IT argue that EHRs and interoperable systems to integrate data among providers would drive down healthcare costs while greatly reducing medical errors. Just 17 percent of physicians currently have even basic EHRs. The Center for Disease Control has estimated that as many as 98,000 preventable deaths occur in U.S. hospitals each year, many of which could presumably been avoided with more accessible patient data. "If 100,000 Americans were being killed by anything else, we'd be at war," Whitehouse said.

GoogleApps is an upgade to the Los Angeles computer systems security? Doesn't that explain a lot?! Google Inc. this week came swinging at critics who have cited privacy and security concerns in calling on the city of Los Angeles to rethink its plan to implement the Google Apps hosted e-mail and office applications. In an interview yesterday, Matt Glotzbach, director of product management for Google Enterprise, said the angst voiced by consumer groups and others about the Los Angeles project is overstated and based on incomplete information. In fact, he contended that transitioning the applications to Google will strengthen the security of the city's data and better maintain its privacy. "From what I know of the city's operation, this is a security upgrade," Glotzbach said. "Those who may be unfamiliar with cloud computing see this as a security risk simply because it is new and because it is something different," he said. Glotzbach said he believes that at least some of the concerns raised originated from Google's competitors. Meanwhile top managers at the Los Angeles Information Technology Agency (ITA), which oversees technology implementations in the city, yesterday said the city is still committed to implementing Google Apps. The agency insisted that provisions are in place for addressing the security and privacy issues raised by critics. A spokesman for Mayor Antonio Villaraigosa said the city council will sign off on the project only after it is assured that the privacy and security concerns have been properly addressed.

Google Inc. this week came swinging at critics who have cited privacy and security concerns in calling on the city of Los Angeles to rethink its plan to implement the Google Apps hosted e-mail and office applications. In an interview yesterday, Matt Glotzbach, director of product management for Google Enterprise, said the angst voiced by consumer groups and others about the Los Angeles project is overstated and based on incomplete information. In fact, he contended that transitioning the applications to Google will strengthen the security of the city's data and better maintain its privacy. "From what I know of the city's operation, this is a security upgrade," Glotzbach said. "Those who may be unfamiliar with cloud computing see this as a security risk simply because it is new and because it is something different," he said. Glotzbach said he believes that at least some of the concerns raised originated from Google's competitors. Meanwhile top managers at the Los Angeles Information Technology Agency (ITA), which oversees technology implementations in the city, yesterday said the city is still committed to implementing Google Apps. The agency insisted that provisions are in place for addressing the security and privacy issues raised by critics. A spokesman for Mayor Antonio Villaraigosa said the city council will sign off on the project only after it is assured that the privacy and security concerns have been properly addressed.