Group items tagged

""So many people in America think this does not affect them. They've been convinced that these programs are only targeted at suspected terrorists. … I think that's wrong. … Our programs are not perfect, and it is inevitable that totally innocent Americans are going to be affected by these programs," former CIA Assistant General Counsel Suzanne Spaulding tells FRONTLINE correspondent Hedrick Smith in Spying on the Home Front. 9/11 has indelibly altered America in ways that people are now starting to earnestly question: not only perpetual orange alerts, barricades and body frisks at the airport, but greater government scrutiny of people's records and electronic surveillance of their communications. The watershed, officials tell FRONTLINE, was the government's shift after 9/11 to a strategy of pre-emption at home -- not just prosecuting terrorists for breaking the law, but trying to find and stop them before they strike. President Bush described his anti-terrorist measures as narrow and targeted, but a FRONTLINE investigation has found that the National Security Agency (NSA) has engaged in wiretapping and sifting Internet communications of millions of Americans; the FBI conducted a data sweep on 250,000 Las Vegas vacationers, and along with more than 50 other agencies, they are mining commercial-sector data banks to an unprecedented degree."

It affects each & every US citizen in one way or another. Good video on privacy & security.

It's never been easier to get information on the run. Smart devices such as the G1 and Apple iPhone let you put the Internet in your pocket and go - down the block or across the country. But this convenience could cost plenty in lost privacy, consumer advocates and tech analysts say. Once data have been collected and warehoused, you lose control of it forever. "The Big Brother aspect of it is troubling," says Rep. Edward Markey, D-Mass., former chairman of the powerful House Subcommittee on Telecommunications and the Internet. Mobile consumers are especially vulnerable, Markey says. Unlike PCs, cellphones tend to be used by one person exclusively. The information they telegraph - on Web browsing, lifestyle and more - tends to be "highly personalized." That's the main reason mobile data are so prized: The information is incredibly accurate. It's also why Markey and other privacy advocates say the debate about online privacy will become even more intense as advertising migrates to the mobile Web. Mobile advertising is still relatively new - G1 users, for now, get ads only through search results, for instance - but it's clearly a hot spot. The market is expected to reach $2.2 billion by 2012, from about $800 million now, according to JupiterResearch. Ultimately, it could surpass the traditional Web, now a $20 billion ad market. Yahoo, Microsoft and other ad-supported search engines collect information as Google does. But the sheer size and scope of Google's data-mining operation - the Web giant performs more than 80% of all desktop searches worldwide - makes it a uniquely pervasive presence, says Chester. Google and Yahoo, the two biggest players in search advertising, say their self-imposed privacy policies are sufficient to protect consumers, noting that they do not collect or store information in a way that can be directly tracked to an individual. Peter Fleischer, global privacy counsel for Google, says Google tries to make privacy language as

The first sign that something was wrong seemed harmless: A new Dell credit card arrived in my mail one afternoon. More landed in the mailbox the next day. Macy's. Bloomingdale's. Crate and Barrel. Radio Shack. Then later: Visa Sony, Toys R Us and Lowe's cards turned up. I didn't request any of these cards. My first call to Dell revealed what I suspected. Someone had applied for a credit card using my name. I felt violated and vulnerable. Then, it hit me: I've become a statistic, a victim of identity theft. A thief had taken my name, my credit and my identity and managed to spend more than $8,000 (money that, I'm grateful, I didn't have to pay). I still don't know who the culprit was or how it happened. All I know is that if this happened to me - a Sun Sentinel consumer affairs and watchdog reporter - it can happen to anybody. Thieves move quickly Identity theft is the fastest growing crime in the United States, according to the Federal Trade Commission, which enforces identity theft laws. Experts estimate 10 million Americans become victims of identity fraud each year. Last year, businesses lost $56.6 billion to ID theft, the commission said. I've spent hours on the phone talking to fraud investigators, credit bureaus and bank staff as I've tried to sort out the mess that is now mine to clean up. I was exhausted every time a call ended. Individual investigations, conducted by fraud departments for each of the credit card companies that issued accounts in my name, took months to complete before concluding I was a victim of ID fraud. But there is a bright side to this story. I thought I knew how to protect myself. But what I've learned through this experience has taught me that you can never be too careful. I also learned some hard lessons along the way about how best to safeguard my personal information in the future - and respond, if my identity is targeted again.

In April 2008, the blogosphere was abuzz with news that someone was auctioning then-candidate Barack Obama's half-eaten breakfast on eBay, along with silverware purported to contain his DNA. This episode led some to speculate that the DNA of one or both of the presidential candidates would be surreptitiously analysed and their genetic information broadcast before the election for all to examine. Although this scenario did not take place during this election cycle, it is well within the realm of technological possibility. Every day, we shed millions of cells during ordinary activities - licking envelopes, blowing our nose, combing hair. These cells may seem to be mere human detritus, but our biological trash could be a gold mine for information prospectors looking for clues to our health or ancestry. And as an investigation in the latest issue of New Scientist magazine found, there already is a vibrant industry offering covert DNA tests to confirm infidelity and parentage. We have reached this point through technological advances in laboratory genetic analysis, dramatically reduced costs for the analysis and an almost complete absence of rules governing the legal status of "abandoned DNA."

It's funny. Was it just a month ago that we were enjoying the holiday respite, wondering what 2009 would have in store for us? Mind you, I didn't have any delusions. After the breaches, news events and regulatory issues of 2008, I didn't think we were going to turn the calendar page and emerge in a new world of a healthy economy and soaring consumer confidence. But neither did I think, four weeks later, we'd already have our first major security breach of the year - Heartland Payment Systems (HPY) and that it would so dominate our industry's attention. I get it, though, why we're so enamored of this case. It speaks to our biggest fears, first of all, that unknown electronic assailants can sneak into our systems and pry away our customers' names and critical information. Then there's the unknown enormity - we truly don't know how big this breach was. And, finally, it hits home. For you, the banking institution, you're the one left replacing your customers' cards and explaining why. For me, the banking customer ... well, mine is one of the banks doing the explaining. Needless to say, we're monitoring accounts closely. So, we were among the first to break the Heartland story when it first broke last Tuesday, and we've continued to follow it closely. After the initial media surge, where we saw news outlets and solutions providers tripping over one another to opine over what they think happened to Heartland and what it all means, here is what I believe we've learned so far from the case: 1) The Damage Goes Far Beyond the Breach. Heartland execs absolutely did the right thing by stepping forward last week and saying "We were breached," but the company has suffered for it ever since. The market responded to the news by gutting the company's value from over $14 per share last Tuesday to a low of just under $8 this week. Reputationally, you just can't measure the damage - Heartland is now synonymous with "breach," and that's a tough tag to shake. Unable to answer quest

Privacy rights are accepted and, generally, honored in Europe. The wealth - literally and figuratively - of personal information made available through the internet staggers the imagination. Staggering, too, is the prospect of privacy rights being trampled. EC Consumer Protection Commissioner Meglena Kuneva has a bone to pick with internet snooping. And she's launching an investigation into deep data mining. In an official statement (to be released March 31) she will outline concerns of vague and misleading 'term of use' for access to Web sites that can breach EC privacy rules. Commissioner Kuneva was born and raised in Bulgaria during a time when snooping on people was common, legal and nasty. The European Parliament (EuroParl) voted (March 27) overwhelmingly for recommendations in a report linking data surveillance, advertising and cybercrime. The report recommends safeguards for the privacy rights of internet users. The EuroParl called for "making use of existing national, regional, and international law." The MEPs raised the "imbalance of negotiating power between (internet) users and institutions." Internet users, said the MEPs, have the right to "permanently delete" personal details. Facebook's recent change in 'terms of use' allowing it to retain personal information brought a firestorm of criticism and the social networking portal backtracked. And the EC was watching. "It wasn't regulators who spotted the proposed change of terms at Facebook, it was one of the 175 million users," said Commissioner Kuneva's spokesperson Helen Kearns. Collecting and analyzing profile data is big business. It is "the new petroleum of the Internet world," said Ms Kearns, quoted in PC World (March 30). "If you are happy trading your data that's fine, but you should at least know how valuable it is." As Google and Microsoft have learned European Commission rules, unlike American rules, tend to set a low bar for compliance. The former pr

When it comes to online privacy, we all appreciate the risk of publicizing juicy factoids such as incriminating photos or credit card numbers. But few of us realize a subtler threat: In abundance, innocuous, everyday data can divulge sensitive information as well. Some questions shouldn't be asked. Employers, for instance, generally are not allowed to discriminate based on marital status, sexual orientation and so on. But our growing digital footprint is threatening our ability to dodge inappropriate inquiries. Through data mining, employers, insurers, advertisers and others can infer the answers to private questions without even asking. They need two things: a heap of personal data, and the techniques to crunch it. Both are readily available. People generate and share more information than ever before. Besides consciously generated Web content such as blogs, Facebook profiles and YouTube videos, a steady stream of data is exchanged in the background. Companies track our searches, browsing and shopping behavior. Personal electronic devices can silently disclose our location while we post status updates and photos to the Web. All this seems innocent enough - and the more others do it, the safer we all feel. After all, what's one more Twitter update among millions?

Enterprise role management is key in efficiently managing user access rights and enforcing access policies such as segregation of duties. Roles help companies group coarse- and fine-grained access rights (like access to and functionality within a financial accounts application) into groups, called enterprise roles. These enterprise roles map to job functions and are only allowed access rights that don't violate segregation of duties. For instance, a financial clerk role can't contain fine-grained access rights that allow someone in the role to access the accounts receivable and accounts payable parts of the financial application. The processes and tools necessary for effective role management consist of role mining and design (automatic discovery and management of roles based on existing access rights and entitlements data), role recertification (a process performed typically every six months when a business role custodian certifies what access rights should belong to a role), and access recertification (a process performed typically every 3-6 months to ensure all user access is understood and was granted in an audited way).

We've all heard the argument before: "Why should you worry about the government looking into your personal records if you have nothing to hide?" Daniel J. Solove, an associate professor of law at The George Washington University Law School, analyzes that argument in a recently published paper titled "I've Got Nothing to Hide and Other Misunderstandings of Privacy." Solove argues that "the question assumes faulty assumptions about privacy and its value." Those who make the "nothing to hide" argument fail to understand the chilling effect that surveillance has on public discourse, the fact that small bits of private data (which an individual may not object to being uncovered) when put together form a larger and more intimate profile (which an individual may object to), and the mistake of having one's profile mistakenly associated with a group that is labeled as threatening. Here's an excerpt from the paper, which was published in the latest issue of the San Diego Law Review: [T]he problem with the "nothing to hide" argument is that it focuses on just one or two particular kinds of privacy problems - the disclosure of personal information or surveillance - and not others. It assumes a particular view about what privacy entails, and it sets the terms for debate in a manner that is often unproductive. It is important to distinguish here between two ways of justifying a program such as the NSA surveillance and data mining program. First is to not recognize a problem. This is how the "nothing to hide" argument works. It denies even the existence of a problem. The second manner of justifying such a program is to acknowledge the problems but contend that the benefits of the NSA program outweigh the privacy harms. The first justification influences the second, for the low value given to privacy is based upon a narrow view of the problem. The key misunderstanding is that the "nothing to hide" argument views privacy in a particular way - as a

Another test of who owns what data, what can be done with it and the power of State's Rights.

IMS Health (RX) has built a lucrative niche collecting data on which drugs physicians prescribe, then selling the information to pharmaceutical companies. But legislators in more than 20 states have questioned whether the company has a constitutional right to do so. The Supreme Court could shine a spotlight on this topic in the next few weeks if it decides to hear a closely watched case IMS has been fighting in New Hampshire. The court's ruling would quickly reverberate beyond the pharmaceutical industry, affecting virtually any business that uses information about consumer buying behavior to guide its sales strategies.

Tax deadbeats are finding someone actually reads their MySpace and Facebook postings: the taxman. State revenue agents have begun nabbing scofflaws by mining information posted on social-networking Web sites, from relocation announcements to professional profiles to financial boasts. In Minnesota, authorities were able to levy back taxes on the wages of a long-sought tax evader after he announced on MySpace that he would be returning to his home town to work as a real-estate broker and gave his employer's name. The state collected several thousand dollars, the full amount due.

"House lawmakers stepped up their questioning of companies that collect and store information about consumers both on the Internet and in real life. In a hearing today, lawmakers interested in drafting legislation that would place restrictions on how Internet and marketing firms collect consumer information, asked Wal-Mart, WPP and privacy advocates detailed questions about how personal information is gathered and used. Reps. Rick Boucher (D-Va.), Bobby Rush (D-Ill.) and Cliff Stearns (R-Fla.) have been considering a bill, but a draft will most likely not be released until early next year. (See interview with Rush.) The House Energy and Commerce Subcommittees on Comerce, Trade, and Commerce Protection and Comunications, Technology, and the Internet held a joint hearing on the topic--although it was poorly attended by members. "We've moved from an era of privacy keepers to one of privacy peepers and data-mining weepers who want to turn our information into products," said Rep. Ed Markey (D-Mass.). "The product is our records, our privacy, our family's history. We wouldn't let the government do this, so we have to protect against companies that want to do this." "It is understandable that most Americans simply do not trust that their personal information is properly protected," said Rep. Doris Matsui (D-Calif.). "

"Reporting from Washington - When your doctor writes you a prescription, that's just between you, your doctor and maybe your health insurance company -- right? Wrong. As things stand now, the pharmaceutical companies that make those prescription drugs are looking over the doctor's shoulder to keep track of how many prescriptions for each drug the physician is writing. By obtaining data from pharmacies and health insurers, the drug companies learn the prescribing habits of thousands of doctors. That information has become not just a powerful sales and marketing tool for the pharmaceutical industry but also a source of growing concern among some elected officials, healthcare advocates and legal authorities. "

"Got an e-mail list of customers or readers and want to know more about each - such as their full name, friends, gender, age, interests, location, job and education level? Facebook has just the free feature you're looking for, thanks to its recent privacy changes. The hack, first publicized by blogger Max Klein, repurposes a Facebook feature that lets people find their friends on Facebook by scanning through e-mail addresses in their contact list. But as Klein points out, a marketer could take a list of 1,000 e-mail addresses, either legally or illegally collected - and upload those through a dummy account - which then lets the user see all the profiles created using those addresses. Given Facebook's ubiquity and most people's reliance on a single e-mail address, the harvest could be quite rich. Using a simple scraping tool, a marketer could then turn a list of e-mail addresses into a rich, full-fledged set of marketing profiles, with names, pictures, ages, locations, interests, photos, wall posts, affiliations and names of your friends, depending on how users have their profiles set. Run a few algorithms on that data and you can start to make inferences about race, income, sexual orientation and interests. While that information isn't available for all users, Facebook changed its privacy settings in early December so that certain information can't be made private, including one's name, current city, profile picture, gender, networks and friend list (the latter can be somewhat hidden from public view). Anyone with your e-mail address can harvest that information, the company admits."

Probably not limited to FaceBook