Group items tagged

The discovery of documents with students' personally identifying information stored in an unlocked room has launched protests against the university's chief information security officer. Students at Binghamton University in New York are circulating a petition to remove the university's chief information security officer following the discovery of boxes full of documents listing personal information of students and parents in an unlocked storage room. The existence of the unsecured documents was discovered March 6 by a reporter working for student radio station WHRW and disclosed on March 9. For that investigative work, the student reporter could face criminal charges. Binghamton University has had other recent problems with information security. In the past year, according to an article written by Robert Glass, the WHRW news director, university employees accidentally e-mailed the Social Security numbers of 338 students to another group of 200 students, sent the personal information of exchange students -- passport scans and birth certificates -- to student groups, and disposed of information about more than 70 former graduate students in trash bins atop a pile of shredded documents. Those breaches led the university to create an information security council, with a full-time information security officer, to prevent further incidents, according to Glass. Glass did not immediately respond to a request for comment. A University spokeswoman characterized the hiring of Terry Dylewski as the university's chief information security officer as a reflection of the school's ongoing concern about information security rather than a response to past breaches. Asked about the status of the students' petition to remove Dylewski, as reported by Broome County Fox affiliate WICZ TV, she said that question should be directed to the students. The spokeswoman said the university is treating the incident as a possible crime and that a criminal investigation is ongoing. She sai

A law designed to keep college students' grades private often is used for a much different purpose -- to shield universities from potentially embarrassing situations. Some critics say a number of schools are deliberately misreading the Family Educational Rights and Privacy Act in order to keep scandals and other unflattering news from hitting the media. "Some schools have good-faith misunderstandings of the law, but there are others that simply see this as a handy excuse to hide behind," says Frank LoMonte, executive director of the Student Press Law Center, which provides student journalists with legal help. Legal experts say part of the problem is that the law is loosely defined. In addition, the potential consequences of violating the law -- namely, that schools would lose their federal funding -- prompt university officials to be conservative in their decisions about releasing information. Those complaints rankle advocates of student privacy, who say that, if anything, the three-decade-old law should be expanded. "Most of these kids are adults, and they should be able to make their own decisions," says Daren Bakst, president of the Council on Law in Higher Education. Congress already reworked the law to clarify when universities can disclose student information, especially involving health and safety matters. Those changes, adopted in January, followed the 2007 shooting rampage at Virginia Tech by a mentally troubled student.

Hackers, possibly from Asia, have stolen about a decade's worth of personal information on current and former UC-Berkeley students, the university announced Friday. The breaches involved records dating to 1999 at the school's health center that included Social Security numbers, health insurance information, immunization history and the names of treating physicians. No other treatment-related records were stolen, the university said, although self-reported medical histories of students who studied abroad were hacked. The school on Friday sent e-mails and letters to 160,000 people, including about 3,400 Mills College students who used or were eligible for University of California-Berkeley medical services. About 97,000 people are most at risk because their names and Social Security numbers could be connected by the hackers, said Steve Lustig, the university's associate vice chancellor for health and human services. "What's been taken is bits of data that the thief might put together into an identity," he said. The university traced the hackers back to Asia, possibly China, but the exact origin could not be pinpointed. UC and FBI investigators are probing the breaches, which apparently occurred over several months. An FBI spokesman said the agency was informed of the hacking immediately, but declined to provide more information. The thefts were discovered about a month ago, but system administrators did Advertisement not realize the breadth of the attack until April 21. The hackers disguised their work as routine operations and then left taunting messages for UC-Berkeley employees, said Shelton Waggener, the university's associate vice chancellor for information technology. The thieves accessed the information through the university Web site, he said. "You should think of it as a public building," Waggener said. "They got into the building properly, but then they broke into secure areas." Administrators at Mills College, which contracts with UC-Berkeley for

Parents of 18,541 Metro Nashville students will receive letters next week outlining a security breach that put their children's Social Security numbers online for three months. Advertisement Boston-based Public Consulting Group Inc., which holds a five-year, $2.6-million-a-year contract with the state to collect student data from various districts, corrected the error March 31 after a parent using Google to search her daughter's name found it - along with personal data for the students and 6,000 parent names. Art Staehling learned Wednesday that his teenage daughter was on the list and said he's concerned what could happen to her identity. "I find it hard to believe that an established company had a problem of this magnitude," Staehling said. The consulting group will pay for parents of affected children to check all family members' credit reports through Experian and for a year of monitoring. One of the group's owners, Stephen Skinner, said the error happened when workers running a test Dec. 28 on random student data inadvertently stored a file to an insecure directory. They discovered the error March 5 and took down the file, which contained student names, gender, race or ethnicity, date of birth, Social Security number and, in some cases, parent names. But they were unaware Google's search engine had already found the file and indexed it. That's how the parent, who is also a Metro schools employee, found out about the breach weeks later. Public Consulting Group worked with Google to take the information down.

The D.C. agency that handles college financial aid requests said yesterday that it had accidentally e-mailed personal information from 2,400 student applicants to more than 1,000 of those applicants. The Office of the State Superintendent of Education (OSSE) said it has notified all students of the breach, which occurred when an employee of the agency's Higher Education Financial Services Program inadvertently attached an Excel spreadsheet to an e-mail. The information included student names, e-mail and home addresses, phone and Social Security numbers and dates of birth. The disclosure involved the "DC OneApp," an online application that allows D.C. students to apply for a series of grant programs. They include DCTAG, which provides awards of up to $10,000 toward the difference between in-state and out-of-state tuition at public four-year-colleges in the 50 states. The accidental disclosure went to about 1,250 DCTAG applicants, officials said. OSSE never publicly announced the breach, which occurred Wednesday. It did express regret for the incident in an e-mail sent to students and parents the next day. A parent made the e-mail available to The Washington Post over the weekend.

It's not exactly what anyone might expect to find at a garbage dump in Ghana. Journalism students from the University of British Columbia discovered intact hard drives containing secret international security data and personal information at a digital dumping ground in Ghana, said their teacher, Peter Klein. Mr. Klein, a producer for the PBS television program Frontline and an Emmy Award winning journalist, said the drives included information about U.S. Homeland Security and Pentagon defence contracts as well as social security numbers, credit card numbers, and family photos. The dumps are frequented by criminal gangs in the country, he said. The findings are part of a project by Mr. Klein's graduate students investigating electronic waste, or e-waste. The team also travelled to Guiyu, China, and India, piecing together the afterlife of discarded computers, drives and parts. To find out if cyber criminals could get information stored on the computers, the students bought several hard drives from vendors near the Ghana dumps to test at home in Vancouver. One of the drives came from Northrop Grumman, a large U.S. military contractor. It contained "details about sensitive, multimillion-dollar U.S. government contracts" as well as contracts with the defence intelligence agency and NASA, according to a synopsis of the project on the PBS website.

"Federal agents can examine webcam photos and other information secretly collected from students' laptops and stored in the Lower Merion School District's computer network, a judge has ruled. Acting on a request from federal prosecutors, U.S. District Judge Jan E. DuBois agreed to broaden an earlier order that limited the release of the photos to the students or their parents and lawyers. His order was signed Friday and made public Monday. FBI agents and prosecutors want to review the images to see whether any laws were broken when school district employees activated a tracking system that snapped photos and copied screen images from lost or stolen laptops. Lower Merion school officials have acknowledged poor planning and oversight led the tracking system to capture at least 50,000 images - some showing teens or their relatives in their homes - from laptops that had already been returned to students."

Confused by the difference between privacy & security? What might your kid's laptop camera capture if it was secretly turned on by their school while searching for stolen laptops? Soon the FBI will be able to tell you.

Personal profiles on Facebook and other social-networking sites are a trove of inappropriate and embarrassing photographs and discomfiting breaches of confidentiality. You might expect that from your friends and even some colleagues - but what about your doctor? A new survey of medical-school deans finds that unprofessional conduct on blogs and social-networking sites is common among medical students. Although med students fully understand patient-confidentiality laws and are indoctrinated in the high ethical standards to which their white-coated profession is held, many of them still use Facebook, YouTube, Twitter, Flickr and other sites to depict and discuss lewd behavior and sexual misconduct, make discriminatory statements and discuss patient cases in violation of confidentiality laws, according to the survey, which was published this week in the Journal of the American Medical Association. Of the 80 medical-school deans questioned, 60% reported incidents involving unprofessional postings and 13% admitted to incidents that violated patient privacy. Some offenses led to expulsion from school.

Two high school girls are suing their local District Attorney after he threatened to file child sex abuse charges against them over a cellphone photo of themselves in their bras. Marissa Miller and Grace Kelly, both now 15, were 13 when the picture was taken at a slumber party. It is believed to show the two friends from the waist up, both wearing bras. Several of their classmates had a copy of the photo stored on their cellphone, thanks to a craze called 'Sexting', where provocative cellphone images are exchanged between young people. The girls both attend Tunkhannock Area High School, Pa. The image in question found its way to District Attorney George P. Skumanick of Wyoming County after it was discovered on one student's confiscated cellphone. Skumanick was indignant enough to threaten all of those involved - either because they were found to be in possession of the image or because they were identified from the photo - with child sex abuse charges if they did not attend a ten hour class on pornography and sexual violence. Such charges, if filed, could lead to jail time as well as potentially having to register as a sex offender for anyone convicted. Seventeen other students accepted the 'deal' and agreed to go on the course. The parents of Marissa, Grace, and one other girl, however, felt that the threat from the DA was over-zealous and are fighting back. With the help of the American Civil Liberties Union, they have filed suit against Skumanick in federal court in Scranton, Pa. The lawsuit asks the court to prevent Skumanick from filing charges against them, arguing that they had a right under the first and fourth amendments to refuse his deal and contending that his threat of sexual abuse charges was retaliatory in nature.

Stay Online on the world wide web online roulette from Contemporary sydney, Fun and Free! Now you is capable of doing Actual "www.funlivecasino.com.au" Stay Online on the world wide web online roulette for Fun in Contemporary sydney on a product new web page, FunLiveCasino.com.au. Using the newest on the world wide web operating technology, Fun Stay Gambling house allows you be a part of a genuine action occurring on a genuine desk in a genuine betting house, all approved on Live! You can see other real gamers in the betting house betting on the same outcomes you do providing you greatest believe in in the outcomes as they are not designed 'just for you a, like other action experiencing items such as 'live studios' or pc designed actions. Its awesome to think next time your really in the betting house that you might be on digicam, and individuals on the world wide web might be watching! The long run is scary! Believe one day soon this will be the only way individuals would bet on the world wide web because the worldwide web is complete of fraudsters, you have to be extremely cautious, and why would you perform Online Online on the world wide web online roulette any other way except from a Actual Gambling house you can check out, see, pay attention to and trust! Amazingly this site is absolutely 100 % 100 % 100 % free and has no determining upon up process, no junk, no pc rabbit mouse mouse clicks and no pressure. Just Immediate Fun "www.funlivecasino.com.au" 100 % 100 % 100 % free Stay Roulette! Give it a try, its value verifying out! "www.funlivecasino.com.au"Australia's Online Fun Stay Casino! Backlinks designed from http://fiverr.com/radjaseotea/making-best-156654-backlink-high-pr

A former IT analyst at the Federal Reserve Bank of New York and his brother were arrested Friday on charges that they took out loans using stolen information, including sensitive information belonging to federal employees at the bank. Prosecutors allege that Curtis Wiltshire, 34, took out student loans totalling US$73,000 using the stolen information. His brother, Kenneth Wiltshire, 40, is charged with using the identities of two federal employees to try and obtain a loan for a 2006 Sea Ray 340 Sundancer speedboat. The charges (pdf) come two months after federal investigators found two 2006 student loan applications on a thumb drive attached to the work computer of Curtis Wiltshire, who had worked at the Reserve Bank for nearly eight years as an information and technical analyst. According to court documents, that investigation was unrelated to the fraud charges. Wiltshire was dismissed soon after the drive was found on around Feb. 15, prosecutors said. The charges were filed in the federal court in Manhattan. The two men could not be reached for comment Friday and the names of their lawyers were not included in the court documents. Curtis Wiltshire had "access to computer files containing information about employees of the [federal bank], including their names, dates of birth, Social Security numbers, and photographs," U.S. Federal Bureau of Investigation Special Agent Cordel James said in an affidavit filed in the case. Curtis Wiltshire was charged with bank fraud and identity theft and faces more than 30 years in prison if convicted. His brother was charged with mail fraud and identity theft and faces a maximum of 22 years in prison.

"Scott Fortnum had put in almost a full day of work at his Markham, Ont., office when he decided to "check in" on Foursquare, a location-based social network where users log the names and co-ordinates of the places they visit with a time stamp. The 44-year-old's check-in was marked with a small coral balloon on an embedded Google Map and instantly viewable by the 12 friends he lists on Foursquare - and millions of others. His check-in found its way onto pleaserobme.com, a recently launched website with a mischievous mandate: "listing all those empty homes out there." With March break approaching, many impending vacationers are installing automatic timers on their lights and putting their newspaper subscriptions on hold to deter burglars. Many are also posting on Twitter about when they're leaving and touting their week-long getaway to Jamaica on Facebook - unwittingly letting the online world know exactly when they're away. Mr. Fortnum's check-in appeared this way on Please Rob Me: @sfortnum left home and checked in 30 minutes ago: I'm at ALS Canada (3000 Steeles Ave. E. #200, DVP & Steeles, Toronto.) http://4sq.com/4MmX51 Many Foursquare users such as Mr. Fortnum cross-post their check-ins to Twitter, where they are easy to find through the search function. With some simple coding, Please Rob Me's creators are able to collect those millions of public tweets on their site in real time, highlighting one of the many security concerns that springs from broadcasting one's whereabouts online. Frank Groeneveld, one of the three students from the Netherlands who designed Please Rob Me, says he co-created the site to give members of social networks a wake-up call."

Finally a site that might make someone a profit!

"Important personal information, such as social security numbers, names and zip codes, of many Notre Dame employees was exposed to the Internet after the University accidentally placed the information in a publicly accessible location. The data breach affected about 24,000 employees, including some students who work for the University, Gordon Wishon, associate vice president of information technology and the University's chief information officer, said. The personal information that was exposed will no longer be accessible because the University immediately removed it from the Internet and secured it, he said. "

The sheer volume of amateur cellphone sex videos on the Internet's porn site - while certainly culturally edifying - illustrates the new truth about sex in the 21st century: don't let anyone record it, or everyone will be enjoying it. But sometimes, the all-seeing and voyeuristic eye of consumer video culture has a happy ending: a businessman who recorded himself having sex with a university student was recently cleared of the charges after the footage was shown in court. Before the footage was presented as evidence, the judge warned both the gallery and the jury: "You are going to see a clip which from what I have been told you may find extremely distasteful." Despite this warning, though, the defense failed to exhibit a scene from Dustin Diamond's sex tape, but instead a rather traditional recording of an enthusiastic coupling. After the tape had finished playing, the judge ruled in the favor of the defendant. "You and Mr Taylor were very familiar with each other and comfortable in each other's presence." There's the possibility, of course, that the judge made the wrong decision: there could have been drugs involved. But score one for the good guys. A lot is made, rightfully, of the eradication of privacy in the digital age, but when it can help a man avoid wrongful imprisonment and the total ruin of his life, there's a bright side. The moral? If you're actively swinging, pony up for a cell phone with a good camera. And PornHub commenters say, the more megapixels, the better.

Guess what? That unlocked rant you put on your MySpace profile is open to the public and can be seen by anyone with a computer. Imagine that! Cynthia Moreno learned this the hard way. A judge ruled earlier this month that it was not an invasion of her privacy when a local newspaper published a rant pulled from her MySpace blog. After a visit to her hometown of Coalinga, Calif., college student Moreno penned a 700-word blog entry titled "An Ode to Coalinga" that opened with "the older I get, the more I realize how much I despise Coalinga." Moreno subsequently deleted the blog entry, but Roger Campbell, principal of Coalinga High School, discovered it before the deletion and handed it over to his friend Pamela Pond, editor of the Coalinga Record newspaper. Pond then published the rant in its entirety as a letter to the editor, printing Cynthia's full name. The Moreno family was met with death threats and shots were fired outside their home. Cynthia's father David was forced to close his 20-year-old family business, and the family moved to another town. The family sued the newspaper and the Coalinga-Huron Unified School District for invasion of privacy and infliction of emotional distress. The case against the newspaper was dismissed on free speech grounds, but the case against Campbell and the school district was allowed to proceed. Campbell did not violate Moreno's rights when he handed over her rant to Pond because Moreno's blog entry was published on the Internet and available for anyone to see, according to the Superior Court of Fresno County.

Social networking phenomenon Facebook has beaten out arch-rival and former market leader MySpace by most measures of popularity, except the one that pays the bills. While Facebook has outpaced MySpace in bringing in members - it has 175 million active users at the latest count, compared with around 130 million for MySpace - it has struggled make money from them. While MySpace is closing in on $1 billion in revenues, Facebook generated less than $300 million in sales last year, reports say. Indeed, Facebook's efforts to drum up revenue have led to it repeatedly becoming the target of some of the biggest online privacy protests on the Web. Its most recent fight earlier this month followed Facebook's attempt to redefine its own rules and assert ownership over anything its members posted on the site. The company has since backed off and is rethinking its policies. Why hasn't Facebook benefited from the vaunted "network effect" that makes such services more valuable the more its adds members and connections between them? After all, Facebook is spreading quickly in nearly 100 languages, while MySpace has focused on the United States and five other markets where Web advertising flourishes. The answer may lie in the origins of the five-year-old site started by then Harvard University student Mark Zuckerberg. Its appeal at the outset was that it was a place where users could share tidbits of their personal lives with selected friends and acquaintances. This blurred the distinction between a private space and a public one. MySpace is more explicitly a public place where friends hang out in the equivalent of a cafe or a club and the aim is often to meet new people. Most of all, MySpace is a place to share music with other fans.

Eight years ago, a woman we'll call Sarah discovered that she was not biologically related to the father she had known all her life. Sarah, her mother revealed, was "donor-conceived." Her parents, after trying without success for a pregnancy of their own in the late 1970s, turned to a fertility center, where Sarah's mother was artificially inseminated with sperm from an anonymous donor. At the time sperm banks did not offer detailed donor profiles. Upon discovering the truth, Sarah was told what her parents had been told about her biological father: He was a medical student, possibly of Scandinavian ancestry. Sarah, who describes her family as "loving and stable," was shocked. Today she is also sick. A year before finding out about her conception, she began to experience severe, unexplained bladder problems. She has been seeing doctors at Johns Hopkins; so far they haven't figured out the cause. Recently married, Sarah worries that she may pass the illness on to future children. The medical history of her biological father could provide a crucial piece of the diagnostic puzzle. But in the early days of artificial insemination, clinics often shredded or burned files to ensure donor anonymity and client privacy. Sarah's father's identity may be locked away in storage somewhere, or it may have been destroyed. Although aware of the likely futility of her search, Sarah still continues-writing the clinic, nurses, her doctor-in the hope that someone can help. Faced with stories like this, the fertility industry and a few state governments are trying to come up with a way to ensure that future donor-conceived children will have access to their fathers' medical files. A national registry, for example, could allow banks to monitor how many times a man donates semen and how many children are born from his seed, to share updates about medical issues and to facilitate long-term research on health outcomes. But any such registry poses a threat to the p

New Jersey lawmakers are considering new legislation that would require Facebook, MySpace and others to police social networking sites for offensive posts or else face potential consumer fraud lawsuits. But some lawyers say that even if the measure is enacted, it's not likely to have much impact on social networking sites because the federal Communications Decency Act immunizes such sites from lawsuits based on material posted by users. The bill is part of state Attorney General Anne Milgram's Internet safety initiative. "The social networking site safety act is intended to deter cyber-bullying and the misuse of social networking Web sites," the Office of Attorney General said in a statement about the measure. "The bill empowers users of social networking sites to take steps to stop harassment or exploitation." Last year, Milgram garnered headlines by launching a fraud investigation of gossip site JuicyCampus.com -- where users frequently posted insults about college students -- but no legal action resulted. (That site folded last month for financial reasons.) Attempts to rein in cyberbullying might be politically popular, but this type of state effort to regulate global Web sites is also likely to prove useless, say cyber lawyers. "We need to recognize that legislating on the Internet can't be done on a state-by-state basis," said Parry Aftab, an expert on Web safety and cyber-abuse. "We can't have a different law in each state."

Across the country, many major-college athletic departments keep their NCAA troubles secret behind a thick veil of black ink or Wite-Out. Alabama.Cincinnati. Florida. Florida State. Ohio State. Oklahoma. Oregon State. Utah. They all censor information in the name of student privacy, invoking a 35-year-old federal law whose author says it has been twisted and misused by the universities. Former U.S. Sen. James L. Buckley said it's time for Congress to rein in the Family Educational Rights and Privacy Act, which he crafted to keep academic records from public view. A six-month Dispatch investigation found that FERPA, as it's commonly called, is a law with many conflicting interpretations. And that makes it virtually impossible to decipher what is going on inside a $5 billion college-sports world that is funded by fans, donors, alumni, television networks and, at most schools, taxpayers.

A surprise legal maneuver by the defense in the Sarah Palin hacking case could undermine key charges carrying the stiffest potential penalties. A lawyer for the Tennessee college student charged with hacking into the Alaska governor's Yahoo e-mail account last year says his client couldn't have violated Palin's privacy because a judge had already declared her e-mails a matter of public record. "He's not suggesting that e-mail can't be private," says Mark Rasch, a former Justice Department cybercrime prosecutor. "He's saying this particular e-mail was not private or personal because of who she is and because it wasn't intimate communication. " Additionally, photos that 20-year-old David Kernell allegedly obtained of Palin and her family were not private since the Palins are "the subjects of untold numbers of photo-ops," the lawyer argued last week, in one of a slew of motions and memorandums attacking the government's four-count federal indictment against Kernell.

Creative lawyer. The kid is still stupid. To me, It says more that Palin didn't get in trouble for using a public web mail account for State business. The kid who reads her email is on trial? What a country.

Social networking sites are often used by government ministers as an example of the profound way attitudes to privacy have changed. They argue that the young generation invade their own privacy to a far greater extent than the government ever would. The implication is that the older people who object to government intrusion are living in the past. The response to this is that people who use social networking sites voluntarily reveal things about themselves and have a degree of control of over how long information and photographs stay in the public domain, while the government collects and stores information without permission and allows the subject no access to the data held. There is no obvious comparison between the two activities. But this doesn't let the social networking sites off the hook. Most internet companies claim a kind of morality free status when it comes to such issues as privacy and copyright, and Web 2.0 sites are no different. A study published this week by Cambridge PhD students shows that nearly half of all social networking sites retain copies of photographs after being "deleted" by users. The study examined 16 popular websites that host user-uploaded photos, including social networking sites, blogging sites and dedicated-photo-sharing sites. Seven of the 16 sites surveyed were still maintaining copies of users' photos after they had been deleted by the user. The researchers - Jonathan Anderson, Andrew Lewis, Joseph Bonneau and lecturer Frank Stajano - found that by keeping a note of the URL where the photo is actually stored in a content delivery network, it was possible for them to access the photo even after it had been deleted.