Group items tagged

The European Commission threatened Britain with sanctions on Tuesday for allowing an Internet service provider to use a new advertising technology to track the Web movements of customers. The European telecommunications commissioner, Viviane Reding, said that use of a tracking tool created by Phorm violated European privacy laws. The country's largest service provider, BT, acknowledged last April that it used the tool without customers' consent in 2006 and 2007, Ms. Reding said. "European privacy rules are crystal clear: a person's information can only be used with their prior consent," Ms. Reding said. The case could become a test for the limits of ads that aim at online behavior. Supporters of the practice say it has the potential to transform advertising by allowing marketers to show Internet users only ads that are considered relevant to them, based on their surfing habits.

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

The Oklahoma Department of Human Services (DHS) is notifying more than one million state residents that their personal data was stored on an unencrypted laptop that was stolen from an agency employee. The computer file contained the names, Social Security numbers, birth dates and home addresses of Oklahoma's Human Services' clients receiving benefits from programs such as Medicaid, child care assistance, nutrition aid and disability benefits, the agency announced Thursday. The computer, which was stolen when a thief broke into the car April 3 after the employee stopped on her way home from work, was password protected, and officials do not believe the burglar realized what he or she was stealing. Therefore, the risk of the data being accessed is minimal, according to the agency. "We feel this was not a situation where someone was targeting the agency or that information," DHS spokeswoman Mary Leaver told SCMagazineUS.com on Friday. "We feel it was random." Leaver said the state Office of Inspector General is conducting an investigation, out of which likely will come a mandatory review of information security policies. However, it is not believed the employee violated existing policy when the incident occurred, she said. News of the theft comes one day after the Ponemon Institute, in conjunction with Intel, released a study that found the average value of a lost laptop is $49,246. About 80 percent of the cost is related to the chance that a breach could occur, the study showed.

By now, many employees are uncomfortably aware that their every keystroke at work, from email on office computers to text messages on company phones, can be monitored legally by their employers. What employees typically don't expect is for the company to spy on them while on password-protected sites using nonwork computers. But even that privacy could be in jeopardy. A case brewing in federal court in New Jersey pits bosses against two employees who were complaining about their workplace on an invite-only discussion group on MySpace.com, a social-networking site owned by News Corp., publisher of The Wall Street Journal. The case tests whether a supervisor who managed to log into the forum -- and then fired employees who badmouthed supervisors and customers there -- had the right to do so. The case has some legal and privacy experts concerned that companies are intruding into areas that their employees had considered off limits. "The question is whether employees have a right to privacy in their non-work-created communications with each other. And I would think the answer is that they do," said Floyd Abrams, a First Amendment expert and partner at Cahill Gordon & Reindel LLP in New York. The legal landscape is murky. For the most part, employers don't need a reason to fire nonunion workers. But state laws in California, New York and Connecticut protect employees who engage in lawful, off-duty activities from being fired or disciplined, according to a report prepared by attorneys at the firm Proskauer Rose LLP. While private conversations might be covered under those laws, none of the statutes specifically addresses social networking or blogging. Thus, privacy advocates expect to see more of these legal challenges. In February, three police officers in Harrison, N.Y., were suspended after they allegedly made lewd remarks about the town mayor on a Facebook account. The officers mistakenly thought the remarks were protected with a password, but city officials view

Guess what? That unlocked rant you put on your MySpace profile is open to the public and can be seen by anyone with a computer. Imagine that! Cynthia Moreno learned this the hard way. A judge ruled earlier this month that it was not an invasion of her privacy when a local newspaper published a rant pulled from her MySpace blog. After a visit to her hometown of Coalinga, Calif., college student Moreno penned a 700-word blog entry titled "An Ode to Coalinga" that opened with "the older I get, the more I realize how much I despise Coalinga." Moreno subsequently deleted the blog entry, but Roger Campbell, principal of Coalinga High School, discovered it before the deletion and handed it over to his friend Pamela Pond, editor of the Coalinga Record newspaper. Pond then published the rant in its entirety as a letter to the editor, printing Cynthia's full name. The Moreno family was met with death threats and shots were fired outside their home. Cynthia's father David was forced to close his 20-year-old family business, and the family moved to another town. The family sued the newspaper and the Coalinga-Huron Unified School District for invasion of privacy and infliction of emotional distress. The case against the newspaper was dismissed on free speech grounds, but the case against Campbell and the school district was allowed to proceed. Campbell did not violate Moreno's rights when he handed over her rant to Pond because Moreno's blog entry was published on the Internet and available for anyone to see, according to the Superior Court of Fresno County.

BBC Click's tweet states that they took legal advice following comments on the potential violation of U.K's Computer Misuse Act. There's a slight chance that you may have unknowingly participated in a recent experiment conducted by the BBC. In a bit of an awkward and highly unnecessary move, a team at the BBC's technology program Click has purchased a botnet consisting of 22,000 malware infected PCs, self-spammed themselves on a Gmail account, and later on DDoS-ed a a backup site owned by security company Prevx (with prior agreement), all for the sake of proving that botnets in general do what they're supposed to - facilitate cybercrime. A video of the experiment is already available. Here are more details : Upon finishing the experiment, they claim to have shut down the botnet, and interestingly notified the affected users. Exposing cybercrime or exposing the obvious, the experiment raises a lot of ethical issues. For instance, how did they manage to contact the owners of the infected hosts given that according to the team they didn't access any personal information on them? It appears that they modified the desktop wallpapers of all the infected hosts to include a link notifying them that they've been part of the experiment. Thanks, but no thanks.

Congress has been dithering over the adoption of a federal data security breach notice law for the last several years without coming to an agreement on a national standard for reporting breaches in the security of personal and financial data, but on February 17, data breach notice provisions applicable to health information were signed into law as part of the HITECH Act provisions of the massive economic stimulus legislation, H.R. 1 (111th Cong., 1st Sess. Feb. 17, 2009). Beginning no later than September 16 of this year, "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA) will be required to give notice of breaches in the security of protected health information, and "business associates" of HIPAA-covered entities will be required to report such breaches to the covered entities. §13402(a) & (b). Currently, California and Arkansas are the only states that require that notification be given in the case of a breach in the security of medical or health insurance information. The HIPAA Privacy Rule currently does not contain a requirement that individuals be notified in the event of such as breach. However, some covered entities interpret the existing HIPAA Privacy Rule requirement that covered entities mitigate harmful effects of uses or disclosures of health information in violation of either the Privacy Rule or the entity's policies and procedures as suggesting that such notice be given, and many covered entities currently provide such notification.

To help parents better understand their childrens' online privacy rights, the Federal Trade Commission has developed a new article, Protecting Kids' Privacy. The article is posted at OnGuardOnline.gov, a Web site sponsored by the federal government and the technology industry to help users stay on guard against Internet fraud, secure their computers, and protect their personal information. Parents can learn what Web sites must do to protect the privacy of kids younger than 13 under the Children's Online Privacy Protection Act (COPPA). For example, with very few exceptions, sites must get parents' permission if they want to collect or share their kids' personal information. Parents also will find tips for talking to their kids about online privacy, knowing what their kids are doing online, reporting a Web site that may be violating COPPA, and more. To learn more about online privacy for kids, view this article on OnGuardOnline.gov at www.OnGuardOnline.gov/topics/kids-privacy.aspx or view it as an FTC Facts for Consumers publication at http://www.ftc.gov/bcp/edu/pubs/consumer/tech/tec08.shtm. The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC's Web site provides free information on a variety of consumer topics.

Last month, the digital advertising industry's use of behaviorally targeted advertising gained a reprieve of sorts when the Federal Trade Commission issued a final report confirming its earlier support of self-regulation. But some commission members remained concerned about ads that are shown to Web users based on their previous online activities, and in particular the possibility of violations of online privacy. Some form of legal restrictions may be imposed on the industry, the FTC indicated, if the online ad industry isn't up to the task of regulating itself. "Privacy is definitely the biggest concern today," said Joe Apprendi, CEO of Collective Media, an online advertising network based in New York. "There has been the concern that through such approaches as deep-packet technology, companies can leverage information through subscriber-based providers to marry anonymous behavioral segment data and identify real people. "The fact is, online advertising is subject to a higher standard that offline direct marketing tactics," Apprendi said. The FTC report, "Self-Regulatory Principles for Online Behavioral Advertising," continues to advocate voluntary industry self-regulation, in keeping with its principles governing online behavioral advertising issued at the end of 2007, despite the urgings of consumer advocacy groups that it impose rules regulating online advertising. The commission's new guidelines are based on four principles: * Transparency and consumer control. The commission advises that Web sites that collect data for behavioral advertising provide "a clear, concise, consumer-friendly and prominent statement" that the data are being collected to provide ads tailored to the user's interests and that the user has an easy and obvious way to choose whether to allow this. * Security for data retention. Companies that collect data for behavioral advertising should provide "reasonable" protection of that information and reta

An Italian judge on Wednesday gave the go-ahead to a case in which Google (GOOG) could be held responsible for content it hosts but does not produce. The case centers on a 2006 video of four Italian youths taunting a child with Down syndrome. In the video, one of the youths incorrectly claims to be part of a small Down syndrome advocacy group called Vivi Down. The video was uploaded to the Google Video site, where it stayed for two months. Prosecutors have filed charges against five Google executives, saying they were in violation of Italian privacy laws and of contributing to the defamation of Vivi Down. At the heart of the case are two main questions: Should sites such as Google Video be held responsible for the content they host? And should such non-brick-and-mortar New Economy companies be subject to the laws in countries where they are not based? "The outcome of this will be to determine how big companies like Google should be expected to act," said Raffaele Zallone, a former chief counsel for IBM's Italian offices and the attorney representing a woman seeking damages in a secondary case tacked onto the main charges. FIND MORE STORIES IN: Italy | Google Inc | International Bus. Machines | Milan | New Economy Zallone, along with Milan prosecutors, the city's ombudsman and an attorney for Vivi Down, the advocacy group, say Google should have become aware of the offending video sooner and removed it sooner. Guglielmo Pisapia, Google's lead attorney in the case, denies any wrongdoing and says Google could not have acted differently. "Google did not produce the video, and when they received an official complaint, they removed it within five hours," said Pisapia, a former member of the Italian parliament. "If the argument is that they should have evaluated the video before it was posted, then that is a dangerous precedent." Oliviero Rossi, an author and commentator on technology issues, says unusual cases that push the limits of the law as this one does are

Big Brother may be at it again. Behavioral advertising - the tracking of consumer's Internet surfing activity to create tailored ads - has triggered an intense legal controversy that has law firms scrambling to stay on top of a burgeoning practice. Attorneys say that behavioral advertising is raising privacy, litigation and regulation fears among consumer advocates, the electronic commerce and advertising industries and legislators. Law firms are busy helping companies come up with a transparent way of letting consumers know that their online activities are being tracked and possibly shared. "Lawmakers and companies are having a tough time keeping up with this new frontier of Internet privacy issues, and there is growing consumer unrest about behavioral advertising, leading in some cases to consumer rebellion," said Lisa Sotto, a partner and head of the privacy and security data group in the New York office of Richmond, Va.-based Hunton & Williams. "Consumers find this type of tracking intrusive, and businesses are starting to take the consumer reaction seriously," she said. The buzz over behavioral advertising has been building since congressional hearings that were held last year, during which Congress called on Internet service providers (ISPs) to testify about a highly controversial advertising practice known as "deep-packet inspection." The practice gives companies the ability to track every Web site consumers visit and provides a detailed look at everything they're doing, such as where they're going on vacation, who is going, how much they spent on the trip and what credit card was used. But then came the first class action targeting behavioral advertising, filed against Foster City, Calif.-based NebuAd Inc., an online advertising company accused of spying on consumers from several states and allegedly violating their privacy and computer security rights. The lawsuit specifically alleges that NebuAd engaged in deep-packet inspection. Valentine v. Ne

The first sign that something was wrong seemed harmless: A new Dell credit card arrived in my mail one afternoon. More landed in the mailbox the next day. Macy's. Bloomingdale's. Crate and Barrel. Radio Shack. Then later: Visa Sony, Toys R Us and Lowe's cards turned up. I didn't request any of these cards. My first call to Dell revealed what I suspected. Someone had applied for a credit card using my name. I felt violated and vulnerable. Then, it hit me: I've become a statistic, a victim of identity theft. A thief had taken my name, my credit and my identity and managed to spend more than $8,000 (money that, I'm grateful, I didn't have to pay). I still don't know who the culprit was or how it happened. All I know is that if this happened to me - a Sun Sentinel consumer affairs and watchdog reporter - it can happen to anybody. Thieves move quickly Identity theft is the fastest growing crime in the United States, according to the Federal Trade Commission, which enforces identity theft laws. Experts estimate 10 million Americans become victims of identity fraud each year. Last year, businesses lost $56.6 billion to ID theft, the commission said. I've spent hours on the phone talking to fraud investigators, credit bureaus and bank staff as I've tried to sort out the mess that is now mine to clean up. I was exhausted every time a call ended. Individual investigations, conducted by fraud departments for each of the credit card companies that issued accounts in my name, took months to complete before concluding I was a victim of ID fraud. But there is a bright side to this story. I thought I knew how to protect myself. But what I've learned through this experience has taught me that you can never be too careful. I also learned some hard lessons along the way about how best to safeguard my personal information in the future - and respond, if my identity is targeted again.

A U.S. appeals court on Friday denied a bid by the cable industry to overrule privacy rules that make it more difficult for them to share subscribers' personal information with other parties. The U.S. Court of Appeals for the District of Columbia Circuit denied a petition by the National Cable and Telecommunications Association, which argued that federal rules on telecom carriers' use of customer data violated free speech rights under the U.S. Constitution, federal law or both. At issue are rules set by the U.S. Federal Communications Commission that mandate telecommunications carriers must get an "opt-in" before disclosing customers' information to a carrier's joint venture business partner or an independent contractor.

The inability to discard worthless items even though they appear to have no value is known as compulsive hoarding syndrome. Ben Rothke explains why it's a bad habit in the world of IT security. The inability to discard worthless items even though they appear to have no value is known as compulsive hoarding syndrome. If the eccentric Collyer brothers had a better understanding of destruction practices, they likely would not have been killed by the very documents and newspapers they obsessively collected. While most organizations don't hoard junk and newspapers like Homer and Langley Collyer did, they do need to keep information such as employee personnel records, financial statements, contracts and leases and more. Given the vast amount of paper and digital media that amasses over time, effective information destruction policies and practices are now a necessary part of doing business and will likely save organizations time, effort and heartache, legal costs as well as embarrassment and more. In December 2007, the Federal Trade Commission announced a $50,000 settlement with American Mortgage Company of Northbrook, Illinois, over charges the company violated the FTC's Disposal, Safeguards, and Privacy rules by failing to properly dispose of documents containing consumers' credit and personally identifiable information. In announcing the settlement, the FTC put all companies on notice that it is taking such failures seriously. A $50,000 settlement might seem low when measured against the potential for financial harm to individuals as a result of the company's negligence, but in addition to the negative PR for American Mortgage, the settlement includes an obligation to obtain an audit, every two years for the next 10 years, from a qualified, independent, third-party professional to ensure that its security program meets the standards of the order. Any similar failures by this company during the next decade will be met with more severe punishment. That, indeed, is a

Last week, a commercial Twitter spamming tool (tweettornado.com) pitching itself as a "fully automated advertising software for Twitter" hit the market, potentially empowering phishers, spammers, malware authors and everyone in between with the ability to generate bogus Twitter accounts and spread their campaigns across the micro-blogging service. TweetTornado allows users to create unlimited Twitter accounts, add unlimited number of followers, which combined with its ability to automatically update all of bogus accounts through proxy servers with an identical message make it the perfect Twitter spam tool. TweetTornado's core functionality relies on a simple flaw in Twitter's new user registration process. Tackling it will not render the tool's functionality useless, but will at least ruin the efficiency model. Sadly, Twitter doesn't require you to have a valid email address when registering a new account, so even though a nonexistent@email.com is used, the user is still registered and is allowed to use Twitter. So starting from the basics of requiring a validation by clicking on a link which will only be possible if a valid email is provided could really make an impact in this case, since it its current form the Twitter registration process can be so massively abused that I'm surprised it hasn't happened yet. Once a Twitter spammer has been detected, the associated, and now legitimate email could be banned from further registrations, potentially emptying the inventory of bogus emails, and most importantly making it more time consuming for spammers to abuse Twitter in general. If TweetTornado is indeed the advertising tool of choice for Twitter marketers, I "wonder" why is the originally blurred by the author Twitter account used in the proof (twitter.com/AarensAbritta) currently suspended, the way the rest of the automatically registered ones are? Pretty evident TOS violation, since two updates and 427 followers in two hours clearly indicat

Yesterday, the U.S. Supreme court announced its refusal to hear appeals against the banning of the Child Online Protection Act (COPA), effectively killing the bill. The American Civil Liberties Union called it "a clear victory for free speech," having fought the bill for ten years claiming it infringed on a website's freedom of speech. I've always advocated that it is the responsibility of parents to monitor their children's online activity. There are a ton of Web filtering and parental control applications available, many for free such as Blue Coat's K9 Web Protection. Especially with the country in the shape it's in now, my personal opinion is that the government has more pressing issues to attend to than babysitting children online. COPA was first passed in 1998, and made it illegal to display any pornographic material on a Web site without an access code or proof of age message. However, state courts began challenging the bill immediately, claiming it was unconstitutional and violated the First Amendment. Instead, it was ruled that parental controls should be used by individual families to block unwanted content, rather than the government determining what can and cannot be seen by all. (COPA was killed, not COPPA - Children's Online Privacy Protection Act)

In court papers filed Wednesday, former federal prosecutor Richard Convertino called reporter David Ashenfelter's invocation of the Fifth Amendment, in an attempt to keep from having to reveal his confidential sources, both "speculative" and "unreasonable." Convertino urged the federal district court in Michigan to sanction Ashenfelter and to require him to present further evidence as to why he should not be held in contempt for his refusal at a December deposition to reveal the confidential sources. For the past two years, Convertino has been seeking Ashenfelter's testimony in hopes of boosting his Privacy Act lawsuit against the Department of Justice. Convertino claims DOJ violated the law by leaking to the press details of an investigation into Convertino's conduct during a terrorism trial. At a deposition in December, after Judge Robert Cleland in the Eastern District of Michigan ruled twice that Ashenfelter is not protected by a First Amendment reporter's privilege, the reporter invoked the Fifth Amendment right against self-incrimination.

This year was an interesting year in privacy and information security, and by looking back, we can clearly discern trends that will likely be a major part of the security management landscape in 2009. More and more states passed breach-notification laws and several enhanced or extended existing legislation. Software-as-a-Service (SaaS) and virtualization really took off, and compliance's looming presence grew with PCI DSS version 1.2 and some actual enforcement of HIPAA. Of particular note was Massachusetts' data breach law 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. This is to date the most comprehensive law of its kind, setting a new standard for what breach-notification laws should look like; it covers both paper and electronic records, it mandates appropriate security awareness training as well as security and risk assessments and, most importantly, requires companies to make changes to their security programs in accordance with the findings of those risk assessments. Similarly, California enhanced the well-known CA-1386 to include not just traditional financial information, but also health care and health insurance data as well. With new mandates popping up all the time, it's no wonder compliance was one of the biggest focus areas for enterprise information security teams in the past year, and this trend will clearly continue in 2009; there will be more regulation on both the state and federal levels, and stronger enforcement of existing regulations. Fines and other penalties for violations of PCI DSS and HIPAA will continue to rise, along with the inevitable rise in discoveries of malfeasance. As a result, there will be an even larger focus on compliance by upper management, which also means decreased time and budget for necessary security controls that don't clearly fall under a compliance umbrella.

The use of data in the online world is being governed by the rules of the "Wild West," the European Commission will argue this week, in the clearest warning yet to Internet companies to curb how they use the information they collect on users. With concern growing over the amount of data gathered by the biggest players on the Internet, the comments will challenge the industry to agree on new principles for its use - or face a clampdown. Meglena Kuneva, the European consumer affairs commissioner, will argue that basic consumer rights are being violated by companies that profile and target consumers, according to a draft of a speech seen by the International Herald Tribune. "From the point of view of commercial communications," the draft speech reads, "the World Wide Web is turning out to be the world 'Wild West."' Kuneva is to deliver the speech to a meeting of around 200 industry and consumer representatives on Wednesday. Her comments reflect the anxiety of regulators on both sides of the Atlantic about the commercial use of information garnered through online tracking made possible via "cookies" - small files dropped into users' computers by the Web sites they visit. These cookies help companies take note of users' habits and can be sold to advertisers to help them target their marketing efforts. But their use raises serious questions about who knows which sites we visit and what they do with that information. In the United States, the chairman of the Federal Trade Commission, Jon Leibowitz, warned recently that, if the industry does not show it can protect users' privacy, it will invite legislation from Congress and a more regulatory approach from the F.T.C.

Is it a violation of privacy that should be banned or a tool necessary to keep the internet running? Canada's privacy commissioner has opened an online discussion on deep packet inspection, a technology that allows internet service providers and other organizations to intercept and examine packets of information as they are being sent over the internet. "We realized about a year ago that technologies involving network management were increasingly affecting how personal information of Canadians was being handled," said Colin McKay, director of research, education and outreach for the commissioner's office. The office decided to research those technologies, especially after receiving several complaints, and realized it was an opportunity to inform Canadians about the privacy implications. Over the weekend, the privacy commissioner launched a website where the public can discuss a series of essays on the technology written by 14 experts. The experts range from the privacy officer of a deep-packet inspection service vendor to technology law and internet security researchers. The website also offers an overview of the technology, which it describes as having the potential to provide "widespread access to vast amounts of personal information sent over the internet" for uses such as: * Targeted advertising based on users' behaviour. * Scanning for unlawful content such as copyright or obscene materials. * Intercepting data as part of surveillance for national security and crime investigations. * Monitoring traffic to measure network performance.

Big Brother may be at it again. Behavioral advertising -- the tracking of consumer's Internet surfing activity to create tailored ads -- has triggered an intense legal controversy that has law firms scrambling to stay on top of a burgeoning practice. Attorneys say that behavioral advertising is raising privacy, litigation and regulation fears among consumer advocates, the electronic commerce and advertising industries and legislators. Law firms are busy helping companies come up with a transparent way of letting consumers know that their online activities are being tracked and possibly shared. "Lawmakers and companies are having a tough time keeping up with this new frontier of Internet privacy issues, and there is growing consumer unrest about behavioral advertising, leading in some cases to consumer rebellion," said Lisa Sotto, a partner and head of the privacy and security data group in the New York office of Richmond, Va.-based Hunton & Williams. "Consumers find this type of tracking intrusive, and businesses are starting to take the consumer reaction seriously," she said. The buzz over behavioral advertising has been building since congressional hearings that were held last year, during which Congress called on Internet service providers (ISPs) to testify about a highly controversial advertising practice known as "deep-packet inspection." The practice gives companies the ability to track every Web site consumers visit and provides a detailed look at everything they're doing, such as where they're going on vacation, who is going, how much they spent on the trip and what credit card was used. But then came the first class action targeting behavioral advertising, filed against Foster City, Calif.-based NebuAd Inc., an online advertising company accused of spying on consumers from several states and allegedly violating their privacy and computer security rights. The lawsuit specifically alleges that NebuAd engaged in deep-packet inspection. Valentine v. Ne