Group items matching

in title, tags, annotations or url

"A UN watchdog has called for a new international agreement on privacy following a review of the expanding global array of surveillance measures and databases advanced by governments in the cause of counter-terrorism. The special rapporteur on human rights, Martin Scheinin, said the UN should create a "a global declaration on data protection and data privacy" in response. His report, delivered to the UN's Human Rights Council, describes the expansion of watchlists, border checks, financial data sharing, interception of communications, biometrics and ID registers in recent years. "States no longer limit exceptional surveillance schemes to combating terrorism and instead make these surveillance powers available for all purposes," he added."

"A Texas bank is suing a customer hit by an $800,000 cybertheft incident in a case that could test the extent to which customers should be held responsible for protecting their online accounts from compromises. The incident, which was first reported by blogger Brian Krebs this week, involves Lubbock-based PlainsCapital bank and its customer Hillary Machinery Inc. of Plano. In November, unknown attackers based in Romania and Italy initiated a series of unauthorized wire transfers from Hillary's bank accounts and depleted it by $801,495. About $600,000 of the amount was later recovered by PlainsCapital. Hillary demanded that the bank repay it the rest of the stolen money. In a letter to the bank in December, Hillary claimed that the theft happened only because PlainsCapital had failed to implement adequate security measures. PlainsCapital promptly filed a lawsuit in the U.S. District Court for the Eastern District of Texas asking the court to certify that its security procedures were "commercially reasonable." In its complaint, the bank noted that it had made every effort to recover the stolen money."

Bank sues theft victim in pre-emptive strike

"A new proof-of-concept (PoC) application enables an attacker to remotely activate a BlackBerry microphone and listen in on surrounding sounds and conversations. The application, called PhoneSnoop, was released last week on the blog of security researcher Sheran Gunasekera. To download and install the application, an attacker would need physical access to a BlackBerry device and to know a PIN, if the owner uses one to lock his or her device. After PhoneSnoop is installed on a device, when a call is received from a preconfigured number, the BlackBerry automatically answers the phone, allowing an attacker to listen in, Marc Fossi, senior researcher at Symantec Security Response told SCMagazineUS.com on Thursday. Once the call is connected, the BlackBerry is set to speakerphone, increasing the microphone's sensitivity to pick up sound from far distances. "First and foremost, the most important thing about this is it's a proof of concept, Fossi said. "It's not something you need to worry about right now.""

URAC, the leading health care accreditation and education organization, announced today the recent Healthcare Information and Management Systems Society (HIMSS) annual conference raised important questions about consumer privacy and security around electronic health records (EHR). (Logo: http://www.newscom.com/cgi-bin/prnh/20030501/URACLOGO ) "There is no doubt that electronic health records are coming. The question is whether or not consumers' privacy is a key issue or an afterthought," said Alan P. Spielman, President and CEO of URAC. "A lot of forces are driving the push for EHR. However, it is important that standards go hand-in-hand with policy so that it doesn't become the Wild West with every vendor and health care provider using different terms." The rules set by the Health Insurance Portability and Accountability Act (HIPAA) are integral to the widespread adoption of EHR. However, the rules can be confusing for consumers and providers. URAC was the first organization to offer HIPAA Privacy Accreditation. The organization now offers comprehensive standards for both HIPAA Privacy and HIPAA Security accreditation. These standards are applicable to all personal health information storage formats and exchanges claims transactions and are designed for many different types of health care organizations including both Covered Entities (CE) and Business Associates (BA). They also require an ongoing compliance program that identifies, tracks and makes the necessary changes in response to a federal or state regulatory change.

Obama administration cybersecurity advisor Melissa Hathaway, in her much anticipated speech before the RSA Conference on Wednesday, suggested that the findings of a study she submitted Friday to President Obama calls for cybersecurity policy to be run from the White House. "The White House must lead the way forward with leadership that draws upon the strength, advice and ideas of the entire nation," said Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils. Scant on details, Hathaway in her 2,400-word speech did not explain how federal cybersecurity should be governed, even if it's based in the White House. Two months ago, President Obama charged Hathaway to head up a team to review current cybersecurity policies and processes. "It can be said that the federal government is not organized appropriately to address this growing problem because responsibilities for cyberspace are distributed across a wide array of federal departments and agencies, many with overlapping authorities and none with sufficient decision authority to direct actions that can address the problem completely," Hathaway said. "We need an agreed way forward based on common understanding and acceptance of the problem." Hathaway said the team she assembled addressed all missions and activities associated with the information and communications infrastructure, including the missions of computer network defense, law enforcement investigations, military and intelligence activities and the intersection of information assurance, counter intelligence, counter terrorism, telecommunications policies and general critical infrastructure protection. Task force members held more than 40 meetings with different stakeholder groups during the 60 days and received and read more than 100 papers that provided specific recommendations and goals, she said. "We identified over 250 needs, tasks, and recommendations," Hathaway said. "We also solicited input from gov

European Union's move indicates growing government concern over how Internet companies are using individuals' private data The European Commission began legal action against the U.K. Tuesday over its failure to protect Internet users from Phorm -- a covert behavioral advertising technology tested by the U.K.'s biggest fixed line operator, BT, in 2006 and 2007. The move signals growing concern in Brussels over the way new Internet-based technologies are using people's personal data. In addition to taking legal action against the U.K., the Commission also issued a general warning to all 27 E.U. countries to uphold privacy laws, especially regarding social-networking Web sites and users of RFID (radio frequency identification) technologies. In Canada, the federal government has even proposed a legislation that will provide law enforcement agents sweeping powers to obtain user information from ISPs. The Commission, the executive body of the European Union responsible for upholding laws, said the U.K. had failed to enforce E.U. data protection and privacy rules, because broadband Internet subscribers were not informed that their browsing was being tracked.

A national security panic spread through the Internet yesterday after a report by The Wall Street Journal suggested "terabytes" of classified data on the F-35 Lightning II had been stolen by hackers. Today the Pentagon and Lockheed Martin responded to the allegations saying they are untrue, and I believe them. Defense Department spokesman Bryan Whitman said, "I'm not aware of any specific concerns." That's a key phrase. Lockheed Martin--the F-35 superjet's primary contractor--also commented "We actually believe The Wall Street Journal was incorrect in its representation of successful cyber attacks on the F-35 program." And the company's CFO Bruce Tanner added "I've not heard of that, and to our knowledge there's never been any classified information breach." While it's easy to argue that these responses are merely a smokescreen to save political face, the language is much more direct than a plain old "no comment." Typically, companies protect themselves in this sort of situation by denying the existing or potential hackers any public information on the success or failure of hack attempts, obscuring the level of secrecy of any stolen data. In the F-35 case it looks like the denials are much firmer, and that suggests the developers of the JSF are confident in their security systems. It's an echo of alleged data leaks via F-35 contractor BAE Systems last year, that were later withdrawn due to lack of evidence that leaks had occurred. Government and defense contractor computer networks face a pretty continuous rate of hack attempts. As a result such companies have even more stringent data security protocols in place than normal organizations. They're still not absolutely impervious to hacking, of course, as no such system ever is. So that's why the most highly classified data--critical to the super-secret offensive and defensive capabilities of hardware like the F-35--is typically stored on computers that have an extremely low-tech "air gap firewall". They're not co

"Knowledge is the currency of the future," says Sidney Pearl, Global Director of Enterprise Security Solution management for the Unisys Global Financial Services business. And according to the latest Unisys Security Index, Americans are getting much smarter - and more demanding - about the basic information security they expect from government and businesses. In an exclusive interview, Pearl discusses: Results of the latest Unisys Security Index; The security topics that mean the most to U.S. consumers; What these findings mean for government agencies and banking institutions. Pearl's Enterprise Security Solutions Management Group has worldwide responsibility for defining and managing the company's Fraud, Risk Management and Enterprise Security services offerings for the financial industry. Unisys provides Security Business Operations services and solutions to financial services clients in over 40 countries.

Rarely is the response to a new government initiative a unanimous round of "thumbs up," but so far that seems to be the case regarding yesterday's (April 9) announcement that The Defense Department and the Department of Veterans Affairs will collaborate on building an electronic database of administrative and medical information for U.S. servicemen and women. Since developing a broad electronic health records (EHRs) initiative is a prominent feature of the Obama Administration's economic stimulus plan, it makes sense to start (or at least focus) on a defined segment of the population -- current and past military personnel. But, apart from the specific technology, architecture and technical administration aspects of this program, there will be other challenges in pursuing the goal of EHRs for the military -- challenges that insurance technology executives know only too well. These include collaboration among different and sometimes competing interests (in this case, the Department of Defense (DOD) and the Department of Veterans Affairs (VA), which historically have not worked together as closely as one might imagine); and concerns about privacy and security. In fact, the ways in which the military EHRs initiative addresses the privacy issue could provide some interesting best practices (or actions to avoid) for private-sector players. "Currently, there is no comprehensive system in place that allows for a streamlined transition of health records between DOD and the VA," President Barack Obama said at yesterday's announcement, "and that results in extraordinary hardship for an awful lot of veterans who end up finding their records lost, unable to get their benefits processed in a timely fashion. And that's why I'm asking both departments to work together to define and build a seamless system of integration with a simple goal: When a member of the Armed Forces separates from the military, he or she will no longer have to walk paperwork from a DOD

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

A National Security Agency eavesdropping program exceeded legal limits intended to safeguard privacy, and officials have taken steps to bring the intercepts program into compliance, the Justice Department said Wednesday. The department, in a statement, said problems with the NSA program were uncovered as the Justice Department and National Security Agency were conducting routine oversight of intelligence activities to ensure compliance with laws and court orders. Attorney General Eric Holder has sought court approval to renew the NSA program after instituting new safeguards. The House intelligence committee was informed of the compliance issues and is conducting an inquiry, a House congressional official said. The New York Times on Wednesday reported on its Web site that the program intercepted private email messages and phone calls of Americans. However, intelligence officials have described the program as primarily searching for information based on data about communications, such as email addresses, subject headers and the time a message or phone call was placed. The Justice Department said officials notified the Foreign Intelligence Surveillance Court of the problems with the NSA program and took "comprehensive steps" to correct the matter. "The Justice Department takes its national security oversight responsibilities seriously and works diligently to ensure that surveillance under established legal authorities complies with the nation's laws, regulations and policies, including those designed to protect privacy interests and civil liberties," the department said.

Like this http://www.hdfilmsaati.net Film,dvd,download,free download,product... ppc,adword,adsense,amazon,clickbank,osell,bookmark,dofollow,edu,gov,ads,linkwell,traffic,scor,serp,goggle,bing,yahoo.ads,ads network,ads goggle,bing,quality links,link best,ptr,cpa,bpa. www.killdo.de.gg

Federal regulators slapped hundreds of small telecommunications providers for not abiding by new rules designed to protect consumer phone records, proposing more than $13 million in total fines. The Federal Communications Commission proposed $20,000 fines on more than 650 small phone, pager and wireless providers Tuesday, accusing them of not filing paperwork that certifies they have put protections in place to protect customer phone data. "I have long stressed the importance of protecting the sensitive information that telecommunications carriers collect about their customers," said Michael Copps, the FCC's interim chairman, in a statement. "The broad nature of this enforcement action hopefully will ensure substantial compliance with our [privacy] rules going forward as the Commission continues to make consumer privacy protection a top priority." In April 2007, the FCC tightened privacy requirements on phone companies in response to consumer complaints about data brokers selling phone records they had obtained illegally through "pretexting," or getting information under false circumstances. The agency required telecom companies to increase security of phone records, requiring customers to provide a password before receiving account information over the phone or online. Phone companies are required to notify customers when changes are made to their accounts or if their information has been improperly accessed. Companies are required to file annual certifications that they have complied with those requirements. The FCC said hundreds of small companies didn't provide the information in 2008, although it noted it was the first year the agency had required the paperwork. The agency warned that future noncompliance could face "more severe penalties."

Federal Trade Commission staff today issued a report describing its ongoing examination of online behavioral advertising and setting forth revisions to proposed principles to govern self-regulatory efforts in this area. The key issue concerns how online advertisers can best protect consumers' privacy while collecting information about their online activities. Over the last decade, the FTC has periodically examined the consumer privacy issues raised by online behavioral advertising - which is the practice of tracking an individual's online activities in order to deliver advertising tailored to his or her interests. The FTC examined this practice most recently at its November 2007 "Behavioral Advertising" Town Hall. The following month, in response to public discussion about the need to address privacy concerns in this area, FTC staff issued a set of proposed principles to encourage and guide industry self-regulation for public comment. Today's report, titled "Self-Regulatory Principles for Online Behavioral Advertising," summarizes and responds to the main issues raised by more than 60 comments received. It also sets forth revised principles. The report discusses the potential benefits of behavioral advertising to consumers, including the free online content that advertising generally supports and personalization that many consumers appear to value. It also discusses the privacy concerns that the practice raises, including the invisibility of the data collection to consumers and the risk that the information collected - including sensitive information regarding health, finances, or children - could fall into the wrong hands or be used for unanticipated purposes. Consistent with the FTC's overall approach to consumer privacy, the report seeks to balance the potential benefits of behavioral advertising against the privacy concerns it raises, and to encourage privacy protections while maintaining a competitive marketplace. The report points ou

One of the more interesting panel discussions at the IDC Cloud Computing Forum on Feb 18th in San Francisco was about managing the complexities of security, privacy and compliance in the Cloud. The simple answer according to panelists Carolyn Lawson, CIO of California Public Utilities Commission, and Michael Mucha, CISO of Stanford Hospital and Clinics is "it ain't easy!" "Both of us, in government and in health, are on the front-lines," Lawson proclaimed. "Article 1 of the California Constitution guarantees an individual's right to privacy and if I violate that I've violated a public trust. That's a level of responsibility that most computer security people don't have to face. If I violate that trust I can end up in jail or hauled before the legislature," she said. "Of course, these days with the turmoil in the legislature, she joked, "the former may be preferable to the later." Stanford's Mucha said that his security infrastructure was built on a two-tiered approach using identity management and enterprise access control. Mucha said that the movement to computerize heath records nationwide was moving along in fits and starts, as shown by proposed systems likeMicrosoft (NSDQ: MSFT)'s Health Vault and Google (NSDQ: GOOG)'s Personal Health Record. "The key problem is who is going to pay for the computerized of health records. It's not as much of a problem at Stanford as it is at a lot of smaller hospitals, but it's still a huge problem." Mucha said that from his perspective security service providers in the cloud and elsewhere are dealing with a shrinking security parameter or fence, which is progressing from filing cabinets, to devices, to files, and finally to the individual, who under the latest Health Insurance Portability and Accountability Act (HIPAA) privacy rules has certain rights, including rights to access and amend their health information and to obtain a record of when and why their Protected Health Information (PHI) record has bee

A couple in Pittsburgh whose lawsuit claimed that Street View on Google Maps is a reckless invasion of their privacy lost their case. Aaron and Christine Boring sued the Internet search giant last April, alleging that Google "significantly disregarded (their) privacy interests" when Street View cameras captured images of their house beyond signs marked "private road." The couple claimed in their five-count lawsuit that finding their home clearly visible on Google's Street View caused them "mental suffering" and diluted their home value. They sought more than $25,000 in damages and asked that the images of their home be taken off the site and destroyed. However, the U.S. District Court for Western Pennsylvania wasn't impressed by the suit and dismissed it (PDF) Tuesday, saying the Borings "failed to state a claim under any count." Ironically, the Borings subjected themselves to even more public exposure by filing the lawsuit, which included their home address. In addition, the Allegheny County's Office of Property Assessments included a photo of the home on its Web site. The Borings are not alone in their ire toward the Google Maps feature. As reported earlier, residents in California's Humboldt County complained that the drivers who are hired to collect the images are disregarding private property signs and driving up private roads. In January, a private Minnesota community near St. Paul, unhappy that images of its streets and homes appeared on the site, demanded Google remove the images, which the company did. However, Google claims to be legally allowed to photograph on private roads, arguing that privacy no longer exists in this age of satellite and aerial imagery. "Today's satellite-image technology means that...complete privacy does not exist," Google said in its response to the Borings' complaint Not long after the feature launched in May 2007, privacy advocates criticized Google for displaying photographs that included people's faces and car license

Days after Visa seemingly confirmed that a data breach had taken place at a third payment processor, following on the recent breach disclosures by Heartland Payment Systems and RBS WorldPay, the credit card company now is saying that there was no new security incident after all. In actuality, Visa said in a statement issued Friday, alerts that it sent recently to banks and credit unions warning them about a compromise at a payment processor were related to the ongoing investigation of a previously known breach. However, Visa still didn't disclose the identity of the breached company, nor say why it is continuing to keep the name under wraps. Visa said that it had sent lists of credit and debit card numbers found to have been compromised as part of the investigation to financial institutions "so they can take steps to protect consumers." It added that it currently "is risk-scoring all transactions in real-time, helping card issuers better distinguish fraudulent transactions from legitimate ones." Visa's latest statement follows ones issued by both it and MasterCard International earlier this week in response to questions about breach notices that had been posted by several credit unions and banking associations. The notices made it clear that they weren't referring to the system intrusion disclosed by Heartland on January 20 and suggested that a new breach had occurred.

There are three reasons for breach notification laws. One, it's common politeness that when you lose something of someone else's, you tell him. The prevailing corporate attitude before the law - "They won't notice, and if they do notice they won't know it's us, so we are better off keeping quiet about the whole thing" - is just wrong. Two, it provides statistics to security researchers as to how pervasive the problem really is. And three, it forces companies to improve their security. That last point needs a bit of explanation. The problem with companies protecting your data is that it isn't in their financial best interest to do so. That is, the companies are responsible for protecting your data, but bear none of the costs if your data is compromised. You suffer the harm, but you have no control - or even knowledge - of the company's security practices. The idea behind such laws, and how they were sold to legislators, is that they would increase the cost - both in bad publicity and the actual notification - of security breaches, motivating companies to spend more to prevent them. In economic terms, the law reduces the externalities and forces companies to deal with the true costs of these data breaches.

In October 2001, the Bush administration took an administrative action that would prove sadly symptomatic of its rule. John Ashcroft, then the attorney general, issued a memorandum warning against casual release of information to the public under the Freedom of Information Act. Such releases, Ashcroft said, should be made "only after full and deliberate consideration of the institutional, commercial and personal privacy interests that could be implicated." In case anyone missed the point, Ashcroft added that any bureaucrat who said no to such a request could "be assured that the Department of Justice will defend your decisions unless they lack a sound legal basis." It goes without saying that Ashcroft did not promise any such defense of government employees who released information under the terms of the act. If cavalier disregard of the law and the public's right to hold its government accountable were hallmarks of the recently departed administration, we can only hope that President Obama's response signals a new approach. One of his first presidential acts was to issue a memo to federal agencies on the Freedom of Information Act. It opens by quoting former Supreme Court Justice Louis Brandeis' pronouncement that sunlight is the "best of disinfectants" and continues by trumpeting the act as "the most prominent expression of a profound national commitment to ensuring an open government." Where Ashcroft searched for excuses to withhold information, Obama directed all agencies to "adopt a presumption" in favor of releasing it.

With all the attention Google StreetView's clash with a baby deer evoked, it can be easy to overlook the tool's crime-fighting good side. Not too long ago, StreetView was instrumental in returning a kidnapped Massachusetts girl safely to her home, and just recently, it helped a Swiss police team detect a 1.2-acre marijuana field and nab the gang responsible. As with all things Google, you have to take the bad with the good. And the good can be pretty good, as reported in the Worcester Telegram. When 9-year-old Natalie Maltais was kidnapped by her grandmother and taken to a motel in rural Virginia, Athol police were able to track her down using her cellphone and Google StreetView. The cellphone's GPS data focused on a 300-foot area in Natural Bridge, Va. Using StreetView, the Worcester cops plugged in the coordinates of the area, navigated around a bit and saw a nearby motel that looked promising. When they sent Virginia police to the site, they found the grandmother along with the girl, and returned her safely to her legal guardians. A happy ending. Similarly, the AP yesterday reported that Swiss police used Google Earth to discover the pot field and make several arrests. While working the case, the police used Google Earth to zero in on a suspect's residence, only to stumble upon the field. Although it had been camouflaged by corn planted all along its perimeter, the weed field couldn't hide from Google's Earth's piercing satellite gaze. The find led to the arrest of 16 suspects who have allegedly sold up to 7 tons of hashish and marijuana, with an annual turnover of 3 million to 10 million francs (or $2.5 million to $8.64 million) per year. So yes, while Google can be insensitive at times, especially when it comes to images uploaded by StreetView, it's also a proven force for good in the world. In other words, a tool is only as good (or bad) as the person using it. Google doesn't kill Bambis, people do.

Yesterday, the U.S. Supreme court announced its refusal to hear appeals against the banning of the Child Online Protection Act (COPA), effectively killing the bill. The American Civil Liberties Union called it "a clear victory for free speech," having fought the bill for ten years claiming it infringed on a website's freedom of speech. I've always advocated that it is the responsibility of parents to monitor their children's online activity. There are a ton of Web filtering and parental control applications available, many for free such as Blue Coat's K9 Web Protection. Especially with the country in the shape it's in now, my personal opinion is that the government has more pressing issues to attend to than babysitting children online. COPA was first passed in 1998, and made it illegal to display any pornographic material on a Web site without an access code or proof of age message. However, state courts began challenging the bill immediately, claiming it was unconstitutional and violated the First Amendment. Instead, it was ruled that parental controls should be used by individual families to block unwanted content, rather than the government determining what can and cannot be seen by all. (COPA was killed, not COPPA - Children's Online Privacy Protection Act)

The key points of the plan closely mirror recommendations offered late last year by a bipartisan commission of computer security experts, which urged then president-elect Obama to set up a high-level post to tackle cyber security, consider new regulations to combat cyber crime and shore up the security of the nation's most sensitive computer networks. The strategy, as outlined in a broader policy document on homeland security priorities posted on the Whitehouse.gov Web site Wednesday, states the following goals: * Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy. * Initiate a Safe Computing R&D Effort and Harden our Nation's Cyber Infrastructure: Support an initiative to develop next-generation secure computers and networking for national security applications. Work with industry and academia to develop and deploy a new generation of secure hardware and software for our critical cyber infrastructure. * Protect the IT Infrastructure That Keeps America's Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience. * Prevent Corporate Cyber-Espionage: Work with industry to develop the systems necessary to protect our nation's trade secrets and our research and development. Innovations in software, engineering, pharmaceuticals and other fields are being stolen online from U.S. businesses at an alarming rate. * Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit: Shut down the mechanisms used to transmit criminal profits by shutting down untraceable Internet payment schemes. Initiate a grant and training program to provide federal, state, and local law enforcement agencies the tools they need to detect and prosecute cyber crime. *