Most Popular


Book Reviews

The Ultimate Guide to Electronic Marketing for Small Business
The Daily Drucker
Copy This! The Story of Kinko's
Presence: An Exploration of Profound Change in People, Organizations, and Society
How To Read A Book
Contempt: How the Right is Wronging American Justice
Classical Education at Home
Copy Fights: The Future of Intellectual Property In The Information Age
Flawless Consulting: How to Get Your Expertise Used

Recently

Senators to Hear Testimony on Data Theft
How Widespread is Data Theft?
'Hackers' Not the Biggest Security Risk
But I know this isn't it

Theme Design
Mark Pilgrim
IT Support
Seth Dillingham
Hosting
Macrobyte Resources

Thursday, March 10, 2005

Senators to Hear Testimony on Data Theft

Comments
Trackbacks (0)

At least we’re getting a little traction on the data theft issues. I’m not optimistic anything substantive will happen. We’ll see… Found via Privacy Digest.

Senate Banking Committee to hold hearings on security of sensitive consumer information

Tomorrow, 10 March 2005, the Banking Committee of the United States Senate is holding hearings on "recent developments" related to the security of consumer information. By recent developments, they are referring to the ChoicePoint, Bank of America and LexisNexis incidents. Here is the notice of hearing, with the list of who is testifying (including the VP of ChoicePoint):

U.S. Senate Committee on Banking, Housing, and Urban Affairs:

"US Senator Richard Shelby
Chairman

US Senator Paul Sarbanes
Ranking Member

Committee: US Senate Committee on Banking, Housing, and Urban Affairs
Title: Identity Theft: Recent Developments Involving the Security of Sensitive Consumer Information
Date: 3/10/05
Time: 2:30 PM
Place: 538 Dirksen Senate Office Building
Agenda: The Committee will meet in OPEN SESSION to conduct a hearing on "Identity Theft: Recent Developments Involving the Security of Sensitive Consumer Information."

Publication: Printable Hearing not available at this time

Witnesses
Panel 1
Honorable Patrick J. Leahy (D-VT) , Unites States Senator
Panel 2
Honorable Deborah Platt Majoras , Chairman, Federal Trade Commission
Panel 3
Mr. Larry Johnson , Special Agent in Charge - Criminal Investigative Division, United States Secret Service
Ms. Amy S. Friend , Assistant Chief Counsel, Office of the Comptroller of the Currency
Mr. Don McGuffey , Vice President, ChoicePoint Services, Inc.
Mr. Evan Hendricks , Editor, Privacy Times
Ms. Barbara J. Desoer , Executive Vice President, Global Technology, Service and Fulfillment Executive, Bank of America Corporate Center
- David T.S. Fraser [PIPEDA and Canadian Privacy Law]
Posted by: Send an e-mail to Terry Frazier Terry Frazier at 8:07 PM  | Permanent Link  | Trackback URL | 
Categories: Policy & Regulation, Privacy

How Widespread is Data Theft?

Comments
Trackbacks (0)

This is a big deal, but until someone in Congress, the Judiciary, or the Executive branches of government are directly affected we're not going to get any protection. Our video rental records are protected by the Video Privacy Protection Act of 1988 (VPPA) because one guy, Judge Robert Bork, got smeared by his video habits. One guy. We already have hundreds of thousands of regular Americans at risk, and with no recourse, because we have no rights to our own personal information –  it belongs to mega-corporations with no obligation to protect us. Found via John Robb.

More data theft, this time at Lexis/Nexis.  Where is this data flowing?  Offshore?  Nobody seems to want to tackle that question.  Also, what's the recourse if your data is stolen?  Not much, particularly given the recent legal reforms enacted.  Oh, those pesky class action law suits...

Posted by: Send an e-mail to Terry Frazier Terry Frazier at 11:40 AM  | Permanent Link  | Trackback URL | 
Categories: Policy & Regulation, Privacy


Tuesday, March 8, 2005

'Hackers' Not the Biggest Security Risk

Comments
Link
Trackbacks (0)
Tara Wheatland at bIPlog has a good story on the real problem behind the security breaches at Checkpoint and Bank of America.

Un-Spinning the ChoicePoint Scandal

Many of the popular news media have got the most recent ChoicePoint scandal all wrong.

The following are a few headlines (culled from Google News) of stories regarding this issue, including the other similar past incidents now surfacing:
Hackers crack ChoicePoint (The Glove and Mail/AP, Feb. 16, 2005, reg. req'd)
Californians warned that hackers may have stolen their data (USA Today/AP, Feb. 16, 2005)
Report: SoCal thieves stole ChoicePoint records years ago (SignOnSanDiego.com/AP, Mar. 2, 2005)

The persons, admittedly criminals, who gained access to "critical personal data" on hundreds of thousands of U.S. citizens did not steal the data--ChoicePoint sold it to them.

Although 'hackers' rightfully got the publicity at T-Mobile, the bigger problem is a system that confers us no rights over our own information, no penalties for companies that fail to protect it, no required disclosure when our info is purloined, and therefore no incentive at all for companies to do the right thing. It's unlikely this is going to change until there is a scandal that directly affects lawmakers. It's too bad our representative republic is so poor at representing our interests.

Posted by: Send an e-mail to Terry Frazier Terry Frazier at 6:50 PM  | Permanent Link  | Trackback URL | 
Categories: Privacy


Tuesday, January 11, 2005

But I know this isn't it

Comments
Trackbacks (0)
I don't know the answer to the spam problem, but I know crippling e-mail for your customers doesn't qualify as a solution. For the past year or so Earthlink has been rolling out a "security upgrade" that will help them deal with the spam problem.
Dear EarthLink Subscriber,

We're writing to remind you that you must update your email settings in order to continue sending email on our network.

This change is the result of a security upgrade that will help keep spammers from using our network to send you junk email.

You need your EarthLink email address and password to update your settings. If you don't know your password, you can reset it anytime on your "My Account"Web page: http://myaccount.earthlink.net.

The upgrade is an authenticated SMTP server. Spam is a problem, and I understand what they're trying to do. But the rankest neophyte can start to see the problems here. The login to the SMTP is my general earthlink admin login, so I'm certainly not going to give it to anyone to send e-mail. Further, for the past several years Earthlink has blocked access to port 25, 2525, and any other port that is frequently used for SMTP servers so I can't use my own or anyone else's SMTP server when on my earthlink-provided broadband connection.

For all practical purposes, anyone visiting my home or office or using my broadband connection with permission, for legitimate purposes, is locked out of the e-mail system. This is earthlink's idea of progressive service -- stop the spam problem by preventing your customers from sending e-mail. Brilliant!

I know you can use web mail. They haven't, as yet, decided to block port 80 and web servers (though I'm not at all convinced the geniuses in the corporate office won't think of that next.) But web mail is completely useless for people who roam around taking care of business. Unless you do all your e-mail via the web (does anyone really do that?) you end up with real sync problems on your mail client. At the very least you end up losing track of messages that you send via the web. Not your Sarbanes-Oxley seal of approval.

More importantly, this upgrade has had zero impact on the amount of spam I get at my earthlink address. I no longer even use the address - haven't in years - for anything except getting my earthlink invoice and it gets filled with spam for sex, drugs, sex drugs, and offers to help poor Nigerians with their banking problems. And that's just the stuff that gets past the earthlink spaminator.

In short, this is a solution that penalizes customers while having zero impact on the real problem. Welcome to the RIAA/MPAA Cro Magnon mindset.

Sky Dayton and Charles Brewer were visionaries. The companies they built stood, for a while, for the very best in customer service and innovation. Today, joined under the earthlink banner, they stand as shining examples corporate torpor, institutional stupidity, and the constant, nagging, degradation that plagues everything run by committee. Time for a new ISP.
Posted by: Send an e-mail to Terry Frazier Terry Frazier at 10:51 PM  | Permanent Link  | Trackback URL | 
Categories: Privacy, Security, Technology
Terry W. Frazier
Search this site:
Advanced Search

Syndication

Add to any service
Get updates in your e-mail!

Contact

Click here to send an email to the editor of this weblog.
 
My PGP Key
My Linkedin Profile


Presence


 

 
 ICQ

 

 



 

www.flickr.com
GratefulZed's photos More of GratefulZed's photos