Most Popular


Book Reviews

The Ultimate Guide to Electronic Marketing for Small Business
The Daily Drucker
Copy This! The Story of Kinko's
Presence: An Exploration of Profound Change in People, Organizations, and Society
How To Read A Book
Contempt: How the Right is Wronging American Justice
Classical Education at Home
Copy Fights: The Future of Intellectual Property In The Information Age
Flawless Consulting: How to Get Your Expertise Used

Recently

Are You A Denied Person?
Senators to Hear Testimony on Data Theft
How Widespread is Data Theft?
'Hackers' Not the Biggest Security Risk

Theme Design
Mark Pilgrim
IT Support
Seth Dillingham
Hosting
Macrobyte Resources

Friday, May 13, 2005

Are You A Denied Person?

Comments (1)
Trackbacks (0)
I received an interesting, informative, and  anonymous comment today regarding the Official Denied Persons List at

http://www.bxa.doc.gov/dpl/Default.shtm

Back in October I bought a new copy of PGP and grew annoyed when I paid my money, got my confirmation, and all it included was a "purchase review". Today someone posted an explanation and clarification that made me feel a little better about the situation:

Terry this isn't a re-instatement of the law, it is the current law. The "review" is a machine review. Your name is run against the "denied persons" list - which you can find here (btw i don't see your name on it)

http://www.bxa.doc.gov/dpl/Default.shtm

Its not a list of terrorists or naughty boys and girls but a list of those who've violated export control laws and are 'denied' as part of their punishment under law.

When you click to download the software a GEO IP check is performed (determines geographically where you are by your IP) to make sure you aren't in the IP space of one of the embargoed countries - Iran, Iraq, Cuba, Libya, N. Korea. Sudan & Syria. If your IP is anonymous or from a satellite ISP - you'll also be denied I think. Those IPS fall into "A1" and "A2" IP space.

This IP check of course doesn't and couldn't account for someone in say a Syrian embassy in a european country.


I checked the site. It's part of the Dept. of Commerce.  And the post seems written by someone who knows the subject. This past Tuesday I received the following e-mail:

Dear Terry Frazier,

PGP Corporation has just released completely new versions of its award-winning desktop products -- PGP Desktop Professional 9.0 (formerly PGP Workgroup Desktop 8.x) and PGP Desktop Home 9.0 (formerly PGP Personal Desktop 8.x). These new versions are the most significant PGP product upgrades ever offered. [...]

I suppose there is some connection between the new product release and someone showing up on my site. Maybe a little "blog trolling" to try and address any negative feelings? In any case, I appreciate the comment and the explanation.

Posted by: Send an e-mail to Terry Frazier Terry Frazier at 10:00 PM  | Permanent Link  | Trackback URL | 
Categories: Policy & Regulation, Privacy, Security


Thursday, March 10, 2005

Senators to Hear Testimony on Data Theft

Comments
Trackbacks (0)

At least we’re getting a little traction on the data theft issues. I’m not optimistic anything substantive will happen. We’ll see… Found via Privacy Digest.

Senate Banking Committee to hold hearings on security of sensitive consumer information

Tomorrow, 10 March 2005, the Banking Committee of the United States Senate is holding hearings on "recent developments" related to the security of consumer information. By recent developments, they are referring to the ChoicePoint, Bank of America and LexisNexis incidents. Here is the notice of hearing, with the list of who is testifying (including the VP of ChoicePoint):

U.S. Senate Committee on Banking, Housing, and Urban Affairs:

"US Senator Richard Shelby
Chairman

US Senator Paul Sarbanes
Ranking Member

Committee: US Senate Committee on Banking, Housing, and Urban Affairs
Title: Identity Theft: Recent Developments Involving the Security of Sensitive Consumer Information
Date: 3/10/05
Time: 2:30 PM
Place: 538 Dirksen Senate Office Building
Agenda: The Committee will meet in OPEN SESSION to conduct a hearing on "Identity Theft: Recent Developments Involving the Security of Sensitive Consumer Information."

Publication: Printable Hearing not available at this time

Witnesses
Panel 1
Honorable Patrick J. Leahy (D-VT) , Unites States Senator
Panel 2
Honorable Deborah Platt Majoras , Chairman, Federal Trade Commission
Panel 3
Mr. Larry Johnson , Special Agent in Charge - Criminal Investigative Division, United States Secret Service
Ms. Amy S. Friend , Assistant Chief Counsel, Office of the Comptroller of the Currency
Mr. Don McGuffey , Vice President, ChoicePoint Services, Inc.
Mr. Evan Hendricks , Editor, Privacy Times
Ms. Barbara J. Desoer , Executive Vice President, Global Technology, Service and Fulfillment Executive, Bank of America Corporate Center
- David T.S. Fraser [PIPEDA and Canadian Privacy Law]
Posted by: Send an e-mail to Terry Frazier Terry Frazier at 8:07 PM  | Permanent Link  | Trackback URL | 
Categories: Policy & Regulation, Privacy

How Widespread is Data Theft?

Comments
Trackbacks (0)

This is a big deal, but until someone in Congress, the Judiciary, or the Executive branches of government are directly affected we're not going to get any protection. Our video rental records are protected by the Video Privacy Protection Act of 1988 (VPPA) because one guy, Judge Robert Bork, got smeared by his video habits. One guy. We already have hundreds of thousands of regular Americans at risk, and with no recourse, because we have no rights to our own personal information –  it belongs to mega-corporations with no obligation to protect us. Found via John Robb.

More data theft, this time at Lexis/Nexis.  Where is this data flowing?  Offshore?  Nobody seems to want to tackle that question.  Also, what's the recourse if your data is stolen?  Not much, particularly given the recent legal reforms enacted.  Oh, those pesky class action law suits...

Posted by: Send an e-mail to Terry Frazier Terry Frazier at 11:40 AM  | Permanent Link  | Trackback URL | 
Categories: Policy & Regulation, Privacy


Tuesday, March 8, 2005

'Hackers' Not the Biggest Security Risk

Comments
Link
Trackbacks (0)
Tara Wheatland at bIPlog has a good story on the real problem behind the security breaches at Checkpoint and Bank of America.

Un-Spinning the ChoicePoint Scandal

Many of the popular news media have got the most recent ChoicePoint scandal all wrong.

The following are a few headlines (culled from Google News) of stories regarding this issue, including the other similar past incidents now surfacing:
Hackers crack ChoicePoint (The Glove and Mail/AP, Feb. 16, 2005, reg. req'd)
Californians warned that hackers may have stolen their data (USA Today/AP, Feb. 16, 2005)
Report: SoCal thieves stole ChoicePoint records years ago (SignOnSanDiego.com/AP, Mar. 2, 2005)

The persons, admittedly criminals, who gained access to "critical personal data" on hundreds of thousands of U.S. citizens did not steal the data--ChoicePoint sold it to them.

Although 'hackers' rightfully got the publicity at T-Mobile, the bigger problem is a system that confers us no rights over our own information, no penalties for companies that fail to protect it, no required disclosure when our info is purloined, and therefore no incentive at all for companies to do the right thing. It's unlikely this is going to change until there is a scandal that directly affects lawmakers. It's too bad our representative republic is so poor at representing our interests.

Posted by: Send an e-mail to Terry Frazier Terry Frazier at 6:50 PM  | Permanent Link  | Trackback URL | 
Categories: Privacy
Terry W. Frazier
Search this site:
Advanced Search

Syndication

Add to any service
Get updates in your e-mail!

Contact

Click here to send an email to the editor of this weblog.
 
My PGP Key
My Linkedin Profile


Presence


 

 
 ICQ

 

 



 

www.flickr.com
GratefulZed's photos More of GratefulZed's photos