In an article by Ken Dilanian, swamppolitics.com - the Washingtom Bureau of the Chicago Tribune - reports that a number of high tech security programs initiated by the Bush administration have flopped. The biggest reason for the failure? Failure to properly test the technologies before implementation. A weakness shared by the current technical bandaid, full body scanners.
Technology is an important tool in the war against terror. But according to Brian Jenkins of the Rand Corp the Department of Homeland Security is overly reliant on technology. There is no silver bullet, but new technologies are treated as the final solutions to our national security problems.
From the "virtual fence" aka Project 28, on our southern border to the Real ID Act that Homeland Security Secretary Janet Napolitano has called for Congress to repeal, U.S. high tech anti-terrorism initiatives aren't working as advertised.
In fact, recently the majority, if not all, of the terrorist that have been caught before attempting terrorist acts have, to the best of our knowledge, not been caught through new, high tech gadgetry but through old fashioned investigation and surviellance techniques. Techniques that employ technology, but as a tool, rather than as the lynchpin of the procedure. Maybe it's time we started focusing on the things we know work, and take the time to do proper testing of new technologies before entrusting the lives of our citizens and the security of our nation to them.
Showing posts with label Legislation. Show all posts
Showing posts with label Legislation. Show all posts
Tuesday, May 18, 2010
Monday, May 17, 2010
Google accidentally spys on open WiFi
Ben Rooney of cnnmoney.com reports that the Google has admitted that it's Streetview cars have been collecting data from open WiFi hotspots. Google first admitted to collecting the publicly broadcast information of open hotspots, things like the network names and router numbers, on April 27th. But after being asked for more information, Google says that they discovered more data was being collected - private data in the packets being transmitted across the network. Supposedly the code that gathered data packets was accidentally entered into software used to gather public information on WiFi.
The software changes channels five times a second, so only bits and pieces of data would be gathered. Encrypted data, like the communications between you and your bank account, cannot be read, so it won't have been compromised by Google's illicit scans.
Google is, of course saying that it was an accident. In response they have stopped all scanning of open WiFi by their streetview cars until they can repair and replace the faulty software. They have arranged for a third party to review the software and the data collected from public WiFi networks.
This is a major blunder by Google. Whether it was a case of pushing the envelope to see what the reaction would be or an honest mistake, it's going to hurt Google's reputation. This one I tend to believe was an accident. In many nations it is illegal to tamper with electronic communications. Google may want to gather and use information, but breaking the law to do it isn't good business.
The software changes channels five times a second, so only bits and pieces of data would be gathered. Encrypted data, like the communications between you and your bank account, cannot be read, so it won't have been compromised by Google's illicit scans.
Google is, of course saying that it was an accident. In response they have stopped all scanning of open WiFi by their streetview cars until they can repair and replace the faulty software. They have arranged for a third party to review the software and the data collected from public WiFi networks.
This is a major blunder by Google. Whether it was a case of pushing the envelope to see what the reaction would be or an honest mistake, it's going to hurt Google's reputation. This one I tend to believe was an accident. In many nations it is illegal to tamper with electronic communications. Google may want to gather and use information, but breaking the law to do it isn't good business.
Thursday, May 13, 2010
Does Arizona have the right idea?
I have to wonder if Arizona’s Jan Brewer doesn’t realize what she’s doing, or if she really believes so strongly in the importance of these racially charged bills that she is willing to sacrifice her political career. Just a few short weeks after passing the controversial immigration law, the Associated Press reports that, “Arizona gov. signs bill targeting ethnic studies". According to the story, “State schools chief Tom Horne, who has pushed the bill for years, said he believes the Tucson school district’s Mexican-American studies program teaches Latino students that they are oppressed by white people.”
Like the immigration bill before it, the purpose of the education bill as described in the story doesn’t seem that objectionable to me. I understand the concerns that the immigration bill could lead to racial profiling. That is a legitimate concern, but doesn’t change the fact that illegal immigrants are here illegally. I'm glad the immigration bill specifically prohibits stopping someone just to ask about their citizenship, but only time will tell if law enforcement abides by that.
I also understand that this education bill could be used as a reason to stop teaching about the contributions minorities have made to this country. It shouldn’t, and there is nothing in the bill to prevent classes on Hispanic (or any other minority) influences on U.S. history. It only prohibits classes intended to only be taught to a specific group. I'm not surprised - if it's illegal to have schools for specific groups, why would it be legal to have classes set up that way?
I do object to the prohibition against teaching “ethnic solidarity." Being proud of your heritage could be considered “ethnic solidarity.” Everyone should be proud of their heritage, and there’s nothing wrong with schools teaching that. But you should be proud of your entire heritage. Whether you are a recent immigrant or your family has lived here for generations (or centuries), whatever continent your ancestors hailed from you should be able to look to your entire history, both your ancestry and your nation, for a sense of pride in your heritage. Schools should promote that. To promote that they should be helping students realize that even though we are all different, we all share many things in common. Apparently the Tucson school districts ethnic studies program doesn’t always do that. According to the AP story:
It’s one thing to promote pride in your heritage. It’s another thing entirely to promote hatred, and that is what you are doing when you tell someone that an entire group of people hates them.
Both of these bills are controversial, although the neither bill should be. Not if they were really written and passed for the stated reasons. Enforcing the law is the duty of law enforcement officers. I believe the oath most of them take is to enforce laws of the community, state and country, not just the laws of whatever level of government (city, state or federal) happens to employ them. Schools are supposed to teach kids and to prepare them for life - and make them productive, loyal citizens. Like it or not, propaganda has always been one purpose of the public school system. It is a legitimate purpose. No modern society can survive if it's children are taught to hate and distrust people who are different - different people are part of our society.
Teaching the bad things that happened in the past does not have to be divisive or disruptive - and should not be. Enforcing legitimate laws - for instance, laws requiring visitors to our country to go through the same established legal channels our citizens have to go through to visit their countries - should not be divisive or disruptive. But sensational headlines and soundbites can cause them to be. So can poorly thought out or carelessly worded laws.
So does Arizona have the right idea? Should we be taking steps to enforce immigration laws? Before you answer, maybe you should cross illegaly into Mexico, Canada, or any European nation and see what happens if you get caught. Should we prohibit/monitor what is taught in classes to make sure it is for the common good? Should we make sure that classes that teach about the contributions of non-caucasions to our country are taught to everyone, so all students benefit from them? Better yet, should we make sure that those contributions are part of the standard classes - requiring that they be taught, not just that they appear in the textbooks?
Based on what I know of the two laws, I would say that they do have the right idea. If giving current illegals amnesty and a path to citizenship worked to discourage illegal immigration, we wouldn't be having this discussion. If an activist speaker was allowed to sat that Republicans (widely portrayed as all rich white people) "hate latinos," that's promoting racial tension, and should not be allowed in schools. Would she have said that if it was a class of all ethnicities? Would she have wanted to speak to such a class? I don't know. And I don't have a problem with her being asked to speak to a class. I do have a problem with classes being used to promote a particular political party or cause, and that's why I think Arizona has it right on the education bill, too.
Like the immigration bill before it, the purpose of the education bill as described in the story doesn’t seem that objectionable to me. I understand the concerns that the immigration bill could lead to racial profiling. That is a legitimate concern, but doesn’t change the fact that illegal immigrants are here illegally. I'm glad the immigration bill specifically prohibits stopping someone just to ask about their citizenship, but only time will tell if law enforcement abides by that.
I also understand that this education bill could be used as a reason to stop teaching about the contributions minorities have made to this country. It shouldn’t, and there is nothing in the bill to prevent classes on Hispanic (or any other minority) influences on U.S. history. It only prohibits classes intended to only be taught to a specific group. I'm not surprised - if it's illegal to have schools for specific groups, why would it be legal to have classes set up that way?
I do object to the prohibition against teaching “ethnic solidarity." Being proud of your heritage could be considered “ethnic solidarity.” Everyone should be proud of their heritage, and there’s nothing wrong with schools teaching that. But you should be proud of your entire heritage. Whether you are a recent immigrant or your family has lived here for generations (or centuries), whatever continent your ancestors hailed from you should be able to look to your entire history, both your ancestry and your nation, for a sense of pride in your heritage. Schools should promote that. To promote that they should be helping students realize that even though we are all different, we all share many things in common. Apparently the Tucson school districts ethnic studies program doesn’t always do that. According to the AP story:
"Horne, a Republican running for attorney general, said the program promotes "ethnic chauvinism" and racial resentment toward whites while segregating students by race. He's been trying to restrict it ever since he learned that Hispanic civil rights activist Dolores Huerta told students in 2006 that "Republicans hate Latinos."
It’s one thing to promote pride in your heritage. It’s another thing entirely to promote hatred, and that is what you are doing when you tell someone that an entire group of people hates them.
Both of these bills are controversial, although the neither bill should be. Not if they were really written and passed for the stated reasons. Enforcing the law is the duty of law enforcement officers. I believe the oath most of them take is to enforce laws of the community, state and country, not just the laws of whatever level of government (city, state or federal) happens to employ them. Schools are supposed to teach kids and to prepare them for life - and make them productive, loyal citizens. Like it or not, propaganda has always been one purpose of the public school system. It is a legitimate purpose. No modern society can survive if it's children are taught to hate and distrust people who are different - different people are part of our society.
Teaching the bad things that happened in the past does not have to be divisive or disruptive - and should not be. Enforcing legitimate laws - for instance, laws requiring visitors to our country to go through the same established legal channels our citizens have to go through to visit their countries - should not be divisive or disruptive. But sensational headlines and soundbites can cause them to be. So can poorly thought out or carelessly worded laws.
So does Arizona have the right idea? Should we be taking steps to enforce immigration laws? Before you answer, maybe you should cross illegaly into Mexico, Canada, or any European nation and see what happens if you get caught. Should we prohibit/monitor what is taught in classes to make sure it is for the common good? Should we make sure that classes that teach about the contributions of non-caucasions to our country are taught to everyone, so all students benefit from them? Better yet, should we make sure that those contributions are part of the standard classes - requiring that they be taught, not just that they appear in the textbooks?
Based on what I know of the two laws, I would say that they do have the right idea. If giving current illegals amnesty and a path to citizenship worked to discourage illegal immigration, we wouldn't be having this discussion. If an activist speaker was allowed to sat that Republicans (widely portrayed as all rich white people) "hate latinos," that's promoting racial tension, and should not be allowed in schools. Would she have said that if it was a class of all ethnicities? Would she have wanted to speak to such a class? I don't know. And I don't have a problem with her being asked to speak to a class. I do have a problem with classes being used to promote a particular political party or cause, and that's why I think Arizona has it right on the education bill, too.
Thursday, May 6, 2010
Facebook exposes private chats
In the Bits blog Nick Boltin reports on the Facebook bug that exposed private chats to public scrutiny. Facebook claims the bug was only live a few hours, and has shut down chat until the bug can be fixed (perhaps by the time you read this). This can't help Facebooks reputation in the eyes of the Electronic Frontier Foundation or Senator Charles Schumer (D, NY). Senator Schumer is one of the Senators calling on the FTC to craft privacy guidelines for social networks.
I'm not sure this was really an accident. Yes, I'm being paranoid and cynical, but the Facebook business model is to push for users to make everything public. I wouldn't be surprised if this was a 'live test' to see what kind of reaction results from this "bug".
I'm not sure this was really an accident. Yes, I'm being paranoid and cynical, but the Facebook business model is to push for users to make everything public. I wouldn't be surprised if this was a 'live test' to see what kind of reaction results from this "bug".
Friday, April 16, 2010
Biometric National ID - The big lie
In an article on fiercegovernmentit.com David Perera tells us more of the claims and controversy surrounding the proposed biometric national ID cards. The proposed cards would have some type of biometric data to make them tamperproof (there's no such thing) and are supposed to help stop illegal immigration. If you read this blog regularly you've probably already seen my opinion on that.
He links to an opinion piece by Senators Charles E. Schumer (D-N.Y.) and Lindsey O. Graham (R-S.C), the authors of the bill. This piece shows either the duplicity of the two legislators, or their unforgivable ignorance of just what it is they are proposing. Just a few sentences from one paragraph of their article raises all kinds of alarms with me:
Let's look at the two claims individually:
First, if the biometric data is only on the card, there is nothing to check it against. Without a database to check the data on the card against it will be difficult if not impossible to create a card that's really difficult to forge, let alone one that's anywhere near tamperproof. Once someone figures out how to move the biometric data from one card to another a single lost ID can be turned into as many different ID's as they want. The card is only checked against itself, so it will always report that it's legit. In other words, a national database loaded with U.S. citizens personal data is more than a requirement for an even remotely effective national ID, it's an absolute necessity.
Second, it's not supposed to contain any private information. Excuse me, but biometric data is extremely private. Social Security numbers are supposed to be private. By it's nature, an ID card has to have some type of personal data or it can't prove your identity. And don't believe there won't be medical data on it. It won't be there at first, but unless the health care reform bill is repealed, the most logical place for portable health info to go is a chip on an ID card. And don't trust the promises that none of this will happen. "It will not be used as an ID number" was one of the promises used to pass Social Security.
The ACLU and about 45 other organizations sent a letter to President Obama outlining their concerns over a national ID. Along with the concerns I've already noted, they included concerns over cost and enforceability, among others. Regarding cost, they point out that providing biometric ID cards for 1 million transportations workers is expected to cost the Department of Homeland Security 1.9 billion dollars. In other words, it will cost almost $300,000,000,000 dollars to ID the entire U.S. work force. Perhaps more important, they don't believe the plan has a snowballs chance of working:
If greater resources were dedicated to enforcing the law, there would be less perceived need for a national ID. In other words, this national ID thing is smoke and mirrors to gain more control over law abiding citizens while having minimal impact on the criminals.
He links to an opinion piece by Senators Charles E. Schumer (D-N.Y.) and Lindsey O. Graham (R-S.C), the authors of the bill. This piece shows either the duplicity of the two legislators, or their unforgivable ignorance of just what it is they are proposing. Just a few sentences from one paragraph of their article raises all kinds of alarms with me:
Each card's unique biometric identifier would be stored only on the card; no government database would house everyone's information. The cards would not contain any private information, medical information or tracking devices. The card would be a high-tech version of the Social Security card that citizens already have.
Let's look at the two claims individually:
First, if the biometric data is only on the card, there is nothing to check it against. Without a database to check the data on the card against it will be difficult if not impossible to create a card that's really difficult to forge, let alone one that's anywhere near tamperproof. Once someone figures out how to move the biometric data from one card to another a single lost ID can be turned into as many different ID's as they want. The card is only checked against itself, so it will always report that it's legit. In other words, a national database loaded with U.S. citizens personal data is more than a requirement for an even remotely effective national ID, it's an absolute necessity.
Second, it's not supposed to contain any private information. Excuse me, but biometric data is extremely private. Social Security numbers are supposed to be private. By it's nature, an ID card has to have some type of personal data or it can't prove your identity. And don't believe there won't be medical data on it. It won't be there at first, but unless the health care reform bill is repealed, the most logical place for portable health info to go is a chip on an ID card. And don't trust the promises that none of this will happen. "It will not be used as an ID number" was one of the promises used to pass Social Security.
The ACLU and about 45 other organizations sent a letter to President Obama outlining their concerns over a national ID. Along with the concerns I've already noted, they included concerns over cost and enforceability, among others. Regarding cost, they point out that providing biometric ID cards for 1 million transportations workers is expected to cost the Department of Homeland Security 1.9 billion dollars. In other words, it will cost almost $300,000,000,000 dollars to ID the entire U.S. work force. Perhaps more important, they don't believe the plan has a snowballs chance of working:
"Adding insult to injury, this unaffordable scheme will probably never work. Even ignoring the enormous difficulties of creating a system to fingerprint everyone and distributing readers to employers across the country, the truth is that some employers prefer the ambiguity of the current process. Unless significantly greater resources are dedicated to enforcing the law, employers will continue to have a strong incentive to circumvent a broken system. Such enforcement could be accomplished just as easily without a National ID."
If greater resources were dedicated to enforcing the law, there would be less perceived need for a national ID. In other words, this national ID thing is smoke and mirrors to gain more control over law abiding citizens while having minimal impact on the criminals.
Monday, April 12, 2010
Surviellance law needs updating
Scott M. Fulton, III, managing editor of betanews.com, wrote an in-depth article on technewsworld.com about the need to update the Electronic Communications Privacy Act (ECPA), an ancient (in technology terms) law that sought to update the code covering telephone communications so that it also covered computer communications. But it was written in 1986, almost a quarter of a century ago. Computer communications now are radically different than they were then. In 1986 most computer communications were between universities, government agencies and government contractors. Today the communication between those three segments is a fraction of the communications between private companies and citizens.
The Digital Due Process (DDP) group, led by the Center for Democracy and Technology, has defined some principles for Congress to take into consideration when they look at updating the ECPA. The goal is to get internet communications the same protection given to wiretapped telecommunications. This isn't the first time that the DDP has tried to influence policy, but this time they've enlisted two of the more visible company in recent privacy discussion, Microsoft and Google. Their involvement should put some weight behind the DDP's suggested principles.
Internet communications are in dire need of legislative protection. Despite recent court rulings, just how protected online communications such as email are is uncertain. And with more of individuals critical data being stored online or in third party cloud services, the current laws and precedents make the Fourth Amendment moot. By use of the Third Party Doctrine law enforcement can deny Fourth Amendment protections to anything you store online. That includes email, financial data (if you access your bank account online...) and even your dropbox account.
Check out Mr. Fulton's article to learn a lot more about this issue. I've only touched the surface of what he covers. Before I finish, I want to include one quote to emphasize how important it is that current laws be updated, and the standard of how much privacy protection is afforded online data be updated:
I don't know about you, but to me that sounds a lot like assuming guilt without evidence. Kind of flies in the face of "innocent until proven guilty" doesn't it?
The Digital Due Process (DDP) group, led by the Center for Democracy and Technology, has defined some principles for Congress to take into consideration when they look at updating the ECPA. The goal is to get internet communications the same protection given to wiretapped telecommunications. This isn't the first time that the DDP has tried to influence policy, but this time they've enlisted two of the more visible company in recent privacy discussion, Microsoft and Google. Their involvement should put some weight behind the DDP's suggested principles.
Internet communications are in dire need of legislative protection. Despite recent court rulings, just how protected online communications such as email are is uncertain. And with more of individuals critical data being stored online or in third party cloud services, the current laws and precedents make the Fourth Amendment moot. By use of the Third Party Doctrine law enforcement can deny Fourth Amendment protections to anything you store online. That includes email, financial data (if you access your bank account online...) and even your dropbox account.
Check out Mr. Fulton's article to learn a lot more about this issue. I've only touched the surface of what he covers. Before I finish, I want to include one quote to emphasize how important it is that current laws be updated, and the standard of how much privacy protection is afforded online data be updated:
"The Supreme Court has said that you can issue a subpoena -- not because you believe the law is being violated, but merely to assure yourself that the law is not being violated." Jim Dempsey, CDT Vice President for Public Policy
I don't know about you, but to me that sounds a lot like assuming guilt without evidence. Kind of flies in the face of "innocent until proven guilty" doesn't it?
Thursday, March 25, 2010
Is answering the census safe?
NOTE: Checking Census law reveals that it is illegal to refuse to answer the census questions.
In an opinion piece on csmonitor.com James Bovard examines the possibility that our census answers may not be as private as we're promised they'll be. He looks at the historical record the census bureau has built regarding privacy of census data. It doesn't look too good. The first mar on the bureaus record was the production of a list of Japanese Americans on the East coast within days of Pearl Harbor. Although they are now remembered (when mentioned at all) as "internment camps," or "War Relocation Camps," Japanese Americans were rounded up and put into concentration camps. The Census Bureau denied any such activity until 2000, and denied giving specific names and addresses until it was proved in 2007 that exactly that information had been provided.
The Department of Homeland Security was given similar information by the Census Bureau in 2003-2004 regarding people of Middle Eastern ancestry in the U.S. No roundups occurred, but they would have been much easier with that information.
Mr. Bovard talks about the abuses to citizen privacy in the last 10 years, and points out that all the census is really required to gather by the constitution is a count of citizens, and the number of people living at each address is all that anyone should provide. Especially since the government obviously is more concerned with gathering as much information as it can about citizens than protecting their rights. It was true of the Bush administration, and by all the evidence nothing has changed with the Obama administration. I have no doubt that census data will be used in whatever fashion the government feels the need to use it, no matter what the law says.
In an opinion piece on csmonitor.com James Bovard examines the possibility that our census answers may not be as private as we're promised they'll be. He looks at the historical record the census bureau has built regarding privacy of census data. It doesn't look too good. The first mar on the bureaus record was the production of a list of Japanese Americans on the East coast within days of Pearl Harbor. Although they are now remembered (when mentioned at all) as "internment camps," or "War Relocation Camps," Japanese Americans were rounded up and put into concentration camps. The Census Bureau denied any such activity until 2000, and denied giving specific names and addresses until it was proved in 2007 that exactly that information had been provided.
The Department of Homeland Security was given similar information by the Census Bureau in 2003-2004 regarding people of Middle Eastern ancestry in the U.S. No roundups occurred, but they would have been much easier with that information.
Mr. Bovard talks about the abuses to citizen privacy in the last 10 years, and points out that all the census is really required to gather by the constitution is a count of citizens, and the number of people living at each address is all that anyone should provide. Especially since the government obviously is more concerned with gathering as much information as it can about citizens than protecting their rights. It was true of the Bush administration, and by all the evidence nothing has changed with the Obama administration. I have no doubt that census data will be used in whatever fashion the government feels the need to use it, no matter what the law says.
Tuesday, March 16, 2010
Obama supports DNA sampling when arrested
Politico's Josh Gerstein tells us that, "President Obama backs DNA test in arrests." In an interview with John Walsh on America's most wanted the President professed his strong support of gathering DNA of everyone arrested for a felony crime:
It's a great sentiment. The problem is, that when it comes to DNA testing upon arrest, it's wrong. In the interview John Walsh says that it's no different that taking fingerprints or an arrest photo. But that is not true.
DNA samples, unlike fingerprints, don't just identify you. They have the potential to reveal health issues, genetic relationships (siblings, parents), and possibly potential behaviors. You may give up the right to protect this information if you are convicted, but to take it upon arrest flies in the face of "guilty until proven innocent." Requiring DNA sample of people who have been arrested, but not indicted, let alone convicted, says the exact opposite. It assumes you are guilty until the DNA sample proves you innocent. That is not the way justice is served in the U.S.
See the portion of the interview that talks about DNA (about halfway through on Youtube.
See the entire interview on amw.com
"It's the right thing to do, and then, as you well know, John, this is where the national registry becomes so important, making sure that, not only are we getting these DNA tests done state by state, but then, nationally, everybody's talking to each other. That's how we make sure that we continue to tighten the grip around folks who have perpetrated these crimes."
It's a great sentiment. The problem is, that when it comes to DNA testing upon arrest, it's wrong. In the interview John Walsh says that it's no different that taking fingerprints or an arrest photo. But that is not true.
DNA samples, unlike fingerprints, don't just identify you. They have the potential to reveal health issues, genetic relationships (siblings, parents), and possibly potential behaviors. You may give up the right to protect this information if you are convicted, but to take it upon arrest flies in the face of "guilty until proven innocent." Requiring DNA sample of people who have been arrested, but not indicted, let alone convicted, says the exact opposite. It assumes you are guilty until the DNA sample proves you innocent. That is not the way justice is served in the U.S.
See the portion of the interview that talks about DNA (about halfway through on Youtube.
See the entire interview on amw.com
Wednesday, March 10, 2010
United States national worker ID card
From Laura Meckler at the Wall Street Journal:
Really neat idea, except that it won't work. It won't even be an improvement on the current method. People paying illegals cash under the table will continue to do so. This ID card won't do anything to change that. It will give the government increasing ability to monitor law-abiding citizens without doing anything to affect the problem it's supposed to solve.
While this should be self evident, Senator Chuck Schumer (D., N.Y.) obviously thinks that biometrics are magically going to force all employers to check employees eligibility and pay by traceable means that make it necessary for all employees to be legal. He actually believes that requiring a biometric card is more effective than requiring a Social Security Card. Talking about illegal immigration he says, "If you say they can't get a job when they come here, you'll stop it." The only problem is, we say that now, and it's patently a lie.
Of course, not everyone thinks a national employee ID is a bad thing. The Christian Science Monitor is very much a believer in a national employee ID. In an editorial entitled "Immigration reform rests on a national worker ID" the CSM editorial board states:
I have two problems with that quote. The first regards illegal workers having to come clean. Why? What is this ID going to do that will force illegal workers (or their employers) to suddenly 'fess up? Even assuming most illegals bother with forged or stolen Social Security numbers, what's to keep employers from paying in cash and misreporting their number of employees anyway? Admittedly, if you're paying more than two or three employee’s cash can be problematic.
The other is the figure of 8 million illegals. That may be the suspected or deduced number, but it is impossible to prove. Even if it's correct, to say that all 8 million are working is a stretch.
On Foxnews.com, Alex Nowrasteh's article, "5 Reasons Why America Should Steer Clear of a National ID Card" gives a very clear, thought out explanation of the problems inherent in a national ID card. Briefly, they are:
There is one way the national employee ID card would work. It would require a fundamental change in the way we live, not to mention being a harbinger of the end times. If we move to an entirely electronic economy we get rid of all but an insignificant amount of illegal alien employees. If we go to an entirely electronic economy and make your biometric employee ID your bankcard, too, then the only way to buy anything is with your employee ID card. It can be tied to your credit cards, debit cards, and all of your accounts. Utilities, insurance, gym memberships, all pulled from your national employee ID card. It would solve so many problems. It would be much harder for illegal aliens to find employment, it would encourage employers to hire U.S. citizens or legal aliens, and it would give the government what it wants - a way to track all citizens at all times. All you have to do is surrender your privacy and freedom.
"Lawmakers working to craft a new comprehensive immigration bill have settled on a way to prevent employers from hiring illegal immigrants: a national biometric identification card all American workers would eventually be required to obtain."
Really neat idea, except that it won't work. It won't even be an improvement on the current method. People paying illegals cash under the table will continue to do so. This ID card won't do anything to change that. It will give the government increasing ability to monitor law-abiding citizens without doing anything to affect the problem it's supposed to solve.
While this should be self evident, Senator Chuck Schumer (D., N.Y.) obviously thinks that biometrics are magically going to force all employers to check employees eligibility and pay by traceable means that make it necessary for all employees to be legal. He actually believes that requiring a biometric card is more effective than requiring a Social Security Card. Talking about illegal immigration he says, "If you say they can't get a job when they come here, you'll stop it." The only problem is, we say that now, and it's patently a lie.
Of course, not everyone thinks a national employee ID is a bad thing. The Christian Science Monitor is very much a believer in a national employee ID. In an editorial entitled "Immigration reform rests on a national worker ID" the CSM editorial board states:
"Obama could quickly reduce the nation’s high jobless rate with passage of a law requiring legal residents and Americans, even teenagers, to obtain a federal ID as legal workers. Migrants working outside the law would then be forced to come clean on their illegal activity, leave the country, and perhaps properly apply for a US visa – as millions of law-abiding people do around the world who wait years to enter the US.
To reach full employment, Obama needs to create about 8 million jobs – or nearly the number of illegal immigrants in the US."
I have two problems with that quote. The first regards illegal workers having to come clean. Why? What is this ID going to do that will force illegal workers (or their employers) to suddenly 'fess up? Even assuming most illegals bother with forged or stolen Social Security numbers, what's to keep employers from paying in cash and misreporting their number of employees anyway? Admittedly, if you're paying more than two or three employee’s cash can be problematic.
The other is the figure of 8 million illegals. That may be the suspected or deduced number, but it is impossible to prove. Even if it's correct, to say that all 8 million are working is a stretch.
On Foxnews.com, Alex Nowrasteh's article, "5 Reasons Why America Should Steer Clear of a National ID Card" gives a very clear, thought out explanation of the problems inherent in a national ID card. Briefly, they are:
1. Workers would have to ask the Federal Government before getting a job.
2. National ID's are perfect for controlling citizens movements: "Your papers, please."
3. The system will accidentally exclude millions of legal workers and fail to catch the majority of illegal ones.
4. The scanners are up to $800 - or employers can make a trip down to the local DMV to check their workers ID.
5. Law abiding citizens are treated like criminals - we will have to divulge information that the government cannot require of us now because we are not criminals. (That's the biometric data, in case you're wondering).
There is one way the national employee ID card would work. It would require a fundamental change in the way we live, not to mention being a harbinger of the end times. If we move to an entirely electronic economy we get rid of all but an insignificant amount of illegal alien employees. If we go to an entirely electronic economy and make your biometric employee ID your bankcard, too, then the only way to buy anything is with your employee ID card. It can be tied to your credit cards, debit cards, and all of your accounts. Utilities, insurance, gym memberships, all pulled from your national employee ID card. It would solve so many problems. It would be much harder for illegal aliens to find employment, it would encourage employers to hire U.S. citizens or legal aliens, and it would give the government what it wants - a way to track all citizens at all times. All you have to do is surrender your privacy and freedom.
Monday, March 8, 2010
Privacy vs Security at RSA conference
Brian Prince of eWeek Europe reports that U.S. Cyber Defense experts agreed on two things: U.S. cyber security needs beefing up, and doing that while protecting privacy won't be easy. Former head of U.S. Homeland Security Michael Chertoff saw the situation as a balancing act:
That's an important statement - and one that very neatly sums up the difficulty of providing security while maintaining privacy. The rest of the panel discussion showed a real concern and understanding of the importance - and complexity - of maintaining privacy while ensuring security.
Chertoff was one of a three member panel. The other two members were Marc Rotenberg, executive director of the Electronic Privacy Information Center ( EPIC ), and former special advisor on Cyber Security for George W. Bush, Richard Clarke. Richard Clarke is now chairman of Good Harbor Consulting. To be honest, I was a little surprised at the attitude shown by Mr. Chertoff and Mr. Clark. Hearing Mr. Chertoff, co-author of the Patriot Act, talk about the importance of limiting governments ability to invade citizens online privacy was unexptected.
Of course, not everything they said was so pretty. Clark wants a system that is flexible enough that it isn't compromised when some companies don't keep up with the latest patches and malware protections. His idea? Have Tier 1 ISP's do deep packet inspection to detect illicit activity. This is just a liiiiiittle bit contradictory to Mr. Chertoffs statement above. Deep packet inspection would mean they see everything everybody does that goes through a Tier 1 ISP. A lot of traffic will never hit a Tier 1 ISP, but the fact that US citizens would be being treated as criminals with no evidence that they are would be a major constitutional problem. Of course, it should be a major constitutional problem with the nationwide phone tapping that's still going on, and we know how that went. Not surprising at all that Rotenberg saw a slippery slope, "If we go down this road you really have to be very careful because one rationale easily collapses into another."
It was encouraging that Clarke felt the U.S. government had discredited itself over the past ten years where privacy is concerned. He also felt that the agency best equipped to protect the country, both military and civilian, is the NSA. But in an amazing twist, he feels that the NSA is not the agency that should be protecting the private sector. The problem is, there isn't anyone looking out for the private sector:
As scary as that is, it's better than being watched by the NSA. And I'm happy that all three panel members seem to agree with that sentiment.
.
“You don’t want necessarily to have the government literally sitting there and operating the internet and opening and closing doors because it’s not hard to imagine a situation like you have in other countries where someone makes a decision that the threat isn’t just an attack by a botnet but an attack on ideas the government doesn’t like. So the key is to build a system that allows a sharing of information that does put on critical infrastructure a responsibility to maintain itself…but preserves a certain gate between them and a certain amount of accountability so that the government can’t simply just roughshod over the privacy.”
That's an important statement - and one that very neatly sums up the difficulty of providing security while maintaining privacy. The rest of the panel discussion showed a real concern and understanding of the importance - and complexity - of maintaining privacy while ensuring security.
Chertoff was one of a three member panel. The other two members were Marc Rotenberg, executive director of the Electronic Privacy Information Center ( EPIC ), and former special advisor on Cyber Security for George W. Bush, Richard Clarke. Richard Clarke is now chairman of Good Harbor Consulting. To be honest, I was a little surprised at the attitude shown by Mr. Chertoff and Mr. Clark. Hearing Mr. Chertoff, co-author of the Patriot Act, talk about the importance of limiting governments ability to invade citizens online privacy was unexptected.
Of course, not everything they said was so pretty. Clark wants a system that is flexible enough that it isn't compromised when some companies don't keep up with the latest patches and malware protections. His idea? Have Tier 1 ISP's do deep packet inspection to detect illicit activity. This is just a liiiiiittle bit contradictory to Mr. Chertoffs statement above. Deep packet inspection would mean they see everything everybody does that goes through a Tier 1 ISP. A lot of traffic will never hit a Tier 1 ISP, but the fact that US citizens would be being treated as criminals with no evidence that they are would be a major constitutional problem. Of course, it should be a major constitutional problem with the nationwide phone tapping that's still going on, and we know how that went. Not surprising at all that Rotenberg saw a slippery slope, "If we go down this road you really have to be very careful because one rationale easily collapses into another."
It was encouraging that Clarke felt the U.S. government had discredited itself over the past ten years where privacy is concerned. He also felt that the agency best equipped to protect the country, both military and civilian, is the NSA. But in an amazing twist, he feels that the NSA is not the agency that should be protecting the private sector. The problem is, there isn't anyone looking out for the private sector:
“The problem is right now no one is defending the private sector,” he continued. “The theory of the Obama administration seems to be cyber-command defends the military, DHS (Department of Homeland Security) – which can’t do it yet – defends the .gov community, and the rest of us are on our own.”
As scary as that is, it's better than being watched by the NSA. And I'm happy that all three panel members seem to agree with that sentiment.
.
Thursday, February 25, 2010
More fallout from PlainsCapital vs Hillary Machinery
Last week Hillary Machinery filed it's counter to PlainsCapitals lawsuit. The PlainsCapital suit seeks nothing from Hillary (other than legal fees and court costs), but wants a judge to rule that PlainsCapitals security measures were commercially reasonable at the time of the bogus transfers. Hillary is seeking the return of the unrecovered monies and legal costs.
Most of the security community, or the most of the portion making their opinion known, seem to believe Hillary is in the right. But not everyone is ready to pick a side just yet. Benjamin Wright, an expert in data security and cyber investigations law has pointed out in his blog that we only have Hillary's side of things, so until PlainsCapital has it's say, any conclusions we come to are speculation.
But as things have developed, PlainsCapital's say may be too little, too late. Hillary has not stood still and has not played the quiet game. They have told their story loudly to anyone willing to listen, and it is a compelling story. Even if PlainsCapital had security measures in place that Hillary hasn't mentioned, the Banks reputation has been tarnished, and this incident will probably pop up when least expected for years to come. And regardless of who wins, both litigants will probably both find the way they handle financial transfers changed forever when this is over, because real fallout from this whole event is not going to hit just PlainsCapital or Hillary Machinery. It could change the way banks do business, and that will affect anyone who deals with banks.
DarkReading.com reports that at next weeks RSA Security conference Authentify, Inc. (who are consulting with Hillary) will be asking security professionals to sign a petition to Congress in an effort to force banks to establish better security for business customers. I don't think anyone wants more government regulation, but the fact is that what happened to Hillary Machinery and PlainsCapital isn't unique, or even unusual, even if the lawsuit is. Apparently small and medium size banks haven't done anything to correct the situation. With the attention of Washington being called to it, the government probably will.
Most of the security community, or the most of the portion making their opinion known, seem to believe Hillary is in the right. But not everyone is ready to pick a side just yet. Benjamin Wright, an expert in data security and cyber investigations law has pointed out in his blog that we only have Hillary's side of things, so until PlainsCapital has it's say, any conclusions we come to are speculation.
But as things have developed, PlainsCapital's say may be too little, too late. Hillary has not stood still and has not played the quiet game. They have told their story loudly to anyone willing to listen, and it is a compelling story. Even if PlainsCapital had security measures in place that Hillary hasn't mentioned, the Banks reputation has been tarnished, and this incident will probably pop up when least expected for years to come. And regardless of who wins, both litigants will probably both find the way they handle financial transfers changed forever when this is over, because real fallout from this whole event is not going to hit just PlainsCapital or Hillary Machinery. It could change the way banks do business, and that will affect anyone who deals with banks.
DarkReading.com reports that at next weeks RSA Security conference Authentify, Inc. (who are consulting with Hillary) will be asking security professionals to sign a petition to Congress in an effort to force banks to establish better security for business customers. I don't think anyone wants more government regulation, but the fact is that what happened to Hillary Machinery and PlainsCapital isn't unique, or even unusual, even if the lawsuit is. Apparently small and medium size banks haven't done anything to correct the situation. With the attention of Washington being called to it, the government probably will.
Monday, February 15, 2010
The lighter side of data breaches
Apparently a Swiss bank has been the victim of a data breach. Erik Kirschbaum reports through Reuters that German tax dodgers are running scared after data breach. The report says that which bank it was is unknown, but the German government seeing a huge increase in the number of tax dodgers turning themselves in. There is a good reason it's happening. German tax law says that a tax dodger can avoid prosecution if he turns himself in before the government starts to investigate him.
It seems there are a lot of German tax evaders with money in Swiss banks. But they may not have even noticed if the German government wasn't willing to pay 2.5 million Euros for the data. Which allows great quotes like this:
Great stuff.
It seems there are a lot of German tax evaders with money in Swiss banks. But they may not have even noticed if the German government wasn't willing to pay 2.5 million Euros for the data. Which allows great quotes like this:
"There's been a delightful rise in tax compliance," said Daniel Abbou, spokesman for the finance department in the city of Berlin after 74 people volunteered this week to pay back taxes on previously undeclared income.
Great stuff.
Friday, February 12, 2010
Obama = Bush
Now that I've got your attention, yes, I mean that. When it comes to citizens privacy rights, I can see no discernable difference between their administrations. Obama is continuing the national phone monitoring that was started by the Bush Adminstration. A program that is unconstitutional and does little if anything to benefit national security.
If that wasn't bad enough, last night I saw two articles talking about a case being argued today in Philidelphia. The first was at Cato-at-liberty.org and was pretty short. The headline says it all:
The second was an opinion piece by Catherine Crump at the Philadelphia Enquirer. It began with,
The Obama administration is asserting that U.S. citizens have no reasonable expectation of privacy when it comes to their cell phones. This premise comes from the "third party doctrine." The third party doctrine is controversial to say the least, and in the modern age the equivalent of completely removing all Fourth Amendment protections without the pesky need to actually repeal it.
The third party doctrine says that once you knowingly give information to a third party you lose the right to the Fourth Amendment protections. Just to help keep things clear, the Fourth Amendment says:
The third party doctrine is based on the premise that, since the phone company, your ISP, and any other company you may give data to is not within the four walls of your home or on your person, that data is no longer protected by the Fourth Amendments clause against unreasonable searches and seizures.
Forget whether or not you are doing anything illegal. Under the third party doctrine the government can subpoena your browsing history from your ISP without having to prove probable cause. Anything you put on Facebook (not that Facebook is private), and possibly even anything you backup to Carbonite or other online backup service. I say possibly to the backup services because they are usually encrypted, so a "reasonable expectation of privacy" can be argued. The same can't be said for email, cell phones, text messages or almost anything sent over the internet.
I don't know about you, but almost everything I do that doesn't involve direct, face to face communication goes through a third party before reaching it's destination. There is almost nothing I do that the government can't look into for no other reason than curiosity using the third party doctrine. Knowing the history of the American colonies and the revolution, I know the founding fathers never intended the government to have that kind of power.
If that wasn't bad enough, last night I saw two articles talking about a case being argued today in Philidelphia. The first was at Cato-at-liberty.org and was pretty short. The headline says it all:
The Government Can Monitor Your Location All Day Every Day Without Implicating Your Fourth Amendment Rights
The second was an opinion piece by Catherine Crump at the Philadelphia Enquirer. It began with,
"If you own a cell phone, you should care about the outcome of a case scheduled to be argued in federal appeals court in Philadelphia tomorrow. It could well decide whether the government can use your cell phone to track you - even if it hasn't shown probable cause to believe it will turn up evidence of a crime."
The Obama administration is asserting that U.S. citizens have no reasonable expectation of privacy when it comes to their cell phones. This premise comes from the "third party doctrine." The third party doctrine is controversial to say the least, and in the modern age the equivalent of completely removing all Fourth Amendment protections without the pesky need to actually repeal it.
The third party doctrine says that once you knowingly give information to a third party you lose the right to the Fourth Amendment protections. Just to help keep things clear, the Fourth Amendment says:
Fourth Amendment – Protection from unreasonable search and seizure.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The third party doctrine is based on the premise that, since the phone company, your ISP, and any other company you may give data to is not within the four walls of your home or on your person, that data is no longer protected by the Fourth Amendments clause against unreasonable searches and seizures.
Forget whether or not you are doing anything illegal. Under the third party doctrine the government can subpoena your browsing history from your ISP without having to prove probable cause. Anything you put on Facebook (not that Facebook is private), and possibly even anything you backup to Carbonite or other online backup service. I say possibly to the backup services because they are usually encrypted, so a "reasonable expectation of privacy" can be argued. The same can't be said for email, cell phones, text messages or almost anything sent over the internet.
I don't know about you, but almost everything I do that doesn't involve direct, face to face communication goes through a third party before reaching it's destination. There is almost nothing I do that the government can't look into for no other reason than curiosity using the third party doctrine. Knowing the history of the American colonies and the revolution, I know the founding fathers never intended the government to have that kind of power.
Sunday, January 31, 2010
Facebook Twist: Anti-social networking
The Times Online reports that Colin Gunn, a notorious British godfather, has had free access to the internet, and has been using it to intimidate and terrorize via Facebook. He claims to have been given permission for it by prison officials. The suspicion is that they gave him access fearing refusal would be called a human rights violation. On the face of it, this seems silly, but it was only last June that the French version of the Supreme Court declared Internet access to be a fundamental human right. I'm sure they never intended for convicted felons to be able to access the internet from prison and continue to run their gangs. That is exactly what Gunn did, using his Facebook account to send intimidating messges, such as:
Such an endearing character.
This actually isn't a post against Facebook. Facebook had no control over this, and probably shouldn't. The problem here is the idea that internet use is a "human right." If it is any kind of right at all, it is a citizens right, and like many other citizens rights, can be lost once you are convicted of a crime. Matt Asay makes some good points on the subject in his article, "Is Internet access a 'fundamental right'?" from May of last year. As Matt points out, there are rights and responsibilities. It's important not to confuse the two.
“It’s good to have an outlet to let you know how I am, some of you will be in for a good slagging, some have let me down badly, and will be named and shamed, f****** rats.”
Such an endearing character.
This actually isn't a post against Facebook. Facebook had no control over this, and probably shouldn't. The problem here is the idea that internet use is a "human right." If it is any kind of right at all, it is a citizens right, and like many other citizens rights, can be lost once you are convicted of a crime. Matt Asay makes some good points on the subject in his article, "Is Internet access a 'fundamental right'?" from May of last year. As Matt points out, there are rights and responsibilities. It's important not to confuse the two.
Saturday, January 30, 2010
Lot-o-links: Articles on Facebook, Google, Supreme Court and more
From Businessweek: New EU Privacy Laws Could Hit Facebook - Mark Zuckerbergs mouth paints a target on Facebook
Exchangemag.com: Google Social Search Hits Privacy Snag on Facebook - Maybe Facebooks privacy settings are better than we thought.
Mediapost.com: Google Scores Partial Victory In Street View Lawsuit - Google streetview photographing view of house ok. Entering private drive to do it, not so much.
U.S. News: Should Supreme Court Uphold the Quon Case on Worker Privacy? Should workers expect email and other electronic communication on company equipment be private? Take the poll.
PCWorld.com: EFF:Browsers Can Leave a Unique Trail on the Web - Find out how much information your browser gives without even being asked. With suggestions on how to obscure your trail.
RDMag.com: How Can Policymakers Promote Innovation and Strengthen Privacy? - Policy always lags behind technology, trick is protecting privacy without stifling innovation.
Hope you find the reading interesting.
Exchangemag.com: Google Social Search Hits Privacy Snag on Facebook - Maybe Facebooks privacy settings are better than we thought.
Mediapost.com: Google Scores Partial Victory In Street View Lawsuit - Google streetview photographing view of house ok. Entering private drive to do it, not so much.
U.S. News: Should Supreme Court Uphold the Quon Case on Worker Privacy? Should workers expect email and other electronic communication on company equipment be private? Take the poll.
PCWorld.com: EFF:Browsers Can Leave a Unique Trail on the Web - Find out how much information your browser gives without even being asked. With suggestions on how to obscure your trail.
RDMag.com: How Can Policymakers Promote Innovation and Strengthen Privacy? - Policy always lags behind technology, trick is protecting privacy without stifling innovation.
Hope you find the reading interesting.
Monday, January 25, 2010
Cost of music piracy: $2,250 per song.
Are you one of the people still sharing your music over peer to peer networks like Limewire? In the 'Threat Level' blog for Jan 22, David Kravits tell us about Jammi Thomas-Riset, who was fined 1.92 million for sharing 24 songs. That's $80,000 a song! Jammi's lawyer asked that the price be reduced. The judge agreed, and reduced it to the minimum allowed, $750 per song x 3. The judge called the original amount "shocking."
The RIAA is a fear-mongering bully, and they need to be forcd to disband and allow artists to do their thing. The premise that internet sharing reduces CD sales is hogwash, and 70's folk singer Janis Ian makes a good case for the opposite here, and Eric Flint of the Baen Free Library makes a similar case here and amplifies on it here. Ian's article is also published in "Prime Palaver" on the Baen Free Library website. Both people can demonstrate that offering things free (including having your music pirated) leads to more - not less - sales.
It's inevitable the entrenched businesses with "strategies that work" will react violently to any new model that makes their way of doing business obsolete. But it's getting old. The iTunes music store has demonstrated quite well that legal online sales are not only feasable, but can be highly lucrative. But they still want to alienate their users by suing them. I'll never understand the corporate mind.
The RIAA is a fear-mongering bully, and they need to be forcd to disband and allow artists to do their thing. The premise that internet sharing reduces CD sales is hogwash, and 70's folk singer Janis Ian makes a good case for the opposite here, and Eric Flint of the Baen Free Library makes a similar case here and amplifies on it here. Ian's article is also published in "Prime Palaver" on the Baen Free Library website. Both people can demonstrate that offering things free (including having your music pirated) leads to more - not less - sales.
It's inevitable the entrenched businesses with "strategies that work" will react violently to any new model that makes their way of doing business obsolete. But it's getting old. The iTunes music store has demonstrated quite well that legal online sales are not only feasable, but can be highly lucrative. But they still want to alienate their users by suing them. I'll never understand the corporate mind.
Friday, January 22, 2010
PlainsCapital vs Hillary Machinery
tx_plow_boy asked what I though about "my bank" after the revelations by Hillary Machinery. Hillary is alleging that negligence on the part of PlainsCapital led to the theft of over $800,000 from Hillary Machinery's account. $600,000 was recovered, but Hillary Machinery wants PlainsCapital to admit that they are responsible and pay up.
I've read Walt Nett's article, "Company, bank blame each other," in the Avalanche-Journal. I've read what Hillary Machinery says in the news section on their website, and I've read the two stories about similar breaches they link to directly from their site. I'm going to take a closer look at the info we have on the Hillary Machinery breach and see what I can come up with. Most of the information I'm using will be straight from their website. As we look at this the circumstances of this theft, keep in mind that I am not a lawyer, and I have only the information I've read (and linked to for you) to go by.
Looking at the info provided by Hillary Machinery on their website, here is what we have. To shorten this a little, I'll take it point by point.
1. In November 2009 PlainsCapital became the target of cybercriminals. They used vulnerabilities in PlainsCapitals internet banking system and initiated fraudulent wire and automated clearinghouse transfers.
Since I can find no mention of similar data breaches at PlainsCapital, I would probably classify the bank as a victim. It appears that the target was actually Hillary Machinery. For the same reason, I would say that the bank was not where the vulnerabilities were exploited. The normal scenario when an institution gets breached is to grab as much information as possible, or in the case of banks, grab money in small amounts from as many accounts as possible. Grabbing a large amount of money from one account points to the exploited vulnerability being at Hillary Machinery.
2. Even though the transactions were not authorized by a representative of Hillary Machinery Inc and inconsistent with Hillary's the bank still allowed them to occur.
The "not authorized by a representative of Hillary Machinery" is a bit of a red herring. If the perp stole the needed information from Hillary Machinery, the bank woudln't know that it wasn't someone from Hillary until the transaction was set in motion, and even then maybe not until two or three had been made. At that point the bank should have contacted the company to make sure the transactions were legit.
3. To make matters worse, PlainsCapital Bank has yet to take responsibility for the stolen funds claiming that their Internet banking systems are "reasonably secure."
Face it. The bank can't admit any culpability. The second they admit any kind of fault they will be sued out of business. If this case ends the way these things usually do it will be settled out of court with PlainsCapital paying some undisclosed amount without admitting any fault.
I don't think the lions share of blame goes to PlainsCapital on this one. It looks like Hillary was breached, whether by a virus, a trojan, or social engineering. Any share of the blame that goes to PlainsCapital goes after Hillary recognizes their own part in this very expensive fiasco.
I hope that answers your question, tx_plow_boy.
Thursday, January 7, 2010
Bono's hurting because of music pirates?
In a New York Times editorial U2 front man Bono gives his top ten things he thinks are important for the next decade. His second item is a plea to stop this horrible thing that has almost killed the music industry - file sharing. Not for the sake of artists like him, but for the little guys trying to get started. The ones who can't make a living because their music is being distributed free by pirates. He apparently does know how ridiculous he sounds, because he ends the section with, "Note to self: Don’t get over-rewarded rock stars on this bully pulpit, or famous actors; find the next Cole Porter, if he/she hasn’t already left to write jingles."
There are a few things he is ignoring, however. There is a thriving indy music industry based on internet distribution. Many young artists have started their careers using the internet and are quite happy as regional sensations. Other types of content providers have discovered that carefully managed free distribution increases sales instead of decreasing them. Baen books started an experiment in 1999 or 2000. Instead of trying to stop internet sharing, they embraced it. They put some of the older titles of authors who were willing to give away a book or two online as free downloads. They're still doing it today. I'll give you three guesses why.
If you are a fan of fantasy and science fiction, check out the Baen Free Library. And see how intelligence and forward thinking handle new "problems". And after picking up a book or two by an author you've never read before, if you like it, buy something else by the same author. After all, he was nice enough to give you an enjoyable free read, and he's got bills the same as you and I.
There are a few things he is ignoring, however. There is a thriving indy music industry based on internet distribution. Many young artists have started their careers using the internet and are quite happy as regional sensations. Other types of content providers have discovered that carefully managed free distribution increases sales instead of decreasing them. Baen books started an experiment in 1999 or 2000. Instead of trying to stop internet sharing, they embraced it. They put some of the older titles of authors who were willing to give away a book or two online as free downloads. They're still doing it today. I'll give you three guesses why.
If you are a fan of fantasy and science fiction, check out the Baen Free Library. And see how intelligence and forward thinking handle new "problems". And after picking up a book or two by an author you've never read before, if you like it, buy something else by the same author. After all, he was nice enough to give you an enjoyable free read, and he's got bills the same as you and I.
Wednesday, December 16, 2009
Data Breach Bill passes House
HR221, the Data Accountability and Trust Act, passed in the House December 8th and was referred to the Senate on the 9th. The bill requires security policies for consumer information, regulates the information broker industry, and establishes a national breach notification law.
This bit of news got lost in the face of Facebook changes and Google CEO pronouncements. It deserves more attention, and after I've read more about it I will come back to it. Since the bill is going to the Senate, now would be a good time to contact your senator and provide your thoughts on data breach notification.
This bit of news got lost in the face of Facebook changes and Google CEO pronouncements. It deserves more attention, and after I've read more about it I will come back to it. Since the bill is going to the Senate, now would be a good time to contact your senator and provide your thoughts on data breach notification.
Tuesday, December 1, 2009
Health, the web, and HIPAA
One of the more exciting (or frightening) developing trends on the web is the push to keep your health records online. The government is encouraging doctors, hospitals and other medical institutions to do this for the ultimate in health records portability. This is made more difficult by HIPAA, which makes those same groups responsible for the security of your health records. The end result is that the government is sending mixed messages, and smart money is on keeping the records offline if you're a medical provider.
Enter two companies not exactly renown for their respect of privacy: Microsoft and Google. Google Health and Microsoft's Healthvault allow you to put your medical records, prescriptions, shot records, etc online and share them with your pharmacy and various healthcare providers. This sounds like a really good idea. It makes your records readily available for new doctors and makes it easy for you to share with a trusted family member or friend. Here is a short examination of both services.
First we'll look at Google Health. From the page you go to on that link:
The privacy policy looks pretty good, but under the "How Google uses your information" section, #3 states:
I don't like my data being shared even "in aggregate." It's supposed to just be information like "x number of persons making between 45,000 and 100,000 a year are members." But I'm paranoid, especially about my health data. That is data that can be very damaging in the wrong hands.
The "Sharing your information" section is encouraging. The first thing they do after telling you that you can share information, see a list of who you are sharing it with, and revoke the right of someone on the list to see your information is to warn you that they may still have a copy of it, even if they can't access it to get new information. Now if only people would actually read the policy it would save some headaches later.
One encouraging thing about Google's offering is that it complies with Safe Harbor guidelines. By the nature of their business Google is not the worlds biggest privacy watchdog, but they appear to understand the importance of privacy when it comes to health records.
Now for a look at Microsoft Healthvault:
Microsoft Healthvault is HONCode and Truste certified. Health On the Net was founded in 1995 and "promotes and guides the deployment of useful and reliable online health information, and its appropriate and efficient use." You can verify Healthvaults certification here, but right now they are actually undergoing annual review. It comforts me that they are reviewed annually.
The Healthvault privacy policy is longer and wordier than Google Health's but says essentially the same thing. Your data will only be released in aggregate, except for the people you release your own info to.
The question that burned in my brain when I heard about this was, "What about HIPAA? How can this be legal?"
Actually, because neither business is a medical provider, they fall through the cracks of HIPAA. They are providing a service to the consumer and have no affiliations with hospitals or doctors. So they can do things a doctor or hospital would not be able to do when it comes to your data. You might want to think about that before joining either of these services. But despite what looks like a service I would avoid at first glance, I would recommend either of these for someone who has medical conditions that require multiple specialists. My experience is that there usually isn't as much communication between doctors as you would expect. But they have to give you your records if you ask, and putting the records in a service like this means you can make sure every doctor has access to everything going on. These services don't remove control of your information from you, they give you control you've never before had of your healthcare. That is a good thing.
[Edited 7:40am to add to last paragraph]
Enter two companies not exactly renown for their respect of privacy: Microsoft and Google. Google Health and Microsoft's Healthvault allow you to put your medical records, prescriptions, shot records, etc online and share them with your pharmacy and various healthcare providers. This sounds like a really good idea. It makes your records readily available for new doctors and makes it easy for you to share with a trusted family member or friend. Here is a short examination of both services.
First we'll look at Google Health. From the page you go to on that link:
Take charge of your health information
It's safe, secure and free
* Organize your health information all in one place
* Gather your medical records from doctors, hospitals, and pharmacies
* Share your information securely with a family member, doctors or caregivers
Google stores your information securely and privately, but you always control how it's used. We will never sell your data. You are in control. You choose what you want to share and what you want to keep private. View our privacy policy to learn more.
The privacy policy looks pretty good, but under the "How Google uses your information" section, #3 states:
Google will use aggregate data to publish trend statistics and associations. For example, Google might publish trend data similar to what is published in Google Trends. None of this data can be used to personally identify an individual.
I don't like my data being shared even "in aggregate." It's supposed to just be information like "x number of persons making between 45,000 and 100,000 a year are members." But I'm paranoid, especially about my health data. That is data that can be very damaging in the wrong hands.
The "Sharing your information" section is encouraging. The first thing they do after telling you that you can share information, see a list of who you are sharing it with, and revoke the right of someone on the list to see your information is to warn you that they may still have a copy of it, even if they can't access it to get new information. Now if only people would actually read the policy it would save some headaches later.
One encouraging thing about Google's offering is that it complies with Safe Harbor guidelines. By the nature of their business Google is not the worlds biggest privacy watchdog, but they appear to understand the importance of privacy when it comes to health records.
Now for a look at Microsoft Healthvault:
HealthVault lets you …
* Organize your health information, with everything in one place
* Simplify your life: enter health info once, use it in many ways
* Gain insight with data that helps you make informed decisions
Microsoft Healthvault is HONCode and Truste certified. Health On the Net was founded in 1995 and "promotes and guides the deployment of useful and reliable online health information, and its appropriate and efficient use." You can verify Healthvaults certification here, but right now they are actually undergoing annual review. It comforts me that they are reviewed annually.
The Healthvault privacy policy is longer and wordier than Google Health's but says essentially the same thing. Your data will only be released in aggregate, except for the people you release your own info to.
The question that burned in my brain when I heard about this was, "What about HIPAA? How can this be legal?"
Actually, because neither business is a medical provider, they fall through the cracks of HIPAA. They are providing a service to the consumer and have no affiliations with hospitals or doctors. So they can do things a doctor or hospital would not be able to do when it comes to your data. You might want to think about that before joining either of these services. But despite what looks like a service I would avoid at first glance, I would recommend either of these for someone who has medical conditions that require multiple specialists. My experience is that there usually isn't as much communication between doctors as you would expect. But they have to give you your records if you ask, and putting the records in a service like this means you can make sure every doctor has access to everything going on. These services don't remove control of your information from you, they give you control you've never before had of your healthcare. That is a good thing.
[Edited 7:40am to add to last paragraph]
Subscribe to:
Posts (Atom)