Although unconfirmed as of yet, there seems to be some evidence that cyber attacks to the critical infrastructure of the US has occurred. Some hackers, probably from Russia hacked into a water-plant and sabotaged the system. The water-plant was not sufficiently protected, and I would imagine didn’t see themselves as a potential target.
This is the first of many to come.
I am often thinking how we don’t appreciate how critical our work is. There are many of us that secure critical infrastructures although we don’t see that we save lives, as a doctor or nurse example can. I remember a conversation I had with a colleague around 5 years ago, he wanted to move into the fire-service, because there he could make a difference. However, we each one of us make a difference where we are today, building and securing critical services and infrastructures of our respective countries. We don’t see how many lives we save or how many peoples lives we make a difference to because of our work. However, we do save lives and we do make a difference!
Seems identity fraud is on the up in the U.S., at least as regards to tax fraud. In 2008 there were 52,000 cases and in 2010 reported were 245,000 cases!
However a significant number was due to mistaken flagging of dead projects using social security numbers. Actual known victims of fraud are 56,000, but that is still a lot, and significant if you happen to be one of them.
What is interesting is how a person’s social security number is stolen, full list is here at blog reuters. The list includes dishonest employees with access to personal records, hacking, dumpster diving, etc.
In Sweden your personal ID is often handed out when you purchase something, or to get membership, whatever, it is used everywhere and this means that just about anyone can get hold of your ID number, which is not so complicated to work out either as includes your date of birth as first 6 digits. This in theory would make identity fraud easy in Sweden, although I haven’t seen much said about it yet. It could be that much is tightly tied in to a central authority, but normally I would have seen this as a core weakness.
Maybe I am missing something in the local news? Comments from my Swedish friends?
One of the biggest dilemmas with cloud services is that in theory it shouldn’t matter where your data is stored in the public cloud, just that it is secured appropriately, and only you get appropriate access and nobody else gets inappropriate access đ
But it’s much more complicated. Every country has its own laws about the transparency of data stored and accessibility from nosing government authorities. The real problems occur when there is a conflict of privacy laws between different countries. So you have personal data stored in a Google public cloud, your data could be stored physically anywhere in the world. And the fact that Google is a US company means requirement to comply with US law (e.g. USA Patriot Act) for the organisation worldwide, not forgetting the regional laws where the data is physically stored. This conflicts with EU privacy law whereby the rights of the data subject are preserved.
Google have been quoted as follows “As a law abiding company, we comply with valid legal process, and that – as for any US based company – means the data stored outside of the U.S. may be subject to lawful access by the U.S. government.” Taken from Softpedia.
This could be an interesting time for organisations to set-up clouds but only in a single country in an organisation that is registered in the hosting country. Otherwise, can you really trust the data-holding authority to protect your rights as an EU citizen for example? I know I can’t!
David S. Misell asked me to share the privacy issues of html5, and I thought that no better place to do this than by creating a post.
Html5 is really about these zoombie cookies, cookies that keep coming back from the dead, even after you’ve deleted them…. scarey or what?
According to Wikipedia “Zombie cookies were first documented at UC Berkeley, where it was noticed that cookies kept coming back after they were deleted over and over again. This was cited as a serious privacy breach. If you delete a cookie, it should remain deleted. Since most users are barely aware of these storage methods, it’s unlikely that users will ever delete all of them. From the Berkeley report, âfew websites disclose their use of Flash in privacy policies, and many companies using Flash are privacy certified by TRUSTe.
Ringleader Digital made an effort to keep a persistent user ID even when the user deleted cookies and their HTML5 databases (RLDGUID). The only way to opt out of the tracking was to use the company’s opt-out link which gives no confirmation.”
To read more techie stuff on how this annoying cookie is working go here where ars technia has written an insightful article on this.
Ringleader Digital claim on its privacy page that it only collects “non-personally identifiable information, such as browser identifiers, session information, device type, carrier provider, IP addresses, unique device ID, carrier user ID and web sites visited. Now the question is what happens when you link this information together?
Now according to the UK for example an IP address in isolation is not personal data under the Data Protection Act, according to the Information Commissioner. But an IP address can become personal data when combined with other information or when used to build a profile of an individual, even if that individual’s name is unknown.
And there is significant discussion on this around the world. In Seattle a Federal judge ruled that IP address is not personal information, however in the EU it is understood how easily an IP address can become an element of PII.
As to my personal opinion, it’s simple… I want visibility, i.e. if I delete a cookie on my PC or mobile device, I want it deleted. I don’t want a zoombie. It could be that I like the convenience of having a cookie there, but I want the choice to delete, and when deleted I don’t want any zoombies rooming around on my devices… my devices, yes, they are linked to my very person, and have become a part of my DNA..
Significant developments in workplace privacy law and policy in the US over the past year have left employers with a number of new obligations. Litigation in state and federal courts, state legislation and federal agency actions have all led to increased protections for employees, requiring employers to carefully consider and, as necessary, revise their workplace privacy policies and procedures.
I am not sure exactly which laws these are? Any links to relevant laws would be really appreciated!
Interesting article in Network World on the difference in attitudes concerning personal data on whether you are based in the US or over in the EU.
What’s new? Health records disposed of inappropriately in the U.S. Find more, including videos following the story at action3news
The Interactive Advertising Bureau and other advertising groups behind the industry’s self-regulatory privacy initiative are getting ready to officially launch a new trade organization. This means that you will see a special icon that consist of an i inside a triangle turned on its side to resemble a play button. In the past, Web companies tended to use privacy policies to notify people about tracking and behavioral targeting, but those policies have been criticized as lengthy and dense. Read more at Online Media Daily.
Unfortunately, nothing new! âJustâ another USB stolen in a school in Woodbridge, Virginia, USA. The content: personal information about students. What I couldnât understand was this phrase in a letter to parents from the Principal of Lake Ridge Middle School: âUnfortunately, it is difficult to prevent the loss of confidential data resulting from unanticipated criminal activity.â Well, fortunately, it is simpler than he thinks to protect confidential data: encryption! There are some free tools out there that every school principal, teacher and even student should know about, such as, TrueCrypt.