February 16 - 22, 2008

2,808 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,808
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

February 16 - 22, 2008

  1. 1. Privacy & Security News Brief February 16 – February 22, 2008 Vol. 1, No. 20 TABLE OF CONTENTS........................................................................................................................................................................................1........................................................................................................................................................................................1BIOMETRICS...............................................................................................................................................................4 First Nation Ojibway in Canada to Use Bio-ID Cards for Border-Crossing Control_______________________4DATA BREACH............................................................................................................................................................4 Personal data on 28,000 schoolchildren stolen ____________________________________________________4 Data Breaches: A Global Dilemma_____________________________________________________________4 Irish blood donor records stolen in New York_____________________________________________________4 A&M posted 3,000 peoples personal data_______________________________________________________4 Stolen hardware held DWP employees personal information________________________________________5 Ft. Lauderdale Dumpster Becomes A Treasure Trove______________________________________________5E-COMMERCE.............................................................................................................................................................5 LexisNexis Parent Set to Buy ChoicePoint ______________________________________________________5 HP Settles With Journalists Over Pretexting______________________________________________________5 Chinese hacker steals user information on 18 MILLION online shoppers at Auction.co.kr__________________5EDITORIALS & OPINION..........................................................................................................................................6 Privacy and Behavioral Targeting: How Much Data Is Too Much?____________________________________6 Chaotic Approach to Privacy Hurting US________________________________________________________6EDUCATION.................................................................................................................................................................6EMPLOYEE...................................................................................................................................................................6FINANCIAL..................................................................................................................................................................6GOVERNMENT – U.S. FEDERAL.............................................................................................................................6 Black Hat Conference: Experts Develop Cybersecurity Recommendations For Next President ______________6 Military Aims To Seal Leaky Networks_________________________________________________________6 ISP blunder exposes entire domains worth of e-mail to FBI_________________________________________7 Defense, GSA lead way on encryption technology_________________________________________________7GOVERNMENT – U.S. STATES.................................................................................................................................7HEALTH & MEDICAL................................................................................................................................................7 Google to store patients health records in test of new service________________________________________7 Health data storage sites might not be secure_____________________________________________________7 Privacy group sounds alarms over personal health records systems____________________________________7 Attacks on health care organizations up 85 percent_________________________________________________8IDENTITY THEFT.......................................................................................................................................................8 Be concerned over financial privacy issue [Arizona]_______________________________________________8 The web is less risky than phone or mail for identity theft, survey finds________________________________8
  2. 2. INTERNATIONAL........................................................................................................................................................8 AFRICA.....................................................................................................................................................................8 SOUTH AFRICA___________________________________________________________________________8 Data privacy Bill in suspended animation _______________________________________________________8 ASIA/PACIFIC.........................................................................................................................................................9 AUSTRALIA______________________________________________________________________________9 Polices CCTV plan violates privacy rights______________________________________________________9 War on music piracy________________________________________________________________________9 Australian businesses may be forced to publicly admit data breaches__________________________________9 NEW ZEALAND___________________________________________________________________________9 Privacy of national registers questioned_________________________________________________________9 EUROPE....................................................................................................................................................................9 EUROPEAN UNION_______________________________________________________________________9 EU regulators skeptical on Microsofts plan to share technology______________________________________9 BULGARIA______________________________________________________________________________10 Co-Ruling Party Opposes Data-Retention Regulation_____________________________________________10 LIECHTENSTEIN_________________________________________________________________________10 Liechtenstein details stronger privacy rules______________________________________________________10 UNITED KINGDOM______________________________________________________________________10 ISPs could face piracy sanctions______________________________________________________________10 MIDDLE EAST.......................................................................................................................................................10 NORTH AMERICA...............................................................................................................................................10 SOUTH AMERICA................................................................................................................................................10LEGISLATION – FEDERAL.....................................................................................................................................10 Bush says nation in more danger because Congress hasnt extended spy law ___________________________10 Privacy: Less and less is the trend_____________________________________________________________11 White House objects to plan for .gov P2P security________________________________________________11LEGISLATION – STATE...........................................................................................................................................11 ALASKA________________________________________________________________________________11 Prescription drug database proposed: Bill sponsored raises concerns over personal privacy _______________11 CONNECTICUT__________________________________________________________________________11 Board Hears Report on Plans for E-Waste at Transfer Station_______________________________________11 KENTUCKY_____________________________________________________________________________11 Proposed Law Would Protect Kentuckians From Identity Theft______________________________________11 WASHINGTON__________________________________________________________________________12 Washington State House Gives Nod to Privacy Bill ______________________________________________12LITIGATION & ENFORCEMENT ACTIONS.........................................................................................................12 Experian Sues LifeLock, Alleges Fraud________________________________________________________12 Privacy case is rejected by court: U.S. wiretapping battle now over___________________________________12 Whistle-blower site taken offline _____________________________________________________________12MOBILE/WI-FI...........................................................................................................................................................12 Privacy and Mobile Technologies: What are the risks - Part II_______________________________________12 Most Mobile Users Dont Know if They Have Security____________________________________________13ODDS & ENDS............................................................................................................................................................13 Internet-Law Expert Weighs House Race _______________________________________________________13 Did Google steal the Sky for its Earth?_________________________________________________________13 Invisible dots left by printers breach privacy____________________________________________________13 Public-Safety Interoperability and Digital Cities: What Are the Requirements?_________________________13ONLINE ......................................................................................................................................................................14 2
  3. 3. College Web site posts sex gossip, hate, rumor___________________________________________________14 One Friend Facebook Hasn’t Made Yet: Privacy Rights ___________________________________________14 Write to Privacy___________________________________________________________________________14 Personal Computing: The Internet, These Days__________________________________________________14 Web Browsing, Search, And Online Ads Grow More Risky, Google Says_____________________________14RFID.............................................................................................................................................................................15 EU "smart chip" guidelines aim to protect privacy________________________________________________15SECURITY...................................................................................................................................................................15 Researchers Find Way to Steal Encrypted Data __________________________________________________15 Research Says Best Info Security Requires Managed Security Services_______________________________15 Securing cyberspace among top technological challenges of 21st century, panel says_____________________15 The Future of Encryption____________________________________________________________________15 Replicating virtual servers vulnerable to attack___________________________________________________16 Governance: A Holistic Approach_____________________________________________________________16 Executives Reveal Their Top IT Problems in Global IT Governance Survey ___________________________16 SAFECode on software assurance_____________________________________________________________16 Canadian IT pros see few security best practices_________________________________________________16 Identity Access Management to See Better Integration_____________________________________________17 DNS Inventor Warns of Next Big Threat _______________________________________________________17 Mapping out Web apps attacks _______________________________________________________________17 Powerful new antiphishing weapon DKIM emerges_______________________________________________17 The world of spyware evolves________________________________________________________________17SEMINARS..................................................................................................................................................................18PAPERS.......................................................................................................................................................................18 Enterprise@Risk: 2007 Privacy & Data Protection Survey_________________________________________18 The Future of Reputation: Gossip, Rumor, and Privacy on the Internet________________________________18 Ponemon Institute: 2008 National Survey on Access Governance____________________________________18 Wireless Security: Past, Present and Future_____________________________________________________18 3
  4. 4. ARTICLE SUMMARIES AND LINKSBIOMETRICSFirst Nation Ojibway in Canada to Use Bio-ID Cards for Border-Crossing ControlThe Garden River First Nation (an Ojibway Tribe of North American Indians), headquartered at the easternboundary of the city of Sault Sainte Marie, Ontario, Canada, has signed an agreement to license and use Veritecs 2-D VSCode Biometric technology for multi-purpose cards which will serve as Tribal Member ID, Border-crossing(from and to Ontario, Canada) control and passport-backup ID cards. The technology stores the individualsfingerprint minutiae in the 2-D VSCode, which is robust, compact and low cost.http://www.govtech.com/gt/articles/264268?utm_source=newsletter&utm_medium=email&utm_campaign=DC_2008_2_19(Government Technology – 2/15/08)DATA BREACHPersonal data on 28,000 schoolchildren stolenA laptop computer holding a database with personal information on thousands of Newfoundland schoolchildren wasamong several stolen during a robbery, school officials said Thursday. The database — with information on 28,000students, most in the St. Johns area — includes names, addresses, medicare numbers, phone numbers and the namesof guardians, the Eastern School District board said. The four laptops were stolen from the districts offices inAtlantic Place, an office complex in downtown St. Johns. The robbery occurred Sunday, but was not reported to thepublic for four days.http://www.cbc.ca/canada/newfoundland-labrador/story/2008/02/21/student-breach.html(CBC News Canada – 2/21/08)Data Breaches: A Global DilemmaWhile reporting laws and an insatiable appetite by U.S. consumers for privacy-related news keep data breaches inthis country on many peoples radar, its not just a problem in America. Recent widely reported data breaches in theU.K. and Canada highlight the global nature of the problem. In late November, the British government admitted tothe loss of computer disks containing detailed personal information on 25 million of the countrys citizens as well asan unknown number of bank account identifiers. Some analysts described this incident in published reports aspotentially the most significant privacy breach of the digital age.http://business.newsfactor.com/story.xhtml?story_id=10300AJYQAV8(NewsFactor Business Report – 2/19/08)Irish blood donor records stolen in New YorkA computer containing over 171,000 confidential blood donor records and other files from the Irish BloodTransfusion Service has been stolen. The data, which the Blood Service says was securly encryped, was given to theNew York Blood centre in December on a computer disk. It was part of a software upgrading programme for theIrish Service. The laptop with the disk was stolen on 7 February when a member of the New York Blood Centre wasmugged outside his home.http://www.rte.ie/news/2008/0219/blood.html(RTE News – 2/19/08)A&M posted 3,000 peoples personal dataA computer file containing the names and Social Security numbers of 3,000 current and former Texas A&MUniversity agricultural employees was inadvertently posted online and accessible to the public for three weeks.Texas A&M administrators said the personal information could not be directly viewed on Web pages, but wasobtainable through sophisticated software designed to search databases and hijack such information.http://www.theeagle.com/local/A-amp-amp-M-posted-3-000-people-s-personal-data(Bryan-College Station, TX Eagle – 2/16/08) 4
  5. 5. Stolen hardware held DWP employees personal informationComputer equipment containing the private financial data of every employee of the Los Angeles Department ofWater and Power was stolen earlier this week, prompting the utility to pay for a credit monitoring service for each ofits 8,275 workers. DWP General Manager H. David Nahai sent employees an e-mail and an interoffice memoWednesday informing them that computer equipment containing each workers name, date of birth, Social Securitynumber, employee identification number and deferred compensation balance was stolen from a private DWPcontractor.http://www.latimes.com/news/local/los_angeles_metro/la-me-dwp16feb16,1,4402707.story?ctrack=1&cset=true(Los Angeles Times – 2/16/08)Ft. Lauderdale Dumpster Becomes A Treasure TroveIn the information age, theft has clearly taken on a new meaning, with the possession of personal info, credit cards,and social security numbers as the key for many high tech crooks to strike it rich. One Ft. Lauderdale dumpsterproved to be a treasure trove of documents with such information--readily available for anyone who passed by--sothe police are investigating. Outside a University of Phoenix Building in Ft. Lauderdale, files and paperworkbelonging to the defunct First Magnus Financial at 550 West Cypress Creek Road were just lying inside stackedboxes inside an industrial garbage container, available for anyone to peek at. The paperwork contains some of themost sensitive information a consumer could posses: Social Security numbers, credit card information, addresses,properties, etc.http://cbs4.com/local/Ft.Lauderdale.Trash.2.655638.html(CBS4 Ft. Lauderdale, FL – 2/15/08)E-COMMERCELexisNexis Parent Set to Buy ChoicePointPublishing company Reed Elsevier, owner of the LexisNexis Group, is seeking to acquire commercial data brokerChoicePoint in a $4.1 billion cash deal that would create a global information-gathering powerhouse that wouldcollect and analyze billions of records about who people are, where they live and with whom, and what they own.With customers including government agencies, insurance companies, banks, rental apartments, corporate personneloffices and private investigators, the combined companys reach would extend from national security offices to theliving rooms of ordinary Americans. Both companies have played key roles in law enforcement, homeland securityand intelligence. Both have also had identity-theft and security problems.http://www.washingtonpost.com/wp-dyn/content/article/2008/02/21/AR2008022100809.html(Washington Post – 2/22/08)HP Settles With Journalists Over PretextingHP (Hewlett-Packard) on Wednesday reached a financial settlement with the New York Times and four reporterswho were spied upon as part of a scandal dating back to 2006 that brought about the downfall of the companyschairwoman, Patricia C. Dunn, along with several high-ranking executives. The reporters were BusinessWeeksPeter Burrows, Ben Elgin and Roger Crockett, along with the Timess John Markoff, on whose behalf a claim waspursued by the Times itself. The dispute was settled privately, without any lawsuit. None of the parties involveddisclosed the amount of the settlement.http://www.ecommercetimes.com/story/HP-Settles-With-Journalists-Over-Pretexting-61686.html?welcome=1203331507&welcome=1203701834(E-Commerce Times – 2/14/08)Chinese hacker steals user information on 18 MILLION online shoppers at Auction.co.krA Korean e-commerce site was hacked and a staggering number of record, 18 million, where stolen. In the US thiswould be front news. We dont know if it was front news in Korea, but did not get to the international media. Theattack description is vague but can be best described as session hijacking. This incident is a great example of thelack of sufficient international coverage at WHID. Help us by sending us non English incidents! After all, it is notEnglish speakers only that get hacked, but rather us, the WHID maintainers that speak only this language.http://www.webappsec.org/projects/whid/byid_id_2008-10.shtml(Web Application Security Consortium – 2/12/08) 5
  6. 6. EDITORIALS & OPINIONPrivacy and Behavioral Targeting: How Much Data Is Too Much?I grew up in the direct response industry, where everything can be tracked and measured. Behavioral targeting is anold concept: list segmentation and databases, and predictive modeling had that down decades ago. With the onset ofbehavioral targeting online, the concept takes on new meaning. Consumers feel that Big Brother is looming as thetechnology become more sophisticated. ISPs are among those jumping into the fray, truly testing whether tracking aconsumers behavior will be accepted.http://www.clickz.com/showPage.html?page=3628481(clickz.com – 2/20/08)Chaotic Approach to Privacy Hurting USThe US is badly lagging the rest of the world on privacy legislation and apparently doesnt care. This lack of interestin meeting international privacy standards is starting to hurt the US and could hurt the country even more down thetrack. Canada is already reluctant to export data to the United States for processing in some circumstances, notes USprivacy expert Robert Gellman, prompted in part by fears that the draconian USA PATRIOT Act (which givesintelligence officers unprecedented surveillance powers) will comprise the privacy of Canadian citizens.http://www.csoonline.com.au/index.php/id;1898404411;fp;16;fpid;1(CSO Online – 6/07)EDUCATIONEMPLOYEEFINANCIALGOVERNMENT – U.S. FEDERALBlack Hat Conference: Experts Develop Cybersecurity Recommendations For NextPresidentA group of 40 former and current government cybersecurity experts has convened to put together a series ofcybersecurity recommendations for the next U.S. president, members of the think-tank-sponsored CyberCommission for the 44th President said Wednesday at the Black Hat security conference in Washington, D.C. "Thisis no longer a boutique issue," said James Lewis, director of the technology and public policy program for theCenter for Strategic and International Studies. "It has to be a part of the thinking about national security from thispoint on. This is one of the central issues for national security and we want to make sure it doesnt go away."http://www.informationweek.com/security/showArticle.jhtml?articleID=206800855&cid=RSSfeed_TechWeb(Information Week – 2/20/08)Military Aims To Seal Leaky NetworksThe U.S. Navy got a grim lesson in information security in October 2000, when a bomb ripped through the side ofthe USS Cole, killing 17 sailors. "Somebody knew somehow that the ship was going to be there," said Jim Granger,technical director for the U.S. Navys Cyber Defense Operations Command. While the incident wasnt tied to anysort of network security breach, it did highlight the importance of keeping data out of the wrong hands. To helpminimize future leaks, military and academic researchers are looking for ways to better secure networks, includingtechniques for understanding the thought processes of network intruders.http://www.investors.com/editorial/IBDArticles.asp?artsec=17&artnum=3&issue=20080219(Investors.com – 2/19/08) 6
  7. 7. ISP blunder exposes entire domains worth of e-mail to FBIA classified report written by the Office of the Inspector General (OIG) that was obtained by the Electronic FrontierFoundation (EFF) through a Freedom of Information Act (FOIA) lawsuit reveals that an unnamed Internet serviceprovider gave federal law enforcement agents access to e-mail records for an entire domain even though the ForeignIntelligence Surveillance Court had only authorized surveillance of a single address from the domain. Thedocument, which has been published by the EFF, indicates that the incident resulted from miscommunication. TheFBI discovered the ISPs negligence when the agencys Engineering Research Facility detected a surge in datacollection.http://arstechnica.com/news.ars/post/20080218-isp-blunder-exposes-entire-domains-worth-of-e-mail-to-fbi.html(ArsTechnica – 2/15/08)Defense, GSA lead way on encryption technologyThe federal government is embracing new forms of encryption technology to safeguard private and other sensitiveinformation stored on laptops and thumb drives. The Defense Department and General Services Administration onTuesday announced a partnership to purchase the latest in data-at-rest technology to address the agencies dataencryption needs. According to a press release, the Data-At-Rest Tiger Team (DARTT) was able to secure $73million in data-at-rest products for only $15 million. Data-at-rest refers to information that has been downloaded andis sitting statically on devices like thumb drives, BlackBerrys and laptops not connected to the network.http://govexec.com/dailyfed/0208/021408n1.htm(Government Executive – 2/14/08)GOVERNMENT – U.S. STATESHEALTH & MEDICALGoogle to store patients health records in test of new serviceGoogle Inc. will begin storing the medical records of a few thousand people as it tests a long-awaited health servicethats likely to raise more concerns about the volume of sensitive information entrusted to the Internet search leader.The pilot project to be announced Thursday will involve 1,500 to 10,000 patients at the Cleveland Clinic whovolunteered to an electronic transfer of their personal health records so they can be retrieved through Googles newservice, which wont be open to the general public.http://www.siliconvalley.com/news/ci_8323969(Silicon Valley – 2/21/08)Health data storage sites might not be secureThe World Privacy Forum is warning consumers about the potential pitfalls of using newly popular services thatconsolidate personal health records - especially when theyre kept by companies that are not subject to currentfederal regulations on privacy and security. "Consumers need to know that not all (vendors) protect privacy in thesame way," said Pam Dixon, executive director of the San Diego nonprofit group, which is issuing its report today.http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/02/20/BU9UV5405.DTL&type=tech(San Francisco Chronicle – 2/20/08)Privacy group sounds alarms over personal health records systemsIn some cases, people whose health care information is stored in online personal health records (PHR) systems maybe exposed to serious data privacy risks, according to a warning issued by a privacy advocacy group. Thats becausenot all PHR systems are covered by the federal Health Insurance Portability and Accountability Act, the WorldPrivacy Forum said in a 16-page report released today. The WPF contended that as a result, many of the privacyprotections offered under the HIPAA statute dont apply to the personal health care data being maintained in suchsystems. 7
  8. 8. http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=legislation_regulation&articleId=9063718&taxonomyId=70&intsrc=kc_top (Computer World – 2/20/08)Attacks on health care organizations up 85 percentAttempted cyberattacks on health care organizations have increased 85 percent in the past year, according toSecureWorks, a software-as-a-service vendor. The companys health care clients have been targeted 20,630 timesper day during the second half of 2007 and January of this year, a significant increase over the average rate of11,146 times per client per day during the first half of 2007, according to a recent release.http://www.scmagazineus.com/Attacks-on-health-care-organizations-up-85-percent/article/105312/(SC Magazine – 2/14/08)IDENTITY THEFTBe concerned over financial privacy issue [Arizona]Whats the value of your financial privacy? You know, things like your checking account and banking records. Formost of us, the less others know, the better. Thats why it comes as such a surprise that Arizona rates near the bottomof states when it comes to protecting such privacy. According to the Federal Trade Commission, Arizona is the No.1 state for identity theft. And a private research firm reports that the identity of one in six Arizona adults was stolenin the past five years. So, it was a good first step when the Arizona Legislature passed legislation in 2007 to limit therelease of personal information available in public records. This legislation protected against sensitive informationlike Social Security numbers being released by government bodies. However, its not just identity thieves Arizonansshould be worried about. Government employees are legally allowed to access the personal financial records ofcitizens. Most states protect against potential abuse of this law, but Arizona does not.http://www.azcentral.com/arizonarepublic/viewpoints/articles/0217vip-barr0217.html(AZCentral.com – 2/17/08)The web is less risky than phone or mail for identity theft, survey findsDespite media hype about Internet security, traditional communications channels pose the biggest risk of theft ofpersonal and financial information, according to the 2008 Identity Fraud Survey report from Javelin Strategy andResearch. Online access—including online purchases and transactions at 2%, phishing at 4% and computer viruses,spyware and PC hackers at 8%—together were the source of 14% of cases of identity fraud among fraud victimswho knew how their information had been obtained, according to Javelin’s annual survey.http://www.internetretailer.com/dailyNews.asp?id=25389(InternetRetailer.com – 2/14/08)INTERNATIONALAFRICASOUTH AFRICAData privacy Bill in suspended animationGovernment is making haste slowly to enact the Protection of Personal Information Bill that will fundamentally alterthe way companies handle data related to clients and staff. Once law, the legislation will help protect people fromcriminals by holding companies and individuals, who fail to take adequate steps to protect other peoples privateinformation, legally liable. In terms of the proposed law, companies, for example, will be required to notify allcustomers affected by security breaches that could result in identity theft. Offenders could face up to 10 years inprison, as well as fines and punitive damages.http://www.itweb.co.za/sections/business/2008/0802201052.asp?O=FPTOP&S=Legal%20View&A=LEG(ITWeb – 2/20/08) 8
  9. 9. ASIA/PACIFICAUSTRALIAPolices CCTV plan violates privacy rightsA plan by police to access footage from tens of thousands of closed circuit television (CCTV) cameras violates basicrights to privacy, a human rights group says. NSW (New South Wales) Police launched a state-wide register today,calling for large and small businesses with CCTV cameras to provide their details for the program. Butspokesperson for Civil Liberties Australia, Max Jeganathan, said while rights of privacy will always conflict withcertain law enforcement objectives the plan had all the hallmarks of a "police state".http://news.ninemsn.com.au/article.aspx?id=381118(National Nine News (Australia) – 2/18/08)War on music piracyAs the internet threatens to kill the established music industry, the Rudd Government is considering a three-strikespolicy against computer users who download songs illegally. The Government will examine new legislativeproposals being unveiled in Britain this week to target people who download films and music illegally. Internetservice providers (ISPs) there might be legally required to take action against users who access pirated material. Themusic industry estimates 1 billion songs were traded illegally by Australians last year.http://www.smh.com.au/news/technology/rudd-to-tackle-illegal-music-downloaders/2008/02/16/1202760662778.html(Sydney Morning Herald – 2/17/08)Australian businesses may be forced to publicly admit data breachesAustralia’s Privacy Commissioner would be given new powers to enforce the mandatory reporting of data breachesunder proposed amendments to the Privacy Act. Under the proposed changes, Australian businesses will be forcedto publicly detail data breaches. The Australian Law Reform Commission (ALRC) has submitted recommendationsto reform the Privacy Act in an 800 page discussion paper with 301 proposals. The reforms will likely give thePrivacy Commissioner new powers to amend legislation to facilitate emerging technologies including biometrics,data warehousing of customer information and high profile breaches of sensitive data.http://www.itworldcanada.com/a/News/2a75ef4d-25ef-4941-8e52-d9000e2f286d.html(Computerworld Australia – 2/14/08)NEW ZEALANDPrivacy of national registers questionedThe Law Commission wants a year long review of all public registers in the country to ensure they protect privacy.It wants over a hundred public lists looked at, including rates databases, dog , transport and company registers,electoral rolls, and births, deaths and marriages. Law Commission president Sir Geoffrey Palmer says such registersneed to be open to the public for all sorts of reasons, from tracing fraudulent company directors to locating aqualified plumber. But he says the information they contain needs to be protected so it cannot be used for moredubious purposes, such as identity theft or harassing people.http://www.newstalkzb.co.nz/newsdetail1.asp?storyID=132558(News Talk ZB – 2/19/08)EUROPEEUROPEAN UNIONEU regulators skeptical on Microsofts plan to share technologyEuropean Union regulators are expressing skepticism over Microsofts latest offer to share more information aboutits products and technology. The EU said in a statement Thursday it has seen four other similar statements in thepast from the worlds largest software maker. Earlier Thursday, Microsoft announced it will be publishing technicalinformation about its products to ensure interoperability with rivals offerings. It wont make software developersobtain a license or pay royalties or other fees.http://www.siliconvalley.com/news/ci_8325169(Silicon Valley – 2/21/08 9
  10. 10. BULGARIACo-Ruling Party Opposes Data-Retention RegulationThe regulation from the Interior Ministry and the State Agency for Information Technologies and Communications(SAITC), which implements the EU data-retention directive, was unconstitutional and should at the very least bechanged, if not scrapped all together, Dnevnik daily quoted unnamed members of Parliament (MPs) of NationalMovement for Stability and Progress (NMSP) as saying. NMSP MPs were not planning to file a complaint with theSupreme Administrative Court (SAC) yet, wanting to hear first Interior Minister Roumen Petkov and SAITC headPlamen Vachkov. The regulation would not come into force until next year anyway, so there would be enough timeto appeal and if no one else filed a complaint, the NMSP would, MPs said.http://www.sofiaecho.com/article/co-ruling-party-opposes-data-retention-regulation/id_27563/catid_66(Sofia, Bulgaria Echo – 2/15/08)LIECHTENSTEINLiechtenstein details stronger privacy rulesThe government of Liechtenstein on Wednesday detailed plans to strengthen privacy guarantees for the investmentvehicles at the center of a tax evasion scandal in Germany, a move that might prevent this tiny Alpine country fromexiting a short black-list of international tax havens. The proposal, which will be submitted to Parliament aftergovernment approval, was aimed at clarifying the sometimes murky regulations governing Liechtenstein-basedfoundations, which are similar to trusts in the English-speaking world. Foundations established for charitablepurposes would be separated from those set up by families as a way to preserve inherited fortunes, for example, thegovernment said.http://www.iht.com/articles/2008/02/21/business/21privacy.php(International Herald Tribune – 2/21/08)UNITED KINGDOMISPs could face piracy sanctionsInternet service providers must take concrete steps to curb illegal downloads or face legal sanctions, the governmenthas said. The proposal is aimed at tackling the estimated 6m UK broadband users who download files illegallyevery year. The culture secretary said consultation would begin in spring and legislation could be implemented "byApril 2009".http://news.bbc.co.uk/2/hi/technology/7258437.stm(BBC – 2/22/08)MIDDLE EASTNORTH AMERICASOUTH AMERICALEGISLATION – FEDERALBush says nation in more danger because Congress hasnt extended spy lawWith a government eavesdropping law about to expire, Washington is awash in accusations over whos to blame.President Bush said Friday that "our country is in more danger of an attack" because of Congress failure to adopt aSenate bill that would have renewed a law that made it easier for the government to spy on foreign phone calls ande-mails that pass through the United States. That bill also would have shielded from lawsuits telecommunicationscompanies that helped the government wiretap U.S. computer and phone lines after the Sept. 11 terrorist attackswithout clearance from a secret court that was established specifically to oversee such activities. In its competingversion of the legislation, the House intentionally left out that feature.http://www.siliconvalley.com/news/ci_8274090?nclick_check=1(SiliconValley.com – 2/15/08) 10
  11. 11. Privacy: Less and less is the trendAs part of a broader surveillance bill, the Senate has approved a bill that would give phone companies broadimmunity in turning over customer information to the government. It also would give them immunity from liabilityif they participated in wiretapping during the past five years. All the government would have to do is ask. Nowarrants, no judicial oversight. Anyone with a dial tone or a handset could be a target. This is all being done in thename of national security.http://www.chron.com/disp/story.mpl/business/steffy/5546747.html(Houston Chronicle – 2/15/08)White House objects to plan for .gov P2P securityThe Bush administration on Thursday questioned a proposed law that would force federal agencies to developspecific plans for guarding government computers and networks against "risks" posed by peer-to-peer file sharing.The Democratic-sponsored bill, called the Federal Agency Data Protection Act, contains a section asking federalagencies to report to Congress what "technological" (e.g., software and hardware) and "nontechnological" methods(such as employee polices and user training) they would employ to ensure peer-to-peer file-sharing programs do notharm the security of government systems.http://www.news.com/8301-10784_3-9872366-7.html(CNet News – 2/14/08)LEGISLATION – STATEALASKAPrescription drug database proposed: Bill sponsored raises concerns over personal privacyA measure now before the Alaska Senate would authorize the Board of Pharmacy to create and keep a detailedrecord of which Alaskans are using prescription drugs. Senate Bill 196, sponsored by Senate President Lyda Greenand a bipartisan group of lawmakers, seeks to establish a controlled substance prescription database in the pharmacyboard that would include a record of every prescription written in the state for medicines controlled under state andfederal law. It could be ready for a floor vote Monday.http://www.peninsulaclarion.com/stories/021708/news_4277.shtml(Peninsula Clarion – 2/17/08)CONNECTICUTBoard Hears Report on Plans for E-Waste at Transfer StationSelectman Tom ONeil presented information to the board on electronic waste. He said he attended a meeting withthe Connecticut Council of Municipalities. Mr. ONeil explained that e-waste must be locked at the transfer stationto prevent the possibility of identify theft. While e-waste is at the transfer station, the town is responsible for itsprotection. Once the e-waste is picked up by a company, that company is then responsible for erasing any personaldata from computer systems, Mr. ONeil said.http://www.zwire.com/site/news.cfm?newsid=19301110&BRD=1380&PAG=461&dept_id=157533&rfi=6(zwire.com – 2/15/08)KENTUCKYProposed Law Would Protect Kentuckians From Identity TheftAttorney General Jack Conway and Representative Robin Webb of Grayson filed legislation Friday that will helpprotect the identities of Kentuckians and update laws to keep pace with changes in technology. The bill iscosponsored by Rep. Jim Glenn of Owensboro and Rep. John Vincent of Ashland. The law will require businessesto notify residents if their personal information, such as a bank-account number or social-security number, has beencompromised by improper disposal of paper records or an online security breach. Businesses must take reasonablesteps to protect and properly dispose of personal information. If information is compromised, businesses could becivilly liable for losses incurred by consumers. House Bill 553 will also require businesses to keep Social Securitynumbers hidden in mailings, remove as identification numbers on benefit cards and require security measures forwebsites where consumers enter their Social Security numbers.http://www.wkyt.com/news/headlines/15667617.html (WKYT – 2/15/08) 11
  12. 12. WASHINGTONWashington State House Gives Nod to Privacy BillThe states house of representatives approved a bill that would make RFID "skimming" a felony and prohibitcapturing data from an RFID tag in an identity card without the cardholders permission. A revised version oflegislation intended to protect the privacy of individuals using RFID tags with "unique personal identifier numbers"passed the Washington State House of Representatives on Wednesday. House Bill (HB) 1031—intended to limitcollection of personal information from an RFID tag without the tag holders knowledge or consent—passed with 69to 27 votes.http://www.rfidjournal.com/article/articleview/3928/1/1/ (RFID Journal – 2/15/08)LITIGATION & ENFORCEMENT ACTIONSExperian Sues LifeLock, Alleges FraudCredit bureau Experian is suing the identity theft prevention firm LifeLock, accusing it of deception and fraud in itsfamiliar advertising campaign, which includes a spot in which CEO Todd Davis reveals his Social Security numberand then brags about the effectiveness of the company’s protections. In the lawsuit, filed in U.S. District Court onFeb. 13, Experian contends that LifeLocks advertising is misleading and that the firm is breaking federal law in theway it goes about protecting consumers. Lifelock CEO Davis, in an interview with msnbc.com on Wednesday,called the lawsuit baseless and said that Experian is simply upset that his firm is challenging its business model.http://redtape.msnbc.com/2008/02/experian-sues-l.html(MSNBC – 2/20/08)Privacy case is rejected by court: U.S. wiretapping battle now overIn a blow to civil rights advocates, the U.S. Supreme Court declined Tuesday to review a landmark case originatingin Detroit that challenged the Bush administrations domestic surveillance program. The decision was a victory forthe White House but a setback for privacy activists who thought the governments wiretapping efforts violated theU.S. Constitution. The courts ruling brought to an end two years of battles over what was the first legal challenge tothe U.S. governments warrantless surveillance program.http://www.freep.com/apps/pbcs.dll/article?AID=/20080220/NEWS05/802200302(Free Press – 2/20/08)Whistle-blower site taken offlineA controversial website that allows whistle-blowers to anonymously post government and corporate documents hasbeen taken offline in the US. Wikileaks.org, as it is known, was cut off from the internet following a California courtruling, the site says. The case was brought by a Swiss bank after "several hundred" documents were posted about itsoffshore activities. Other versions of the pages, hosted in countries such as Belgium and India, can still be accessed.However, the main site was taken offline after the court ordered that Dynadot, which controls the sites domainname, should remove all traces of wikileaks from its servers.http://news.bbc.co.uk/2/hi/technology/7250916.stm(BBC – 2/18/08)Also see: • Privacy, civil rights advocates castigate Wikileaks ruling http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9063478 (ComputerWorld – 2/20/08)MOBILE/WI-FIPrivacy and Mobile Technologies: What are the risks - Part IIIn the second part of his series, Tom Riley focuses on the concept of privacy, the legal framework of privacy andindividuals and highlights some of the key issues of concern as well as how citizens fears could be addressed.http://www.egovmonitor.com/node/17209(eGovmonitor – 2/18/08) 12
  13. 13. Most Mobile Users Dont Know if They Have SecuritySecurity vendor McAfee released results of a survey of mobile users focused on their awareness and concernsrelated to security threats, which showed more than three quarters of respondents dont have any security at all. Thesurvey was conducted on McAfees behalf by analysis firm Datamonitor and released this week. Respondents werespread evenly between the U.S. the U.K. and Japan. It found 79 percent of mobile device users dont use anyantivirus or other security software on their devices at all while 15 percent said they were unsure if their device hadsecurity software.http://www.internetnews.com/security/article.php/3728001/Most+Mobile+Users+Dont+Know+if+They+Have+Security.htm(Internet News – 2/13/08)ODDS & ENDSInternet-Law Expert Weighs House RaceLawrence Lessig, a Stanford University professor who studies the intersection of law and the Internet, said he isconsidering a run for an open congressional seat in the San Francisco area. Internet experts said Mr. Lessigscandidacy could have impact beyond the Bay area, both from his potential to become a strong advocate on CapitolHill for Web commerce as well as his blogging to make the political process more accessible to voters.http://online.wsj.com/article/SB120354879337281243.html(Wall Street Journal – 2/21/08)Did Google steal the Sky for its Earth?A former Google contractor is suing the company for allegedly stealing from him the idea for the Sky layer inGoogle Earth. The lawsuit filed this week in federal district court in Atlanta seeks punitive damages of US$25million from Google. Jonathan Cobb claims in his suit that he disclosed the idea for a Google Sky idea in internal e-mail discussion groups when he worked at Google as a contractor beginning in 2006. The Google Earth Sky layer,when it launched in August 2007, was similar in interface and functionality to what he had conceptualised, Cobbclaims.http://www.builderau.com.au/news/soa/Did-Google-steal-the-Sky-for-its-Earth-/0,339028227,339286056,00.htm(CNet News – 2/19/08)Invisible dots left by printers breach privacyEuropean Union justice watchdogs are concerned that "Big Brother" computer printer technology that allowssecurity agencies to track printed documents might breach privacy laws. Most consumers are unaware that manypopular colour laser printers, including those made by Brother, Cannon, Xerox and HP, embed almost invisibletracking dots onto documents, uniquely identifying the machine that printed them. Franco Frattini, EuropeanCommissioner for Justice and Security, has launched an investigation after receiving official complaints from Euro-MPs.http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2008/02/18/wpriv118.xml(UK Telegraph – 2/19/08)Public-Safety Interoperability and Digital Cities: What Are the Requirements?The inaugural Public-Safety Interoperability Roundtable at the 15th W2i Digital Cities Convention in Washington,DC, (December 11-12, 2007) provided an early view onto emerging policy requirements for interoperable public-safety networks. Ken Boley, Director of Wireless and Public Safety Programs in the Office of the District ofColumbias CTO, moderated the Roundtable. He kicked off the discussion with an update of the National CapitalRegions efforts.http://www.govtech.com/gt/articles/262179?utm_source=newsletter&utm_medium=email&utm_campaign=DC_2008_2_19(Government Technology – 2/11/08) 13
  14. 14. ONLINECollege Web site posts sex gossip, hate, rumorJuicyCampus endless threads of anonymous innuendo have been a popular Web destination on the seven collegecampuses where the site launched last fall, including Duke, UCLA and Loyola Marymount. It recently expanded to50 more, and many of the postings show theyve been viewed hundreds and even thousands of times.ButJuicyCampus has proved so poisonous there are signs of a backlash. In campus debates over Internet freedom,students normally take the side of openness and access. This time, however, student leaders, newspaper editorialsand posters on the site are fighting back -- with some even asking administrators to ban JuicyCampus. Its a kind ofplea to save the students, or at least their reputations, from themselves.http://www.cnn.com/2008/TECH/02/18/juicy.website.ap/index.html(CNN – 2/18/08)One Friend Facebook Hasn’t Made Yet: Privacy RightsA co-worker apologized to me recently for being slow on a task. “It’s probably just your insomnia from last night,” Isaid. She was confused about how I knew, but I reminded her we were Facebook friends, and that she had posted a“status update” about her sleeplessness. It’s a common phenomenon: people “friending” work colleagues onFacebook and then discovering that — as Seinfeld’s George Costanza would melodramatically put it — “worldscollide.” I gained all sorts of insights into another young co-worker when her college friends left reminiscence-filledbirthday wishes on her Facebook “wall.”http://www.nytimes.com/2008/02/18/opinion/18mon4.html?_r=1&ref=opinion&oref=slogin(New York Times – 2/18/08)Write to PrivacyThe author of "The Princess Diaries" has teamed up with the American Library Association to hold events across thecountry for young people who want to learn more about airing their thoughts in writing the traditional way: with apen. The lack of privacy among teenagers online is a growing area of concern, and experts say theres a fine linebetween healthy expression and TMI (too much information). They say posting thoughts online can leave teensoverexposed to potential bullies, college admissions officers, predators - or just offended friends and loved ones.http://www.gadsdentimes.com/article/20080217/NEWS/802170301/1016/NEWS(Associated Press – 2/17/08)Personal Computing: The Internet, These DaysThe latest round of statistics about the Internet presents an intriguing picture about how this international medium isevolving. Some of the stats are as expected, but some are surprising. For help with common problems, moreAmericans now use the Internet than consult experts or family members, according to the latest Pew Internet Projectsurvey. Fully 58 percent of those surveyed use the Internet compared with 53 percent who turn to professionals suchas doctors, lawyers or financial experts and 45 percent who seek out friends and family members. The Pew surveyindicated that 77 percent of American now have Internet access, with 64 percent having broadband access and 13percent having slower dial-up access. Those with dial-up access in general are poorer, older and less well-educatedthan those with broadband access and are more likely to rely on television and radio for information than broadbandusers.http://www.govtech.com/gt/articles/263376?utm_source=newsletter&utm_medium=email&utm_campaign=DC_2008_2_19(Government Technology – 2/14/08)Web Browsing, Search, And Online Ads Grow More Risky, Google SaysWeb browsing and searching are becoming increasingly risky activities, according to a report published by Googleon Tuesday. "In the past few months, more than 1% of all search results contained at least one result that we believeto point to malicious content and the trend seems to be increasing," said Niels Provos, a security engineer at Google(NSDQ: GOOG), in a blog post. Provos said that in the year and a half since Google began tracking malicious Webpages, the company has found more than 3 million unique URLs on more than 180,000 Web sites that attempt toinstall malware on visitors computers.http://www.informationweek.com/news/showArticle.jhtml?articleID=206501894(Information Week – 2/12/08) 14
  15. 15. RFIDEU "smart chip" guidelines aim to protect privacy"Smart" chips embedded in items ranging from pets to retail products will have to be deactivated at the point of saleto protect purchasers privacy under draft guidelines proposed on Thursday by the European Commission. A publicconsultation is being launched into the "soft law" guidelines that EU Information Society and Media CommissionerViviane Reding hopes will be adopted by the European Union executive to be applied in all the blocs 27 memberstates. The guidelines seek to strike a balance between protecting privacy and allowing new technologies to flourish,a Commission spokesman said.http://www.reuters.com/article/technologyNews/idUSL2181342720080221(Reuters – 2/21/08)SECURITYResearchers Find Way to Steal Encrypted DataA group led by a Princeton University computer security researcher has developed a simple method to stealencrypted information stored on computer hard disks. The technique, which could undermine security softwareprotecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from acan of dust remover. Encryption software is widely used by companies and government agencies, notably inportable computers that are especially susceptible to theft.http://www.nytimes.com/2008/02/22/technology/22chip.html?ref=business(New York Times – 2/22/08)Also see: • Disk encryption may not be secure enough, new research finds http://www.news.com/8301-13578_3-9876060-38.html?tag=nefd.lede (CNet News – 2/21/08)Research Says Best Info Security Requires Managed Security ServicesNew research from Aberdeen Group, a Harte-Hanks Co., reveals that the organizations getting the best informationsecurity performance include some managed security services as part of their defense. The new report, "BestPractices in Choosing and Consuming Managed Security Services," provides insight gleaned from close to 200survey respondents, supplemented with in-depth interviews with veteran consumers of managed security services.http://securitysolutions.com/news/managed-security-research-0219/(Security Solutions – 2/19/08)Securing cyberspace among top technological challenges of 21st century, panel saysNational Academy of Engineering panel of big thinkers, including Google co-founder Larry Page, has identified 14top technological challenges for this century and securing cyberspace is among them. "[S]ince we live in anincreasingly networked virtual world, cybersecurity is a fundamental engineering challenge," says Rob Socolow, aprofessor of mechanical and aerospace engineering at Princeton University and a panel member.http://www.networkworld.com/news/2008/021908-top-technological-challenges.html(Network World – 2/19/08)The Future of EncryptionIn today’s world the protection of sensitive data is one of the most critical concerns for organizations and theircustomers. This, coupled with growing regulatory pressures, is forcing businesses to protect the integrity, privacyand security of critical information. As a result cryptography is emerging as the foundation for enterprise datasecurity and compliance, and quickly becoming the foundation of security best practice. Cryptography, once seen asa specialized, esoteric discipline of information security, is finally coming of age.http://www.net-security.org/article.php?id=1113(Net Security – 2/18/08) 15
  16. 16. Replicating virtual servers vulnerable to attackOne of the most attractive features of virtualization -- the ability to replicate virtual servers on the fly to meetdemand -- has a big security downside -- from data theft to denial of service -- according to a talk scheduled for theBlack Hat DC 2008 conference next week in Washington, D.C. When a virtual machine migrates from one physicalserver to another, it can be subject to a range of attacks primarily because authentication between machines is weakand the virtual-machine traffic between physical machines is unencrypted, says Jon Oberheide, a Ph.D. candidate atUniversity of Michigan who will present the briefing.http://www.networkworld.com/news/2008/021508-replicating-virtual-servers.html(Network World – 2/15/08)Governance: A Holistic ApproachOne of the greatest benefits of adopting a holistic governance, regulation and compliance approach is that theprocess brings otherwise siloed corporate functions together to identify potential governance issues, business risksand compliance challenges. Rather than assembling response teams during a crisis, companies instituting enterprise-wide GRC controls collaborate to identify potential risks.http://www.ecommercetimes.com/story/Governance-A-Holistic-Approach-61674.html?welcome=1203368273(E-Commerce Times – 2/14/08)Executives Reveal Their Top IT Problems in Global IT Governance SurveyInsufficient IT staff availability, service delivery issues, and difficulty proving the value of information technology(IT) continue to plague executives at organizations around the world, according to a new report by the nonprofit,independent IT Governance Institute (ITGI). ITGI commissioned a global survey of 749 CEO-/CIO-level executivesin 23 countries to determine executives’ IT governance priorities and the IT-related problems their organizationshave faced. According to the IT Governance Global Status Report 2008, which is available as a complimentarydownload at www.itgi.org, 58 percent of respondents noted an insufficient number of staff, compared to 35 percentin 2005. Also, 48 percent said that IT service delivery problems remain the second most common problem, and 38percent point to problems relating to staff with inadequate skills. Thirty percent of respondents also reportedproblems anticipating the return on investment (ROI) for IT expenditures.http://www.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20080213005009&newsLang=en(Business Wire – 2/13/08)SAFECode on software assuranceSoftware Association Forum for Excellence in Code outlines core practices for secure software development. Aninformation technology industry group formed to develop and share best practices for secure software developmenthas released its first paper, outlining the core practices being used by member companies. The Software AssociationForum for Excellence in Code (SAFECode) was announced in October as a way to enhance communicationsbetween software companies. Many companies have internal programs to improve the quality of the code they areproducing, but a lack of communications has limited their effectiveness, said former White House cybersecurityadviser Paul Kurtz, executive director of SAFECode.http://www.gcn.com/online/vol1_no1/45811-1.html(Government Computer News – 2/13/08)Canadian IT pros see few security best practicesThe Canadian Advanced Technology Alliance (CATAAlliance) has identified a lack of IT security best practices asone of the top challenges faced by IT security professionals, according to a new report. CATA partnered withMicrosoft Canada to conduct a survey of 322 IT security professionals across Canada. The primary goal was todetermine the security issues that have the greatest impact on IT workers and to learn more about the perceptions ITpros have about the field in which they work.http://www.itworldcanada.com/a/E-Government/7a067626-c8ed-4e35-8154-3fd33f0cb074.html(IT World Canada – 2/12/08) 16
  17. 17. Identity Access Management to See Better IntegrationVendors and analysts say customers can expect to see tighter integration across traditional access management, userprovisioning and role management offerings. With the Identity Access Management market poised to grow, itsexpansion may be coupled with better integration and controls around role, entitlement and identity lifecyclemanagement. IAM tools give customers a level of control and visibility into their assets needed to meet compliancegoals, said Joe Anthony, program director of security and compliance management for IBM Tivoli software. Thekey though, may be to make IAM just one brick in an overall access strategy. Increased integration across securityproducts will make it easier for business to address a wider range of challenges in the traditional areas of IAM, hesaid, as well as application, infrastructure and data security.http://www.eweek.com/c/a/Security/Identity-Access-Management-to-See-Better-Integration/(eWeek.com – 2/12/08)DNS Inventor Warns of Next Big ThreatIts just a matter of time before a big breach occurs from corrupted DNS resolution, says Paul Mockapetris. Theindustry is just one multi-million-dollar corporate data breach away from waking up to the serious and often-silentthreat of corrupted DNS resolution servers, says DNS inventor Paul Mockapetris. Mockapetris -- who is also chiefscientist and chairman of the board for network naming and address vendor Nominum -- says the recent research oncorrupted DNS resolution servers by researchers at Georgia Tech and Google demonstrates yet another way the badguys are attacking DNS to infect users.http://www.darkreading.com/document.asp?doc_id=145663&f_src=darkreading_informationweek(Dark Reading – 2/11/08)Mapping out Web apps attacksAttackers continue to use well-worn techniques, such as SQL injection, to exploit holes in popular Web applicationsbut have also moved on to other targets, including government sites, and newer exploit methods, such as cross-siterequest forgery, according to the latest report filed by the Web Applications Security Consortium. The nonprofitindustry group released the findings of its annual Hacking Incidents Database report this week, and despite the factthat cyber-criminals are still capable of using familiar means like SQL injection to victimize e-commerce sites andother transactional systems, a growing number of assailants are broadening their efforts and capabilities and goingafter new sets of targets, the research contends.http://www.infoworld.com/article/08/02/11/Mapping-out-Web-apps-attacks_1.html(InfoWorld – 2/11/08)Powerful new antiphishing weapon DKIM emergesSpoofers, spammers and phishers, beware. Theres a new gun in town, and some of the Internets most powerfulcompanies -- including Yahoo, Google, PayPal and AOL -- are brandishing it in the ongoing battle against e-mailfraud. The new weapon is called DKIM, an emerging e-mail authentication standard developed by the InternetEngineering Task Force. DKIM, which stands for DomainKeys Identified Mail, allows an organization tocryptographically sign outgoing e-mail to verify that it sent the message.http://www.networkworld.com/news/2008/021108-antiphising.html(Network World – 2/11/08)The world of spyware evolvesThe spyware community has polarized, a panel of security experts said Thursday at a Washington workshop hostedby the Anti-Spyware Coalition. Adware distributors, under pressure from the Federal Trade Commission and anti-spyware technology, have mostly quit the business or are going legit. But the really bad players are getting worse,producing more stealthy and sophisticated malware. “Nuisance adware is mostly dead,” said FTC CommissionerJonathan Leibowitz. Venture capital funding of companies that are paid to deliver annoying pop-up ads to yourWeb browser is largely a thing of the past, Leibowitz said. He pointed to several successful civil actions againstmajor distributors who have since gone out of business or gone straight.http://www.gcn.com/online/vol1_no1/45763-1.html(Global Computer News – 1/31/08) 17
  18. 18. SEMINARSPolitics Online Conference 2008: Focus on PrivacyMarch 4-5, 2008Washington, DChttp://polc.ipdi.org/First Annual Freedom of Information Day CelebrationMarch 17, 2008.American University Washington College of Law, Washington DChttp://www.wcl.american.edu/secle/founders/2008/031708.cfmOpenthegovernment.org: Government Secrecy: Censoring Your Right to KnowMarch 19, 2008National Press Club, DChttp://www.openthegovernment.org/article/subarchive/109IAPP Privacy SummitMarch 26-28, 2008Washington, D.C.http://www.privacysummit.org/Future of the Internet Economy - OECD Ministerial MeetingJune 17-18, 2008Seoul, Koreahttp://www.oecd.org/document/19/0,2340,en_2649_37441_38051667_1_1_1_37441,00.htmlConference on Ethics, Technology and Identity.The Hague.June 18-20, 2008.http://www.ethicsandtechnology.eu/ETI _____________________________________________________________________PAPERSEnterprise@Risk: 2007 Privacy & Data Protection Surveyhttp://www.deloitte.com/dtt/article/0%2C1002%2Ccid%25253D182733%2C00.html (Deloitte)The Future of Reputation: Gossip, Rumor, and Privacy on the InternetDaniel J. Solove, Yale University Press, October 2007http://ssrn.com/abstract=1019177Ponemon Institute: 2008 National Survey on Access Governancehttp://www.aveksa.com/campaign/2008_Survey_on_Access_Gov.cfmWireless Security: Past, Present and Futurehttp://www.codenomicon.com/resources/whitepapers/Codenomicon_Wireless_WP_v1_0.pdf 18

×