I have highlighted problems with insiders abusing their access rights before, but this Network World article is a good reminder that even the best safeguards depend on fallible people.

Officials in San Francisco last summer found out just how easy it can be for one person to hold the city, or at least critical parts of its IT network, hostage for several days. In July, a disgruntled network administrator for the city locked up a multimillion-dollar municipal computer system that handles sensitive data. The employee, Terry Childs, refused to give up the password to the FiberWAN system, which he had helped design. Childs eventually gave the password to San Francisco mayor Gavin Newsom, but not before a lockout that lasted almost two weeks and cost the city close thousands of dollars to fix.

The lockout was one of several incidents featuring bad acts by company employees, both current and former, that made headlines in 2008. [...] Read more »

“The departments of Defense, State, and Health and Human Services have not met legal requirements meant to protect Americans’ civil liberties, and a board that’s supposed to enforce the mandates has been dormant since 2007,” according to a USA Today review of federal records.

“All three departments have failed to comply with a 2007 law directing them to appoint civil liberties protection officers and report regularly to Congress on the safeguards they use to make sure their programs don’t undermine the public’s rights and privacy, a USA TODAY review of congressional filings shows.”

The 2007 law at issue is the “Implementing the 9/11 Commission Recommendations Act of 2007,” which mandated the appointment of privacy and civil liberties officers in certain federal departments and required that the officers:

(1) assist the head of such department, agency, or element and other officials of such department, agency, or element in appropriately considering privacy and civil liberties concerns when such officials are proposing, developing, or implementing laws, regulations, policies, procedures, or guidelines related to efforts to protect the Nation against terrorism; Read more »

The Washington Post has a story about a movie at the Sundance Film Festival that uses video cameras to document individuals’ daily lives. The film explores people’s fascination with exposing their lives to the public, whether on camera or online through social networking sites.

After making $80 million in the dot-com boom of the ’90s, Josh Harris found amusing ways to use his money. One was to create an experimental community in a Lower Manhattan bunker, where he gathered more than 100 artists to live under the scrutiny of 110 video cameras, 24 hours a day. This lasted a month before police and fire officials shut down the nascent group.

Harris then persuaded his girlfriend to live with him under similar circumstances: Their loft was rigged with 32 surveillance cameras and 60 microphones, and everything was streaming live on the Internet. They planned to conceive in public, and be the first couple to live their lives online. [...] “We Live in Public” — Ondi Timoner’s documentary about Harris’s social experiments — premiered here at the Sundance Film Festival. [...] Read more »

Protecting National Security and Privacy: Approaches of New Administrations in the U.S. and Europe: A Panel Discussion

Description: Representatives from the United States Departments of State, Justice and Homeland Security as well as from the European Commission, join with data privacy experts from the academic and nonprofit worlds to discuss the future of privacy and national security. This event is hosted by Intel and the Triangle Center on Terrorism and Homeland Security, with support from the Office of the Provost of Duke University, the Duke Center for European Studies, the Center for International Studies, and the Triangle Institute for Security Studies, and the Terry Sanford Institute for Public Policy.

Panelists:

Daniel W. Caprio - President & CEO, DC Strategies, LLC
Leonardo Cervera Navas - Internal Market and Services Policy Officer and Legal Adviser in EU Policy and International, European Commission
John Kropf - Deputy Chief Privacy Officer, U.S. Department of Homeland Security
Kenneth R. Propp – Office of Legal Adviser, U.S. Department of State Read more »

In his first week as US president, Barack Obama has published orders that would likely increase openness and transparency in the federal government. Also, he has appointed an attorney with a privacy background to head the Justice Department’s antitrust division.

Christine Varney has been at DC law firm Hogan and Hartson since 1997, and she leads the Internet practice group. “This practice provides full service assistance to companies doing business globally, including providing advice on antitrust, privacy, business planning and corporate governance, intellectual property, and general liability issues,” according to the Hogan and Hartson site. Before 1997, Varney was a Commissioner at the Federal Trade Commission. There, “She led the government’s effort to examine privacy issues in the information age, resulting in congressional and agency hearings, proposed industry standards, and increased government enforcement of laws protecting privacy.”

Varney also helped to create the Network Advertising Initiative and the Online Privacy Alliance. Both organizations support industry self-regulation of customer data collection and sharing, which I don’t believe is enough to truly protect consumer privacy. (I’ve written previously about Web sites such as Facebook, Internet Service Providers, and search engines gathering personal data to create targeted advertisements.) I hope that Varney’s privacy experience will lead to stricter scrutiny and regulation of online advertising and customer data collection practices.

Also last week, President Obama released two memoranda and one executive order concerning greater public access to government records, including presidential records.

Obama’s memo on open government set out principles for transparency. “My Administration will take appropriate action, consistent with law and policy, to disclose information rapidly in forms that the public can readily find and use. Executive departments and agencies should harness new technologies to put information about their operations and decisions online and readily available to the public.” Obama ordered the creation (within 120 days) of an Open Government Directive “to be issued by the Director of OMB, that instructs executive departments and agencies to take specific actions implementing the principles set forth in this memorandum.” Read more »

Interfax China reports on a new privacy regulation in China.

Internet users in Jiangsu Province that reveal personal information of other individuals online will face fines of up to RMB 5,000 ($731) and a six-month block on their IP address, according to a provincial regulation released on Jan. 18.

The newest online privacy regulation, released by the Jiangsu provincial government at the 11th People’s Congress of Xuzhou City, covers the release of sensitive information online such as addresses, occupations, salaries and women’s ages. [...]

China began to introduce regulations to protect personal information in 2008, when the Chinese government added an article to the country’s Criminal Law in August, prohibiting the distribution of personal information collected by companies or individuals of those working in the financial, telecommunication and health care industries.