Search


Intersection: Sidewalks & Public Space

Chapter by Melissa Ngo

"The Myth of Security Under Camera Surveillance"


  • Categories


  • Archives

    « Home

    Archive for the ‘Security’ Category

    InformationWeek: When Employees Steal Patient Records

    Thursday, April 10th, 2014

    InformationWeek reports on accusations of insiders misusing their access privileges in New York. We’ve seen the problems that arise when insiders abuse or misuse their access privileges to individuals’ data and violate the individuals’ rights. Such cases have occurred in: Tucson, Ariz., where University Medical Center officials fired three employees for violating privacy of patients connected to the shooting rampage of which Jared Loughner is accused; New York City, where a police sergeant pleaded guilty “to illegally entering a federal database and giving information from a terrorist watch list to an acquaintance to use in a child-custody case in Canada”; Ohio, where the Ohio Inspector General released a report (pdf) finding that state employees improperly accessed and distributed confidential state records related to Samuel Joseph Wurzelbacher, who gained fame during the 2008 election as “Joe the Plumber”; and the U.S. government, where the State Department found that federal employees repeatedly snooped into the passport files of entertainers, athletes and other high-profile Americans. The cases aren’t confined to the United States; for example, they’ve occurred in Canada and New Zealand.

    InformationWeek reports on a case concerning medical privacy in Queens, N.Y., as well as other cases in the United States:

    The Queens, N.Y., district attorney recently charged two employees of Jamaica Hospital Medical Center with illegally accessing emergency room patients’ medical records and personal identification information, and selling that data to individuals who then solicited services such as outpatient care or legal assistance — sometimes while patients were still in the ER. [...] Read more »

    EU Court: European Union Data Retention Directive Is Invalid

    Wednesday, April 9th, 2014

    The Court of Justice of the European Union announced that it has ruled (pdf) that the EU’s Data Retention Directive is invalid. The court said:

    The Court observes first of all that the data to be retained make it possible, in particular, (1) to know the identity of the person with whom a subscriber or registered user has communicated and by what means, (2) to identify the time of the communication as well as the place from which that communication took place and (3) to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. Those data, taken as a whole, may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented. Read more »

    GAO: Federal Agencies Need to Enhance Responses to Data Breaches

    Wednesday, April 9th, 2014

    The Government Accountability Office has released a new report, “Federal Agencies Need to Enhance Responses to Data Breaches (GAO-14-487T),” detailing Congressional testimony by Gregory Wilshusen, the GAO’s director of information security issues, that finds that agencies need to do more to protect the privacy of personally identifiable information. Here’s an excerpt:

    As GAO has previously reported, major federal agencies continue to face challenges in fully implementing all components of an agency-wide information security program, which is essential for securing agency systems and the information they contain—including PII. Specifically, agencies have had mixed results in addressing the eight components of an information security program called for by law, and most agencies had weaknesses in implementing specific security controls. GAO and inspectors general have continued to make recommendations to strengthen agency policies and practices. Read more »

    Washington Post: Yahoo’s uphill battle to secure its users’ privacy

    Tuesday, April 8th, 2014

    The Washington Post reports on attempts by Internet services company Yahoo to better protect its users’ privacy:

    On Wednesday, Yahoo’s freshly minted Chief Information Security Officer Alex Stamos announced the company had implemented a series of stronger security and privacy measures, including securing traffic that moves between their servers and encrypting most search queries automatically.

    This is a major step for Yahoo which has been dogged by critics for years for lagging behind its competitors on some basic privacy and security measures. In a Tumblr post, the company proclaims its latest announcement is only the start of a broader mission “to not only make Yahoo secure, but improve the security of the overall web ecosystem.”

    But although Yahoo, Google, and others have upped their security game in light of the revelations about National Security Agency spying over the last year, the tracking practices tech firms rely on for advertising also appear to have made some covert government operations easier. [...] Read more »

    Guardian (UK): Smart cities: are you willing to trade privacy for efficiency?

    Tuesday, April 8th, 2014

    The Guardian reports onquestions of privacy concerning “smart” cities — where data is increasingly collected on the habits of citizens and residents:

    Privacy must play an instrumental role in any smart city strategy otherwise citizens might fear the introduction of other innovative technology, according to an executive at one of the world’s largest infrastructure companies.

    Wim Elfrink, executive vice president of industry solutions and chief globalisation officer of Cisco, heads up the company’s smart cities team and warned that if cities did not give citizens the choice of whether or not to allow the government to use their data, they might opt-out of future initiatives. [...]

    A number of councils have already installed a number of sensors around London with the aim of creating a smarter city. This is done through collecting large amounts of data – from information about available parking spaces, electricity usage and even refuse levels – before then analysing it and understanding problems they may not know existed. Read more »

    NSS Labs: Why Your Data Breach Is My Problem

    Friday, April 4th, 2014

    In an analyst brief, “Why Your Data Breach Is My Problem,” for NSS Labs, Stefan Frei and Bob Walder discuss the wider effect of data security breaches on the use of identifiers such as Social Security Numbers and birth dates. Here’s an excerpt from the overview:

    For authentication, users typically rely on only a small number of unique personal information attributes. The same information attributes are used in several places and inevitably are lost, in large numbers, through data breaches. Cyber criminals have built comprehensive profiles of millions of users, which they constantly refine with each new data breach. Once lost, breached data cannot be taken back. This rapid erosion of security (and also privacy) presents huge challenges as this same information, which many still consider “private,” is used across diverse services, both online and offline, While users can change login and password information after a breach, social security numbers (SSNs) and date of birth (DOB) information cannot be changed after such an event. Read more »