PogoWasRight - All

Bob Barr, a former GOP congressman, is running for president as a Libertarian

Tue, 13 May 2008 06:39:44 -0400

Bob Barr, a onetime Republican congressman from Georgia, on Monday announced his plan to run for president as a Libertarian, promising to rein in federal spending and limit military involvement abroad.... Barr, who left the Republican Party two years ago, is expected to win the Libertarian Party's nomination during its convention this month in Denver.

Source - Los Angeles Time

Related - National Review: Interview

Reddit It | Digg This | Add to del.icio.us

EDITORIAL: A price on privacy

Tue, 13 May 2008 06:37:52 -0400

If you have an unlisted phone number, you may have noticed that the monthly cost for this "service" jumped last year from 28 cents to $1.25 on your AT&T bill. It's still cheaper than Verizon, which charges $1.75 a month for an unlisted landline.

Regardless of your phone company, you might wonder whether the cost is justified and whether you can do something about it.

You can.

Sen. Sheila Kuehl, D-Santa Monica, working with consumer and privacy advocates, has been pushing legislation that would prohibit phone companies from charging an extra fee for an unlisted number. Consumer advocates argue that the costs of data processing for an unlisted number are minuscule. Privacy groups suggest it is unfair to impose a surcharge on customers who don't want their phone number or addresses exposed to telemarketers and other strangers.

The phone companies are arguing that it's inappropriate for state legislators to regulate "specific features on a phone," as Verizon spokesman Jon Davies put it, adding that there are costs associated with maintaining separate databases for listed and unlisted customers.

Source - San Francisco Chronicle

Reddit It | Digg This | Add to del.icio.us

AU: ACS supports privacy laws, calls for e-mail safeguards

Tue, 13 May 2008 06:34:44 -0400

The Australian Computer Society (ACS) has called on government to enforce rigid privacy laws on organizations which intercept employee e-mails.

Under new legislation, businesses may be given powers to intercept e-mails sent and received by staff without notification. The changes remove the need for disclosure in employee contracts, required by existing law, under the guise of counter-terrorism and national security.

ACS President Kumar Parakala said tough privacy laws are essential for interception provisions because staff often send personal e-mails from work.

Source - IDG.no

Reddit It | Digg This | Add to del.icio.us

Domestic spying far outpaces terrorism prosecutions

Tue, 13 May 2008 06:30:08 -0400

The number of Americans being secretly wiretapped or having their financial and other records reviewed by the government has continued to increase as officials aggressively use powers approved after the Sept. 11 attacks. But the number of terrorism prosecutions ending up in court -- one measure of the effectiveness of such sleuthing -- has continued to decline, in some cases precipitously.

The trends, visible in new government data and a private analysis of Justice Department records, are worrisome to civil liberties groups and some legal scholars. They say it is further evidence that the government has compromised the privacy rights of ordinary citizens without much to show for it.

Source - Los Angeles Times

Reddit It | Digg This | Add to del.icio.us

ICO publishes data protection officer conference findings

Tue, 13 May 2008 06:28:30 -0400

The Information Commissioner�s Office (ICO) has published the findings of its Data Protection Officer Conference

Source - Findings

Reddit It | Digg This | Add to del.icio.us

Josef Fritzl: Legal action to be taken over violation of Elisabeth Fritzl's privacy

Tue, 13 May 2008 06:14:16 -0400

The Austrian incest victim Elisabeth Fritzl will today be exposed to the media coverage of her case from which she has been shielded since she was released from captivity, as her lawyer announced legal action for violation of privacy against newspapers.

... In the past two weeks Austrian media law experts have criticised the publication of private documents such as Elisabeth�s letter to a school friend and private pictures of the family and her children, some of whom are underage.

Source - Telegraph

Reddit It | Digg This | Add to del.icio.us

TJX credit card heist suspect, 2 others, accused of new scam

Mon, 12 May 2008 20:12:34 -0400

Three men - one of them suspected of playing a role in the heist of 45.6 million credit cards from retailer TJX Companies - have been accused of hacking into cash register terminals belonging to a restaurant chain and installing software that sniffed credit card numbers.

According to a 27-count indictment unsealed Monday, the scheme was carried out in part by Maksym Yastremskiy. In July, the Ukrainian was arrested in a Turkish resort town for allegedly selling large quantities of credit card numbers, many of which were siphoned out of TJX's rather porous network. He remains incarcerated in Turkey, where an application for extradition to the US is pending. Yastremskiy also went by the name Maksik.

Source - The Register

Reddit It | Digg This | Add to del.icio.us

Homeland Security: Privacy Officer Report

Mon, 12 May 2008 15:10:46 -0400

In support of Section 803 of the Implementing Recommendations of the 9/11 Commission Act of 2007, The Privacy Officer will submit a report covering all privacy protection activities of the Department.

Source - Quarterly Report, December 2007 - March 2008 (PDF, 5 pages - 40 KB) - contains 2nd quarter findings for 2008.

Reddit It | Digg This | Add to del.icio.us

Hackers Indicted for Stealing Credit and Debit Card Numbers From National Restaurant Chain

Mon, 12 May 2008 14:25:09 -0400

Three defendants havebeen charged in a federal grand jury indictment and complaint withillegally accessing the computer systems of a national restaurant chain andstealing credit and debit card numbers from that system, Assistant AttorneyGeneral Alice S. Fisher of the Criminal Division and U.S. Attorney for theEastern District of New York Benton J. Campbell announced today.

According to the indictment and complaint, Maksym Yastremskiy, a/k/a"Maksik," Aleksandr Suvorov, a/k/a "JonnyHell," and Albert Gonzales, a/k/a"Segvec," engaged in a scheme in which they hacked into cash registerterminals at 11 Dave & Buster's Inc. (D&B) restaurants at various locationsaround the United States in order to acquire "track 2" credit and debitcard information. The defendants then sold the stolen data to others whoused it to make fraudulent purchases or re-sold it to make such purchases,causing losses to financial institutions that issued the credit and debitcards. Track 2 data includes the customer's account number and expirationdate, but not the cardholder's name or other personally identifiableinformation.

The indictment alleges that in or about May 2007, Yastremskiy andSuvorov gained unauthorized access to the cash register terminals andinstalled at each restaurant a "packet sniffer," a malicious piece ofcomputer code designed to capture communications between two or morecomputer systems on a single network. The packet sniffer was configured tocapture track 2 data as it moved from the restaurant's point-of-sale serverthrough the computer system at the company's corporate headquarters to thedata processor's computer system. At one restaurant location the packetsniffer captured track 2 data for approximately 5,000 credit and debitcards, eventually causing losses of at least $600,000 to the financialinstitutions that issued the credit and debit cards.

Source - PR Newswire

Reddit It | Digg This | Add to del.icio.us

UK companies: Leaking like a sieve?

Mon, 12 May 2008 13:11:57 -0400

Most UK companies are losing data every month a survey has found.

The majority of UK businesses, 79 per cent, are losing data at least once per month, according to the survey of 250 senior IT staff at businesses larger than 1,000 staff.

More than a quarter, 28 per cent, suffered data loss on a weekly or more frequent basis the report by IT management company CA found.

Source - Silicon.com

Reddit It | Digg This | Add to del.icio.us

'Bonnie and Clyde' Jet-Setters Sign Plea Deal in Massive ID Theft Case

Mon, 12 May 2008 13:08:17 -0400

A young couple accused of stealing the identities of more than 16 people to live expensively and travel the world in style have agreed to plead guilty to federal charges, an attorney said Monday.

Jocelyn Kirsch, 22, will plead guilty to six counts, including two counts of aggravated identity theft, one count of bank fraud and one count of money laundering, the lawyer, Ronald Greenblatt, told The Associated Press.

Source - FOXNews

Reddit It | Digg This | Add to del.icio.us

Another Laptop Stolen from Pfizer, Employee Information Compromised (updated)

Mon, 12 May 2008 12:59:21 -0400

About 13,000 employees at Pfizer Inc., including about 5,000 from Connecticut, had their personal information compromised when a company laptop and flash drive were stolen, the pharmaceutical giant confirmed today.

The data breach, which occurred about a month ago, was the second this year affecting Pfizer Inc. employees and the sixth made public in a one-year span dating back to May 2007. More than 65,000 data-breach notifications have been sent out by Pfizer over the past year, including more than 10,000 to employees from Connecticut

Source - The Day

Updated 5-13-08: The Day

Reddit It | Digg This | Add to del.icio.us

FTC Approves New Rule Provision Under The CAN-SPAM Act

Mon, 12 May 2008 12:53:29 -0400

The Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or the Act). The provisions are intended to clarify the Act�s requirements. The provisions and the Commission�s Statement of Basis and Purpose (SBP) will be published in the Federal Register shortly.The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of �sender� was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act�s opt-out requirements; (3) a �sender� of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act�s requirement that a commercial e-mail display a �valid physical postal address�; and (4) a definition of the term �person� was added to clarify that CAN-SPAM�s obligations are not limited to natural persons.

Source - FTC

Reddit It | Digg This | Add to del.icio.us

UK: Crooks access NHS database

Mon, 12 May 2008 12:20:27 -0400

THE �12billion NHS computer system lay in tatters last night � as it emerged CROOKS may have accessed patient records.

A security card flaw has left the system open to abuse for two years.

Sensitive medical details, addresses and National Insurance numbers of every patient in the country could have been seen by ANYONE in a GP surgery or hospital without using the special swipe card.

.... the controversial Choose and Book system allows GPs to view patient records online, book appointments and order medicines through their computer.

But a GP in Hornchurch, Essex, found he could log on to the system without inserting his "smart card" into the reader device.

Source - The Sun

Reddit It | Digg This | Add to del.icio.us

Ie: Another BoI laptop was stolen in 2001

Mon, 12 May 2008 12:13:32 -0400

... Bank of Ireland says it is investigating an allegation that a laptop was stolen. The development comes as the bank faces two separate investigations following the disclosure that laptops with details of 31,000 customers were stolen last year.

The theft happened in Bank of Ireland's Newbridge branch in 2001. The laptop was used by an official from Bank of Ireland's life assurance division, but the computer contained details of life assurance customers from branches in Newbridge, Kilcullen and Athy.

The laptop was not encrypted - so the information could be easily accessed by hackers. Its theft was reported to line management in the bank, sources have told RT� News. But customers were not informed.

The laptop had details of up to 4,000 Bank of Ireland customers. These included dates of birth addresses, bank account details, medical histories and investments held by customers.

Source - RT� News

Reddit It | Digg This | Add to del.icio.us

West Virginia Class Action Lawsuit Filed Against LifeLock Alleging Deceptive Marketing Practices

Mon, 12 May 2008 12:12:33 -0400

Marks & Klein, LLP today filedits third class action lawsuit against LifeLock, Inc., a provider ofidentity theft protection services, and its CEO Richard "Todd" Davis. Thelawsuit was filed in the Circuit Court of Jackson County, West Virginia(Docket No. 08-C-69), on behalf of Kevin Gerhold of Falling Rivers, as wellas all other LifeLock subscribers in West Virginia.

This latest action followed suits filed by the firm in April on behalfof Dr. and Mrs. Gerald Falke of Hagerstown, Md., as well as all otherLifeLock subscribers in Maryland; and in March on behalf of Dr. and Mrs.Warren Pasternack of East Brunswick, N.J., as well as all other New JerseyLifeLock subscribers.

Source - PR Newswire

Reddit It | Digg This | Add to del.icio.us

U.K. defence department adopts encryption after data breaches

Mon, 12 May 2008 12:11:01 -0400

Following a spate of high profile data breaches, the U.K. Ministry of Defence is set to install encryption software on 20,000 of its laptops.

It will install BeCrypt's Disk Baseline software across Royal Airforce, Army and Navy laptops, and users will need to be authenticated before they can access encrypted data. The MoD said the new BeCrypt software would be easily integrated with future technology too.

It will protect data across a range of levels, from 'Classified' to 'Secret' levels, and in some cases 'Top Secret' data.

Source - InterGovWorld.com

Reddit It | Digg This | Add to del.icio.us

AU: IT body wants internet 'snoop' safeguards

Mon, 12 May 2008 08:03:27 -0400

Australia's IT industry group is calling on the federal government to adopt guidelines surrounding the use of workplace internet records.

The Australian Computer Society (ACS) has made its submission as part of the government's review of the country's privacy laws.

... Among the list of recommendations, the ACS wants to see the mandatory publishing of an employer's email and web use policy, guidelines on who can authorise the accessing of employee emails, a logging system to identify when email records are accessed, and random auditing of those logs.

Source - Sydney Morning Herald

Thanks to Brian Honan for the link.

Reddit It | Digg This | Add to del.icio.us

UK: Outrage in UK over staff blacklisting database

Mon, 12 May 2008 08:01:53 -0400

Last week the announcement that several UK retailers were collaborating on compiling a database of employees dismissed over suspicion of theft or fraud caused furore amongst the public, trade unions and civil liberties groups.The database is the brainchild of Action Against Business Crime (AABC), the national organisation for Business Crime Reduction Partnerships in the UK, and is due to go live later this month.

Employees who are dismissed for dishonesty or who resign before they can be dismissed will be added to the National Staff Dismissal Register (NSDR), which can be searched by prospective employers when conducing a background check on a job candidate.

Source - Silicon Republic

Thanks to Brian Honan for the link.

Reddit It | Digg This | Add to del.icio.us

Ca: Licence-plate readers worry privacy advocates

Mon, 12 May 2008 07:09:50 -0400

A new high-tech crime-fighting tool that police believe has revolutionary potential is worrying some civil libertarians and privacy watchdogs.

Automated licence-plate readers are being tried out by police forces in several Canadian jurisdictions.

In Vancouver, police are using them to track down stolen cars and nail driving scofflaws, but the technology's investigative uses could ultimately include counter-terrorism work and tracking sex offenders.

Critics fret it represents creeping big brotherism, another step towards a surveillance society.

Source - New Brunswick Business Journal

Reddit It | Digg This | Add to del.icio.us

Six million Chileans' data leaked

Mon, 12 May 2008 05:50:07 -0400

A hacker in Chile calling himself the 'Anonymous Coward' published confidential data belonging to six million people on the internet.

Authorities are investigating the theft of the leaked data, which includes identity card numbers, addresses, telephone numbers, emails and academic records.

Information about the president's daughters was reportedly included in the leaked data. The information was obtained by the surreptitious hacker from government, military and Ministry of Education servers and posted on FayerWayer, a Chilean technology blog.

Source - WebUser

Related - BBC
Related- FayerWayer

Reddit It | Digg This | Add to del.icio.us

Dahlgren mails ID warning (Naval Surface Warfare Center at Dahlgren update)

Mon, 12 May 2008 05:49:28 -0400

The Naval Surface Warfare Center at Dahlgren is mailing 7,200 more letters to former employees through the Internal Revenue Service warning them about potential identity fraud.

In January, four people arrested in Pennsylvania had pages from a Navy report dated July 7, 1994, listing names, Social Security numbers and birth dates for 100 current and former employees.

... Naval Surface Warfare Center spokeswoman Stacia Courtney said 2,000 letters were sent out earlier to those who worked for the Navy on or before July 7, 1994. The latest batch is going to people whose addresses were not available for the first mailing.

Courtney said it's not clear how many people have suffered from fraudulent attempts to use their names to obtain credit. However, she said those with fraud concerns have been referred to Naval Criminal Investigative Services as the investigation continues.

Source - Fredericksburg.com

Reddit It | Digg This | Add to del.icio.us

Proposed privacy rules rile small brokerage firms

Mon, 12 May 2008 05:47:13 -0400

Small and independent-contractor brokerage firms are convinced that the SEC's proposed changes to privacy rules related to client information will crush them with new costs and burdensome procedures.

The Securities and Exchange Commission proposed the changes to Regulation S-P in March, and the deadline for broker-dealers and financial advisers to comment is today.

The proposed amendments to the regulation would create more-specific requirements for safeguarding client information and responding to information security breaches. They are also designed to align the rule's privacy guidelines more closely with those of the Federal Trade Commission and federal banking agencies, industry observers and attorneys noted.

Source - Investment News

Reddit It | Digg This | Add to del.icio.us

UK: Data protection rules threaten marriage pictures

Mon, 12 May 2008 05:45:52 -0400

The traditional picture of the bride and groom signing the wedding register is under threat from data protection rules.

The custom has been set aside in many register offices and where couples insist, they must pose for the picture over a "dummy" book.

The reason given is that the photographs could invade other couples' privacy because their signatures may be visible on the same page. There are also fears that fraudsters could use the pictures to steal identities, and that the images may breach Crown copyright.

Critics said the same information can be obtained over the internet from the General Register Office.

Source - Telegraph.co.uk

Reddit It | Digg This | Add to del.icio.us

Data �Dysprotection:� breaches reported last week

Mon, 12 May 2008 05:44:21 -0400

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

Reddit It | Digg This | Add to del.icio.us

UK: Outlawed: Reckless loss of data

Mon, 12 May 2008 05:42:22 -0400

Anyone who recklessly loses personal data will face a "substantial" fine after the government created a new civil offence.

In a victory for data loss law campaigners, MPs backed the amendment to the Criminal Justice and Immigration Act to make it an offence for anyone to "intentionally or recklessly disclose information" or "repeatedly and negligently" allow information to be disclosed.

The Information Commissioner's Office welcomed the powers and said it would be a strong deterrent against companies losing personal data.

Source - Silicon.com

Reddit It | Digg This | Add to del.icio.us

Indianapolis Educator Wins Lawsuit Against Facebook.com

Mon, 12 May 2008 05:39:04 -0400

A Marion County judge has ordered the social networking site Facebook to turn over information identifying the person who set up a fake profile in the name of a high school dean.

Marion Superior Court Judge Robyn Moberly issued the order Friday, a day after Roncalli High School Dean of Students Tim Puntarelli sued the Web site, alleging harassment and identity theft by the unidentified creator of the profile.

Source - Indiana's News Center

Reddit It | Digg This | Add to del.icio.us

Police get break in ID theft case (Lunardi's update)

Sat, 10 May 2008 17:46:27 -0400

Police say two men arrested Thursday in Southern California are connected to last month's massive identity theft scam at the Lunardi's Supermarket in Los Gatos.

Just how deeply they are involved remains a mystery. The men were in possession of two of the 222 stolen bank account numbers from Lunardi's and $70,000 in cash when they were arrested by Orange County sheriff's deputies.

But the two men posted bail and were freed before Los Gatos-Monte Sereno police found out about the arrest.

Source - Mercury News

Reddit It | Digg This | Add to del.icio.us

Bank cannot find six backup tapes (BNY Mellon update)

Sat, 10 May 2008 13:40:18 -0400

More than 1,300 SAIC stockholders are at risk of identity theft after a box of magnetic backup tapes went missing in New Jersey earlier this year.

The tapes owned by Bank of New York Mellon, which acts as stock transfer agent for SAIC, contained names, addresses, Social Security numbers, stock account information, transaction activity and possibly bank account numbers for 1,376 current or former shareholders, said the San Diego company also known as Science Applications International Corp.

.... Laura Luke, a spokeswoman for SAIC, said the tapes included information from a �very long list of clients� of Mellon in addition to those of SAIC.

Source - SignOnSanDiego

Thanks to a reader for sending this link.

Reddit It | Digg This | Add to del.icio.us

Boarding Passes and Identity Theft

Sat, 10 May 2008 13:39:31 -0400

After reading this article, I'll be more careful about throwing out boarding pass stubs -- Dissent

Can a simple airline stub, plucked out of a bin near Heathrow lead to a breach of security and possible identity theft? The answer might surprise you.

The traveler�s name was on the discarded British Airways boarding-pass stub. Its just a small section of the pass that displays your name and seat number. Very similar to the stub you probably throw away as soon as you leave your flight.

It said the traveler had flown from Brussels to London on March 15 at 7.10am on BA flight 389 in seat 03C. It said the man was �Gold� standard passenger and gave his frequent-flyer number. I picked up the stub, mindful of a report by a computer security expert two months earlier, and put it in my pocket.

.... We logged on to the BA website, bought a ticket in the travelers name and entered the frequent flyer number on his boarding pass stub, without typing in a password. We were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information.

Source - Carrentals.co.uk

Reddit It | Digg This | Add to del.icio.us