This one is just plain embarassing:
"Documents obtained by CBC News show that 1,127 uniform items belonging to Canadian airport screeners were lost or stolen in a nine-month period." The report goes on to quote Peter St. John, a U. of Manitoba terrorism expoert,
"If you have a uniform and you have the right credentials then you've got access to do anything you want in the airport," says St. John. "You can almost board a plane at will and hijack it or anything. Security is just poor." ¶ 3:34 p.m.
Larry Ponemon's Top 5 privacy issues for 2005: "Despite privacy concerns, however, the vast majority of people we contacted are willing each day to take significant information-sharing risks for small benefit. These actions include downloading free software, obtaining free Internet services or receiving an e-product coupon. "
The top five issues are:
Identity management
Phishing and Spoofing
Internet Advertisting
Airline privacy
Customer Trust for business value
After losing their first complaint about Abika, the Canadian Internet Policy and Public Interest Clinic (CIPPIC)
has refiled a complaint. The first complaint was rejected because the federal Privacy Commissioner maintained due to lack of jurisdiction outside of Canada.
The CAW in Winnipeg has just launched a grievance and a privacy complaint in reference to employer video surveillance, asking for damages based on "loss of dignity and invasion of privacy". Meanwhile, next door in Ontario, in a provincially regulated arbitration hearing, David Fraser has pointed out an arbitration hearing rejecting a grievance about video surveillance, since there is NO statutory right of privacy in provincial labour relations in Ontario.
I predict two things. First is that Anne Cavoukian, the outspoken Information and Privacy Commissioner of Ontario will not be pleased and will say so. Second and more nebulous is that this decision, if publicized, may act as a catalyst to properl private sector privacy legislation in Ontario. The two are not unrelated.
¶ 10:45 a.m.
The next time suggests to you that they release a product or process without realistic simulation and testing, just point them to this
¶ 2:47 p.m.
In this story one of the directors of the organization is cited as saying that, "... he did not know until this week that the organization was using an outside company to collect data or that collection had expanded from major donors to those who contribute as little as $20. 'Honestly, I don't know the details of how they do it because that's not something a board member would be involved in,' he said"
Big problem here. Knowing the privacy guidelines for personal information collection sufficiently well to know that privacy is not being violated is EXACTLY the responsibility of the board. Hiding this as 'too detailed' for our attention is, at best, a serious misunderstanding the role of governance and privacy. At worst it could quality as malfeasance in office. When you add that the organization in question is the ACLU, you have to add hypocrisy to the mix
¶ 11:35 a.m.
This one in from the Globe on-line:
"As a vice-president at Environics Analytics, he runs one of the Canadian companies that tell people trying to sell you stuff how to track you down and get your attention. He advises banks where to locate new branches, he knows which grocery stores should stock thin-crust pizza and he can design direct mail to your presumed tastes. A few years back, with great success, he told the Liberal Party what to say (and not to say) to woo swing voters in certain neighbourhoods."
Is it just me or is there something fundamentally wrong about a policital party operating on polls instead of something silly like principles and policies? I know that it's been this way for a while, but seeing it cast this way as if it were a positive thing is just a bit too over the top for me.
¶ 3:56 p.m.
Given how few IT projects are solidly grounded in financials, it's hard to see how this assertion could be made in Compliance Pipeline:
"Weighing the costs versus the benefits of compliance projects has been a challenge. Most corporations hate being told how they must spend their money, but in the final analysis, IT projects like Sarbanes-Oxley compliance may actually net positive results."
¶ 11:57 p.m.
Jonathon Monpetit of MediaScout says, "Yesterday, Britain’s law lords, who preside over the UK’s highest court of appeal, ruled in a blockbuster decision that Britain’s anti-terrorism law contravenes the European Charter of Rights. The pronouncement was unequivocal in its criticism: Britain’s anti-terror legislation is xenophobic and discriminatory. What the law lords took issue with are clauses allowing foreigners to be detained without any of the traditional liberties afforded to defendants, such as a trial, while citizens are spared such treatment. Canada has similar laws and provisions to those currently being held to the fire in Britain. But Anne McLellan, Canada’s Public Safety Minister, has said there are no plans for a review of this country’s anti-terrorist legislation. At least Justice Minister Irwin Cotler has said he will consider the British ruling carefully. "
Shame on you Ms. McLellan!
¶ 6:11 p.m.
It's about time. According to Canada NewsWire, "Privacy Commissioner of Canada Jennifer
Stoddart today congratulated Industry Minister David L. Emerson on the recent
introduction of legislation to create a national Do Not Call List for
telemarketers."
A business idea whose time has come? A subscriber based private fax phone network?
¶ 3:00 p.m.
And cheers could be heard throughout the land. Who amongst us has not quietly, or not so quietly railed against the so-called negative option? According to CNEWS, "The federal privacy commissioner's office has opened an investigation into a Toronto man's complaint that the Rogers Wireless service contract includes a 'negative option' privacy policy that is illegal. "
¶ 1:24 p.m.
According to IT World Canada, "Microsoft Corp. has quietly released an update to Windows XP to fix a potentially serious configuration problem in the firewall that ships as part of Windows XP Service Pack 2 (SP2). Users who installed SP2 on their Windows XP machines and also have file and printer sharing enabled may have been sharing their files and printers with the entire Internet, according to Microsoft."
As tempting as it might be to slag Microsith over this, I do understand that they are caught in a fundamental contradiction. Microsoft grew fat and happy on providing 'easy' and 'convenient' software for a mass market. Enterprise priorities are different. And now you add to the mix that people SAY they want security, but ACT and BUY for price and convenience. What's a company based on old style, pre-Cluetrain marketing to do?
I don't know, but I do know that until we have some general consensus on how to understand and specify our individual and corporate requirements on privacy, security, and ease of use software companies are going to continue to be caught between a rock and a hard place. On the other hand, sitting on the pile of cash that they are, even the that place has to be pretty comfortable for Microsoft.
¶ 1:18 p.m.
Just because you haven't seen changes in your credit card doesn't mean your identity hasn't been stolen:
Geekward Ho: So very casually: "I'm talking to a credit-check person on the phone; he's asking for, if possible, a photocopy of my Social Insurance Number card. I explain that I don't carry the card because I've had it stolen twice and never bothered after that. 'Ah yes,' he says, 'the file mentions that your social insurance number has been used by many other people.'" ¶ 10:08 a.m.
After the hoopla in B.C. the show appears to be going on the road. There were two press releases by the Alberta Privacy Commissioner in the last two days. First the commissioner announced a review of public sector outsourcing. The very next day, we find a press release on the disclosure of credit information of hundreds of Alberta civil servants.
I'm not trying to be cynical here people, but I'm thinking that someone had to be doing some spin control in releasing the "gov't has done something bad" and the "The gov't is doing some positive" so close to each other. But that could just be me!
¶ 1:43 a.m.
I remember sitting in a presentation about privacy complaints from a senior crown corporation official about a year ago. For those of you that aren't Canadian, a crown corporation is a corporation set up by the government to run as a business at arms length from the government. But because it was a crown corporation it was regulated by public sector rules, including the 20 year old Privacy Act, rather than the post millenial PIPEDA for the private sector.
Anway, the point of his presentation is that over the 20 years they had experienced a doubling of complains about every 5 years, with no signs that the rate of increase would slow down. While we are at a much earlier stage in the curve for privacy complaints in the public sector, it's beginning to look like the rate of increase may be faster. Another complaint to the Privacy Commissioner of Canada has been launched. According to the online version of the Georgia Straight out of Vancouver, Straight.com: Straight Talk: "A Vancouver man has asked the federal privacy commissioner to investigate the outsourcing of Canada student loans to a U.S.-owned company. Mark O'Meara, founder of the www.canadastudentdebt.ca/ Web site, claimed that as a result of a recent corporate takeover, Nebraska-based Nelnet has access to all federal student debtors' personal information and financial data."
I have to agree with David Fraser who, blogging about this as well, said that it would be easier to blog about who isn't complaining to the privacy commissioner this week.
¶ 3:38 p.m.
I found this quote: on John Gilmore's home page: "If you are an innocent person living in Afghanistan or Iraq, you are far more likely to die from the intentional act of a US Government soldier than you are to be killed by any other terrorists."
I was actually searching for the original context for the source for this one, "The Internet interprets censorship as damage and routes around it," which John Gilmore is also reputed to have said.
I figure both are true, and both offend those who would be authorities, so I felt impelled to repeat them.
Cross posted to both Webistemology and .:. fuck decaf .:.
¶ 7:34 p.m.
All I can say this is Doc Searls in a full out Clue Train runaway. Gotta love it. Here's a sample:
First, we're readers, viewers, listeners and (most of all) customers, not just "consumers." As Jerry Michalski put it long ago, a consumer is nothing more than a gullet whose only purpose in life is to gulp products and crap cash. Economically speaking, "consumer," as the word is commonly used in the advertising business, is a linguistic fossil from the old industrial world where the only way big companies could reach potential customers was through media conduits that sluiced in one direction only, from the privileged few to the captive many. Except as the literal reciprocal of "producer," "consumer" no longer holds much useful meaning, except where the supply side of advertising talks amongst itself. Worse, using it is risky and misleading. It disses a whole side of the marketplace that grows in power every time one customer links to another one.
¶ 7:18 p.m.
According to Dave Winer, Microsoft's view on malware such as spyware is ultimately poisonous to the computing environment in which we pass our cyber lives. Like a lot of observers/participant's in the tech scene, I've had some negative views of Microsoft. I don't think we can blame this one on them however. When you have a de-regulatory ethos in place in government and the "common sense" answer to most business questions is said to be let business go, and we will all prosper, is it any surprise that the environment takes a hit. From Bhopal to Nimbda, it doesn't matter what your context is, business can NOT regulate itself or govern itself effectively without outside intervention.
It's the way the market works. The market pays attention to what it wants to, and not what citizens think it should. That's the role of regulatory agencies. This could be the Privacy Commissioner in Canada or the FTC in the U.S. Either way, without those interventions, forcing a level playing field at a higher level of ethical responsibility, the situation will go on. ¶ 5:09 p.m.
“Yet, the study also determined that 283 software patents not yet reviewed by the courts could potentially be used to support claims of infringement against Linux. To be clear, this is not a level of potential infringement greater than that of proprietary software; comparable proprietary software faces the same level of potential infringement.”
Note the careful wording of this comment. This is anti-FUD
¶ 6:32 p.m.
Digital Apoptosis: Red Globe: "Success is a matter of luck, ask any failure.
- Lazyboy"
Not only is the picture on this photoblog cool, but the quote is a winner.
¶ 5:11 p.m.
Compliance Pipeline | Regulatory Hand Extends To Smaller Companies: "In other words, just because you're small, don't assume you don't have to comply with federal, state, or local government regulations."
You can assume, however, that if the eye of the government turns to you with regard to your treatment of personally identifiable information you will feel like Frodo in Mordor if you haven't cleaned up your act and started treating your customer data appropriately.
¶ 5:09 p.m.
Schneier on Security: An Impressive Car Theft
If a professional wants what you have then the chances are that you will lose it. Precautions and security may prevent amateurs getting at you or your information, but they only add to the resale cost for the professional. The trick is to make the cost of getting what you have more than the value of the goods/information to the thief.
¶ 11:47 a.m.
The Globe and Mail: CIBC boss tells businessman he's sorry: "In recent days, people in Toronto, Vancouver and elsewhere have told The Globe of stray faxes they received containing information about customers of other banks -- Royal Bank of Canada, Toronto-Dominion Bank and Bank of Nova Scotia."
Sing along now,
It's the end of the fax as we know it,
It's the end of the fax as we know it,
It's the end of the fax as we know it, and I feel fine...
Sing to the the tune of REM's "It's the End of the World as We Know it"
¶ 9:40 a.m.
Washingtonian Online - Book Review: "Americans are perfectly happy to violate their own privacy, and those of strangers, as long as they have an illusion of control over the conditions under which the violation occurs."
From the review, sounds like a book that I should read.
¶ 8:45 a.m.
Psychology Today: A Nation of Wimps: "Although error and experimentation are the true mothers of success, parents are taking pains to remove failure from the equation."
It's amazing any prior generation got out of life alive.
¶ 4:46 p.m.
InfoWorld: Bootstrapping the semantic Web: December 03, 2004: By Jon Udell : APPLICATIONS: "It's tempting to draw parallels between the careers of Albert Einstein and Tim Berners-Lee. Both men made world-transforming breakthroughs and then pursued even grander visions. Einstein, of course, never found the unified theory he sought for three decades. A lot of people think Berners-Lee's vision of a semantic Web will prove equally elusive. "
This sounds pretty interesting. The reason that I named this blog Webistemology, other than that play on words, was to reinforce the idea in my head that the Web provides on filters. Heck, that's why I can publish like this. So how do we know what we know about the web? A semanticly self-aware Web connected as suggested here?
¶ 4:35 p.m.
Privacy shocker: "Skinhead Daniel Sims has in his U.S. jail cell the SIN numbers of staff of the Edmonton law firm that sued him after he beat former broadcaster Keith Rutherford so badly he lost an eye. The SIN numbers - including that of high-profile Edmonton lawyer Tom Engel - are included in a 1,000-page immigration file Sims obtained this week from American authorities as he battles deportation back to Canada."
This make case for Danny Weitzner's Open Internet Policy even more interesting.
¶ 3:48 p.m.
ITBusiness.ca: "Craig Pike, Paradigm's system technician, said the Personal Information Protection and Electronic Documents Act (PIPEDA) forced his company to take security more seriously."
Jennifer Stoddart has got to like that interpretation. The Federal Commissioner's only 'punitive' power is the power to publish names. This interpretation suggests that a Well Founded finding by the Office of the Privacy Commissioner would act in support of a civil suit.<\p>
¶ 11:53 a.m.
Privacy-U.S.,: "'Most people don't care about privacy. It's the media that makes it a big hype.' "
It will be interesting to see if a business model built on this premise will work. And be interesting I mean of course scary and Orwellian.
¶ 10:24 p.m.
Can Exposing Personal Info Preserve Privacy?
This article summarizes an interesting approach to privacy put forward by Danny Weitzner. The approach is Openness as a Privacy Protection Strategy, and is an interesting take, to say the least. My reading of this is that he argues that since privacy by obscurity or security is no longer feasible, it makes for better protection of privacy to bring the data into the open, so that you can effectively control who has access to it and why. He says, "This is the transparency paradox: Amid the explosion of the collection of personal information, privacy protection requires that we embrace the transparency of information systems in order to ensure that information is used properly. Giving people a window into the information collected about them, and control over its use, can help put the transparent enterprise on the right side of privacy protection."
¶ 11:55 a.m.
www.PrivacyInfo.ca: "The Canadian Privacy Commissioner has issued her first decision involving spam. Although not yet publicly available, Professor Geist was the complainant and has posted the well-founded decision. The decision includes a determination that business email addresses constitute personal information and are not covered by the business information exception. It also concludes that the use of email addresses for secondary purposes (such as marketing) found on publicly available directories do not qualify under the publicly available exception found in the law. Finally, the decision confirmed the requirement to respect an opt-out request."
I have very little doubt that this will be challenged in some manner by those of a marketing bent.
¶ 12:27 a.m.
This bit is from Scheier on Security. You've got to respect someone who values substance over form like this.
Schneier on Security: Airline Security and the TSA: "4. I think airline passenger screening is inane. It's invasive, expensive, time-consuming, and doesn't make us safer. I think that civil disobedience is a perfectly reasonable reaction."
¶ 5:28 p.m.
Wired News: Spyware on My Machine? So What?: "IMesh, maker of a popular file-sharing application, recently began bundling an application called Marketscore. Some would view Marketscore as a privacy nightmare: The program routes all of a user's web traffic through Marketscore's own servers, where it is then analyzed to 'create research reports on internet trends and e-commerce activities,' according to Marketscore.
Even data entered on secure websites -- such as passwords, credit card numbers and bank account numbers, information that is supposed to be viewable only by the sender and the intended recipient -- is accessible to Marketscore, since the company has developed a method that allows it to view encrypted information.
But some users of iMesh didn't seem to be troubled by the actions of Marketscore. Users at iMesh forums chided those who complained, posting messages stating that 'without spyware there's no such thing as free software.'"
The issue is choice. If consumers want the 'free' software, enabled by spyware and such, cool. Not too aware of the consequeces of identity theft and fraud, but their choice. The problem is that these sites and/or service usually only operate in a mandatory mode, so people have to choose the service or not....not cool. A better more responsible model is needed by companies offering these services.
¶ 9:30 a.m.
we make money not art: New technology could turn computer users into armchair spies
Cool AND Scary
¶ 12:05 p.m.
Wired News: How Long Is Your Digital Trail?: "The problem with Google, computers, the whole internet shebang is that it's all right there, all the time, even at 2 a.m. when your judgment is impaired by nostalgia and tiredness and maybe a glass of wine and a sentimental novel. " ¶ 11:58 a.m.
