Laptop theft

The Register has been on Ernst & Young’s case. The latest Exclusive! talks about a laptop stolen in early January, and how we now know it had info on BP employees, along with those from IBM and others.
The article also observes that:

It’s difficult to obtain an exact figure on how many people have been affected by Ernst & Young’s security lapse given that it won’t say anything on the subject.

The number, as we reported 10 days ago, is 84,000.
The figure was reported to the New York State Consumer Protection Board by E&Y on February 10, 2006.
The laptop contained, according to E&Y’s report to New York officials:

files relating to a number of Ernst & Young corporate clients, and that these files contained various personal information relating to employees of those clients. [Ernst & Young] also determined that the laptop contained a separate file with the names and Social Security numbers of individuals for whom Ernst & Young provided services.

That letter goes on to explain that E&Y is working with their corporate clients to notify the relevant individuals impacted by the disclosure of the corporate files, and is itself notifying the individuals whose information was in the other file.
This may explain why, in an earlier report to NY’s Consumer Protection Board, AG’s office, and the Office of Cyber Security and Critical Infrastructure Coordination, Goldman Sachs described a loss of info by E&Y which exposed info on about 9000 Goldman employees and dependents. It seems that this loss was due to the same laptop theft.
IANAL, so I can’t say whether the legal responsibility to notify those potentially affected lies with E&Y’s corporate clients or with E&Y. Perhaps the shortage of information on this has something to do with that aspect of this particular incident.

I’m Sure I Don’t Want to Continue

are-you-sure-you-want-an-alternative.jpg
When I try to drop files in the Trash, the Finder gives me this awful[1] dialog box. I really don’t want to delete files immediately, and am not sure why it wants to. Does anyone know what I do to fix this?

[1] It’s awful for two reasons: First, it gives me no advice on what’s causing this, or what I can do to fix it, and second, it uses “OK/Cancel,” rather than “Delete/Keep/Adjust Trash Settings.”

[Update: Ok, its not awful. It’s comprehensible, but not up to Apple’s usual standards. Also, according to “Prevent local files from being deleted immediately” on MaxOSXHints, if you delete ~/.Trash, this can happen. I seem to recall using the command ‘srm -rf ~/.Trash/’ yesterday, and could it’s conceivable that I forgot the trailing slash. Now while it makes perfect sense that ‘rm foo’ and ‘rm foo/’ are different, its an odd interaction between the UNIX side of OSX and the pretty bits.]

You can’t buy publicity like this!

UCSB has a project to digitize wax cylinder recordings. They have thousands cataloged, with the majority downloadable as mp3s. It’s awesome.
Naturally, I wanted to see what software they used. Being archivists, they of course go into great detail, including this gem:

We’d like to use this space as a soapbox to say that Cleaner XL is one of the worst pieces of software we’ve ever used, with numerous bugs, a bad interface, and constant crashes.

Honesty like this is delightful to see.

Sprint “Security”

sprint.jpg
So the other day, I called up Sprint, my illustrious cell phone provider, to make some changes to my service plan. The very nice agent asked me to identify myself with either the last 4 digits of my SSN or my password. Now, I’ve never set up a password for use over the phone and I said to myself (self I said) “they couldn’t possibly mean the password I use on their website.” so I told the agent the lat 4 digits of my SSN. He then proceeded to actually tell me the password that I had set on their website. So remember folks, if you ever want more information on a sprint customer, all you need is their cell phone number and the last four digits of their SSN. Sprint will helpfully provide your password in return. Oh and you don’t even need to forge caller-id since they don’t seem to care what number you call from.
[Edit: fixed broken link to SSN-Finder, thanks Tim]

Many Meanings of Privacy

privacy.jpgI regularly talk about how privacy has many meanings, but haven’t put those in a blog posting. Since this blog has more readers than most of my talks have attendees, I figure it’s a sensible thing to blog about. The point of this list is to illustrate the dramatically different things people mean when they say privacy. (Incidentally, this leads to much angst.) So here’s a partial list. I’ll start with some traditional meanings:

  • Lots of land with trees and shrubbery
  • Curtains & Venetian Blinds
  • Unlisted Phone #s
  • Swiss bank accounts
  • Nudity
  • Gut feelings

Some more modern meanings that people use today:

  • Spam, telemarketers
  • ID theft, CC theft
  • Cookies
  • Total Information Awareness
  • CAPPS II
  • Do Not Call lists
  • Abortion

What cryptographers mean:

  • Unobservability
  • Untracability
  • Cryptography
  • Blinding

What privacy policy experts might mean:

  • Fair Information Practices and Data Protection Laws
  • Right to be left alone
  • Data shadows
  • Informational self-determination
  • “Lie and get away with it”
  • “The Presentation of Self In Everyday Life”
  • “The Unwanted Gaze”
  • “No Place to Hide”
  • “The Digital Person”

These many meanings lead to a lot of misunderstandings. You might also enjoy browsing the photos people have tagged “privacy” on Flickr. Since I value your privacy, I’d love to hear your suggestions for more.

Oh, I’m using privacy in the informational self-determination sense, and asking you to make a choice about exposing your thoughts (in the sense of “Privacy and Social Freedom.”) Wasn’t that obvious?

Finally, the photo titled “‘The pride of youth is in strength and beauty, the pride of old age is in discretion.’ Democritus” is by -ViDa-.

[Update: Having read this, I discovered the bottom bit of Dan Solove’s blog post, “A Taxonomy of Privacy.” I hadn’t read to the bottom, because I have the PDF sitting in my queue of things to read. So I was mortified to read:

I suggested that privacy must be understood contextually, and that it consists of a multitude of different yet related things. But I left open a very important question — just what are those different yet related things? My new article, A Taxonomy of Privacy, builds on this argument and provides a taxonomy of what these different yet related things are.

D’oh!

Breach notification escape mechanisms

In a somewhat incendiary piece published today at Securityfocus.com, Robert Lemos reports on loopholes in notification laws which permit firms to avoid informing people that their personal information has been revealed.

According to the article, which along with unnamed “security experts” also cites industry notable Avivah Levitan, “[t]here are three cases in which a company suffering a breach can bypass current notification laws”. First is if notification would impede an investigation by law enforcement, then:

If the stolen data includes identifiable information–such as debit card account numbers and PINs–but not the names of consumers, then a loophole in the law allows the company who failed to protect the data to also forego notification. Finally, if the database holding the personal information was encrypted but the encryption key was also stolen, then the company responsible for the data can again withhold its warning.

Not quite. At least one state has a law that closes the quoted loopholes.

New York’s law says the following:

1                                ARTICLE 39-F
2       NOTIFICATION OF UNAUTHORIZED ACQUISITION OF PRIVATE INFORMATION
3    SECTION  899-AA.  NOTIFICATION; PERSON WITHOUT VALID AUTHORIZATION HAS
4  ACQUIRED PRIVATE INFORMATION.
5    S  899-AA.  NOTIFICATION;  PERSON  WITHOUT  VALID  AUTHORIZATION   HAS
6  ACQUIRED  PRIVATE INFORMATION. 1. AS USED IN THIS SECTION, THE FOLLOWING
7  TERMS SHALL HAVE THE FOLLOWING MEANINGS:
8    (A) "PERSONAL INFORMATION" SHALL MEAN  ANY  INFORMATION  CONCERNING  A
9  NATURAL  PERSON  WHICH, BECAUSE OF NAME, NUMBER, PERSONAL MARK, OR OTHER
10  IDENTIFIER, CAN BE USED TO IDENTIFY SUCH NATURAL PERSON;
11    (B) "PRIVATE INFORMATION" SHALL MEAN PERSONAL  INFORMATION  CONSISTING
12  OF  ANY INFORMATION IN COMBINATION WITH ANY ONE OR MORE OF THE FOLLOWING
13  DATA ELEMENTS, WHEN EITHER THE PERSONAL INFORMATION OR THE DATA  ELEMENT
14  IS NOT ENCRYPTED, OR ENCRYPTED WITH AN ENCRYPTION KEY THAT HAS ALSO BEEN
15  ACQUIRED:
16    (1) SOCIAL SECURITY NUMBER;
17    (2)  DRIVER`S LICENSE NUMBER OR NON-DRIVER IDENTIFICATION CARD NUMBER;
18  OR
19    (3) ACCOUNT NUMBER, CREDIT OR DEBIT CARD NUMBER, IN  COMBINATION  WITH
20  ANY  REQUIRED  SECURITY CODE, ACCESS CODE, OR PASSWORD THAT WOULD PERMIT
21  ACCESS TO AN INDIVIDUAL`S FINANCIAL ACCOUNT;

As can be readily seen, the encryption loophole is decidedly not present. Moreover, disclosure of a person’s name and other private information is not necessary to trigger notification (although it is sufficient).

Inasmuch as this latest breach undoubtedly involves at least one New York State resident, it would appear to this layman that attempts to justify a failure to notify on either the “it was encrypted” or the “but they didn’t steal any names” loopholes are perilous at best.

If state breach legislation is not pre-empted at a national level, others would do well to study the example set by the Empire State.
(Updated to add specific mention of law-enforcement exception)

Government Issued Data and Privacy Law

drivers-license.jpgI’d like to say more about the issue of privacy law, and clarify a bit of jargon I often use. (Alex Hutton pointed out it was jargon in a comment on “There Outta be a Law“.)

As background, some people have objected to privacy laws as being at odds with the First Amendment guarantees of free speech. How can you pass a law that forbids people from talking about other people? One might respond, how can you pass a law that forbids libel suits against commercial entities that encourage reliance on their speech, while disclaiming liability for it? That response, however, seems to fall on deaf ears, and so I’d like to suggest another basis for privacy law which would be in harmony with free speech.

Absent government action, building an industrialized gossip business is hard. English common law long recognized the right to use any name you wanted, so long as the purpose wasn’t fraud. How to distinguish between all the Tim Mays in the database? Well, the government issues social security numbers. They tell people that your number is unique. They used to tell people it wasn’t for identification purposes.

Continue reading

Relentless Navel Gazing, Pt 9

I’ve made the text darker, and hope its a tad easier to read, and thanks to N, have finally added a closing quote to blockquotes:


blockquote {
background: url("http://www.emergentchaos.com/uq.png") no-repeat bottom right;
}

blockquote:before {
content: url("http://www.emergentchaos.com/q.png");
display: run-in ;
padding-right: 10px;}

The tricky part was to ensure that the closing quotation mark stayed within the quoted block. CSS “:after” puts the next element as a new block, which interacts with the styling of a blockquote, and causes the element to show up on the next line. So by using a ‘proper’ before, and a background in place of the ‘:after’ it looks the way I think it should.

[Update: :after is part of CSS2.1, so if you’re using an older browser, things may not display quite right.]

You Have Failed Me For the Last Time

failed-me-for-the-last-time.jpgChris,

I can’t believe you mentioned Snakes on a Plane, and failed to link to a blog called “I Find Your Lack of Faith Disturbing,” whose article, “Snakes on a Motherfucking Plane” is like the 3rd hit on Google. I mean, really! Its not like you had to look hard to find that. Do I have to do all the Star Wars blogging around here? If I do, I should really get off my duff.

(Photo from the 501st New England Garrison.)

Beautiful Evidence

beautiful_evidence.jpg

Edward Tufte’s new book, Beautiful Evidence, is now at the printer and should be available in May 2006.
The book is 214 pages, full color, hard cover, and at the usual elegant standards of Graphics Press.

(Thanks, Mr. X!)

Posted in art

Security & Orientation

36-views.jpgWhen Larry Ellison said “We have the security problem solved,” a lot of jaws dropped. A lot of people disagree strongly with that claim. (Ed Moyle has some good articles: “Oracle’s Hubris: Punishment is Coming,” “Oracle to World: ‘Security Mission Accomplished…’“) That level of dripping sarcasm is fairly widespread amongst the security experts I talk to, based on their technical evaluations of Oracle’s promises and delivery.

Dave Litchfield actually explained it to me. Let me say that again, because I’ve been told that David Litchfield isn’t liked in certain neighborhoods of Redwood Shores. I can’t understand why. David explained that Oracle is using “security” in a specific way, which is to say that they have certifications and processes that their customers care about. That Oracle is speaking to their customers at the executive level, not the security or technology level. The way they use security is just as correct as the way in which I use security, and means quite different things. [Updated for clarity.]

I should have seen this sooner. I’ve spoken extensively about how privacy has many meanings, and the same is true of security. I regularly discuss Boyd’s concept of orientation, and even have a category for it.

The picture? Suruga Bay, from Hiroshige’s 36 Views of Mt. Fuji.

St. Patrick would know what to do


The movie “Jaws” made a lot of money. People like money. Hence, people made derivative movies, “Orca” for example. One copycat, IMO, was so dreadfully bad that it was good. That movie was “Grizzly“, which I saw on its first run. It told the tale of a rogue bear which, you know, basically roamed around and devoured campers and other hapless humans.
Well, grizzlies are probably hard to train. Even if they aren’t, they probably are costly to feed. That’s why the economy-minded folks behind this particular film didn’t bother showing a full shot of a bear until at least halfway into the movie. Until that point, as one of my compadres in the theatre put it, the mayhem seemed to be the work of a “flying paw”. Well, alot of things have changed since 1976, but the appetite and trainability of grizzly bears are probably not among them. That’s why, when you want to make a schlocky thriller, you go in another direction. Maybe you even combine two “can’t miss” genres, and even throw in a little star power.
Coming soon to a theatre near you — “Snakes on a Plane“. I can’t wait to see it.
Bear pic from University of Saskatchewan