What Does Rumsfeld Need to Do To Be Fired?

fire-rumsfeld.jpgLaw prof. Marty Lederman explains (in great detail) that “Army Confirms: Rumsfeld Authorized Criminal Conduct:”

On November 27, 2002, Pentagon General Counsel William Haynes, following discussions with Deputy Secretary Wolfowitz, General Myers, and Doug Feith, informed the Secretary of Defense that forced nudity and the use of the fear of dogs to induce stress were lawful techniques, and he recommended that they be approved for use at Guantanamo. (The lists of techniques to which Haynes was referring can be found in this memorandum.) On December 2, 2002, Secretary Rumsfeld approved those techniques for use at Guantanamo — and subsequently those techniques were used on detainee Mohammed al-Qahtani.

In other words, the Secretary of Defense authorized criminal conduct.

Loyalty to your subordinates should stop when they break the law. Its time for Rumsfeld to face charges for his actions.

(Image from SocialNetve.org.)

Security Breach Roundup

  • State of Ohio, 7.7 million registered voter SSNs, dismal process. From “Ohio Recalls Voter Registration CDs” via Dataloss.
  • Fifth Third Bank employee Marco Antonio Munoz, 74 pages of names of victims, dismal dependance on process, from “Internal theft of personal bank data rare,” in the Cadilac News. Someone’s PR department deserves a bonus for that headline. Via Canadian Privacy Law Blog.
  • University of Alaska Fairbanks, 38,941 SSNs, Hacker. From “Officials urge people to be on alert for fraud,” Fairbanks Daily News-Miner.
  • Hong Kong Police, 20,000 complainants, “private company.” From “Hong Kong: Former police complainants exposed on the Internet” (RISKS Digest summary of a Radio Australia story.)
  • Iron Mountain (again), 17,000 Long Island Railroad Employee SSNs, lost records. From “Personal Data of NY Transit Employees Lost,” via Dataloss. Interesting view into what happens when companies are given the choice of interpretation:

    [NY Police spokeswoman] Farello said the driver contacted authorities after noticing outside the Bronx VA hospital that the containers were missing.

    The company is treating that as “we misplaced them” rather than as theft. The New York Police are unspun, and are treating it as theft. Its good that the law doesn’t give the company discretion to be gullible on your behalf.

  • Lastly, not quite a breach, but apparently soccer fans are complaining (with good reason) about the amount of data being gathered on them by the Germans. Here I thought the Germans had good data protection laws. Maybe someone will investigate why all this data was collected? See “FIFA Criticizes Data Gathering At World Cup” at CSOOnline.

DoD Tricare Management Activity system, SSNs, credit card numbers, health info, 14K people

Via Army Times:

The Pentagon said routine monitoring of the Tricare Management Activity’s public servers on April 5 resulted in the discovery of an intrusion and that the personal records had been compromised, leaving open the possibility of identity theft among the members affected. The information contained in the files varied and investigators do not know what, if any, criminal intent the perpetrators had, or if the information would be misused.
Affected members were notified by mail earlier this month and the Defense Criminal Investigative Service has begun an investigation, defense officials said.

Tricare is the U.S. military health system. If you visit their web site, you find this:

If you received a notification letter regarding a potential compromise of your personal information and you have questions, please call 1-800 600-9332. Please do not call the Defense Criminal Investigative Service number referenced in the letter. We regret the inconvenience.

I believe the relevant acronym is SNAFU.

Big Brother Has Your Best Interests At Heart

big-brother.jpg
So pay no attention to the thoughtcriminals who are not bored, and their ridiculous propaganda documenting “Abuses of surveillance cameras.” We all know that cameras never lie, film can’t be edited or mis-interpreted, the police would never use cameras to look in your bedroom window, and that the videos taken will be strictly controlled. Those who try to convince you that the camera adds ten pounds are also those who think that there are abuses of surveillance cameras. Really, though, what is meant by abuse? It is the wrongful use of something. As we all know, the President has inherent Constitutional authority as Commander-in-Chief to take those actions he deems needed to protect all Americans and the freedoms we enjoy. As President he has inherent authority to watch your every move, and we are all thankful that he chooses to exercise these rights. Further, by creating the best-documented generation in history, he is providing countless current and future historians with an unparalleled look into how each of us goes about our day, keeping American Values in our hearts at all times.

Why anyone would think it an abuse of surveillance cameras to capture evidence of so-called “peaceful protesters” taking to the streets and supporting terrorists? Even if some of the evidence isn’t provided to defense counsel, the President deserves credit for allowing defense counsel at trials. Claims that these “edited” videos don’t present a “full picture” are clearly wrong. Each and every frame of a video is a full picture. Those full pictures, each and every one of them, is far more evidence than before Big Brother deployed cameras like this.

Won’t someone think of the children? Dedicated government employees like Brian J. Doyle spent hours reviewing videotape of children. In the future, cameras will prevent traitors like Doyle from approaching children, because they will fear the cameras. Of course, people like Doyle will know where the public cameras are, so there will be a second, secret set of cameras, so as to protect the children from abuse of surveillance cameras.

All this because Big Brother wants to spend your money to keep you safe. Don’t you feel safer already?

Live Free or Die: New Hampshire Rejects National ID

Be it Enacted by the Senate and House of Representatives in General Court convened:

Prohibition Against Participation in National Identification System. The general court finds that the public policy established by Congress in the Real ID Act of 2005, Public Law 109-13, is contrary and repugnant to Articles 1 through 10 of the New Hampshire constitution as well as Amendments 4 though 10 of the Constitution for the United States of America. Therefore, the state of New Hampshire shall not participate in a national identification card system; nor shall the department of safety amend the procedures for applying for a driver’s license under RSA 263 or an identification card under RSA 260:21

From Devvy Kidd, who has some good commentary, and also Privacy Law.

aetna insurance,38K customers, names+SSNs, health info, stolen laptop

Report via Reuters.
Aetna declined to to say where this occurred or which law-enforcement agency they are working with, but it looks like the employer whose folks just got their PII exposed was the US Department of Defense.
Stars and Stripes has the scuttlebutt from HQ:

The laptop was stolen from an employee’s personal car in a public parking lot. While Aetna has strict safeguards on such matters, “the employee did not follow all company policies in this instance,” Michener said. Michener refused to say whether any disciplinary action would be taken, saying it was a “personnel matter.”
A few thousand other Aetna customers also lost data, but they do not fall under DOD, Michener said.
The company is sending three letters: one for those whose information included their social security number, one for those whose information included health information, and one for those whose information contained both.

Purdue University, 1351 applicants+students, SSNs, “unauthorized electronic access”

“Unauthorized electronic access”. Not sure if that’s a poorly configured web server, or what.
Press release today.
Happened in February.
Notices sent at some unspecified time.
Indiana only requires state agencies to disclose breaches, the law isn’t in effect yet, and the legislative and judicial departments aren’t considered state agencies.
Quoth “Mark Smith, head and professor of the School of Electrical and Computer Engineering” [wording from Purdue's own press release]:

Removing Social Security numbers from all of the university’s business practices is an enormous and expensive process, but the university has mandated that every possible step be taken to solve this problem by the end of this calendar year.

Better late than never. Cue up the usual lecture about externalities.

Tony Chor on Presenting at MIX

Tony Chor has a good post on “Backstage at MIX06.” The effort that goes into a good presentation, including the practice, the extra machines, the people to keep them in sync, etc, is really impressive:

Normally, when I do a presentation and demo, both the demos and the presentation are on the same machine. I advance the slides and do the demo myself. Sometimes, for a big talk like my keynote at Hack-in-the-Box, we separate out the slides and demo onto separate machines (especially when the demos have pre-release bits like Windows Vista or IE7) and maybe I’ll have someone help me with the demos/slides to keep things running more smoothly.

Well, MIX took that to a whole new level. First, the demo machine was backstage, connected to a monitor, keyboard, and mouse via a switch. We also had a backup demo machine hooked up.