Australia dumps National ID

no-to-id.jpg

Opponents of Australia’s controversial Access Card received an early Christmas present earlier this month when the incoming Rudd Labor Government finally axed the controversial ID program. Had it been implemented, the Access Card program would have required Australians to present the smart card anytime they dealt with certain federal departments, including Medicare, Centrelink, the Child Support Agency, or Veterans’ Affairs. (“Australia’s controversial national ID program hits the dumpster,” Ars Technica)

Congratulations to the people of Australia. Now let’s hope the UK and US pick up on a winning trend.

Picture by Drewsta.

“Security Vulnerability Research & Defense”

My co-workers in SWI have a new blog up, “Security Vulnerability Research & Defense.” They’re planning to…well, I’ll let them speak for themselves:

…share more in-depth technical information about vulnerabilities serviced by MSRC security updates and ways you can protect your organization from security vulnerabilities…

The two posts below are examples of the type of information we’ll be posting. We expect to post every “patch Tuesday” with technical information about the vulnerabilities being fixed. During our vulnerability research, we discover a lot of interesting technical information. We’re going to share as much of that information as possible here because we believe that helping you understand vulnerabilities, workarounds, and mitigations will help you more effectively secure your organization.

I’m excited. I see the good work that the team does in understanding vulnerabilities, and I’m glad that we’re sharing more of it.

Emergent Privacy Reporting

On December 19th, Denebola, the student run newspaper of Newton South High School, broke the news that video cameras had been secretly installed in their school. Not only were students and parents not notified of the cameras but apparently neither were any of the teachers. From the student article:

According to Salzer, only he, Superintendent Jeff Young, Director of Public Facilities Mike Cronin, and a small security team were aware of the cameras. They did not inform faculty members, and the Newton Fire and Police Departments are not involved in their operations.

Boston.com is reporting that the school committee and the teachers union are asking why there weren’t contacted or involved in this discussion.

Newton Teachers Association (NTA) President Cheryl Turgel is unsure whether the cameras violate teacher contract agreements or faculty privacy rights. The Newton Public Schools did not warn the NTA prior to the camera installation of their decision. While Turgel is not necessarily opposed to the Newton Public Schools using surveillance cameras to deter vandalism, she feels that the NTA should have warned of the installation.

While the Boston.com article ignores the issue of student privacy, the student paper does not:

Staff Attorney for the American Civil Liberties Union Foundation of Massachusetts Sarah Wunsch notes that, while the legalities of putting surveillance cameras in schools without notifying the public is a rather gray area, South’s installation is “at the very least, an awful thing to do.”

The one saving grace is that the cameras are not yet operational, apparently due to a software problem. When fully operational, the principal will be able to access the previous 31 days of footage on any of the cameras. I really hope (and seriously doubt) that a proper security audit has been done on this system to ensure that other people won’t be able to remote access this footage.

Aaron Burr and Compulsory Key Disclosure

Orin Kerr has a fascinating tidbit at Volokh, “Encryption, the Fifth Ammendment, and Aaron Burr:

Following my posts last week on encryption and the Fifth Amendment, a few readers asked about how courts have dealt with such issues before. As far as I know, there is only one other judicial decision specifically addressing the Fifth Amendment implications of decrypting ciphertext. Remarkably, it arose 200 years ago, in the treason trial of former Vice-President Aaron Burr.

Merry Christmas, Dr. Hansen!

A surgeon who allegedly took a photo of a patient’s penis during an operation at a US hospital is no longer working there, it has been announced. Dr Adam Hansen, of Arizona’s Mayo Clinic Hospital, is accused of taking the snap while conducting gallbladder surgery earlier in December. (BBC, “US ‘penis photo doctor’ loses job.”)

For a doctor to violate patient confidentiality like this is a stunning lapse of judgement. If he did what he’s accused of, I hope the impact on his career lasts as long as the impact on his patient.

Oh, I tried, but couldn’t find an appropriate picture to go with this post.

Evan Schuman: TJX gets the BB gun

daisy.jpg
Not much naughtier than other retailers:

I’d say yes to coal for most of the major retailers for dropping the ball on security. Bigger chunks of coal need to go to state legislators and the U.S. House and Senate for failing to pass any laws protecting consumer data (although Minnesota got quite close). But to TJX? I’d give it a pass.
TJX theorized—correctly—that any breach wouldn’t cause any impact on sales, as consumers (protected by the card brands’ zero-liability deals) would stand by it. With that regrettable fact out there, it would have been extremely difficult for TJX to have justified spending much more than it did.

eWeek, 2007-12-24
“Justified” in the last quoted sentence means “justified to shareholders”.
There’s gotta be a dissertation out there about herd behavior in the face of the inability to measure the effect of behaviors on outcomes. It explains way more than I wish it did about infosec resource allocation decisions.
Pic via The Daisy Museum (in downtown Rogers, Arkansas).

Guinness is Good For You, but don’t tell anyone

guinness.jpg

A pint of the black stuff a day may work as well as an aspirin to prevent heart clots that raise the risk of heart attacks.

Drinking lager does not yield the same benefits, experts from University of Wisconsin told a conference in the US.

The researchers told a meeting of the American Heart Association in Orlando, Florida, that the most benefit they saw was from 24 fluid ounces of Guinness – just over a pint – taken at mealtimes.

They believe that “antioxidant compounds” in the Guinness, similar to those found in certain fruits and vegetables, are responsible for the health benefits because they slow down the deposit of harmful cholesterol on the artery walls.

Even though it’s true, companies are scared of making health claims for booze. “Draft legislation could outlaw any health claims in adverts for alcohol in Europe, [a spokeswoman for Brewing Research International] said.”

It’s sad when the ability to make true statements is suppressed because ‘authorities’ worry that people are too dumb to listen to a bunch of statements and make up their own minds.

All quotes from the BBC, “Guinness good for you – official

“There’s supposed to be a Mars-shattering Ka-boom!”

mars-impact.jpg

Here at Emergent Chaos, we’re big fans of large objects hitting other large objects at high speed. Which is why it’s important to tell you that 2007-WD5 is a 50 meter asteroid that’s set to pass within 48,000 kilometers of Mars next month.

“We estimate such impacts occur on Mars every thousand years or so,” said Steve Chesley, a scientist at JPL. “If 2007 WD5 were to thump Mars on Jan. 30, we calculate it would hit at about 30,000 miles per hour and might create a crater more than half-a-mile wide.” The Mars Rover Opportunity is exploring a crater approximately this size right now. (JPL press release.)

More details about the orbit at the JPL small-body datatbase. Story via VOA news.