Tifatul Sembiring Causes Disasters

Padung-earthquake.jpgThe BBC reports that “Indonesia minister says immorality causes disasters:”

A government minister has blamed Indonesia’s recent string of natural disasters on people’s immorality. Communication and Information Minister Tifatul Sembiring said that there were many television programmes that destroyed morals. Therefore, the minister said, natural disasters would continue to occur.

His comments came as he addressed a prayer meeting on Friday in Padang, Sumatra, which was hit by a powerful earthquake in late September. He also hit out at rising decadence – proven, he said, by the availability of Indonesia-made pornographic DVDs in local markets – and called for tougher laws.

Now, you might think I’m just being snarky, but the opportunities that are open to a communication and information minister include communicating about earthquake or tidal wave safety, or how to cope afterwards. If Sembring is sharing his bizzaro ideas that a lack of morals causes people’s homes to collapse, then he is clearly putting his energy into the wrong message. He should be encouraging people to learn first aid, to have a small disaster kit, etc.

But to the extent that he’s delivering morality over engineering, preparedness, and response, he’s turning natural events into worse disasters.

Earthquake photo part of the Padang earthquake set by dapiiiiit

An advance in the “balance” between security and privacy

Today on Thanksgiving, I’m thankful that the European Parliament has adopted what may be the first useful statement about the balance between security and privacy since Franklin:

“… stresses that the EU is rooted in the principle of freedom. Security, in support of freedom, must be pursued through the rule of law and subject to fundamental rights obligations. The balance between security and freedom is to be seen in that perspective”

Thanks to Ralf Bendrath and @privacyint for pointing it out.

Links: An area of freedom, security and justice serving the citizen – Stockholm programme
Luigi Berlinguer
, and Ammendment 70: 23.11.2009 B7-0155/70 (or html)

Deny thy father and refuse thy gene sequence?

There’s a fascinating article in the NYTimes magazine, “Who Knew I Was Not the Father?” It’s all the impact of cheap paternity testing on conceptions of fatherhood. Men now have a cheap and easy way to discovering that children they thought were theirs really carry someone else’s genes.

This raises the question, what is fatherhood? Is it the genes or the relationship? There’s obviously elements of both, but perhaps there’s a rule in here: adding identity to a system makes the system more brittle.

Jail Time For ID Fraud

This past Friday, Baltimore resident, Michelle Courtney Johnson, was sentenced to 18 months in jail and a $200K fine for theft and use of PHI.

According to her plea agreement and court documents, from August 2005 to April 2007, Johnson provided a conspirator with names, Social Security numbers and other identifying information of more than 100 current and former patients of Johns Hopkins. That information was used to apply for credit.

It’s good to see more prosecutions and convictions for ID fraud. Hopefully this trend will continue.

Connecticut Attorney General On The March

It’s been a bad couple of weeks for residents of Connecticut and their personal health information. First Blue Cross Blue Shield had a laptop stolen with enough PHI that over 800K doctors were notified that their patients were at risk, including almost 19K in Connecticut.

Connecticut’s attorney general said Monday that he’s investigating insurer Blue Cross Blue Shield’s loss of confidential information about health care providers, which was on an employee’s stolen laptop computer.
Richard Blumenthal said Monday that the company and its affiliates may have broken state law by losing the information and taking too long to notify doctors.

And if that wasn’t enough, Health Net lost Information for 450,000 Connecticut residents.

Blumenthal said he’s “outraged” that the company never told customers or police and only told the AG on Wednesday.
Blumenthal is investigating and demanding that Health Net provide consumers with at least two years of identity theft protection, identity theft insurance, reimbursement for credit freezes and credit monitoring for at least two years for all 446,000 consumers.

I wonder how many other State AGs are investigating Health Net at this point. There were a total of 1.5 million records lost at least count.
At bare minimum Arizona’s AG is also investigating.

Health Net officials said they were not able to determine which information was on the disk, so they investigated and learned the information was saved in an image format that cannot be read without special software.

So anyone have any clue what this supposed image format is? And what makes them think that someone who was smart enough to grab that drive wasn’t smart enough to grab a copy of the software? Assuming of course that wasn’t just all in pdf…

Poker Faced?

poker-cheat.jpgIn “An Unstoppable Force Meets…” Haseeb writes about “we have just witnessed a monumental event in the history of online poker – the entrance of Isildur into our world of online poker.” Huh? Really? The post is jargon packed, and I’m not a poker player, but apparently this Isildur character has slaughtered all the best online players in the world by being “hyperaggro:”

About a week later I was sitting at tables without any action when Isildur showed up at one of my 25/50 NL tables. I was bored and willing to play anything, so when he offered to play 6 tables (although usually I max out at 4), I decided to take him up on his offer and play a serious NLHE HU match for the first time in a long while. As the match progressed, all of what I’d heard about him being hyperaggro and barrelly checked out, but as I watched the lines he took to bluff, valuebet, and the way he reacted to my betting patterns, he seemed uncannily perceptive. Nevertheless, within the first hour or so I had won about 30k and was feeling pretty confident. He sat out on all of the tables and I assumed that the match was over and was about to check out. But about a minute later he said “brb,” and so I decided to wait for him and continue the match.

One idea, seems obvious to me, is that Isildur is collaborating with the servers to know what everyone’s cards are. Maybe the server operators are involved, maybe not.

Either way, the post is an entertaining read.

Untitled photo by allfangs and elbows

UK Confused About Piracy

According to BoingBoing, “Leaked UK government plan to create “Pirate Finder General” with power to appoint militias, create laws:”

What that means is that an unelected official would have the power to do anything without Parliamentary oversight or debate, provided it was done in the name of protecting copyright. Mandelson elaborates on this, giving three reasons for his proposal:

1. The Secretary of State would get the power to create new remedies for online infringements (for example, he could create jail terms for file-sharing, or create a “three-strikes” plan that costs entire families their internet access if any member stands accused of infringement)

2. The Secretary of State would get the power to create procedures to “confer rights” for the purposes of protecting rightsholders from online infringement. (for example, record labels and movie studios can be given investigative and enforcement powers that allow them to compel ISPs, libraries, companies and schools to turn over personal information about Internet users, and to order those companies to disconnect users, remove websites, block URLs, etc)

However, the Pirate Finder General will have no authority to find or engage actual pirates. Once again, all rise for a rousing two minutes on clear language.


[Update: There is now a petition against the proposed law at petitions.number10.gov.uk.]

FTC Delays Red Flags Enforcement Yet Again

I missed this when it hit the newswires two weeks ago, but the FTC has delayed enforcement of the Red Flags Rule. This change was in response to the American Bar Association successfully suing the FTC and being granted an injunction to prevent the Red Flags Rule being applied to lawyers.
Similarly, the American Institute of CPAs (AICPA) is now also suing the FTC to also get injunctive relief from having to comply with the Red Flags Rule as well.

“We do not believe that there is any reasonably foreseeable risk of identity theft when CPA clients are billed for services rendered,” said AICPA president and CEO Barry Melancon in a statement. “As trusted advisors, CPAs are personally acquainted with their clients and already adhere to strict privacy requirements governing identifying information.”

The current AICP requirements are pretty much inline with most of the security requirements of the Red Flags Rule already. So really what the AICP is telling us is that they really care about our privacy but they can’t be bothered to monitor their own systems for abuse or loss of our information. I guess they don’t really care after all.

Visual Notetaking

I’m a big fan of the book “Back of the Napkin” which is all about using pictures to help with problem solving. Yesterday, I was introduced to a related concept “visual notetaking” where you use images to support other notes you are taking during a meeting. I’m at a two day workshop and we have a professional notetaker who is using this. It really makes the notes much more powerful and useful then just text. Imagine having notes with visual cues to (including but not limited to network diagrams) help you remember what happened. I’m sitting here looking at the posters, the notetaker made in real time with our discussions and it’s amazing how much more useful they are.

“As far as I know, effective immediately”

Asked about the timing, the unbriefed propaganda minister mumbled: “As far as I know, effective immediately.” When that was reported on television, the Berliners were off. Baffled border guards who would have shot their “comrades” a week earlier let the crowd through—and a barrier that had divided the world was soon being gleefully dismantled. West Germany’s chancellor, Helmut Kohl, was so unready for history that he was out of the country.

The destruction of the Iron Curtain on November 9th 1989 is still the most remarkable political event of most people’s lifetimes: it set free millions of individuals and it brought to an end a global conflict that threatened nuclear annihilation. For liberals in the West, it still stands as a reminder both of what has been won since and what is still worth fighting for.

The Economist has two excellent articles about the wall. “So much gained, so much to lose” and “Walls in the mind.” They do a great job of capturing both the ups and downs of the chaos that has replaced the Politburo and its puppets.

It’s also worth remembering that it’s the 61st 71st anniversary of Kristalnacht.

Mini Metricon 4.5 Call for Participation

[Posting this here to help get the word out – Chris ]
Mini MetriCon 4.5 will be a one-day event, Monday, March 1, 2010, in San Francisco, California. Through the cooperation of RSA, the workshop will be held at the University of San Francisco, within walking distance of the Moscone Center, the location of the RSA Conference, to be held during the same week. Mini MetriCon attendees are eligible for free RSA exhibit passes.
Like its predecessors, Mini Metricon 4.5 is an informal workshop designed to facilitate exchange of new ideas as well as practical experience in using metrics to drive better security, compliance, and risk management. The day will be divided between open/moderated exchange and short presentations. Participants are expected to come prepared to actively interact as either presenters or active listeners (or both).
Place: University of San Francisco (walking distance to the Moscone Center)
Time: 8:30am to 4:30pm
Participation: by invitation.
Attendance: Limited to 80 people
Additional details, including links to past workshops, presentations, and digests, as well as a calendar with important dates and instructions for submitters is available at securitymetrics.org

Pay for your own dog food

At Microsoft, there’s a very long history of ‘eating your own dogfood’ or using the latest and greatest daily builds. Although today, people seem to use the term “self-host,” which seems evidence that they don’t do either.

Eating your own dogfood gives you a decent idea of when it starts to taste ok, which is to say, ready for customers to see in some preview form.

Apropos of which, there’s a really interesting post at the Inkling blog, “Pay for your own dog food:”

Using your own product comes with a ton of benefits, because you become your own customer. The quality of your product likely increases because you can’t ignore it’s problems. They aren’t just your customers problems. They are your problems.

We’ve gotten in the habit of actually taking out our own credit card and using it on our own account sign up page. Yes, it’s a bit silly when the credit card processing takes some money off the top. But it makes the feeling very real that you are paying for this, and now it’s an expense just like it’s going to be an expense for your clients.