Friday, October 05, 2007

Non-profit has major security lapse: where was the Firewall?; health care info security

On Friday, October 5, 2007. Joe Stephens has an article in The Washington Post, business, p. D4, “Nature Conservancy Says Spyware Compromised Employee Data.” An employer in Human Resources in Arlington, VA reportedly visited a sports website on a work computer, which got infected with spyware, and soon the organization discovered that the personal information of over 14,000 persons was being exported.

What seems unclear is that the sports website itself was compromised (that wouldn’t normally happen), and why the organization’s security procedures and software (Firewall and virus scan) did not prevent the compromise. McAfee, for example, also offers a Site Advisor that might have caught this problem. Many other organizations have lost data because of poor physical security (missing laptops or disks); it needs to be explained in cases like this one why security software suites did not work properly. But companies and employers can be as vulnerable as individuals.

A much more positive story appears on p D1 of the same paper. Catherine Rampell has a story, “Your Health Data Plugged In to the Web: Microsoft Promises Privacy on New Portal.”

Microsoft (as well as Google and AOL) are working on projects (HealthVault from Microsoft; “Revolution Health” from Google down the road) to automate health care information, and allow patients and health care providers to maintain patient care information on secure websites. The main area where systems development and growth are needed seems to be secure automation of medical records feeds (as with XML). There a specific legal requirements from HIPAA (Health Insurance Portability and Accountability Act) that would have to be met. But the innovation could be important in controlling health care costs, and such a system could be as safe as the clumsier manual paper system.

Thursday, October 04, 2007

RIAA wins copyright lawsuit against Minnesota woman for P2P file-sharing

The Minneapolis Star Tribune reports tonight (Thurs. Oct 4, 2007) that a civil trial jury in Duluth found for the plaintiffs in a suit brought by the RIAA against a woman for illegally downloading and copying 24 songs. She was ordered to pay the six companies $9250 per song.

What is disturbing is that the woman, while admitting that she was a user on Kazaa and had used a particular screenname for P2P sharing, claimed that a hacker was impersonating by spoofing her during the downloads in question. So far, media reports don’t seem to support the technical likelihood that this really could have happened, but the idea that it could happen is frightening. In December a woman in Arizona was convicted of crimes apparently done by her kids on her home computer without her knowledge (this blog).

The Star Tribune story is by Larry Oakes and it is titled: Brainerd woman guilty in Internet music sharing: Duluth jury ordered Brainerd defendant to pay $222,000 for violating song copyrights. The link is here.
Wired News has a particularly detailed blog about this case here:

This appears to be one of the first major RIAA cases to go to trial rather than settlement upon complaint and demand.

Message board comments (on AOL) from musicians indicate that it is illegal to share tabs or transcriptions of copyrighted songs for specific instruments.

Monday, October 01, 2007

Washington Times offers insert on teen cyber safety

Today, Monday October 1, 2007, The Washington Times included a special insert on cybersecurity. The green cover reads “Celebrate Crime Prevention Month,” from NCPC, the National Crime Prevention Council. The cover also has the banner, “Delete Cyberbullying” which is viewed as a significant problem among middle and particularly high school students. “Don’t write it! Don’t forward it.” Words can really hurt.

The magazine insert goes over the usual advice on Internet safety for teens. One of the most common recommendations is that families keep home computers in a “public” area of the home. That certain sounds right until kids are mature enough. But once a high school kid is able to be trusted to work alone on his computer, he or she can certainly advance on academic work. Search engines can be a perfectly legitimate help in doing homework, especially when looking for more objective information in math and science. Public schools often duplicate a lot of lesson information in printed handouts in order to reduce the need for computer use for basic lessons.

The other big area is what kids post online. Students feel that the world is competitive, and social networking sites can add to the perception of social competition. Students may also want the limelight, when what they want to post may have no real public value. This is not to disparage the fact that some teens really have created legitimate, even revolutionary businesses on the web. Even so, innocuous information (such as home address, land telephone number, even school identification, names of parents and siblings, personal whereabouts) could jeopardize personal security or even that of family members or classmates. It seems that the “rule of thumb” is, if you want to be famous, you have to earn the right to be famous in a legitimate way. But that itself is pretty loaded.

It does seem to me that social networking companies, because they emphasize using the web for social and business interaction and contact (as a "Web 2.0" experience) rather just as a "publishing" too (as I conceived the Web in the late 1990s with the COPA litigation), have helped create an atmosphere where other people (and employers) take what is said on the Web in a conversational, rather than literary, context. That makes what teens post on the Web a more sensitive matter as to how it could affect their futures -- jobs, college or graduate school admissions.

Earlier (April 2007), I did a review of a book by Susan Lipkins on teen and school hazing here.