Archive for June, 2010

h1

SEO and legal experts point to Google Analytics privacy issues

June 28, 2010

SEO and privacy experts have raised questions about a feature in Google’s Analytics Dashboard that allows website operators to find information on individuals who have linked to their site through social media sites such as Facebook and Twitter.

The Google Analytics tool, highlighted by SEO expert and SmartCompany blogger Chris Thomas in his blog today, allows websites to track who has linked back to their site. While most of these links come from blogs and websites, a significant number now come from Facebook profiles where users have shared a link with their friends.

As a result, not only can websites identify the Facebook and Twitter profile names who have visited their site, they can identify the specific pages those users have linked. Additionally, websites can then potentially visit these Facebook or Twitter profiles and gather further information, including potentially personal details.

 Read More

Ready for a Private and Secure Online Workspace – GoSecure

h1

Senate Committee passes major cybersecurity legislation

June 28, 2010

A U.S. Senate committee on Thursday unanimously passed a controversial cybersecurity bill, which would grant the president emergency power over critical infrastructure networks, in addition to creating cybersecurity offices within the White House and U.S. Department of Homeland Security (DHS).

The Protecting Cyberspace as a National Asset Act of 2010 –

Among the many provisions included in the nearly 200-page bill is one that would allow the president to authorize emergency measures to protect public or private critical infrastructure in the event or imminent threat of a cyber vulnerability, according to a summary of the legislation. The bill would not authorize the use of any new surveillance mechanisms or allow the government to take control of private networks.

Critics of the bill say it will give the government too much power, particularly giving the president a so-called “kill switch” to shut down the internet.

Read More

Ready for a Private and Secure Online Workspace – GoSecure

h1

Quoted: On Google data-collecting probe

June 28, 2010

“If you leave your car unlocked on a street where there are known burglars and they steal your stuff, their defense can’t be you left your car unlocked. They clearly knew what they were doing was wrong.”

Rob Enderle, technology analyst, on Google Street View’s collection of private information from unsecured wireless networks, which the company says was inadvertent. Connecticut’s attorney general is leading a multi-state investigation into the legality of Google’s data collecting.

Ready for a Private and Secure Online Workspace – GoSecure

h1

Bureau of Industry and Security removed many encryption items from control

June 28, 2010

On June 25, 2010, the Bureau of Industry and Security published amendments to the encryption provisions of the Export Administration Regulations (EAR). These amendments remove many items from control as encryption items.  They also reduce or eliminate review and reporting requirements for many more items that remain controlled as encryption items.

See the summary of changes from the previous regulation or use the quick links to browse the relevant amended sections of the EAR.

Read More

Ready for a Private and Secure Online Workspace – GoSecure

h1

Electronic health record systems may pose risk for care providers

June 28, 2010

The promise of electronic health records (EHR) seems clear: The digital records of everything from prescriptions to CT scans could raise the quality and lower the cost of healthcare.

Fulfilling this promise is likely to become more urgent as healthcare reform brings 35 million more Americans into the health insurance fold, all needing care.

Some of us worry about the security and privacy of our electronic medical information. But what about the liability risks EHR systems pose to care providers?

Two Case Western Reserve University professors say potential software or hardware problems, as well as user errors, could make the systems liabilities.

“Plaintiffs whose alleged injuries are associated with EHR systems could sue healthcare providers for medical malpractice,” wrote Sharona Hoffman, professor of law and bioethics, and co-director of Case Western Reserve’s Law-Medicine Center, and her husband, Andy Podgurski, professor of computer science at the university’s School of Engineering, in their article E-Health Hazards: Provider Liability and Electronic Health Record System published in the Berkeley Technology Law Journal.

“Those who believe that their records were improperly disclosed to third parties could assert privacy violation claims,” Hoffman and Podgurski said in their paper. “In addition, providers accused of negligent EHR-system use could face disciplinary proceedings initiated by professional organizations, government enforcement actions, criminal prosecutions and other adverse consequences.”

Read More

Ready for a Private and Secure Online Workspace – GoSecure

h1

The Price of Secrecy – it is not free

June 28, 2010

Secrecy, it turns out, isn’t free. The government and industry spent nearly $10 billion last year to keep government secrets secret, according to the Information Security Oversight Office.

Nearly half of the 2009 costs went to securing the computer networks that store classified information. The cost of physically securing sensitive information, managing the data, and paying people to handle it each cost more than $1 billion.

The true spending on secrecy is likely much higher than $10 billion.

The reason: The amount they spend on classifying data is classified.

Read More

Ready for a Private and Secure Online Workspace – GoSecure

h1

Myths and Fallacies of “Personally Identifiable Information”

June 24, 2010

Personally Identifiable Information (PII) is found in two very different types of laws: data breach notification laws and information privacy laws. In data breach notification laws, the spirit of the term is to encompass information that could be used for identity theft. We have absolutely no issue with the sense in which PII is used in this category of laws.

On the other hand, in laws and regulations aimed at protecting consumer privacy, the intent is to compel data trustees who want to share or sell data to scrub “PII” in a way that prevents the possibility of re-identification.  This is essentially impossible to do in a foolproof way without losing the utility of the data. Furthermore, any non-trivial information can potentially be used for re-identification.

Read More

Ready for a Private and Secure Online Workspace – GoSecure