Warning: include_once(/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php): failed to open stream: Permission denied in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304

Warning: include_once(): Failed opening '/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php' for inclusion (include_path='.:/usr/local/lib/php:/usr/local/php5/lib/pear') in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304
Privacy « The InfoSec Blog
The InfoSec Blog

UN privacy head slams ‘worse than scary’ UK surveillance bill

Posted by antonaylward

http://www.theregister.co.uk/2015/11/10/un_privacy_head_slams_uk_surveillance_bill/

Two points in this caught my attention.

Cannataci also argued forcefully that mass surveillance was not the way to
handle the threat from terrorism and pointed to a report by the Dutch
intelligence services that argues that point. "To get real terrorists, you have
to go for good old-fashioned infiltration," he argued, wishing that the security
services would spend less money on computers and more on real people who go out
and get real, actionable intelligence on what people are up to. "It's time to be
realistic and actually examine what evidence shows."

Where have I heard that before?
Oh, wait:

If you think technology can solve your security problems, then you don't
understand the problems and you don't understand the technology
-- Bruce Schneier

Essentially what he's saying is summed up by another Schneier quote:

People often represent the weakest link in the security chain and are
chronically responsible for the failure of security systems
-- Bruce Schneier, Secrets and Lies

A Ralph Nader for the 21st Century?

Posted by antonaylward

http://www.chron.com/disp/story.mpl/business/steffy/6666406.html

[...]

Hanni, who lives in California, is the founder of the Coalition for an
Airline Passengers Bill of Rights, the group that's spearheading efforts
in Congress to prevent airlines from imprisoning passengers on delayed
flights.

In a lawsuit filed in Houston Tuesday, she claims that Delta Air
Lines was behind the hacking, accusing the world's largest carrier
of conspiracy and invasion of privacy.

Hanni believes Delta wants to crush her attempts to force better
customer service on the airline industry, which has fought mightily
to ensure it can treat passengers shabbily.

Perhaps this isn't on the same scale as cars that are designed to explode and kill the passengers, but the model is the same. Can we see Hanni standing for the Presidency in a couple of decades? No, seriously, there does seem to be some skulduggery here that impacts privacy.

Irony

Posted by Anton Aylward

Headline: FTC attorney's laptops stolen
http://www.presstelegram.com/business/ci_3969575

The government agency charged with fighting identity theft said Thursday it had lost two government laptops containing sensitive personal data, the latest in a series of breaches encompassing millions of people.

Can you spell "Irony"?
This goes a bit beyond the bare-faced incompetence that we've grown used to
and come to treat as the new security baseline at the government.

And here's another chunk of Irony:

Many of the people whose data were compromised were being investigated for possible fraud and
identity theft, said Joel Winston, associate director of the FTC's Division of Privacy and Identity Theft Protection.

But what caught my attention in this article was the following:

On Thursday, a House panel was cautioned that credit monitoring alone may not be enough to protect Americans whose names, birth dates and Social Security numbers were compromised at the hands of the government.

During the House hearing Thursday, Mike Cook, a co-founder of a company specializing in data breaches, said identity-theft victims typically don't become aware they've been hurt until six months after their data was stolen, when creditors come calling for money owed.

At that point, it's likely the thieves will have moved on having made just a few purchases so they don't attract notice and started using another victim's information.

As a result, a credit monitoring service would raise a red flag after it was too late, Cook said.

So what's the real use of this credit monitoring that the companies are handing out in the aftermath of privacy failures if its not going to protect you? "Oh, you've had your bank account emptied, your house sold, and your wife has received a divorce notice. And by the way, your credit is non existent but that may be due compute hackers...."

 

Enhanced by Zemanta