CNET’s Police Blotter takes a closer look at whether police can copy data from handheld devices from anyone who’s been arrested.
Browsing Posts published in January, 2009
The House Democrats were supposed to be working on a $825 billion stimulus bill, but they just couldn’t keep their meddling hands out of it and managed to slip in net neutrality stipulations as well.
The House is trying to slip net neutrality in through the back door, while no one is looking. After all, are you going to vote against helping stimulate the economy? Having achieved this goal once before with the REAL-ID Act, they are planning to do their own thing again, citizens be damned.
The catch is that the federal largesse comes with Net neutrality strings attached. The Commerce Department must ensure that the recipients “adhere to” the Federal Communications Commission’s 2005 broadband policy statement (PDF)–which the FCC said at the time was advisory and “not enforceable,” and has become the subject of a lawsuit before a federal appeals court in Washington, D.C.
One interpretation of the “adhere to” requirement is that a company like AT&T, Verizon, or Comcast that takes “stimulus” dollars to deploy broadband in, say, Nebraska must abide by these rules nationwide. (It’s rather like the state of Nebraska demanding that a broadband provider filter out porn nationwide in exchange for a lucrative government contract.)
Except that is not what net neutrality is like. Net neutrality is about equal access for all. It guarantees free and equal competitive markets on the Internet. Blocking anything is completely against what net neutrality is.
In addition, recipients must operate broadband and high-speed wireless networks on an “open access basis.” The FCC, soon to be under Democratic control, is charged with deciding what that means. Congress didn’t see fit to include a definition.
We will now have a law on the books, whereby the definition of said law will be determined at a later date.
If the Internet is naturally neutral by design, why should we allow politicians to screw it up?
Family Minister Ursula von der Leyen announced that Germany will now have mandatory web filters to protect the children from pornography. The list of web sites will also be updated every day.
Despite new studies that confirm the Internet is less dangerous than going to school, this measure to block access to certain web sites was touted as being vital to preventing children from being harmed.
Again, this has come down to the issue of child pornography, which everyone except pedophiles, agrees should be banned. However, no one, including children, simply stumble upon child pornography sites. They have to be sought out.
You can read the article in German and in English.
Remember, it’s not really about child porn; it’s about control. Nothing good can come of this.
New proposals from the UK police aim to make anyone who has bought a rail ticket to have automatically consented to a search of themselves and their belongings.
Senior British Transport police officials told MPs today that they wanted to change the railways’ “conditions of carriage” to close a loophole that means officers using mobile knife-detecting arches at stations have no legal power to search someone who sets them off unless they have a reasonable suspicion that they are breaking the law.
Wait a minute. You have metal detectors at railway stations and when they are triggered, you don’t have the option of searching the person who set them off? Low paid airport security have more authority than the British transport police?
They can close the loophole by simply allowing anyone who sets the detector off to be searched. You don’t have to make a blanket search law.
Assistant Chief Constable Paul Crowther of British Transport police told the Commons home affairs select committee that, as the law stood, it often made more sense to search passengers who deliberately avoided going through the arches.
WTF? You can search people who avoid the arches, but not those who set them off? You don’t need an extra law to will focus on everyone. You need the idiots in charge to be fired and replaced with people who think logically.
The US General Accounting Office (GAO) has released its report [pdf] detailing how the IRS website is still vulnerable. Despite the fact that only three months have passed since the Treasury Inspector General for Tax Administration reached a similar conclusion, nothing has changed at the IRS.
The report shows that taxpayer and other sensitive data continues to remain dangerously underprotected at the IRS. According to the GAO, while the IRS has addressed 49 of 115 previously reported security issues, several critical areas remain vulnerable.
A lot of the issues are the result of a continued failure by the IRS to implement any agency-wide information security program or review risk assessments annually, the GAO said. As a result, the agency remains “particularly vulnerable” to insider threats and malicious attacks that could expose financial and taxpayer data.
The GAO pointed to specific security problems, including the following: Exposed usernames and passwords on an IRS contractor-maintained Web site; authenticated users on the IRS network with access to shared drives containing taxpayer information, performance appraisal data and sensitive data such as Social Security numbers for other IRS employees; financial information and account data that was transmitted in the clear from the IRS’s financial accounting system; inadequate logging of security events for Unix and Windows servers at a data center, and a similar lack of controls for logging changes to mainframe data sets at another data center; a failure to maintain or enforce a baseline configuration for a mainframe system, which supports the revenue accounting operation of record and other critical applications.
The webmaster should have been fired for not securing the website in the first place. Your personal information should never be part of the URL query string and secure sessions should always be monitored. It is only asking for trouble. As far as I’m concerned, you can’t call it hacking when you can simply change one digit in the URL string to get other people’s information. It’s called complete idiocy by the webmaster.
In a one-page response to the report, IRS Commissioner Douglas Shulman said data security and privacy are of “utmost importance” to the IRS, and he pledged that the agency would provide a “detailed corrective action plan” that addresses the concerns raised by the GAO.
Oh, it’s of the utmost importance, eh? And you’re going to make a detailed corrective action plan sometime soon and that will be implemented some time after that. Oh, that makes it okay then, because you’re “really” serious about fixing the problem.
While you’re at it, how about not giving people access to people’s private data that they can change or delete at will without any consequences to the employee?
We really shouldn’t be surprised at any of this. The contract work for securing databases, copier repair, computer maintenance, etc., is doled out to the company with the lowest bid for the job. If they can’t fix a copier, they probably can’t secure a network. Those that can, long ago took jobs in the private sector where they’re paid more.
