Don't Expect Privacy on the Web

If nothing else, an interesting primer on some of the capabilities of Google!...[JCW]

(0) comments

Science Blog

Internet companies can boost sales and build trust with online shoppers by providing clear and readily available privacy disclosures, according to a recent study.

(0) comments

TheStar.com

The revelation in June that 13 Toronto-area articling students collaborated via e-mail to cheat on their bar admissions course are just the latest example of how the e-mail messages we send to each other can come back to haunt us.

Comments on integrity seem almost superfluous here! [JCW]

(1) comments

CNN.comm

Thirty-five years after computer scientists at UCLA linked two bulky computers using a 15-foot gray cable, testing a new way to exchange data over networks, what would ultimately become the Internet remains a work in progress.

(0) comments

ITBusiness.ca

OTTAWA -- The best way for e-businesses to rebuild the public’s waning trust of online transactions is to comply with Canada’s new privacy rules, says Jennifer Stoddart, privacy commissioner of Canada.

Stoddart went before
a conference in Ottawa Wednesday to champion the federal government’s Personal Information Protection and Electronic Documents Act (PIPEDA) as a piece of legislation that will improve the bottom lines of those in the e-commerce industry.

(0) comments

TheStar.com

It sounds like something out of a science fiction thriller but police investigators will soon be able to examine their crime scenes by manipulating realistic three-dimensional computer models that can be displayed on a laptop within minutes of police arriving at a crime scene. The models can be used to measure and document everything in the scene and transmitted to other investigators. And they can be viewed, months or years later, by people who never visited the scene, such as forensic experts, judges and juries.

Investigators who've seen demonstrations of this technology said it could allow them to process crime scenes more completely and quickly with less risk of contaminating the evidence. But they emphasized that the accuracy and reliability of the computer models must be proven before they'll be accepted as evidence in court.

(0) comments

Mail and Guardian Online

Australian scientists are using the collective intelligence found in insect swarms to develop the next generation of hi-tech military hardware.

The goal is to develop swarms of small, expendable unmanned vehicles that can carry out missions in ground, sea and aerial environments too dangerous for humans.

[T]he scientists are using insect swarms as a template because they show great versatility and adaptability in nature -- swarms can overcome problems they encounter in the wild even though the insects do not have the individual intelligence to come up with a solution.

[...]

(0) comments

itWorldCanada

The first half of this year has proven to be one of the worst in recent memory for malicious code distribution. According to Symantec Corp.%2C the first half of 2004 saw 26 category three and four malicious code warnings compared to just 16 for all of 2003.

[CLB: Good listing of viruses and trojans in 2004 to date.]

(0) comments

SecurityFocus

[...]

More importantly, do we, as individuals, recognize the true value of our personal information simply as personal information? Sure, most people understand why distributing their credit card information, or ATM PIN, or Social Security number is a bad idea, but do they understand that their most basic personal information now has an inherent value?

We've reached the point where information has an integral value of its own. Do governments acknowledge this modified nature of information? Does the commercial world? Do the individuals themselves understand that their own information is valuable for no other reason than that it is their information?

(1) comments

Submission of the Office of the Privacy Commissioner of Canada - USA PATRIOT Act - Privacy Commissioner of Canada

(0) comments

ThinkSecurityFirst.net

[clb: April is proclaimed Think Security First month in Walnut Creek, setting an example for other communities and municipalities. There are great resources here to get you started locally!]

(0) comments

Globetechnology

Corporations, governments, universities and others will spend an estimated $8.6-billion (U.S.) on nanotechnology research and development in 2004, and the private sector will account for a bigger proportion of the total.

Spending on nanotech research will more than double from the estimated $3-billion level level of 2003, according to an annual state of the industry report from Lux Research, a consulting company that studies the industry.

[...]

(0) comments

eSecurity Planet

The saga of the first Trojan Horse for Symbian smartphones took a twist worthy of Homer's epic poem the Iliad today, as it has become apparent that the perpetrator was the developer of the infected game itself, Ojum Software.

According to anti-virus company F-Secure, Ojum placed the Trojan in the game Mosquito as a clever form of copy protection. So if a ''cracked'' or illegal version of the game was developed or Mosquito was played on an unregistered smartphone, the Trojan dialed a specific number silently in the background, sending an SMS message notifying Ojum.

While the Trojan dialer worked as planned, as a cracked version of the game sent SMS messages to the company, it backfired too, as it appears a number of legitimate users were affected. Since Ojum picked a premium number for its Trojan to dial, even some of its customers ended up with large fees.

[CLB: A self-inflicted bad security measure affects clients.]

(0) comments

IT World Canada

[...]

Transparency is a laudable aim. But there are limits. Zingerman's, an internationally renowned thriving food business, practices open-book management. Employees at every level are invited to participate and give input to department and organizational meetings. Financials are wholly revealed. There is an exception: salaries remain private. Staff are curious, of course. But people are also curious about all manner of things: fires, wrecks celebrity tattletales. Some things — compensation, medical records and personal histories — can and should remain private.

There is an old saying that character is what you do when no one is looking. Perhaps we need to proclaim that saying and adapt it to modern management: "character is managing without anyone around." Actually, there is such a phrase for this: transparent leadership, the act of putting the needs and concerns of people first so the whole organization prospers. That ideal is often not possible, but it is something good to strive for. Because when it does occur, no one ever asks, "What were they thinking?" Indeed!

(0) comments

BankInfoSecurity.com

Before Y2K, information security was rarely discussed in bank board meetings. Today, evaluating directors' and officers' knowledge and supervision of a bank's information security program is a key component of an information security bank exam.

The importance of information security (IS) in the banking industry has grown tremendously over the last five years due to a combination of factors. These include regulatory requirements mandating information protection, the growth of electronic banking and the increasing number of individuals (employees, customers and third parties) with access to enterprise data. In the banking industry, the catalyst for developing formal information security risk management programs was the Gramm-Leach Bliley Act's section 501B, which requires financial institutions to implement an information security program that can ensure the integrity, security and confidentiality of customer information. More recent legislation, such as the California Senate Bill 1386 and the Sarbanes-Oxley Act, has reinforced the need for strong security controls around customer and financial information.

These laws have led to greater alignment between information security programs and business objectives. Risk assessments and reporting are conducted quarterly and reports are more meaningful to business units. In addition to greater alignment with business priorities, these laws are allowing information security departments to spend a greater percentage of the IT budget to automate risk monitoring and to implement new security controls as needed.

(0) comments

The Toronto Star

After months of denying any wrongdoing, Andre Ouellet, Canada's highest-paid political appointee, has resigned amid allegations of mismanagement and misspending contained in an audit of Canada Post.

Ouellet, 65, informed Revenue Minister John McCallum yesterday by fax of his immediate resignation, which McCallum accepted.

His resignation came after an audit found Ouellet, who made $400,000 a year in salary and bonuses, had a questionable role in hiring practices, meddled in the awarding of some contracts, and had $2 million in travel and hospitality expenses over the past eight years.

In his letter to McCallum, Ouellet said he is 'retiring.'

He said he believed many Canadians were satisfied with his explanations of the audit findings released July 29.

'Unfortunately there are still many, including the majority of the members of Parliament who will never accept them,' he wrote.

(0) comments

Globetechnology

Outsourcing firms depend on the trust of their partners and have every incentive to maintain the security and confidentiality of the personal information entrusted to them.

In other words, integrity sells...

(0) comments

Wired 12.08
By Benoit Mandelbrot, father of fractal geometry
By any measure, the late 1990s was a time of extraordinary growth and prosperity in much of the world - and yet, the global financial system still managed to lurch through six crises: Mexico in 1995; Thailand, Indonesia, and South Korea in 1997 and 1998; Russia in 1998; and Brazil from 1998 to 1999. The Indonesian crisis was especially severe: The country's quarterly real GDP plummeted 18.9 percent, and its currency fell into a hole 526 percent deep. Each of these upheavals spread to most parts of the globe, destabilizing currencies, knocking gaping holes in bank balance sheets and, in many cases, causing a wave of bankruptcies. The fact that each country recovered and the global economy roared on again is testament not to good financial management but to good luck.

Fortunately, bankers and regulators now realize the system is flawed. The world's central banks have been pushing for more sophisticated risk models - but what they need is one that takes into account long-term dependency, or the tendency of bad news to come in waves. A bank that weathers one crisis may not survive a second or a third. I thus urge the regulators, now drafting the New Basel Capital Accord, to regulate global bank reserves, to encourage the study and adoption of more-realistic risk models. If they do not, the number of crises will just keep growing.

[...]

(0) comments

HBS Working Knowledge

The many corporate scandals of the past two years have highlighted the importance of effective corporate governance. Cases that are by now notorious, such as Enron, WorldCom, Tyco, and Healthsouth, provided vivid examples of how companies and investors can be hurt when boards of directors do not do their jobs well. How can we improve board performance? One main way is by reducing the extent to which boards are now insulated from, and unaccountable to, shareholders. We need to rethink the arrangements that determine the current power of the board vis-à-vis shareholders.

[...]

summary of article's key recommendations

• the presence and role of independent directors: directors who do not have substantial connections with the company or its executives other than through their directorship
  
• pending stock-exchange rules and governance reforms would require that nomination and compensation committees be composed of independent directors
  
• make directors not merely independent of corporate insiders, but also at least somewhat dependent on shareholders
  
• vide a meaningful safety valve that shareholders could use to replace directors who fail to serve them well
  
• firms include in proxy materials distributed to all voting shareholders the names of directors nominated by qualified shareholders (or groups of shareholders) who satisfy minimum ownership requirements
  
• require or encourage firms to have all directors stand for election together could contribute significantly to shareholder wealth
  
• take away the board's existing veto power over changes to the company's governance arrangements
  
• eliminate legal rules that insulate management from shareholder intervention
  

[CLB: Do you agree these recommendations would further governance goals?]

(0) comments

Atlantic Journal-Constitution

Continuing the reform of corporate governance, the Securities and Exchange Commission has taken up a hot-button issue: whether to give shareholders a bigger say in who sits on boards of directors. The agency would allow shareholders to nominate directors, with several restrictions.

Historically, the choice of corporate directors has been a take-it-or-leave-it proposition. Companies put director candidates up for election at annual meetings; shareholders either vote for the candidates or declare they want to withhold their votes. The alternative for shareholders who want to replace directors is a costly proxy fight.

[...]

Grundfest suggests a method of continuing embarrassment for companies and directors if a nominee fails to win a specific level of support from shareholders. That, he thinks, would motivate companies to negotiate with shareholders over director nominees.

(0) comments

Ganthead

[...] While IT cannot prevent collusion amongst a small set of executives to plunder corporate resources, it can establish a platform to validate the accuracy of a company's number. Reporting is all about data and the accuracy of that data is what integrity is all about. Since IT systems play an active role in capturing, processing and retention of data, IT plays a significant role in establishing data integrity.

Most systems today have very little data integrity. We have mainly considered just two dimensions during systems development:

cost and

delivery.

The third dimension that is critical to establishing data integrity is proper data controls or the ability to ensure what you actually captured or processed is correct. Proper data controls that must be established include:

the verification that the data that you captured from a user is actually correct

the confirmation that your input and output records match up during systems processing

and validation that no one tampered with your data en route from one source to another.

Data that is reported and used in critical business decisions originates somewhere and thus it is crucial that data capture controls are properly implemented. For example, in a warranty system, when a dealer enters in reimbursements for warranty items, we must ensure that they do not enter values that exceed the possible range of values or enter in fraudulent warranty claims. There must be logic in the application to ensure that only valid claims are processed and that users are immediately notified when incorrect information is entered.

Similarly, when data is moved across the Internet, it is possible that someone may tamper with the data if proper controls are not placed on the data. This may compromise the integrity of that data. Consider the case of a subsidiary of a corporation that is on a separate network that must transmit data to a parent via the Internet. If this data is extremely sensitive, there is the potential that the data could be intercepted and altered by malicious individuals. In cases where the data is paramount to corporate integrity, companies should consider sending sensitive data via a virtual private network (VPN) or utilizing encryption techniques to mask the data.

Perhaps the data controls that are most important in the business intelligence world are the ones around data processing. In many of the business intelligence efforts that I've seen, very little emphasis is applied to validating the cleanliness and accuracy of processing. Let's start with data cleanliness. It's true that if data input controls were robustly implemented that data cleanliness would not be an issue. The truth is that data still comes in with junk values and must be dealt with appropriately in business intelligence systems.

Proper controls must be in place to ensure that improper records and values are filtered out before entering the data warehouse. Additionally, these improper records must be tracked and accounted for as part of the data verification process. For example, if 10 records out of 100 are excluded due to improper values, this must be tracked in the audit log and accounted for. The second piece of data processing controls are controls to ensure that the processing of data happened properly. In order to preserve integrity, we must track if input records were actually processed properly. This includes reporting and monitoring around record input counts and record output counts. Input/output verification can be performed either through hash token verification or simply counting input and output records. This goes for algorithm validation as well. Your data processing algorithms must be working properly, and controls are needed to validate this. By implementing controls during the data processing process, you can confirm that your results are right and thereby provide a structure for data integrity.

In the data world, ensuring that the data gets captured, processed and reported is only a small piece of the puzzle. You must ensure that those results are right and can be validated by proper controls. By building effective data controls into your design that is commensurate with the sensitivity of the data you are handling, people will have more trust in your data and therefore in the integrity of the results that you present.

__posted by Carolyn L Burke @ 9:16 a.m.
subscribe to Integrity

(0) comments

TheStar.com - Casino bets big on space flight

The Toronto entry in an international space flight competition will go nose cone to nose cone with an American competitor in an attempt to win the Ansari X Prize this fall.

The da Vinci Project, flush with a new primary sponsor, says it will make the first of two required flights over the prairie sky of Kindersley, Sask., Oct. 2. The craft will be launching within days of the Sept. 29 flight of the leading X Prize contender, the well-financed and tested American SpaceShipOne.

'We want to win the X Prize. We've got a very good shot at winning the X Prize. We are determined to win the X Prize,' said da Vinci team leader Brian Feeney at a jammed news conference yesterday at the Downsview Park hangar where the Wild Fire Mk VI is being built.

'But the most important thing is that we compete for the X Prize.' [CLB: Exactly.]

There's far more than bragging rights at stake. The first past the post -- making two successful flights to a height of 100 kilometres within two weeks while carrying a specified payload -- will pocket $10 million (U.S.)."

(0) comments

Newswise

There are as many lessons to learn from Enron, World Com, Adelphia and Parmalat as there are from a 14th century ledger and other historical treasures housed at the National Library of the Accounting Profession at Ole Miss, delegates said.

On Wednesday, Eugene Flegm, the former auditor of General Motors Corp., bemoaned the lack of rear end-kickers in the accounting profession. Accountants should not be afraid to stand up to the pressure from CEOs looking to exaggerate profits to impress stockholders.

According to Flegm, a number of factors in modern accounting practices created the conditions for a "perfect storm," in which the scandals of the past three years were nearly inevitable. A lack of business ethics, a congressional misunderstanding of the role of the Securities and Exchange Commission, pressure from company boards of directors, and poor internal controls all contributed to a bad environment, Flegm said.

Most of all, Flegm said, public accounting became a commodity, and accounting firms became financially dependent on the companies for whom they should have been watchdogs.

(0) comments

Northwestern University

A month before the fall of the Berlin Wall, 70,000 people gathered in the streets of Leipzig, East Germany, on Oct. 9, 1989, to demonstrate against the communist regime and demand democratic reforms. Clearly, no central authority planned this event; so how did all of these people decide to come together on that particular day?

A new study by researchers at Northwestern University sheds light on how individuals might obtain information about the decisions and preferences of other individuals with whom they do not have a relationship or even contact. The findings are published online this week (Aug. 2) by the Proceedings of the National Academy of Sciences (PNAS).

The Leipzig demonstration is an example of a complex system, the result of an evolving process. The common characteristic of complex systems, whether they be social or biological in nature, is that they display organization without any external organizing principle being applied.

[...]

(0) comments

The Industrial Physicist

Nanotechnology involves the creation and manipulation of complex structures on the scale of nanometers-- something organisms have done for about 3.8 billion years. Using DNA, RNA, and a huge variety of proteins, living cells build complex molecules and nanoscale organelles, and create nonliving materials, such as tooth enamel, with nanoscale structures. So it is logical for nanotechnologists to seek to duplicate organisms' own techniques to try to create new nanomachines from the bottom up.

Although biomimetic nanotechnology is in its infancy, with no applications yet reaching commercialization, the barriers in some cases lie mainly in scaling up production processes to industrial levels. In others, researchers must make significant basic breakthroughs to bridge the gap between laboratory experiments and usefulness.

---

Geckos can cling even to smooth surfaces when upside down because of capillary and van der Waals forces between the surface and densely packed 200-nm-wide keratin hairs on the soles of their feet (left). Fibers patterned with electron beam lithography from a plastic film (right) achieved an adhesion almost 30% as good. (Center for Mesoscience and Nanotechnology, University of Manchester, U.K.)

---

(0) comments

MediaPost Communications

Behavioral marketing is hot and here to stay, but there is a 'disconnect' between the way regulators think about privacy and the way business thinks of privacy, according to D. Reed Freeman, chief privacy officer, vice president-legislative and regulatory affairs, Claria Corp. Addressing attendees at the Jupiter Advertising Forum on Thursday, Freeman argued that -- while behavioral marketing is 'wildly effective' in increasing the value of publishers' properties -- online publishers, third party vendors, and others should expect more enforcement because consumers are complaining about the lack of clear disclosure in the use of personal and non-personal data.

'There are two Americas,' Freeman quipped, in reference to a phrase used often in speeches by Democratic Vice Presidential candidate John Edwards. 'There's government and there's business.' And where issues regarding who owns consumer data arise, the government cares about who has the information whether it's publishers, businesses, or third- parties. Freeman set out the legal and regulatory framework of pertinent issues where behavioral marketing is concerned.

Freeman said there are three types of tracking that the government cares about: tracking of site users by Web site publishers; tracking by third-parties, vendors, and consultants; and tracking of consumers by third-parties that have relationships only with those consumers, not Web sites. 'The government thinks you can't just bury things in a privacy policy,' Freeman said. 'If a consumer would be surprised, it needs to be lifted from a privacy policy.' Policies and procedures must be 'clear and conspicuous' and not hidden; they must be unavoidable before a consumer hits the button.

[...]

(0) comments

CNN

It's called the security freeze, and it lets individuals block access to their credit reports until they personally unlock the files by contacting the credit bureaus and providing a PIN code.

The process is a bit of a hassle, and the credit-reporting industry believes it complicates things unnecessarily.

But it appears to be one of the few ways to virtually guarantee that a fraudster cannot open an account in your name.

[...]

(0) comments

Ottawa Business Journal

[...] the Internet- and phone-based system allows employees of the Ottawa software firm [Cognos] to voice any concerns they might have about potential fraud, abuse, misconduct or other ethical violations in the workplace, including accounting-related concerns over misreporting.

[...]"There are checks and balances within the system to ensure that only those pre-authorized people who logically (deal) with those kinds of scenarios would see the (employee) reports."

The reasons for the system were two-fold. First, the effort fell in line with Cognos' new code of business conduct launched last year. Second, the system responded to the stringent financial reporting regulations within the Sarbanes-Oxley Act, or SOX.

(0) comments