In late February and early March, around 100 cars in and around Austin, Texas either would not start or would not stop honking. This was apparently caused by 20 year old hacker, Omar Ramos-Lopez, who remotely triggered the vehicle immobilization system installed by dealership Texas Auto Center.
Apparently the dealership installed the GPS-enabled devices so that cars can be immobilized and repossessed when a customer fails to make scheduled payments.… More
In a notice apparently posted March 17, 2010, the Office of Civic Rights of the Department of Health and Human Services (“OCR”) acknowledged its delay in issuing regulations for HIPAA business associate agreements. Those regulations are now a month overdue and from OCR’s language, they do not appear imminent:
OCR will implement important privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act through notice and comment rulemaking,… More
Today, the Internet Crime Complaint Center (IC3), a federal organization run as a partnership between the FBI and National White Collar Crime Center, released its 2009 Internet Crime Report (.pdf). Highlights include:
LifeLock, Inc., a self-proclaimed “industry leader in the rapidly growing field of identity theft protection” has agreed to pay $11 million to the Federal Trade Commission and $1 million to a group of 35 state attorneys general to settle charges that Lifelock falsely promoted its identity theft protection services. Lifelock publicized its services through advertisements that publicly disclosed its CEO’s Social Security number. As part of the settlement,… More
This week the Incident of the Week title decisively goes to the Israeli soldier who updated his status on Facebook to identify the secret military raid on a town in the West Bank. His status apparently read: “On Wednesday we clean up Qatanah, and on Thursday, god willing, we come home” and provided the exact time of the raid. After detecting the clear breach of OPSEC,… More
Last week, lawyers from Microsoft issued a demand under the Digital Millennium Copyright Act (DMCA) seeking the removal of leaked copies of Microsoft’s “Global Criminal Compliance Handbook” that pulled website Cryptome.org from the Internet, at least temporarily. The DMCA provides copyright owners with the ability to request that internet service providers remove infringing materials from websites. Microsoft’s DMCA demand to Cryptome’s service provider, Network Solutions,… More
The February 27 issue of The Economist has an excellent special report, "Data, data everywhere: A special report on managing information." It features a series of articles on the volume of information that is overtaking business and society, and the means by which business and governments are responding. More
At the end of February, the HHS Office of Civil Rights (“OCR”) posted on its website a list of HIPAA “covered entities” that have reported breaches of unsecured health information affecting more than 500 individuals. OCR’s posting showed 35 health data breaches that impacted over 700,000 individuals (with individual breaches ranging in size from 359,000 individuals, due to the theft of a laptop to 501 individuals impacted by the theft of a portable USB device). … More
In the past several days, three important information privacy and security deadlines have arrived. To recap, they are: