UMass Amherst, Harvard experts say better systems needed for medical device cybersecurity | Science Codex

"Medical devices do a tremendous amount of good every day for many millions of people," says Daniel Chenok, chair of the U.S. National Institute of Standards and Technology's information security and privacy advisory board and vice president for technology strategy at IBM Global Business Services. He adds that the government needs to take steps to ensure that cybersecurity concerns don't make consumers think twice about whether a device is safe.

Earlier this year, Chenok wrote to Health and Human Services Secretary (HHS) Kathleen Sebelius that "lack of reported incidents also results from a lack of effective reporting mechanisms from clinical settings to the government about cybersecurity threats in medical devices." The point, he adds, is that "we really don't know what this cybersecurity problem looks like. What's the size of the issue, and how should the government best tackle it?"
UMass Amherst, Harvard experts say better systems needed for medical device cybersecurity | Science Codex:

'via Blog this'

Someone is profiling you as you surf the internet- How private is the click you just made?


Profiling is a humongous privacy issue especially when data-matching connects the profile of an individual with personally-identifiable statistics of the individual. Digital consumer intelligence is transforming the way companies design, market and manufacture their products and services (Febreze from P&G being the biggest instance of a product based on customer profiling).
There is a multitude of wrapper applications which redirect cookies and cache data to other locations. The process of profiling (also known as "tracking") accumulates and analyzes browsing habits, each attributable to a single initiating entity, in order to gain statistics (arrays of activity) involving the initiating entity. Some organizations participate in the profiling of user’s web browsing and collecting the URLs of sites visited for profiling their preferences. The consequential profiles can hypothetically link with data that personally classifies the individual who did the browsing, thus being useful for market analysis. The aggregate trend analysis does not infringe in privacy of individuals. The profiling of a single user does.
Kaiser Permanente, for instance, has about 3 million registered users on its portal where members plan appointments, share records with healthcare providers and receive apprises on appointments and prescription refills.
Online users are also migrating toward online financial management websites like Mint.com, which have a huge database of about 5 million registered users. The website is a single stop for banking, investments and credit data and analysis.

Online transactions are now seeing an advent of the concept of personal data lockers that store consumer information and can be linked to multiple retailers, banks and other businesses. For instance, when a buyer purchases a car: the purchase, registration and insurance will all be connected online to the personal data locker. The responsibility for data security and privacy will need to be shared by individuals and companies in the face of transactions moving to an online model. The Law that affirms privacy regulation for financial data is the Gramm-Leach-Bliley Act to allow institutions to participate and share consumer information amongst themselves. This law requires all concerned to have policies and procedures to ensure security and confidentiality of information that they store and use. The onus of allowing these institutions to share consumer information or not rests on the customer by an “Opt- Out” option. Thus, if a consumer has not explicitly opted out of information sharing; the information will be shared and used by default. However, GLB expects that the Financial Institution has to serve you three notices covering their Privacy Policy, the Right to Opt- Out and the safeguards deployed to prevent unauthorized access to the consumer information. 

Social Networks and Privacy


Social media is always a concern that is very poorly understood and executed by Organizations. The integration of social media with their marketing strategies by businesses and other organizations is going to continue to raise new privacy concerns. For instance, hospitals and physicians and other groups are promoting the use of social networking sites by physicians to help their patients. One of the companies who sell hospital systems had an authentication system linked to Facebook to provide access to the patient care system. This could be a disaster to manage if any of the users are not able to manage their personal privacy settings which are always a user purgative for a social networking site.
 Most social networks have good search capabilities which people use to find their friends or activities, information they might be interested in. This is a double edged sword. It is pertinent to be aware of privacy settings, especially when messages travel between different social networks (you might relay your Foursquare location to your public Twitter account), complicating the privacy parameters. Feeds you trust to share with friends and acquaintances have the power to profile you.
In 2007 when Facebook launched the Beacon program, user rental records were released on the public for friends to see. A lot of data collected by Yahoo! and MSN (Microsoft), have been posted online for trend and behavior analysis of its users too.
Google created "Buzz" which was attached to Gmail, and allowed for social networking among other users. EPIC (Electronic Privacy Information Center) filed a claim asserting "that Google engaged in unfair and deceptive trade practices by transforming its email service into a social networking service without offering users meaningful control over their information or opt-in consent." The FTC worked at establishing new privacy safeguards for users of Google products in October of 2011 which are effective March 2012. Google has recently issues a new set of Privacy Policy guideline which requires Google to obtain consent from their users before disclosing any information and also follow a comprehensive privacy program. Because of this case, Google now amalgamates all of its data files about users into one merged file from each Google service, instead of keeping distinct files for each Google service used by each user. 

How Private is your data? How is it used and propagated?


Privacy and data protection have become extremely important topics in the internet domain in the last few years. This has primarily been due to the fact that customer information stored and used has led to concerns about the
  1. a.     Manner in which this information is collected
  2. b.     Manner in which this information is analyzed to predict profiling and trends
  3. c.     Multiple fallouts of the propagation of private data across internet for use by corporations, governments and internet organizations.
  4. d.     Unprecedented evolution of technology and its usage in our environment
  5. e.     Incapacity of the Legal framework to keep up with and understand the technological advances


The year 2011 was a turning point for issues involving storage, repurposing, usage and propagation of information collected from the users of the internet. Information Security, privacy and compliance have become important issues for Governments, Corporations and individuals. 2011 saw companies like Facebook and Google battling over issues surrounding privacy policies to concerns over what information your mobile phone actually knows about you. However, technology keeps evolving, and privacy issues are sure to follow.


Privacy can involve Personally Identifying Information (PII) or non-PII information such as a user’s behavior on a website. Data about age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are distinctive enough to identify a definite person. The disclosure of IP addresses, non-personally-identifiable profiling, and similar data might become adequate exchanges for the accessibility that users could otherwise lose with the alternatives needed to suppress such details scrupulously.
The IP addresses passed with interactions through the Internet are no longer unique to a specific end-user device. Due to a shortage of IP addresses, some Internet Service Providers (ISP’s) are adopting a practice called Network Address Translation (NAT) to assign and manage IP addresses. When NAT is used, the IP address passed with a communication to its destination (and perhaps documented at the destination point) is different from the IP address that the ISP assigns to the consumer on the “private” side of its network. The public- facing IP address is therefore shared by many users. Therefore associating the public-facing IP address with the unique private address information that the service provider assigns to its users can be further complicating the situation.
An HTTP cookie is data stored on a user's computer that assists in programmed access to websites, or other information required in intricate web programs. Cookies are also used for user-tracking by storing singular web usage history data. The creation of cookies envisioned that only the website that distributed cookies to user  systems could retrieve them so that only data relevant to the usage of that site be collected.  In practice programmers can evade this constraint leading to:
·          inclusion of a personally-identifiable tag in a browser to facilitate web profiling of the user of that computer,  stealing information from the cookies by cross-site scripting or other techniques
Then there is the PIE (Persistent Identification Element). PIEs unlike cookies cannot be easily deleted or detected and can reinstate any deleted cookie. PIEs also hold a sufficient amount more data than a cookie can. These are used to transmit browsing habits on the go and make a user experience more personalized.

The information posted on the Internet is long-lasting. This includes comments written on blogs, pictures, and Internet sites, such as Facebook and Twitter. It is propagated into the cyberspace and once it is posted, anyone can discover it, read it, reuse it and propagate it.
The Privacy Act prohibits the disclosure of personal information, no matter how this information is gathered. The consumers’ control and knowledge applied to on the internet come under two categories- purchasing and surfing. The legal protection law for individual privacy in the United States has been passed fairly recently, and limits the protection of data. Data collection methods have raised concerns about consumer privacy. The FTC, in their efforts to ensure success, has developed principles that would protect consumers and the information they choose to display. The USA PATRIOT Act was put in to effect in reaction to the 9/11 Terrorist attacks. To prevent terrorism in the United States by keeping an eye on communication around the country, the Government felt that terrorism could be diminished. This Act gives the Government powers to disregard privacy concerns of the citizens in the face of national security concerns.
Electronic Communications Privacy Act (ECPA) lays the precincts for law enforcement having access to personal electronic communiqué and electronic records like emails, documents, pictures etc. With the immense growth in the use of computers, many people store copious data on servers that can be visible to many parties in the infrastructure business. The ECPA protects this material from being accessed by law administration. The exclusions to this law allows the ISP to view private e-mail if the sender is suspected of attempting to damage the internet system or attempting to harm another use,  the ISP can  reveal information from a message if the sender or recipient allows disclosure or in the event of a court order or law enforcement’s subpoena.
Most case law holds that employees do not have a reasonable expectation of privacy with respect to work related electronic communications. A federal court held that employees can affirm the existence of attorney-client privilege with respect to communications on company laptops.Courts have acknowledged that an employee has a right to privacy in his workplace computer. However, the Court also found that an employer can consent to any illegal searches and seizures. 
In the recent Google Spy case, where Google mobile cars were running software to collect personal data over unencrypted networks for analysis; the company was fined and asked to cease collecting, storing and using information that has not been directly provided to them with user consent. 

Eating into your own channel? | Reseller Middle East

Global technology corporations have seen share prices slump, salaries frozen, profits plummeting, downsizing of workforce, investment slashed and IPO’s abandoned.
Most global vendors demonstrated predictable behavior. They slashed expenditure, cut discretionary spending, lay off staff and consolidated their regional coverage.

Read more  at http://resellerme.com/speak-out/eating-into-your-own-channel/

Eating into your own channel? | Reseller Middle East:

'via Blog this'

Pages

SO WHEN DOES LIFE BEGIN ?

We have been fighting a religion defined definition of “ when did the life of a fetus begin”. It is a trap. The debate around this whole con...