Deloitte Survey: Where There is Reward for Travel, There is Risk
Three-quarters (75 percent) of frequent travelers expect their loyalty program data to be secured to at least the same standard as a financial institution — but only 33 percent feel their accounts are secure enough, according to a new Deloitte study, “Loyalty data security: Are hospitality and travel companies managing the risks of their rewards programs?”
Few frequent travelers appear fully aware of the wider risks involved when loyalty data — including travel schedules and other personal data — is lost or stolen. Roughly one in seven (15 percent) are simply concerned that a breach would result in a loss of loyalty points, while the majority of travelers (76 percent) worry about the loss of credit card numbers.
New GAO Reports
Source: Government Accountability Office
1. Identity Theft: Additional Actions Could Help IRS Combat the Large, Evolving Threat of Refund Fraud. GAO-14-633,August 20.
Highlights – http://www.gao.gov/assets/670/665367.pdf
Podcast – http://www.gao.gov/multimedia/podcasts/665529
2. Oil and Gas Transportation: Department of Transportation Is Taking Actions to Address Rail Safety, but Additional Actions Are Needed to Improve Pipeline Safety. GAO-14-667, August 21.
Highlights – http://www.gao.gov/assets/670/665403.pdf
Podcast – http://www.gao.gov/multimedia/podcasts/665350
3. Patient Protection and Affordable Care Act: Procedures for Reporting Certain Financial Management Information Should Be Improved. GAO-14-697, September 22.
Highlights – http://www.gao.gov/assets/670/665984.pdf
4. Consumer Financial Protection Bureau: Some Privacy and Security Procedures for Data Collections Should Continue Being Enhanced. GAO-14-758, September 22.
Highlights – http://www.gao.gov/assets/670/666001.pdf
6. Army Corps of Engineers: The Corps Needs to Take Steps to Identify All Projects and Studies Eligible for Deauthorization. GAO-14-699, August 21.
Highlights – http://www.gao.gov/assets/670/665394.pdf
CRS — The Federal Trade Commission’s Regulation of Data Security Under Its Unfair or Deceptive Acts or Practices (UDAP) Authority (September 11, 2014)
The Federal Trade Commission’s Regulation of Data Security Under Its Unfair or Deceptive Acts or Practices (UDAP) Authority (PDF)
Source: Congressional Research Service (via Federation of American Scientists)
The Federal Trade Commission Act established the Federal Trade Commission (FTC or Commission) in 1914. The protection of consumers from anticompetitive, deceptive, or unfair business practices is at the core of the FTC’s mission. As part of that mission, the FTC has been at the forefront of the federal government’s efforts to protect sensitive consumer information from data breaches and regulate cybersecurity. As the number of data breaches has soared, so too have FTC investigations into lax data security practices. The FTC has not been delegated specific authority to regulate data security. Rather, the FTC has broad authority under Section 5 of the Federal Trade Commission Act (FTC Act) to prohibit unfair and deceptive acts or practices.
New From the GAO
Source: Government Accountability Office
1. Inspectors General: Improvements Needed in the Office of Inspector General’s Oversight of the Denali Commission. GAO-14-320, September 18.
Highlights – http://www.gao.gov/assets/670/665909.pdf
2. Secure Flight: TSA Should Take Additional Steps to Determine Program Effectiveness. GAO-14-531, September 9.
Highlights – http://www.gao.gov/assets/670/665677.pdf
3. Secure Flight: TSA Could Take Additional Steps to Strengthen Privacy Oversight Mechanisms. GAO-14-647, September 9.
Highlights – http://www.gao.gov/assets/670/665674.pdf
4. VA Health Care: Actions Needed to Address Higher-Than-Expected Demand for the Family Caregiver Program. GAO-14-675, September 18.
Highlights – http://www.gao.gov/assets/670/665929.pdf
5. Large Partnerships: With Growing Number of Partnerships, IRS Needs to Improve Audit Efficiency. GAO-14-732, September 18.
Highlights – http://www.gao.gov/assets/670/665887.pdf
6. Depot Maintenance: Accurate and Complete Data Needed to Meet DOD’s Core Capability Reporting Requirements. GAO-14-777, September 18.
Highlights – http://www.gao.gov/assets/670/665916.pdf
1. Healthcare.gov: Information Security and Privacy Controls Should Be Enhanced to Address Weaknesses, by Gregory C. Wilshusen, director, information security issues, before the House Committee on Oversight and Government Reform. GAO-14-871T, September 18.
Highlights – http://www.gao.gov/assets/670/665878.pdf
2. Secure Flight: Additional Actions Needed to Determine Program Effectiveness and Strengthen Privacy Oversight Mechanisms, by Jennifer Grover, acting director, homeland security and justice, before the Subcommittee on Transportation Security, House Committee on Homeland Security. GAO-14-796T, September 18.
1. GAO Names New Members to PCORI Methodology Committee. September 18.
1. Critical Infrastructure Protection: DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts. GAO-14-507, September 15.
Highlights – http://www.gao.gov/assets/670/665787.pdf
New From the GAO
Source: Government Accountability Office
1. 8(a) Subcontracting Limitations: Continued Noncompliance with Monitoring Requirements Signals Need for Regulatory Change. GAO-14-706, September 16.
Highlights – http://www.gao.gov/assets/670/665828.pdf
2. Health Insurance Exchanges: Coverage of Non-excepted Abortion Services by Qualified Health Plans. GAO-14-742R, September 15.
1. Land-Use Agreements: Department of Veterans Affairs Needs to Improve Data Reliability and Monitoring. GAO-14-501, August 18.
Highlights – http://www.gao.gov/assets/670/665331.pdf
2. Healthcare.gov: Actions Needed to Address Weaknesses in Information Security and Privacy Controls. GAO-14-730, September 17.
Highlights – http://www.gao.gov/assets/670/665841.pdf
3. Broadcast Television and Radio: Disclosure Requirements for Broadcasted Content. GAO-14-738, September 17.
Highlights – http://www.gao.gov/assets/670/665859.pdf
Statement for the Record
1. Individual Retirement Accounts: Preliminary Information on IRA Balances Accumulated as of 2011, by James R. McTigue, director, strategic issues, and Charles A. Jeszeck, director, education, workforce, and income security issues, to the Senate Committee on Finance. GAO-14-878T, September 16.
Highlights – http://www.gao.gov/assets/670/665805.pdf
1. Financial Stability Oversight Council: Status of Efforts to Improve Transparency, Accountability, and Collaboration, by A. Nicole Clowers, director, financial markets and community investment team, before the Subcommittee on Oversight and Investigations, House Committee on Financial Services. GAO-14-873T, September 17.
Highlights – http://www.gao.gov/assets/670/665852.pdf
The Check is in the Mail: Monetization of Craigslist Buyer Scams (PDF)
Source: George Mason University, Department of Computer Science
Nigerian or advance fee fraud scams continue to gain prevelance within the world of online classified advertisements. As law enforcement, user training, and website technologies improve to thwart known techniques, scammers continue to evolve their methods of targeting victims and monetizing their scam methods. As our understanding of the underground scammer community and their methods grows, we gain a greater insight about the critical points of disruption to interrupt the scammers ability to succeed. In this paper we extend on previous works about fake payment scams targeting Craigslist. To grow our understanding of scammer methods and how they monetize these scams, we utilize a data collection system posting ”honeypot advertisements” on Craigslist offering products for sale and interact with scammers gathering information on their payment methods. We then conduct an analysis of 75 days worth of data to better understand the scammer’s patterns, supporting agents, geolocations, and methods used to perpetuate fraudulent payments. Our analysis shows that 5 groups are responsible for over 50% of the scam payments received. These groups operate primarily out of Nigeria, but use the services of agents within the United States to facilitate the sending and receiving of payments and shipping of products to addresses both in Nigeria and the United States. This small number of scammer organizations combined with the necessity of support agents within the United States indicate areas for potential targeting and disruption of the key scammer groups.
Hat tip: ResearchBuzz
See also: Scambaiter: Understanding Targeted Nigerian Scams on Craigslist (PDF)
Your Right to Look Like an Ugly Criminal: Resolving the Circuit Split over Mug Shots and the Freedom of Information Act
Your Right to Look Like an Ugly Criminal: Resolving the Circuit Split over Mug Shots and the Freedom of Information Act (PDF)
Source: Vanderbilt Law Review
Mug shots occupy a seemingly indelible place in America n popular culture. Embarrassing booking photos of celebrities like Lindsay Lohan, Mel Gibson, and Robert Downey, Jr. are plastered on televisions and tabloids across the country. Local newspapers feature the most recent mug shots from the nearby jail, and mug shot websites are increasingly common. Perhaps our fascination with these images stems from the same impulse driving the popularity of reality television: seeing real people in bad situations makes us feel better about our own lives.
Regardless of why we find them appealing, mug shots play a major role in how the media report crime. Just last year, several news outlets covering the death of Trayvon Martin stirred up controversy by featuring an outdated mug shot of a younger, heavyset George Zimmerman in an orange jumpsuit, which some alleged was a calculated attempt to make him look more menacing.
Given the prevalence of these images, it is perhaps surprising that the federal government generally does not disseminate the mug shots in its possession. The Freedom of Information Act (“FOIA”) requires federal agencies to disclose certain records to the public. However, FOIA Exemption 7(C) permits agencies to deny requests for law enforcement records when releasing them might violate someone’s personal privacy.
When federal agencies refuse to disclose mug shots, members of the news media occasionally challenge them in court. Three federal appellate courts have considered whether mug shots qualify for nondisclosure under Exemption 7(C). The Sixth Circuit concluded that mug shots must be disclosed, but the Eleventh and Tenth Circuits recently disagreed, creating a circuit split.