Archive

Archive for the ‘privacy and security’ Category

Deloitte Survey: Where There is Reward for Travel, There is Risk

September 23, 2014 Comments off

Deloitte Survey: Where There is Reward for Travel, There is Risk
Source: Deloitte

Three-quarters (75 percent) of frequent travelers expect their loyalty program data to be secured to at least the same standard as a financial institution — but only 33 percent feel their accounts are secure enough, according to a new Deloitte study, “Loyalty data security: Are hospitality and travel companies managing the risks of their rewards programs?”

Few frequent travelers appear fully aware of the wider risks involved when loyalty data — including travel schedules and other personal data — is lost or stolen. Roughly one in seven (15 percent) are simply concerned that a breach would result in a loss of loyalty points, while the majority of travelers (76 percent) worry about the loss of credit card numbers.

About these ads

New From the GAO

September 22, 2014 Comments off

New GAO Reports
Source: Government Accountability Office

1. Identity Theft: Additional Actions Could Help IRS Combat the Large, Evolving Threat of Refund Fraud. GAO-14-633,August 20.
http://www.gao.gov/products/GAO-14-633
Highlights – http://www.gao.gov/assets/670/665367.pdf
Podcast – http://www.gao.gov/multimedia/podcasts/665529

2. Oil and Gas Transportation: Department of Transportation Is Taking Actions to Address Rail Safety, but Additional Actions Are Needed to Improve Pipeline Safety. GAO-14-667, August 21.
http://www.gao.gov/products/GAO-14-667
Highlights – http://www.gao.gov/assets/670/665403.pdf
Podcast – http://www.gao.gov/multimedia/podcasts/665350

3. Patient Protection and Affordable Care Act: Procedures for Reporting Certain Financial Management Information Should Be Improved. GAO-14-697, September 22.
http://www.gao.gov/products/GAO-14-697
Highlights – http://www.gao.gov/assets/670/665984.pdf

4. Consumer Financial Protection Bureau: Some Privacy and Security Procedures for Data Collections Should Continue Being Enhanced. GAO-14-758, September 22.
http://www.gao.gov/products/GAO-14-758
Highlights – http://www.gao.gov/assets/670/666001.pdf

5. Bureau of Prisons: Management of New Prison Activations Can Be Improved. GAO-14-709, August 22.
http://www.gao.gov/products/GAO-14-709
Highlights – http://www.gao.gov/assets/670/665416.pdf

6. Army Corps of Engineers: The Corps Needs to Take Steps to Identify All Projects and Studies Eligible for Deauthorization. GAO-14-699, August 21.
http://www.gao.gov/products/GAO-14-699
Highlights – http://www.gao.gov/assets/670/665394.pdf

CRS — The Federal Trade Commission’s Regulation of Data Security Under Its Unfair or Deceptive Acts or Practices (UDAP) Authority (September 11, 2014)

September 18, 2014 Comments off

The Federal Trade Commission’s Regulation of Data Security Under Its Unfair or Deceptive Acts or Practices (UDAP) Authority (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

The Federal Trade Commission Act established the Federal Trade Commission (FTC or Commission) in 1914. The protection of consumers from anticompetitive, deceptive, or unfair business practices is at the core of the FTC’s mission. As part of that mission, the FTC has been at the forefront of the federal government’s efforts to protect sensitive consumer information from data breaches and regulate cybersecurity. As the number of data breaches has soared, so too have FTC investigations into lax data security practices. The FTC has not been delegated specific authority to regulate data security. Rather, the FTC has broad authority under Section 5 of the Federal Trade Commission Act (FTC Act) to prohibit unfair and deceptive acts or practices.

New From the GAO

September 18, 2014 Comments off

New From the GAO
Source: Government Accountability Office

Reports

1. Inspectors General: Improvements Needed in the Office of Inspector General’s Oversight of the Denali Commission. GAO-14-320, September 18.
http://www.gao.gov/products/GAO-14-320
Highlights – http://www.gao.gov/assets/670/665909.pdf

2. Secure Flight: TSA Should Take Additional Steps to Determine Program Effectiveness. GAO-14-531, September 9.
http://www.gao.gov/products/GAO-14-531
Highlights – http://www.gao.gov/assets/670/665677.pdf

3. Secure Flight: TSA Could Take Additional Steps to Strengthen Privacy Oversight Mechanisms. GAO-14-647, September 9.
http://www.gao.gov/products/GAO-14-647
Highlights – http://www.gao.gov/assets/670/665674.pdf

4. VA Health Care: Actions Needed to Address Higher-Than-Expected Demand for the Family Caregiver Program. GAO-14-675, September 18.
http://www.gao.gov/products/GAO-14-675
Highlights – http://www.gao.gov/assets/670/665929.pdf

5. Large Partnerships: With Growing Number of Partnerships, IRS Needs to Improve Audit Efficiency. GAO-14-732, September 18.
http://www.gao.gov/products/GAO-14-732
Highlights – http://www.gao.gov/assets/670/665887.pdf

6. Depot Maintenance: Accurate and Complete Data Needed to Meet DOD’s Core Capability Reporting Requirements. GAO-14-777, September 18.
http://www.gao.gov/products/GAO-14-777
Highlights – http://www.gao.gov/assets/670/665916.pdf

Testimonies

1. Healthcare.gov: Information Security and Privacy Controls Should Be Enhanced to Address Weaknesses, by Gregory C. Wilshusen, director, information security issues, before the House Committee on Oversight and Government Reform. GAO-14-871T, September 18.
http://www.gao.gov/products/GAO-14-871T
Highlights – http://www.gao.gov/assets/670/665878.pdf

2. Secure Flight: Additional Actions Needed to Determine Program Effectiveness and Strengthen Privacy Oversight Mechanisms, by Jennifer Grover, acting director, homeland security and justice, before the Subcommittee on Transportation Security, House Committee on Homeland Security. GAO-14-796T, September 18.
http://www.gao.gov/products/GAO-14-796T

Press Release

1. GAO Names New Members to PCORI Methodology Committee. September 18.
http://www.gao.gov/press/pcori_methodology_comm2014sep18.htm

Reissue

1. Critical Infrastructure Protection: DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts. GAO-14-507, September 15.
http://www.gao.gov/products/GAO-14-507
Highlights – http://www.gao.gov/assets/670/665787.pdf

New From the GAO

September 17, 2014 Comments off

New From the GAO
Source: Government Accountability Office

Reports

1. 8(a) Subcontracting Limitations: Continued Noncompliance with Monitoring Requirements Signals Need for Regulatory Change. GAO-14-706, September 16.
http://www.gao.gov/products/GAO-14-706
Highlights – http://www.gao.gov/assets/670/665828.pdf

2. Health Insurance Exchanges: Coverage of Non-excepted Abortion Services by Qualified Health Plans. GAO-14-742R, September 15.
http://www.gao.gov/products/GAO-14-742R

—–

1. Land-Use Agreements: Department of Veterans Affairs Needs to Improve Data Reliability and Monitoring. GAO-14-501, August 18.
http://www.gao.gov/products/GAO-14-501
Highlights – http://www.gao.gov/assets/670/665331.pdf

2. Healthcare.gov: Actions Needed to Address Weaknesses in Information Security and Privacy Controls. GAO-14-730, September 17.
http://www.gao.gov/products/GAO-14-730
Highlights – http://www.gao.gov/assets/670/665841.pdf

3. Broadcast Television and Radio: Disclosure Requirements for Broadcasted Content. GAO-14-738, September 17.
http://www.gao.gov/products/GAO-14-738
Highlights – http://www.gao.gov/assets/670/665859.pdf

Statement for the Record

1. Individual Retirement Accounts: Preliminary Information on IRA Balances Accumulated as of 2011, by James R. McTigue, director, strategic issues, and Charles A. Jeszeck, director, education, workforce, and income security issues, to the Senate Committee on Finance. GAO-14-878T, September 16.
http://www.gao.gov/products/GAO-14-878T
Highlights – http://www.gao.gov/assets/670/665805.pdf

Testimony

1. Financial Stability Oversight Council: Status of Efforts to Improve Transparency, Accountability, and Collaboration, by A. Nicole Clowers, director, financial markets and community investment team, before the Subcommittee on Oversight and Investigations, House Committee on Financial Services. GAO-14-873T, September 17.
http://www.gao.gov/products/GAO-14-873T
Highlights – http://www.gao.gov/assets/670/665852.pdf

The Check is in the Mail: Monetization of Craigslist Buyer Scams

September 10, 2014 Comments off

The Check is in the Mail: Monetization of Craigslist Buyer Scams (PDF)
Source: George Mason University, Department of Computer Science

Nigerian or advance fee fraud scams continue to gain prevelance within the world of online classified advertisements. As law enforcement, user training, and website technologies improve to thwart known techniques, scammers continue to evolve their methods of targeting victims and monetizing their scam methods. As our understanding of the underground scammer community and their methods grows, we gain a greater insight about the critical points of disruption to interrupt the scammers ability to succeed. In this paper we extend on previous works about fake payment scams targeting Craigslist. To grow our understanding of scammer methods and how they monetize these scams, we utilize a data collection system posting ”honeypot advertisements” on Craigslist offering products for sale and interact with scammers gathering information on their payment methods. We then conduct an analysis of 75 days worth of data to better understand the scammer’s patterns, supporting agents, geolocations, and methods used to perpetuate fraudulent payments. Our analysis shows that 5 groups are responsible for over 50% of the scam payments received. These groups operate primarily out of Nigeria, but use the services of agents within the United States to facilitate the sending and receiving of payments and shipping of products to addresses both in Nigeria and the United States. This small number of scammer organizations combined with the necessity of support agents within the United States indicate areas for potential targeting and disruption of the key scammer groups.

Hat tip: ResearchBuzz

See also: Scambaiter: Understanding Targeted Nigerian Scams on Craigslist (PDF)

Your Right to Look Like an Ugly Criminal: Resolving the Circuit Split over Mug Shots and the Freedom of Information Act

September 9, 2014 Comments off

Your Right to Look Like an Ugly Criminal: Resolving the Circuit Split over Mug Shots and the Freedom of Information Act (PDF)
Source: Vanderbilt Law Review
Mug shots occupy a seemingly indelible place in America n popular culture. Embarrassing booking photos of celebrities like Lindsay Lohan, Mel Gibson, and Robert Downey, Jr. are plastered on televisions and tabloids across the country. Local newspapers feature the most recent mug shots from the nearby jail, and mug shot websites are increasingly common. Perhaps our fascination with these images stems from the same impulse driving the popularity of reality television: seeing real people in bad situations makes us feel better about our own lives.

Regardless of why we find them appealing, mug shots play a major role in how the media report crime. Just last year, several news outlets covering the death of Trayvon Martin stirred up controversy by featuring an outdated mug shot of a younger, heavyset George Zimmerman in an orange jumpsuit, which some alleged was a calculated attempt to make him look more menacing.

Given the prevalence of these images, it is perhaps surprising that the federal government generally does not disseminate the mug shots in its possession. The Freedom of Information Act (“FOIA”) requires federal agencies to disclose certain records to the public. However, FOIA Exemption 7(C) permits agencies to deny requests for law enforcement records when releasing them might violate someone’s personal privacy.

When federal agencies refuse to disclose mug shots, members of the news media occasionally challenge them in court. Three federal appellate courts have considered whether mug shots qualify for nondisclosure under Exemption 7(C). The Sixth Circuit concluded that mug shots must be disclosed, but the Eleventh and Tenth Circuits recently disagreed, creating a circuit split.

Follow

Get every new post delivered to your Inbox.

Join 927 other followers