From Jeff.Hodges at neustar.biz Thu Sep 6 09:48:24 2007 From: Jeff.Hodges at neustar.biz (Jeff Hodges) Date: Thu, 06 Sep 2007 09:48:24 -0700 Subject: [SIG-IDtheft] fyi: APWG eCrime Researchers Summit Message-ID: <46E02F58.5090202@neustar.biz> Subject: [hcisec] eCrime early reg deadline Sept 7 From: "lorriecranor" Date: Thu, 06 Sep 2007 14:51:50 -0000 (07:51 PDT) To: hcisec at yahoogroups.com The The second APWG eCrime Researchers Summit will be hosted by Carnegie Mellon CyLab, October 4-5, 2007 in Pittsburgh, PA. The early registration deadline is Sept 7. See http://www.ecrimeresearch.org/ The preliminary program is now available and includes: Keynote talk: Gary McGraw, Cigital - Exploiting Online Games Panel: From Research to Reality: What Does it Take to Get our Technology Solutions Adopted? Panel: Does User Education Work? Panel: Political Phishing - A Threat to the 2008 Campaign? Poster session and bowling for eCriminals with the APWG eCrime-Fighters Refereed papers: EXAMINING THE IMPACT OF WEBSITE TAKE-DOWN ON PHISHING Tyler Moore and Richard Clayton FISHING FOR PHISHES: APPLYING CAPTURE-RECAPTURE TO PHISHING Rhiannon Weaver and Michael Collins EVALUATING A TRIAL DEPLOYMENT OF PASSWORD RE-USE FOR PHISHING PREVENTION Dinei Florencio and Cormac Herley BEHAVIORAL RESPONSE TO PHISHING RISK Julie S. Downs, Mandy B. Holbrook and Lorrie Faith Cranor FIGHTING OBFUSCATED SPAM Changwei Liu and Sid Stamm A COMPARISON OF MACHINE LEARNING TECHNIQUES FOR PHISHING DETECTION Saeed Abu-Nimeh, Dario Nappa, Xinlei Wang and Suku Nair GETTING USERS TO PAY ATTENTION TO ANTI-PHISHING EDUCATION: EVALUATION OF RETENTION AND TRANSFER Ponnurangam Kumaraguru, Yong Rhee, Steve Sheng, Sharique Hasan, Alessandro Acquisti, Lorrie Cranor and Jason Hong --- end From britta at projectliberty.org Thu Sep 6 21:57:43 2007 From: britta at projectliberty.org (Britta Glade) Date: Thu, 6 Sep 2007 21:57:43 -0700 Subject: [SIG-IDtheft] Call cancelled for tomorrow, Friday, Sept. 7.... Message-ID: I have been unable to confirm participation from Robin and Peter, who's just back from vacation and probably dealing with a mountain of email. Since we were going to be addressing policy commonalities across IDTheft breaches, hoping to do some work complementary to PPEG's work....I'm going to postpone this conversation until we can have that good guidance these gentlemen will provide. In the meantime, all please continue to work on your various breach scenarios you were looking at in identifying if there is a good source of rolled up information/check list that clearly spells out the common breach factors in this area. If there is no such resource, this does seem like a good place to focus efforts with PPEG. Have a great weekend....we'll talk on Sept. 14. Thanks. -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070906/9fa99886/attachment.html From britta at projectliberty.org Fri Sep 7 13:49:00 2007 From: britta at projectliberty.org (Britta Glade) Date: Fri, 7 Sep 2007 13:49:00 -0700 Subject: [SIG-IDtheft] Forbes: Survey: Social Security Theft Worrisome Message-ID: No big surprises here....but I know many of you like research and info on consumer perceptions.... http://www.forbes.com/feeds/ap/2007/09/06/ap4089759.html Associated Press *Survey: Social Security Theft Worrisome* By EILEEN ALT POWELL 09.06.07, 1:05 PM ET Popular Videos TV Marketing Mania Tennis Suits Heineken The Business Behind BCBG Cashing In On The Club Scene Driving Light: The BMW 550i Sedan Most Popular Stories Ultimate Business Travel Computer Companions The Death Of The Fad Toughest NFL Waiting Lists Lessons America Should Have Learned From 9/11 Luxurious Long-Term Lodging NEW YORK - Americans are concerned about the widespread use of Social Security numbers for identification purposes that potentially exposes them to identity theft, according to a survey released Thursday. The poll by Consumer Reports also found that some 89 percent of respondents would support federal and state action to restrict use of the numbers. "The widespread use of Social Security numbers has made it easier for crooks to commit fraud and contributes to an estimated 10 million cases of identity theft every year," said Jeannine Kenney, senior policy analyst in Washington, D.C., with Consumers Union, which publishes Consumer Reports. Kenney noted that Social Security numbers, while created for the national retirement benefit system, "have evolved into the equivalent of a national identifier." As a result, they're widely sought by businesses to help identify consumers, yet there are few laws limiting the collection of the numbers or uses to which they are put. "We need restrictions on who can solicit the numbers ... and, once collected by a business with a legitimate need, they should not be allowed to use the numbers for any other purpose without the consumer's consent," Kenney said. There also should be restrictions on the display and sale of Social Security numbers on the Internet, she added. The national survey of more than 1,000 people found that 87 percent of consumers have been asked in the past year to provide their Social Security number in whole or in part by a business or government agency. Some 60 percent of respondents have been asked for the number by financial institutions or retailers issuing credit, while 49 percent have been asked for the number by health care providers. Other entities that requested Social Security numbers were employers and potential employers, insurance companies, government agencies other than the IRS or state tax agencies, colleges, service providers such as cable TV and cell phone carriers, and utilities. Nearly four out of five Americans said they would prefer not to provide their number, but were concerned about the consequences of not doing so. And 52 percent of those surveyed said they carry at least one card in their wallet that has the number on it. Kenney said that some of the concern could be alleviated if there were legislative restrictions on the sale and purchase of Social Security numbers. In addition, she said, "we need to get them out of wallets." Most states, for example, have removed Social Security numbers from drivers licenses, while many health insurance companies no longer use the numbers for identification on benefit cards. But they're still on the Medicare cards that most elderly people carry, she said. The phone study of adults 18 and over was conducted in mid-August and had a margin of error of 3.1 percent. *Copyright 2007 Associated Press. All rights reserved. This material may not be published broadcast, rewritten, or redistributed* -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070907/99a532c4/attachment.html From Robin.Wilton at Sun.COM Mon Sep 10 01:13:34 2007 From: Robin.Wilton at Sun.COM (Robin Wilton) Date: Mon, 10 Sep 2007 09:13:34 +0100 Subject: [SIG-IDtheft] Forbes: Survey: Social Security Theft Worrisome In-Reply-To: References: Message-ID: <46E4FCAE.408@sun.com> An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070910/34820fb8/attachment-0001.html From britta at projectliberty.org Wed Sep 12 15:43:29 2007 From: britta at projectliberty.org (Britta Glade) Date: Wed, 12 Sep 2007 15:43:29 -0700 Subject: [SIG-IDtheft] CALL REMINDER: Friday, Sept. 14, 9:30 am PT Message-ID: Hopefully all have had time to do some research and thinking about our latest project of looking at privacy and policy commonalities in breach situations. I know I have some homework to do between now and Friday! Robin Wilton, a regular in our group, is also co-chair of PPEG, and will be providing an update on that group's activities and how we might be able to work with them--perhaps even opening up this exercise as a sub-team within PPEG. Dial in will be: 800-504-8071 International: +1 303-248-0281 code: 2544233 Thanks! -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070912/f04e40a7/attachment.html From Robin.Wilton at Sun.COM Fri Sep 14 09:56:20 2007 From: Robin.Wilton at Sun.COM (Robin Wilton) Date: Fri, 14 Sep 2007 17:56:20 +0100 Subject: [SIG-IDtheft] While we're all gathered... In-Reply-To: References: Message-ID: <46EABD34.10408@sun.com> An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/1466bb0d/attachment.html From koneil at cyva.com Fri Sep 14 10:16:53 2007 From: koneil at cyva.com (Kevin O'Neil) Date: Fri, 14 Sep 2007 10:16:53 -0700 Subject: [SIG-IDtheft] FW: interesting dissertation abstract: value-conscious design Message-ID: <004801c7f6f3$0cd21990$4301a8c0@CYVA03> For consideration in our discussion today. http://michaelzimmer.org/dissertation/ The Quest for the Perfect Search Engine: Values, Technical Design, and the Flow of Personal Information in Spheres of Mobility (download PDF version of this abstract here ) The freedom to move through both physical and intellectual space resonates within many of the fundamental values and aspirations of American culture, including free and open inquiry, personal autonomy, and liberty. These values are articulated in various spheres where freedom of mobility - both physical and intellectual - is typically enjoyed, ranging from the open highways, public libraries, and the Internet. New information and communication technologies are frequently designed to foster increased mobility within these spheres. Web search engines, for example, have emerged as a vital and increasingly ubiquitous tool for the successful navigation of the growing online informational sphere. As Google puts it, the goal is to "organize the world's information and make it universally accessible and useful," and to create the "perfect search engine" that would understand exactly what you mean and give back exactly what you want. While intended to enhance intellectual mobility, this dissertation will reveal that the quest for the perfect search engine is actually a Faustian bargain: While designed to foster increased navigation within our spheres of mobility, the search for the perfect search engine also empowers the widespread capture of personal information flows across the Internet. Drawing from historical examples from other spheres of mobility - including vehicle tracking systems, library surveillance, and DRM - the dissertation will argue that the drive for the perfect search engine constitutes a violation of the contextual integrity of personal information flows, restricting the ability to engage in social, cultural, and intellectual activities online free from answerability and oversight, thereby limiting users' full realization of the levels of autonomy, self-determination, and self-definition traditionally afforded within our spheres of mobility. Working within the methodological framework of value-conscious design, this dissertation will engage in a conceptual investigation of the relevant values that might be supported or diminished by the design of the perfect search engine, as well as a technical investigation of the design features of the perfect search engine itself, thereby contributing to future pragmatic attempts to design the perfect search engine in order to protect the values traditionally enjoyed in our spheres of mobility. Michael T. Zimmer Program in Media Ecology Department of Culture and Communication New York University 2007 Kevin O'Neil CYVA Research Corporation 3525 Del Mar Heights Rd., Ste. #327 San Diego, CA 92130 858 793 8100 (direct) koneil at cyva.com www.cyva.com Confidentiality Notice The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance of the contents of this information is strictly prohibited and may be unlawful. CYVA Research is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. _____ From: Kevin O'Neil [mailto:koneil at cyva.com] Sent: Monday, September 10, 2007 12:50 PM To: 'Abhilasha Bhargav-Spantzel' Subject: interesting dissertation abstract http://michaelzimmer.org/dissertation/ Kevin O'Neil CYVA Research Corporation 3525 Del Mar Heights Rd., Ste. #327 San Diego, CA 92130 858 793 8100 (direct) koneil at cyva.com www.cyva.com Confidentiality Notice The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance of the contents of this information is strictly prohibited and may be unlawful. CYVA Research is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/eafd8de9/attachment-0001.html From Robin.Wilton at Sun.COM Fri Sep 14 10:22:58 2007 From: Robin.Wilton at Sun.COM (Robin Wilton) Date: Fri, 14 Sep 2007 18:22:58 +0100 Subject: [SIG-IDtheft] CALL REMINDER: Friday, Sept. 14, 9:30 am PT In-Reply-To: References: Message-ID: <46EAC372.9010602@sun.com> An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/284c5c59/attachment.html From britta at projectliberty.org Fri Sep 14 13:13:47 2007 From: britta at projectliberty.org (Britta Glade) Date: Fri, 14 Sep 2007 13:13:47 -0700 Subject: [SIG-IDtheft] Fwd: Emailing: index_en.htm http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm In-Reply-To: <48B2E21901088749A183DC0FB5238F3E01A81342@IMCSRV2.MITRE.ORG> References: <48B2E21901088749A183DC0FB5238F3E01A81342@IMCSRV2.MITRE.ORG> Message-ID: I'm noting this in the notes as well. thanks. ---------- Forwarded message ---------- From: Weitzel, David S Date: Sep 14, 2007 10:07 AM Subject: Emailing: index_en.htm http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm To: Britta Glade [image: Freedom, Security and Justice] [image: Important legal notice] de en fr European Commission > Justice and Home affairs > ... > Data Protection Contact | Search on EUROPA [image: Homepage] [image: What's new] [image: Key issues] [image: Sitemap] [image: Index] [image: FAQs] [image: Subscribe] [image: Scoreboard] [image: Glossary] [image: Freedom, Security and Justice] [image: Newsroom] [image: Documentation centre] [image: Funding] [image: Commissioner] [image: About us] [image: Relevant web sites] [image: arrow] Introducing [image: arrow] Data protection [image: arrow] Overview [image: arrow] Guide for the citizens [image: arrow] The law [image: arrow] Status of implementation [image: arrow] Report on transposition [image: arrow] In third countries [image: arrow] Model contracts [image: arrow] International instruments [image: arrow] EU Supervisor [image: arrow] National Commissioners [image: arrow] Working Party Art.29 ------- [image: arrow] News [image: arrow] Studies [image: arrow] Consultations [image: arrow] Policy Documents (National / Article 29 WP) [image: arrow] Useful links [image: arrow] Asylum [image: arrow] Immigration [image: arrow] Terrorism [image: arrow] Police cooperation [image: arrow] Customs cooperation [image: arrow] Organised crime [image: arrow] Drugs cooperation [image: arrow] Criminal Justice [image: arrow] Civil matters-judicial cooperation [image: arrow] Fundamental rights [image: arrow] Citizenship of the European Union [image: arrow] Freedom to travel [image: arrow] External relations [image: arrow] Enlargement Data Protection ? European Commission [image: Data protection] [image: Report on the Implementation of Directive 95/46/EC] [image: European Data Protection Supervisor] [image: National Data Protection Commissioners] [image: National Policy Documents] [image: Useful links] [image: Art.29 Data protection Working Party] [image: Data protection in the European Union] *Data Protection Guide* What are your rights as a citizen? News/Press Releases Overview [image: Data Protection: The law] [image: Status of implementation of Directive 95/46/EC] [image: International Instruments] [image: Commission decisions on the adequacy] [image: Model contracts for the transfer of personal] [image: Studies] Questions about Data Protection in European Union? Contact JLS-C5 at ec.europa.eu ------------------------------ [image: top] ------------------------------ -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1203 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0036.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 56 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0037.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 261 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0038.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 427 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0039.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 15483 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0002.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 856 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0040.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1283 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0041.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 2377 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0003.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 883 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0042.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 49 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0043.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1134 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0044.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 59 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0045.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1993 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0046.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1850 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0047.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1817 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0048.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 896 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0049.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1602 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0050.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 946 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0051.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 8600 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0052.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1525 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0053.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 759 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0054.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 43 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0055.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 728 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0056.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1046 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0057.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1252 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0058.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1998 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0059.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 2596 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0060.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 830 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0061.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1157 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0062.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 2067 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0063.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1141 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0064.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1371 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0065.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1224 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0066.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1622 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0067.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 879 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0068.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 814 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0069.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 861 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0070.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1366 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/dd931aed/attachment-0071.gif From britta at projectliberty.org Fri Sep 14 13:15:26 2007 From: britta at projectliberty.org (Britta Glade) Date: Fri, 14 Sep 2007 13:15:26 -0700 Subject: [SIG-IDtheft] Fwd: OMB 06-15 http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf In-Reply-To: <48B2E21901088749A183DC0FB5238F3E01A81338@IMCSRV2.MITRE.ORG> References: <48B2E21901088749A183DC0FB5238F3E01A81338@IMCSRV2.MITRE.ORG> Message-ID: ---------- Forwarded message ---------- From: Weitzel, David S Date: Sep 14, 2007 9:52 AM Subject: OMB 06-15 http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf To: Britta Glade <> -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/77a14223/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: m-06-15.pdf Type: application/pdf Size: 50722 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/77a14223/attachment-0001.pdf From britta at projectliberty.org Fri Sep 14 13:15:54 2007 From: britta at projectliberty.org (Britta Glade) Date: Fri, 14 Sep 2007 13:15:54 -0700 Subject: [SIG-IDtheft] Fwd: OMB M06-16 http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf In-Reply-To: <48B2E21901088749A183DC0FB5238F3E01A81337@IMCSRV2.MITRE.ORG> References: <48B2E21901088749A183DC0FB5238F3E01A81337@IMCSRV2.MITRE.ORG> Message-ID: ---------- Forwarded message ---------- From: Weitzel, David S Date: Sep 14, 2007 9:49 AM Subject: OMB M06-16 http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf To: Britta Glade FYI. -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/013d6634/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: m06-16.pdf Type: application/pdf Size: 120924 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070914/013d6634/attachment-0001.pdf From britta at projectliberty.org Sat Sep 15 14:23:36 2007 From: britta at projectliberty.org (Britta Glade) Date: Sat, 15 Sep 2007 14:23:36 -0700 Subject: [SIG-IDtheft] Ameritrade hacked....more than 6 million affected Message-ID: Seems IDTheft isn't a matter of "if" but "when".... http://news.yahoo.com/s/ap/20070914/ap_on_bi_ge/broker_data_theft_3 By JOSH FUNK, AP Business Writer Fri Sep 14, 6:59 PM ET OMAHA, Neb. - Online brokerage TD Ameritrade Holding Corp. said Friday one of its databases was hacked and contact information for its more than 6.3million customers was stolen. A spokeswoman for the Omaha-based company said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken. The company would not share many details of its investigation, including when the hack took place, because it is still looking into the theft and cooperating with investigators from the FBI, Securities and Exchange Commission, Financial Industry Regulatory Authority and local authorities. But Ameritrade has known about the problem at least since late May when two of its customers sued the brokerage in federal court because they were receiving unwanted e-mail ads on accounts used only for Ameritrade. The data on Ameritrade's servers may have been vulnerable for an extended period of time dating back at least to last October, according to the lawsuit filed by lawyer Scott A. Kamber. The company said Friday the problem had recently been fixed. The plaintiffs in the lawsuit had wanted the court to order Ameritrade to tell its customers about the data problem, but Ameritrade issued its release before a hearing could be held. The plaintiffs are also seeking damages and are trying to qualify as a class-action lawsuit. "They preferred putting out a press release with their own language in it rather than have the court order them to put out a release with our language," Kamber said. Ameritrade officials did not immediately respond to a message left Friday afternoon with questions about the lawsuit. Earlier in the day, Ameritrade spokeswoman Kim Hillyer said the company discovered the breach in its system during a routine review of complaints about e-mail ads. "As soon as we found the issue and were able to stop it, we made plans to notify clients," Hillyer said. The plaintiffs in the lawsuit say all the unwanted e-mail ads they received appeared to be designed to manipulate the value of thinly traded stocks. This breach is smaller than the biggest known data breach at a company, which was the theft of at least 45 million credit card numbers of TJX Cos. retail customers that was reported earlier this year. But the Ameritrade problem is still significantly larger than many data breaches that involve hundreds or thousands but not millions of records. Ameritrade spokeswoman Katrina Becker said there is no evidence that any customer suffered financial losses or had been a victim of identity theft. Becker would not say why the company was confident Social Security numbers had not been taken even though they were kept in the same database as customer contact information, trading data and demographic information. Other Ameritrade databases where information such as passwords, user IDs and personal identification numbers are kept were not violated, the company said. Ameritrade hired ID Analytics Inc., which has expertise in identity theft, to help with the investigation, and it plans to continue using the company to monitor its servers for potential identity theft. ID Analytics will continue checking Ameritrade customer data against other databases to watch for identity theft because it could emerge later, said Mike Cook, chief operating officer for the San Diego company. "Just because a breached file is not misused today, it doesn't mean that it won't be misused in the future," Cook said. If all the thieves obtained was basic contact information, Cook said that might not be enough to steal an identity and apply for credit in another person's name. But he said the thieves might try to obtain additional information from a victim by posing as a legitimate business in an e-mail. Ameritrade started notifying its customers about the data theft Friday, and the brokerage posted information about it on its Web site. "While the financial assets our clients hold with us were never touched, and there is no evidence that our clients' Social Security Numbers were taken, we understand that this issue has increased unwanted SPAM, which is annoying and inconvenient for them," Chief Executive Joe Moglia said in a statement. "We sincerely apologize for that and any added concern this may have caused." Ameritrade is telling customers they don't need to do anything with their accounts except "remain alert in guarding their personal information." The company's asset-protection guarantee would cover any losses in Ameritrade accounts because of identity theft or fraud. Ameritrade said it is confident that it identified how the information was stolen and has changed its computer code enough to prevent the theft from recurring. It said any new client who opened an account after July 18 was not affected. Hillyer said the company's investigation was able to determine that the database had not been hacked after July 18. Ameritrade's 6.34 million accounts as of July make it one of the nation's biggest discount brokers after leader Charles Schwab Corp., which has 6.9million brokerage accounts. -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070915/960029e7/attachment.html From britta at projectliberty.org Wed Sep 19 09:24:42 2007 From: britta at projectliberty.org (Britta Glade) Date: Wed, 19 Sep 2007 09:24:42 -0700 Subject: [SIG-IDtheft] Computerworld Article: MySpace and Facebook users willing to trade privacy for features Message-ID: [image: Click here to find out more!] - Manage Infrastructure Changes - RADIUS at the Tipping Point: The Shift to Authenticated Networks and 802.1X - Unified Communications - Choosing a Network Access Control (NAC) Solution that is Right for Your Network - Make Your WAN Work Like A LAN *A guide to fast application delivery at the branch* - Key factors to consider when purchasing KVM-over-IP solutions - Computerworld Technology Briefing: Optimizing Branch File Management with File Area Networks - Computerworld Technology Briefing: A Great Leap Forward in Storage for the SMB - Sold on SOA Sign up to receive Security Resource Alerts [image: sign-up] *Another interesting datapoint as we consider the intersection of social networking and privacy....do people really not care or do they just not understand the implications? Perhaps a commentary on the Web 2.0generation.... * ** * http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9037379&intsrc=news_ts_head * ** *September 18, 2007 *(Computerworld) -- Facebookand MySpaceusers are willing to let the sites sell their personal data in return for access to the sites' social networking features, according to new research from Pace University. Researchers at the university queried users of *Facebook * and *MySpace * in August, asking for their views of the privacy protections offered by the sites and their feelings about how much personal information they are willing to post on social networking sites. Catherine Dwyer, a professor at Pace who worked on the study, noted that most Facebook and MySpace users said that they're willing to develop online relationships even though they believe that trust and privacy safeguards are weak. Users seem to view the social networking sites as a way to get online profiles, photos and the like for free while the sites "can take all their data and do whatever they want with it," she noted. "Both sites are really interested in monetizing this information as much as possible," she said. "They don't exist to give people ways to upload photos." Less than 5% of MySpace users surveyed and slightly more than 5% of Facebook users surveyed said they believe that the personal information they put on the sites is strongly protected. Still, the respondents told researchers that are willing to share personal details with others on the sites. More than 85% of respondents in both groups reported that they would share a photo of themselves on a social networking sites, and 91% of Facebook users and 62% of MySpace users said they use their real name on such sites, according to the study. In addition, 87% of Facebook users and 41% of MySpace users post their personal e-mail addresses on the sites. And even though 32% of MySpace users strongly agree that other users exaggerate information in their profiles, nearly half of them said that they are willing to get together in person with people they meet online, Dwyer noted. "Here is this site where they express ?a high level of distrust in other people, yet 44% said they have met someone through the site," she said. "People have this bullet-proof notion about their own ability to manage themselves online. They don't really depend on the site to filter any of this stuff." Dwyer also noted that users at both sites may be naive when it comes to their notions of how the sites may be using the data they provide about themselves. She pointed to a report in *The New York Times * on Tuesday about MySpace's plans to use data-mining techniques to gather information for advertisers seeking to market products to users of its site. In the study, only 18% of Facebook users and 21% of MySpace users said that they strongly agreed that the site would not use their personal information for any other purpose than as part of their profile. "There is a real disconnect between [the beliefs of] people using these sites and the way the privacy management is set," she said. "You transfer privacy to this digital realm and there are only two states - it is private?or it is public, and there is potential for every single person in the world to know about it." -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070919/716affb8/attachment-0001.html From Robin.Wilton at Sun.COM Wed Sep 19 15:33:45 2007 From: Robin.Wilton at Sun.COM (Robin Wilton) Date: Wed, 19 Sep 2007 23:33:45 +0100 Subject: [SIG-IDtheft] Computerworld Article: MySpace and Facebook users willing to trade privacy for features In-Reply-To: References: Message-ID: <46F1A3C9.9000604@sun.com> An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070919/46397988/attachment.html From britta at projectliberty.org Wed Sep 19 15:44:30 2007 From: britta at projectliberty.org (Britta Glade) Date: Wed, 19 Sep 2007 15:44:30 -0700 Subject: [SIG-IDtheft] Computerworld Article: MySpace and Facebook users willing to trade privacy for features In-Reply-To: <46F1A3C9.9000604@sun.com> References: <46F1A3C9.9000604@sun.com> Message-ID: Very interesting! I hadn't been familiar with that program. I wonder if that's because Europeans seem to be smarter than their US counterparts in understanding the implications of privacy? On 9/19/07, Robin Wilton wrote: > > Well hey - people will trade their passwords for a bar of chocolate; > why not trade their PII for some extra functionality. > > Intersetingly, this runs 100% counter to hte epxerience in Sweden, > where there has been a pilot of a student 'software agent' called "e-Me". > > In the e-Me system, a software intermediary acts as the go-between > for students and their online counterparts: filtering inbound email and > mobile calls/texts, representing preferences and current communication > options, &c. In v1.0 there was a calendar: the overwhelming response > was: > > "Functionality of the calendar feature is *less* important than > integration > with other apps. If it's well integrated with other apps, we don't care if > it's basic in functional terms..." > > > R > > Britta Glade wrote: > > > > [image: > Click here to find out more!] > > - Manage Infrastructure Changes > > - RADIUS at the Tipping Point: The Shift to Authenticated Networks > and 802.1X > > - Unified Communications > > > > - Choosing a Network Access Control (NAC) Solution that is Right for > Your Network > - Make Your WAN Work Like A LAN > *A guide to fast application delivery at the branch* > > - Key factors to consider when purchasing KVM-over-IP solutions > > > > - Computerworld Technology Briefing: Optimizing Branch File > Management with File Area Networks > > - Computerworld Technology Briefing: A Great Leap Forward in Storage > for the SMB > - Sold on SOA > > Sign up to receive Security Resource Alerts > [image: sign-up] > *Another interesting datapoint as we consider the intersection of social > networking and privacy....do people really not care or do they just not > understand the implications? Perhaps a commentary on the Web 2.0generation.... > * > > *http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9037379&intsrc=news_ts_head > * > > *September 18, 2007 *(Computerworld) -- > Facebookand > MySpaceusers are willing to let the sites sell their personal data in return for > access to the sites' social networking features, according to new research > from Pace University. > > Researchers at the university queried users of *Facebook > * and *MySpace * in August, asking for their > views of the privacy protections offered by the sites and their feelings > about how much personal information they are willing to post on social > networking sites. > > Catherine Dwyer, a professor at Pace who worked on the study, noted that > most Facebook and MySpace users said that they're willing to develop online > relationships even though they believe that trust and privacy safeguards are > weak. > > Users seem to view the social networking sites as a way to get online > profiles, photos and the like for free while the sites "can take all their > data and do whatever they want with it," she noted. > > "Both sites are really interested in monetizing this information as much > as possible," she said. "They don't exist to give people ways to upload > photos." > > Less than 5% of MySpace users surveyed and slightly more than 5% of > Facebook users surveyed said they believe that the personal information they > put on the sites is strongly protected. > > Still, the respondents told researchers that are willing to share personal > details with others on the sites. More than 85% of respondents in both > groups reported that they would share a photo of themselves on a social > networking sites, and 91% of Facebook users and 62% of MySpace users said > they use their real name on such sites, according to the study. > > In addition, 87% of Facebook users and 41% of MySpace users post their > personal e-mail addresses on the sites. > > And even though 32% of MySpace users strongly agree that other users > exaggerate information in their profiles, nearly half of them said that they > are willing to get together in person with people they meet online, Dwyer > noted. > > "Here is this site where they express ?a high level of distrust in other > people, yet 44% said they have met someone through the site," she said. > "People have this bullet-proof notion about their own ability to manage > themselves online. They don't really depend on the site to filter any of > this stuff." > > Dwyer also noted that users at both sites may be naive when it comes to > their notions of how the sites may be using the data they provide about > themselves. She pointed to a report in > *The New York Times > * on Tuesday about MySpace's plans to use data-mining techniques to gather > information for advertisers seeking to market products to users of its site. > > > In the study, only 18% of Facebook users and 21% of MySpace users said > that they strongly agreed that the site would not use their personal > information for any other purpose than as part of their profile. > > "There is a real disconnect between [the beliefs of] people using these > sites and the way the privacy management is set," she said. "You transfer > privacy to this digital realm and there are only two states - it is > private?or it is public, and there is potential for every single person in > the world to know about it." > > > -- > Britta Glade > Liberty Alliance > 925-254-4233 > > ------------------------------ > > _______________________________________________ > This is a public mailing list. Content is NOT confidential. > > Sig-idtheft mailing listSig-idtheft at lists.projectliberty.orghttp://lists.projectliberty.org/mailman/listinfo/sig-idtheft_lists.projectliberty.org > > > -- > > Corporate Architect - Federated Identity > CTO Office (Business Alliances) > robin.wilton at sun.com > Tel: +44 (0)705 005 2931http://blogs.sun.com/racingsnake > > -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070919/1e7fe3fe/attachment-0001.html From Robin.Wilton at Sun.COM Wed Sep 19 15:50:39 2007 From: Robin.Wilton at Sun.COM (Robin Wilton) Date: Wed, 19 Sep 2007 23:50:39 +0100 Subject: [SIG-IDtheft] Computerworld Article: MySpace and Facebook users willing to trade privacy for features In-Reply-To: References: <46F1A3C9.9000604@sun.com> Message-ID: <46F1A7BF.9000308@sun.com> An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070919/f7af1659/attachment.html From lkannappan at fugensolutions.com Wed Sep 19 15:52:28 2007 From: lkannappan at fugensolutions.com (Lena Kannappan) Date: Wed, 19 Sep 2007 15:52:28 -0700 Subject: [SIG-IDtheft] Computerworld Article: MySpace and Facebook users willing to trade privacy for features In-Reply-To: <46F1A3C9.9000604@sun.com> Message-ID: <20070919225325.1860A19A8@tonnant.cnc.net> This is interesting Britta ! Robin, probably Pace needs the EU story to balance. Are these respondents just teenagers or college students who generally care least about privacy ? Secondly when these profiles become sensitive in the context of transactions or crime, then the users will realize the value of privacy protection. - lena kannappan _____ From: sig-idtheft-bounces at lists.projectliberty.org [mailto:sig-idtheft-bounces at lists.projectliberty.org] On Behalf Of Robin Wilton Sent: Wednesday, September 19, 2007 3:34 PM To: Britta Glade Cc: Deidre Sullivan; sig-idtheft at lists.projectliberty.org Subject: Re: [SIG-IDtheft] Computerworld Article: MySpace and Facebook users willing to trade privacy for features Well hey - people will trade their passwords for a bar of chocolate; why not trade their PII for some extra functionality. Intersetingly, this runs 100% counter to hte epxerience in Sweden, where there has been a pilot of a student 'software agent' called "e-Me". In the e-Me system, a software intermediary acts as the go-between for students and their online counterparts: filtering inbound email and mobile calls/texts, representing preferences and current communication options, &c. In v1.0 there was a calendar: the overwhelming response was: "Functionality of the calendar feature is less important than integration with other apps. If it's well integrated with other apps, we don't care if it's basic in functional terms..." R Britta Glade wrote: Click here to find out more! * Manage Infrastructure Changes * RADIUS at the Tipping Point: The Shift to Authenticated Networks and 802.1X * Unified Communications * Choosing a Network Access Control (NAC) Solution that is Right for Your Network * Make Your WAN Work Like A LAN A guide to fast application delivery at the branch * Key factors to consider when purchasing KVM-over-IP solutions * Computerworld Technology Briefing: Optimizing Branch File Management with File Area Networks * Computerworld Technology Briefing: A Great Leap Forward in Storage for the SMB * Sold on SOA Sign up to receive Security Resource Alerts sign-up Another interesting datapoint as we consider the intersection of social networking and privacy....do people really not care or do they just not understand the implications? Perhaps a commentary on the Web 2.0 generation.... http://www.computerworld.com/action/article.do?command=viewArticleBasic &articleId=9037379&intsrc=news_ts_head September 18, 2007 (Computerworld) -- Facebook and MySpace users are willing to let the sites sell their personal data in return for access to the sites' social networking features, according to new research from Pace University. Researchers at the university queried users of Facebook and MySpace in August, asking for their views of the privacy protections offered by the sites and their feelings about how much personal information they are willing to post on social networking sites. Catherine Dwyer, a professor at Pace who worked on the study, noted that most Facebook and MySpace users said that they're willing to develop online relationships even though they believe that trust and privacy safeguards are weak. Users seem to view the social networking sites as a way to get online profiles, photos and the like for free while the sites "can take all their data and do whatever they want with it," she noted. "Both sites are really interested in monetizing this information as much as possible," she said. "They don't exist to give people ways to upload photos." Less than 5% of MySpace users surveyed and slightly more than 5% of Facebook users surveyed said they believe that the personal information they put on the sites is strongly protected. Still, the respondents told researchers that are willing to share personal details with others on the sites. More than 85% of respondents in both groups reported that they would share a photo of themselves on a social networking sites, and 91% of Facebook users and 62% of MySpace users said they use their real name on such sites, according to the study. In addition, 87% of Facebook users and 41% of MySpace users post their personal e-mail addresses on the sites. And even though 32% of MySpace users strongly agree that other users exaggerate information in their profiles, nearly half of them said that they are willing to get together in person with people they meet online, Dwyer noted. "Here is this site where they express .a high level of distrust in other people, yet 44% said they have met someone through the site," she said. "People have this bullet-proof notion about their own ability to manage themselves online. They don't really depend on the site to filter any of this stuff." Dwyer also noted that users at both sites may be naive when it comes to their notions of how the sites may be using the data they provide about themselves. She pointed to a report in The New York Times on Tuesday about MySpace's plans to use data-mining techniques to gather information for advertisers seeking to market products to users of its site. In the study, only 18% of Facebook users and 21% of MySpace users said that they strongly agreed that the site would not use their personal information for any other purpose than as part of their profile. "There is a real disconnect between [the beliefs of] people using these sites and the way the privacy management is set," she said. "You transfer privacy to this digital realm and there are only two states - it is private.or it is public, and there is potential for every single person in the world to know about it." -- Britta Glade Liberty Alliance 925-254-4233 _____ _______________________________________________ This is a public mailing list. Content is NOT confidential. Sig-idtheft mailing list Sig-idtheft at lists.projectliberty.org http://lists.projectliberty.org/mailman/listinfo/sig-idtheft_lists.projectli berty.org -- Corporate Architect - Federated Identity CTO Office (Business Alliances) robin.wilton at sun.com Tel: +44 (0)705 005 2931 http://blogs.sun.com/racingsnake -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070919/d70b22dc/attachment-0001.html From britta at projectliberty.org Thu Sep 20 16:58:45 2007 From: britta at projectliberty.org (Britta Glade) Date: Thu, 20 Sep 2007 16:58:45 -0700 Subject: [SIG-IDtheft] Call reminder: FRIDAY, SEPT. 21, 9:30 am PT Message-ID: 1. Finalize plans for privacy/policy analysis of breaches--pursue this activity as a PPEG subteam? 2. Topical conversation (we always pick one!) on current IDTheft and identity landscape A. I do find the Facebook and MySpace research of this week fascinating..... Dial in: 800-504-8071 International:+1 303-248-0281 code: 2544233 Thanks! -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070920/40f0a7dd/attachment.html From bhargav at cs.purdue.edu Sat Sep 22 23:16:51 2007 From: bhargav at cs.purdue.edu (Abhilasha Bhargav-Spantzel) Date: Sun, 23 Sep 2007 02:16:51 -0400 Subject: [SIG-IDtheft] on the lighter side -- id theft outreach In-Reply-To: References: Message-ID: <46F604D3.20307@cs.purdue.edu> Hi all, I thought I'd share this hilarious video my husband just showed me about id-theft do's and dont's (more for the general public though) -- http://www.youtube.com/watch?v=l1uAzm0QWq4 Good way to do the outreach bit ;) Enjoy! Abhilasha From koneil at cyva.com Tue Sep 25 06:32:46 2007 From: koneil at cyva.com (Kevin O'Neil) Date: Tue, 25 Sep 2007 06:32:46 -0700 Subject: [SIG-IDtheft] Facebook subpoenaed over user safety Message-ID: <017701c7ff78$909b8c60$4301a8c0@CYVA03> http://news.yahoo.com/s/nm/20070924/wr_nm/facebook_subpoenas_dc Kevin O'Neil CYVA Research Corporation 3525 Del Mar Heights Rd., Ste. #327 San Diego, CA 92130 858 793 8100 (direct) koneil at cyva.com www.cyva.com Confidentiality Notice The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance of the contents of this information is strictly prohibited and may be unlawful. CYVA Research is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070925/dfcb7822/attachment.html From britta at projectliberty.org Tue Sep 25 09:17:17 2007 From: britta at projectliberty.org (Britta Glade) Date: Tue, 25 Sep 2007 09:17:17 -0700 Subject: [SIG-IDtheft] Fwd: TJMaxx Investigation Results In-Reply-To: <001301c7ff8a$74581d90$400110ac@EricLaptop> References: <001301c7ff8a$74581d90$400110ac@EricLaptop> Message-ID: Of interest to this group I'm sure. Thanks to Eric Nelson for forwarding. -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070925/681c226e/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: TJMaxx Investigation Results_Canada.pdf Type: application/pdf Size: 97630 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070925/681c226e/attachment-0001.pdf From britta at projectliberty.org Wed Sep 26 09:12:11 2007 From: britta at projectliberty.org (Britta Glade) Date: Wed, 26 Sep 2007 09:12:11 -0700 Subject: [SIG-IDtheft] CALL REMINDER: Friday, Sept. 28, 9:30am PDT--SPECIAL GUEST GILLES LISIMAQUE Message-ID: All-- As discussed on our last call, given interest from our group in understanding global trends regarding the use of stronger authentication techniques globally as a potential deterent to identity theft and fraud, Kevin O'Neil was able to secure participation from Gilles Lisimaque on our next call (copying Sreeram and Rob as they may want to invite some of the SAEG members to attend as well). Many of you know Gilles, but here's a bio for those who aren't as familiar: *Gilles M. Lisimaque* Mr. Lisimaque is one of the leading US experts on Smart Cards and application of Smart Cards, working on various US government projects as technical advisor and smart card standard expert. Prior to joining IDTP Mr. Lisimaque worked at Gemplus, a company he founded with four other co-founders, and was part of the Business Development Group, responsible for special projects in North America. In this position, he contributed to various groups including prospects and customers, providing technical and business guidance for the design and application of Gemplus smart cards, hardware and systems, and customized services. Prior to joining the Gemplus team, Mr. Lisimaque was technical marketing director in SGS-Thomson's research and development group. He was the architect of the company's family of smart card components and helped develop the first chip operating system for smart cards. Additionally, he was MIS manager of the SGS-Thomson MOS facility called Eurotechnique, a joint venture between Saint-Gobain and National Semiconductor. There he developed an integration system connecting HP mini-computers, IBM mainframes and DEC semi-conductor test equipment. Mr. Lisimaque holds multiple patents on smart card security and smart card OS design and has high level seats with numerous Smart Card and Security Forums and Associations. Mr. Lisimaque is an honor graduate of the French engineering school, "Arts & M?tiers", where he specialized in automation and electronics. Questions we discussed, which we'll use to kick off our call are: To what extent can smart cards aid in the reduction of identity theft? What are the reasons for slow adoption in the U.S.? What programs or industry efforts or events will trigger a more rapid deployment? What are the issues of mass adoption and deployment that linger? Why have European states and other nations been more aggressive in deployment and what have been the lessons learned? How can you fail to succeed, where have smart card programs faltered? What has been the traditional push-back by banks, telecoms, others in resisting or failing to move forward with smart cards? Future? Standards, key drivers, obstacles, legislation, public fears of poorly conceived deployments? Looking forward to our call and very much thank Gilles for joining us. Dial in is the usual: 800-504-8071 International: +1 303-248-0281 Code: 2544233 Thanks! -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070926/57a891f6/attachment.html From Contact at IdentityTheft.org Wed Sep 26 09:48:26 2007 From: Contact at IdentityTheft.org (Mari Frank) Date: Wed, 26 Sep 2007 09:48:26 -0700 Subject: [SIG-IDtheft] CALL REMINDER: Friday, Sept. 28, 9:30am PDT--SPECIAL GUEST GILLES LISIMAQUE In-Reply-To: References: Message-ID: <026f01c8005d$0f488ab0$671ca8c0@PP> Britta- I have a meeting on Friday- so I don? t think I will be back to join in- but- I think we need to know what information is place on Smart Cards in EU and how that would be different in the US- How can they be hacked ? How can they be used to obtain info for identity thieves- I have heard some stories from law enforcement- nothing is perfect- so let?s find out the challenges as well That?s my 2 cents. Contact at identitytheft.org 28202 Cabot Road, Suite 300 Laguna Niguel, Ca. 92677 Phone :949-364-1511 Fax: 949-363-7561 www.identitytheft.org www.MariFrank.com www.kuci.org/privacypiracy E-mail contact at identitytheft.org To order Mari's books: Call Porpoise Press 800-725-0807 This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or by phone at 949-364-1511) immediately. Thank you. _____ From: sig-idtheft-bounces at lists.projectliberty.org [mailto:sig-idtheft-bounces at lists.projectliberty.org] On Behalf Of Britta Glade Sent: Wednesday, September 26, 2007 9:12 AM To: sig-idtheft at lists.projectliberty.org; Thirukkonda, Sreeram; Rob Marano Cc: glisimaque at idtp.com Subject: [SIG-IDtheft] CALL REMINDER: Friday, Sept. 28,9:30am PDT--SPECIAL GUEST GILLES LISIMAQUE All-- As discussed on our last call, given interest from our group in understanding global trends regarding the use of stronger authentication techniques globally as a potential deterent to identity theft and fraud, Kevin O'Neil was able to secure participation from Gilles Lisimaque on our next call (copying Sreeram and Rob as they may want to invite some of the SAEG members to attend as well). Many of you know Gilles, but here's a bio for those who aren't as familiar: Gilles M. Lisimaque Mr. Lisimaque is one of the leading US experts on Smart Cards and application of Smart Cards, working on various US government projects as technical advisor and smart card standard expert. Prior to joining IDTP Mr. Lisimaque worked at Gemplus, a company he founded with four other co-founders, and was part of the Business Development Group, responsible for special projects in North America. In this position, he contributed to various groups including prospects and customers, providing technical and business guidance for the design and application of Gemplus smart cards, hardware and systems, and customized services. Prior to joining the Gemplus team, Mr. Lisimaque was technical marketing director in SGS-Thomson's research and development group. He was the architect of the company's family of smart card components and helped develop the first chip operating system for smart cards. Additionally, he was MIS manager of the SGS-Thomson MOS facility called Eurotechnique, a joint venture between Saint-Gobain and National Semiconductor. There he developed an integration system connecting HP mini-computers, IBM mainframes and DEC semi-conductor test equipment. Mr. Lisimaque holds multiple patents on smart card security and smart card OS design and has high level seats with numerous Smart Card and Security Forums and Associations. Mr. Lisimaque is an honor graduate of the French engineering school, "Arts & M?tiers", where he specialized in automation and electronics. Questions we discussed, which we'll use to kick off our call are: To what extent can smart cards aid in the reduction of identity theft? What are the reasons for slow adoption in the U.S.? What programs or industry efforts or events will trigger a more rapid deployment? What are the issues of mass adoption and deployment that linger? Why have European states and other nations been more aggressive in deployment and what have been the lessons learned? How can you fail to succeed, where have smart card programs faltered? What has been the traditional push-back by banks, telecoms, others in resisting or failing to move forward with smart cards? Future? Standards, key drivers, obstacles, legislation, public fears of poorly conceived deployments? Looking forward to our call and very much thank Gilles for joining us. Dial in is the usual: 800-504-8071 International: +1 303-248-0281 Code: 2544233 Thanks! -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-idtheft_lists.projectliberty.org/attachments/20070926/9c0622f9/attachment.html