Category Archives: Security

Centrelink fires 19 for privacy breaches

Just on the heels of my earlier post about UK plans to dissolve privacy protections, Australia sends a stark warning about the damage that can be done by staff entrusted with your data.

Centrelink is the federal agency for welfare and social security in Australia. Thus, their staff have access to a huge amount of information about Australians. News about privacy violations they are dealing with was reported by ABC

Hundreds of Centrelink staff have been caught inappropriately looking up the records of friends and ex-lovers.

The privacy breaches were uncovered using specially designed spyware software.

As a result of a two-year investigation, Centrelink has uncovered nearly 800 cases of what it has described as inappropriate access by staff to customer records.

Nineteen staff have been sacked and nearly 100 resigned when they were confronted with the allegations.

Administration and customer care tools carry big risks with them. On the one hand companies want to give their staff simple and easy access to customer data to ensure support is smooth, but on the other hand companies have an obligation to protect customer data from exposure.

It can be expensive to do thorough background checks, and develop specific role-based controls, so many organizations try to get around these preventive measures to save money. In this case, detective controls were able to catch the abuse, but the “friends and ex-lovers” comment gives a big hint related to personal motives that companies often overlook when they factor the safety of data from internal attacks.

UK Data Sharing Plan Panned

This sounds like an absolutely horrible idea:

Ministers are preparing to overturn a fundamental principle of data protection in government, the Guardian has learned. They will announce next month that public bodies can assume they are free to share citizens’ personal data with other arms of the state, so long as it is in the public interest.

Oh, imagine someone appointed to decide that “public interest” means…sharing data. Wouldn’t that be a convenient position to defend?

The new policy appears to contravene a key principle of the data protection act, which is that “personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes”. Ministers are likely to argue that efficient public administration is not incompatible with other purposes.

“Efficient” administration is certainly one value, but never the supreme and only value. In fact, I believe most if not all people would happily give up effciency to preserve their liberties if the real consequences were portrayed openly and clearly. I can’t even count the number of companies that have asked me to help them ensure their data is safe from sharing. If a plan like this is passed the demand for information security will absolutely explode as every citizen will need a professional/specialist even just to help them protect themselves from simple mistakes.

Nazi restaurant opens in Mumbai

The BBC reports that a man in Mumbai will keep the name of his restaurant “Hitler’s Cross” despite protests from the local Jewish community.

“My customers are not complaining about the name, they are very amused by it,” he said. “Just like Hitler wanted to conquer the world, I want to conquer at least my area through the food served in my restaurant.”

Great. Now you know where to find all the Nazi sympathizers, conveniently collected into a restaurant in India. Clearly this man thinks a genocidal maniac is someone to idolize. Or does he…

Mr Sabhlok also said he was not promoting Hitler in any manner as he did not have any pictures of the German Nazi leader or decor related to him.

When questioned about press photographs of a huge Hitler poster at the front door, Mr Sabhlok said it was put up by one of the 700 invitees who attended the opening. “We pulled it off later,” he said.

I can just imagine him saying “Oh, you mean that picture? That’s someone else’s.” Of course it is, because restaurant guests always bring a giant picture of Hitler with them to dinner and post it on the front door.

So he’s saying he wants to be just like Hitler, but not like Hitler in any way. Hmmm, that sort of double-speak sounds strangely similar to something Hitler would have said. So the big question is whether the officials will have the sense to shut this place down before it becomes a serious saftey issue (please note I have avoided any tasteless “to die for” jokes), and whether/how restaurant laws will be forced change in India as a result.

Edited to add (8/29/2006): Looks like the BBC report may have been a few days stale. NewKerala.com reported that the protests began August 18th when the restaurant opened and by the 24th the restaurant announced it would give up the name:

“We, the owners and operators of the restaurant opened at Kharghar, Navi Mumbai, acknowledge that the name adopted by us for our restaurant was most inappropriate.

“We have decided to change the name of our restaurant and remove all signs and articles associated with Hitler and Nazism in and around the restaurant,” the statement said.

It will now be called The Pol Pot. No, not really. But you never know.

The Least You Can Feel

John Stewart has a fine news report on the latest mood swings of the American President, coupled with a flashy new public service announcement theme for Bush called “The Least You Can Feel”. The announcement that started the report was:

Nobody likes to see innocent people die.

Incidentally, I was doing some research on the Library of Congress site and happened to take a look in their online store. I was a bit surprised to find that they sell a fancy “Bombers Tie“:

Handsome red and black tie features famous fighter planes of World War II: the B-17 Flying Fortress, B-25 Mitchell, and, of course, the workhorse of the European Campaign, the 4-engine B-17 bomber. Pure silk, hand-finished.

Of all the things the Library of Congress could offer the public to remember the price of past conflicts or to commemorate the service of soldiers, does it have to be a blood-red necktie with silhouettes of bombers? Could this have something to do with a new “hey, innocent people die” sense of fashion on the hill?

Seems like a hint of a “war is hell, get over it” mentality. Speaking of which, when you check out the official “Today in History” page it appears that the LOC is dominated by a list of war and battle stories, along with the impact of war on civilians. Take August 23 for example, which has an entire page dedicated to Farragut’s battle in the Civil War. Compare this rather pointed view with the Wikipedia offering, or the BBC, or the New York Times, all providing a rich list of social and economic events for the same day. And if you really want to see stark contrast from the American style of “which military event happened today” public record, take a look at the Canadian version:

1941 England – William Lyon Mackenzie King 1874-1950 booed by restless Canadian troops in England when he makes a speech; most have been in England for a year without seeing action.

Quite different, eh? On this day troops were upset because they saw a lack of action, or “crew from Saint John defeat Renfrew crew from England in a rowing race”; things in history to feel good, or less bad, about.

Maybe my sample size is too small. I think I’ll go back to reading their archive of poetry now and wonder how to get a good sample from soldiers and civilians, or someone who can really feel and relate the horrors of conflict. Until then, here’s yet another “life goes on” vision of war from their 180 collection for high school students…