Anyone need more data on what is wrong with security in America? The Associated Press have posted a chilling story about the absolute wrong way to go about things:

Mayor Cheye Calvo got home from work, saw a package addressed to his wife on the front porch and brought it inside, putting it on a table. Suddenly, police with guns drawn kicked in the door and stormed in, shooting to death the couple’s two dogs and seizing the unopened package.

The problem is, the package was a “dead drop” scheme used by drug smugglers and the police assumed (stupidly and as intended by the smugglers) that because the package was addressed to the Mayor, it must be his. All the police watched for was for the suspect to take the package inside. The heavily armed officers frightened the Mayor’s mother-in-law, who screamed. They used this intimidation technique to claim they had to move into action, and cause the Mayor irreparable damage.

Two black labs were gunned down when “officers felt threatened”, but the uncertainty principle is evident here: the officers surely threatened the dogs, thereby giving themselves reason to kill them. It is hard to see what the police did to minimize such a threat or avoid harm to the suspects, as they seem to have used the “fire, ready, aim” approach to this incident. I have touched on this before in my review of Tazer lessons — police are now taught to be aggressive and to act with “pre-emptive” aggression and impunity towards civilians.

Calvo insisted the couple’s two black Labradors were gentle creatures and said police apparently killed them “for sport,” gunning down one of them as it was running away.

“Our dogs were our children,” said the 37-year-old Calvo. “They were the reason we bought this house because it had a big yard for them to run in.”

That suggests to me that their dogs were known risks to the police and were therefore targeted unfairly instead of anticipated and dealt with humanely, as the Mayor asserts.

“When all of this happened I was flabbergasted,” said next-door neighbor Edward Alexander. “I was completely stunned because those dogs didn’t hurt anybody. They barely bark.”

The case is the latest embarrassment for Prince George’s County officials. A former police officer was sentenced in May to 45 years in prison for shooting two furniture deliverymen at his home last year, one of them fatally. He claimed that they attacked him. In June, a suspect jailed in the death of a police officer was found strangled in his cell.

Calvo said he was astonished that police have not only failed to apologize, but declined to clear the couple’s names.

This event highlights everything about the wrong way to practice security — aggression without justification, and a failure to stand accountable. It breeds resentment among those who feel threatened and erodes the support needed to create real and lasting security.

His wife spoke through tears as she described an encounter with a girl who used to see the couple walking their dogs.

“She gave me a big hug and she said, `If the police shot your dogs dead and did this to you, how can I trust them?'” Tomsic said.

Exactly. That is the future generation of Americans, growing up with a distaste rather than a desire for law and order. Some argue that American soldiers in Iraq are not trained to be law enforcement officers and therefore can not bring the right results, but one look at the law enforcement officers in this and related cases suggests it is a much larger problem for America to resolve.

The Los Angeles Times reports that the nature of “repeated” and “extended” violations are giving lawmakers energy to introduce a new set of state laws:

In part because of the breaches, Gov. Arnold Schwarzenegger has endorsed legislation that would impose penalties on hospitals and healthcare workers for breaching patient privacy.

“Californians have every right to expect their medical records to be safeguarded and protected, and I am alarmed about repeated violations of patient confidentiality and the potential harm to the citizens of this state,” Schwarzenegger said in a statement. “By putting financial penalties in place for those employees and facilities that do not follow these laws, this legislation will lead to better care for all Californians.”

Under the legislation, being carried by Sen. Elaine Alquist (D-Santa Clara) and Assemblyman Dave Jones (D-Sacramento), healthcare workers who unlawfully view patient records would be fined from $1,000 to $250,000, depending on the seriousness of the violation. Hospitals and other health facilities would face fines of $25,000 to $250,000 for similar violations.

The legislation also would increase penalties for hospitals found to have put patients in jeopardy of harm or death, to $100,000 from $25,000.

Whether or not you agree with HIPAA, it is clear the CA state law that forced breach notification has been the most effective rule to date for information security practices and privacy. It will be interesting to see the effect of another CA privacy law dedicated to healthcare. Note, the governor recently struck-down a PCI-like bill in CA because he said the private sector was doing well enough regulating itself and did not need duplicate legislation or interference. So, for now, PCI might seem ugly to some but it is what an industry can do to keep ahead of hot-button topics for elected officials.

According to Attorney General Michael Mukasey, no number can be given to quantify the amount of losses. And yet, the attacks were apparently simple:

[US Attorney] Sullivan said the alleged thieves weren’t computer geniuses, just opportunists who used a technique called “wardriving,” which involved cruising through different areas with a laptop and looking for accessible wireless Internet signals. Once they located a vulnerable network, they installed so-called “sniffer programs” that captured credit and debit card numbers as they moved through a retailer’s processing networks.

The information was stored on two servers in Ukraine and Latvia — one with more than 25 million credit and debit card numbers and another with more than 16 million numbers, Sullivan said.

Homeland Security Secretary Chertoff is quoted in the article stating that an identity is “each individual’s greatest asset”. He alleged this “demonstrated the weaknesses of cybersecurity in the US”.

I guess he is not paid to speculate about other countries, but surely this is a world=wide weakness. Perhaps he is referring to the investigation tactics used in the US and some particular issues:

Gonzalez was a U.S. Secret Service informant who helped the agency take over a Web site being used to transmit stolen identifiers and stolen credit card numbers, U.S. Secret Service Director Mark Sullivan said at the news conference.

“That was the first time ever that a computer system was wiretapped,” he said.

But he said the Secret Service later found out that Gonzalez had also been feeding criminals information about ongoing investigations — even warning off at least one person.

“Obviously, we weren’t happy that a person working for us as an informant was double-dealing,” Mark Sullivan said.

Well, at least they caught him.