Re: At Least 20 Big-Name Passports Breached

["Allan Friedman" <allan_friedman () ksgphd harvard edu>]

>  Another seemingly simple solution would be to flag certain high-profile
>  accounts with
>  an option that requires a supervisor's electronic okay to open a record.


Flagging or escalating is fine for presidential candidates and
probably academy award winners, but where does that leave you and me,
who happen to live next door to anyone with access to a major
database. Access control and least privilege are huge privacy issues
that we haven't even started to get into: they are human scale rather
than technical.



>  Another seemingly simple solution would be to flag certain high-profile
>  accounts with
>  an option that requires a supervisor's electronic okay to open a record.
>  It seems like what they have now is that certain accounts are flagged as
>  high-profile
>  (government officials, celebrities, etc) and the management is notified
>  AFTER somebody
>  pulls up the record.  Kind of like closing the barn door after the cows
>  have left.
>
>  -Max
>
>
>
>  -----Original Message-----
>  From: dataloss-bounces () attrition org
>  [mailto:dataloss-bounces () attrition org] On Behalf Of Chris Walsh
>  Sent: Thursday, March 27, 2008 8:04 AM
>  To: Richard Forno
>  Cc: dataloss () attrition org
>  Subject: Re: [Dataloss] At Least 20 Big-Name Passports Breached
>
>  Reports I read said that as part of their training, contractors are told
>  to bring up the file on somebody (whom they pick).  Most trainees pick a
>  relative, the article said.
>
>  This is of concern on several levels, the most obvious of which is the
>  blatant disregard for privacy that it shows.  In 30 seconds, I could
>  rewrite this training regime to preserve privacy -- just have trainees
>  be instructed to bring up a record which exists solely for training!
>  John Q Public of 123 Main St., Anytown USA comes to mind.
>
>  The fact that live data is used for training, when the contents are
>  sensitive is quite disheartening.  This is a systemic problem, not one
>  that just impacts Senators or dead celebrities.
>
>  cw
>  On Wed, Mar 26, 2008 at 11:12:05PM -0400, Richard Forno wrote:
>  > At Least 20 Big-Name Passports Breached Last Edited: Wednesday, 26 Mar
>
>  > 2008, 6:47 PM EDT
>  >
>  > http://www.myfoxdc.com/myfox/pages/News/Detail?contentId=6140974&versi
>  > on=2&l
>  > ocale=EN-US&layoutCode=TSTY&pageId=3.3.1
>  >
>  >
>  > WASHINGTON  --  State Department workers viewed passport applications
>  > containing personal information about high-profile Americans,
>  > including the late Playboy playmate Anna Nicole Smith, at least 20
>  > times since January 2007, The Associated Press has learned.
>  _______________________________________________
>  Dataloss Mailing List (dataloss () attrition org)
>  http://attrition.org/dataloss
>
>  Tenable Network Security offers data leakage and compliance monitoring
>  solutions for large and small networks. Scan your network and monitor
>  your traffic to find the data needing protection before it leaks out!
>  http://www.tenablesecurity.com/products/compliance.shtml
>  _______________________________________________
>  Dataloss Mailing List (dataloss () attrition org)
>  http://attrition.org/dataloss
>
>  Tenable Network Security offers data leakage and compliance monitoring
>  solutions for large and small networks. Scan your network and monitor your
>  traffic to find the data needing protection before it leaks out!
>  http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml