Companies won’t learn from the T-Mobile/Experian hack — Om Malik

Last Thursday, John Legere, the C.E.O. of T-Mobile, joined the ranks of the dozens of chief executives who, in the past few years, have had to inform their customers that their personal information has been stolen. “One of our vendors, Experian, experienced a data breach,” Legere tweeted, referring to a Dublin-based credit bureau that his company uses to collect, store, and secure customers’ personal information. Experian explained the details on its Web site:

The unauthorized access was in an isolated incident over a limited period of time. It included access to a server that contained personal information for consumers who applied for T-Mobile USA postpaid services or products, which require a credit check, from Sept. 1, 2013 through Sept. 16, 2015. Records containing a name, address, Social Security number, date of birth, identification number (typically a driver’s license, military ID, or passport number) and additional information used in T-Mobile’s own credit assessment were accessed. No payment card or banking information was obtained.

As one of the fifteen million people who applied for T-Mobile USA’s post-paid services during that period, I was particularly aghast to learn about this breach. T-Mobile USA has, in the past two and a half years, been selling itself as an “uncarrier,” dedicated to upending the telecom industry’s status quo by offering simpler, cheaper, and more intelligible plans. I’d bought into this spin, and believed that it was the way forward for the industry.

Although no financial information was stolen in the T-Mobile breach, the completeness of the data that was acquired is akin to a Lego set for an identity thief. The fraudsters can set up new lines of credit or file for phony tax refunds in our names, and there isn’t much we can do about it. The cybersecurity consultant Bryan Seely told the Seattle Times that, on a scale of one to ten, this breach rates a seven, because it included fifteen million Social Security numbers, along with names and addresses. “When Target had a breach, people were reissued cards. You can’t reissue Socials that easily,” he said. Over the weekend, the e-commerce security firm Trustev claimed that it had found data sets from the Experian hack for sale on the dark Web…

By now, we’re familiar with this pattern: a company discloses a data theft, executives express grave concern, and customers are left to reset their passwords and sign up for free data protection, feeling all the while like data piñatas…

An offer of a credit-watching service in the wake of a hack is sort of like getting an alert after a fire has burned down your house. Moreover, in a recent blog post, Brian Krebs, of Krebs on Security, wrote, “Identity protection services like those offered by CSID, Experian and others do little to block identity theft: The most you can hope for from these services is that they will notify you after crooks have opened a new line of credit in your name.

RTFA for more details and Om’s analysis including the political problems with trying to get business security into the 21st Century. As Om says, 800 data breaches in one year proves the status quo isn’t working.

Copper parks in tall grass after stopping motorcycle — car goes up in flames

A witness to the intense fire said the police officer pulled over a speeding motorbike rider at the intersection of Wivenhoe-Somerset Drive and Northbrook Parkway near Mount Glorious but when the bike took off again, it looked like the officer tried to give chase.

“Next minute the bloody cop car drives down the bank,” truck driver David Hunn said…

The Logan resident, who’d been out for a ride on his own motorbike, said the bike rider had stopped about 50 metres up the road.

He said by the time the police officer had “scrambled” up the bank and yelled at the rider to stop, there was smoke coming from the long grass under the unmarked car, likely from the hot exhaust pipe.

The 65-year-old said it was only minutes before flames had completely engulfed the car, which was eventually left a blackened shell.

“It was long grass so the car was basically nestled in the grass,” Mr Hunn said.

“It just caught fire straight away basically.”…

Mr Hunn described the stretch of road coming down from Mount Glorious as “a racetrack at the best of times” and accused both the motorcyclist and policeman of driving like maniacs.

“The bike came around me and I thought ‘shit he’s going quick’,” he said,

“The next minute, the bloody car came past me with no siren on. He was going like a bat out of hell.”

Mr Hunn said according to the rider’s friends they were going as much as 180km/h and the police car was catching up with the bike.

He said the officer caught up with the bike at the T-intersection, where he cut him off and attempted to block him in…

“If he’d kept the speed down a bit and saw which way it was going, he could have had the posse out and waiting for him because a bloody radio’s quicker than a bloody motorbike.”

A mate of mine down in Oz sent me this. Don’t know how he stopped laughing long enough to press the send key.

Yes, he’s a biker.

Thanks, Honeyman

Air Force clinic fires technician accused of being a witch

Groucho got it right

The Military Religious Freedom Foundation is representing a former Air Force contractor who says she was fired from a dental clinic at Fort Meade, Maryland, after complaining that her co-workers discriminated against her because she was Hindu. She claims they then accused her of being a witch.

Group founder and president Mikey Weinstein wrote in a letter to officials: “We have spoken with witnesses at the clinic under your command who have universally confirmed that, not only did this horrid harassment take place, but ever since the execution of her punishment for failing the religious test imposed by the leadership of Epes Dental Clinic, a particular offending party has effusively celebrated her replacement by a Catholic woman by saying publicly that ‘It’s good to see we got an angel, since last time we had the devil.’”

The alleged harassment violates a “vast sea” of Defense Department and Air Force directives as well as the U.S. Constitution, Weinstein writes.

“The No Establishment Clause of the First Amendment of our nation’s Constitution absolutely forbids the exact same type of practices which are so commonplace under your command in the brazen establishment of evangelical Christianity as the only approved solution for religious belief in the 579th D[ental] S[quadron] of the Epes Dental Clinic at Fort Meade…”

Reached by Air Force Times, Deborah Schoenfeld said that her co-workers at the Epes Dental Clinic harassed her over her Hindu faith, claiming she was satanic for wanting to practice yoga and meditating.

Speaking on condition of anonymity, two of her former co-workers confirmed Schoenfeld’s account to Air Force Times and said that other employees at the dental clinic are devoutly Christian and deeply suspicious of Hinduism. One of them confirmed that she was referred to as a “Hindu witch.”

One co-worker, who Schoenfeld said prayed for her to find Jesus, told her that meditation summons demons, adding that “all the soldiers who are doing meditation and yoga to help their PTSD, they are getting infected also,” Schoenfeld said.

When her requests for help through the chain of command went nowhere, she filed a formal complaint on Sept. 2, Schoenfeld said. That day, she was fired for allegedly using profanity against a co-worker, although she was not allowed to know who had accused her of doing so…

As it is so often in the United States, “defending religious liberty” means supporting only the advocacy of Christianity, evangelical and fundamentalist Christianity to the exclusion of all other belief systems religious or secular.

Hypocrisy and bigotry come along for the ride.

EU court ruling says US privacy protection sucks

The Atlantic Ocean just got a little wider. The European Court of Justice’s latest ruling has determined that the US “does not afford an adequate level of protection of personal data”.

The case brought against Facebook over the potential for US government snooping on European citizens’ data, throws the differences in internet culture into stark relief. But those differences have been growing for some time.

Also reflecting comparable difference between thoughtful Americans and corporate/government hacks.

Until Tuesday, it had been US companies – principally Google and Facebook – that had been driving the wedge in. In 2012 Google enraged European privacy regulators by declaring that it would unite data from its different services, mashing different privacy agreements into one. (The row is still going on.)

Then in 2014 the European Court of Justice declared that Google, as a “data processor” was covered by the data protection principles, and so must remove links about people from its search index that were “outdated, incorrect or irrelevant” (though with exceptions for public figures). Google has implemented the so-called “right to be forgotten” more or less, but the ruling infuriated many in the US…

Now the ECJ has ruled again, and once more highlighted the gulf in attitudes either side of the pond. “Safe harbour” ostensibly means that a European citizen’s personal data being processed by a US company on US-based computers is under the same protections as if it were still in Europe on a European-owned system. But the ECJ says it doesn’t protect that data from US government snooping – and so cannot be allowed.

The problem with safe harbour is that the US government now treats any data on computers of US-owned companies anywhere in the world as fair game for examination. Microsoft, in fact, is vigorously appealing a court case won (in the US) by the US government, which asserts that it has the right to access data held in one of the company’s Irish data centres. Safe harbour applied, in theory, to US companies but not to the US government; now the edifice has come crashing down…

Jim Killock, executive director of the Open Rights Group, commented: “In the face of the Snowden revelations, it is clear that safe harbour is not worth the paper its written on. We need a new agreement that will protect EU citizens from mass surveillance by the NSA.”…

In the longer term, the bigger problem will be the gap that is opening between the US and Europe. Privacy policies with teeth, the “right to be forgotten”, the desire to keep data inside Europe – all are at odds with the US’s treatment of data, which is more cavalier…Will Europe act as the example for the US to follow? History suggests not – which means the cultural gap is going to get wider.

I have to agree with Charles Arthur’s conclusions. The battle standard has been raised in the US by many organizations and individuals, even a few corporations – notably Apple. The rest of the tech industry will be guided by the almighty dollar and that may be aid and comfort to the rest of us.

Uncle Sugar may want to maintain a self-appointed right to snoop on everyone on Earth – while whining about cyber-spying. The ultimate in hypocrisy. But, just like the fiasco we went through in early days of global online communications – government prohibitions banning the sale of ordinary office software to keep those Dangerous Furriners from stealing our secrets :) – the paranoia of American politicians will end up limiting profits of American companies more than anything else. That won’t be allowed to last.

Asia is the new Europe

Can you visualize how the world economy has changed over the last 35 years?

Unless you’re a macroeconomist, that’s probably a pretty difficult task. But the 20-second video below will give you some quick insight., a website that helps people calculate the cost of doing home repairs, created this super-short and simple guide to understanding how the world has changed over the last 35 years…

You can see that the U.S. economy remains pretty dominant throughout, though its size as a proportion of the global economy rises and falls. It grew in relative terms through 1985, then shrunk through 1995, then grew again through 2002, then contracted until about 2009. Overall, the U.S. economy went from 25.7 percent of global Gross Domestic Product in 1980 to 22.5 percent in 2014…

Overall the biggest change that the graphic shows is probably the rise of Asia. In 1980, Asia accounted for about 20 percent of global economic activity, and Europe accounted for 32 percent, the site says. By 2012, those positions were reversed.

Our economic inertia becomes ennui. Not that politics as indoor sport inside the Beltway in Washington DC will change that for the better.

Tree of life includes 2.3 million species

Click to enlarge

The largest “tree of life” ever created has been released, spanning 3.5 billion years and 2.3 million species. The work was not carried out from scratch, as such an effort would consume a vast amount of man-hours. Instead the researchers compiled data from almost 500 existing smaller trees displaying the divergence and evolution of life as we understand it.

Way cool. Gotta love Duke University – when they’re scientists in the whole world of science.

The TPP Free-Trade Charade

This was published just before the “resolution” of negotiations. What changed? Details of how we’re screwed.

As negotiators and ministers from the United States and 11 other Pacific Rim countries meet in Atlanta in an effort to finalize the details of the sweeping new Trans-Pacific Partnership (TPP), some sober analysis is warranted. The biggest regional trade and investment agreement in history is not what it seems.

You will hear much about the importance of the TPP for “free trade.” The reality is that this is an agreement to manage its members’ trade and investment relations – and to do so on behalf of each country’s most powerful business lobbies. Make no mistake: It is evident from the main outstanding issues, over which negotiators are still haggling, that the TPP is not about “free” trade

For starters, consider what the agreement would do to expand intellectual property rights for big pharmaceutical companies, as we learned from leaked versions of the negotiating text. Economic research clearly shows the argument that such intellectual property rights promote research to be weak at best. In fact, there is evidence to the contrary: When the Supreme Court invalidated Myriad’s patent on the BRCA gene, it led to a burst of innovation that resulted in better tests at lower costs. Indeed, provisions in the TPP would restrain open competition and raise prices for consumers in the US and around the world – anathema to free trade…

Similarly, consider how the US hopes to use the TPP to manage trade for the tobacco industry. For decades, US-based tobacco companies have used foreign investor adjudication mechanisms created by agreements like the TPP to fight regulations intended to curb the public-health scourge of smoking. Under these investor-state dispute settlement (ISDS) systems, foreign investors gain new rights to sue national governments in binding private arbitration for regulations they see as diminishing the expected profitability of their investments…

To be sure, investors – wherever they call home – deserve protection from expropriation or discriminatory regulations. But ISDS goes much further: The obligation to compensate investors for losses of expected profits can and has been applied even where rules are nondiscriminatory and profits are made from causing public harm…

Imagine what would have happened if these provisions had been in place when the lethal effects of asbestos were discovered. Rather than shutting down manufacturers and forcing them to compensate those who had been harmed, under ISDS, governments would have had to pay the manufacturers not to kill their citizens. Taxpayers would have been hit twice – first to pay for the health damage caused by asbestos, and then to compensate manufacturers for their lost profits when the government stepped in to regulate a dangerous product.

It should surprise no one that America’s international agreements produce managed rather than free trade. That is what happens when the policymaking process is closed to non-business stakeholders – not to mention the people’s elected representatives in Congress.

That presumes, of course, that our Congress is up to performing required due diligence on behalf of American workers and their families. Something I still need to be convinced of.

Ben Bernanke says – More should have gone to jail for causing Great Recession

This season, Ben Bernanke was able to sit through an entire Nationals game.

During the financial meltdown in 2008, the then-chairman of the Federal Reserve would buy a lemonade and head to his seats two rows back from the Washington Nationals dugout, a respite from crisis. But often he would find himself huddling in the quiet of the stadium’s first-aid station or an empty stairwell for consultations on his BlackBerry about whatever economic catastrophe was looming.

“I think there was a reasonably good chance that, barring stabilization of the financial system, that we could have gone into a 1930s-style depression,” he says now in an interview with USA TODAY. “The panic that hit us was enormous — I think the worst in U.S. history.”

With publication of his memoir, The Courage to Act, on Tuesday by W.W. Norton & Co., Bernanke has some thoughts about what went right and what went wrong. For one thing, he says that more corporate executives should have gone to jail for their misdeeds. The Justice Department and other law-enforcement agencies focused on indicting or threatening to indict financial firms, he notes, “but it would have been my preference to have more investigation of individual action, since obviously everything what went wrong or was illegal was done by some individual, not by an abstract firm.”

He also offers a detailed rebuttal to critics who argue the government could and should have done more to rescue Lehman Brothers from bankruptcy in the worst weekend of a tumultuous time. “We were very, very determined not to let it collapse,” he says. “But we were out of bullets at that point.”

I happen to think Bernanke did a lot of good things right – and a few useless and wrong. Hindsight is always thrilling.

Please RTFA, watch the interview. USAToday doesn’t run the most stable online presence in American news; so, I hope all these links continue to work correctly. And, yes, I have my own list of individual crooks who should have done time – starting with everyone at the top of Countrywide Mortgage.