Harvard Law Loses Legal Services Client Data

The ABA Journal reports that a computer technician at Harvard Law School Clinic in Jamaica Plain lost a backup tape in the subway. This tape contains over 8,000 records for legal services clients and 13,000 records for other people, which contained Social Security Numbers and other personal data. – K

Security News Highlights

Lately, I’ve been running across stories about computer security that run the gamut from trivial to terrifying. For example:

• NPR had a segment about those annoying CAPTCHAs and how they can be used to help digitize old books.
• Sophos confirmed that we aren’t very good at protecting our own privacy — 41 percent of Facebook users gave up personal information to a small green plastic frog.  As a part of this research, Sophos put together a list of best practices for protecting your privacy on Facebook.
• The NSA published a report on How to Safely Publish Sanitized Reports Converted From Word 2007 to PDF. And if you are looking for additional security how-tos, check out their security configuration guides.
• Wired ran a story about how to protect yourself from snoops when you are using Gmail.
• The New York Divorce Law Blog reviewed a ruling where a wife was allowed to use evidence of her husband’s Internet activities in the proceedings.
• The ABA Journal reported that the MIT students who hacked the transit system can talk publicly about the security flaws.
• The BBC wrote about a new exploit that inserts a malicious link into clipboards. (My favorite line: “Our work would be so much easier if our enemy would be stupid.” It’s so true under so many circumstances.)
• VentureBeat passed on information that pacemakers can be hacked. This hack was presented at from DefCon, a huge security conference.

The good news is that TechSoup.org is currently putting on a Special Security Event, so you can learn about what you need to do to protect yourself. – K

Passwords Are Broken. What Now?

On Saturday, The New York Times was brave enough to say what we all know: Passwords are inherently insecure. And this insecurity can’t be blamed on the users who write passwords down and post them on their computer monitors, use one of the common passwords, or don’t change their passwords often enough. Even if users followed these basic rules, passwords still wouldn’t work because the log-on procedure itself is risky due to phishing, keystroke logging, and other security threats.

While the article suggests using an alternative that depends on cryptography instead of mnemonics, currently it looks like there isn’t a good solution for this problem. (For those of you who are suggesting biometrics, fingerprints aren’t as secure as you would think: Burn Notice taught me that a copy of the fingerprint is left on the scanner and can be pulled off with Play-Doh to be used again.)

So since it looks like it will be a while until there is an accepted replacement for passwords, I’ve pulled together some resources to help you educate your users about password security.

• SafePasswd will generate strong, but easy-to-remember passwords.
• Montana Legal Services Association’s Password Creation Guidelines provides guidelines for users on how to and how not to create strong passwords.
• Strong Passwords and Password Security from Microsoft provides some information about strong passwords, how to create them, and even some security tips on passwords and Windows XP. – K

Free Criminal History Check Now Available

I happened upon another one of those sites that both scares and intrigues me: CriminalSearches.com. Now you can search for people’s criminal histories for free. While a site like this could be helpful for legal aid attorneys who want to do a quick search on opposing parties, the New York Times points out how the site could actually prove to be a problem for both those leaving jail and attempting to start anew as well as the general public. Thanks to Doc Mara for pointing this out. – K

Data Breach Affects Justice Breyer

An interesting twist on what is becoming a familiar story — An employee at the Wagner Resource Group installed LimeWire to share files.  Unfortunately, at the same time as the employee was sharing music and movies, he or she also shared information that contained Justice Breyer’s and several other prominent attorneys’ social security numbers, birth dates, and names. The full story is available from the ABAJournal. – K

Domestic Abuse Has Gone High Tech

I’ve mentioned before that computers, the Internet, and other technologies can be dangerous for domestic violence survivors. Online behavior that may be second nature for you — participating openly in social networks, sending e-mail, or even having an answering machine — may open up avenues for additional abuse for them.

Advocates who work with domestic violence survivors need to be aware of the risks of technology use as well as be able to assess if technology has already been used to abuse the survivor. For example:

• Has the abuser sent threatening messages via e-mail or instant messaging?
• Has the abuser used a pre-paid calling card or cell phone, which leaves almost no information trail, to call and harass your client?
• Has the abuser used software to monitor your client’s Internet use?

If you work with domestic violence survivors, I encourage you to spend some time reviewing the information on the Safety Net: the National Safe and Strategic Technology Project website. Safety Net is a program of the National Network to End Domestic Violence and was developed to educate people on how to use technology strategically in order to keep domestic violence survivors safe. In particular, I encourage you read A High-Tech Twist on Abuse, which has strategies and information for advocates as well as a safety planning handout for survivors. – K

What Do “They” Know About You?

Ira Flatow led an interesting conversation about online privacy on “Talk of the Nation: Science Friday.” With his guests, he explored what privacy means in a connected world and how people willingly give up information about themselves. You can listen to Friday’s show at the “Science Friday” website. -K