Entries Tagged "reports"

Page 4 of 4

Photocopier Security

A modern photocopier is basically a computer with a scanner and printer attached. This computer has a hard drive, and scans of images are regularly stored on that drive. This means that when a photocopier is thrown away, that hard drive is filled with pages that the machine copied over its lifetime. As you might expect, some of those pages will contain sensitive information.

This 2011 report was written by the Inspector General of the National Archives and Records Administration (NARA). It found that the organization did nothing to safeguard its photocopiers.

Our audit found that opportunities exist to strengthen controls to ensure photocopier hard drives are protected from potential exposure. Specifically, we found the following weaknesses.

  • NARA lacks appropriate controls to ensure all photocopiers across the agency are accounted for and that any hard drives residing on these machines are tracked and properly sanitized or destroyed prior to disposal.
  • There are no policies documenting security measures to be taken for photocopiers utilized for general use nor are there procedures to ensure photocopier hard drives are sanitized or destroyed prior to disposal or at the end of the lease term.
  • Photocopier lease agreements and contracts do not include a “keep disk”1 or similar clause as required by NARA’s IT Security Methodology for Media Protection Policy version 5.1.

I don’t mean to single this organization out. Pretty much no one thinks about this security threat.

Posted on January 2, 2017 at 6:12 AMView Comments

Research on The Trade-off Between Free Services and Personal Data

New report: “The Tradeoff Fallacy: How marketers are misrepresenting American consumers and opening them up to exploitation.”

New Annenberg survey results indicate that marketers are misrepresenting a large majority of Americans by claiming that Americas give out information about themselves as a tradeoff for benefits they receive. To the contrary, the survey reveals most Americans do not believe that ‘data for discounts’ is a square deal.

The findings also suggest, in contrast to other academics’ claims, that Americans’ willingness to provide personal information to marketers cannot be explained by the public’s poor knowledge of the ins and outs of digital commerce. In fact, people who know more about ways marketers can use their personal information are more likely rather than less likely to accept discounts in exchange for data when presented with a real-life scenario.

Our findings, instead, support a new explanation: a majority of Americans are resigned to giving up their data­ — and that is why many appear to be engaging in tradeoffs. Resignation occurs when a person believes an undesirable outcome is inevitable and feels powerless to stop it. Rather than feeling able to make choices, Americans believe it is futile to manage what companies can learn about them. Our study reveals that more than half do not want to lose control over their information but also believe this loss of control has already happened.

By misrepresenting the American people and championing the tradeoff argument, marketers give policymakers false justifications for allowing the collection and use of all kinds of consumer data often in ways that the public find objectionable. Moreover, the futility we found, combined with a broad public fear about what companies can do with the data, portends serious difficulties not just for individuals but also — over time — for the institution of consumer commerce.

Some news articles.

Posted on June 17, 2015 at 6:44 AMView Comments

Terrorist Risks by City, According to Actual Data

I don’t know enough about the methodology to judge it, but it’s interesting:

In total, 64 cities are categorised as ‘extreme risk’ in Verisk Maplecroft’s new Global Alerts Dashboard (GAD), an online mapping and data portal that logs and analyses every reported terrorism incident down to levels of 100m² worldwide. Based on the intensity and frequency of attacks in the 12 months following February 2014, combined with the number and severity of incidents in the previous five years, six cities in Iraq top the ranking. Over this period, the country’s capital, Baghdad, suffered 380 terrorist attacks resulting in 1141 deaths and 3654 wounded, making it the world’s highest risk urban centre, followed by Mosul, Al Ramadi, Ba’qubah, Kirkuk and Al Hillah.

Outside of Iraq, other capital cities rated ‘extreme risk’ include Kabul, Afghanistan (13th most at risk), Mogadishu, Somalia (14th), Sana’a, Yemen (19th) and Tripoli, Libya (48th). However, with investment limited in conflict and post-conflict locations, it is the risk posed by terrorism in the primary cities of strategic economies, such as Egypt, Israel, Kenya, Nigeria and Pakistan that has the potential to threaten business and supply chain continuity.

A news article:

According to the index, which ranks world cities by the likelihood of a terror attack based on historic trends, 64 cities around the world are at “extreme risk” of a terror attack.

Of these, the majority are in the Middle East (27) or Asia (19).
Some 14 are in Africa, where the rise of Boko Haram and al-Shabaab as well as political instability have increased risk.

Three are in Europe — Luhansk (46) and Donetsk (56) in Ukraine, and Grozy (54) in Russia — while Colombia’s Cali (59) is the only South American city on the list.

No US city makes the list.

Posted on May 27, 2015 at 7:50 AMView Comments

New Pew Research Report on Americans' Attitudes on Privacy, Security, and Surveillance

This is interesting:

The surveys find that Americans feel privacy is important in their daily lives in a number of essential ways. Yet, they have a pervasive sense that they are under surveillance when in public and very few feel they have a great deal of control over the data that is collected about them and how it is used. Adding to earlier Pew Research reports that have documented low levels of trust in sectors that Americans associate with data collection and monitoring, the new findings show Americans also have exceedingly low levels of confidence in the privacy and security of the records that are maintained by a variety of institutions in the digital age.

While some Americans have taken modest steps to stem the tide of data collection, few have adopted advanced privacy-enhancing measures. However, majorities of Americans expect that a wide array of organizations should have limits on the length of time that they can retain records of their activities and communications. At the same time, Americans continue to express the belief that there should be greater limits on government surveillance programs. Additionally, they say it is important to preserve the ability to be anonymous for certain online activities.

Lots of detail in the reports.

Posted on May 21, 2015 at 1:05 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.