News

Everything you need to know about email

[Jan 18, 2011]

Here, then, is enough advice for a lifetime, distilled into the only three things you need to know about email…

Email is not work.
There is no right way, only your way.
The winner is the one who spends the least time in their inbox.

Taking Week Off

[Jan 06, 2011]

I will be traveling on vacation from January 9-13th.
Please feel free to email me and I will respond upon my return.
If you’re a current client or project, I will be checking my email occasionally during my trip and can still provide support.

Where is your data?

[Nov 17, 2010]

Recently the ‘menu special’ within the security news has been backlash over airport security and the TSA. Air travelers may choose between the Full-body scanning machine or at their preference, a very detailed pat-down. The majority, favoring the very exposing full-body scanners.

But have no fear…. the TSA has repeatedly stated that images from the scans are not and can not be stored, printed, or transmitted (http://www.tsa.gov/approach/tech/ait/privacy.shtm).

This message, which is being clearly stated, is not entirely true. It turns out that the machines can do all three of those things (http://epic.org/privacy/airtravel/backscatter/TSA_Reply_House.pdf). “TSA requires AIT machines to have the capability to retain and export imagines only for testing, training. and evaluation purposes”.

Lesson 1: Make sure you clearly know both what data you regularly store and consider what data you may potentially store.

This is a common theme I find with many organizations, especially in the audit/compliance arena. The client may state: “Well they may be able to do ABC, but, there is a policy which states they should not be doing it, so they don’t”.

Can you guess where I am heading now?

William Bordley, an associate general counsel with the Marshals Service, acknowledged in the letter that “approximately 35,314 images…have been stored on the Brijot Gen2 machine” used in the Orlando, Fla. federal courthouse. In addition, Bordley wrote, a Millivision machine was tested in the Washington, D.C. federal courthouse but it was sent back to the manufacturer, which now apparently possesses the image database. (source: Cnet News).

Lesson 2: Know where your data really is. Not just where it “should” be.

Note: My purpose in writing this post was to point out the issues with data privacy & confidentiality. This applies to all organizations, including the TSA and law enforcement. While I am personally not a fan of thorough pat-downs, this article was not intended to be critical of the new procedures of TSA. I will let Bruce Schneier take the lead on that one.