ALA | GOVERNMENT ACCOUNTABILITY OFFICE REPORT: DATA MINING

Library & Information Technology Association
Home LITA Membership LITA Committees Legislation & Regulation Committee GOVERNMENT ACCOUNTABILITY OFFICE REPORT DATA MINING GOVERNMENT ACCOUNTABILITY OFFICE REPORT: DATA MINING. August 2005. Agencies have taken steps to protect privacy in selected efforts, but significance compliance issues remain. Data Mining: Agencies Have Taken Key Steps to Protect Privacy in Selected Efforts, but Significant Compliance Issues Remain. GAO-05-866, August 15. http://www.gao.gov/cgi-bin/getrpt?GAO-05-866 highlights: http://www.gao.gov/highlights/d05866high.pdf ------------------------------------------------------------------- SUPREME COURT ADDRESSES ?INDUCEMENT OF COPYRIGHT INFRINGEMENT THROUGH SOFTWARE IN ANTICIPATED GROKSTER CASE "On June 27, 2005, in Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, Ltd., the United States Supreme Court held that software companies may be held liable for copyright infringement if there is evidence showing an intent to encourage infringement through use of their software by third parties." By Patricia Cunningham and David Weslow, Mondaq.com, 17 August 2005 http://www.mondaq.com/i_article.asp_Q_articleid_E_34378 (Registration Required) src: digital-copyright Digest of 19 August 2004 (issue 543) ------------------------------------------------------------------- NIST COMPILES CYBERSECURITY FLAWS DATABASE Scientists at the National Institute of Standards and Technology (NIST) have created a vast database designed to collect information on virtually all known cybersecurity vulnerabilities, updated daily with new information. The National Vulnerability Database (NVD), which combines information held in all federal databases, currently has about 12,000 listings and includes links to industry resources. According to Peter Mell, senior computer scientist at NIST and creator of NVD, about 10 new vulnerabilities are added each day. Nell, who characterized the NVD as "an encyclopedia of everything," said it can be useful both for the public at large and for computer developers seeking current information about security weaknesses in a wide range of commercial products. Federal Computer Week, 15 August 2005 http://www.fcw.com/article89911-08-15-05 src: Edupage, 17 August 2005 ------------------------------------------------------------------- BERKELEY PROJECT AIMS TO CREATE BETTER SEARCH TECHNOLOGIES Researchers at a new center being developed at the University of California at Berkeley will study search technologies in an effort "to solve the problems that have been engendered by the success of search," according to Robert Wilensky, the director of the center. Among the topics of study will be privacy, fraud, multimedia search, and personalization. Plans for the new center have not been finalized, but organizers said it will be an interdisciplinary effort, including 20 or so faculty from various departments. Wilensky said that having an environment with so many researchers from differing fields of study results in "something bigger than its parts." The new research center will encourage commercial search companies to participate. Higher education has played a prominent role in the development of search technologies. Both Google and Yahoo were started at Stanford University, while Lycos was born at Carnegie Mellon University. Other institutions around the country are also working on projects to further develop search technologies. CNET, 15 August 2005 http://news.com.com/2100-1038_3-5831050.html src: Edupage, 15 August 2005 ------------------------------------------------------------------- NEW YORK ADDS DISCLOSURE LAW New York State has enacted a law requiring corporate or public organizations to notify individuals in the event that personal information about them has been compromised. Similar in concept to a California law that went into effect two years ago, the New York law compels organizations that store sensitive information to contact consumers as quickly as is practical if there is evidence or suspicion that data including Social Security numbers or credit card numbers have been unlawfully accessed. At least 15 other states have passed similar legislation since California did. New York State Assembly member James Brennan, sponsor of the legislation, said, "If a person is not aware that he or she has been a victim of identity theft, then the damage done could be severe and irreversible," noting that the sooner people are made aware of security breaches involving sensitive data, the better their chances are of avoiding the worst repercussions. The Register, 12 August 2005 http://www.theregister.com/2005/08/12/ny_security_breaches_disclosure/ src: Edupage, 12 August 2005 ------------------------------------------------------------------- PREPRINT OF ?OPEN ACCESS WEBLIOGRAPHY??? AVAILABLE This annotated webliography presents a wide range of electronic resources related to the open access movement that were freely available on the Internet as of April 2005. By Adrian K. Ho and Charles W. Bailey, Jr. http://www.escholarlypub.com/cwb/oaw.htm This article appears in the volume 33, no. 3 (2005) issue of Reference Services Review, which is a special issue about "the role of the reference librarian in the development, management, dissemination, and sustainability of institutional repositories." http://thesius.emeraldinsight.com/vl=2409844/cl=18/nw=1/rpsv/cw/www/mcb/00907324/v33n3/contp1.htm Below is a list of the topics covered in the webliography: * Starting Points * Bibliographies * Debates * Directories--E-Prints, Institutional Repositories, and Technical Reports * Directories--Open Access and Free Journals * Directories and Guides--Copyright and Licensing * Directories and Guides--Open Access Publishing * Directories and Guides--Software * Disciplinary Archives * E-Serials about Open Access * Free E-Serials That Frequently Publish Open Access Articles * General Information * Mailing Lists * Organizations * Projects * Publishers and Distributors * Search Engines * Special Programs for Developing Countries * Statements * Weblogs src: date: Wed, 10 Aug 2005 11:16:22 -0500 to: digital-copyright@lists.umuc.edu message-id: <6.2.3.4.2.20050810111551.036a5160@mail.uh.edu> ------------------------------------------------------------------- COLLEGE BOOKSTORES TEST ACCESS TO DIGITAL TEXTBOOKS Ten colleges and universities are participating in a pilot project of selling electronic texts through the campuses' bookstores. Previously, electronic textbooks typically have only been available from individual publishers or online. Organizers of the project hope that by making the texts available from the campus bookstores, they will be able to accurately gauge student demand for the technology. Each participating institution will offer 25 to 30 texts electronically, though the books will also be available in paper form. Electronic texts will be priced at one-third less than hard-copy textbooks. Students who choose the electronic option will download a copy of the text to a computer, where they can read it, print it, search it for keywords, or listen to an audio version of it. The electronic text will have restrictions, however. The text cannot be transferred to any other computer, it cannot be printed in its entirety at one time, and it will only be available for five months, after which point it cannot be sold back to the bookstore. Chronicle of Higher Education, 9 August 2005 (sub. req'd) http://chronicle.com/prm/daily/2005/08/2005080901t.htm src: Edupage, 10 August 2005 ------------------------------------------------------------------- SPAMMER SETTLES WITH MICROSOFT Microsoft has reached a settlement with Scott Richter, a man once described as one of the top three spammers in the world. Efforts by Microsoft and New York Attorney General Eliot Spitzer in 2003 resulted in the collection of 8,000 e-mail messages containing 40,000 fraudulent statements sent by Richter's company, OptInRealBig. Richter earlier agreed to pay New York State $50,000; under the new settlement, Richter will pay Microsoft $7 million. According to Bradford L. Smith, chief counsel for the software giant, $5 million would be used to "increase our Internet enforcement efforts and expand technical and investigative support to help law enforcement address computer-related crimes," while another $1 million will be spent on improving computer access for the poor in New York State. The settlement also requires Richter to comply with state and federal laws governing e-mail and to submit to oversight of his company's operations for three years. New York Times, 10 August 2005 (registration req'd) http://www.nytimes.com/2005/08/10/technology/10spam.html src: Edupage, 10 August 2005 ------------------------------------------------------------------- UNIVERSITY AS AUTHOR? "The Kansas Supreme Court will soon decide whether the Kansas Board of Regents has to negotiate its intellectual property policy in the future, or whether it can simply hand down a decree - even one that asserts ownership of all faculty work." http://insidehighered.com/news/2005/08/08/kansas . By David Epstein, Insidehighered.com, August 8, 2005 src: date: Tue, 9 Aug 2005 10:40:09 -0400 to: message-ID: <9DA34CBC1BE8D84D964F635F4CD747FE1BB236@ADEEX02.us.umuc.edu> ------------------------------------------------------------------- RATING OPEN SOURCE APPLICATIONS A new initiative will provide a rating system for open source applications, with the goal of saving corporate IT departments the time and expense of evaluating such tools. Business Readiness Ratings, a project of Carnegie Mellon University, Intel, and a company called SpikeSource, will allow users to rate open source applications on a scale of 1 to 5 in 12 areas, including functionality, quality, and security. Many believe that one of the largest hurdles facing open source technology is the amount of testing that an organization must perform before implementing it. Charlie Brenner, a senior vice president at Fidelity Investments, which uses a range of open source applications, said, "If there had been an initiative like this two years ago, we could have leapfrogged a lot of what we did." Kim Polese of SpikeSource, which tests open source projects, said that companies would prefer to invest in tailoring software to their particular needs rather than simply testing it to see if it works. Anthony I. Wasserman, professor of software engineering at Carnegie Mellon, said the new rating system "will live or die based on community acceptance and participation." New York Times, 1 August 2005 (registration req'd) http://www.nytimes.com/2005/08/01/technology/01open.html src: Edupage, 01 August 2005 ------------------------------------------------------------------- ACCOUNTABILITY OFFICE FINDS SECURITY AGENCY BROKE PRIVACY LAW In a letter to Congress, the Government Accountability Office concluded that the Transportation Security Administration violated the Privacy Act when it obtained personal information about airline passengers from commercial data brokers during the test phase of the Secure Flight passenger prescreening program. According to the letter, "the agency did not provide appropriate disclosure about its collection, use and storage of personal information as required by the Privacy Act," and "the public did not receive the full protections" of the law. Violations of the Privacy Act of 1974, a federal law requiring government agencies to meet certain obligations when creating and maintaining systems of records, are civilly and criminally punishable. The Department of Homeland Security Privacy Office is also investigating whether the agency violated the Privacy Act during the test phase of Secure Flight. In fall 2004, TSA published a privacy impact assessment and three notices describing the Secure Flight program, and also ordered 72 commercial airlines to turn over passenger records from June 2004 to test Secure Flight. The agency assured the public repeatedly it would not have access to or store data from commercial data aggregators during the test phase. However, according to a notice and privacy impact assessment published in the Federal Register on June 22, TSA obtained passenger name records enhanced with commercial data during the testing of Secure Flight. The commercial data, which was obtained by contractor EagleForce Associates from commercial data brokers, included such information as name, home address, phone number, date of birth, and gender. EagleForce then provided the enhanced passenger records to TSA on CD-ROMs for use in watch list match testing. TSA continues to store this data. In a series of comments to the Department of Homeland Security, EPIC has repeatedly urged that the agency follow Privacy Act requirements when it gathers personal information on travelers. In a letter to Homeland Security Secretary Michael Chertoff in response to the GAO's findings, Senators Susan Collins and Joe Lieberman stated that "careless missteps such as this jeopardize the public trust and DHS' ability to deploy" Secure Flight. The GAO letter to Congress: http://www.gao.gov/new.items/d05864r.pdf TSA Nov. 15, 2004 Notice of Final Order: http://www.epic.org/redirect/noti904.html TSA June 22, 2005 System of Records Notice: http://www.epic.org/redirect/tsa62205.html Letter from Sens. Lieberman and Collins to Secretary Chertoff: http://www.epic.org/redirect/sens0705.html EPIC's Secure Flight Page: http://www.epic.org/privacy/airtravel/secureflight.html src: EPIC Alert, Volume 12.15, 28 July 2005 [http://www.epic.org/alert/EPIC_Alert_12.15.html] ------------------------------------------------------------------- Senate version of PATRIOT Act from: Larry Romans to: ALA Legislation Assembly re: Senate version of PATRIOT Act ? LA date: Sat, 23 Jul 2005 01:39:17 AM EDT From Bernadine Abbott Hoduski and ALA's Patrice McDermott on the changes in the Senate version of the USAPATRIOT Act: Here is our write-up on S. 1389. Patrice Late Weds night (actually early Thurs morning between 4&5), staff came to agreement on a bipartisan bill that the entire Judiciary committee could support. The bill was passed unanimously Thursday morning. S 1389 (USA PATRIOT Improvement and Reauthorization Act) Makes important improvements to protect the privacy of library users, Section 7 addresses Section 215 of the PATRIOT Act. It raises the standard for Section 215 orders beyond the current one ("records concerned are sought for...") by requiring that there be: 1) a factual basis for a request to the FISA Court - a statement of facts showing reason to believe the records or other things sought are relevant to an authorized investigation to obtain foreign intelligence information not concerning a U.S. person (citizen or resident alien) to protect against international terrorism or clandestine intelligence activities; and 2) a) that the records pertain to a foreign power or agent of a foreign power (spy or terrorist); b) are relevant to the activities of a suspected agent of a foreign power who is the subject of an authorized investigation; or c) pertain to an individual in contact with, or known to, a suspected agent of a foreign power. [This is intended to address FBI concerns about being able to get to the records of "Mohammed Atta's roommate" - someone who is not a suspected terrorist but whose records (e.g., credit card records) might contain information relevant to an authorized investigation.] The bill also requires that the tangible things sought be described "with sufficient particularity to permit them to be fairly defined." Section 7 of the bill also would require the Director of the FBI or the Deputy Director to give prior written approval to any application for a FISA Court order to compel production of library circulation records, library patron lists, book sales records, book customer lists, firearm sales records, or medical records containing personally identifiable information. Section 7 would grant recipients the right to consult an attorney, and to disclose the order to "any person necessary to produce the tangible things" or "other persons as permitted by the Director of the FBI or the Director's designee. Section 7 also would grant recipients of Section 215 orders the right to challenge them and their gag orders in the FISA Court by filing a petition. This provision is not everything we would want :the only grounds for setting aside or modifying the order would be its "lawfulness;" the challenge would be decided "ex parte in camera" (i.e., in secret) .An appeal to FISA court of review is provided, but it also meets only in secret and only hears from government officials. The FISA Court is required to develop and issue guidelines for review of petitions within 60 days of enactment. One of the problems the court will have to address is that Section 215 orders are classified and only those with national security clearance can see them. Section 7 provides for more detailed unclassified reporting on the use of Section 215 orders, including the total number of applications made for orders and the total number either granted modified, or denied, when the application or order involved the production of tangible things from a library, a book seller, the purchase of firearms, health information, or taxpayer return information. Section 8 addresses Section 505 of the USA PATRIOT Act. It would grant recipients of National Security Letters the right to petition to an appropriate U.S. District court to modify or set aside the request. The court could modify or set aside the order if compliance "would be unreasonable or oppressive or would violate any constitutional or other legal right or privilege of the petitioner." A right to challenge the gag order is provided, also in an appropriate U.S. District court . The court could modify or set aside the gag order if "there is no reason to believe the disclosure may endanger the national security of the United States, interfere with a criminal, counterterrorism, or counterintelligence investigation, interfere with diplomatic relations, or endanger the life of physical safety of any person." The court must consider as conclusive the certification by the government that disclosure might endanger the national security or interfere with diplomatic relations. The bill would also permit disclosure of National Security Letter requests to an attorney or person whose assistance is necessary to comply with the request. Section 8 would allow the Attorney General to seek enforcement of a National Security Letter if a recipient refuses to comply. Section 9 Extends the sunsets for Sections 215 and 206 ("John Doe Roving Wiretaps") until December 31, 2009. --------------------------------------- Larry Romans Head, Govt. Info. Services Political Science Bibliographer Central Library, Vanderbilt Univ.