Largely in reaction to a devastating cyber attack against Google last week, and general concern about the vulnerability of the nations information superhighway, the house passes the Cybersecurity Enhancement Act of 2009 (available at http://thomas.loc.gov/cgi-bin/query/z?c111:h4061) 422 to 5. The companion bill in the senate is Cybersecurity Act of 2009, or Senate Bill 773, will “ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cyber security defenses against disruption, and for other purposes.” The senate bill is much broader in scope (calling for example a cybersecurity [...]
|
|||||
|
By Robert Hudock, on February 5th, 2010
 Print This PostFebruary 5th, 2010 | Tags: Cybersecurity Act of 2009, Cybersecurity Enhancement Act of 2009 . HR4061, SB773 | Category: Computer Security Law -- Federal, Cyber Security Enhancement Act of 2009, Expert Systems, Law and Technology, NIST |
Leave a comment
Print This PostBy Robert Hudock, on September 11th, 2009
Print This PostSocial networking sites, efficient search tools (bing, dogpile, google, yahoo), blogs, cookies, mailing lists, message boards, active x controls/ embedded java script on websites and other databases make it easy to identify that new business prospect or easily cross-reference materials from multiple sources to yield unique insights into a matter of interest. However, these online repositories of data are making it much more difficult to maintain the anonymity of those whose confidential information has been de-identified. De-identified data has many useful purposes; the data can be used in its aggregate for tracking disease, flu outbreaks, tax purposes, etc. There is a darker use of these many data sources, where those in our society that are ethically challenged use these data sources for socially unproductive purposes. [...] September 11th, 2009 | Tags: adversary, auxiliary information, census data, cyber harrasment, cyber stalking, data fingerprint, de-identified, HIPAA, identify, PHI, PII, re0identified | Category: CMS, Computer Security Law -- Federal, Deidentified Health Information, HIPAA Privacy, Health and Humans Services (HHS), Identity Theft, Individually identifiable health information, Law and Technology, Privacy, Safe Harbor Method, unsecured protected health information |
Leave a comment
Print This PostBy Robert Hudock, on September 8th, 2009
Print This PostSecurity Incidents can be accidental incursions or deliberate attempts to break into systems and can be benign to malicious in purpose or consequence, each incident requires a careful response at a level commensurate with its potential impact to the security of individuals and your organization as a whole however few organizations have an appropriate security incident policy. The fundamental components of a security incident response plan include the following — [...] September 8th, 2009 | Tags: malicious hackers, malware, NIST, policy, Privacy, security, security incident | Category: Computer Security Law -- Federal, Data Hemorrages, FTC Security Breach Notification, Forensic Tools, HIPAA Privacy, HIPAA Security, Identity Theft, Law and Technology, Media Sanitization, NIST, Peer-2-Peer File Sharing, Privacy, State Privacy and Computer Security Laws, State Security Breach Laws |
2 comments
Print This PostBy Robert Hudock, on July 7th, 2009
Print This PostThe California E-Discovery Act(“the Act”) establishing procedures for a party to obtain electronically stored information (ESI), similar to the Federal Rules of E-Discovery (December, 2006), was signed into law on June 29 by Governor Arnold Schwarzenegger. The Act implements new rules for electronic discovery in California civil cases. The Act tracks the 2006 amendments to the Federal Rules of Civil Procedure. [...] July 7th, 2009 | Tags: California, EDiscovery, ESI | Category: Attorney-Client Privilege, Discovery Plan, E-Discovery, FRCP 26(b)(2)(B) "Not Reasonably Accessible", FRCP 26(b)(5)(B) or FRE 502, FRCP 37(e) Safe Harbor, FRCP Rule 26(f) - Reasonably Useable Format, Law and Technology, Local Court Rule, Form or Guideline |
Leave a comment
Print This PostBy Robert Hudock, on June 20th, 2009
Print This PostGoing to Court to force an ISP to disclose the identity raises many issues including First Amendment issues. For example, On June 13, 2007, the New Jersey Township of Manalapan filed a malpractice suit against its former attorney Stuart Moskovitz, alleging misconduct regarding the Township’s purchase of polluted land in 2005. The decision to file suit was met by a lively debate in the regional press and among localbloggers. One blogger who was particularly critical of the Township, of this and other decisions, was Blogspot blogger “datruthsquad” (http://www.eff.org/cases/manalapan-v-moskovitz). Long story short the Township lost, a copy of EFF’s motion squash is available here motiontoquashmpa-signed; and the Court order squashing the subpoena is available here order-122107. However, there may exist an alternative method for “unmasking” anonymous bloggers, cyber-stalkers, etc. using public information. Everyone has a unique writeprint (basically a written fingerprint that can be used to identify him or her). This technique s has traditionally been used to identify the true author of a text (e.g. a book) where authorship is disputed or unknown. Forensics linguistics has been used to provide evidence in trademark disputes cases, identifying the author of anonymous texts (such as threat or harassment letters), and identifying cases of plagiarism. The identification process relies on the analysis of an individual’s particular patterns of language use (vocabulary, collocations, pronunciation, spelling, grammar, etc.). The term “idiolect” is defined as the speech patterns of a specific person (a dialect, unique in pronunciation, grammar, and vocabulary to a single person). Stylistic features can be used to create a fingerprint of an individual’s writing style (a linguistic fingerprint is called a “writeprint”). A writeprint is composed of features that represent an author’s writing style, which are consistent across all of an individual’s writings. For a gentle introduction, see Digital fingerprints: tiny behavioral differences can reveal your identity, by Julie Rehmeyer in the January 13, 2007 issue of Science News (Westlaw cite 2007 WLNR [...] June 20th, 2009 | Tags: 1st Amendment, Bloggers, forensic linquistics, Writeprint | Category: Forensic Linguistics, Forensic Tools, Law and Technology, Open Source, Privacy, Privacy Law, Statistical Methods Use Thereof |
One comment
Print This PostBy Robert Hudock, on April 26th, 2009
Print This PostOn April 23rd Senator John Rockefeller IV introduced the Health Information Technology Public Utility Act of 2009 to to build upon open the source electronic health record (eleconic medical record) solution developed by the Department of Veterans Affairs (called VistA) and other open source software (e.g. OpenEMR). Unlike proprietary “closed source” software solutions, open source software allows unrestricted access to the source code and does not prohibit the use or re-distribution of [...] April 26th, 2009 | Tags: CCHIT, ClearHealth, Department of Veterans Affairs, EHR, EMR, Health Information Technology Public Utility Act of 2009, HIPAA, HIT, VistA | Category: American Recovery and Reinvestment Act, CCHIT, EMR, HIPAA Security, HITECH Act, Health Information Technology, Health Reform, Open Source |
Leave a comment
Print This PostImprove the web with Nofollow Reciprocity. |
|||||
|
Copyright © 2010 Law Blog 2.0 - Robert Hudock, Esq., CISSP - All Rights Reserved - This Blog is a personal blog of Robert Hudock. |
|||||
Open Source Programmers Collaborate To Improve the CONNECT Gateway
On August 27th open source programmers met at HHS to work on developing CONNECT, an open-source solution, written in Java, for the development and implementation of HIE gateways and interfaces to join NHIN and/or interface multiple systems with incompatible communication protocols. The goal of an HIE is to facilitate access to and retrieval of clinical data to provide safer, more timely, efficient, effective, equitable, patient-centered care. HIEs are also useful for public health authorities to assist in analysis of the health of a population. Federal Health Architecture is intended to deliver free, scalable solution to help organizations to tie health information systems into the NHIN. Thus far the project has yielded at least one success (outside of the federal government) where data have been successfully transferred between a civilian hospital and the [...]