Climategate, TSA Leaks, A National Data Breach Notification Bill and The Law of Inevitable Disclosure

Riddle me this: When one does not know what it is, then it is something; But when one knows what it is, then it is nothing…what is it?

Recently we have witnessed a series of high-profile leaks, this in and of itself is nothing new we have been experiencing an orgy of disclosure since the early part of the decade, but the latest “disclosures” highlight the law of inevitable disclosure, which goes something like – if more than one person knows it then it will at some point in time be disclosed.

Climategate

Against the backdrop of Copenhagen and ongoing attempts to properly frame the climate issues impacting our world, against the billions being spent for and against ‘Green’, the political posturing, the claims, the denials, and the elevated ladder – seriously who could forget the elevated ladder Al Gore used to demonstrate the unprecedented increase in temperature levels in an Inconvenient Truth – we have Climategate,  the scientific communities equivalent of a Paris Hilton video.

A hacker broke into the computers at the University of East Anglia’s Climate Research Unit (aka CRU) and released 61 megabytes of confidential files onto the internet. These files included emails and other information which portray the climate scientists as colluding to manipulate data results, expressing doubts about their hypothesis on global warming, suppressing evidence that wouldn’t support their positions and some rather awkward emails concerning violence against those opposed to their views. No doubt they assumed many of these communications would be “private”.

TSA Leaks Screening Procedures

The Transportation Safety Administration (TSA) accidentally leaks a 93-page manual detailing specifics of the their screening procedures (here). The standard operating screening procedures document includes information on calibration techniques and limits of the X-ray machines, as well as information on how to treat various individuals from diplomats to law enforcement to prisoner transports. All in all a wealth of information that can be used to bypass controls.

The manual was posted as a redacted .pdf document, however they simply placed black rectangles over the sensitive text in the .pdf, instead of cutting the text itself. Anyone can uncover the hidden text by simply copying and pasting the blacked out portions into another document.

Data Accountability and Trust Act

It isn’t just negligence, technical goofs, and malicious actors attacking the sanctity of online secrets, the Federal government wants to play a role in ensuring what one might want to keep private is made public.

A national data breach notification bill was passed in the U.S. House of Representatives on Tuesday. The Data Accountability and Trust Act would require organizations to establish security policies and procedures, to follow FTC guidelines on data destruction, to ptrovide the FTC with information regarding various aspects of their data security policies and procedures and that all individuals and the FTC be notified in the event an organization experiences a breach.

Data Accountability and Trust Act – Requires the Federal Trade Commission ( FTC) to promulgate regulations requiring each person engaged in interstate commerce that owns or possesses electronic data containing personal information to establish security policies and procedures.

Authorizes the FTC to require a standard method or methods for destroying obsolete nonelectronic data.

Requires information brokers to submit their security policies to the FTC in conjunction with a security breach notification or on FTC request. Requires the FTC to conduct or require an audit of security practices when information brokers are required to provide notification of such a breach. Authorizes additional audits after a breach.

Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information.

Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information.

Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).

Prescribes procedures for notification to the FTC and affected individuals of information security breaches. Sets forth special notification requirements for breaches: (1) by contractors who maintain or process electronic data containing personal information; (2) involving telecommunications and computer services; and (3) of health information.

Preempts state information security laws.

Advertisements

2 thoughts on “Climategate, TSA Leaks, A National Data Breach Notification Bill and The Law of Inevitable Disclosure

  1. “Climategate” started out when there appeared on the Internet a collection of e-mails of a group of climatologists who work in the University of East Anglia in England. These documents reveal that some climatologists of international preeminence have manipulated the data of their investigations and have strongly tried to discredit climatologists who are not convinced that the increasing quantities of carbon dioxide in our atmosphere are the cause of global warming.

    It is true that a majority of the scientists who study climatic tendencies in our atmosphere have arrived at the conclusion that the world’s climate is changing, and they have convinced a group of politicians, some of whom are politically powerful, of the truth of their conclusions.

    A minority, however, is skeptical. Some believe that recent data that suggest that the average temperature of the atmosphere is going up can be explained by natural variations in solar radiation and that global warming is a temporary phenomenon. Others believe that the historical evidence indicating that the temperature of the atmosphere is going up at a dangerous rate is simply not reliable.

    Such lacks of agreement are common in the sciences. They are reduced and eventually eliminated with the accumulation of new evidence and of more refined theories or even by completely new ones. Such debates can persist for a period of decades. Academics often throw invective at one another in these debates. But typically this does not mean much.

    But the case of climate change is different. If the evidence indicates that global warming is progressive, is caused principally by our industrial processes, and will probably cause disastrous changes in our atmosphere before the end of the twenty-first century, then we do not have the time to verify precisely if this evidence is reliable. Such a process would be a question of many years of new investigations. And if the alarmist climatologists are right, such a delay would be tragic for all humanity.

    The difficulty is that economic and climatologic systems are very complicated. They are not like celestial mechanics, which involves only the interaction of gravity and centrifugal force, and efforts to construct computerized models to describe these complicated systems simply cannot include all the factors that are influential in the evolution of these complicated systems.

    All this does not necessarily indicate that the alarmist climatologists are not right. But it really means that if global warming is occurring, we cannot know exactly what will be the average temperature of our atmosphere in the year 2100 and what will be the average sea level of the world’s ocean in that year.

    It also means that we cannot be confident that efforts by the industrialized countries to reduce the amount of carbon dioxide in our atmosphere will have a significant influence on the evolution of the world’s climate.

    Alas, the reduction of carbon dioxide in our atmosphere would be very costly and would greatly change the lives of all the inhabitants of our planet–with the possibility (perhaps even the probability!) that all these efforts will be completely useless.

    Harleigh Kyson Jr.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s