Friday, May 16, 2008

Personally Identifiable Information

Just this week Oklahoma State University announced a security breach (see here). Though these types of breaches seem to be few, the number of people adversely affected by them is quite large. Unfortunately the laws concerning Personally Identifiable Information are obviously quite lax.

One question that I have not been able to answer is why did the parking office need social security numbers? Why had the office not switched over to student ID's?

The sad fact is that most students are trusting, especially of their universities. That the university will protect the information that students must provide for financial aid and in this case too much information needed to obtain a parking permit rarely enters a student's mind. I know that I never cared until I entered my first graduate program.

The privacy laws are wholly inadequate and in need of desperate revision. Organizations that have such privacy breaches need to be dealt with harshly. The loss of information in these cases is not the fault of the person, but the organization. However the person is left to pick up the pieces of the organization's mistakes.

It would be interesting to know if and how Oklahoma State University has dealt with the persons responsible for data security. Were they reprimanded or released? Or is the university now just determined to 'fix' the problem?

Monday, May 5, 2008

How the RIAA, MPAA etc..want to use education funding to fight their battles

I thought I had posted this some time ago...Unfortunately it looks like my mind forgot to tell the rest of my body to actually 'post' this.

There is a movement to tie together copyright enforcement with federal education monies. The US House has their version, HR 4137. But the backlash is less on the state level. Therefore, you can now see similar legislation at the state level (Illinois).

The purpose of the legislation is to fight copyright infringement, as both the attached bills explain. If a university/college receives a certain number of copyright notices, they would be obligated to fight copyright infringement and/or install technological measures to protect copyrights. However, there is/are provisions for technological solutions to analyze the data traffic in an effort to determine if data transiting the network is copyrighted. Now I am not positive on the particulars of the technology, but it would require the network to look into the data packets and view the 'real' data. For the postal analogy, the postal carrier would now be authorised to open and read your post to your grandmother. Not surprisingly the backlash is relatively low at the state level as it is almost being sneaked in the 'back door'.

Now, we have had reports of a large increase in the number of DMCA Copyright notices...One can only wonder if there is a link between the increase in RIAA notices and the pending legislation. Maybe it is a way to perhaps show there is a quantifiable need for universities/colleges to do the work of the recording industry. As dollars for education are continuing to dwindle from the federal and state governments, this amounts to nothing more than "passing the buck" of copyright protection to cash strapped educational institutions.