I want to throw around some theories.

Cyberwar, a term used widely in the news lately appears to be applied to attacks on nation-states, and very appropriately so.

Not spoken of very often are the attacks on and silent war by cyber criminals against corporations around the world.

Case in point is Friday’s Wall Street Journal front page article entitled “Accounts Raided In Global Bank Hack.” The main reason this war is not widely spoken about is that most attacks on private business go unreported. News of a security breach is potentially devastating to most private businesses. When the police are called in or get involved, it gets reported.

Despite the fact that statistically breaches on large corporations, like TJ Max, do not necessarily harm the corporation, who wants to take the chance of a damaged reputation they can’t recover from? But this is merely stating the obvious. As the potential for cyberwar increases nation-states continue to develop tools or weapons and strategies. So, what can corporations do besides detect, clean up, and re-secure their networks? Determine attribution? Huge problem. Comments, thoughts? Watch for some more thoughts on this topic and others.

Google maps now has a fun interface to explore Antarctica from a penguin’s view (above water only).

Google must be getting more sensitive about local privacy laws. I see that some penguins have their identity protected — the images are a little fuzzy.

An argument against upgrading ATMs in the US has long been related to cost. The number of devices, their age and diversity, and the wide distribution area all make for a daunting process. Remote upgrades, even if possible, are not sufficient to thwart the latest skimming attacks. The hardware also has to be replaced.

A flush face, for example, would prevent any kind of skimming device. Imagine a plain glass interface with a touch screen and a slot, like a giant iPad. Anything placed on the glass would be a dead giveaway. Chip and pin, likewise, could be installed so Americans could enjoy some of the same security features found abroad. The possibilities for anti-fraud are great, except for the problem of getting new hardware into the field. Fraud has apparently not been cause enough for a major overhaul.

This could soon change due to a ruling by the US government related to the Treasury Department’s upcoming plan to make money accessible to the blind and visually impaired per the 1973 Federal Rehabilitation Act. The general counsel of Cardtronics, which runs tens of thousands of ATMs, has this to say in response to the plan:

“Cardtronics will be adversely affected should such a change in currency force us to make hardware and/or software changes in order for our ATMs to continue to function properly,” Keller wrote. “Retrofitting ATMs all over the country is costly not only due to purchasing the hardware/software upgrades from the manufacturer, but the labor and travel associated with a large number of upgrades required in a relatively short period of time. In some cases, retrofitting older models is not possible and would require us to replace such ATMs.”

He likens innovation in hardware to a drag on the industry:

In addition to causing ATMs to jam, an ill-designed tactile character would lead to fewer bills being placed in each cassette, Keller wrote. “Both problems could stall the industry and, in turn, stall commerce,” he said.

…or it could spur commerce though increasing the customer base, while reducing the cost of improving security and lowering ATM fraud risk.

A bill called the “FasTrak Privacy Bill” has been signed by the California Governor into law. It was authored by State Senator Joe Simitian

Senate Bill 1268, protects “locational privacy,” a person’s right not to be tracked while driving, in the following ways:
— Prohibits transportation agencies from selling or sharing personal data;
— Requires them to purge the data when it is no longer needed;
— Sets penalties for violations; and,
— Ensures that FasTrak subscribers are given notice of the privacy practices affecting them.

“There’s just no reason for a government agency to track the movements of Californians, let alone maintain that information in a database forever and ever,” said Simitian.

This is a great idea and nicely worded but I see a couple ways companies might try to get around this law. First, the data may not be clearly owned by the transportation agency. FasTrak data is agency specific but not cell phone or bluetooth data, both of which also are tracked and recorded as location data. If an entity is not under contract with a transportation agency it is excluded. The transportation agency can be just one consumer of the data rather than the clear steward or owner. Second, this is complicated by cloud and similar shared data environments with multiple tenants working on “traffic congestion” and “interoperability” projects.

The bill has a “fact sheet” that helps clarify the final text. Note the exception for search warrants:

A transportation agency may make personally identifiable information of a person available to a law enforcement agency only pursuant to a search warrant. Absent a provision in the search warrant to the contrary, the law enforcement agency shall immediately, but in any event within no more than five days, notify the person that his or her records have been obtained and shall provide the person with a copy of the search warrant and the identity of the law enforcement agency or peace officer to whom the records were provided.

The retention period says personal information other than billing data has to be purged within six months after the billing cycle ends, and all information has to be purged within 150 days after an account is closed.

Penalty for violating location privacy is set at “actual damages” or $2,500 for the first three violations; $4,000 for each violation after that as well as cost recovery including attorney’s fees.