Is your computer hiding toxic substances? What about your iPad? Your Droid? Your email?

In the computer security field, confidential data is informally referred to as ‘toxic’. This is data that, if it falls into the wrong hands, could cause harm. Toxic data includes social security numbers, driver’s license numbers, patient health information, credit card numbers, student records, and other data protected either by state or federal law. Data is toxic because it could be used to steal from people, or to steal their identity. Toxic data must be properly protected.

Beware the toxic data!

Not only is this common sense, it’s also university policy. Policy 07-2 states that confidential information such as this must be stored on password-protected computers and transmitted only in encrypted or password-protected form. What this means is that if you have this kind of data on your electronic device (not just your desktop computer, incidentally, but also your smartphone, your tablet or your laptop) that device should be password-protected (see Proftech on mobile security for suggestions on how to do this for smartphones). And furthermore, you should never send this kind of information by email, because email is not a secure pathway. Email messages are no more secure than postcards.

Two other things you can do:

  • Make sure everything you use has a strong password (see this page for some suggestions)
  • Use WSU-SECURE to connect your laptop when on campus (and even some smartphones). Instructions here

Another reason to be careful with toxic data: State law requires that specific steps be taken to protect access to social security numbers, and that the entity responsible for releasing them must notify everyone whose data was released. This is an extremely expensive process, and the University can ill-afford this kind of unnecessary expenditure in these harrowing budget times.

So, stay away from toxic data. If you must meddle with it, make sure you keep it safe, both at rest and ‘in motion’. Don’t send it by email, and password-protect any file with toxic data if you are transporting it anywhere.

New Phishing Scheme Today

There’s a new, nasty phishing scheme that’s hitting faculty/staff inboxes today. It looks like a shipment notice from Amazon–a fur coat, or a Wii, or something. But it’s not.
First of all, you can see that your name isn’t in it. Second, and most important, if you hover (but DON’T CLICK) over the shipment number or any other live link, you will see that is pops up something that is most definitely NOT Amazon.
So, obviously, DON’T CLICK!
If you have already been taken in, immediately change your Amazon password (and probably your Wayne one as well).

Here’s what it looks like (from a screen capture of one I received this morning):

Amazon Phishing Screen Capture


Who owns your lectures? And the notes someone takes from them?

My colleague Aaron Perzanowski at Wayne’s Law School pointed out that UC Berkeley has made a rather startling pronouncement. In order to protect faculty members’ intellectual property, they have made it illegal to take notes or record lectures without the express permission of the professor (except in the case of students actually enrolled in the class, who may share written notes with classmates, but not sell them to students taking the course next semester). Commercial note-taking and audio/video recording is forbidden without the express permission of the faculty member.

I can understand the motivation (to protect intellectual property), although there’s some question about the ‘transformative’ value of note-taking (transforming ideas raises some ‘fair use’ issues that we’d better leave the lawyers to worry about.)

In any case, here’s the official policy, in case you’d like to read it for yourself. Thoughts? Discussion?

UC Berkeley Note-taking Policy

Here’s some ready-made discussion on the policy:


The PC is Dead. Zittrain says so.

I’ve been linking to lots of stuff lately, but this one I think should stir some comment here. It’s certainly stirred up a hornet’s nest on the web in general. See what you think:

The PC is Dead

Jonathan L. Zittrain (born 24 December 1969) is a US professor of Internet law at Harvard Law School and the Harvard Kennedy School, a professor of computer science at the Harvard School of Engineering and Applied Sciences, and a faculty co-director of Harvard’s Berkman Center for Internet & Society. He works in several intersections of the Internet with law and policy including intellectual property, censorship and filtering for content control and computer security. He founded a project at the Berkman Center for Internet and Society that develops classroom tools. (Wikipedia entry).