I'm curious why I never hear anybody suggest a strictly opt-in system, with a disclosure contract required at sign-up time. It should explain the risks inherent in any such system, as well as spell out in detail exactly who is going to be allowed access to your data. A purely opt-in should keep the privacy pundits quiet... relatively, anyway. Legislation could accompany prohibiting any agency from discriminating based on participation.
Likewise, they could implement some sort of temporary authentication mechanism for the data "customers" providing them access to some subset of the data for some specified period of time — analogous to a HIPAA medical record release form. Surely a system could be engineered better than a single read-write BLOB field where everybody gets access. As with government classified systems they must simply ensure that the lowest access required is what is given to customers. Doctors would likely need a great deal of access, patients should probably have total access, insurance companies might need to know IF a certain procedure was done and if so by whom but only for current customers of theirs. I obviously haven't thought this through from all angles, but you get the idea. Easy as pi.
Don't get me wrong, I believe whole-heartedly that "the system" is severely broken as is and that any good thing to come along will just as surely become a tool for devious purposes. I also think that such a potentially useful tool and permitting its use by educated and informed consumers shouldn't be canned based on what harm could come of its abuse. Care must be taken, that's all. Protect this new IT asset against attackers (thieves, insurance agencies, etc) by sound engineering practices and peer review, and protect it from the broken bureaucracy with sound legislation.
Incidentally, I got a call this morning about an hour before noon EST from Chase. They said they "received information" that my credit card information was compromised. The only suspicious charge was from November, which I didn't notice on my own. This is also the only time Chase has done anything but screw me, so I was pleasantly surprised that they were dealing with it so well. Now I see this and think "hey, I'm part of the largest ___ in history!" Sweet.
The reign of Photoshop started years ago. It's no harder to manipulate a scanned negative or print than a digital original. Ken Rockwell is always touting how great his 175MP film scans look compared to anything digital has to offer, including the amazing 21MP shots from the EOS 5D mk II. His reviews wreak of flip-flopping bias both ways, but the numbers don't lie.
I wish they would've given me training on Office 2k7, the whole "ribbon" thing really screwed me up. Hours were wasted on simple tasks because I couldn't find where the page properties were, or some other such nonsense — I was cursing mad for the first few weeks. I'm no idiot, but it's fundamentally different from _all_ previous versions of Office.
As an end user in the USAF I'd like to offer a bit more perspective on how exactly this filtered down.
The official policy, as it has been preached to us for quite awhile, is that you're not allowed to use personally-owned removable media. If the government issues you a thumb drive, you're good to use it all over the place, so long as you scan it for viruses before accessing on a government PC. This latest policy change had a bit of wording that struck me as... well, dumb.
Starting this week, upon logon we all get yet-another-popup informing us of the change. Basically it's stating that any flash-based media are explicitly forbidden, government-issued or otherwise, regardless of form factor; while portable hard drives are still okay under certain circumstances. Writable optical media must be virus-scanned once after burning before they can be used legally, hard drives must be scanned every time before use.
This almost makes sense to me, except the odd bias against flash-based media. I can understand the caution with thumbdrives, uSD cards and the like, with all the careless data loss we've all read about, but the way it's worded makes it sound like they're blaming the underlying technology. My thumbdrive is no longer okay, but my iPod 5G is golden so long as I scan for viruses before accessing it. What? Seriously? What if I get a 3.5" SSD and stick it in a USB enclosure?
Maybe I'm just disgruntled about the policies that come down without any kind of justification or rationale whatsoever. It feels to we lowly bottom-dwellers like they're written by a committee of people who don't understand any of what they're legislating.
Also, to be fair, this move isn't entirely reactionary... I've heard rumblings for years about pending hard restrictions on USB devices. A few weeks ago we were briefed about some kind of automated encryption process that will be blanket applied to any USB mass storage device—to protect the data in case of loss. Couldn't squeeze any technical details out about that one though, it sounds like an exciting boondoggle coming down the pike.
Disclaimer: My views are in no way aligned with those of the US Government, my employer, and should not be taken as an official statement. I'm just whining.
Slashdot Mirror
I'm curious why I never hear anybody suggest a strictly opt-in system, with a disclosure contract required at sign-up time. It should explain the risks inherent in any such system, as well as spell out in detail exactly who is going to be allowed access to your data. A purely opt-in should keep the privacy pundits quiet... relatively, anyway. Legislation could accompany prohibiting any agency from discriminating based on participation.
Likewise, they could implement some sort of temporary authentication mechanism for the data "customers" providing them access to some subset of the data for some specified period of time — analogous to a HIPAA medical record release form. Surely a system could be engineered better than a single read-write BLOB field where everybody gets access. As with government classified systems they must simply ensure that the lowest access required is what is given to customers. Doctors would likely need a great deal of access, patients should probably have total access, insurance companies might need to know IF a certain procedure was done and if so by whom but only for current customers of theirs. I obviously haven't thought this through from all angles, but you get the idea. Easy as pi.
Don't get me wrong, I believe whole-heartedly that "the system" is severely broken as is and that any good thing to come along will just as surely become a tool for devious purposes. I also think that such a potentially useful tool and permitting its use by educated and informed consumers shouldn't be canned based on what harm could come of its abuse. Care must be taken, that's all. Protect this new IT asset against attackers (thieves, insurance agencies, etc) by sound engineering practices and peer review, and protect it from the broken bureaucracy with sound legislation.
Please, for the love of common sense, somebody please mod this Insightful.
Incidentally, I got a call this morning about an hour before noon EST from Chase. They said they "received information" that my credit card information was compromised. The only suspicious charge was from November, which I didn't notice on my own. This is also the only time Chase has done anything but screw me, so I was pleasantly surprised that they were dealing with it so well. Now I see this and think "hey, I'm part of the largest ___ in history!" Sweet.
The reign of Photoshop started years ago. It's no harder to manipulate a scanned negative or print than a digital original. Ken Rockwell is always touting how great his 175MP film scans look compared to anything digital has to offer, including the amazing 21MP shots from the EOS 5D mk II. His reviews wreak of flip-flopping bias both ways, but the numbers don't lie.
Quit your rational thinking! Get out!
I wish they would've given me training on Office 2k7, the whole "ribbon" thing really screwed me up. Hours were wasted on simple tasks because I couldn't find where the page properties were, or some other such nonsense — I was cursing mad for the first few weeks. I'm no idiot, but it's fundamentally different from _all_ previous versions of Office.
Come to think of it... I'm still sour about that.
As an end user in the USAF I'd like to offer a bit more perspective on how exactly this filtered down.
The official policy, as it has been preached to us for quite awhile, is that you're not allowed to use personally-owned removable media. If the government issues you a thumb drive, you're good to use it all over the place, so long as you scan it for viruses before accessing on a government PC. This latest policy change had a bit of wording that struck me as... well, dumb.
Starting this week, upon logon we all get yet-another-popup informing us of the change. Basically it's stating that any flash-based media are explicitly forbidden, government-issued or otherwise, regardless of form factor; while portable hard drives are still okay under certain circumstances. Writable optical media must be virus-scanned once after burning before they can be used legally, hard drives must be scanned every time before use.
This almost makes sense to me, except the odd bias against flash-based media. I can understand the caution with thumbdrives, uSD cards and the like, with all the careless data loss we've all read about, but the way it's worded makes it sound like they're blaming the underlying technology. My thumbdrive is no longer okay, but my iPod 5G is golden so long as I scan for viruses before accessing it. What? Seriously? What if I get a 3.5" SSD and stick it in a USB enclosure?
Maybe I'm just disgruntled about the policies that come down without any kind of justification or rationale whatsoever. It feels to we lowly bottom-dwellers like they're written by a committee of people who don't understand any of what they're legislating.
Also, to be fair, this move isn't entirely reactionary... I've heard rumblings for years about pending hard restrictions on USB devices. A few weeks ago we were briefed about some kind of automated encryption process that will be blanket applied to any USB mass storage device—to protect the data in case of loss. Couldn't squeeze any technical details out about that one though, it sounds like an exciting boondoggle coming down the pike.
Disclaimer: My views are in no way aligned with those of the US Government, my employer, and should not be taken as an official statement. I'm just whining.