Now the funny thing is that it's MANDATORY to report suspected cases of child abuse, and yet the priests who covered it up have never been charged. Covering it up after the fact also makes them accessories after the fact.
The letter makes it clear that the local priests would shut their mouths if the pedo was "given another chance" in Rome because that got him out of the local community:
When Fr. Prince was first proposed for his present position
in Rome (on the recommendation of the now Archbishop F. Franck), I
explained to the then Archbishop Jose Sanchez (now Cardinal Sanchez),
in his capacity as Secretary of the Congregation for the Evangeliza-
tion of Peoples, that, while the charge against Fr. Prince was very
serious, I would not object to him being given another chance since
it would remove him from the Canadian scene. (Archbishop Ambrozic
had already informed me that Fr. Prince was no longer welcome in the
Archdiocese of Toronto unless he underwent psychiatric treatment at
the Clarke Institute.)
... and the problems when it leaks out...
However, the knowledge and extend of Fr. Prince's previous
activity is now much more widespread among both the laity and the
clergy than previously existed. Hence, were he to be honoured in
any way it could easily trigger a reaction among the victim(s), or
others who are aware of his previous conduct, and this would prove
extremely embarrassing both to the Holy See and to the Diocese of
Pembroke, not to mention the possibility of criminal charges being
laid and a civil lawsuit ensuing.
... and check this out...
One redeeming factor is that it would appear that the victims
involved are of Polish descent and their respect for the priesthood
and the Church has made them refrain from making these allegations
public or laying a criminal charge against a priest. Had this happened
elsewhere there would be every danger that charges would have been
laid long ago with all the resultant scandal. Unfortunately one
priest, who was talking with one of the victims who partially revealed
Fr. Prince's activity while living with him in Ottawa, has been some-
what indiscreet in his comments about Fr. Prince, and has had to be
cautioned by the Vicar General in this respect. The priest in question
is also a good friend of the mother of one of the victims so he has
been able to glean additional information to confirm his suspicions
about Fr. Prince's activity and openly confronted the Vicar General
about his suspicions and knowledge.
Translation: "good thing they're just dumb pollacks, right? And we had to threaten another priest to keep his dumb mouth shut or else..."
But they still wanted to give the guy ANOTHER promotion...
However, as previously mentioned, a promotion of any kind
would indicate to the victim that he is being further victimized
and hence we could anticipate that a charge would be laid and a
public trial would follow. This has been the pattern which has
been followed in recent events of a similar nature and it is a
situation which we wish to avoid at all costs.
All in writing, all documented, so it's not "petty gossip" and the Nazi Pope can go sod off!
It states that you HAVE to run antivirus software on any computer handling such information. Got antivirus software for your your embedded devices or your mainframes? Didn't think so. The law was written by people who think "computer == windows pc". F'ing n00bs.
Reasonably up-to-date versions of system security agent software which must include malware protection and reasonably up-to-date patches and virus definitions, or a version of such software that can still be supported with up-to-date patches and virus definitions, and is set to receive the most current security updates on a regular basis.
So, who's writing viruses that attack Tru64 systems?. Again, this law was written by people who think "computer == desktop".
How would a normal email fit the criteria of PI? Email containing PI can be encrypted via TLS, PGP, etc.
TLS doesn't encrypt your stored email. Want to try again?
Huh? How could a slashdot account be considered a financial account? Do you babble just for the sake of babbling?
The definition of "financial account" is overly broad - it considers ANYTHING that can be classified as "an asset" and that can be misappropriated. Here's the actual wording:
A financial account is an account that if access is gained by an unauthorized person to such account, an increase of financial burden, or a misappropriation of monies, credit or other assets could result
So, under this law, pretty much any account can be considered a "financial asset". Your WoW account is a "financial asset" under this law. So is your paid subscription to slashdot. So is any online account if it is linked, in any way (say, by OpenID) to any other account.
Remember - people have been convicted of armed assault for kicking a cop, and the running show being the "weapon." This is how laws get stretched. It's also a nice way to extend taxation to virtual property in the future.
There's a difference between running an intrusion detection system, and running what they require - the exact words are " must include malware protection and reasonably up-to-date patches and virus definitions". They require antivirus software to be running. Say bye-bye to mainframes and embedded systems in Mass.
The "system security agent software" is not the same as the "antivirus" and "malware" software - the law sees them as two separate things. BTW - good luck getting clamav (or any av) to update itself in rom on an embedded system. The law is stooopid.
A wise and frugal government, which shall leave men free to regulate their own pursuits of industry and improvement, and shall not take from the mouth of labor the bread it has earned - this is the sum of good government.
-- Thomas Jefferson, 223 characters.
"Don't spend on shit, don't over-regulate shit, don't take my shit, or you're shit government."
-- 92 characters
"Don't do bad shit and don't touch my shit!"
-- 42 characters
you were almost convicted of being a serial killer but got off on a technicality and you're in the witness relocation program because after a subsequent contract hit went bad you cooperated with the feds;
Have the ashes of your commanding officer AND 4 of your mess mates in 5 urns on the mantle as the way to start the discussion; Hold a memorial service in their honour in your front yard every month, complete with flag; Invite the neighbours; explain that you fragged them because it was your turn to pay for the round;
"Are the voices in my head too loud for you?"
Bury a box in the back yard. Dig it up every few days, take it inside, and bury it again an hour later.
Put Jeebus stickers and kung fu crap all over your car. Don't forget the upside-down cross on your front door;
When buying eggs at the supermarket, don't just check if they're fresh - LISTEN to them. Talk to them once in a while too...
Hum the tune "dueling banjos" from Deliverance. They probably won't get it, but it'll put you in the right mindset,
Play music backwards - because you can (and nowaday's who can tell the diff anyways)? Or, to be really scary, play classical music.
Walk around with a patch over one eye. DON'T talk like a pirate;
Wear a motorcycle helmet while driving your car - "because it helps protect the steel plate the doctors put in";
Wear a priest's collar, and smile VERY broadly to their little children;
Record it all, let them know they've been had, and THEN leave town.
Do you, to the extent technically feasible, encrypt all PI records and files that are transmitted across public networks, and that are to be transmitted wirelessly?
In the end it doesn't matter - the law is unconstitutionally vague because its definition of "Financial account" can be made to cover anything, including a laundry stub, your slashdot account, or anything esle.
They mandate in the text of the law that you have to be running an up-to-date antivirus AND you have to have up-to-date patches. So, no xp for you, AND nothing that doesn't require an antivirus in the first place.
Got an antivirus for your embedded system or your mainframe? I didn't think so.
Ive noticed you've backed off on your claim that with the Governor's name and email address, you can get his credit card numbers.
Read what it says in the law about how it defines a "financial account."
A financial account is an account that if access is gained by an unauthorized person to such account, an increase of financial burden, or a misappropriation of monies, credit or other assets could result.
In other words, in-game currency or character upgrades, library books, online accounts, or pretty much anything else. The law is so vague that it's unconstitutional.
Non-routable addresses provide no benefit not provided by competent firewalling
... and everyone is competent?:-)
It lets us claw back almost 300 million IP addresses - that's a real benefit. An additional 10 years, allowing for hardware to get cheaper and cheaper.
Taslk about bullshit - did you look in the mirror lately?
1. Most corporate computers don't need that type of external access, not through a VPN, not through anything else.
2. Delaying the problem by 5 to 8 years allows the technology to get cheaper. And who knows, maybe by then we'll have found an even better solution. Or we'll do what we should have done in the first place - just added another 4 octets to the 56-octet IP header, as well as creating a standard jumbo frame that is more appropriate to today's speeds. Small packet sizes at the end points made sense when those end points had small buffers (because even 1 k was expensive), and speeds were slow, and files were measured in bytes (or at most, kb).
Adding a second 4-byte octet for "internal routing" - think the old hash-bang email routing protocol - after the packet has been received from the external net would also make routing easier, since routers wouldn't have to have much of a lookup table.
Since when is it not "technically feasible" to buy servers that run Windows? (I wouldn't, but that's just me).
"You had a data loss. We're fining you because you aren't in compliance. You weren't running malware and antivirus on your server farm."
... versus..
"You had a data loss. We can't fine you because you were running Windows with malware and antivirus on your server farm."
These people are not exactly technically literate, nor are they very outcome-minded, or they would have mandated the OUTCOME, not the procedures. "$X per offense. How you prevent it is your business."
Read the rest of the law - they mandate up-to-date antivirus software on every such system. Good luck telling them you don't need Symantec on VMS, AIX, BSD, etc.
What constitutes a "Financial account number" is VERY broad. Do you have a paid subscription to slashdot? Then that account info is included. Did you make a donation to groklaw? Ditto. Also, names you commonly go by in pubic count - so that would include nyms. It's a dumb law. Better to legislate the desired outcome, not the method of achieving it. In other words -:data breeches will cost you $X per event." Not "if you take these half-assed steps, you won't be liable."
So tell us, how is replacing all those servers with Windows crap + antivirus going to make things more secure?
Meanwhile, clawing back IPs is *extremely* non-trivial (have fun re-numbering the entire HP corporate network... assuming they don't fight you in court first)
From a security point of view, most of their computers SHOULD be re-numbered so that their addresses aren't publicly routable. Any attempt to "fight it in court" will quickly reveal that's a huge screw-up.
As I pointed out - government agencies ARE excluded.
And with your name, work address, and job title, that's enough to get all your other info.
Also - the part about requiring antivirus software means that all those mainframes have to be junked, because the law was framed by people who only know Windows. Fucktards.
Reasonably up-to-date versions of system security agent software which must include malware protection and reasonably up-to-date patches and virus definitions, or a version of such software that can still be supported with up-to-date patches and virus definitions, and is set to receive the most current security updates on a regular basis.
How about if you answer "I run BSD/VMS/linux, you ignorant clod"?
Please note, this FAQ contains personally identifiable information - First and last names, job titles, address of employment, phone and fax number, of Governor Deval L. Patrick, Lieutenant Governor Timothyt P. Murray, Secretary of Housing and Economic Development Gregory Bialecki, and Undersecretary Barbara Anthony. It was obtained by http - NOT https, as required by the law.
The only reason THEY can get away with it is because... guess what... government agencies are excluded. "Do as I say, not as I do."
Example: "Have you stored your records and data containing PI in locked facilities, storage areas or containers?" - better not have a hardcopy of any records in an unlocked drawer,or take them home to work on.
Or this gem "A reasonably secure method of assigning/selecting passwords, or for use of unique identifier technologies (such as biometrics or token devices)?" Like biometrics can't be gotten around with some gummy bears, or sticky tape, or a picture.
"Have you identified the paper, electronic and other records, computing systems, and storage media, including laptops and portable devices, that contain personal information?" - so much for using your smartphone for email and phone calls since you have an unencrypted phone book sitting in there (or evenif it's encrypted, it can be accessed at will without having to enter a password each time - and a 4-digit "unlock" is not considered an effective password under the law... so sux 2 b u.
What's to keep them from, at random, sending out a form that DID send the data back?
they complain. You go and check it out - see the form that doesn't send the data back, and say "don't worry." YOU are the secondary target of the social engineering - and YOU just helped vet them.
Or, one in 100 times, you check and you also see the phishing version. But since it can't be repeated, next time you go back, it's "gee, maybe you have a virus on your machine?" Or they set a cookie flagging that machine, so it comes up clean each time.
Lots of malware already works that way. So don't be a n00b, mkay?
Let them start doing proper networking, with only publicly-accessible machines having a publicly-routable address. They should be doing this anyway just from a security standpoint. Do you really think it's that smart that every computer in the DoD have a publicly-routable address. "Do you want to play a game?"
You obviously didn't RTFA. No, they don't run out in 2 years - just no extra-large chunks left to assign. Doing this extends it out at least 5 more years, possibly right to 2020.
And here's the transcript of a letter from a priest who cooperated with the Vatican for picking # 1.
Now the funny thing is that it's MANDATORY to report suspected cases of child abuse, and yet the priests who covered it up have never been charged. Covering it up after the fact also makes them accessories after the fact.
Maybe it's time to do like some people in Great Britain are thinking of doing, and have the Pope arrested if he comes visiting.
Any bets that he cancels the September visit?
They're working quite energetically on ending THAT particular problem ... no more innocent children - they're all guilty of being priest-tempters.
An airplane is going down with a Boy Scout troop, their leader, a lawyer, and the Pope. There are only 3 parachutes.
"What about the children?" says the troop leader.
"Screw the children!" says the lawyer.
"Do we have time?" says the Pope?
In Catholic Church, pedophile Priest accesses YOU!
In Catholic Church, pedo priests ask what they can do to baby Jesus!
In Catholic Church, Ratzinger is all Rat and no zing!
The letter makes it clear that the local priests would shut their mouths if the pedo was "given another chance" in Rome because that got him out of the local community:
Translation: "good thing they're just dumb pollacks, right? And we had to threaten another priest to keep his dumb mouth shut or else ..."
But they still wanted to give the guy ANOTHER promotion ...
All in writing, all documented, so it's not "petty gossip" and the Nazi Pope can go sod off!
So, who's writing viruses that attack Tru64 systems?. Again, this law was written by people who think "computer == desktop".
TLS doesn't encrypt your stored email. Want to try again?
The definition of "financial account" is overly broad - it considers ANYTHING that can be classified as "an asset" and that can be misappropriated. Here's the actual wording:
So, under this law, pretty much any account can be considered a "financial asset". Your WoW account is a "financial asset" under this law. So is your paid subscription to slashdot. So is any online account if it is linked, in any way (say, by OpenID) to any other account.
Remember - people have been convicted of armed assault for kicking a cop, and the running show being the "weapon." This is how laws get stretched. It's also a nice way to extend taxation to virtual property in the future.
There's a difference between running an intrusion detection system, and running what they require - the exact words are " must include malware protection and reasonably up-to-date patches and virus definitions". They require antivirus software to be running. Say bye-bye to mainframes and embedded systems in Mass.
The "system security agent software" is not the same as the "antivirus" and "malware" software - the law sees them as two separate things. BTW - good luck getting clamav (or any av) to update itself in rom on an embedded system. The law is stooopid.
"Don't spend on shit, don't over-regulate shit, don't take my shit, or you're shit government."
-- 92 characters
"Don't do bad shit and don't touch my shit!" -- 42 characters
Record it all, let them know they've been had, and THEN leave town.
How are you going to send your email - USPS?
follow the linky at the bottom
In the end it doesn't matter - the law is unconstitutionally vague because its definition of "Financial account" can be made to cover anything, including a laundry stub, your slashdot account, or anything esle.
They mandate in the text of the law that you have to be running an up-to-date antivirus AND you have to have up-to-date patches. So, no xp for you, AND nothing that doesn't require an antivirus in the first place.
Got an antivirus for your embedded system or your mainframe? I didn't think so.
Read what it says in the law about how it defines a "financial account."
In other words, in-game currency or character upgrades, library books, online accounts, or pretty much anything else. The law is so vague that it's unconstitutional.
90% or more of all corporate computers (and their users) are chained to a desk or cubby. Get over it. The secretary doesn't need a vpn.
It lets us claw back almost 300 million IP addresses - that's a real benefit. An additional 10 years, allowing for hardware to get cheaper and cheaper.
Taslk about bullshit - did you look in the mirror lately?
1. Most corporate computers don't need that type of external access, not through a VPN, not through anything else.
2. Delaying the problem by 5 to 8 years allows the technology to get cheaper. And who knows, maybe by then we'll have found an even better solution. Or we'll do what we should have done in the first place - just added another 4 octets to the 56-octet IP header, as well as creating a standard jumbo frame that is more appropriate to today's speeds. Small packet sizes at the end points made sense when those end points had small buffers (because even 1 k was expensive), and speeds were slow, and files were measured in bytes (or at most, kb).
Adding a second 4-byte octet for "internal routing" - think the old hash-bang email routing protocol - after the packet has been received from the external net would also make routing easier, since routers wouldn't have to have much of a lookup table.
Since when is it not "technically feasible" to buy servers that run Windows? (I wouldn't, but that's just me).
"You had a data loss. We're fining you because you aren't in compliance. You weren't running malware and antivirus on your server farm."
"You had a data loss. We can't fine you because you were running Windows with malware and antivirus on your server farm."
These people are not exactly technically literate, nor are they very outcome-minded, or they would have mandated the OUTCOME, not the procedures. "$X per offense. How you prevent it is your business."
Read the rest of the law - they mandate up-to-date antivirus software on every such system. Good luck telling them you don't need Symantec on VMS, AIX, BSD, etc.
What constitutes a "Financial account number" is VERY broad. Do you have a paid subscription to slashdot? Then that account info is included. Did you make a donation to groklaw? Ditto. Also, names you commonly go by in pubic count - so that would include nyms. It's a dumb law. Better to legislate the desired outcome, not the method of achieving it. In other words - :data breeches will cost you $X per event." Not "if you take these half-assed steps, you won't be liable."
So tell us, how is replacing all those servers with Windows crap + antivirus going to make things more secure?
From a security point of view, most of their computers SHOULD be re-numbered so that their addresses aren't publicly routable. Any attempt to "fight it in court" will quickly reveal that's a huge screw-up.
As I pointed out - government agencies ARE excluded.
And with your name, work address, and job title, that's enough to get all your other info.
Also - the part about requiring antivirus software means that all those mainframes have to be junked, because the law was framed by people who only know Windows. Fucktards.
Text of the law http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf
FAQ: http://www.mass.gov/Eoca/docs/idtheft/201CMR17faqs.pdf
Compliance checklist http://www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdf
They also require you to run antivirus software
How about if you answer "I run BSD/VMS/linux, you ignorant clod"?
Please note, this FAQ contains personally identifiable information - First and last names, job titles, address of employment, phone and fax number, of Governor Deval L. Patrick, Lieutenant Governor Timothyt P. Murray, Secretary of Housing and Economic Development Gregory Bialecki, and Undersecretary Barbara Anthony. It was obtained by http - NOT https, as required by the law.
The only reason THEY can get away with it is because ... guess what ... government agencies are excluded. "Do as I say, not as I do."
Check out their checklist: http://www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdfhttp://www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdf
Example: "Have you stored your records and data containing PI in locked facilities, storage areas or containers?" - better not have a hardcopy of any records in an unlocked drawer,or take them home to work on.
Or this gem "A reasonably secure method of assigning/selecting passwords, or for use of unique identifier technologies (such as biometrics or token devices)?" Like biometrics can't be gotten around with some gummy bears, or sticky tape, or a picture.
"Have you identified the paper, electronic and other records, computing systems, and storage media, including laptops and portable devices, that contain personal information?" - so much for using your smartphone for email and phone calls since you have an unencrypted phone book sitting in there (or evenif it's encrypted, it can be accessed at will without having to enter a password each time - and a 4-digit "unlock" is not considered an effective password under the law ... so sux 2 b u.
Stupid law. It means, for example, that you can no longer keep an email in unencrypted form.
Hey. on the other hand - maybe this will help kill off facebook.
What's to keep them from, at random, sending out a form that DID send the data back?
they complain. You go and check it out - see the form that doesn't send the data back, and say "don't worry." YOU are the secondary target of the social engineering - and YOU just helped vet them.
Or, one in 100 times, you check and you also see the phishing version. But since it can't be repeated, next time you go back, it's "gee, maybe you have a virus on your machine?" Or they set a cookie flagging that machine, so it comes up clean each time.
Lots of malware already works that way. So don't be a n00b, mkay?
Let them start doing proper networking, with only publicly-accessible machines having a publicly-routable address. They should be doing this anyway just from a security standpoint. Do you really think it's that smart that every computer in the DoD have a publicly-routable address. "Do you want to play a game?"
You obviously didn't RTFA. No, they don't run out in 2 years - just no extra-large chunks left to assign. Doing this extends it out at least 5 more years, possibly right to 2020.