Let’s be clear: if your property can be altered, recalled, or reclaimed by the seller without your permission and knowledge you never really owned that property. Home foreclosure and car repossession are other examples that come to mind. The CBC article is right to refer to it as the Amazon Kindle Service – a service may be discontinued at any time.

George Orwell would indeed smile to see Amazon fulfilling his vision of the future – along with such better known examples as MS Windows (Genuine Advantage program and the .NET framework assistant) and locked cell phones.

Yes, there are probably legitimate copyright issues here – but this is no way to run an eBusiness. Bad Amazon… bad, bad!

-pmh

Update:

1. This MSNBC article on the Amazon 1984 scandal has a more humorous (sarcastic?) tone.
2. This Fictionmatters article provides balanced and deeper coverage of the underlying issues. (…but I still say “Bad, Amazon… bad, bad!”)
3. Microsoft has apparently updated its .NET Framework Assistant to allow you to uninstall it from Firefox without the need to edit the Windows registry, locate remove system files, etc.

Update 2, The Apology:

Here’s word on Amazon’s apology but note that “…the apology failed to state that Amazon would not do the same thing again in similar circumstances…”

My own use of the online games is minimal because I was always concerned about the permission statements that you get when you sign up for them.

That’s not how I personally use Facebook anyway, but the recent ‘conversion’ of a cute aquarium game (send pretty fishes to your friends’ aquariums) to a dating service with constant emails (“Honestly, Dear… all those speed date emails are spam. All I ever did was send her a fish!”)… well, that was downright naughty. Bad Facebook, bad, bad!

I was struck by one item in the news report that would be funny if it weren’t true:

“- Facebook keeps the profiles of deceased users for “memorial purposes” but does not make this clear. Recommendation: Information about use for memorial purposes should be in Facebook’s privacy policy.”

…Thank you, Facebook, but when the time comes The Portable Consultant would rather have family and friends handle any and all memorials. All social networking sites should delete accounts after an agreed period without any logins, at the very least. (This is a much larger issue, of course.)

Facebook needs to get its act together, but users/consumers also need to understand how important personal info is …and take care not to sign it away without due diligence.

Cheers,
-pmh

Secondly, the heart of the issue as clearly stated by Joseph Bonneau “It’s imperative to view privacy as a design constraint, not a legal add-on”, should be framed and hung on the walls of web designers and managers, not only at social networking sites but also those in the public service, in the private sector, and even corporate intranets.

Cheers,
-pmh

It seems that a “private sector consultant” on a provincial government contract (not unlike The Portable Consultant, in fact) took a government PC home and may have exposed personal data to the public Internet.

The initial reports are technically vague, but the reports of the incident seem to point to a situation that is wrong on so many levels that it’s enough to make me want to tear my hair out… umm… so to speak.

Government PC’s should never be taken home… or even invited to drinks and a dinner! What may be a properly behaved PC in a government cubicle becomes a rogue “unmanaged system” when it is removed from the safety of its usual firewalls.

Production data covered by privacy restrictions probably has no reason being on a PC in the first place. Such data should probably be locked up in encrypted databases on secure servers and only access via secure methods.

The consultant should probably have been working with dummy data. In any case, they should be reading Privacy for Dummies and writing a short quiz before they are allowed near restricted data.
The story has a bizarre twist with a so-called “representative of a security company” contacting the consultant to tell them that they were “in possession” of some of the patient records. Since when would anyone in security actually download such data if they came across it? Sounds a bit wierd.

Unfortunately, the news media often don’t have enough resources with the expertise to ask the right questions when a story like this breaks.

Perhaps it’s enough to know that it appears to have been the result of not one, but many lapses of security policies.

Cheers,
-pmh

The Portable Consultant knows of at least one excellent free open source data encryption tool that could have protected the data.

How very, very sad for all those concerned.

The protection of data where privacy and security issues are involved should never be subject to cost cutting considerations in this manner. The public good demands an informed threat/risk assessment process conducted by professionals who understand the risks and the real costs of such data loss.

A example of the true meaning of the English expression “Penny wise and Pound foolish”.

-pmh

Here’s Steve Gibson’s notes on the vulnerability with a link to a good open source temporary fix that will give protection until Microsoft patches the problem.

Security Now! Notes for Episode #20

As always, you should google around until you have enough up-to-date information to make an informed decision on how to react to this threat.

-pmh