[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips August 18, 2003
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;, BDean@xxxxxxx;, mguitonxlt@xxxxxxxxxxx;
- Subject: Clips August 18, 2003
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Mon, 18 Aug 2003 16:39:32 -0400
Clips August 18, 2003
ARTICLES
Chinese Internet group warns 'reactionary' spam undermines stability
Patient Privacy Rules Bring Wide Confusion
Film industry targets pirates [UK]
Gillette shrugs off RFID-tracking fears
Plan Would Ask Banks to Warn of Data Vulnerability
Ashcroft Planning Trip to Defend Patriot Act
Poindexter Resigns but Defends Programs
*******************************
Associated Press
Chinese Internet group warns 'reactionary' spam undermines stability
Sat Aug 16, 2:59 AM ET
BEIJING (AFP) - A group of Chinese Internet companies have warned that an explosion of "reactionary" spam forms a threat to political and social stability, state media said.
"Currently, the spread of all kinds of reactionary information in the form of spam creates a threat to political and social stability," the China Internet Association said Saturday according to the Xinhua news agency.
"A group of illegal elements use spam to spread all kinds of fraudulent advertisements or promote sales that are clearly prohibited by this nation's laws," it said.
The association, which has set up a special anti-spam task force, also said the explosion of junkmail in cyberspace has had large economic costs.
Some companies have to spend more than a million yuan (120,000 dollars) every year to clean up after spam attacks, the association said.
The China Internet Association groups enterprises, institutions and individuals, and seeks to promote national policies related to the Internet.
*******************************
Washington Post
Patient Privacy Rules Bring Wide Confusion
New Directives Often Misunderstood
By Rob Stein
Monday, August 18, 2003; Page A01
The transplant patient was recovering well when doctors discovered that his new heart might have been infected with bacteria before the operation. When the doctors sought more information so they could give the man the right antibiotics, the hospital where the donor had died refused, citing new federal patient privacy rules.
"It was ridiculous. The only live part of the donor was in our patient," said Deeb Salem, chief medical officer at the Tufts-New England Medical Center in Boston.
As it turned out, Salem's patient was in no danger from the infection. But because the donor's hospital refused to release any information, doctors were forced, as a precaution, to put the man on multiple antibiotics, potentially exposing him to dangerous side effects.
"It cost our patient the risk of being on multiple antibiotics for 12 to 15 hours, not to mention a lot of money," Salem said.
The case is an example of widespread confusion about the privacy rules, which went into effect this spring and provide the first federal protection of medical records. The rules, in fact, explicitly permit doctors and hospitals to release information without a patient's authorization for treatment reasons -- which would have covered the Boston situation.
But frequent misunderstandings about what the rules allow have been causing frustration, uncertainty and anxiety in doctors' offices, clinics, hospitals and even pharmacies across the country.
Patients are complaining about suddenly having to fill out long, complicated forms. Family members say they often can't find out how a loved one is faring when they call the hospital. Doctors can't get test results for patients. And, at least in some cases, these snags are hindering doctors' ability to care for patients.
"There is not a practicing physician that I run into that doesn't say they've had a problem that might have adversely affected a patient," said Salem, also a professor of medicine at Tufts University School of Medicine.
Confusion over the rules has triggered a fresh round of acrimony over the issue of medical privacy, long a focus of controversy. Supporters argue that doctors are exaggerating the problems, and that some hospitals are intentionally overreacting. Critics contend the regulations are vague, open to various interpretations and overly restrictive.
"It's more than just health care providers being unable to get the information they need to care for patients -- it's patients not being able to get information, family members not being able to get information. It's across the board," said Todd Taylor, an emergency room physician in Phoenix.
Proponents of the rules acknowledge that misinterpretations are rampant. But they say problems are diminishing steadily as hospitals and health care professionals become familiar with the new requirements.
"We saw quite a few reports right after the rule went into effect, but the number of reports and the number of calls we're getting have really decreased," said Richard M. Campanelli, who heads the Office of Civil Rights at the Department of Health and Human Services, which is in charge of implementing the new rules.
The regulations are the result of the 1996 federal Health Insurance Portability and Accountability Act (HIPAA). They are designed to give patients more power to limit access to confidential information, including keeping personal health data out of the hands of marketers.
The overwhelming majority of problems appear to be the result of misunderstanding the law's requirements or erring on the side of withholding information to avoid inadvertently violating the new restrictions.
The rules, for example, unequivocally allow doctors, hospitals and other health care entities to provide information about patients to other treating physicians without authorization from the patient, precisely to avoid endangering care.
"It's one of the big misunderstandings," said Janlori Goldman of the Health Privacy Project at Georgetown University, which has been monitoring HIPAA's implementation. "Many doctors and hospitals either misunderstand the rule or take an extreme reading of it. The privacy law requires no such thing."
In some cases, Goldman suspects that hospitals are using the new law as an excuse for their own, more restrictive policies.
"We are aware of circumstances where hospitals have more restrictive policies than the rule, and they're saying the new law requires this," Goldman said.
Before the rules went into effect, the Bush administration made changes aimed at avoiding interfering with care.
"We wanted to make sure that the correct balance was hit -- that the rule would protect privacy of information but not interfere with access to health care," Campanelli said. "We wanted to make sure that privacy was protected, but when you're talking about treatment, we certainly wanted to make sure the information flowed from doctor to doctor."
But critics such as Taylor say fears about how the rules might be interpreted by courts lead many health care workers to err on the side of caution.
"With any new regulation, you don't know what's going to happen with it until it goes through the courts. The government says one thing but then it gets interpreted differently by the courts," said Taylor, an emergency room physician at Banner Good Samaritan Medical Center in Phoenix.
Taylor said he has encountered several instances in which a patient died and relatives called from out of state to find out what happened, and staff members were uncertain whether they could tell them.
"Here I am, an emergency room physician, and I can't answer that question. I don't know if the question has been addressed, or if it has been addressed, whether it's been litigated yet," Taylor said.
Another problem occurs when doctors are trying to get information about uncooperative patients, Taylor said.
"Prior to HIPAA, we used to be able to call up a national drugstore chain and ask what a patient's medications have been. We can't do that now because of HIPAA. It may be a patient trying to obtain narcotics. You want to verify whether they're telling the truth," he said.
Hospitals in Arizona were creating a statewide computerized system for exchanging patient information, as part of an effort to reduce medical mistakes. That has been put on hold, he said. "Now we have to make sure its HIPAA-compliant," he said.
Campanelli said one of the most common misconceptions is that doctors can't talk about patients to family members or close friends.
"We're seeing a lot of patients who are saying their doctors say they can't talk to anyone but the patient -- not to friends or family members. That's a misconception. The privacy rules let the doctor talk to friends and family members," Campanelli said.
But Judith E. Tintinalli, chairwoman of emergency medicine at the University of North Carolina at Chapel Hill, said it remains far from clear where to draw the line.
"What people are getting skittish about is, 'What are the limits? What are the boundaries of information exchange?' " she said. "Everybody is very skittish about exchanging patient information. There used to be a lot of off-the-cuff exchanging of information. All that has come to a screeching halt."
Trepidation about releasing information is causing problems in many areas of medicine. At the Greater Baltimore Medical Center, cancer chemotherapy patients have had trouble getting treatments because laboratories refused to release their test results to the cancer center.
"We've had a lot of treatment delays because of it," said Dawn Stefanik, clinical manager of the infusion therapy department. "For the patients, it's very frustrating."
But many medical workers and officials say the problems appear to be diminishing.
"Initially, the staff people were probably scared to death about screwing up and getting in trouble, and so were being overcautious. People are getting the hang of it," said Margo Williams of the American College of Physicians.
Charles B. Inlander, president of the People's Medical Society, a consumer group, said the problems have been exaggerated by doctors, who don't like the extra work the new law has created. "It's a good law," Inlander said. "I suspect what you're hearing is very isolated and very rare. It's often the case with these things that doctors have to do more work and try to blow problems into much more than they are."
But Salem and other critics say the rules often do more harm than good.
"One of the most common causes of medical errors is poor communication," Salem said. "HIPAA by nature adds one more barrier to communication. There is a benefit. But there's also a cost."
Salem had another case involving a man who suffered chest pain after an exercise stress test. When the cardiologist asked for a fax of the test results, the request was refused, citing HIPAA. It took two hours before the results were faxed, Salem said, adding to the patient's stress at a precarious moment.
"His face got very red. I think it did contribute to him getting into a mild degree of trouble. He couldn't believe it," Salem said. "That scenario is being repeated many times."
*******************************
BBC Online
Film industry targets pirates
The British film industry is to join forces with the government in a new task force to fight UK film pirates, it has been announced.
The sale of bootleg videos and DVDs is a growing problem, up 80% in the last year, according to the Federation Against Copyright Theft.
That means piracy has cost the UK film industry £400m in the last 12 months, the research said.
It was a "direct attack" on the jobs of 50,000 people in the industry, said UK Film Council director Nigel Green, who will chair the Anti-Piracy Taskforce.
Illegal copies of blockbusters like Tomb Raider 2, Terminator 3 and Pirates of the Caribbean have appeared on sale before their cinema releases.
DVDs of Tomb Raider 2 - which does not have its UK première until Tuesday - were found on sale for £5 on London's Oxford Street.
"They were shocking quality and there was no sound for at least the first five minutes," a UK Film Council spokesman said.
The Anti-Piracy Taskforce will investigate the extent of the problem and aim to come up with solutions.
Representatives from the Department for Culture, Media and Sport, film producers, distributors, cinema owners and actors' union Equity will be on board.
UK Film Council chief executive John Woodward said illegal copying and distribution threatened the future of film production in the UK.
As well as paying for poor quality copies, fans who bought pirate DVDs were "often putting money straight into the hands of organised criminals", he said.
"Cheap copies from markets and car boot fairs may seem a bargain, but in the long-run we all lose out."
*******************************
CNET News.com
Gillette shrugs off RFID-tracking fears
By Andy McCue
August 14, 2003, 3:30 PM PT
Gillette has dismissed assertions by privacy groups that the company plans to use smart tags in its products to track and photograph shoppers.
The Boston-based consumer products company is one of the first to start trials of the controversial radio frequency identification (RFID) tags in its Mach 3 razor blade packets. U.K. supermarket chain Tesco has been testing the tagged products in a store in Cambridge, England.
But privacy groups started protesting outside the Tesco store when it emerged that the supermarket was automatically taking photographs of shoppers when they picked the blades off the shelf and when they left the shop with any tagged product.
U.S.-based group Consumers Against Supermarket Privacy Invasion and Numbering (Caspian) is urging a worldwide boycott against Gillette over the tagging concerns.
"We want to send a clear message to Gillette and other companies that consumers will not tolerate being spied on through the products they buy," said Katherine Albrecht, director of Caspian.
But Gillette has hit back at the "misleading" claims, saying it only wants to use the RFID tags to improve the efficiency of its supply chain. The chips, when inserted into products, emit radio signals that allow them to be tracked.
"Our intention is very much pallet and case application within our supply chain," Paul Fox, a Gillette spokesman, told Silicon.com. "We have never, nor do we have, any intention to track, photograph or videotape consumers."
Tesco's Cambridge trial finished at the end of July, and it is now running a pilot with RFID tags in DVDs at its store in Sandhurst, England.
A Tesco representative said the photographing of consumers was just part of a range of uses the supermarket chain is looking at for the tags.
"We are just looking at the benefits," the representative said. "It is blue sky stuff. The camera use was a side project to look at the security benefit."
Wal-Mart undertook a similar trial in a Boston-area store but recently decided to cancel the test. Italian clothier Benetton is studying how it could use RFID chips.
*******************************
Washington Post
Plan Would Ask Banks to Warn of Data Vulnerability
By Caroline E. Mayer
Wednesday, August 13, 2003; Page E05
Federal banking regulators proposed guidelines yesterday that would direct financial institutions to notify customers when security breaches in their computer networks could lead to identity theft.
Under the proposal, banks and other financial institutions would alert customers by mail, telephone or e-mail, when they find unauthorized access to personal data that could result in substantial harm or inconvenience.
Banks also would be told to flag any accounts that may have been compromised and monitor them for unusual or suspicious activity.
"Although these are only guidelines, we expect bankers to follow them," said George French, director of the division of supervision and consumer protection at the Federal Deposit Insurance Corp., a bank regulator.
Financial industry officials said they were not surprised by the guidelines, which would not take effect until next year at the earliest. "We fully anticipated it, and any changes we're going to recommend will be at the margins," said Doug Johnson, senior policy analyst at the American Bankers Association. "For the most part, institutions are doing a lot of what's in the document already."
Privacy and consumer advocates said that was not necessarily so, but they called the proposal a good first step.
"It's a shame this sort of thing has to be mandated," said Beth Givens, director of the Privacy Rights Clearinghouse. "The sooner a customer learns of a security breach, the quicker they can deal with it and if not prevent identity theft, then halt it early. That's the key to recovery."
In the past, many people learned about identity theft only after personal information such as Social Security numbers or bank account numbers was used to fraudulently establish credit or to buy products.
Joining the FDIC in issuing the guidelines were the Office of the Comptroller of the Currency, the Office of Thrift Supervision and the Federal Reserve Board.
"We need to do this because identity theft is the most frequent and fastest growing consumer complaint," French said. He noted that the number of complaints filed with the Federal Trade Commission increased from 31,000 in 2000 to 86,000 in 2001 and 162,000 in 2002.
*******************************
Washington Post
Ashcroft Planning Trip to Defend Patriot Act
By Dan Eggen
Washington Post Staff Writer
Wednesday, August 13, 2003; Page A02
Faced with growing public questioning of his department's anti-terrorism policies, Attorney General John D. Ashcroft plans to kick off a cross-country tour next week focused on defending the USA Patriot Act and other legislation as vital tools in the fight against terrorism.
Justice Department officials said the series of appearances at more than a dozen stops from Philadelphia to Salt Lake City will be aimed at countering criticism from civil liberties groups and some lawmakers that authorities have gone too far in wielding anti-terrorism powers granted by Congress after the Sept. 11, 2001, attacks.
Much of the recent criticism has focused on the Patriot Act, wide-ranging legislation that dramatically strengthened the ability of the Justice Department and FBI to monitor people alleged to be terrorists or their associates. The legislation was easily approved by Congress in the weeks following the Sept. 11 attacks and has been praised by federal law enforcement officials as a crucial reform of outdated counterterrorism policies.
But Ashcroft's travel plans underscore growing concerns within the Bush administration at increasing criticism from Congress, opposition from cities and counties across the United States and attacks from Democratic presidential candidates.
More than 140 cities and counties, in addition to state legislatures in Alaska, Hawaii and Vermont, have approved resolutions condemning the Patriot Act and, in a few cases, refusing to enforce it. Justice officials were also blindsided last month by the House, which voted 309 to 118 to cut off funding for part of the law that allows the government to conduct "sneak and peek" searches of private property. The act comes up for review by Congress in 2005.
"The decision has been made that it's time that we get out there and talk about the successes," said one Justice official, who asked not to be identified. "There have been a lot of mischaracterizations of certain authorities that Congress gave the Justice Department, and we need to set the record straight."
The American Civil Liberties Union is suing Justice over one provision of the Patriot Act that allows the government to seize business, library and computer records without disclosing it has done so. "There's been a groundswell of opposition around the country to provisions of the Patriot Act that go too far in abridging civil liberties, and the Justice Department is finally reacting to this," said Timothy Edgar, the ACLU's legislative counsel.
Ashcroft and other Justice officials, including FBI Director Robert S. Mueller III, have long defended the Patriot Act as crucial to the government's ability to monitor and halt would-be terrorists. The legislation lowered many of the legal walls that had prohibited criminal investigators and intelligence officials from sharing information, and strengthened the ability of FBI agents to conduct surveillance and physical searches in terrorism probes.
Justice officials said yesterday that Ashcroft's itinerary has not been finalized, but would begin with a policy-focused speech in Washington on Aug. 19, followed by planned appearances in cities including Detroit, Philadelphia, Milwaukee and Salt Lake City.
During appearances on several Sunday television talk shows earlier this month, Ashcroft forcefully defended the Patriot Act and endorsed other changes in federal counterterrorism law.
One proposal mentioned by Ashcroft would allow investigators to obtain administrative subpoenas in terrorism cases without the approval of a judge. The change is included as part of a broad package now in draft form on Capitol Hill aimed primarily, but not solely, at drug traffickers alleged to be engaged in terrorist activities.
*******************************
Washington Post
Poindexter Resigns but Defends Programs
Anti-Terrorism, Data Scanning Efforts at Pentagon Called Victims of Ignorance
By Bradley Graham
Wednesday, August 13, 2003; Page A02
John M. Poindexter took issue yesterday with critics of his Pentagon efforts to develop new data scanning systems and an online futures market for flushing out terrorists and predicting Middle East developments, saying the programs had fallen victim to ignorance, distortion and Washington's "highly-charged political environment."
In a letter of resignation ending a controversial 20-month Pentagon tenure, Poindexter pressed his case for employing new technologies to discern terrorists' plans in such everyday transactions as credit card purchases, travel reservations and e-mail. He said innovative approaches are needed to overcome the historic barriers among U.S. intelligence agencies and gain access to stores of information not available to the government.
Insisting he had been mindful of the privacy concerns that critics in Congress and elsewhere raised about his work, the retired rear admiral cited the parallel efforts he made to study ways of protecting the rights of U.S. and foreign citizens. But Poindexter complained that attempts to explain his programs often proved fruitless. "Although we have tried to be very open about our work, there is still a great deal of misunderstanding," he wrote.
The five-page letter, submitted yesterday and made available to The Washington Post, provided Poindexter's first opportunity to address critics after being ordered by Pentagon officials last autumn to avoid public comment because, he was told, he had become too much of a "lightning rod."
Senior defense officials reported Poindexter's intention to resign his post as head of the Pentagon's Office of Information Awareness two weeks ago. The news followed Poindexter's involvement in an ill-fated plan to launch an online futures market for betting on Middle Eastern developments that was advertised as a vehicle for profiting on assassinations and other terrorist acts. For months before that, he had been embroiled in another controversy over a computerized surveillance plan to scour travel, financial, medical and other databases to penetrate terrorist networks.
His departure was demanded by lawmakers who questioned his judgment as well as his regard for privacy issues, and who argued that Poindexter's history as a central participant in the Iran-contra affair of the 1980s made him a poor choice to manage such a politically sensitive project.
"I was not anxious to come back into government," Poindexter wrote his boss, Anthony Tether, director of the Defense Advanced Research Projects Agency (DARPA), "but in discussions with you and others concluded that was probably the best way to explore research and development of information technologies and concepts to help solve the enormous problems of combating terrorism." He added that he had wanted to step down "for months now" but had stayed longer at Tether's request.
"I regret we have not been able to make our case clear and reassure the public that we do not intend to spy on them," he wrote, adding that he had "done all that I can do under the circumstances" and so would be leaving on Aug. 29.
The letter contained no acknowledgement of personal error. In the case of the futures trading plan, he said, an unauthorized decision by an outside contractor -- the small California firm Net Exchange -- to post "some extremely bad examples" on the program's Web site gave critics ammunition to distort the effort as a proposed market in terrorism. The examples included the possibility of betting on the assassination of Palestinian leader Yasser Arafat or the overthrow of Jordan's monarchy.
"In the highly-charged political environment of Washington, positions on highly complex issues are taken and debated using glib phrases, 'sound bites' and symbols," said Poindexter, who turned 67 yesterday. "I doubt that many people have read our report to Congress to get a balanced view of what we have been trying to do."
A DARPA spokesman said the agency had no comment on the resignation or on the future of Poindexter's programs. That future remains clouded by a provision in the Senate's version of the 2004 defense appropriations bill, which would eliminate funding for a number of Poindexter's programs. The House version has no such provision, so the matter will be decided this autumn in conference.
Getting the DARPA job in January 2002 had been something of a comeback for Poindexter. He was national security adviser to President Ronald Reagan during the Iran-contra scandal, in which sales of arms to Iran were used to finance rebels fighting in Nicaragua at a time such assistance was banned by Congress.
Poindexter was convicted in 1990 on five felony counts, including lying to Congress, destroying documents and obstructing congressional inquiries into the affair. Although the conviction was overturned in 1991 -- on grounds that Poindexter had been granted immunity from prosecution as a result of his testimony before Congress -- it still troubled many in Congress.
*******************************