The Register Columnists

Mark Rasch

Contact Mail Follow RSS feed
chart

Strict liability for data breaches?

Comment A recent case involving a stolen laptop containing 550,000 people's full credit information sheds new night on what "reasonable" protections a company must make to secure its customer data - and what customers need to prove in order to sue for damages. Let's say you open your mailbox, and there is a letter from the financial …
Mark Rasch, 22 Feb 2006
The Register breaking news

Google's data minefield

The US Government's broad subpoena to search engines effectively seeks to mine the data of the internet. While Google has resisted the subpoena, there may be little they can do to protect our privacy from many prying eyes. Moreover, the Government subpoena makes Google and other search engines or ISPs the source of first resort …
Mark Rasch, 31 Jan 2006
The Register breaking news

Wiretapping, FISA, and the NSA

US wiretapping laws, FISA and Presidential powers given to the NSA to intercept communications make for interesting times when coupled with technology. What are the issues surrounding privacy, search, seizure and surveillance? Whenever a new technology is developed, or a new threat that causes us to deploy these technologies …
Mark Rasch, 12 Jan 2006
The Register breaking news

Tracked by cellphone

Comment We know that technology can be used to track people's location via a cellphone, but how difficult is it for law enforcement to get a court order and do this legally? An old physics joke recounts that Werner Heisenberg (of the uncertainty principle) is pulled over by the police for speeding one night. The police officer asks …
Mark Rasch, 22 Dec 2005
hands waving dollar bills in the air

Can writing software be a crime?

Can writing software be a crime? A recent indictment in San Diego, California indicates that the answer to that question may be yes. We all know that launching certain types of malicious code - viruses, worms, Trojans, even spyware or sending out spam - may violate the law. But on July 21, 2005 a federal grand jury in the …
Mark Rasch, 04 Oct 2005
graph up

Katrina: a tough lesson in security

In the waning days of August, a massive category four hurricane devastated the gulf coast of the United States, particularly devastating the city of New Orleans. In addition to the estimated $50bn in property damage, clean-up and reconstruction costs, and the hundreds of likely dead, and tens of thousands displaced, the …
Mark Rasch, 13 Sep 2005
The Register breaking news

Legal disassembly

When security researcher and ISS employee Michael Lynn went to give a presentation at the Black Hat conference in Las Vegas, little did he know he would ignite a legal firestorm questioning whether even the act of looking for security vulnerabilities violates the law. A brief history Lynn, in his position with ISS, apparently …
Mark Rasch, 23 Aug 2005
channel

The CardSystems blame game

Comment On July 21, 2005, the United States House of Representatives Committee on Financial Services, Subcommittee on Oversight held a hearing on Credit Card Data Processing: How Secure Is It?" Of course, just by asking the question,you already know what the answer is going to be: not a disaster, but about as secure as you might imagine …
Mark Rasch, 08 Aug 2005
The Register breaking news

How much does a security breach actually cost?

Comment How much does a security breach actually "cost," and who pays for it? When the breach involves personal information, like credit card data, the answer is, a lot more than you may think. The problem is that the people who "pay" for the cost of the breach are rarely the ones responsible for preventing the breach. A recent lawsuit …
Mark Rasch, 15 Jul 2005
The Register breaking news

Shred It!

Analysis The second worst thing you can do in the face of a government investigation is to destroy the documents relevant to that investigation. The worst thing you can do, of course, is to almost destroy these documents. There is an axiom in the world of electronic documents and records - "delete doesn't and restore won't." Indeed, …
Mark Rasch, 14 Jun 2005
The Register breaking news

Deleting spyware: a criminal act?

Analysis On my computer right now I have three anti-spyware programs, three anti-virus programs, and three anti-spam programs, together with a hardware and software firewall, an IPsec VPN, and data level encryption on certain files (and no, this is not intended to be an invitation for you to try to test my security.) The anti-spyware, …
Mark Rasch, 25 May 2005
cloud

Sarbanes Oxley for IT security?

Comment Sarbanes Oxley seems wholly focused on the accuracy of a company's financial records and controls around these records, so where does IT security come into the picture, ask SecurityFocus columnist Mark Rasch. At a recent computer security conference in Las Vegas, I was struck by the fact that every computer security vendor was …
Mark Rasch, 03 May 2005
channel

Business school 'hack' raises ethical questions

Where do morality and ethics end, and criminality begin? What is the appropriate "punishment" for the crime of curiosity coupled with the act of snooping? These questions have been raised once again in the case of a number of applicants to the US' most prestigious business schools who went beyond the normal processes to sneak a …
Mark Rasch, 22 Mar 2005
The Register breaking news

Can CAN-SPAM can spim?

On 15 February an 18-year-old man from Cheektowaga, New York was charged with creating tens of thousands of fraudulent IM accounts and using these accounts to send unsolicited instant messages (you know the type, "my boyfriend just dumped me, and I am alone with a webcam" or "get great rates on a mortgage".) According to the …
Mark Rasch, 28 Feb 2005
The Register breaking news

Sniffer dog threatens online privacy

Comment The Fourth Amendment to the US Constitution is supposed to be the one that protects people and their "houses, places and effects" against "unreasonable searches". Forty-two years ago, the US Supreme Court held that attaching a listening device to a public pay phone violated this provision because the Constitution protects people …
Mark Rasch, 10 Feb 2005
The Register breaking news

Spam punishment doesn't fit the crime

Opinion I hate spam as much as the next person, but recent decisions by courts in Iowa and Virginia demonstrate how fear of technology (and justifiable annoyance) can force the legal system to impose fines and sentences that are grossly disproportionate to the harm caused by spammers. This is not to defend or justify spammers, whose …
Mark Rasch, 27 Dec 2004
The Register breaking news

Lycos goes straight

After a week of well-deserved criticism, Lycos is abandoning its scheme to launch denial-of-service attacks against spammy websites. Did the company reform in time to avoid criminal prosecution? A short-lived project by Lycos's European subsidiary to give users a method to "attack" spammers was an overall bad idea, albeit …
Mark Rasch, 06 Dec 2004
The Register breaking news

Tektrol's worst case scenario

The fine print in an insurance policy becomes an issue when a bizarre chain of IT disasters leaves a company without a single copy of the source code to its flagship product. A series of booklets by Joshua Priven describe how to survive a series of "Worst Case Scenarios." These include telling readers how to escape from …
Mark Rasch, 16 Nov 2004
The Register breaking news

Hacking: the must-have business tool

Your competitor has a wildly successful web-based tool which is being used by many of your customers. Do you (A) give up and get out of the business; (B) set up a team of product developers to make a competing product; or (C) hack into the competitor's website, steal the code, and for good measure hire their critical employees …
Mark Rasch, 26 Oct 2004
The Register breaking news

Judge defangs Patriot Act

A New York judge did the right thing last week when he threw out a USA-PATRIOT Act provision that forced ISPs to secretly co-operate with the FBI, and gave them no obvious avenue for appeal. It is "under the pressing exigencies of crisis that there is the greatest temptation to dispense with fundamental constitutional guarantees …
Mark Rasch, 05 Oct 2004
The Register breaking news

Myopic Congress lacks spyware focus

Analysis Forget Congress' myopic efforts to outlaw spyware. What we really need is better enforcement of existing computer crime laws, says SecurityFocus columnist Mark D. Rasch. In Through the Looking Glass, Lewis Carroll's Humpty Dumpty tells Alice: "When I use a word, ... it means just what I choose it to mean - neither more nor less …
Mark Rasch, 14 Sep 2004
The Register breaking news

Footing the Big Brother webtap bill

On 9 August 2004, the US Federal Communications Commission (FCC) took a major step toward mandating the creation and implementation of new Internet Protocol standards to make all Internet communications less safe and less secure. What is even worse, the FCC's ruling will force ISP's and others to pay what may amount to billions …
Mark Rasch, 17 Aug 2004
The Register breaking news

Your data online: safe as houses

A decision by a federal court in Minnesota may have profound repercussions for the ability of consumers and others to rely upon promises of security and privacy made on corporate or governmental websites - and that's just for starters. On 21 June, 2004, the United States Senate Governmental Affairs Committee was told that a …
Mark Rasch, 30 Jul 2004
The Register breaking news

Close the email wiretap loophole

Opinion Last week a Federal District Court in Boston decided that when someone reads your private email without your permission and before you receive it, it doesn't violate federal wiretap law. The ruling perfectly illustrates how we can frustrate the entire purpose of a statute simply by reading it too carefully. The case began when …
Mark Rasch, 05 Jul 2004
The Register breaking news

Google's Gmail: spook heaven?

Google's plans to run targeted advertising with the mail that you see through its new Gmail service represents a potential break for government agencies that want to use autobots to monitor the contents of electronic communications travelling across networks. Even though the configuration of the Gmail service minimises the …
Mark Rasch, 15 Jun 2004