Stories by Sarah D. Scalet

Managing HIPAA's pain

Three blocks north of Union Station in Washington, D.C., on the seventh floor of an ordinary brick building, a small office of the U.S. National Archives and Records Administration churns out a publication known as the Federal Register. This newspaper of sorts, which runs to hundreds of pages per business day, is the public record of rules, proposed rules, and notices that have been issued by federal agencies and executive orders from the president. In the office's library, there are shelves upon shelves of blue-green books that hold past issues of the Federal Register, a bureaucratic archive stretching back to 1935. And if you look up Volume 68, No. 34, Appendix A to Subpart C of Part 164, you'll find a 169-word security standards matrix that tells you everything you ought to be doing to protect your electronic data.

Sea Change

In an effort to prevent terrorists from turning container ships into weapons, US Customs is counting on big business to goad partners into improving security. The result: public and private partnerships that might work — or fail completely

Chasing the keystroke capturers

Last week, as US Secret Service agent Kent McCarthy and attorney Eric Friedberg closed a presentation they were giving to members of the New York Electronic Crimes Task Force, they flashed an IP address on the screen before taking questions from the audience. Right away, a hand shot up near the front of the auditorium, but the speaker didn’t want clarification of their case study. He wanted them to put the IP address back up, so that he could write it down.

Don't read this

Of all the ineffectual e-mail disclaimers I see, one I received earlier this week takes the prize for self-defeating impotence. A public relations flak wrote me trying to get publicity for a security conference. His was the standard spiel: the whos who would be there, the whats that would be learned, the wheres and whens and whys. But at the bottom of the message, I found this disclaimer:
"CONFIDENTIALITY: The information contained in this E-mail message is intended only for the personal and confidential use of the designated recipient(s) named above. This message is intended to be a confidential communication and may involve information or material, which is protected under state or federal privacy laws."