30 April 2011

Sony PSN: Clueless And Breaching


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Playstation 3: Sixaxis Wireless Controllerphoto © 2008 włodi | more info (via: Wylio)

Not that I wish to blog so often on data protection, but some technology giants would not give me a break.

Last week I covered the (very likely) unlawful data collection practice of Apple’s iPhone and this week I decided to spend some words on the fact that

Sony Leaked Personal Data

particularly credit card data from its Play Station Network.

Ars Technica have been reporting during the last few days, here is the most current update as of the writing of this article.
According to Sony, “It is possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained.”

What is this if not a

Personal Data Breach?

Some of you will remember that at the end of 2009 the European Union updated its Telecoms Package and, as a part thereof, the ePrivacy Directive. The European lawmakers sharpened the provisions on privacy and introduced a data breach notification requirement in order to prevent data loss debacles.

The updated ePrivacy Directive mandates that in the event of a personal data breach, providers of publicly available electronic communications services shall, without undue delay, notify the personal data breach to the competent national authority in charge for data protection.

Now read the italic type again. What providers does it cover? Only telcos, right? One could ask:

Must Sony Notify Its Breach?

Well, seemingly not under the ePrivacy Directive since Sony should not be defined as a telco.
Funnily, during the negotiations of the Directive’s final version, the European Parliament demanded that all providers of “information society services” be subjected to the data breach notification duty. Sony is, inter alia, a provider of information society services – check the definitions of the E-Commerce Directive (2000/31/EC). Hence, that demand would have covered Sony, had it only been implemented.

However, European Union Directives normally set only minimum requirements and leave member states with a certain amount of leeway as to the exact rules to be transposed.

Member states such as Germany, Spain, Austria and Ireland did not limit the data breach notification duty to only telcos. They rather chose to oblige the so-called data controller under the Data Protection Directive (95/46/EC). Thus, they have achieved a much broader scope of applicability.
Data controller’s definition clearly puts

Sony Under An Obligation

to notify the respective data protection authorities of above member states.
To the best of my knowledge, Sony has not yet undertaken such a notification – it has been dangerously clueless for more than two weeks instead.

What Is The Moral Of The Story?

The data breach notification was introduced as a consequence of recent years’ high-profile incidents of personal data loss across Europe.
Who forgot the T-Mobile data loss or the UK privacy debacles?
Now, it seems, Sony has joined the data breach elite.
See, what the consequence therefor will be.

 

4 March 2011

Worth A King’s Crown


Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

Warning: Illegal string offset 'status_txt' in /home/reguligc/public_html/reguligence.biz/wp-content/plugins/share-and-follow/share-and-follow.php on line 1243

 

Project 365 #2: 020110 Vegetarian e-mailphoto © 2010 Pete | more info (via: Wylio)Obviously, spam is the subject of my today’s blog post.
Spam? What has a King’s crown anyway got to do with it?
Well, I would say “a lot”, but in order to figure it out, you will need to read this one to the end.

Spam is manifold

The most spam messages I have ever received used to be dull, but some were trickier.
Some time ago I described my personal expirience with a rather unusual spam email. It is funny, but that blog post brought me a surprisingly high amount of visitor traffic. On the other hand this is comprehensible, since spam arguably causes one fourth to one third of all traffic on the Internet. It seems I was not the only one to receive  an identical or a similar message to the one I described.
Also, spammers no longer distribute their content merely over e-mail. Comment sections of websites and/or weblogs have emerged to one of their newer field of interest and activity.
For instance, I used to receive some 20-40 spam comments daily on the Reguligence Weblog. The most of them appeared under older articles and this is the reason why I turned off the commenting mode to articles older than 4 weeks.

But why do spammers send spam in the first place?

Spam is an economic factor

As a matter of fact, the average spammer sends out 1,000,000 emails per day. According to the previous source, a spammer would have made $150 in 24 hours, or $4,500 a month. Equally important, the Business Pundit reports that in 2008 a spam botnet called “Storm” made some $3,5 million in pharmaceutical sales having a conversion rate of just 0,000008%…
Not bad, huh? The numbers remain attractive even notwithstanding the legal risk.

Is sending spam legal?

In a nutshell: it is not.
The United States, being the origin of 19,8% of spam messages have introduced their Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act). Critics refer to it as You-Can-Spam-Act, alleging it actually allows senders to send spam, provided that they comply with some minor statutory obligations. Nevertheless, the CAN-SPAM Act helped hunting down some villains as  Sanford Wallace.
Although the European Union provided for more rigid rules in its E-Commerce (2000/31/EC) and E-Privacy (2002/58/EC) Directives,  courts within the EU cannot vaunt such examples of judicial success.

Back to the headline

A promise is a promise and now I will reveal why I chose the headline of this article.
Today I read about Robert Soloway, a Spam King, being released after nearly 4 years in prison. While he was active, that guy managed to send the unbelievable amount of 10 trillion spam e-mails, resulting in $20,000-a-day proceeds.

Isn’t  spam indeed worth at least a king’s crown? Your turn.

 

Did you find this article informative or helpful? If yes, you might want to share it by pressing one of below buttons or to otherwise tell your friends about it.