I was away at a conference most of last week, hence the lack of entries. (OK – so it wasn’t technically a conference – I took my son to the Star Wars Celebration IV in Los Angeles.)

The trip put my recently acquired HTC Excalibur smartphone to the test. (Rogers just started offering it in Canada – its the same phone as the T-Mopbile Dash.) It worked extremely well. The Windows Mobile 5 operating system ties in nicely with the desktop.

It has wifi which helps reduce those data roaming charges. I was able to connect to free wifi in airports, the hotel, and the LA convention centre to keep on top of email, and to keep in touch with home.

Look at the HTC on the Rogers site

For the London Free Press – May 26, 2007

Read this on Canoe

We need to pay more attention to how we handle documents containing personal information. We constantly see stories about data breaches – many of them from simple faux-pas like throwing paper in a dumpster.

Recently in Toronto, a retired social worker found hundreds of order forms from a large corporation in an alley complete with addresses, phone and SIN numbers of customers. They were apparently put there by an independent dealer of the corporation.

Just a week earlier, a company in Texas was sued for throwing out customer information where anyone walking by could just grab it. The customer information included credit card and social security numbers.

In Atlanta, a computer disk containing the names, birthdates, and social security numbers of 2.9 million Georgia low income health care recipients was lost. The sensitive information was contained on a CD that was apparently lost while it was being shipped.

The proper disposal of paper records is a simple issue to address. It’s so simple, in fact, that it’s amazing to see it come up repeatedly. Businesses need to impress the issue on its staff. Individuals must be more aware that the paper they handle must be protected.

The default thought process should be to securely shred all paper when it is no longer needed. Make exceptions for innocuous things like newspapers. Far too often paper is considered like normal trash first, with the shredding issue being an afterthought. That’s the wrong mindset.

Treat paper like hazardous waste. It must stay sealed in its container at all times. Get rid of it as soon as you can in a way that keeps it out of the environment, with no chance of public contact during the disposal process until it is neutralized.

To start, don’t create or keep paper records to begin with unless they are necessary. And don’t print information that is not needed — like credit or debit card numbers on receipts.

Store them in a secure, safe place if they are needed. When it comes time to dispose of them, shred them properly. Don’t leave them in a dumpster. Keep the records secured while waiting to be shredded — don’t leave them in boxes on a loading dock.

If you are a small operation, invest in a decent cross-cut shredder. There are also service providers that come to your premises with a truck that shreds the material on the spot.

Think twice about shipping or transporting discs or hard drives containing personal information. There may be a better way to transfer the information. And if it must be done, encrypt it so if it does go missing, it can’t be read. Various privacy commissioners take the position that mere password control access is not enough.

Taking these simple steps will go a long way to protect privacy and reduce the risks of fraud and identity theft. It will also reduce the risk that your organization will have to face the embarrassment, costs in both dollars and time, and the privacy investigation that will occur if those documents get loose.

Business 2.0 has an article called The man who owns the Internet that talks about Vancouver’s Kevin Ham … the most powerful dotcom mogul you’ve never heard of.

It talks about how he made his fortune, and the various ways money is made from domain names, including direct navigation, parking, tasting, and typo-squatting.

Its an interesting read – including tips on how its done.

Read the Business 2.0 article

For the London Free Press – May 19, 2007

Read this on Canoe

We routinely use passwords to confirm who we are to do many things, such as access to various systems and services. Effective passwords are difficult to remember, especially for the number of them we seem to need.

Biometrics have been touted for some time as a solution, but biometric authentication has its problems as well. This issue was addressed in a paper by the information and privacy commissioner of Ontario, Ann Cavoukian, and biometrics scientist Alex Stoianov.

Biometrics refers to systems that use physical characteristics to recognize who we are. Examples include fingerprints, iris, retina, face, hand or finger geometry, and voice.

Done poorly, biometric technologies can be highly privacy-invasive. Biometric data, once collected, can be stored, shared and used for numerous purposes, inviting potential discrimination and identity theft.

It also can lead to serious security issues. A stolen or leaked card number or password can be changed, but we only have two thumbs.

There are thus two main risks. The first is the identifiers will be used by the party holding it for purposes unintended by the individual. The second is the identifier might fall into the wrong hands. Given the number of data leaks that seem to occur, those are valid concerns.

The central message of the report is that biometric encryption technology promises a “positive-sum” win-win scenario for all involved. The authors believe privacy and security are not opposites and do not need to be traded off.

The report discusses privacy-enhanced uses of biometrics, with a particular focus on the privacy and security advantages of biometric encryption. In that model, the actual biological identifier, such as our thumbprint, is not actually stored anywhere.

Instead, you use the thumbprint to encrypt or code some other information, like a password or cryptographic key, and only store the biometrically encrypted code, not the biometric itself.

To authenticate yourself, you might use a smartcard and your thumbprint that would re-generate that password or key.

The technology uses concepts such as public/private key encryption. While the technology can be complex and not easy to understand, its use by the consumer is simple.

This approach allows allows for long, complex and more effective passwords or keys that we don’t have to remember. It also allows the advantages of biometrics without the risks of storing biometric information.

For organizations requiring authentication or identification of individual users or customers, the report is a good summary of how biometrics can be used for authentication in a privacy friendly way.

The Canadian IT Managers blog (a Microsoft sponsored blog that I contribute to occasionally) has a series of interviews with Teresa Hennig. The interview entitled Top Ten Leadership Lessons is well worth reading as it is good advice for anyone leading a business, a project team, or a meeting.

Read the post

Apple’s stock dropped temporarily yesterday in high volume trading based on the publication of an internal email saying that the launch of the iPhone and Mac OS X Leopard were both being delayed by several months. 23 minutes after that hit the stock markets, there was another email from Apple saying that the first one was fake, did not come from Apple, and that the launches are on schedule.

It will be interesting to find out who was behind that, why, and how they were able to fake it.

This shows the danger of relying on such information without corroboration and the speed at which it disseminates, but also the speed at which false things get corrected.

Read the emails themselves and some commentary at:

Infectious Greed by Paul Kedrosky

GigaOm

I’ve said before that only the music industry would sue its customers to force them to buy their products. In another spin on that, CNet reports that “A California company that makes technology designed to prevent ripping of digital audio streams has accused Apple, Microsoft, RealNetworks and Adobe Systems of violating federal copyright law by “actively avoiding” use of its products”

The gist is that the US DMCA makes it illegal to circumvent technological protection measures that control access to copyrighted works. This company makes technology designed to prevent anauthorized copying. So their logic is that if a business that supplies/enables digital media does not buy their product, it must be violating the DMCA.

Read the CNet article

for the London Free Press – May 12, 2007

Read this on Canoe

London TechAlliance held a series of events the week of April 23 with the theme IT Lives in London. By all accounts the week was a great success.

The various events were well attended, some to capacity.

The week created a positive buzz in the information technology community within London. It raised awareness both in and outside of the IT community about the breadth and reach of the various IT companies in London. Many people were heard to say “I had no idea” . . . that kind of business was here.

London has a number of companies creating and providing IT products and services across Canada and around the globe. Those products and services include computer parts, computer services, computer games, geographic information systems, banking machine software, online flyers, online automaker car information, and retailer video displays.

The events should lead to better strategies to strengthen and grow the London IT community.

One topic addressed is the IT career gap. This is an issue that goes well beyond London. Employers of IT professionals are having an increasingly difficult time finding qualified employees. At the same time, enrolment in post-secondary education for IT careers is down. There’s a perception IT jobs are not to be found.

It is beneficial for those looking for work in the IT sector and employers of IT professionals to be able to link the needs to the skills. One of the sessions in IT week provided information by the London Economic Development Corporation and the Info-Tech Research Group on actual market data. Hopefully this information can be used to close the disconnect between IT needs, individual skills, and education.

Also discussed was a two-pronged approach for businesses to build their IT staff. While there is a need to recruit experienced personnel, there is also a need to hire graduates and train them for specific needs .

TechAlliance published a booklet entitled IT Lives in London — a snapshot of careers in Information Technology. It gives examples of different IT careers, along with profiles of individual Londoners in those careers. It will soon be available online at the TechAlliance website. It should be useful for anyone contemplating an IT career.

The week was not just about those in the IT business. A session on web 2.0 tools for business was also well attended.

In the interest of transparency I should disclose I am a member of the IT advisory board to the TechAlliance. We obtained excellent feedback from the sessions, and look forward to using that to improve the IT sector and to lead to a repeat performance of IT week next year.

An article in the Ottawa Citizen says that the federal government plans to enact a new law making it illegal to use handheld cameras to copy movies in theatres. This follows intense pressure from the US entertainment industry.

While I don’t condone that practice, one has to question whether the law is necesssary. Existing laws may be sufficent, and stats used to show Canada is a haven for that activity are inconsistent at best. Surely our legislators have more important things to deal with.

Shows the power of the entertainment lobby, and also the willingness of governments to bend to the pressure. This is not a comment aimed at the current Canadian governing party – it seems to be the same no matter who is in power, and is not limited to Canada.

Read the Ottawa Citizen article

Read a recent comment by Michael Geist questioning the problem

Vint Cerf – often referred to as the father of the Internet – is about to step down as chair of ICANN as he has served the maximum allowed terms. ICANN is the body that governs the basic functions of the Internet.

His YouTube interview is worth a look by anyone who wants to know what ICANN does, or wants to participate in ICANN. He talks about ICANN’s role, why its role is a challenge, and what kind of people it needs as directors and other volunteers.

If you want to be on the board, you have a few days left to apply.

Thanks to CircleID for mentioning this

Read an article on the ICANN site

Watch the YouTube video