DNA Cards – Vietnam

August 30, 2008 — 585

The story below is taken directly from the Vietnamese News Agency  – VeitNam News. The lack of commentary or protest is as concerning as the DNA cards themselves.

____________

HA NOI — People suffering from hereditary diseases may benefit from a DNA-testing programme that Viet Nam plans to introduce by 2010.

The programme, implemented by the Ha Noi-based Centre for Genetic Analysis and Technologies, would include ‘DNA cards’ that help in early detection of 10 of the most common hereditary diseases, said Le Dinh Luong, the centre founder and president of the Viet Nam Genetics Society.

“Each hereditary disease is a sign of one or more errors in DNA,” said Luong. “Today’s genetics technology can find these errors in each person, and warn them of the potential that they may acquire a certain disease.”

Luong said the programme would include personal DNA cards, which would be made following medical tests on patients. These cards will include advice on treatment and how to prevent or slow down diseases.

“DNA disease detection cards could be personalised to find remedies for each disease and each person,” said Luong.

“The final aim is to give an early diagnosis and improve prevention to boost living standards and longevity.”

The cards could even be used for three-month-old children in the womb. Obstetric experts said at this early period, doctors could take necessary intervention measures for disease treatment

A DNA disease detection card is expected to cost US$1,000. However, Luong said the cost would quickly drop as new technology becomes available. A similar fall in costs had occurred with Viet Nam’s DNA identity card. Luong said current DNA identity cards cost about VND3 million ($187), 180 times cheaper than initially thought.

DNA cards have become popular around the world, proving their obvious value,” said Luong

 

________

 

Which other countires have DNA Cards?

 

 

Tags:
Posted in DNA. Tags: . No Comments »

Decision of Finish County Administrative Board (20th October 1997)

August 30, 2008 — 585

Prior to the case of “I” v Finland, the applicant (“I”) had started her complaints procedure with local Country Administrative Board.

 In its decision of 20 October 1997 the County Administrative Board held that:

Section 12 of the Patient’s Status and Rights Act (laki potilaan asemasta ja oikeuksista, lag om patientens ställning och rättigheter) provides that the health authorities and staff have to comply with the regulations issued by the Ministry for Social Affairs and Health (sosiaali- ja terveysministeriö, social- och hälsovårdsministeriet, “the Ministry”) when preparing and processing patient records. Pursuant to this section the Ministry has issued, on 25 February 1993, Regulation no. 16/02/93.

In the said Regulation it is noted that patients records must be prepared having due regard to the secrecy regulations and the protection obligation and the duty to take care pursuant to the Personal Files Act (henkilörekisterilaki, personregisterlagen; Act no. 471/1987). According to the duty to take care, precaution and good registering practices must be observed when gathering, depositing, using and delivering data and these must be done in a manner so as not to infringe unnecessarily the right to privacy of the registered person or his or her benefits and rights. The protection obligation means that data in patient records must be duly protected against unauthorised processing, use, destruction, amendment and theft (sections 3 and 26 of the Personal Files Act).

In the said Regulation it is also noted that the patient records must form an entity to ensure that outsiders cannot gain unauthorised access to them and that, in addition to the said obligations, in accordance with the Personal Files Act, the purpose of use of the said data can be taken into account. This way it can be made sure that requisite patient data are only given to the personnel participating in the treatment of the patient.

[The applicant] has in her representations alleged that [X], who is working for [the hospital] has ordered up the case history of [the applicant’s ex-husband] and that someone else has ordered up her file or visited the archives and read her file and/or that of [her son] and that the data have been transmitted to [Y] and other staff mentioned in [the applicant’s] representations.

[X] has contested having proceeded erroneously. The other persons mentioned in [the applicant’s] representations have contested having had knowledge of the data mentioned therein concerning [the applicant] and her family.

According to the director in charge of [the hospital’s] archives it is not possible to retroactively clarify the use of patient records. The data system reveals only the five most recent consultations (by working unit and not by person) but this information is deleted once the file has been returned to the archives.

Therefore, the County Administrative Board cannot further rule on whether information contained in the patient records has been used by or given to an outsider.

Having regard to the foregoing, the County Administrative Board however finds that the system should record any consultation of patient files as a safeguard of privacy in order to ensure that the responsibility for a possible leak of information can be individualised. For the future, the County Administrative Board draws the hospital’s attention to the protection obligation and the duty to take care provided by the Personal Files Act, and further, to the need to ensure that privacy protection is not put at risk when processing medical data within the hospital. …”

Posted in Uncategorized. Tags: . No Comments »

British Hacker Closer to Extradition

August 29, 2008 — 585

The hacker Gary McKinnon is getting closer to extradition after losing his appeal.

Since then McKinnon’s lawyer, Karen Todner, has told the BBC that she will ask the Home Secretary to intervene in the case. The Home Office has previously approved his extradition and has today said that it has no further statutory role in the case.

McKinnon has admitted hacking into computers belonging to NASA and the US military in 2001 and 2002 though he has disputed US prosecutors’ claims that he caused $700,000-worth of damage.

He has fought a long legal battle to face trial in the UK because that is where he was when the alleged crimes were committed and not in the US. US prosecutors previously threatened Mckinnon with up to 70 years in jail and said he could be tried under anti-terrorism laws.

Source Out-Law

Posted in Uncategorized. Tags: , . No Comments »

90 Days – Because its so complex?

August 29, 2008 — 585

One of the reasons the UK Government keeps pushing for changes to the law to allow for 90 days detention without trial is the complexity of terrorism cases.

The argument goes something like this:

  • We have arrested a man, who we know is guilty, but the evidence is so complex that we can’t prove it: E.g There are a tens of computers to search, hundreds of boxes of paper to search, and bags of credit cards, fake passports etc, its just all so complex, that we need more time to investigate before we charge.

This argument is flawed at virtually every point. Firstly if there are huge amounts of paper, say 1000s of pieces of paper  and 1000s of gigabytes of data to search through,  this information does not take 3 months to process.

In fact major law firms handle very large volumes of data on a daily basis, far larger than in terrorist cases. In fact there is a multi-billion dollar industry called “electronic discovery” that does exactly this. It trawls through huge amounts of data and presents it in an easy to read and search manner for the users/investigators.

Modern technology allows for concept searching, time line creation, and can now even “cluster” together documents of a similar nature automatically. This allows review teams/investigators, to find documents of relevance quickly, and then find other similar documents with matching concepts or within the same time line.

Having seen teams of lawyers plough through 100,000s of documents in a matter of weeks, then how come the UK government can’t do this?

The answer, sadly, is because the UK government simply does not have this technology. Having worked on both sides, I have seen the private sector complete a sizable review of documents in around 2 months, and the UK Government, on the other side, take around 9 to 10 months for the exact same case.

Secondly, just because a case is complex it doesn’t mean that it can’t be dealt with, and there is no need to review all of the documents. In fact the Bar Council had this to say on the issue of complexity.

Whilst terrorist cases may be complex in the sense that they may involve seizures of large volumes of material, the use of false identities, and international links, the scale of the investigations is not unusual. Investigations of comparable size and with the same features are found in drug trafficking and fraud cases. These features are not unique to terrorist cases and cannot justify further extension. The experience of the Bar is that very often whilst (due to the thoroughness of the investigative teams) large volumes of materials are seized, the real issues frequently involve a modest number of exhibits, the existence of which is well known from shortly after arrest. Detailed questions based upon recovered material are put to suspects in interview within the early stages of detention (the “interview material”), and this material is only exceptionally shown not to fairly represent the thrust of the allegation against suspects. Whilst further evidence may subsequently come to light which puts this “interview material” into a fresh light this is unlikely to bear upon the decision to charge.

This was put to the home office in a letter in 2007

In short, the Bar Council don’t see the size of cases to be an issue at all, and the Bar are the ones who have to prosecute and defend in these cases. It can also be shown that other cases of equally complex nature, e.g major frauds, are dealt with in the 24 hour detention period – rather than 90 days.

Thirdly, if the police have arrested a person with boxes of paper, a few false passports, and some credit cards, is he the real immediate threat? Is he somehow going to destroy the UK Rail network with the cunning use of credit cards?

Surely if the suspect has a few sticks of TNT, a clock, and some bright red curly wires – they have enough to charge him on, and it doesn’t take 90 days to work out what to charge him with? If there are no explosives, no bomb making kit, no car full of fertilizer – what danger does he pose?

If the suspect is really accused of organizing serious offences,  and there is a genuine concern that he will continue when he is released, is there nothing he can be charged with, just a  simple  holding charge, and then re-arrest the suspect later with the more serious offence?

Surely, if the suspect is such a serious threat/terrorist there must be some offence he can be charged with; offensive weapon, stolen credit cards, fake passports, or the like? If there is no evidence of weapons, or any crime,  then why the need to detain him for 90 days? What is the immediate threat?

But, if the security services still insist that he is a threat, that he can continue to plot and plan once released and they have nothing to charge him with at all, not even a stolen mobile phone, can they not just release him and follow him? There are dedicated teams in the police and security services for doing this, and it was certainly done regularly against the IRA, who were one of the most sophisticated terrorist organizations in the world. Far more organized than a couple of jokers from Burnley whose idea of “terrorist planning” involves buying some extra petrol for their car and driving at a building.

Surely it would be preferable to have more resources to conducted the surveillance than to change the law, with all the costs associate with changing the law, and the loss of rights the latter brings.

Posted in Terrorism. Tags: , . No Comments »

Video: Keyword Searching with Encase

August 29, 2008 — 585

Below is a very basic video for keyword searching within EnCase

Posted in Encase, Video Guides. Tags: , . No Comments »

Video: Locating MFT from Volume Boot

August 28, 2008 — 585

Following on from the previous articles on the MBR, and the MBR Partition Tables,   and a video on how to identify the first partition from the MBR, below is a video showing the MBR via EnCase.

Below is a guide on trying to locate the MFT (Master File Table) and MFT Mirror, from the Volume Boot/Boot Sector/BPB

Posted in Encase, File System, Video Guides. Tags: , , . No Comments »

Video – Locating the First Partiton from the MBR

August 27, 2008 — 585

Following on from the articles on the MBR, the MBR Partition Information,  and the video showing a general examination of the MBR , below is a video showing how the location of first partition can be extracted from a manual examination of the MBR.

Posted in Encase, File System, Video Guides. Tags: , . No Comments »

Fourth Accountant Prosecuted Under the DPA

August 27, 2008 — 585

Following on from the previous prosecution of an accountant, the ICO has continued its enforcement of the DPA, with its fourth prosecution of an accountant this year.

The Information Commissioner has prosecuted Mr Satish Lakhani of Lake & Co Accountants ( based in Harrow) for failing to notify/register with the ICO. This is a requirement for all organisations that process individuals’ information.

Despite repeated reminders Mr Lakhani failed to register with the Commissioner for a nominal annual fee of £35.

Mick Gorrill, assistant commissioner at the ICO, said: ‘The Data Protection Act gives us all important rights, ensuring that organisations process and protect our personal information properly. Notifying as a data controller under the Data Protection Act is an important obligation for any organisation which processes personal information.’

‘Today’s case is the fourth accountancy firm that we have prosecuted this year alone’ he added.

Mr Lakhani was fined £300 and ordered to pay costs of £483.40 plus a victim surcharge of £15 at Harrow Magistrates Court.

Source

Posted in Data Protection Act. Tags: . No Comments »

How do you stop people taking data via a USB Drive

August 27, 2008 — 585

Currently, based on recent reports, it appears that there is more and more data being stolen via USB ports. Can this be stopped? Are there technical solutions to this?

According to SC Magazine many FTSE IT departments going so far as to glue USB ports shut to prevent their use”. If that’s true, that is shocking.

There are many ways to prevent data theft, and using glue should not be one of them. Below are some ways IT staff should consider.

  1. Turn off USB ports of at the BIOS (if BIOS allows) and password protect the BIOS (this is not full proof though as the BIOS can be reset).
  2. Switch the USB port to write protect mode by changing the registry. IT Admins can force this change through the domain/active directory. This means that staff can come in to work, play music, look at pictures etc via the USB ports, but not take data out.
  3. Use one of the many DLP (Data Loss Prevention Tools) available to block prevent or limit users doing this.
  4. Limit access by permissions. Does the whole company need access to company contacts, or just the sales department. If people don’t need access take it away
  5. Enforce encryption on USB drives

Top Tip – if your IT Manager is using glue as the primary source of preventing data theft, he probably used to work for the government!

Posted in Data Loss. Tags: , , , . No Comments »

Enforce Encryption on USB Drives to Prevent Data Loss

August 27, 2008 — 585

There are a variety of tools available that are able to block or monitor USB ports, therefore limiting/preventing the ability to for users to take data out of the company via USB drives.

But what if your staff do need access to USB drives, e.g to take presentations from the servers to their laptops, or to move large CAD or graphic files around the office, or between offices. USB drives have their value and blocking them all together is often not the solution.

Technology nowadays allows users to bind USB drives to particular machines, i.e only those USB drives will work, and not others. In addition to this they can also ensure that the USB drive are encrypted. So when a USB drive is lost, it does not mean that the data is lost, just a £20 device.

Posted in Data Loss. Tags: . No Comments »
« Older posts
Newer posts »