The Constitutionally-mandated decennial census in the US is undergoing digitization, and the process may not be proceeding happily. Reuters offers an account of security failures in the Census Bureau's program to bring its work into the digital era. The data the Bureau will collect about the US population may, it is feared, be susceptible to compromise.
The exposed AWS S4 bucket that UK-based Fidus Security found earlier this week now has a known owner. TechCrunch has traced it to Deardorff Communications, which apparently does some marketing work for Sprint. The database, found on an unprotected cloud server, contained “hundreds of thousands” (specifically, two-hundred-sixty-one-thousand-three-hundred) of cell phone bills and other documents belonging to AT&T, Verizon and T-Mobile subscribers. It’s thought that these were collected as part of a campaign to induce people to switch from these carriers to Sprint, the inducement being the familiar offer of the gaining company to pay the subscribers' early termination fees. The information exposed in the incident included bank statements, subscribers’ online usernames, passwords and account PINs. Deardorff Communications told TechCrunch that they secured the database yesterday.
Federal privacy legislation is advancing in the US Congress. The Senate has referred S.2961 "A bill to establish duties for online service providers with respect to end user data that such providers collect and use," to the Committee on Commerce, Science, and Transportation.
Genetec reports that security cameras remain in general at least as big a threat to privacy as they are an aid to security.
The public schools in Montgomery County, Maryland, have sustained a data breach that compromised the personal information of some six-thousand students, according to the Wheaton, Maryland, Patch. The school system's disclosure was first issued on November 25th. Schools themselves are increasingly monitoring their students online activities for a range of motives that run from safety (hoping to spot incipient signs of violence) through concern about student well-being. But these efforts, according to studies reported by Vice, seem to be largely an exercise in futility, and in principle a threat to student privacy.