Thursday, March 14, 2013

The IRS got WHAT???

Did you recently eFile your taxes?  Interested in consumer protection?  Online web application best practices?  Privacy?

The definitely check out this blog post:

The author makes a pretty compelling case for having the IRS repeat back to us what it is we sent them.  It is  a simple idea, and would be simple to implement.  Apparently a lot of states already do this.  (incidentally, I e-filed my Oregon return via TurboTax this year also, and I'm pretty sure Oregon isn't one of the states that has done this).

In a lot of ways, this is a quintessential example of the concept of privacy access laid out in GAPP (Generally Accepted Privacy Principles).  If consumers give you something, you should let them know what it was they gave you, and how they can contest it!

Another obvious reason we might want to do this is to help police the quality of the tax return industry.  I've heard two news stories this year talking about quality problems with both TurboTax and HR Block products this year. The government and these companies work hard, I'm sure, to ensure quality in their products. But don't you think quality would be even higher if the users of the products got to see the final outcome of their work (e.g. the data that went to the IRS)?

Friday, February 22, 2013

Fwd: Dave Dyk (@davedyk) shared a Tweet with you!

davedyk Dave Dyk shared a Tweet with you:
lauren gelman

My NYTimes op-ed makes the case for public disclosure of serious cyber security breaches.

04:00 PM - 21 Feb 13
reply Reply retweet Retweet favorite Favorite
View Tweets from Dave Dyk.
Visit @davedyk's profile

Wednesday, January 9, 2013

Tweet forwarded by @davedyk

totally_fried: .@dhowell "Welcome To Life" the EULA and copyright parts are hysterical

Original Tweet:

Sent via TweetDeck (

Tuesday, January 1, 2013

Can we catch all the bad stuff?

I thought the NY Times had a very insightful article on the great emergence of new anti-malware type technologies. There is quite a bit of innovation in this space right now. I think the writer maybe over-stated how mainstream these types of technologies are right now (probably influenced by the insiders at the startups that they interviewed). But the underlying point is accurate that there is a trend towards new technologies the skip the impossible task of "finding bad actors" and instead either "look for possibly bad behavior" or "assume everyone is bad until they prove otherwise".  That is definitely the wave of the future.

I think one interesting dynamic that isn't touched on often enough in these things is that when we make the shift away from network security technology being detective to instead being something that must proactively allow activity, it will change the cultural expectations of network security practitioners. That is to say, right now, they are the detectives who find bad things and escalate it. In the future, they will be the regulators who must be coordinated with to enable activity on the network. This will require new skills (read: "business acumen").

Tuesday, December 25, 2012

January ISACA meeting

Be sure to join the local IIA and ISACA chapters this month for a special 2-hour joint meeting. This is a great way to network and get two CPE.

That special event will be held on January 17.  Networking will begin at 11:00AM, with a special 2-hour program from 11:30AM - 1:30PM.

Register early, as the event may sell out.  Register at the IIA site here.