Not to mention the fact that some financial institutions, in focusing on how to finance The Inquisition rather than how to conduct it confidentially, will probably tip off terrorists that they are being investigated by way of charging them fees. This is further proof of the truism "you can't expect an infosec novice to do security work and get it right the first time."
-----Original Message----- From: Jason Coombs [mailto:[EMAIL PROTECTED]] Sent: Friday, November 15, 2002 10:11 AM To: RD D; [EMAIL PROTECTED] Subject: RE: PATRIOT Act IT Security guidelines My bank recently informed me that my account would be charged $10.00 for each immigration and naturalization service or other government-initiated review of my account. Presumably this comes from the PATRIOT Act -- my bank wants me to bear the cost of the additional monitoring when it specifically targets me. I guess they've determined that the near-term impact on their bottom line is potentially large so an incremental fee increase in other areas or simple patriotism aren't adequate financing strategies for the implementation of the PATRIOT Act. There can be no doubt that certain demographic groups will be assessed such fees far more frequently than others. The end result is probably racial profiling paid for by the people who are the targets of investigation. This is one of the most compelling reasons that private companies should never be allowed to get involved in law enforcement -- even asking for their help is a slippery slope and the government might be in the wrong on this point. Legislators now have to come up with a PATRIOT Act Funding bill and a PATRIOT Act Standards of Practice bill to regulate the way in which these various private institutions demonstrate their patriotism, and the way they finance it. Sincerely, Jason Coombs [EMAIL PROTECTED] -----Original Message----- From: RD D [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 12, 2002 8:15 AM To: [EMAIL PROTECTED] Subject: PATRIOT Act IT Security guidelines Hello All -- I have been researching the PATRIOT Act as it relates to data protection. Essentially, the Act requires financial institutions to gather information regarding terrorists and suspected terrorists, and monitor accounts which they maintain for any links to the suspects. I am interested in finding any guidelines on how this sensitive information must be protected, potential penalties for negligence, and any reporting requirements for intrusions or other incidences. I have not been able to find very detailed information beyond what was originally stated in the Act, which specifies that the Secretary of the Treasury shall, in the future, enact regulations to: "further establish procedures for the protection of the shared information, consistent with the capacity, size, and nature of the institution to which the particular procedures apply." I believe the deadline for these additional regulations to be enacted has passed, but have not been able to locate anything. Thank you very much for any assistance. Bob _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail