Ministerial Fingerprint

In the latest version of the Datenschleuder, the Chaos Computer Club (CCC) has published a fingerprint of Germany's Minister of the Interior, Wolfgang Schäuble. It also contains an instruction how to make fake fingerprint that can be attached to another person's fingertip.

The CCC has been fighting authorities' data acquisitiveness for quite some time now, and this scoop will hopefully fuel this discussion and make a broader audience aware of what threat to personal integrity the widespread use of biometrical data constitutes.

BTW, this is the fingerprint:

Data retention law - Vorratsdatenspeicherung - Slap in the face for government

Today, the German constitutional court issued an intermediate decision regarding the new data retention law. The law forces telcos and ISPs to store any connection data for six months and to make it available to law enforcement organisations (police, prosecutors) upon request. The court has ruled that this data only needs to be made available in the case of capital crimes. The final decision is expected to be taken later this year.

Some time ago, the German Minister of Justice commissioned an investigation regarding the legal aspects of the planned data retention law. Obviously, the result was not the desired one and the publication has been slowed for quite some time, while requests regarding the publication of an intermediate version have been refused by the ministry.

It is astonishing, how frequently the "law and order" politicians in the German government are slapped by the constitutional court. Last week, the court prohibited the automated scanning of cars' license plates, this week the next slap in the face.

Addition (March 21, 2008): One of the best commentaries on the topic I found, in the paper "Die Zeit".

Computerwoche article

I recently published a short article on the "Glocalization of IT Governance" in the German IT weekly Computerwoche. It outlines four governance styles and describe their main characteristics.

If you read German, you can find it here.

Feedback and comments are welcome!

Conference presentation

On June 4, I will be giving a keynote presentation on Enterprise Information Management (EIM) at a conference arranged by IIR. When starting to prepare the keynote I realized that the term EIM is used in a rather inconsistent way by users and vendors alike. But, as some of my colleagues stated: for companies to manage their information assets better, they need to clearly understand the term enterprise information management and its meaning. And, they also came up with a definition:

Enterprise information management (EIM) is an integrative discipline for structuring, describing and governing information assets, regardless of organizational and technological boundaries, to improve operational efficiency, promote transparency and enable business insight.

This definition is comprehensive and covers the most important elements of EIM. But, although it is a one sentence definition, I was looking for something even shorter. How do you like this one:

EIM is the just-in-time concept for information.

Unfortunately, the conference was cancelled due to a small number of participants. I find it interesting that a concept like EIM is not interesting enough to attract a larger audience.

WLAN Security

A lot of people still seem to be rather ignorant about the vulnerability of their wireless access points. One of our neighbors believed that using a hidden SSID would be a sufficient security level. Of course it is helpful, but if you change neither the standard SSID nor the standard password for router administration ...

Well, today is his birthday, so in the last row you can see my congratulations:



This was just for the lulz and I promise that I also will give him the new password when he comes over for a party tonight. So, no harm done.

Otherwise, security is still an underestimated issue. Imagine, I had used his access point for unlawful activities. He would have a hard time explaining this to the police.