Enter the Advertisers: Via CDT - PolicyBeta.

Given how much advertising we all see, especially online, you know it means something when the entire advertising industry gets together to make an announcement. Today, the advertising industry, as represented by a cohort of trade associations, joined together to publish their own self-regulatory principles, with an aim toward increasing privacy protection for online behavioral advertising.

It’s encouraging to see the advertisers move into the privacy fray here (although not entirely surprising). For nearly a decade, the self-regulatory space has been dominated by the Network Advertising Initiative, which has historically included only third-party ad networks, which comprise just a small sliver of the industry. But when the FTC issued its own suggested self-regulatory principles earlier this year, the guidance from the agency wasn’t limited to any particular advertising sector. The advertising associations appear to have gotten the message, and have tailored their principles in rough accordance with the FTC’s recommendations.  read more »

Out of business, Clear may sell customer data: Via computerworld.

It would go to a similar provider authorized by the TSA

Three days after ceasing operations, owners of the Clear airport security screening service acknowledged that their database of sensitive customer information may end up in someone else's hands, but only if it goes to a similar provider, authorized by the U.S. Transportation Security Administration.

Until this week, the Clear service had given customers a way to skip long security lines in certain airports. For a $199 annual fee, air travelers could be pre-screened for flight and then use Clear's security checkpoints instead of the TSA's. Clear was run by New York's Verified Identity Pass, which also shut down on Monday.

Customers had to provide personal information, including credit card numbers, fingerprints and iris scans in order to participate in the program. After Clear abruptly shut its doors -- it has not yet declared bankruptcy -- some worried that this data could fall into the wrong hands.  read more »

TSA asked to ensure safety of customer data after Clear closing: Via computerworld.

Transportation security agency given July 8 deadline to explain how private information will be safeguarded

The chairman of the House Committee on Homeland Security has given the Transportation Security Administration until July 8 to explain how the agency plans to ensure the security of private data collected by a recently shuttered company that offered a registered traveler program.

In a letter to the TSA's acting assistant secretary, committee Chairman Bennie Thompson (D-Miss.) expressed his concern over the abrupt closure of Verified Identity Pass Inc.

For a $199 annual fee, New York-based VIP offered a service called Clear that was designed to help air travelers get through airport security checks faster by vetting their identities and backgrounds in advance.  read more »

Several Facts about Google and HTTPS: Via EFF.org Updates.

Three simple facts about Google and HTTPS:

One: as we posted last week, we're very pleased to hear that Google is trialling full HTTPS encryption of all Gmail pages.

Two: if Google's trials are successful, and the company does indeed make HTTPS encryption the default protocol for reading and writing Gmail messages, it will have taken a two-step lead on its competitors in the free webmail and social networking spaces. People use Yahoo! Mail, Hotmail, LiveJournal and Facebook for their private communications, but all of the private messages on those services travels over the network unprotected.1 MySpace doesn't even support HTTPS for passwords!

Three: webmail is one thing, but search is another. Sadly, it isn't possible to use Google's excellent search engine over HTTPS. If you attempt to visit google.com via https, you'll just be redirected back to unencrypted HTTP. If you try the same thing at Yahoo or Microsoft, you'll receive unhelpful error messages.  read more »

China thinks twice – and its 300m internet users scent a rare victory: Via The Guardian(UK).

For the netizens of the world's biggest online community, it was a rare victory. At the 11th hour, and with no proper explanation, the Chinese government, the most assiduous internet censor on the planet, engineered a sudden climbdown.

Instead of proceeding with plans to transform its notorious Great Firewall internet censor with new tools known as Green Dam, the authorities desisted. A terse statement ran on the Xinhua news agency. "China will delay the mandatory installation of the 'Green Dam-Youth Escort' filtering software on new computers."  read more »

Did the Sanford E-Mail Tipster or the Newspaper Break the Law?: Via Freedom to Tinker.

Part of me doesn't want to comment on the Mark Sanford news, because it's all so tawdry and inconsistent with the respectable, family-friendly tone of Freedom to Tinker. But since everybody from the Gray Lady on down is plastering the web with stories, and because all of this reporting is leaving unanalyzed some Internet law questions, let me offer this:

On Wednesday, after Sanford's confessional press conference, The State, the largest newspaper in South Carolina, posted email messages appearing to be love letters between the Governor and his mistress. (The paper obscured the name of the mistress, calling her only "Maria.") The paper explained in a related news story that they had received these messages from an anonymous tipster back in December, but until yesterday's unexpected corroboration of their likely authenticity, they had just sat on them.

Did the anonymous tipster break the law by obtaining or disclosing the email messages? Did the paper break the law by publishing them? After the jump, I'll offer my take on these questions.  read more »

Supreme Court Serves Up Remote-Recording Victory: Via Threat Level.

The Supreme Court on Monday let stand a copyright case testing whether cable operators may permit customers to store television programming on company servers to be viewed at a later time.

The issue concerns an August ruling by a federal appeals court, which lifted (.pdf) an injunction against Cablevision Systems blocking it from offering customers a recording service that stores programming on the cable company’s own servers instead of on viewers’ in-house playback devices.

Hollywood and television programmers maintained Cablevision’s service directly infringes their exclusive rights to both reproduce and publicly perform their copyrighted works.  read more »

Deep-Packet Inspection in U.S. Scrutinized Following Iran Surveillance: Via Threat Level.

Following a report last week that Iran is spying on domestic internet users with western-supplied technology, advocacy groups are pressuring federal lawmakers to scrutinize the use of the same technology in the U.S.

The Open Internet Coalition sent a letter to all members of the House and Senate urging them to launch hearings aimed at examining and possibly regulating the so-called deep-packet inspection technology.

Two senators also announced plans to introduce a bill that would bar foreign companies that sell IT technology to Iran from obtaining U.S. government contracts, legislation that is clearly aimed at the two European companies that reportedly sold the equipment to Iran.

The Wall Street Journal reported last week that Nokia Siemens Networks, a joint venture between Germany’s Siemens and Finland’s Nokia, recently gave Iran deep-packet inspection equipment that would allow the government to spy on internet users.  read more »

ATM Vendor Halts Researcher’s Talk on Vulnerability: Via Threat Level.

An ATM vendor has succeeded in getting a security talk pulled from the upcoming Black Hat conference after a researcher announced he would demonstrate a vulnerability in the system.

Barnaby Jack, a researcher with Juniper Networks, was to present a demonstration showing how he could “jackpot” a popular ATM brand by exploiting a vulnerability in its software.

Jack was scheduled to present his talk at the upcoming Black Hat security conference being held in Las Vegas at the end of this month.

But on Monday evening, his employer released a statement saying it was canceling the talk due to the vendor’s intervention.  read more »

After Sale, Pirate Bay to Become Cash Cow?: Via Threat Level.

The Pirate Bay has agreed to be sold for $7.7 million, a deal with a Swedish software maker that would ultimately turn the world’s most notorious BitTorrent tracker into a legitimate player.

The move by Global Gaming Factory X AB comes nearly three months after the four co-founders of The Pirate Bay were found guilty of facilitating copyright infringement, and face a year each in prison pending appeals in addition to a $3.6 million fine.

While the site is to discontinue pointing the way to free movies, music, games and software, Global Gaming Factory thinks it can turn The Pirate Bay into a money-making venture.  read more »

Help Protesters in Iran: Run a Tor Bridge or a Tor Relay: Via EFF.org Updates.

As turmoil over the disputed election in Iran continues, many techs are trying to find ways to help Iranian citizens safely communicate and receive information despite the barriers being established by Iranian authorities. One tactic that even moderately tech-savvy Internet users can employ is to set up a Tor relay or a Tor bridge.

More sophisticated users can skip this paragraph, but for the rest, here's the basic outline. Tor (an acronym of "The Onion Router") is free and open source software that helps users remain anonymous on the Internet. Normally, when accessing websites, your computer asks for and receives a webpage out in the open, a process that exposes your IP address, the URL of the website, and the contents of the site, among other information to third parties. When accessing websites while using Tor, your computer essentially whispers its requests for a website, to another computer, which passes the request on to another computer, which passes it on to another computer, which passes it onto the computer where the website is hosted; the reply returns in the same, chain-message manner. The whispers are encrypted, so that neither outside authorities, nor the computers in the middle of the chain, can tell what is being said, and to whom. And the website itself does not have your IP address either.

Internet users in Iran are using Tor to both (a) circumvent censorship systems and (b) remain anonymous while reading and writing on the Internet. Both are critically important to the safety of protesters, many of whom fear retaliation from the government. Preliminary reports indicate that use of the Tor client in Iran has increased in the days after the contested election.  read more »

Pirate Bay Unveils YouTube-Like Site: Via Threat Level.

This is not your parents’ YouTube.

This is VideoBay, a YouTube-like service without the worries and hassles of those annoying copyright takedown notices.

And if you haven’t guessed by now, behind the service is The Pirate Bay. The new site, according to its operators, is in “beta extreme.”

“Don’t expect anything to work at all,” a message on the site reads.

The announcement of the “beta extreme” version of VideoBay comes as the four founders of the Pirate Bay face a year in prison following their April convictions for facilitating copyright infringement at the world’s most notorious BitTorrent tracker. The
Pirate Bay told TorrentFreak “that there is still a lot of work to do behind the scenes. The encoder is not finished yet and he design is also a work in progress.”

Notwithstanding the convictions and likely appeals, The Pirate Bay site continues to operate with more than 20 million users. Instead of licking their wounds, the operators instead are flipping a bird of sorts to prosecutors and the content industry.  read more »

SCOTUS: Safford school search violated Fourth Amendment, but qualified immunity applied: Via FourthAmendment.com.

Search of a school students underwear for over-the-counter painkiller was unreasonable because it lacked reasonable suspicion under T.L.O. Safford Unified School District #1 v. Redding, 08-479 (June 25, 2009). ScotusWiki here here; News: NYTimes here, WaPo here, LATimes here, Eastern Arizona Courier (Safford AZ) here.

The Syllabus:  read more »

Filtering Companies Can’t Be Sued By Blacklisted Firms, Court Rules: Via Threat Level.

A federal appeals court, in the first decision of its kind, said Thursday that companies providing malware, spyware and adware blocking services are immunized by the Communications Decency Act of 1996 from lawsuits claiming unfair business practices.

A three-judge panel of the 9th U.S. Circuit Court of Appeals found that the CDA treats security software makers the same as internet service providers when they block material they find objectionable, granting them so-called “good Samaritan” immunity from civil lawsuits.  Like an ISP, such companies provide an “interactive computer service”  because they pull updates from a central server, the San Francisco-based appeals court said.

“We conclude that a provider of access tools that filter, screen, allow, or disallow content that a provider or user considers obscene, lewd, lascivious, filthy, or excessively violent, harassing or otherwise objectionable is protected from liability,” the court ruled. (.pdf)  read more »

Facebook hires lobbyists to push privacy agenda: Via guardian.co.uk .

Social networking site hopes increase influence with world authorities

Facebook is hiring lobbyists to push its agenda on internet privacy and data sharing in Brussels and Washington, as the social networking site attempts to increase its influence with authorities around the world.

The company has appointed Richard Allan, who was previously the head of European regulatory affairs for the technology giant Cisco, to lead its efforts in lobbying