The 1995 EU data-privacy directive restricts data transfer in the EU directly involving any company based outside the EU which does not comply with EC privacy rules. Such a restriction has yet to be imposed on any major US company or website, but Mr Tauzin said it could lead to the effective imposition of a "de-facto privacy standard on the world."

"It certainly provides for extraterritorial enforcement of EU principles on Americans and American companies," he said.

Sounds like a good thing to me. Its only a problem for companies that have European customers and don't wish to protect their privacy. After all, they can always limit themselves to folks in the good ol' USA where its legal to pilage a person's personal data.

iT (Australia) - IT: Tucows seeks tougher Net privacy rights.

An Internet company today called on the domain name industry to tighten rules governing the use of private information for mass marketing.

Tucows Inc chief executive Elliott Noss said domain name registrants should be automatically protected from having their marketing information sold, without having to take action to protect themselves.

He said some companies which sold Internet addresses also sold their databases of registrants' private information for mass marketing.

InfoWorld - Users, vendors face off over UCITA law in Texas.

A Titanic struggle over the proposed new Uniform Computer Information Transactions Act -- one that pits large corporate users against a group of major technology vendors -- is under way in Texas and could become a key showdown for the controversial software licensing measure.

The legislation, known informally as UCITA, was approved relatively easily last year in two states: Virginia and Maryland. But things are different in Texas, where opponents are moving aggressively to prevent the state legislature from passing the measure.

[ ... ]

A number of large technology users, including Boeing in Seattle and Phillips Petroleum in Bartlesville, Okla., are leading the attack against UCITA in Texas and other states that are considering the proposed law. They are up against Compaq Computer, Microsoft, and technology industry trade groups that back the measure.

Ken Rigsbee, director of government relations at Phillips, said the $21.2 billion petroleum refiner and distributor wants to see UCITA defeated in Texas. Among the reasons the company opposes the proposal written by the Chicago-based National Conference of Commissioners on Uniform State Laws (NCCUSL) are provisions that could allow vendors to remotely shut off software at user sites in the event of contract disputes.

Slashdot | UCITA Fight Comes to Texas.

NSA - Security-Enhanced Linux Documentation. The documentation for the security-enhanced Linux consists of a paper describing the design and implementation of the kernel security mechanisms, a paper describing the security policy configuration, an installation document, and the manual pages for new system calls and new or modified utilities.

NSA - Downloading Security-Enhanced Linux.

NSA - Security-Enhanced Linux. National Security Agency's perspective on Security-enhanced Linux.

As part of its Information Assurance mission, the National Security Agency (NSA) has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from the NSA's Information Assurance Research Office have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments.

IBM developerWorks : Security : Uncovering the secrets of SE Linux: Part 1. The first in-depth look at the SE Linux code

In an uncharacteristic move, the U.S. National Security Agency(NSA) recently released a security-enhanced version of Linux -- code and all -- to the open source community. This dW-exclusive article takes a first look at this unexpected development -- what it means and what's to come -- and delves into the architecture of SE Linux.

Slashdot | NSA Linux In Depth.

silicon.com - Last chance saloon for data protection evangelists. He (lawyer Andrew Rigby, head of the ecommerce division for law firm Tarlo Lyons) estimates that about 80 per cent of multinationals are currently breaching the EU data rules. "The fact that only 25 have signed up to Safe Harbour means that there are quite literally hundreds of thousands of companies potentially breaking the law. The failure of safe harbour really puts Us attempts at self-regulation in the last chance saloon," he said.

silicon.com - US outraged at 'onerous' European privacy laws.

The growing argument over data protection in the US escalated yesterday as a US congress committee slammed strict EU laws on privacy, claiming it was trying to impose a de facto standard on the rest of the world.

They're only upset because they didn't get to do it to them. It also makes it harder for them to claim that protection can't be implemented here if it has already been done in Europe.

The news is the latest event in the debate between the two sides of the Atlantic, over privacy regulations, which will play a large part in determining the level of control over data consumers can expect from the net.

CNN Transcript - The Point With Greta Van Susteren. Battle Over Dale Earnhardt's Autopsy Photos Raises Larger Questions About Privacy in the Digital Age.

WashTech.com part of the Washington Post - ID in the Blink Of an Eye. It can identify people in seconds by snapping a picture of the colored portion of their eyes and matching it with a prerecorded image.

Two years ago, a small McLean-based firm, Spring Technologies Inc., nabbed an exclusive license for the James Bond-like technology from Marlton, N.J.-based Iridian Technologies Inc.. The license allowed the company -- now called EyeTicket Corp. -- to be the first to use the technology in a promising application, helping airlines speed up check-in and boarding of flights.

Political News from Wired News - FBI: Massive Web Heists. Organized hacker groups in Russia and the Ukraine are apparently to blame for the stealing of more than 1 million credit card numbers off websites in the past year.

Culture News from Wired News - Human Being, or Human Folly? They're well funded, they don't care what the Vatican thinks and they're ready to get going. An international team of scientists is about ready to start cloning human beings and they'd appreciate it if governments kept their noses out of it, too.

Political News from Wired News - Privacy Awards: The Good and Bad. Awards time at the Computers, Freedom and Privacy conference is a mixed bag. The Pioneer awards go to those who protect people's rights; the Big Brother awards, well, they speak for themselves.

CNET NEWS.COM By Brian Livingston - How a Net credit card scam might snag you . You may be one of thousands of people who've had unauthorized charges placed on their credit cards by Internet marketers. But you may not know that your card number was originally handed over to the perpetrators by your own bank.

[ ... ]

It isn't necessarily a crime in the United States for a bank to sell a telemarketing company your credit card number, although it is in some other countries.

The Gramm-Leach-Bliley Act, enacted in November 1999, is the most recent U.S. law affecting the transfer of credit card number to unauthorized third parties. The act allows consumers to "opt out" of a few data-sharing arrangements. But it permits banks to give your credit card numbers to any "affiliated" third party, such as an insurance subsidiary. And--in an exception that infuriates consumer groups--a bank may give the information to a third party that it has a "joint agreement" with.

By contrast, Canada recently adopted a Personal Information and Electronic Documents Act, which went into effect on Jan. 1, 2001. The first phase of the law protects personal banking data, such as credit card numbers. A second phase, beginning on Jan. 1, 2002, will cover personal health information.

And in Europe, a "data protection directive" became effective in 1998, affecting all commerce in the 15 countries of the European Union. Companies must reveal to consumers the information that's been collected on them but protect personal data when exchanging files with other firms.

CNET NEWS.COM - Court won't force library to filter Net content. A California library cannot be sued under state law for failing to filter Internet content, a state appeals court determines.

SANS Alerts and Analysis - Large Criminal Hacker Attack on Windows NTE-Banking and E-Commerce Sites.

In the largest criminal Internet attack to date, a group of Eastern European hackers has spent a year systematically exploiting known Windows NT vulnerabilities to steal customer data. More than a million credit cards have been taken and more than 40 sites have been victimized.

The FBI and Secret Service are taking the unprecedented step of releasing detailed forensic information from ongoing investigations because of the importance of the attacks.

The information was released to the SANS community a short timebefore it was made available to the general public so that you can be sure your systems are safe.

Within a day or two, the Center for Internet Security will release a small tool that you can use to check your systems for the vulnerabilities and also to look for files the FBI has found present on many compromised systems - indicating your system may have already been compromised by the attacker group.

Slashdot | FBI: Massive MS Exploits OverLast Year.

Slashdot | Scientology vs. Panoussis Ruling.

Business News from Wired News - Lawyers With Hacking Skills. Attorneys, particularly those who work for big corporations, are often at a loss to deal with newfangled cybercrime laws. A new workshop not only will get them up to speed, it'll teach them some new skills, too.

Privacy International - The 2001 US Big Brother Awards.

On March 7, Privacy International held the 3rd annual US Big Brother awards to celebrate the invaders and champions of privacy. The ceremony took place at the 2001 Computers, Freedom, and Privacy Conference.

The "Orwell" statutes were presented to the government agencies, companies and initiatives which have done most to invade personal privacy. A "Lifetime Menace" award was also presented.