Government agencies have plans in the pipeline to conduct a sweep of Australian Web sites, checking for compliance with new privacy legislation.

CanadaComputes.com - (Opinion) - There is a time for action and a time for privacy.

In a recent appearance at the KMDI lecture series offered by the University of Toronto law school, Marc Rotenberg, founder and president of EPIC (Electronic Privacy Information Center at www.epic.org) spoke about the state of privacy since September 11th.

The new year is a good time to consider our new world, and Rotenberg's statements resonated with a rawness many felt in recent months. After the numbness of mourning, he said he realized that "we no longer have the luxury to sit on the sidelines anymore."

[ ... ]

We must decide now whether we should allow our representatives to label hacking as a terrorist act; to allow the federal government to collect a database of facial scans, DNA or other personal information about each of us, of foreigners, of those merely suspected of crimes or even those convicted of crimes. We must decide now, because once these laws and databases are created, they will never be destroyed.

Harvard Law - BOLD - Internet Privacy - Introduction. The Berkman Center for Internet & Society BOLD site for "Privacy in Cyberspace, 2002". Participation is free and open to the public, registration is required.

Informational Privacy concerns the claim to control the collection, use or distribution of information about oneself. This series is designed to address potential threats to individuals' informational privacy on the Web posed by collection, use and distribution of that information by other individuals, corporate or institutional interests, or by the government. We have designed the series so that it will be possible for a participant to gain an awareness of some of the legal and policy issues affecting privacy that arise online. The series will launch March 11, 2002, and the live portion of the series will run for six weeks.

We have organized our study of privacy in cyberspace into six weeklong modules. Each module is designed to explore various technologies and to ask whether their use raises privacy questions. In general, the modules launch on the indicated Monday. (The links for each module won't be live until the indicated start date.)

Slashdot | Your Rights Online - Privacy in Cyberspace.

Slashdot | Canada to Raise Tariffs on Recordable Media.

Slashdot | Hong Kong Gets Smart ID Cards.

Robotcop - robots.txt: It's the Law.

Welcome to the home of the Robotcop project. Robotcop is an open source module for webservers which helps webmasters prevent spiders from accessing parts of their sites they have marked off limits.

Slashdot | Apache - Robotcop: It's the Law.

Inspired by the recent Slashdot and Evolt discussions about Blocking Bad Spiders, we set out to write an Apache module that solves this problem. The result is Robotcop and it's ready for action. We believe that it's the best solution to protecting Apache webservers from spiders currently available. Install it and help us make life hell for e-mail harvesting software!

Slashdot | Air Force Warns Microsoft/Others to Tighten Security.

USA TODAY - Air Force seeks better security from Microsoft.

A top U.S. Air Force official has warned Microsoft to dramatically improve the security of its software or risk losing the Air Force as a customer. In an interview, Air Force chief information officer John Gilligan revealed he has met with senior Microsoft executives to tell them the Air Force is "raising the bar on our level of expectation" for secure software.

Political News from Wired News - Tariff on Blank CDs? Blame Canada.

"If this tax is passed, it will raise the prices on products that most businesses now use to store data," said Joseph McCormick, a corporate law attorney. "It's unfair to Canadian consumers and it's unfair to businesses. Not everyone with a CD-burner, a PDA or an external hard drive is a thief."

[ ... ]

If approved, the new tax would levy an additional fee of 59 cents (Canadian) on blank CDs. Memory cards, such as those used in handheld computers or digital cameras, would be taxed at 0.8 cents per megabyte of storage space. Manufacturers of blank DVD discs would pay an extra $2.27 per disk.

Hardware manufacturers would also be affected. Makers of MP3 players would pay $21 in fees for each gigabyte of memory available on their devices, raising the cost of devices like Apple's iPod by more than $100.

CNET NEWS.COM - Spammers target IM accounts.

Growing incidents of spam attacks on some instant messaging networks are raising vexing questions about the future of one of the fastest-growing applications on the Internet.

Unsolicited commercial appeals on instant messenger are still uncommon, but they are becoming prevalent enough that some IM fans worry their networks are vulnerable to the seemingly unstoppable marketing deluge that has long flooded e-mail in-boxes.

None of the major IM providers interviewed for this story would talk about their spam problems in detail. But consumers and spam experts said the phenomenon is growing, with no silver bullet in sight.

New York Times - Editorial Op-Ed: by Jonathan L. Zittrain free registration required Taming the Consumer's Computer.

Absolutely. In January Bill Gates sent a memo to all Microsoft employees declaring a new, overarching, even revolutionary mandate: Software must be reliable and "trustworthy." This new focus is both welcome and worrisome, because the very steps needed to secure our computers and networks can be the steps that will deaden them to continued innovation and creative uses -- while opening them to more intrusive monitoring by mainstream technology manufacturers and content providers.

Mr. Gates and the co-captains of his industry are producing blueprints for so-called "trusted" PC's. They will employ digital gatekeepers that act like the bouncers outside a nightclub, ensuring that only software that looks or behaves a certain way is allowed in. The result will be more reliable computing -- and more control over the machine by the manufacturer or operating system maker, which essentially gives the bouncer her guest list.

And as soon as there are limits on the software a PC can run, there will be limits on what PC users can do. That's exactly what executives like Mr. Eisner and Mr. Chernin want. They'd like software and hardware companies to build PC's to allow a publisher an exquisite level of control over a book or a song or a movie in the hands of a consumer. Trusted PC users might spend $1.95 for a single viewing of the latest Disney animated feature, or they might pay a similar amount for three listens of U2's most recent single. Security, stability, reliability -- and control.

Users may buy a trusted PC even if it won't show a digital video lent by a friend, because it will act less like a temperamental computer and more like a crash-free super-VCR -- like the just-released Microsoft X-box. But in the process of "improving" our PC's, the manufacturers and their partners will be able to determine what software will and won't be allowed to run, what we can and can't do with the information to which we're exposed, and what data about our online activities will be collected and sent to the manufacturer or content provider to assist in future marketing.

Jonathan L. Zittrain is an assistant professor at Harvard Law School and a director of its Berkman Center for Internet & Society.

Earthweb Hardware and Systems: Opinions: Want To Back Up Your PC? Ask Disney's Permission.

Disney, Sony, and other record companies and movie studios want to repeal the "fair use" rights enjoyed by generations of music lovers; make music CDs unplayable in computer CD-ROM drives and legally purchased digital content impossible to copy or transfer between devices; and force the tech industry to cripple its products with built-in copy protection that benefits Hollywood and harms consumers. The tech industry is saying no, thanks, but the entertainment industry's campaign contributions have gone a long way in the U.S. Senate.

The evidence is the Security Systems Standards and Certification Act (SSSCA) drafted by Senate Commerce Committee chair Fritz Hollings (D-S.C.), which hasn't been formally submitted yet but hung over a committee hearing last week at which Intel Corp. executive vice president Leslie Vadasz let go with both barrels. The outnumbered Vadasz hit it right on the head when he declared that Hollywood wants "to neuter the personal computer to be nothing more than a videocassette recorder" or other media playback device.

[ ... ]

And the penalties aren't small potatoes: A first offense could net you a $500,000 fine and up to five years in the slammer, with any subsequent violations costing a million bucks and 10 years, respectively -- not counting actual or statutory damages that could be invoked above and beyond these penalties. In other words, the entertainment industry doesn't want to pay the tab for protecting its digital rights, so consumers and businesses will be forced to foot the bill, or face the consequences.

Think this insanity affects only DVD-R manufacturers? Think about how the SSSCA could impact areas like building, upgrading, or repairing PCs. It's hard to tell how far things could be taken, but it's entirely conceivable that entire lines of tech employment could become illegal or at least obsolete. As for programming, open-source software such as Linux would by definition become illegal (even installing it would be a felony), while other publishers would have to allow development time for even the smallest piece of C++ code to be checked for SSSCA compliance.

[ ... ]

I know it's easy to dismiss this threat as an impossible Hollywood fantasy; I ignored it for some time myself. But when I mention the proposed legislation to friends and colleagues and get only shocked replies ("There's no way they would do that") or stares of disbelief, I'm tempted to quote Edmund Burke: "The only thing necessary for the triumph of evil is for good men to do nothing."

Chicago Tribune | Piracy bill could lock up computers.

Compiling your favorite tunes or a photo slide show on a compact disc could no longer be possible if the backers of a proposed federal copy-control bill prevail.

The draft legislation would require nearly all digital electronic devices from PCs to digital camcorders to contain a lock of sorts that restricts the copying of music or movies.

The goal, say proponents led by the entertainment industry, would be to block piracy and the Napster-like ability to make unlimited copies of digital content.

The effect, others say, would be a loss of freedom for consumers, a stifling of innovation in the technology industry and a violation of the "fair use" provision traditionally enjoyed under federal copyright law.

[ ... ]

Opponents say that by making it impossible for consumers to make personal copies of digital content--for backups or for playback on other devices--the bill would violate the "fair use" provision of federal copyright law. That concept lets reviewers quote passages in books without getting the publisher's permission, for example.

Even firms developing new copy-protection technologies say the entertainment industry demands are unreasonable.

[ ... ]

The Electronic Frontier Foundation, a technology civil liberties group, notes that the entertainment industry has repeatedly fought new technologies from the phonograph to the VCR, only to discover later that the technologies helped create new revenue.

Slashdot | Your Rights Online - SSSCA Editorials.

O'Reilly Network: Understanding Rootkits.

A rootkit is a collection of tools an intruder brings along to a victim computer after gaining initial access. A rootkit generally contains network sniffers, log-cleaning scripts, and trojaned replacements of core system utilities such as ps, netstat, ifconfig, and killall. Although the intruders still need to break into a victim system before they can install their rootkits, the ease-of-use and the amount of destruction they cause make rootkits a big threat for system administrators.

The main purpose of a rootkit is to allow intruders to come back to the compromised system later and access it without being detected. A rootkit makes this very easy by installing a backdoor remote-access daemon, such as a modified version of telnetd or sshd. These will often run on a different port than the one that these daemons listen on by default.

Most rootkits also come with modified system binaries that replace the existing ones on the target system. At a minimum, core binaries such as ps, w, who, netstat, ls, find, and other binaries that can be used in monitoring server activity, are replaced so intruders and the processes they run are invisible to an unsuspecting system administrator.

O'Reilly Network: Scanning for Rootkits.

If a server is compromised, it is equally important to realize this before it's too late and take measures to survive the attack.

BW Online | March 18, 2002 | Commentary: The Best Way to Make Software Secure: Liability.

Microsoft and other tech companies have neglected security issues for years. It's time companies that sell software with yawning security flaws or fail to secure their computer systems be held liable. Companies, or individuals, should be able to sue to recover any damages brought on by faulty programs or improperly installed security software.

Today, no one is held accountable for such lapses, and there's little incentive to improve the situation. On Jan. 8, the prestigious National Academy of Sciences, frustrated that security measures already available aren't being used, suggested lawmakers consider legislation that would end software companies' protection from product liability lawsuits.

Consider the experience of CERT, the government-funded computer security group. After trying for nine months to get computer companies to fix a flaw that could hit a multitude of networked devices, from printers to Web servers, CERT issued a public warning on Feb. 12 of a security gap. Even so, a day later the majority of the 240 companies affected had yet to contact CERT.

Much of the talk about improving computer safeguards overlooks a fundamental problem: Poorly written software is at the root of many security breaches. That's why the same mistakes keep cropping up. For example, recent problems with Microsoft's new Windows XP operating system and America Online's popular instant messaging program involved a design flaw that has been tripping up programmers for 20 years--even though tools are available to test for this vulnerability. "Software companies don't spend enough time on design and testing the product before it's made public," says Marty Linder, a security expert at CERT.

Slashdot | "Ask Slashdot" - Computer Security Criteria.