[ ... ]

Ultimately, Mr Fraley predicts, there will be a single, regulated registry. This, however, will not end the debate about ENUM. Already, advocacy groups are voicing strong privacy concerns. The technology, they worry, could be used to create an Orwellian universal identification number, and would allow telemarketers to bother consumers on every device. It might not be long before ENUM replaces ICANN as shorthand for frustration.

Its Baaack.

CNET NEWS.COM - Spam throws on a disguise.

In one of the latest marketing gimmicks circulating the Net, the sender comes disguised as a corporate network administrator with the subject line: "Your mailbox is over its size limit." Once opened, however, the e-mail's message lewdly invites the recipient to view adult material.

Such spam tricks are designed to make spam harder to ignore--an increasingly difficult task with skeptical consumers battling e-mail overload. As a result, commercial messages with familiar-looking origins and subject lines are becoming the norm.

SecurityFocus home infocus: Securing Privacy, Part One: Hardware Issues .

When asked about efforts to combat the tracking of Internet users, Scott McNealy of Sun famously replied, "You have zero privacy anyway. Get over it." Despite McNealy's flippant attitude towards privacy, it remains a highly contentious issue, with the potential to affect many aspects of individuals' personal and professional lives. Furthermore, the ability to protect their own proprietary information, and to ensure the protection of their customers' crucial data, may mean the difference between success and failure for many organizations.

While Internet users may not be able or entitled to control information about them that is held by third parties, they can still take steps to ensure the protection of their privacy. It's never too late to begin safeguarding your privacy. This is the first of a series of three articles that will examine privacy concerns regarding hardware, then software, and then finally the Internet in general. This installment will examine hardware-based privacy issues, specifically: hardware solutions for small networks and wireless devices, hardware-based spyware, and some attempts by hardware vendors to infringe upon users' privacy.

Computerworld - U.K. eyeing Internet privacy protections for workers.

Businesses in the U.K., including U.S. firms with branch offices there, may soon face limits on their ability to monitor employee Web surfing and e-mail activity under a new privacy code due to be released by a government body in the next two months.

The U.K. privacy protections also illustrate the sharp difference in privacy approaches that exist between the U.S. and European nations, many of which have stringent privacy rules.

The code, which sets out workplace privacy rights, will call for employers to spell out their monitoring policies to employees and conduct monitoring that is "proportionate" to the risk posed by the employee activity.

Japan Today - an anti-SPAM article - title unknown.

I couldn't verify the article since all I got was a server error when I tried to load the site. It seems that the site is to busy at the moment.

Slashdot | Japan Passes Anti-spam Law.

Japan Today reports on the new anti-spam law in Japan (which went into effect Thursday). The law's main feature is that it prohibits sending email with nonexistent or spoofed addresses -- a practice common among spammers. It also requires senders to clearly identify UCE as such (so users can install automated blocking tools if they so desire) and provide opt-out functionality. The UCE problem is especially severe in Japan where local phone calls are not free and users must currently pay for downloads of email.

Slashdot | Your Rights Online - XP, Phone Home.

The Register (UK) - Win-XP Search Assistant silently downloads files.

Indeed, and neither had I. So I connected an XP box to my ISP, started a packet sniffer, and launched the Search Assistant. Sure enough, it immediately connected to http://sa.windows.com/ and fetched a number of files. But it didn't attempt to send any data to the site, beyond comparing my locally-stored versions of those files to the ones on the server.

But when I performed an Internet search, the Assistant sent my search terms to the Microsoft site, and also dropped a session cookie on my machine.

[ ... ]

For now it appears that there's nothing here for users to worry about. But there is a question about MS playing fast and loose with people's Internet connections. Certainly, the minute one ventures onto the Web, one starts bleeding information all over the place, fetching images and ads and taking cookies from secondary and tertiary sources too numerous to mention.

But when we run an application for some local business like a file search, we don't expect it to connect silently to the Net, even for a good reason. When we discover something like this, it feels like someone else is in control of our computer, and that is definitely not a good feeling.

If Trustworthy Computing is going to mean anything, it's going to have to mean that actions like file downloads aren't going to happen without the user's knowledge and consent. A simple popup asking if one wants the latest XSL files with the options to decline, to be asked each time, or to grant permission to go ahead without further consultation is all that would be needed.

Linux Journal - Google Begins Making DMCA Takedowns Public.

In an apparent response to criticism of its handling of a threatening letter from a Church of Scientology lawyer, the popular search engine Google has begun to make so-called "takedown" letters public. DMCA-censored pages are now two clicks and a cut-and-paste away from the regular search results.

The full text of two new letters to Google, dated April 9 and 10, already appears on the free speech site chillingeffects.org. "I think it's great that they're calling attention to the way the takedown provision can be used to compromise their search results," said Wendy Seltzer, Fellow of Berkman Center for Internet & Society at Harvard Law School and co-founder of chillngeffects.org.

Google is still choosing to take advantage of the Safe Harbor provision of the Digital Millennium Copyright Act, which allows web sites to escape liability for copyright infringement if they take pages down in response to properly formed letters.

Slashdot | Your Rights Online - Google Publicizes DMCA Takedowns.

In an apparent response to criticism of its handling of a threatening letter from a Church of Scientology lawyer, the popular search engine Google has begun to make so-called "takedown" letters public. DMCA-censored pages are now two clicks and a cut-and-paste away from the regular search results.

Neil Gunton: Computer Programmer - Stopping Spambots: A Spambot Trap. Using Linux, Apache, mod_perl, Perl, "MySQL", ipchains and Embperl

Slashdot | Stopping Spambots: A Spambot Trap.

New York Times - free registration required Hawaii Halts Use of Cameras to Catch Speeders.

HONOLULU, April 10 -- Gov. Benjamin J. Cayetano ordered a halt today to the use of cameras to catch speeders, a system that many Hawaii motorists considered so underhanded that they tried to subvert it.

Governor Cayetano said he acted because the Legislature was about to repeal the program anyway. "The traffic van cam law is the creation of the Legislature, and if they want to now cancel the program it will be canceled," the governor said.

The van-mounted cameras, introduced on Oahu two months ago and operated by a private company, were coupled with radar and automatically photographed a speeder's license plate. A ticket was then mailed to the vehicle's owner.

Erehwon Notebook - The Two Senators.

In late February, I wrote both of my senators about the Systems Security Standards and Certification Act (SSSCA), which has now morphed into the Consumer Broadband and Digital Television Promotion Act (CBDTPA). During the intervening weeks, this legislation has moved from relative obscurity to mainstream awareness, having been covered not just among bloggers and community sites, but in the mainstream press extensively.

Found via iRights.

Journal of Accountancy / The CPA Letter - Consumers Demand Companies Do More to Protect Their Privacy; Want Privacy Independently Verified: AICPA/E&Y Post-Sept. 11 Survey.

Results of a recent Harris Interactive survey conducted for Privacy & American Business, a think-tank devoted to business privacy issues, and sponsored by the AICPA and Ernst & Young show most consumers still do not trust companies to handle their personal information properly. However, independent verification of company privacy policies is the single business action that would satisfy almost two out of three consumers (62%). In fact, 84% think such verification should be "a requirement" for companies today. 

The top three concerns consumers express are that companies will share their information without permission (75%); that their transactions may not be secure (70%); or that hackers could steal their personal data (69%).

Strong majorities want companies to communicate and follow good privacy policies. However, because trust in companies is low, the survey reveals that having a company's privacy practices verified by a third party would lead more than 9 in 10 consumers (91%) to say they would do more business with such a firm. 

The Register (UK) - Europe elbows Internet content 'blocking'.

The European Parliament has voted overwhelmingly to oppose the use of "blocking" as a way of regulating content on the Internet.

The vote (460 in favour, 0 against and 3 abstentions) this morning means that ISPs will not be forced to restrict access to Web sites.

Instead, they have been given the green light to continue with self-regulation.

Culture News from Wired News - Nigeria E-Mail Suckers Exist.

The Nigerian letter fraud, which asks you for access to your bank account, has been around for two decades and is now proliferating on the Internet. And last year, some people actually lost big bucks.

I figure I've received over at least 200 of these offers . You can also report them (forward the E-mail with full headers to 419.fcd@usss.treas.gov ) Make life easier for them and let them know up front that you have NOT lost any funds. This way the can just update their collection of information (Names and phone numbers) without having to try and track you down to schedule and interview. Remember this e-mail address is only for this particular scam and NOT for SPAM in general.

EFF Media Release: EFF Seeks to Protect Internet Radio Privacy. Electronic Frontier Foundation and Broadcasters Comment

The Electronic Frontier Foundation (EFF) urged the U.S. Copyright Office on Friday to modify proposed webcasting regulations to preserve listener privacy.

In an unprecedented invasion of listener privacy, the Copyright Office has proposed that webcasters be required to gather and report to copyright owners information about individual listeners, including their country of origin, local time zone, and a unique user identifier.

Gartner.com - Three Rules for Managing Customer Privacy in CRM.

Enterprises seeking successful customer relationship management can follow three rules to ensure a balance between gathering customer information and not overstepping the boundaries of customer privacy.

Sorry but the report itself cost $95.00

Evening Standard (UK) - PM backs sharing personal data. Prime Minister Tony Blair is backing a report which will give government departments powers to exchange personal information about individuals.

Glascow Herald - Concern over plan to make personal data public.

"While some data-sharing may be necessary for reasons such as national security, there needs to be parallel safeguards. They are conspicuous by their absence."

John Wadham, director of Liberty, the civil rights group, said: "So many government agencies hold information on us that it's no surprise some bureaucrats want a peek at the files held on us by others.

"The scale of this data-sharing has been creeping up for years. Today's report, if implemented, will result in more of this peeking by officials into our personal and private lives."

Mr Wadham did acknowledge that the report, from the government's performance and innovation unit (PIU), recognised for the first time and promoted the idea that the government and public bodies had a duty to protect individuals' privacy.

However, he pointed out: "It does also suggest a significant number of safeguards but it will still lead to a major increase in data-matching."

Law.com - Groups Fear Webcast Listeners Will Lose Privacy. Privacy advocates call RIAA proposed rules 'unprecedented'

The recording industry appears to be backing away from a proposal that would require Webcasters to provide detailed information about their listeners to copyright owners.

On April 5, the Recording Industry Association of America dropped its request that the U.S. Copyright Office force Internet radio operators to collect data not required of their traditional broadcasting brethren.

But privacy advocates, who have raised a ruckus over the idea, are still worried federal officials may slip the provision into a revised regulation governing subscription digital audio services.

"It's nice to say 'sorry, we didn't mean it,' but because of their proposal, it's in the Copyright Office's proposed regulation," said Fred von Lohmann, a senior IP attorney at the San Francisco-based Electronic Frontier Foundation.

The proposal would require Internet broadcasters to collect information such as the date and time users listen to digital transmissions and the region where they log on. Privacy groups say this would be an unprecedented invasion of listener privacy.

"This is the first time in the history of broadcast media where broadcasters would be required to collect user information," von Lohmann said. "Not only is it unprecedented, it's totally without justification."

MP3 News from Wired News - Are Ads a Gateway to Illegal CDs?

This full-on marketing blitz is meant to capture the public's ongoing fascination with digital music while educating consumers on copyright law, Gateway spokesman Brad Williams said. "We wanted to show that people who are up on the issues, that they have a friend in Gateway and that people not into digital music should probably check this (phenomenon) out. But we aren't advocating piracy."

Of course, the extent of Gateway's on-air cautions about piracy don't go beyond the phrase "enjoy digital music legally."

Slashdot | Singing Cow To Attack CBDTPA.

New York Times - free registration required Microsoft Has Shelved Its Internet 'Persona' Service.

Microsoft has quietly shelved a consumer information service that was once planned as the centerpiece of the company's foray into the market for tightly linked Web services.

The service, originally code-named Hailstorm and later renamed My Services, was to be the clearest example of the company's ambitious .Net strategy. It was intended to permit an individual to keep an online persona independent of his or her desktop computer, supposedly safely stored as part of a vast data repository where there could be easy access to it from any point on the Internet.

At the time of the introduction of My Services, Microsoft also proclaimed that it would have a set of prominent partners in areas like finance and travel for the My Services system. However, according to both industry consultants and Microsoft partners, after nine months of intense effort the company was unable to find any partner willing to commit itself to the program.

Industry executives said the caution displayed by consumer giants like American Express and Citigroup illuminated a bitter tug of war being fought over consumer information by some of the largest financial and information companies.

Slashdot | Microsoft Gives Up on Hailstorm.

According to a NYTimes article: due to lack of 3rd-party support for Microsoft's "Persona" (originally codenamed 'Hailstorm'), the company has been forced to dump the project. It seems the companies didn't like having a middleman between them and the consumers. As a person worried about the future with .NET, this is a bit of a relief.

New York Times - free registration required Seeking Profits, Internet Companies Alter Privacy Policy.

Pressed for profits, Internet companies are increasingly selling access to their users' postal mail addresses and telephone numbers, in addition to flooding their e-mail boxes with junk mail.

Yahoo, the vast Internet portal, just changed its privacy policy to make it clear that it has the right to send mail and make sales calls to tens of millions of its registered users. And it has given itself permission to send users e-mail marketing messages on behalf of its own growing family of services, even if those users had previously asked not to receive any marketing from Yahoo. Users have 60 days to go to a page on Yahoo's Web site where they can record a choice not to receive telephone, postal or e-mail messages in various categories.

Similarly, when Excite, another big Internet portal, was sold in bankruptcy court late last year, the new owner asked Excite users to accept a privacy policy that explicitly allows it to rent their names and phone numbers to marketing companies. (Those users, too, could check a box on the site to opt out of such programs, if they had not already done so on the old Excite.)

[ ... ]

"What Yahoo has done is unconscionable," said Seth Godin, Yahoo's former vice president for direct marketing. "It's a bad thing, and it's bad for business. They would be better off sending offers to a million people who said they want to receive a coupon each day than to send them to 10 million people and worry about whether you have offended them by finally going too far." While at Yahoo, Mr. Godin published "Permission Marketing" (Simon & Schuster, 1999), which argued that marketing messages should be sent only to people who ask to see them.

Both Yahoo and Excite say they are not loosening their privacy policies, just making them more explicit. In the past, both companies simply asked users to check a box authorizing the Web sites to "contact" them with marketing messages. The sites assert that such wording did not rule out mail and telephone contacts in addition to e-mail messages.

Privacy experts say such a legalistic interpretation of the privacy policy is at best misleading because, in practice, almost all contact from the sites has been by e-mail. "It's unfair," said Mark Rotenberg, executive director of the Electronic Privacy Information Center. "People thought they were going to get e-mail solicitations. They didn't expect that their dealings with Yahoo would cause them to receive phone calls."

Slashdot | Your Rights Online - Privacy Policies Heading Downhill.