CNET NEWS.COM - Study: Customers wary of online IDs.

Microsoft and other technology makers struggling to define new Web services business models have another obstacle: consumer distrust of online authentication systems.

A new Gartner study indicates that despite compulsory sign-up programs, consumers aren't interested in online identity and authentication accounts--such as Microsoft's Passport and AOL's Screen Name service--and won't be anytime soon.

MIT's Technology Review - Walk This Way.

Whether you do the moonwalk or the cakewalk, new technologies may soon ID you by how you strut.

Mark Nixon may be one of the pioneers of gait-recognition technology, but he credits Shakespeare with the idea: "Great Juno comes; I know her by her gait," cries Ceres in The Tempest.

[ ... ]

Interest in surveillance and recognition technologies since the September 11 attacks has thrust the spotlight on the U.S. Defense Advanced Research Projects Agency's (DARPA's) two-year-old $50-million Human ID at a Distance program. And while automated face recognition (See "Recognizing the Enemy" Dec 2001) receives the most attention, DARPA is also funding efforts at a handful of universities to identify people through their body language. The theory is simple: in the same way that each person has a unique signature or fingerprint, each person also has a unique walk. The trick is to take this body language and translate it into numbers that a computer can recognize.

One approach is to create a "movement signature" for each person. Researchers at Carnegie Mellon University's Robotics Institute begin by filming individuals walking and running on a treadmill. Analog cameras tethered to a computer capture and store the action. Software tools remove any background footage, leaving a series of silhouettes of each subject, which are then stored as digital images. The same people are filmed again in an entirely different context, and the computer is instructed to identify the person against the stored images. "The system generalizes well across all the different gaits," says Robert Collins, a research scientist at the Robotics Institute. "So far we're getting a 90 to 95 percent correct match."

Salon.com Technology | A law to protect spyware. Sen. Fritz Hollings is pushing a bill that supposedly safeguards online privacy -- but actually gives intrusive marketers a green light.

[ ... ]

Likewise with the Online Personal Privacy Act. It is masquerading as pro-consumer when in fact it is pro-business. The new legislation is similar to laws passed in Europe that divide your personal information into two types. The first is "sensitive" information, such as your financial and medical history, race, lifestyle, religion, political affiliation, and sex life. The second is "nonsensitive" information, and among that will include your name, address, and records of anything you buy or surf on the Internet. Under the act, business can't collect or divulge the sensitive bits without your express consent, but anything classified as nonsensitive can be freely collected and sold at will.

But the nonsensitive clause is a huge gaping loophole through which business will ride roughshod. Never mind that part about "sensitive" information being forbidden. Most things that businesses want to know about us can be inferred just by examining the things we buy, read and click on. If they can put that information together with our names, which the bill allows, then any concept of "privacy" protection is rendered meaningless. The Online Personal Privacy Act legitimizes the kind of intrusive spyware program activity that is currently proliferating.

PCWorld.com - E-Commerce Sites Wary of Proposed Privacy Law. Senators hear receptive consumer advocates; sponsor claims bill would boost online transactions.

[ ... ]

Other skeptics include Paul Misener, vice president of global public policy for Amazon.com. While supportive of Hollings's commitment to the consumer, Misener objected to some of the bill's specific language. In particular, he opposed a section giving customers the right to pursue class-action litigation if security is breached, as well as the right to access and delete already-stored information.

The class-action litigation provision would force companies to make their privacy policies much more legalistic, Misener argued. The provision that provides for a "data deletion" option, he continued, would hinder Amazon's privacy protection and actually make identity theft easier to commit.

[ ... ]

Mark Rotenberg, executive director of the Electronic Privacy Information Center, called the bill timely and important. If anything, he added, it should provide even stronger privacy protections.

"The exception for disclosure to law enforcement agencies is too broad," Rotenberg said. It would be an easy way for public officials to access personal information by virtue of the bill's vague wording, he explained.

Frank Torres, legislative counsel for the Consumers Union, insisted that consumers should not have to worry whether their personal information is being shared among Web vendors.

"Businesses that choose to collect and share sensitive information should be held accountable for handling of that data," Torres said. "If wrongful disclosure of sensitive data occurs ... shouldn't a consumer be compensated for his or her loss?"

The Scotsman - Big Brother NHS trusts to spy on workers.

New policies which allow Scottish health boards to spy on staff at work and in their homes were last night denounced as "Big Brother" tactics.

The legislation allows the chief executives of public bodies to give the go-ahead for secret surveillance of any worker suspected of carrying out activities against the interests of the organisation.

In extreme cases, they can request police to install bugging devices in a member of staff's home or car.

They can also order the use of "covert human intelligence sources" - people who form a relationship with an individual in order to obtain information from them.

As well as this, managers can demand that staff are covertly monitored in the workplace, including checking phone bills and monitoring internet access.

Unions last night attacked the move as "appalling", warning that effectively it means any doctor, nurse or other health worker is at risk of having their private activities put under scrutiny at the whim of bosses.

SecurityFocus Infocus: Securing Privacy, Part Two: Software Issues .

This is the second article in a three-part series that will examine privacy concerns as they relate to security. The first installment in the series examined hardware-based privacy issues and solutions. This article will discuss software-based issues and solutions. As we shall see, some software is designed to safeguard privacy, while other software seems designed to compromise it.

In the previous article in this series, we covered hardware firewall-routers. Firewalls are an important part of a privacy protection strategy because they prevent intruders from gaining access to valuable information that is stored on a computer. Now let's look at firewalls that run on individual computers. Known as personal, or PC, firewalls, these are different from hardware firewall-routers in several ways. The best PC firewalls track incoming and outgoing traffic, and allow users to set up rules governing what programs on the computer will be allowed to establish connections to the Internet. Best of all, many PC firewalls are free, although even if they are available commercially, prices tend to be reasonable.

Political News from Wired News - Hill Back to Biz of Biz Privacy.

Congress and the White House abruptly shelved the topic after last September's terrorist attacks -- and quickly enacted a passel of new laws that granted police unprecedented surveillance powers.

No, there's no move afoot, at least not yet, to limit FBI wiretapping, Internet monitoring, or the ability of courts to approve secret search warrants.

But Capitol Hill is resuming where it left off circa Sept. 11 -- by debating relatively modest proposals that would regulate corporations' data-collection practices and require privacy impact statements from federal agencies.

"I don't think there's any question that there was a setback after Sept. 11 when Congress' attention turned elsewhere," says Marc Rotenberg of the Electronic Privacy Information Center. "But I think the pendulum is swinging back now."

On Thursday, Sen. Ernst Hollings (D-South Carolina), convened a hearing to talk up his privacy bill, introduced last week.

Hollings' "Online Personal Privacy Act" regulates how Internet service providers, online service providers and any commercial website -- including non-commercial ones that are supported by advertising or sell product -- may collect information about visitors. The measure covers "personally identifiable information," including name, e-mail address, or even a numeric IP address.

But it applies only to the customer records of Internet-related firms -- not their meatspace competitors -- which is why some businesses oppose it. An Amazon.com lobbyist pointed out the discrepancy during the hearing, and Hewlett-Packard predicted the vague definitions in Hollings bill would invite lawsuits.

Slashdot | RIAA Wants Taxpayer-Funded IP Police.

Slashdot | Shakedown: How the Business Software Alliance Operates.

An anonymous source writes: "I'm a faculty member at a public university which the Business Software Alliance contacted in a bulk mailing last Fall. Stupidly, our IT department invited them in to 'explain' licensing to us, and now we are trying to fend off an audit on our computers (public and private). Two questions: what kind of leverage does the BSA actually have against us? And does anyone have war stories, successful or otherwise, of their encounters with the BSA?"