Another bill designed to guard consumers' privacy, though it targets real-world transactions as well as online ones, debuted in Congress and was greeted with derision by privacy advocates.

The Consumer Privacy Protection Act of 2002, introduced by Rep. Cliff Stearns (R-Florida), would require any business to give customers a clear option to protect "personally identifiable information" such as name, e-mail or physical address, and financial and medical information. It requires only an opt-out notice, and Stearns says he hopes the bill will encourage companies to adopt voluntary privacy standards.

It contrasts with a similar measure introduced in April by Senator Ernest "Fritz" Hollings (D-South Carolina) that addresses only online privacy. The Hollings bill distinguishes among levels of information sensitivity and gives customers both opt-in and opt-out choices at various levels.

[ ... ]

The bill has already met staunch opposition from privacy groups like "Privacyrightsnow.org", Junkbusters, and the Electronic Privacy Information Center. Chris Hoofnagle, EPIC's legislative counsel, describes the Stearns bill as "the weakest piece of privacy legislation ever."

Hoofnagle is wary of the provision in Stearns' bill that encourages companies to implement self-regulation. He calls the bill "a vessel for businesses who want preemption from state laws." He prefers the Hollings bill's approach because, unlike the Stearns bill, it guarantees to consumers the private right of access, meaning that they can retrieve previously submitted online information whenever they choose.

Mark Uncapher, vice president and counsel of the Information Technology Association of America, disagrees with Hoofnagle. He particularly likes the bill's proposal to preempt state privacy laws.

[ ... ]

"This bill shows [its supporters] put a lot of effort into addressing some of the issues in a serious way," says Ari Schwartz, associate director of the Center for Democracy and Technology, an Internet civil liberties public interest group. "But the bill could be taking a step back on sensitive information issues," which most consumers are concerned with protecting, Schwartz said.

MS-NBC - Long-awaited privacy bill unveiled.

SiliconValley.com part of San Jose Mercury News - Long-awaited U.S. House privacy bill unveiled.

CNN.com - Long-awaited privacy bill unveiled ....

ZDNet - Commentary - Nameless in cyberspace--it's your right.

Generally, that well-practiced tango between anonymity and disclosure goes on smoothly in the real world. But in the virtual world, it can sometimes have scary consequences, including the loss of your privacy and identity.

If you are shopping in the real world, you aren't carrying a sign with your address on it. But in the virtual world, even if you're just window shopping, more and more Web sites require that you register or accept a "cookie" so they can track your Internet travels.

The end result is that consumers are wary of the Web. They know that a social security number entered online could wind up in an identity thief's hands. They know that a phone number or e-mail address given for "questions about your order" could quickly turn into dinnertime sales pitches or junk emails flooding their in-boxes. And they want it to stop.

And so the next time consumers go to a Web site and are asked to fill in their name, address, age and income levels, they give a bogus identity to avoid being tracked -- such as Albert Einstein with an income of $5 and an e-mail address of e=mc2.

What are consumers really saying when they do that? They're saying they don't trust the security of the site, and they don't trust that the owner of the site is going to respect their privacy and not abuse or sell their personal data.

Harris Interactive says 70 percent of consumers worry their online transactions aren't secure and 75 percent are concerned companies will share their personal information with others. Those fears reduced US online purchasing by $15 billion last year, according to the latest consumer research.

[ ... ]

Privacy is, above all, a question of behavior -- not technology. It's a question of finding the best set of motivators and inducements to meet a simple challenge made more complicated by the networked world, but simple none the less. And that is: Consumers want businesses to do more than just pay lip service to privacy policy -- they want to see it in practice.

New Scientist - Hidden cameras to monitor aircraft passengers .

Airbus, the European jet manufacturer, is planning to build concealed cameras into the light fittings above the seats in its aircraft. The idea is to let the crew monitor passengers and spot hijackers before they strike. The cameras also work in the dark.

The move is part of an attempt to reassure people who have been frightened off flying since the 11 September attacks.

[ ... ]

A less ambitious system, which Airbus is now fitting to all its new planes, will monitor the area behind the cockpit door. Under new rules, cockpit doors are being reinforced to protect the flight-deck crew from attackers. But they still need to open the door to get to the toilets and to let cabin crew members bring them meals and drinks. So Airbus is putting three overhead cameras with wide-angle lenses around the cockpit door to send pictures to an LCD screen in the cockpit.

Newsbytes - Privacy Groups Want Tougher DoubleClick Settlement.

The Electronic Privacy Information Center (EPIC) and privacy advocacy firm Junkbusters have filed a formal objection to a proposed settlement of litigation against online advertising company DoubleClick [NASDAQ:DCLK].

Several class-action suits against DoubleClick alleging privacy violations have been consolidated, and the matter is being heard in the U.S. District Court in the Southern District of New York. EPIC and Junkbusters filed their objections in advance of a hearing scheduled for May 21.

After considering all comments, the court must approve a final version of the settlement, EPIC said.

According to the two privacy groups, the proposed settlement "does not provide any significant benefit to class members that was not previously agreed to by DoubleClick as part of its earlier agreement with the "Federal Trade Commission" under the terms of the Network Advertising Initiative (NAI)."

DoubleClick has not made any "significant changes" to its practices or policies, nor has it offered "meaningful" privacy protection, the groups charge.

EPIC and Junkbusters further object to the monetary distribution outlined in the settlement. The groups claim funds will be given only to the attorneys for the private litigants, with no money going to any members of the class or any of the groups involved in complaints against DoubleClick.

Political News from Wired News - Milestone Settlement in DNA Case.

Burlington Northern Santa Fe agreed Wednesday to pay $2.2 million to settle charges of illegally testing workers for genetic defects in the government's first case against workplace DNA discrimination.

While the company, one of the country's biggest railroads, denies it violated the law, the case was a milestone in the brave new world of medical privacy battles and DNA-based job discrimination.

The U.S. Equal Employment Opportunity Commission, or EEOC, had charged Burlington Northern with genetically testing or seeking to test 36 employees -- mostly track workers who said they had job-related carpal tunnel syndrome -- without their knowledge as part of a comprehensive diagnostic exam.

The EEOC also charged that employees who refused to take the test faced possible discipline.

New York Times - free registration required Judge Says Russia Software Company Can Be Tried.

A federal judge on Wednesday denied final motions to dismiss a lawsuit against a Russian software company accused of violating a controversial U.S. copyright law that defense lawyers argued is unconstitutional.

U.S. District Court Judge Ronald Whyte in San Jose, California, rejected the argument of lawyers for ElcomSoft Co. Ltd. who said the 1998 Digital Millennium Copyright Act was overly vague, violated free speech rights and infringed on the established right to ``fair use'' of copyrighted material.

[ ... ]

``The DMCA does not eliminate fair use or substantially impair the fair use rights of anyone,'' the judge wrote in a 35-page opinion. ``The fair user may find it more difficult to engage in certain fair uses with regard to electronic books, but nevertheless, fair use is still available.''

In addition, Whyte noted that there has been no generally recognized First Amendment right to make back-up copies of electronic works.

``In short, the statute bans trafficking in any device that bypasses or circumvents a restriction on copying or performing a work,'' regardless of whether it was designed to enable fair use, Whyte said.

Slashdot | Your Rights Online - Elcomsoft Case Will Proceed.

USATODAY.com - House privacy bill puts onus on consumers.

Several U.S. lawmakers introduced a long-awaited privacy bill Wednesday that would allow U.S. businesses to share information about customers who have not explicitly forbidden them to do so.

More than a year in the making, the privacy bill unveiled in the House differs from a competing bill making its way through the Senate that would require businesses to get consumers' explicit permission before sharing sensitive information such as income level, religious affiliation or political interests.

U.S. Rep. Cliff Stearns' bill would instead leave companies free to share customer profiles unless customers specifically forbade them.

[ ... ]

Consumers would have no right to sue if their privacy was violated. Enforcement would be left in the hands of the Federal Trade Commission, which usually does not impose fines on a first offense.

Companies submitting to a self-regulatory privacy regime such as TRUSTe or "BBBonline" would enjoy protection from FTC actions.

[ ... ]

Initial reaction to the bill was mixed.

A group of business leaders from high-tech firms said the bill struck the right balance between consumers and businesses, while the U.S. Chamber of Commerce said it was not needed because businesses could handle privacy concerns on their own.

Privacy advocates said the bill was a step backward, especially by not providing extra protection for sensitive information.

"Americans care about sensitive information. This bill does not address those issues," said Ari Schwartz, a senior policy analyst at the Center for Democracy and Technology.

Slashdot | Wrangling Over Proposed Privacy Laws Continues.

Slashdot | Online News Stories that Change Behind Your Back.

WashTech.com part of the Washington Post - Microsoft Warns of Critical Instant Messaging Flaw .

A security flaw in Microsoft's instant messaging services could enable remote attackers to take control of users' computers, the company warned today.

Microsoft has rated the vulnerability "critical" on client systems and advised customers using MSN Messenger and Exchange Instant Messenger to immediately upgrade to a new version released today.

Customers who use Microsoft's multi-user, Web-based MSN Chat service are also advised by the company to download a new version of the program.

According to Eeye Digital Security, which reported the flaw to Microsoft, an ActiveX control used by the services contains a buffer-overflow vulnerability that can be exploited through a malicious e-mail message, Web page, "or through any other method where Internet Explorer is used to display HTML that an attacker supplies."

In an advisory today, Eeye warned that the flaw in the "MSN Chat OCX control" enables an attacker to "supply and execute code on any machine on which MSN Messenger with the ActiveX is installed."

Salon.com Technology | Microsoft says penalty will let hackers run wild.

Hackers, virus writers and software pirates could run rampant if Microsoft disclosed the technical product information that nine states have requested as an antitrust penalty, a company executive says.

Jim Allchin, who oversees the Windows operating system, said that disclosures sought by the states "would make it easier for hackers to break into computer networks, for malicious individuals or organizations to spread destructive computer viruses and for unethical people to pirate" Microsoft's flagship software.

The states want the disclosures so competitors' software can work as well with Windows as Microsoft's own products. The overwhelming market share of Windows gives Microsoft a leg up on other software makers, they say.

A lawyer for the states, Kevin Hodges, pointed out that many of the most destructive computer attacks in recent years have targeted Microsoft products regardless of whether Microsoft disclosed particular technical data.

Slashdot | Microsoft's Goal, Security Through Obscurity?