Microsoft's problems with Brussels have been compounded by news that the European Commission is investigating whether Passport is compatible with European data protection law. European law is substantially tougher than the US equivalent in this area, and Microsoft's record on database control is somewhat patchy, so it wouldn't be a big surprise if the Commission decided there was a problem here.

The news of the investigation came in a letter to Netherlands European Parliament member Erik Meijer, who had raised numerous objections to Passport, and accused Microsoft of "surreptitiously" passing on registration information to "unknown parties." His view that Hotmail addresses are a particular example of this may have some resonance with spam-plagued Hotmail users.

Some of Meijer's questions, which you can find here, are frankly a little weird. But "Is .NET Passport registered with national agencies supervising the application of privacy legislation?" seems to us a fair, reasonable and possibly tricky one. We'd guess the answer is not exactly, but we're prepared to be surprised.

Slashdot | Your Rights Online - EU to Investigate Passport Privacy Concerns.

New York Times - free registration required Cameras to Seek Faces of Terror in Visitors to the Statue of Liberty.

The National Park Service activated a face recognition surveillance system that takes pictures of visitors and compares them with a database of terror suspects.

[ ... ]

Face recognition technology has been criticized as inaccurate and as an intrusion on privacy and civil rights.

"We're concerned that using this technology will neither protect security nor enhance freedom," said Donna Lieberman, executive director of the New York Civil Liberties Union. "It will only create an increased danger that individuals will be wrongly accused and harassed. You have the right to move from one place to another without activities being recorded. One day, we'll wake up and find we have no privacy whatsoever."

Privacy advocates criticized the use of such technology after it was revealed that similar technology was used at the 2001 Super Bowl to compare the faces of everyone entering the stadium against a photo file of criminals and terrorists.

CNET NEWS.COM - EU probes Microsoft over privacy law..

BRUSSELS--The European Commission is checking whether Microsoft's system of collecting personal data from Internet users breaks privacy laws, compounding the software giant's antitrust probe headaches in Europe.

Economist.com | Neuroscience - The future of mind control. People already worry about genetics. They should worry about brain science too

[ ... ]

Ignoring a possibility does not, however, make it go away. If asked to guess which group of scientists is most likely to be responsible, one day, for overturning the essential nature of humanity, most people might suggest geneticists. In fact neurotechnology poses a greater threat--and also a more immediate one. Moreover, it is a challenge that is largely ignored by regulators and the public, who seem unduly obsessed by gruesome fantasies of genetic dystopias.

A person's genetic make-up certainly has something important to do with his subsequent behaviour. But genes exert their effects through the brain. If you want to predict and control a person's behaviour, the brain is the place to start. Over the course of the next decade, scientists may be able to predict, by examining a scan of a person's brain, not only whether he will tend to mental sickness or health, but also whether he will tend to depression or violence. Neural implants may within a few years be able to increase intelligence or to speed up reflexes. Drug companies are hunting for molecules to assuage brain-related ills, from paralysis to shyness (see article).

Political News from Wired News - Busy Year for Big Brother.

Here are the raw numbers: 1,491 wiretap applications were authorized, each intercepting an average of 1,565 conversations. No judge anywhere in the United States denied a police wiretap request. State courts authorized 67 percent of wiretaps. The average length was about two months, and 68 percent of taps were on "portable" devices, such as pagers and cell phones.

The total number of wiretaps jumped 25 percent from 2000. Drug-related crimes were the cause of 78 percent of them.

According to the report: "Encryption was reported to have been encountered in 16 wiretaps terminated in 2001; however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted."

Only court-authorized wiretaps appear in the report, not illegal ones performed in violation of state and federal law. In 1999, the Los Angeles County Public Defender's office estimated that the local police illegally under-reported actual wiretaps by a factor of ten.

AP via New York Times - free registration required (ed. Short term link) Comcast Sued Over Web Recordings.

The 1984 law allows cable operators to collect private information if it can show it needs the information to operate its service. But outside experts, including the vendor whose powerful software Comcast was using, said Comcast was recording more information about the online activities of customers than necessary for the technology enhancements.

``We now know the industry standard is to cache material anonymously,'' said David Sobel, a lawyer for the Washington-based Electronic Privacy Information Center, a civil liberties group. ``What is it about the personally identifiable material that makes this necessary to provide the service? No one has yet come up with an explanation for how that optimizes the service in any way.''

[ ... ]

To speed performance, these proxy computers retain copies of the most-popular Web sites that customers visit. Comcast said it recorded which were the most popular Web sites to determine which ones it should copy to its centralized computers, although leading industry experts said there was no need to match Web surfing back to the specific Internet addresses of subscribers.

Newsbytes - Comcast Sued Over Internet Data Gathering.

A multimillion-dollar privacy lawsuit on behalf of customers of Comcast's broadband Internet service has been filed in a federal court, according to the plaintiff's attorney.

The litigation seeks compensation for the approximately one million Comcast Internet customers nationwide whose Web surfing habits were tracked by the Internet service provider earlier this year, according to Steven E. Goren, a partner with Goren & Goren, the Michigan law firm handling the case.

In February, Comcast admitted that for a period of six weeks it had been recording information such as the IP (Internet protocol) address of customers' computers as well as Web pages they visited. The company said it discontinued the practice following news reports and customer complaints.

The lawsuit alleges that Comcast violated the Cable TV Privacy Act of 1984, and asks the court to award $100 per day for each day of violation or up to $1,000 for all affected Comcast customers, as provided under the statute, according to Goren.

A spokesperson for Comcast said the lawsuit was without merit and that the big cable company would defend itself vigorously.

[ ... ]

According to the statute, 47 USC 551(b), cable operators are prohibited from collecting "personally identifiable information concerning any subscriber without the prior written or electronic consent of the subscriber concerned."

Slashdot | Your Rights Online - Comcast Sued Over Internet Data Gathering.

Yahoo News (UK)- TiVo makes customers an offer they can't refuse.

On Wednesday night, the BBC transmitted Dossa and Joe, a drama with an unexpected twist. Owners of TiVo personal video recorders found that their boxes recorded the show whether they programmed it in or not -- and now it's there, the recording can't be erased for about a week. Dubbed a "must see" by the BBC, the corporation arranged with TiVo to send the recording command to all registered boxes. They pick up programme information by modem over the Internet, and the command was embedded in the schedules.

[ ... ]

Viewer reaction has been robust, with hundreds of posts appearing overnight on the TiVo Community bulletin board, an independent discussion forum. Reaction varies from mild surprise to outright rage, with TiVo representatives saying that they're taking note of everyone's reaction, but the company has also said that it will be doing the same thing again soon.

Hmmm What if I had (or tried to) set my (If I had one) TIVO to record another show at the same time. Would it have overridden my request???

Slashdot | An Offer Tivo Owners Can't Refuse.

An anonymous reader pointed us to this little tidbit. The BBC paid Tivo (company slogan: "TV Your Way") to force owners' boxes to record some new program they wanted to push, which looks incredibly exciting. UK Tivo owners seem a little upset.

The Sacramento Bee - Hackers may have hit 265,000 state workers.

Computer hackers gained access to the California state government's computer systems in April and sensitive financial and personal information about as many as 265,000 state workers, officials said Friday.

The electronic assault on payroll and other records was discovered by the Sacramento Valley Hi Tech Task Force, which determined that none of the information has been used illegally so far.

[ ... ]

[ ... ]

Despite that, authorities said there is grave concern over the ease with which the hackers entered the computer systems, and that work by the task force found that few of the security procedures that are supposed to be in place actually are used.

Slashdot | California Hax0red.

rochlin writes --- "200,000 California state workers burned! According to the Sacramento Bee, personal and financial info for 200,000 workers was accessed by a team of hackers "working secretly over the past several months." Stolen info included "the perfect mix of information to allow identity theft" according to the Sacramento Valley Hi Tech Task Force."

Slashdot | "Ask Slashdot" - Seeking a Practical Guide to Digital Signatures?.

ScuzzMonkey asks: --- "I work for a small company trying to streamline some business processes in Washington State. As a part of this initiative, we're considering implementing a 'paperless' contracts system. In order for this to work out, on our end, we need a legally acceptable method of electronically signing the contract documents that we receive via fax from our sub-contractors (at this time, they will still be signing manually; this may eventually move to e-mail and digital signatures on their end as well as they become more capable of dealing with us on that level). On the face of it, this seems pretty straightforward. I set up some sort of certificate or some such for our employees responsible for signing these documents, and they simply review the TIFF attachment that comes in from the fax software and 'sign' it with their digital signature via a selected program. With the passage of the E-Sign Act (PDF) in 2000, it seems like this should be every bit as solid in court as a written signature. But while I've been able to find quite a lot of information on the web about the theoretical ramifications of this law, there's not much on practical implementations. What sort of software should I use? Do I need a third-party issued certificate? If so, do I just need one for the company, or one for each signer? What certificate authorities would you recommend? Do some certificates work with some software but not other software? What about this program from the state? Has anyone done this successfully yet? Any other stumbling blocks I should be aware of here, either legal or technological?"