The IBM Privacy Institute is an organization within IBM Research to promote and advance research in privacy and data protection technology. Our goal is to develop technologies for enterprises to conduct e-business in privacy-enabling ways. The institute's research focuses on technologies for commercial applications, particularly for e-business.

"Network World Fusion " - IBM unveils Web privacy work.

Researchers at IBM's Privacy Institute are working on software that automatically scrambles Web visitors' personal information - so consumers perhaps won't feel compelled to lie just to protect their privacy.

It's no secret that online visitors often provide false personal data to avoid any repercussions should the data be misused or shared with multiple sources. For merchants, that means the customer data they painstakingly track with customer relationship management software - and often rely on when making product development and marketing decisions - can be flawed from the start.

To help solve this problem, researchers Dr. Rakesh Agrawal and Dr. Ramakrishnan Srikant are developing what IBM calls "privacy-preserving data mining." The duo's research, which IBM announced Thursday, relies on the notion that a Web visitor's personal data can be protected if it is scrambled, or randomized, before it gets to the merchant. Once the data is transferred to the merchant's systems, the IBM software applies algorithms to compensate for the data scrambling. With this technology, a retailer could still generate accurate data models and extract useful demographic information, but without ever seeing personal consumer data, IBM says.

Found via Tomalak's Realm.

Slashdot | Valenti's "Boston Strangler" Testimony.

Seth Schoen writes --- "'I say to you that the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.' Jack Valenti said this in 1982 in testimony to the House of Representatives on why the VCR should be illegal. He also called the VCR an "avalanche" and a "tidal wave", and said it would make the film industry "bleed and bleed and hemorrhage". This speech is an important part of history, yet until today it had never been published on-line in its entirety. Valenti's testimony was published today by Cryptome. It's essential background reading if you want to see just how little the MPAA's arguments have changed in two decades." --- Compare to the Analog Hole document and they're virtually identical (except Valenti was playing on anti-Japanese sentiment then, and today it's anti-pirate sentiment). Of course, the MPAA was unsuccessful in plugging the "VCR Hole" - insufficient lobbying and clueful judges stopped them. The MPAA successfully adapted to the changing times and today sells about 70 million cassettes for rentals and 600 million cassettes for home viewing every year (both numbers are on the decline due to the rise of DVD).

NSA - Security-Enhanced Linux.

freshmeat.net: NSA Security-enhanced Linux 2002053110 .

The stable (2.4) LSM-based SELinux prototype remains at kernel 2.4.18. The development (2.5) LSM-based SELinux prototype was updated to kernel 2.5.19. The MLS support has been enhanced, although it is still experimental. Support was added for selecting enforcing mode at boot/insertion time. The extended socket call processing was encapsulated and made optional. Connection peer SID lists for accept_secure were implemented.

Wireless News from Wired News - Your Boss May Know Where You Are. Gate5, a software developer in Berlin, is selling its "People Finder" program to wireless carriers, which lets users of handheld devices pull up maps with the location of other cell-phone users. People must opt into the program, which works on handsets and personal digital assistants with short messaging and e-mail capabilities, the company said.

[ ... ]

However, what Gate5 doesn't mention in its latest news release is that it's gotten in trouble in the past with privacy advocates for promoting similar products. About six months ago, Gate5 demonstrated on its website software that deciphered whether mobile phones were switched on or off without informing the subscribers who were being monitored. Public response to the demo overwhelmed the company's servers, forcing the company to take it down.

Political News from Wired News - Europe Passes Snoop Measure.

The European Parliament passed a controversial measure Thursday that would allow countries to force telecommunication companies to keep detailed records of customers' data for snooping purposes.

The Parliament passed the Communications Data Protection Directive, 351 to 133, despite an aggressive campaign by civil liberties groups who say the measure would enable police to spy on

[ ... ]

But it is unclear how the directive would be enacted in countries such as Spain, where its constitution guarantees "secrecy" of private communications and police must obtain a court order to access such data, Socialist Senator Félix Lavilla Martínez said.

If the directive is endorsed by the Spanish Parliament, the "Spanish socialists will make an effort to maximize the constitutional guarantees," he added.

Generally, European law takes precedence in cases where a directive conflicts with national laws, even if it means revising a country's constitution, said Cedric Laurant, a Belgian attorney and policy analyst at the Electronic Privacy Information Center (EPIC).

Political News from Wired News - Court: Library Filter Law Illegal.

The Children's Internet Protection Act, which mandates that public libraries must install filtering software on Internet-accessible computers, is unconstitutional. Judges don't like the buggy technology, either.

[ ... ]

At the heart of the decision was one key point: Buggy software. In the most extensive courtroom analysis to date, the panel concluded that not only was current technology far too problematic, but its tendency to both overblock and underblock verboten sites won't go away: "Filtering products' shortcomings will not be solved through a technical solution in the foreseeable future."

"We find that, given the crudeness of filtering technology, any technology protection measure mandated by CIPA will necessarily block access to a substantial amount of speech whose suppression serves no legitimate government interest," the court ruled.

InfoWorld - FBI gets new Web searching powers.

WashTech.com part of the Washington Post - Financial Database To Screen Accounts. Joint Effort Targets Suspicious Activities

Leading financial services firms here have formed a private database company that will compile information about criminals, terrorists and other suspicious people, for use in screening new customers and weeding out those who may pose a risk.

[ ... ]

Many database companies maintain demographic and marketing files about people, some that include law enforcement records. But this is one of the few that focuses on helping financial companies comply with anti-money-laundering regulations, including requirements in legislation approved after the Sept. 11 terror attacks.

[ ... ]

Another new company that offers a similar service is World-Check Inc., which describes itself as the "world's largest banking compliance database," a computer system with about 55,000 names that "is used for vetting undesirables, assessing potential high risk clients and 'know-your-customer' requirements." World-Check claims to add 5,000 names a month to its files.

Information specialists said both those initiatives raise questions about consumer privacy, in part because of the risk of misidentifying an individual.

Mary Culnan, a business professor and information technology specialist, said she believes the database will eventually mistakenly identify people who have similar names, or prompt financial services officials to incorrectly spurn some customers.

It's not clear what rights an individual would have to appeal such a decision or to review records about themselves.

"If all the banks are using the same system and they reach the same conclusion incorrectly, that is wrong," said Culnan, a professor at Bentley College in Waltham, Mass. "They may black-mark people unfairly."

Slashdot | Your Rights Online - Surveillance Update.

Several things occurred within the past few days on the privacy/surveillance frontier. First, the EU Parliament decision we mentioned yesterday is being widely reported as an assault on privacy (the European press barely mentions the spam angle we covered yesterday). As far as I can tell, this decision will loosen the EU's protections against surveillance, but does not implement any spying itself - national governments are free to NOT spy on their citizens, in the (perhaps unlikely) event that they don't want to do so. In the U.S., the FBI will be increasing their general surveillance - that is, they'll be doing more surveillance unrelated to any suspected crime, using commercial databases, etc. We can expect the Bureau to be used for more overtly political uses in the future - spying on the not-in-power political parties is no longer prohibited and will, therefore, occur. The NYT has an interesting analysis. Finally, the Washington Post reports that banks will be creating a massive financial database/blacklist of terrorists, wife-beaters, anti-globalization protesters, etc.

Slashdot | Your Rights Online - ACLU and ALA Victorious in CIPA Challenge.

Several people have submitted this news blurb about a victory in the CIPA case. If CIPA doesn't ring a bell, my earlier summary should help, or see this article from last month when the suit was heard in court. The ALA's CIPA page has more information, or read the lengthy decision. This is a rather surprising bit of good news; while the government often has great discretion in deciding how funds are spent (read my summary above for how the law worked), the judges in this case accepted the argument that requiring censoring software automatically lead to censoring things that weren't obscene, or child pornography, or "harmful to minors", and that that wasn't acceptable. I've reproduced the first part of the decision below. The government may choose to (and probably will) appeal to the Supreme Court.

New York Times - free registration required F.B.I. Faces No Legal Obstacles to Domestic Spying. The surveillance restrictions on the F.B.I. that were lifted Thursday were self-imposed. A legal challenge to the changes would be unlikely to succeed.

[ ... ]

Indeed, the restrictions under which the F.B.I. has operated for three decades were self-imposed. Congressional pressure, lawsuits, scandals and a public outcry played a role in the bureau's vow to limit domestic surveillance to situations in which criminal conduct was suspected. But the restrictions were not enforceable in court and were grounded in what might be called constitutional values, rather than actual law.

Civil libertarians largely acknowledge that the Justice Department is free to revise its own guidelines, but they say that the knowledge that political activity is being monitored by the government will chill the kinds of unrestrained discussions that are central to American democracy, with no appreciable benefits.

[ ... ]

Eric M. Freedman, a law professor at Hofstra University, said the costs to society of the new investigative tools outweigh their benefits. "There is a high likelihood that the weapon will be used in unintended ways and create more collateral damage in the First Amendment area than it will result in law enforcement gains," Professor Freedman said.

But Mary Jo White, who supervised several major terrorism prosecutions as United States attorney in Manhattan, sees things differently.

Even as a reaction to abuses in the 60's and 70's, Ms. White said, the old Justice Department guidelines were misguided.

New York Times - Editorial Op-Ed: free registration required An Erosion of Civil Liberties.

Attorney General John Ashcroft has a gift for making the most draconian policy changes sound seductively innocuous. He was at it again yesterday, describing new domestic spying powers for the Federal Bureau of Investigation as nothing more than the authority to surf the Internet or attend a public gathering. That is profoundly misleading. In reality Mr. Ashcroft, in the name of fighting terrorism, was giving F.B.I. agents nearly unbridled power to poke into the affairs of anyone in the United States, even when there is no evidence of illegal activity.

Americans understand the need to be vigilant against terrorism, but they also want to preserve the civil liberties and investigative safeguards that make America a free nation. Overturning the domestic security guidelines issued by the Ford administration to rein in investigative abuses promises to upset the delicate balance between security and liberty that the nation has been struggling to maintain since Sept. 11. Before it was brought under control, the F.B.I. routinely infiltrated peace groups, electronically monitored civil rights leaders, including Martin Luther King Jr., and generally engaged in spying against Americans who were critical of the government.

[ ... ]

At a press conference Mr. Ashcroft promised that the new rules would be put in place with "scrupulous respect for civil rights and personal freedom." The sentiment is welcome, but unconvincing. Mr. Ashcroft and his colleagues have missed no opportunity since Sept. 11 to expand the investigative powers of the federal government and to stampede Congress into supporting the changes by suggesting that opposition is disloyal.

In this latest case, Americans are entitled at the very least to hear from the Justice Department what it considers to be the limits of its "scrupulous respect" for their civil rights and personal freedom -- and what oversight procedures will be used to keep the F.B.I. in check.

Boing Boing: Ubiquitous computing comes to Walt Disney World .

Disney's launching an ambitious ubiquitous computing initiative for their parks; opters-in will be tracked throughout the parks by inconspicuous device that will customize their experience, step by step.

Digital cameras disguised as lampposts will be scattered throughout the park. If you click on a handheld remote control, the lampposts will snap your picture as you wander around, then deliver the photos over the internet to your computer, from which you can order coffee mugs, T shirts or whatever emblazoned with whichever of them you prefer.

Warning: while the entry is small the page is large so if you have a dial-up connection this may take a while.