But while most of these "crush" sites operate above-board, proudly listing the founders' names and e-mail addresses, the cupids behind SomeoneLikesYou and its corporate sister site, Crushlink, play hard to get. The sites conceal the identities not only of the source of your crush note, but also of the people who run the services. Even some of the publicly available domain-name registration information about the sites is fake.

This secrecy, along with the sheer volume of admiring messages spewing from crushmaster@crushlink.com and matchmaker@someonelikeyou.com, has raised speculation that there's less romance than savvy marketing going on here. Competitors accuse Crushlink and SomeoneLikesYou of spamming any old e-mail address they can scrape off the Net with love notes, building membership by preying on sad-sack lonely-hearts -- then peddling affiliate programs to those members to bring in some cash.

"My dog has gotten 'someone has a crush on you' e-mail messages -- she's a cute dog, but no one has a crush on her," says Karen Demars, co-founder of eCrush. "My belief is that they are sending 'someone has a crush on you' messages to people who have not been legitimately crushed."

[ ... ]

To find out what guy would be such a fourth-grader as to reveal his interest in me in this cheesy way, I first registered at SomeoneLikesYou, giving away a bevy of valuable demographic facts about myself in the process, like my date of birth and my ZIP code. Then I filled out a profile from a fixed menu of canned choices, indicating my hair color, eye color and ideal first date.

Finally, I was invited to offer all my own crushes' e-mail addresses up for sacrifice.

If I guess who my secret admirer is and turn over his e-mail address to the site, our identities will be revealed to each other, and we could be pricing safaris before the week is out!

But if there's no love connection, every address I've given to the site will get a message announcing "You have a secret admirer!" and the whirlwind of anonymous, crazy-making romantic madness just spreads.

What makes SomeoneLikesYou and Crushlink different from the rest of the sites in the genre is this: they bait hopeful visitors to hand over as many e-mail addresses as possible by trading clues for e-mail addresses.

The more e-mails that you reveal to SomeoneLikesYou, the more hints you get about your admirer's identity, like his hair color and his approximate age. Five e-mail addresses generates one clue. I gave away more than two-dozen e-mail addresses before the system ran out of hints about my admirer. Not even the most love-sick puppy has that many real crushes.

So, what's stronger -- the hunger for any clue that might unmask your own admirer, or the desire to protect the in-boxes of your friends, loved ones and colleagues from random romance spam, which could potentially embarrass you in the process? "She has a crush on me! Yikes!" And is it really spam if friends or colleagues have sold out your address in their own search for romance?

I elected to take a middle road, which wouldn't embarrass me or abuse my friends' trust, but might turn up enough hints to reveal my crush. I gamed the system by entering random, made-up e-mail addresses, potentially muddling the in-boxes (and sanity) of total strangers in pursuit of my own love interest.

Crushes -- they make people do crazy things.

Administrivia: For those of you who have come here to beat-up the person/site that you think sent you some SPAM. It was not me!! It seems that a SPAMer has used the ListMom address from my mailing list as the sender field. My list is very low volume and we definitely do not SPAM readers or anyone else. That should be obvious considering the topic of the site but I just want to state this for folks who are not regular readers and came here in a bad mood. The mail that is showing up in my mailbox due to being undeliverable is sampled below. If you want to scream at someone try the reply address, but even that probably won't do any good since their intent is probably to harvest the addresses of the responders for a new list which will probably be sold to lots of other SPAMers.

Date: Thu, 8 Aug 2002 12:41:35
From: ListMom-at-PrivacyDigest.com
Reply-To: teresa22-at-firemail.de <<<-- Possible source
Subject: cliff <<<-- This varies


WOULD YOU LIKE TO OWN YOUR OWN BUSINESS
MAKING $100.00 PER DAY AT HOME WITH YOUR COMPUTER?

IF SO WE SHOULD TALK

TO FIND OUT HOW TO MAKE THIS KIND OF MONEY

Reply with your
NAME AND AREA CODE WITH PHONE NUMBER
And the best time to reach you

Slashdot | Your Rights Online - MS Settles With FTC Over Passport Complaints.

There will be a number of stories out shortly (here's an early one) noting that Microsoft has settled with the FTC over privacy complaints relating to Microsoft Passport. Short summary: Microsoft made lots of false representations about the security of Passport, and collected more information than it disclosed in its privacy policy, and now must be penalized in the usual Microsoft fashion - they must promise not to do it again. The FTC's settlement page has the complaint and settlement documents. We've covered this extensively - All Your Bits Are Belong to Us, EPIC's complaints about the integration of Windows XP and Passport, Microsoft Defends Passport, EPIC pushing state attorneys general to act against Passport, etc. In fact EPIC has an entire page devoted to Passport. The FTC settlement requires two main things: that Microsoft adopt basic security practices (what were they doing before?), and that Microsoft be audited by a third-party to assure compliance - perhaps it will be TrustE, since Passport's privacy policy remains approved by TrustE.

CNET NEWS.COM - Microsoft, FTC reach privacy settlement.

Microsoft on Thursday agreed to make sweeping changes to its Passport authentication system as part of a settlement agreement with the Federal Trade Commission.

The settlement addresses allegations that Passport collects too much information, uses unfair or deceptive practices, and fails to adequately protect the privacy or security of personal information, particularly of children. The FTC's investigation and settlement came in response to a series of complaints made against Passport last summer, said agency chairman Timothy Muris.

Passport is Microsoft's online authentication system, which allows customers to use single sign-in to access multiple Web services. The idea behind Passport is simple: Microsoft would collect and store an ID, password and other personal information such as a shipping address or credit card number. This electronic "wallet" would travel around the Web with a consumer, making it easier to engage in a range of online transactions, such as banking, making travel plans or subscribing to an online publication. AOL Time Warner and Sun Microsystems have backed services using a similar concept.

CNET NEWS.COM - Biometrics: Beyond hype and hysteria.

Daon CEO Oliver Tattan says the biometrics industry should shoulder blame for doing a poor job of placating privacy advocates while promising consumers more than is possible. He offers a third way.

[ ... ]

The real future of the technology lies in creating a flexible "biometric trust infrastructure" that allows enterprises and the public sector to handle security needs that get identified beyond the first implementation. Ultimately, such an infrastructure would allow people to move from location to location around the world while maintaining their security clearance as defined by their professional and personal identities.

For example, the Transportation Security Administration recently announced an initiative creating a framework for a single ID card that allows transportation workers to maintain their identities (and corresponding level of security clearance) across multiple locations. However, without a common infrastructure platform to support the enrollment, identity management and verification processes, the TSA's admirable vision will go largely unfulfilled.

Similarly, the United States government recently approved the Enhanced Border Security and Visa Reform Act, mandating biometric visas by October 2003 for the more than 250 million foreigners who enter the country each year. The cost implications for the biometrics industry are tremendous, but take a moment to think about the technological, political and logistical issues that need to be considered for this to work.

Privacy News from Wired News - Smile, You're on In-Store Camera.

Johnny Q. Consumer walks into a national chain store, picks up diapers, pays in cash. He does not walk alone.

One store camera captures his face, while another network of cameras traces his stroll through the aisles. The pressure-sensitive floor panels note how he lingers and nervously shifts his feet while browsing in the diaper section.

At the store's national headquarters, perhaps a thousand miles away, a machine quietly notes in Johnny's file that he may be a new father. That bit of data goes into an algorithm that a few days later cross-references birth records and finds that, indeed, Johnny has just become the proud father of twins. A card is sent out and special discounts will be offered the next time he enters the store.

This scenario, which could be a harsh reality in the near future, will not placate those who avoid shopping online and opt to pay in hard currency out of fear for their privacy. If you can't shop anonymously at your local retail giant, then privacy as we know it is dead.

The technology exists and its implementation could level the marketing playing field, letting traditional businesses do what Web shopping portals already do: follow their customers through the entire process. They would know a lot about you, including where you come from, what you linger over, what you add and remove from your shopping cart, what you ultimately buy, even what you recommend to your friends.

"This is not new-fangled hardware," said Zoher Karu, director of product management at Brickstream Corporation, a Virginia company that manufactures the technology. "It's just cameras hooked up to PCs (that) you can buy from Dell. We don't have proprietary hardware; we have proprietary software."

[ ... ]

The privacy threat posed by this kind of monitoring, as well as the threat from databases generated by consumer loyalty card programs, is the subject of a paper by consumer protection advocate Katherine Albrecht that will be published in the Denver Law Review.

But the immediate goal of Brickstream's work, said Karu, isn't to keeps tabs on Johnny Q., but rather to improve store designs by seeing where customers like to walk, what catches their eye and how space is being underutilized.

Let us know if you see the report linked in The Denver Law Review or any place else. Update: 2:36 PM It seems that the Denver University Law Review was the closest I could find and its last issue mentioned online is from 1999

Time for a little catch-up with some of the entries I missed over the last few days If only I had a broadband connection and/or a faster Macintosh (one made this Millennium would be a big improvement). If you're feeling generous I could really go for the new 17-inch iMac from Apple. You can either try my Amazon.com: Wish List or I'll set you up with TekServe, my local Mac store.

PCWorld.com - Anonymizer.com Boosts Privacy Service. Version 2 further cloaks your Internet travels, and now tames JavaScripts.

It just got easier to remain a nobody on the Web. On Tuesday, Anonymizer.com is launching the first major update to its $29-a-year privacy service, called Anonymizer Private Surfing 2.

The Anonymizer service, unveiled in 1997, lets you surf without giving away personal information to nosy Web sites. It cloaks you by rewriting your browser's request, sanitizing the resulting pages, and returning them to you. The whole process adds 20 to 50 milliseconds to your browsing experience, but sites you visit can't identify you or your trail.

The update elevates the level of security while making it even easier to use, says Lance Cottrell, company founder and president.

[ ... ]

Launched as a free service that offered extra capabilities for a fee, Anonymizer is now a pay-only service. Its largely disabled free trial is for demonstration only, Cottrell says. "It's really only intended to give a flavor" of Anonymizer's capabilities.

Moving to an all-fee model reflected the times, he says. "When the dot-com bubble started to implode, we realized it was imperative that we get to profitability quickly. We limited the free trial, and turned it into a demo rather than a fully functional service." Anonymizer competitor SafeWeb.com, which hoped to offer anonymous surfing through advertising, dropped its service in November.

Now profitable with more than 500,000 users, Anonymizer offers several levels of service. For $29 yearly, you get the full-blown version 2 surfing service. Current subscribers automatically receive all the new features.

Users interested in even higher security can pay $99 annually to route all of their Internet communications through Anonymizer. By creating a personal virtual private network between a customer's PC and its servers, Anonymizer offers complete encrypted delivery of all e-mail and instant messages.

The Register (UK) - Anonymizer preps Private Surfing 2.0.

Anonymizer Inc will tomorrow introduce version 2.0 of its popular anonymous web surfing service, Private Surfing, containing more features aimed at advancing its position in what CEO Bill Unrue calls the "privacy arms race", Kevin Murphy writes.

It's a war zone out there. Not only do internet users have to contend with hackers, as they did back in 1996 when Anonymizer was founded, now they've got to look out for intrusive employee internet management software, government snooping and ubiquitous pop-up advertisements for tiny wireless cameras.

"There's now more corporate monitoring of employees, and governments spying on their citizens in foreign countries," said Unrue. "And 90% of all sites out there are now gathering personal information."

Slashdot | Your Rights Online - Privacy Arms Race Takes Another Step.

An anonymous reader writes "There is an ongoing arms race between privacy tools and info harvesters (spammers, advertisers, marketers, bosses, governments). In the latest move in this battle Anonymizer has released a new version of its privacy service. The Register has an article on the new version. CNET has the press release if you want the company line."

San Francisco Gate - Consumer privacy bill back in play / . Major shift in political climate spooks business

Sacramento -- An end-of-summer brawl is shaping up over the financial privacy of millions of Californians, boosted by a new distrust of corporate America and an expected shakeup in the Legislature that is frightening big business.

Banks and insurance companies, some of the most generous campaign contributors in Sacramento, have stymied legislative efforts to restrict the trading of personal information to sell mortgages, online banking, cruise vacations or whatever.

Despite two high-profile failures to enact financial privacy legislation within the past year, a Peninsula lawmaker is preparing to resurrect her privacy measure this month as the Legislature enters the final days of its two- year session.

The bill by state Sen. Jackie Speier, D-Hillsborough, would require financial companies to get permission before selling personal information, such as bank balances and unlisted phone numbers, to outside marketing companies.

[ ... ]

Broadly, Speier's measure would allow financial conglomerates to trade information among sister companies to market products, such as a Bank of America mortgage to a Bank of America credit card customer. But customers would be able to deny permission by sending in a form.

Under current law, banks and insurance companies have the power to sell personal information gleaned from credit or mortgage applications -- such as phone numbers, bank balances and outstanding bills -- without getting permission from their customers. Speier wants to stop that practice and allow customers to "opt in" if they want their information shared.

Network Magazine by Steve Steinke, Editor-in-Chief - Insubstantial Privacy Losses.

Privacy isn't a single form of slippery slope where the slightest concessions lead to an Orwellian nightmare.

It's hard to get a grip on the issue of privacy because many people who have written about it have conflicting, if not completely incoherent, notions of what it covers. Some people claim that every individual owns all information about themselves - everything from the time of day that they walked past your window to the color of the burqa they were wearing - and that no one else should be allowed to divulge that information without the individual's explicit, opt-in, informed consent, and probably some form of payment. Solveig Singleton, writing for the Cato Institute, argues that individuals deserve broad privacy protection from governmental entities, but that there's no significant threat to privacy from commercial organizations that collect and aggregate personally identifiable information. Some people say, perhaps more cavalierly than they ought to, that no one has any privacy and we might as well get over it.

Privacy activists have protested, or even campaigned against, calling number ID, serial numbers on Intel processors, globally unique MAC addresses on NICs, embedded unique object identifiers in Microsoft Word, the use of browser cookies, and even the requirement for an IP source address for servers to send response traffic to. While some of these technological choices were more deserving of criticism than others, these items all look insignificant when fundamentalist Muslims have attacked targets in the United States, when India and Pakistan threaten one another with nuclear weapons, and when Israelis and Palestinians apparently are unwilling to observe any limits on the outrages they commit on each other.

Now before you fire up your flame thrower, let me caveat my behind: I'm not saying that invading privacy is more acceptable for governments, businesses, tabloid newspapers, or online gossips because we have a bunch of new bad problems. I'm not advocating that anyone be less concerned about who they give their social security number, their passwords, or their bank account numbers to. I think it's indefensible for the "Justice Departmen"t to claim the right to force libraries and bookstores to turn over information about what their patrons are reading, as it recently has done. I'd be extremely reluctant to agree that the FBI should be allowed to trace the Web usage of anyone without a warrant. I simply want to put privacy concerns in some sort of real-world context.

Unisys Corporation EXEC On-Line Journal - Poor Privacy Policies Can Lead to Lost Sales .

Don't ignore the importance of online privacy. If your organization does, there's a good chance your sales will suffer.

That's the message that Jupiter Research (New York) is telling U.S. organizations. As a result of consumers' privacy fears, Jupiter forecasts that up to $24.5 billion in online sales will be lost by 2006, up from $5.5 billion in 2001. Furthermore, says Jupiter, concerns about privacy can have far-reaching effects: For a business with poor online privacy policies, offline sales will slip as consumers shift to more privacy-sensitive competitors.

"Neither consumers nor businesses effectively address online privacy issues," says Jupiter analyst Rob Leathern. "In this increasingly complex world, even legitimate businesses will suffer when consumers' perceptions of the control and safety of their personal information online are damaged."

Modern Physician - News Briefs - Are their heads in the sand?: Providers have been slow to work on HIPAA privacy compliance, but workgroups can ... . This link is an indirect one via Moreover.com - Registration is required and I haven't registered so I can't provide any interesting pull quotes from the article.

Journal of Accountancy - Privacy Framework Helps CPAs Protect Consumers.

Most companies are just beginning to realize they should implement a sound privacy policy. Some have learned the hard way--through negative publicity and lawsuits--like the pharmaceutical giant that mistakenly revealed the e-mail addresses of more than 700 people who had signed up for prescription refill reminders or the Web marketer that planned, by means of cookies, to track Internet users' online shopping habits. Accidents and judgment errors like these can harm millions of consumers when they do business with companies lacking a comprehensive plan to safeguard privacy. And while lawmakers and trade groups may aim to prevent Web spamming, unwanted sales calls or unauthorized disclosures of private information, "the current inconsistency of rules, regulations and voluntary practices is confusing and provides uneven levels of protection for consumers," said Mary Grace Davenport, a partner in PricewaterhouseCoopers' financial services privacy practice.

ITworld.com - Japan national ID system raises privacy concerns.

Local governments across Japan began feeding basic information on their citizens into a central database Monday as part of a new resident registration network, despite complaints about the system raised by privacy advocates and the refusal by some municipalities to take part.

Under the new system, everybody who lives in Japan will be issued an 11-digit identification number that can be used in many of their dealings with their local government. It replaces a system under which people had to produce resident certificates to prove where they lived each time they dealt with local government and which required people to go through time-consuming procedures each time they moved.

Information including the person's name, date of birth, sex and address will be included in each person's file and all data will be stored on a centrally-run government server. The system is intended to make life easier for both citizens and the local municipalities and goes under the name Jumin Kihon Daicho Network, or Juki-Net for short. City halls all over Japan will have access, making dealing with the government as simple as turning up with your ID number.

However, this ease of access that is ringing alarm bells across Japan.

When the Juki-Net idea was first floated in 1999, the government promised that new data privacy and protection legislation would be in place by the time the system went into operation. However, some of the bills associated with this are still in the Diet, Japan's parliament. As one bill wound its way through Japan's political system, additions were tacked on that sought to restrict the ability of journalists to chase certain people for interviews. This caused uproar in the local press and a subsequent media campaign against the bill.

San Francisco Gate - Personal information easy to get / . Tips offered for protecting privacy now that access is so easy on Internet

The details of your life may be only a click away -- your birthday, your address, your mother's maiden name.

The increasing sophistication and power of Internet search engines, along with growing numbers of online databases, have made finding personal information as easy as typing a name in the computer -- yours.

"I think most people would be shocked to know how much information on them is out there and how easily someone could find it," says Chris Hoofnagle, legislative counsel at the Electronic Privacy Information Center, a Washington- based nonprofit organization.

[ ... ]

Of course, most government records have always been open to the public. But much of this information used to be protected by what lawyers call "practical obscurity," which refers to the barriers arising from the time and inconvenience involved in collecting the information.

With the Internet, information that would have taken a lot of digging and visits to government offices is now available from the comfort of your home.

Before the Internet, "it was a pain in the neck to find" such information, "but all that's changed," says Tim Lorden, a spokesman for the Online Privacy Alliance, a Washington-based advocacy group.

IBM News - United States 2002-08-02 Press Release - IBM updates its Web privacy statement .

International Business Machines Corporation is joining the EU-US Safe Harbor framework regarding the collection and use of information collected from the European Union by a Web site on the ibm.com domain.  As a result, IBM has updated its privacy statement.  This new privacy statement is being rolled out on IBM websites around the world, starting with the United States, with other country versions to follow shortly.  While IBM's statement of its privacy practices online has changed, the underlying privacy practices themselves have not.

Computer Business Review - Anonymizer Takes Shot in Privacy Arms Race . This link is an indirect one via Moreover.com - Registration is required and I haven't registered so I can't provide any interesting pull quotes from the article.

EE Times ( CMP's EDTN Network) - Security concerns threaten privacy, TI fellow says.

Technology-based improvements to airport security check-ins could easily lead to invasions of individual privacy, Texas Instruments senior fellow Gene Frantz will tell the TI Developer Conference in a keynote this week.

"The average traveler wants to know he is flying safely," Frantz said in an interview prior to the conference, which begins Tuesday (Aug. 6) in Houston. But computer databases that store a traveler's personal history would do little to increase safety, he said.

The meaning of "safety" and "security" must be reconsidered in the wake of the Sept. 11 terrorist attacks and the rush to improve both for air travelers, Frantz said. "All the rules change," he said. "It forces you to rethink everything." Frantz added that he was stating a personal position, not TI's corporate position.

While the DSP technology championed by TI and by Frantz is the foundation of some post-9/11 activities -- an increase in videoconferencing, for example -- Frantz said heightened airport security allows for the removal of privacy screens. "Give me back my privacy, thank you" Frantz said.

Current security philosophy insists on showing all data about an individual, he said, but a simple improvement could provide relevant data while disconnecting it from an individual's financial and medical records, for example. A smart sensor can use an electronic thumbprint to identify an individual passing through an airport security check. "All the authorities need to know is that the thumbprint is attached to a 'good guy,' " Frantz said. "It doesn't need his social security number."

Smart sensors and new-generation biometric technology can track and collect medical data, Frantz said. Just as amateur athletes and workout devotees utilized sports watches to monitor their pulse, modern electronics will allow individuals to take blood pressure readings and e-mail that data to their physicians, but controlling access to it is a matter of personal privacy, he said. Individual medical records should not become part of a multiaccess database that's sold to marketers or made available to screeners at airport check-in counters in the name of security, he said.

iRights - Palladium -> DRM evidence from the horses mouth.

Group Program Manager Location: Washington Are you interested in being part of Microsoft's effort to build the Digital Rights Management (DRM) and trusted platforms of the future (Palladium)?

theage.com.au - The Age - Copyright bill will create vigilantes: critics.

American movie, recording and software executives could be prohibited from entering Australia or extradited to face criminal charges if a copyright protection bill before the US Congress passes into law.

Californian Democrat congressman Howard Berman has proposed legislation to deal with the rising tide of copyrighted works illicitly traded over peer-to-peer (P2P) networks such as KaZaA.

Berman's bill immunises copyright holders from civil litigation or criminal prosecution if they invade US PCs connected to the international P2P networks to take down their own copyrighted materials.

US Military (DARPA) - Total Information Awareness(TIA) Systems.

The Total Information Awareness (TIA) program is a FY02 new-start program. The goal of the Total Information Awareness (TIA) program is to revolutionize the ability of the United States to detect, classify and identify foreign terrorists - and decipher their plans - and thereby enable the U.S. to take timely action to successfully preempt and defeat terrorist acts.  To that end, the TIA program objective is to create a counter-terrorism information system that: (1) increases information coverage by an order of magnitude, and affords easy future scaling; (2) provides focused warnings within an hour after a triggering event occurs or an evidence threshold is passed; (3) can automatically queue analysts based on partial pattern matches and has patterns that cover 90% of all previously known foreign terrorist attacks; and, (4) supports collaboration, analytical reasoning and information sharing so that analysts can hypothesize, test and propose theories and mitigating strategies about possible futures, so decision-makers can effectively evaluate the impact of current or future policies and prospective courses of action.

Conflict News from Wired News - Feds Open 'Total' Tech Spy System.

On Wednesday, the Defense Advanced Research Projects Agency (DARPA) will begin awarding contracts for the design and implementation of a Total Information Awareness (TIA) system.

It's a system which, it hopes, will ferret out terrorists' information signatures -- clues available before an attack, but usually not correctly interpreted until afterwards -- and decode them prior to an assault. It's a task, the Information Awareness Office (IAO) says, that is beyond "our current intelligent infrastructure and other government agencies."

TIA program directors make it clear they also believe the task to be beyond current technology, noting that they are primarily interested in revolutionary advances in science, technology or systems and "development of collaboration, automation and cognitive aids technologies that allow humans and machines to think together about complicated and complex problems."

So insistent are they on building a better mousetrap -- or, more accurately, a brand new terrorist trap -- that they have officially warned potential contractors that not a dime will be invested in "research that primarily results in evolutionary improvements to existing technology."

According to the IAO's blueprint, TIA's five-year goal is the "total reinvention of technologies for storing and accessing information ... although database size will no longer be measured in the traditional sense, the amounts of data that will need to be stored and accessed will be unprecedented, measured in petabytes."

It is precisely the thought of petabytes of raw data being under the control of an agency with limited public accountability that troubles civil liberties activists like Lee Tien, senior staff attorney of the Electronic Frontier Foundation.

"We should resist the expansion of any 'data-veillance' program that doesn't have adequate safeguards and accountability," Tien says. "This program sounds like a counterpart of the movement toward requiring a national ID card. People like to think of that as an identification system, but it's actually a tracking system.

"The Total Information Awareness program, with its ability to provide persistent storage of everything from credit card, to employment, to medical, to ISP records, is a recipe for civil liberties disaster unless there are provisions for citizens to find out who is looking at their records and to see and correct those records."

"What I don't want to see is a system that's the worst of both worlds, unable to predict acts of terrorism in a timely manner because of the sheer mass of mostly irrelevant information clogging its channels, but perfectly attuned for intimate spying on regular citizens and activists like Martin Luther King."

The Salt Lake Tribune -- Spam Fattens Both E-mail And Bank Accounts.

More than pop-up ads or in-your-face Web graphics, a withering assault of junk e-mail is souring the Internet experience. This is the second story of a three-part series that examines the surge in spam, the people behind it and the struggle to thwart them.

Slashdot | Your Rights Online - Meet the Spammers.

DaveAtFraud writes: "It took a little digging to find an on-line copy of this article that I first saw in my treeware daily newspaper. Thanks to the Salt Lake City Tribune for having it on-line. According to the Spamhaus project, a handful of people are responsible for 90% of the spam that clogs you in box. This is your chace to hear from them and what they have to say is quite interesting. If you don't think the filters and blacklists work, one spammer whines, "My operating costs have gone up 1,000 percent this year, just so I can figure out how to get around all these filters." Stopping spam is simply a matter of economics. When its uneconomical to send spam, people will stop sending it."

NewsForge: UCITA drafters make changes, but don't go far enough for Red Hat.

The group that drafted the controversial UCITA legislation has approved a handful of changes designed to address concerns raised by Open Source advocates, but those changes may not go far enough to win the approval of Red Hat's lawyer.

The National Conference of Commissioners on Uniform State Laws approved several changes to its Uniform Computer Information Transactions Act, which is supposed to be a model for state legislatures to consider.

Among the changes approved by the NCCUSL last week were some that addressed concerns voiced by the Open Source and Free Software communities:

• A state's consumer protection law now trumps UCITA.
• Software contract terms that prohibit criticism of that product are unenforceable.
• A software contract may not prohibit reverse engineering that is done for the purposes of making a piece of software work with other software.
• Open Source software is exempt from UCITA when that software is not sold for a profit.

But that last change doesn't go far enough, says Carol Kunze, a lawyer working for Red Hat on UCITA issues. Before the commission's meeting, Kunze wrote a letter asking the group to kill UCITA altogether. Red Hat and other Open Source companies have long objected to UCITA's requirement that Open Source software provide warranties to customers.

Slashdot | What's (Still) Wrong With UCITA.

Grant Gross has an article at NewsForge outlining both changes being proposed by the The National Conference of Commissioners on Uniform State Laws to its version of UCITA (a model intended for adoption by the various state legislatures), and objections raised to the resulting language by Red Hat lawyer Carol Kunze. Among other things, Kunze points out that Free software projects could be effectively discouraged from releasing software if software producers are required to provide warranties -- imagine trying to provide warranties on all the packages available to Debian users, for instance, or every bit of software included with Mandrake Linux.

CNN.com - 'Junk faxes' spur record $5.4 million fine.

The Federal Communications Commission issued a record fine of nearly $5.4 million Wednesday against a company for sending "junk faxes" to businesses and consumers.

The fine against Aliso Viejo, California-based Fax.com is the largest ever by the commission for violations of the Telephone Consumer Protection Act. The law protects against unsolicited faxes, telemarketing calls and prerecorded messages, among other things.

"Fax.com appears to have founded its business on the practice of sending unsolicited faxes in flagrant violation of the TCPA," Kathleen Q. Abernathy, an FCC commissioner, said in statement. "Despite repeated warnings from the commission and numerous consumer complaints, the company appears to have made no effort to mend its ways."

The fine is also the FCC's first against a company known as a "fax broadcaster." According to the FCC, Fax.com sent advertisements and other messages on behalf of more than 100 businesses for a fee, sparking 489 violations.

The FCC said in a statement it believes Fax.com "engaged in a pattern of deception to conceal its involvement in sending the prohibited faxes, and that the company has not been forthcoming in its dealings with the agency."

Slashdot | [Junk]Fax.com Fined $5.4 Million. Satanboy writes "This article states that a record $5.4m fine was levied on Fax.com after blatantly ignoring requests by the FCC to discontinue the activity of sending unsolicited faxes. This is similar to actions CmdrTaco posted about earlier." --- The people at junkfax.org are apparently planning a large class-action suit against fax.com as well.