Administrivia:I've tried adding an auto-subscribe ICON to my navigation bar for users of the AmphetaDesk news reader. I don't have the program installed so one of you will have to tell me if it worked. I choose the more expanded version of our news feed which is in the ScriptinNews2 format. Let me know if it doesn't work and I have to try the headlineline only RSS feed instead.

siliconvalley.internet.com - Bill Could Expose Internet Privacy Practices.

A bill being passed around the California State Assembly could force companies to show their hand when it comes to collecting your personal information.

The bill (AB2297), also known as "The Online Privacy and Disclosure Act of 2002, does not cover Internet sites that collect e-mail addresses or political Web sites where candidates ask for campaign donations.

But it would require that companies with an e-Commerce site disclose whether or not they collect personal information for business usage, and if so, include a description of that process. The personal information covered by the bill includes a company's usage of your first and last name, address, telephone number, e-mail address and your social security number.

The proposal also contends that the company can reserve the right to change its privacy policy without notice to the individual, but must provide hyperlinks to at least three of the most recent privacy policies if they are substantially different in some form or fashion from the current privacy policy.

InformationWeek > Customer Relations > Making [Privacy] Work. Developing a policy to protect customers is only the beginning

The privacy policy is written and posted on a company's Web site. The 2002 privacy-policy notice, a complicated statement required of financial-services companies under the Gramm-Leach-Bliley Act, is in the mail. Top executives and perhaps even the board of directors have reviewed the policy to make sure it will protect the company's good name. So it's mission accomplished on the privacy front. Or is it?

Hardly. Privacy policies on Web sites and in mailings are just words. The hard part is backing them up with the employee training and information technology to make them work. Regulatory actions such as the Gramm-Leach-Bliley Act, which requires financial-services companies to notify customers of their information-sharing practices, have produced a mountain of mail for consumers and much moaning from banks about the cost, but they've done little to help customers understand or businesses enforce their privacy policies. "Many companies are still focused on the regulator's agenda. The ones that are more advanced are working on the customer's," says Leigh Williams, chief privacy officer at Fidelity Investments.

So far, the companies making the extra effort and investment have been the exception. Privacy spending throughout the economy is hard to gauge, since it's generally mixed in among IT, training, and customer-support budgets, rather than broken out as a line item, even for internal budgeting. But Mike Beresik, national director of PricewaterhouseCoopers' privacy practice, says much of the spending has been focused on regulation compliance, with banks and other companies covered under the Gramm-Leach-Bliley Act spending far more than retail, entertainment, and consumer-goods companies. Financial-services companies last year collectively spent about $1 billion to prepare and mail privacy-policy statements required by that law, according to the American Bankers Association. That's not a huge number, given the size of the industry, and there hasn't been very much privacy-related spending beyond that. "Banks in the U.S. probably spend more on striping their parking lots," says Gartner analyst Richard DeLotto, who researches privacy issues.

SiliconValley.com part of San Jose Mercury News / Dan Gillmor's eJournal  (News, Views and a Silicon Valley Diary) - Financial Institutions Pretend to Support Privacy.

The financial-services industry has slapped together something called the Financial Services Privacy Coalition to derail serious financial-privacy protections now under consideration in the California legislature.

Conference - Digital ID World 2002 :: Identity Crisis - Taming the Network.

Digital Identity is destined to forever change the computing landscape and our personal interaction with networks. Join industry leaders as they come together to discuss this emerging technology and its social ramifications at the first major digital identity event. Conference delegates participate in a highly charged atmosphere of compelling presentations, demonstrations, discussions, networking and business dealing. Participation is welcome and the setting will be intimate, to provide you with ample opportunities to cultivate new relationships or introduce your products and services to leading enterprises, business leaders and worldwide government representatives.

Registration is open for the Digital Identity World 2002 Conference, October 9-11, The Hyatt Regency, Tech Center, in Denver, Colorado.

MediaGuardian.co.uk | Just watching the directives . Who protects us when we can all be tracked?

[ ... ]

A mobile network that has high-speed internet access, and the bandwidth to handle music and image files, is deeply attractive. And I don't buy that silly criticism that 3G will fail because no one is asking for it. Consumers never agitated for the telephone to be invented, and no one but a bunch of geeks were "demanding" the PC.

But no government has planned for the implications of such networks. None has formally considered the protections it should give its citizens once so many of them will carry what will effectively be a tagging device.

The possible abuses of such a system are legion. Especially under the British government's grotesque Regulation of Investigatory Powers Act, and new laws it has said it would like to introduce, post 9/11. For example, no one has decided exactly what companies can and cannot do with data that reveals your location to within a metre. The commercial possibilities for targeted marketing are obviously vast. And although operators routinely say, with great solemnity, that they and other businesses would never risk damaging their profile by sending out unsolicited advertising (spam), we all know what has happened to our internet email boxes of late.

Operators also genuflect in the direction of the EU's Data Protection Directives, which are supposed to safeguard our privacy and prevent our personal information from being used without our permission, or retained beyond a single billing period. Yet some operators have already been slapped for sending out unsolicited SMS marketing messages. More seriously, operators such as Virgin Mobile in the UK, and Vodafone and O2 in Ireland, have shown themselves to be distinctly uninformed about their obligations in the handling of customer data.

It has been revealed in the past year that all of them were illegally retaining data for years longer than allowed. In the UK, Virgin said it had retained all customer call records since its launch in 1999. In Ireland, Vodafone and O2 were also holding such data. Vodafone said it would yield data on individuals if asked to by police.

[ ... ]

Beyond some vague good intentions and the fledgling targeted marketing plans of corporations, we really have no idea what will happen when the data of our daily movements and contacts is wholly traceable. But the delay in 3G rollout gives us a chance to tackle such issues properly - and clarify the obligations of carriers.

law.com - Electronic Data Discovery Primer.

Surprisingly, many attorneys fail to do any electronic discovery because of concerns that it is costly, time-consuming and complicated. The irony: It is usually wildly cheaper to conduct discovery electronically.

New computer forensic techniques allow the cost effective and safe recovery of evidence normally invisible to the user. What used to cost tens of thousands of dollars can now be done for less than $5,000 using trained computer forensic examiners.

[ ... ]

Knowing where to get help is an important part of your successful electronic discovery plan. Because of the growing demand, many legal vendors are retooling their businesses to include electronic discovery. There are a variety of services now available including electronic discovery consultants, computer forensic investigators, and litigation support services offering electronic document conversion, scanning, indexing and online repositories.

Business News from Wired News - Website Security Flaw Costs ZD.

Ziff-Davis Media has agreed to revamp its website's security and pay affected customers $500 each after lax security exposed the personal data of thousands of subscribers last year.

The settlement, announced Wednesday by New York's attorney general, could spur other online companies to do a better job securing their sites, experts said.

It used to be enough just to patch security problems, apologize and get on with business. But this case shows that (regulators) are now watching, and if you get burned, you may have a lawsuit on your hands," said Greg Shipley, chief technology officer of Neohapsis, a Chicago-based information security company that assisted the New York authorities on the case.

MS-NBC - Who's spying on my Hotmail? With new spyware, even your private Yahoo, Hotmail e-mails can be seen

Think using Yahoo or Hotmail e-mail at work protects you from your boss' prying eyes? Think again. New spy software essentially lets employers or parents co-pilot virtually any kind of e-mail account, including private Web-based e-mail accounts like Yahoo and Hotmail. A new version of eBlaster spyware will secretly forward all e-mail coming and going through such Web-based accounts to a spy's e-mail, allowing anyone to "ride-along" even the supposedly private e-mail.

[ ... ]

But word of the software's new feature disturbed privacy advocate Richard Smith of ComputerBytesMan.com -- and he suggested potential users think twice before installing the software,

"This is e-mail wiretapping," Smith said. "I would put up a big warning flag. Anybody who would consider buying this product should check with a lawyer first. There is a high probability it runs afoul of the Electronic Communications Privacy Act. I would not take the company's word that it's legal." Enacted in 1986, the Electronic Communications Privacy Act prohibits interception and disclosure of wire, oral, or electronic communications in most cases.

Spyware like that produced by SpectorSoft and competitor WinWhatWhere Corp. has not yet faced a definitive courtroom test. But David Sobel, general counsel of the Electronic Privacy Information Center, equated private Web-based e-mail account with an employee receiving a personal letter through the company mailroom. The contents of such a letter are protected by U.S. mail regulations.

"The question is: Is there a reasonable expectation of privacy? I would argue that if a company.com account is provided to me for company business, I can assume it might be subject to monitoring ... but if I take additional step to set up a Hotmail account that I occasionally access from my desktop at work, I think that could be construed as an expression of an expectation of privacy."

Nevertheless, the spyware makers generally argue that employers have the right to observe anything that happens on company-owned computers.

Slashdot | Your Rights Online - Hotmail: Not Safe For Work?

silentknight writes "According to MSNBC, web-based e-mail providers such as Yahoo and Hotmail may not be a haven for your private e-mail anymore. At least not while you're at work. SpectorSoft is introducing eBlaster, which aims to "secretly forward all e-mail coming and going through such Web-based accounts to a spy's e-mail". Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies. But attempting to spying on private e-mail?? In the words of Homer J. Simpson: "Butt out, Buttinsky"."