Anonymous Coward writes "Scientists from MIT and ThingMagic have collaborated and developed an innovative crypto mechanism using epoxy tokens, glass spheres and lasers. They have actually created a physical one-way function that cannot be tampered, copied or faked! The full scoop can be found at MSNBC, and also at Nature, & TOI."

Slashdot | Passport vs. Plan 9.

netphilter writes "LinuxWorld is carrying an article about how Apache and Plan 9 are going to defeat Microsoft's Passport. I hate Passport's integration with XP (although that might be because I hate XP). An Open Source single-sign on would be a real blessing. Will we ever get a good single sign-on solution?"

Digital ID World - Conference 2002.

Digital Identity is destined to forever change the computing landscape and our personal interaction with networks. Join industry leaders as they come together to discuss this emerging technology and its social ramifications at the first major digital identity event. Conference delegates participate in a highly charged atmosphere of compelling presentations, demonstrations, discussions, networking and business dealing. Participation is welcome and the setting will be intimate, to provide you with ample opportunities to cultivate new relationships or introduce your products and services to leading enterprises, business leaders and worldwide government representatives.

Registration is open for the Digital Identity World 2002 Conference, October 9-11, The Hyatt Regency, Tech Center, in Denver, Colorado.

If anyone goes we would love to hear a report of what went on.

Computerworld - Anonymizer privacy claim: A case of 'buyer beware'?

Anonymizer Inc. last month released a new version of its product, Private Surfing 2.0, and coupled it with a bold marketing claim: "Surf at work without being monitored."

Yes, dear IT manager, your employees are being encouraged to pay $29.95 annually to circumvent your systems. But the message to surf-happy employees ought to be "buyer beware."

No sooner had Anonymizer begun its marketing campaign than Orange, Calif.-based 8e6 Technologies Inc. (a takeoff of the slang expression 86ed), announced a simple library update to thwart Anonymizer. Another security and filtering company, St. Bernard Software Inc. in San Diego, said it didn't even have to make changes to preempt Anonymizer's claim.

[ ... ]

Anonymizer is working both sides of the fence. At the same time it appeals to employees, the privately held company is also appealing to employers. Cottrell cited a growing number of corporate and law enforcement organizations that need to surf anonymously, such as the FBI, companies engaged in competitive intelligence, law firms and law enforcers. Another key market: home users who want to avoid being tracked by network advertisers and others.

Disclaimer: If you follow the links to Anonymizer and purchase anything I do get a comission from the sale. I don't get to know anything about you. I just get a little money. Its not much, but it does help defray (a little) the hosting bills for the site.

Business News from Wired News - Info Industry Debates E-Privacy.

A conference on Net security and privacy has attendees asking whether the "struggle between security and privacy (is) a zero-sum game or are they two sides of the same coin?"

[ ... ]

At panels on Internet privacy policies, speakers said one principal problem is how different countries and cultures approach policies to protect privacy on the Internet. While the United States tends to treat government collection of personal information with suspicion while trusting the private sector to deal with data collecting and privacy policies, in Europe the balance is largely reversed.

Europe has been leading the world in e-privacy regulation, said Christopher Kuner, a Brussels-based attorney who has served on a number of international agencies dealing with the issue. With 15 member countries following the EU Commission's directives on the subject, and at least three other European nations following suit, he said, their policies effectively cover one tenth of all the countries of the world, and approximately one sixth of the wired ones.

Toshihiro Ozaki, of IBM Japana, said a debate is going on now in their national legislature, the Diet, on whether to go in the U.S. or the European direction.

Wired News - New Bill: More Digital TV Limits.

After spending a year in closed-door sessions with industry leaders, Rep. Billy Tauzin (R-Louisiana) released a draft of his long-awaited DTV bill. The controversial measure calls for the adoption of a broadcast flag, an end to analog television compatibility and increased cable interoperability.

"The lack of progress in private, inter-industry negotiations and the number of outstanding FCC rulemakings has led to uncertainty in the marketplace, and makes it very difficult for businesses to make solid plans for the future," Tauzin said.

However, some groups believe that in his effort to jump-start the digital television industry, Tauzin has given Hollywood the keys to control what American viewers do in their living rooms.

[ ... ]

"The bill asserts that fair use will be protected at the same time as providing content providers with bulletproof piracy protection," said a statement released by DigitalConsumer.org. "But no such technology exists to meet both of these goals."

The group worries that movie studios and television networks will force people to pay premium prices so they can record and transfer shows between devices -- something they have traditionally been able to do with their VCRs for free.

Cable companies, which deliver television to more than 73 million U.S. homes, have insisted that consumers won't be charged for such services. However, those promises rang a bit hollow after it was reported this week that Cablevision inadvertently blocked 3 million subscribers from recording its shows because of a technological snafu.

[ ... ]

An addition to the bill also requires that analog ports no longer be added to digital televisions. That would render VCRs and other analog media obsolete, a concern for those who believe emerging technology restricts consumers' fair use of digital content.

With analog devices legislated out of existence, Electronic Frontier Foundation technologist Seth Schoen said Tauzin's bill would allow the government to control the next crop of consumer electronics.

"This bill is a bit narrower than Holling's bill, but it's still being made along the same lines," said Schoen.

New York Times - free registration required Who says paranoia doesn't pay off?

China thinks Microsoft software contains secretly embedded code that the United States government can manipulate at will. So, in case of war between the two countries, a Pentagon official can hit a switch and--presto!--cripple China's computing infrastructure.

A senior Microsoft executive, who often confers with the Chinese (sorry, no names), told me this tale. I thought he was joking.

First I have no knowledge about this specific idea. But while the author may be trying to play this off as completely impossible, similar ideas have been implemented in the past. First even with involving the NSA or other government security agencies, if the UCITA ever gets off the ground that type of code (for the remote disabling of computer systems) may be in more products than you expect. Also our government has put backdoors in code before.

CAQ - Crypto AG: The NSA's Trojan Whore?

Would you trust your private key to this agency? Since 1956, the NSA has had a secret deal with the Swiss company that supplies the world with crypto

Once the cipher machines were rigged to include the secret decryption key, the BND and NSA codebreakers could use the transmitted key to read any message sent by Crypto AG's 120 country customers.

From our archive April 1998. They seem to have lost their domain name (Korean Squatter has it) and the new site I found doesn't seem to have old content online ... sigh ... Udate: After a little more digging I found a mirror of the original content ... Yeah!

New York Times - free registration required Researchers Crack Code in Cell Phones.

In successfully cracking a widely used encryption method designed to prevent the cloning of digital cellular phones, a group of University of California computer researchers believe they have stumbled across evidence that the system was deliberately weakened to permit government surveillance.

Hmmm ... very interesting!!! Especially in light of yesterdays mention of an article from Covert Action Quarterly mentioning the same thing having been done once before in Switzerland for the NSA. Crypto AG: The NSA's Trojan Whore?

CNET NEWS.COM - Sign here for spam.

Free Web-based e-mail services have long used customers as marketing mules, adding an unobtrusive tag line at the end of each message to tout their products.

Now, an anti-spam company is drawing fire for using the same tactic.

Ads, called "spamlets" by one privacy expert, have begun appearing in the signature files typically used to place personal information, such as a name, telephone number and custom greeting, at the bottom of e-mail messages. Some software downloads now include code that inserts a marketing message in this signature file. Once triggered, all e-mail from that address will carry the promotional text.

Recent targets of the practice include Web surfers who installed a test version of an anti-spam product from MailFrontier, a Palo Alto, Calif.-based software developer. When Web surfers install its Matador product, the download automatically alters their signature line in Microsoft Outlook to read: "This mailbox protected from junk email by Matador from MailFrontier Inc."

Users can't prevent the alteration unless they erase the note each time or go to the company's FAQ to read about how to remove the tag line, which is not a simple process. An early version of the software is buggy, too, so that in the event the program is uninstalled, the tag line remains.

MailFrontier said it plans to release a bug fix in the next week, and promised that an upcoming paid version of the software would give consumers the ability to disable the message completely.

CNET NEWS.COM - Sun releases Liberty Alliance tool.

Sun Microsystems on Wednesday unveiled a new open-source software development tool designed to help businesses start testing and building online identification systems using the new Liberty Alliance standard.

Sun executives say the Java-based tool is the first open-source implementation of the Liberty Alliance standard and a prototype of Sun's forthcoming server software, called Identity Server 6.0, which will manage computer user's access and authentication.

The Liberty Alliance Project is an effort to establish a universal online authentication system that serves as an alternative to Microsoft's proprietary Passport online ID system. Both efforts have the same goal: let people surf the Web without having to constantly re-enter passwords, names and other data at different sites.

Slashdot | Sun Releases Open Source Tool for Project Liberty.

ruisantos writes "After submiting the technical specifications for the project , Sun has finally launched an open source tool for its upcoming Sun ONE Identity Server version 6.0, the news can be found on CNET news."

New York Times - free registration required Full Text: Bush's National Security Strategy.

Following is the full text of President Bush's new national security strategy. The document, entitled "The National Security Strategy of the United States," will soon be transmitted to Congress as a declaration of the Administration's policy.

Its 13 pages long.

New York Times - Editorial Op-Ed: free registration required China's Cyberspace Censorship.

By cracking down on search engines, China is not only suppressing free speech -- it is ultimately hurting itself. It has been trying to increase private investment and to encourage young Chinese who have been educated in the West to return to start new businesses. Blocking the free flow of information cuts the lifeblood of modern entrepreneurship. If China wants to compete in the global market, as it says it does, it cannot afford to limit its people to a government-filtered version of cyberspace

The Associated Press via NJ.com: Critics say financial law leaves personal information unprotected .

WASHINGTON (AP) -- A 1999 law that tore down Depression-era legal barriers separating banks, investment firms and insurance companies has undercut consumer privacy protections it promised, critics told Congress on Thursday.

"The act has confused consumers, provided a green light to the unauthorized sharing of personal financial data as part of misleading telemarketing campaigns and is riddled with loopholes that exempt many business practices from any control," Minnesota Attorney General Mike Hatch told the Senate Banking Committee.

The Financial Services Modernization Act was passed with overwhelmingly bipartisan majorities and signed by President Clinton. It streamlined financial services, allowing banks, investment firms and insurance companies to have common ownership and to market each other's products.

As a result, personal information is now legally being collected, repackaged and shared with hundreds of newly affiliated companies, said Phyllis Schlafly, president of the Eagle Forum, a conservative advocacy group.

That information includes income, employment history, credit score, marital status and medical history.

The law "failed to recognize that consumers are the rightful owners of their personal information," Schlafly said. "Your financial diary should be your property, not the bank's."

It also does not let consumers stop the transfer of their private information among these affiliated companies, of which there are many, she said. For example, Bank of America has nearly 1,500 corporate affiliates and Citigroup has more than 2,700.

Forbes.com: US financial privacy has eroded - state officials.

WASHINGTON, Sept 19 (Reuters) - U.S. state attorneys general and consumer advocates told Congress on Thursday that financial privacy has eroded under the recent overhaul of financial services modernization laws.

Banking law reform was aimed at streamlining rules governing the burgeoning financial services industry and included privacy protections. But state officials and others told the Senate Committee on Banking, Housing and Urban Affairs that the overhaul has opened to the door to abuse by telemarketers and is baffling to customers of financial institutions.

"The act has confused consumers, provided a green light to the unauthorized sharing of personal data as part of misleading telemarketing campaigns, and is riddled with loopholes that exempt many business practices from any control," said Minnesota Attorney General Mike Hatch.

Hatch and Vermont Attorney General William Sorrell said the ability of financial institutions to share coded account numbers for marketing purposes is particularly troubling. The practice, known as preacquired account telemarketing, allows telemarketers or others to charge consumers unknowingly, the attorneys general contended.

boston.internet.com - Privacy Advocate Voices Mobile Spam Concerns.

As advertisers gear up for a mobile marketing push in the United States, a privacy advocate is concerned the menu of messages will consist largely of spam.

The technology, which delivers product pitches, special offers, sweepstakes and coupons to cell phones, is already popular in Europe, where advertisers will spend $53 million on mobile campaigns this year, according to recent findings by Jupiterresearch. (Jupitermedia, the parent of Jupiterresearch, also is the publisher of this Web site.)

North American numbers are still negligible, but the firm projects the market will catch up by 2006 on the strength of use by fast food and consumer product companies. And such predictions have anti-spam advocates worried.

"The worst experiences so far has been with text message spam," said Jason Catlett, president of privacy company Junkbusters. "Even with opt-in text offers, I've heard complaints from people who can't seem to stop the offers coming in."

Matt Croydon::postneo - A Cato Institute Panel Debate - Copy Fights: The Future of Intellectual Property in the Information Age.

Bear with me, as this will be the first time that I attempt to transcribe pen and paper notes into a weblog entry.  A few weeks ago Ed Cone asked if any bloggers out there would attend the Cato panel debate that you are currently reading about.  I'm just outside of DC, and I blog, so I said heck yeah.  Ed lives in Howard Coble's district in North Carolina, and Coble is the co-author of the bill being debated in Congress that fuled this debate.

After taking the long way around several closed sidewalks, I found the Cato Institute at 10th and M streets NW.  The building looked really nice without being too over the top.  After finding my registration card, I sat down to read some articles that were set out.  Here's a quick breakdown of the articles that I read:

• Let Hollywood Hack by James Miller
• Compulsory Entertainment by Wayne Crews
• Musical Mandates by Wayne Crews
• When Rights Collide by Wayne Crews and Adam Thierer
• The Digital Dirty Dozen by Wayne Crews and Adam Thierer

Berman was unable to attend, but he sent an aide in his place.  The panel as it sat was (from left to right):

• James Miller from Smith College.  He's an economist and the same guy who wrote Let Hollywood Hack.
• Troy Dow, MPAA.
• Mr. French, Berman's aide.  I'm sure he said his name, but I didn't catch it.
• Phil Corwin from Butera & Andrews.  He's a lawyer who has represented Sharman Networks (think: KaZaA), mp3.com and others.
• Ed Black from the Computer & Communications Industry Association
• John Mitchell from Public Knowledge.

[ ... ]

Adam Thierer, Director of Telecommunications Studies at Cato, was the moderator.  He plugged the book that he and Crews have recently written called, amazingly, Copy Fights.  There is a hardcover and paperback version available at Amazon.  The panel debate was streamed over the web in both audio and video form.  The streams are in Real Audio and Real Video formats.  If you end up listening to the audio version of the debate, the speaking order is French, Dow, Miller, Corwin, Black, and Mitchell.

I, Cringely | The Pulpit - We Can Run, but We Can't Hide . How BayTSP is Enforcing the Digital Millennium

If you look at Mark Ishikawa's business card, you'll notice that it lists no street address for his company, BayTSP, just a post office box. This is for good reason, since Ishikawa is one of the few Silicon Valley CEOs who regularly receives death threats. Uninvited visitors are not welcome at BayTSP, which has a post office box in Los Gatos, CA, but could really be anywhere in the Bay Area.

I certainly have no idea where the company lives, but I know why Ishikawa has so many enemies. It is because BayTSP acts as the primary enforcer for the Digital Millennium Copyright Act (DMCA), a law that is widely reviled in the technical community.

The DMCA, which was put in effect in 2000, was an attempt by the U.S. Government to bring copyright law into the cyber age. But many people -- including, oddly, Mark Ishikawa -- think the DMCA goes too far by making it illegal for me to even tell you how to circumvent encryption or copy protection technologies. It makes the very passing of knowledge against the law whether or not that knowledge is ever used.

"It's a very flawed piece of legislation," says Ishikawa, who predicts that the government will rewrite the copyright law again "in eight or nine years" to correct the mistakes in the DMCA. But until then, the DMCA is the law of the land, and Mark Ishikawa is the Internet's top cop.

[ ... ]

One thing BayTSP's spider programs don't do is sit at the Internet peering points sniffing all packets as they go by. "That would be wiretapping, which is illegal," he says. "All we do is go to the same places any user could go, look at the same files anyone else could look at, and we only probe the ports on your computer that you have made public."

Slashdot | Your Rights Online - How The DMCA Is Enforced.

Hank Scorpio writes "Bob Cringley's latest column talks about a company, BayTSP, that performs most of the enforcement of the DMCA on the Internet. This is the company that collects data about who is sharing music or movies online, and this is the company to go after when you get busted! They claim to "go to the same places any user could go, look at the same files anyone else could look at, and we only probe the ports on your computer that you have made public." Interesting."

CNET NEWS.COM - Open-source group gets Sun security gift.

Sun Microsystems has donated new cryptography technology to an open-source project at the heart of many secure transactions on the Internet.

Sun's "elliptic curve" technology is involved in the process of using keys to encrypt and decrypt information for electronic transactions. Such encryption lets people buy products online, for example, while shielding their credit card number from prying eyes. The Santa Clara, Calif.-based server seller donated the technology to the OpenSSL project, a programming group that makes an open-source version of the Secure Sockets Layer (SSL) encryption system.

Slashdot BSD | OpenSSL Gets Cryptography Gift From Sun.

Kataire writes "C|Net posted this story about how Sun Microsystems' has donated 'elliptic curve' encryption technology, (developed by Whitfield Diffie of Diffie-Hellman public key fame) to the OpenSSL project. This potentially means better encryption for lighter-weight systems such as PDAs."