The South Australian Police Department is contemplating outsourcing its cybercrime investigations as part of a broad campaign to overcome a resource drain in the fight against e-criminals.

MP3 News from Wired News - Music Biz Lament: Stealing Hurts.

On Thursday, a House Judiciary subcommittee holds a hearing on the Peer-to-Peer Privacy Prevention Act, which gives legal sanctuary to copyright holders who use otherwise illegal technological intervention such as spoofing to stop people from sharing unauthorized files.

The bill has drawn tremendous scrutiny from peer-to-peer technology advocates who say it gives copyright holders undue power to disrupt networks.

However, Rep. Howard Berman (D-Calif.) believes his bill offers a practical balance between guarding users' computers from intrusion and giving copyright holders the ability to protect their work.

CNET NEWS.COM - E-mail onslaught to feed anti-spam firms.

Spam may be a costly and seemingly unstoppable nuisance, but the trend offers an opportunity for companies developing technology to fight it, according to a new report from market research firm IDC.

The report, released Thursday, predicts that a growing glut of spam will help propel the worldwide daily volume of e-mail from 31 billion messages this year to 60 billion in 2006.

The report comes as legislators are passing new rules aimed at limiting spam and victims are increasingly turning to the courts to fight back against spammers. America Online, for instance, won an injunction and a monetary settlement against a purveyor of pornographic e-mail.

CNET NEWS.COM Perspectives - The new "copyspeak".

Hollywood, the music industry, select policy-makers and now the Justice Department have adopted a new "copyspeak" that equates the downloading of files from the Internet with "piracy," "stealing" and "shoplifting."

The pervasive theme of copyspeak is that downloading from the Internet is both illegal and immoral. It is neither. No doubt this era's rapid shift to digital technology is changing the rules of the game--there is little doubt that some use the benefits of technology to make and distribute unauthorized copies for personal financial gain in clear violation of copyright law.

But we've been down the road of technological advancement before. How we resolve this latest tension between copyright and technology will define our future ability to communicate, create and share information, education and entertainment. Indeed, if the play button becomes the pay button, our very ability to raise the world's standard of living and education will be jeopardized.

With each new technology, the fears of the music and motion picture industries have grown. Television and the VCR allegedly marked the end of movies. CDs and cassettes would cause harm from real-time transfers and one-at-a-time copies. Today's technologies make these fears seem almost quaint.

The growth of reproduction, storage and transmission technology has terrified copyright owners--most notably the music and motion picture industries. With high-speed connectivity and the Internet, the perceived copyright theft is not buying a CD and making a copy for a friend; it's downloading from a stranger or making available thousands of copies with the touch of a keystroke.

Based on these and similar threats the content community has gone on a scorched earth campaign--attacking new recording and peer-to-peer technologies--using the Congress, media and courts to challenge recording in the digital age.

Slashdot | RC5-64 Success.

Peter Trei writes "After over four years of effort, hundreds of thousands of participants, and millions of cpu-hours of work, Distributed.net has brute forced the key to RSA Security's 64 bit encryption challenge, winning a US$10,000 prize. Still outstanding Challenges carry prizes as high as $200,000. RSA's PR release is here. d.net's site has not yet been updated." --- Update: 09/26 16:59 GMT by CN: The good folks over at SlashNET are having a forum with the distributed.net crew on Saturday at 21:00 UTC. It'll be a great time to meet some of the people who made this possible.

DesktopLinux.com - An Introduction to GNU Privacy Guard (Part 2).

DesktopLinux.com guest author David Scribner has penned an article introducing new users to GnuPG on GNU/Linux (and UNIX) systems. In Part Two, Scribner continues his tutorial on using this powerful encryption package

DesktopLinux.com - An Introduction to GNU Privacy Guard (Part 1).

DesktopLinux.com guest author David Scribner has penned an article introducing new users to GnuPG on GNU/Linux (and UNIX) systems. Scribner focuses on how this powerful encryption package can play a vital role in personal and business communications by increasing security. This very detailed article will be available in two parts this week on DesktopLinux.com . . .

Slashdot | Your Rights Online - An Introduction to GNU Privacy Guard.

An anonymous reader writes "This is a great article about GnuP . . . "In the first half of this article David Scribner discussed the various uses that GNU Privacy Guard could bring to your business or personal life in enhancing security of your digital documents and files, as well as the basics in getting started with GnuPG. As there is so much more to public-key security than command-line operations, in this second half I will continue with importing and exporting keys, building (and keeping) your 'web of trust' sound, and a few of the more popular GUI front ends available for GnuPG . . ."

Reuters | Canada's Cyber-Snooping Plans Raise Ire. TORONTO (Reuters) - Proposed amendments to Canadian laws that would allow police to monitor e-mail is worrying privacy experts and leaving Internet service providers wondering who will pay for the probing of their customers' Internet activity. A key part of the amendments would require all wireless and Internet service providers (ISPs) to provide the technology to enable law enforcement agencies to monitor the Internet activity of their customers, once a court order has been obtained. The government wants wire-tapping laws updated because tech-savvy terrorists and criminals are increasing using the Internet.

searchWin2000.com: Battening down the Windows: Microsoft says service packs do not violate privacy laws.

Microsoft Corp. is moving swiftly to address health care organizations' concerns that the terms they must agree to upon installing two service packs might impede their ability to comply with federal privacy laws.

IT administrators who must comply with the Health Insurance Portability and Accountability Act (HIPAA) are concerned that the end-user licensing agreement [EULA] -- which they must sign upon installing Service Pack 1 for Windows XP and Service Pack 3 for Windows 2000 Professional -- would give Microsoft the legal right to access data on an individual PC.

Also, IT managers are concerned that the Microsoft SP3 has new licensing language that gives Microsoft the right to revise the customer's operating system silently. The concern is that a Microsoft patch making an adjustment in the operating system might inadvertently break multimedia software or revoke access to patient data, thus creating a risk to a provider treating a patient.

"It's not just direct access to patient data that is a concern, but a change in the OS that might have unintended consequences for a provider treating patients," said Robert Lower, a HIPAA specialist and partner at New York-based law firm Alston & Bird.

CNET NEWS.COM - Amazon to revamp privacy policy.

Online retail giant Amazon.com plans to revamp its privacy policy in an attempt to address concerns raised by customers, consumer advocates and state regulators.

As part of its revision of the policy, which it plans to post "in the next few weeks," Amazon plans to clarify the circumstances under which it might sell or share customer information, the company said in a letter sent to state regulators Monday. The company also plans to list the companies with which it offers joint or co-branded services and to provide more information on the types of customer information it collects from other sources, the company said in its letter.

"In sum, we believe the changes to our privacy notice will make our privacy practices and policies more transparent to customers and easier to understand," the company said in its letter.

Gartner - Privacy Bill Should Spur Telecom Companies to Self-Regulation.

A consumer privacy bill has passed a committee in the U.S. House of Representatives. If industry fails to address privacy concerns, the federal government will, but that would cost telecom firms more.

The U.S. House of Representatives Judiciary Committee recently approved the Federal Agency Protection of Privacy Act (H.R. 4651). If it becomes law, the bill would require federal agencies, such as the Internal Revenue Service and Social Security Administration, to analyze the impact of proposed regulations and policies on consumer privacy and to publish the analyses for public comment. Specifically, the bill covers the collection of personally identifiable information and specifies what personally identifiable information will be collected, and how it will be collected, maintained, used and disclosed.

Computerworld - Privacy battle seen as a 'gathering storm'.

When corporate privacy officers and legal experts get together for privacy conferences they typically worry and warn about how legislative actions by Congress, the states and local municipalities will affect systems and bottom lines. There's never a shortage of dire, worst-case predictions.

But at this year's Privacy 2002 Conference, they're really worried.

Things are lining up for real legislative battles next year in Congress and in the states, triggered by the impending expiration of a provision of the Fair Credit Reporting Act (FCRA) that blocks states from imposing their own data privacy rules.

Once that exemption expires in early 2004, states will be free to set privacy rules that exceed federal standards. The states, for instance, could limit affiliate sharing of customer data -- a serious threat to financial services firms that often set different lines of businesses as affiliates, entities that exist only on paper. Systems that now freely exchange information could be in for a major redesign.

"There is a gathering storm," said Michael Beresik, who heads PricewaterhouseCoopers' national privacy practice. He sees the expiration of the FRCA preemption provision as the vehicle leading to much larger debate on financial privacy, including a revisiting of the privacy provisions in the Gramm-Leach-Bliley Act.

The Open Web Application Security Project.

The Open Web Application Security Project (OWASP) is an "Open Source" community project staffed entirely by volunteers from across the world. The project is developing software tools and knowledge based documentation that helps people secure web applications and web services. Much of the work is driven by discussions on the Web Application Security list at SecurityFocus.com.

Slashdot | Developers - A Guide to Building Secure Web Applications.

some-guy writes "The Open Web Application Security Project has released A Guide to Building Secure Web Applications, Version 1.1 "While this document doesn't provide a silver bullet to cure all the ills, we hope it goes a long way in taking the first step towards helping people understand the inherent problems in web applications and build more secure web applications and Web Services in the future...""

InfoWorld - Universities tapped to build secure Net.

Amid heightened concerns over the Internet's continued vulnerability to failure or attack, the National Science Foundation (NSF) is expected to announce Wednesday that it has enlisted five university computer science departments to develop a secure, decentralized Internet infrastructure.

The joint project, dubbed Infrastructure for Resilient Internet Systems (IRIS), aims to use distributed hash table (DHT) technology to develop a common infrastructure for distributed applications.

DHT is like having a file cabinet distributed over numerous servers, explained Frans Kaashoek, a professor of Computer Science and Engineering at the Massachusetts Institute of Technology (MIT), and an IRIS project head. So if one server goes down, not all of the data is compromised.

Like in peer-to-peer networks, there is no central server in the system that contains a list of where all the data, or files in the cabinet, are located. Instead, each server has a partial list of where data is stored in the system. The trick for the researchers is creating a "lookup" algorithm that allows the location of data to be found in a short series of steps.

Slashdot | Universities Tapped To Build Secure Net.

Wes Felter writes "InfoWorld reports that the National Science Foundation (NSF) has enlisted five university computer science departments to develop a secure, decentralized Internet infrastructure. I thought the Internet was already decentralized, so I'm curious about what exactly they're fixing. The article quotes Frans Kaashoek from MIT PDOS, which is working on decentralized software such as Chord."