It turned out that one of the 8,000 subscribers who received the promotional CD was a university student in the southern New Zealand town of Christchurch. And he'd used an Internet-based media player to listen to the tracks.

"He received the NZSO promotional CD, put it into his computer and then he was prompted to put the titles in," said Constable Todd Webley, to whom the student unburdened himself when the titles became news.

"He's on his girlfriend's computer, and he was mucking around being stupid and thinking it's just going into that computer alone and not realizing that it's going to be sent into cyberspace."

Its a good idea to pay attention to where the data you are entering is going to end up.

Economist.com | Face value - Free Mickey Mouse.

Lawrence Lessig wants less copyright protection, including for Disney's famous rodent

Law professors rarely boast an army of "fans", but Lawrence Lessig is no run-of-the-mill academic. Now at Stanford University, formerly at Harvard, Mr Lessig has become a rock star of the information age, mixing scholarly inquiry with barnstorming activism on many issues. A Ralph Nader of the Internet, he fights against the mighty corporations that want to squeeze the vitality out of the web, trampling consumers in the name of Mammon. Were his target a cigarette company, say, Hollywood would already be making "Lessig, the movie". Instead, it has branded him a cultural anarchist bent on justifying the rampant theft of others' property in the name of "openness"--ie, a direct threat to its bottom line. This week, Mr Lessig landed another blow, arguing his case before America's Supreme Court.

CNET NEWS.COM - Anti-hacking copyright law to get review.

Federal copyright regulators are opening the door for new exceptions to a controversial copyright law that has landed one publisher in court and a Russian programmer in jail.

The United States Copyright Office is launching a rare round of public comment on rules that bar people from breaking through digital copy-protection technology on works such as music, movies, software or electronic books. Regulators aren't looking to change the law, but they are looking for public suggestions on what kinds of activity should be legalized in spite of the rules.

This is only the second time in the controversial law's five-year history that the public has been able to pitch in with suggestions for exceptions. Critics of the law say they will use the opportunity to draw wider public attention to the way its restrictions can affect ordinary people.

"Outside the copyright community, most people don't know this exists," said Fred von Lohmann, a staff attorney with the Electronic Frontier Foundation, a digital civil liberties group. "We're already planning to submit comments and organize comments by others. We're hoping that by the time the December deadline rolls around, a lot more people will be aware of this."

The portion of copyright law coming under the public microscope is the so-called anti-circumvention clause of the Digital Millennium Copyright Act, which bars people from circumventing "technological measure that effectively controls access to a work," as well as creating or distributing tools to do the same.

New Scientist - Software predicts user behaviour to stop attacks .

New computer-monitoring software designed to second-guess the intentions of individual system users could be close to perfect at preventing security breaches, say researchers.

Existing systems usually monitor the data flowing through whole networks and are typically between 60 and 80 per cent reliable, the researchers say. Tests simulating inside attacks indicate that the new software would be up to 94 per cent reliable once implemented.

The software generates a profile for each individual on a network by analysing the specific commands they enter at their terminal. It then monitors their activity and sounds the alarm on detecting suspicious behaviour. The finished product will do this in real time.

Monitoring simple user commands rather than network traffic means alarm settings can be different for each user, increasing security. It also is much less computationally intensive, according to Ramkumar Chinchani at Buffalo University, who is developing the system with Shambhu Upadhyaya and colleagues. This means more data can be analysed, allowing larger systems to be monitored in real time.

Slashdot | Developers - Predicting User Behavior to Improve Security.

CitizenC writes "New computer-monitoring software designed to second-guess the intentions of individual system users could be close to perfect at preventing security breaches, say researchers. Read more." --- The paper (pdf) is online as well.

Slashdot | DRM in Real-Time and Embedded Systems.

An anonymous reader writes "In this guest column at LinuxDevices.com, Victor Yodaiken speculates on the implications (and potential catastrophic consequences) of Digital Rights Management Passport (DRMP) technology to embedded, real-time, and mission critical computer systems. Quoting from the article: "When a technology gets pervasively embedded in microprocessors, computer boards, and software, it will alter the performance of power turbines, jet engines, medical instruments, cell phones and missile guidance systems. Unfortunately, DRMP technology is incompatible with security and with the kinds of reliability needed in safety critical or mission critical applications.""

Slashdot | Your Rights Online - Send Congress Your Comments On DRM Legislation.

stry_cat writes "The people who want to control what you can and cannot copy have got Congress to consider requiring every computer sold to include special circuits that limit what files you can copy. The Senate Judiciary Committee is soliciting public comments on this legislation."

AP via New York Times - free registration required Microsoft Warns on E-Mail Security.

The flaw, which affects the free e-mail software bundled in Microsoft's Internet Explorer Web browser, could allow attackers to crash the e-mail program or to potentially take over the user's machine.

The flaw does not affect Microsoft Outlook, the e-mail program included in the Office suite of business software.

New York Times - Editorial Op-Ed: by William Safire free registration required Lying 'Lie Detectors'.

After 19 months of study, experts convened by the National Research Council, an arm of the prestigious National Academy of Sciences, concluded that "national security is too important to be left to such a blunt instrument," and noted pointedly that "no spy has ever been caught [by] using the polygraph."

Up to now, the main objection to the determination of human believability by machine has come from civil libertarians. In criminal investigations, hot lights and rubber truncheons have been replaced by a modern "third degree." A U.S. attorney general once told me: "Look -- we know it's often wrong, but watching that needle jump is scary, and it's our best way for police to get confessions."

[ ... ]

Because professional spies are trained to defeat the device; because pathological liars do not cause its needles to spike; and because our counterspies relax when a potential suspect "passes" -- the system breeds the opposite of security.

First Monday - Understanding the Privacy Space.

This paper reports on an ongoing research project focusing on privacy tools, and services available on the Internet. A detailed examination of 133 different privacy-related software tools and services rendered a list of 1,241 features relating to privacy. Based on the data gathered, the ongoing work is to formulate a framework to describe this "privacy space" using grounded theory and content analytic techniques. Here, we discuss some of more interesting preliminary findings garnered from a descriptive statistical analysis of the raw data. This paper discusses what can be learned from a user-centric analysis of this increasingly important class of software tools.

ZDNet |UK| - Spy software targets employee downloads.

Websense is pushing its new spying software at employers worried about workers illegally downloading MP3s or just hogging bandwidth

Technology companies Macrovision and Websense are teaming up to root out illegal MP3s, movies, games and other copyrighted material on employees' work computers. The partnership is part of a new push by Web filtering company Websense to give employers tight control over exactly what happens on their employees' computers. Its scope ranges from disabling peer-to-peer applications like Kazaa to identifying pornography, music or movies on individual hard drives.

"We're making the basic assumption that a high percentage of downloading is done at work, because that's where the bandwidth is," said Brian Dunn, Macrovision's senior vice president of business development.

The deal, and particularly Websense's upcoming hard-drive monitoring software, marks another potentially significant curtailment of employees' online freedoms in the workplace. Software has given employers substantial ability to monitor email and control Web surfing. The new software would expand a company's ability to control what happens on an employee's hard drive.

[ ... ]

Employee email and Web monitoring has grown substantially over the past several years. A report by the nonprofit Privacy Foundation last year found that up to 14 million people, or about a third of online employees, had Web surfing and email monitored by their employers.

Websense's services alone cover more than 12 million employee seats, including many of the most familiar companies such as Coca-Cola, Boeing and Eddie Bauer.

ZDNet - Microsoft tests employee privacy.

Microsoft unveiled Wednesday a new measure for gauging how effectively its managers have followed company privacy policies.

The latest push in the company's "Trusted Computing Initiative", the so-called Privacy Health Index could, if successful, provide the company with a grade for how well its employees are guarding customer data

SecurityFocus: FBI Misused Secret Wiretaps, According to Memo.

The FBI illegally videotaped suspects, improperly recorded telephone calls and intercepted e-mails without court permission in more than a dozen secret terrorism and intelligence investigations, according to an internal memorandum obtained by a member of Congress.

The errors in the first three months of 2000 were considered so egregious that FBI officials in Washington launched a wholesale review of the agency's use of secret wiretaps and searches, and warned FBI field agents to do a better job of adhering to court orders, according to documents.

The newly disclosed incidents, recounted in a memo provided by the FBI to Rep. William D. Delahunt (D-Mass.), are the latest in a series of FBI mistakes to come to light in connection with the Foreign Intelligence Surveillance Act (FISA), which allows investigators to obtain warrants from a secret court in espionage and counterterrorism cases.

[ ... ]

In another instance, also in 2000, technical problems with the FBI's e-mail intercept program formerly known as Carnivore resulted in the capture of communications from people not under investigation.

In the latest case, FBI officials issued an internal memorandum on April 21, 2000, warning of a sudden surge in errors by field agents in administering secret wiretaps obtained under FISA. Among the incidents cited was a case in which telephone conversations continued to be recorded even after the cell phone had been transferred to party not under investigation, and another case in which e-mails were monitored after court permission to do so had been withdrawn.

BW Online | October 10, 2002 | Cybercrime Victims Hit Back -- Online.

As Web thieves get slicker, frustrated consumers are taking matters into their own hands to block further damage

[ ... ]

The situation is everybody's worst nightmare. At best, it requires hours on the phone with your credit-card company. At worst, it could mean a protracted legal battle to reclaim your financial identity. In all cases, consumers feel frustrated, angry, and powerless. In a 2000 report entitled "Nowhere to Turn," the Privacy Rights Clearinghouse found that 55% of the fraud and identity-theft cases reported remained unsolved after an average of 44 months, or almost four years. Victims said they spent between $30 and $2,000 on costs related to identity theft, not including lawyers' fees. The average loss was $808.

Slashdot | Developers - Compiling Snort Rules.

Sergei Egorov writes "Good people at Fidelis Security Systems developed SNORTRAN, an optimizing compiler for Snort rules. By combining several compilation techniques, SNORTRAN is able to translate a set of Snort rules into a high-performance intrusion detection engine. SNORTRAN-generated engines are 4 to 6 times faster than Snort's own detection engine; this translates into 3 to 5 overall speedup factor for a complete Snort system (benchmarks are here)."