Brian Golden writes "As a result of a suit filed by the RIAA, the identity of a Verizon customer with a penchant for mp3's was ordered to be released. Man, how many people are now sweating bullets trying to remember what they downloaded?" --- News.com.com also has a story. If you've forgotten about this case, see our earlier story. Verizon wasn't making any sort of principled stand to protect its users' privacy, it just wanted to avoid the costs of complying with the (many) subpoenas it will now receive.

Slashdot | "Ask Slashdot" - Self-Regulating SSL Certificate Authority?

A HREF="http://www.blacksheepsoftware.com.au">bcg asks: "It has come that time again to renew some of my SSL certificates and part with substantial amounts of cash. This has got me thinking - why should we pay large amounts of cash for authorized certs when so little is done by the companies issuing them? Sure they get you to send them a copy of a business certificate but how does this prove the character of those running the SSL server? What ideas can we come up with for a self-regulating certification authority? Could we set something up along the lines of the many free DNS servers around but use it to authenticate SSL certs?" --- We last touched on this subject in October, when someone was searching for cheap SSL certs. We've also discussed why certs are so expensive. Why not take it one step further and discuss ways of making and authenticating our own certs for free...or as close to free as possible?

Slashdot | Your Rights Online - Australian Gov't Lobbied To Implement Media Levies.

TheScream writes "Screenrights has been activly promoting its proposal for a CD-R DVD-R levy (similar to that implemented in Canada, as previous reported on /.) with a 5 minute interview on popular Australian breakfast television show Today. News.com.au reports that Screenrights and APRA "...want a recording levy of between 3 per cent and 10 per cent..." and includes highly debateable mis-truths such as "Every kid does it, so let's facilitate some standards in the marketplace.""

Slashdot | Your Rights Online - Michelin to Include RFID Transmitter in Every Tire.

An anonymous reader writes "According to the RFID Journal, Michelin (the tire manufacturer) has announced that it is planning on embedding RFID transmitters into every tire. The article states that 'the microchip stores the tire's unique ID, which can be associated with the vehicle identification number.' Let the privacy invasion begin!" --- If they're going to embed electronics in tires, I wish they'd start with tiny pressure gauges. (See also this story from a few days ago about the coming surge in RFID tags.)

New York Times - free registration required Federal Judge Says Verizon Must Reveal Internet Song Swapper.

Recording companies won a victory in their fight against online piracy on Tuesday, when a U.S. court ordered Verizon Communications to turn over the name of a customer suspected of downloading more than 600 songs in one day over the Internet.

The decision could set an important precedent as the recording industry asks schools, businesses and Internet providers to help them track down the online song swappers that they believe are cutting into their sales.

Under a 1998 digital-copyright law, Internet providers have voluntarily shut down Web sites that contain infringing material, but they have balked at requests to disconnect users who trade songs with each other directly using "peer to peer" networks such as Kazaa and Morpheus.

The recording industry sued Verizon last summer after it refused to reveal the name of a customer believed to have downloaded more than 600 songs in one day. Verizon said such a move would violate customer privacy and force Internet service providers to serve as online copyright cops.

Verizon said the law should not require it to block customer use of Kazaa and other networks, but in his opinion U.S. District Court Judge John Bates said the law "applies to all Internet service providers ... not just to those service providers storing information on a system or network at the discretion of a user."

A recording-industry spokesman said the decision validated their position and said illegal song swapping was a serious problem.

CNET NEWS.COM - RIAA wins battle to ID Kazaa user.

A federal judge on Tuesday ordered Verizon Communications to disclose the identity of an alleged peer-to-peer pirate in a legal decision that could make it easier for the music industry to crack down on file swapping.

In what is widely viewed as a test case, U.S. District Judge John Bates said the wording of the 1998 Digital Millennium Copyright Act (DMCA) requires Verizon to give the Recording Industry Association of America (RIAA) the name of a Kazaa subscriber who allegedly has shared hundreds of music recordings. Bates said, "The court disagrees with Verizon's strained reading of the act," and ordered Verizon to comply with the DMCA request from the record labels.

The dispute is not about whether the RIAA will be able to force Verizon to reveal the identity of a suspected copyright infringer, but about what legal mechanism copyright holders may use. The RIAA would prefer to rely on the DMCA's turbocharged procedures because they are cheaper and faster than other methods, but Verizon and civil liberties groups have said the DMCA does not apply and that it does not adequately protect privacy.

Union-Tribune Publishing(signonsandiego.com) - No 'Snooper Bowl' for San Diego. Police won't be using face-scanning technology that sparked ire in Tampa

[ ... ]

"It is very expensive, and we don't have the resources to pay for it," Bryden said. "But more importantly, it's not perfected, and it's very slow."

That's not to say the event will be without surveillance cameras. In fact, the number of cameras that will be used at Qualcomm Stadium and the parking lot Sunday is said to be unprecedented at any public event in San Diego.

In this case, though, the faces captured on camera will not be matched to a "watch list" in a computerized database.

The rejection of the face-scanning technology comes as a relief to the American Civil Liberties Union of San Diego and Imperial Counties.

"It seems we've benefited from Tampa's experience," ACLU spokeswoman Dale Kelly Bankhead said. "People were outraged there, and the technology didn't work."

Slashdot | Your Rights Online - No Face-Scanning Tech at San Diego Super Bowl.

b3n writes "From our local paperspace fishwrap this article (http://www.signonsandiego.com/news/uniontrib/mon/ business/news_mz1b20snoope.html) ... "San Diego police have rejected the use of a controversial face-scanning technology for Sunday's Super Bowl, saying it's too costly and ineffective. Face-scanning technology that compares faces in a crowd with digital photos of criminals, fugitives and suspected terrorists gained national attention and sparked an outcry when it was used at the 2001 Super Bowl in Tampa, Fla.""

ZDNet Australia - PeopleSoft vulnerability threatens data.

A serious vulnerability, which may allow attackers to obtain confidential information, has been found in PeopleSoft's Application Messaging Gateway servlet.

Internet Security Systems (ISS), a network security company based in Atlanta, USA, discovered the security glitch, present in default installations, and released an advisory.

"The Application Messaging Gateway is configured to run by default on the PeopleSoft Web server," the advisory said.

The vulnerability effects all 8.1x versions of PeopleTools, with the exception of 8.19. 8.4x versions are not effected. PeopleSoft users can upgrade to version 8.19, but they might have to wait a while.

"PeopleSoft has addressed all of the issues described in this advisory in PeopleTools 8.19, available on PeopleSoft's Customer Connection site in early February," ISS said.

CNET NEWS.COM Perspectives - Homeland Security and you .

The "killer app" remains the computer industry's holy grail. That's geek-speak for a feature so useful that people will buy the product just to have it.

It also carries the stronger marketing connotation of necessity, as in "we can't sell these gizmos without a killer app!" Without one, good technology often has to sit out the dance. Personal cryptography, one of these wallflower technologies waiting for over a decade, is now finally ready to rock. In this case, though, its killer app is not software, but the recently passed Homeland Security Act.

Part of this act legalizes and actually encourages ISPs to read their customers' e-mail and turn in anyone that they deem suspicious. The company must use a "good faith" effort to determine whether there is an "immediate threat to a national security interest." This shields them from litigation in the unlikely event anyone ever finds out they got ratted out. But the ambiguous boundaries of the bill guarantee that many things will get reported to the government that have nothing to do with terrorism.

Anyone who has anything to hide should be seriously considering a little crypto in their lives--even if they don't have anything to hide, but someday might. It doesn't have to be related to terrorism. This is also a good time to reflect on how often e-mail has been showing up as evidence in government cases, or that some of the damning Lewinsky notes published by the Starr investigation were deleted e-mails that she hadn't even sent.

Smart people are going to soon realize that sending a plain text e-mail through a commercial ISP is like misplacing a signed confession. This growing awareness will stimulate plenty of demand for encryption.

Cryptographic tools are inexpensive and they work. There are commonly available utilities that, once installed, will sign or encrypt e-mail, chat and IM sessions. Others use checksums--checks on the amount of data to make sure that it hasn't been altered--to make tamperproof files or steganography to hide information inside pictures or music. The best of these, like PGP (Pretty Good Privacy), open their source code for peer review, increasing the comfort of their users that a "back door" hasn't been slipped in.

CNET NEWS.COM - Via chips away at security issues.

The chipmaker, best known in the United States for its Apollo chipsets, will announce on Tuesday a new C3 processor that includes a data security feature, dubbed Padlock. According to Via, the C3 will ship by month's end.

The 1GHz processor incorporates a random number generator, a tool used in file encryption. Software makers can use a programming tool from Via to write applications that, in turn, use the generator to encrypt their files.

InfoStructure News from Wired News - How to Foil Data Thieves, Hackers.

Technology researchers are developing software that can create customized profiles of networks with the goal of sniffing problems -- like hacks or data theft -- sooner.

[ ... ]

The "user-level anomaly detection" software draws up regularly updated profiles by closely tracking over time how each person performs an array of routine tasks, such as opening files, sending e-mail or searching archives.

Designed to tell if someone has strayed into an unauthorized zone or is masquerading as an employee using a stolen password, the program keeps watch for even subtle deviations in behavior. Alerted to anomalies, network administrators then begin monitoring more aggressively to assess whether pilferage is in progress.

Paul Graham - Better Bayesian Filtering.

This article was given as a talk at the 2003 Spam Conference. It describes the work I've done to improve the performance of the algorithm described in A Plan for Spam, and what I plan to do in the future.

Remember a webcast of the conference is available in RealPlayer format

Slashdot | Plan for Spam, Version 2.

bugbear writes "I just posted a new version of the Plan for Spam Bayesian filtering algorithm. The big change is to mark tokens by context. The new version decreases spams missed by 50%, to 2.5 per 1000, even though spam has gotten harder to filter since the summer. I also talk about how spam will evolve, and what to do about it."