A few months ago, PGP creator Phil Zimmermann became a reseller for the current graphical version of the software he originally spawned, produced by PGP Corporation. Now, Zimmermann has just started selling through his own website a modern command-line encryption product called FileCrypt, which has its roots in an older version of PGP. Confusingly enough, this software is produced by a company called (Veridis), and doesn't say PGP on the box, because legally it can't. Network Associates, which acquired PGP Inc. in 1997, still holds the rights to that name; when NAI spun off PGP to PGP Corporation in 2002, they held onto the command-line version. OpenPGP, for whom Zimmermann serves as a technical advisor (as well as a reseller), is contractually unable to sell a command-line version. (He is on the board of Veridis as well.) But why introduce a text-only version of utility software, anyway, when the GUI-fied desktop version has been maturing for years and costs less?

ICANNWatch | WHOIS Report Punts on Privacy.

Something odd is happening with respect to the Whois Task Force: user interest are being ignored while everyone else's interests are being catered to. No, wait, that's not odd -- it's business as usual for ICANN.

The Register (UK) - Spyware found on one in three corporate networks. One in three European companies are harbouring spyware apps on their networks, a new study claims. Spyware applications, programs which surreptitiously send information from surfers' PCs to marketing outfits, are becoming a bigger problem, according to the Emerging Internet Threats Survey 2003. Spyware on company systems leaves companies vulnerable to unknown outside parties such as competitors, crackers or spammers, who can gather confidential company information without consent, the survey warns.

Computerworld (Australia) - Computerworld | Banks take prize in privacy complaints.

Money-related concerns top the list of complaints made about breaches under the first 12 months of the Privacy Act.

Despite investing millions of dollars to make IT systems and procedures compliant with the Federal Privacy Act over the last two years banking, finance and investment companies and share registries are generating large volumes of complaints according to a new list obtained by Computerworld from the Office of the Federal Privacy Commissioner.

The list breaks down the number of complaints by industry sector, with "Finance / Invest / Share Reg's / Pawnbrokers" the clear leader with 206 complaints or 21.02 per cent market share of a total 979 complaints.

Despite having the clear advantages of size and intrusive powers, the federal government managed to run only second, with 130 or 13.28 per cent of complaints. Telcos and ISPs follow closely in third on 116 or 11.85 per cent of accusatory fingers. The information covers the period from December 21 2001 to December 21 2002. However, the nature of the complaints and the names of individual enterprises or departments are not available.

The new information highlights that while privacy compliance and awareness may have been achieved within IT departments and systems, there is still a long way to go before enterprises develop the same corporate culture that is afforded to the issues of security or anticompetitive behaviour.

Steve Bittner, research director for e-government and security with analyst firm Gartner, told Computerworld that organisations had to "create real cultural change" in regard to privacy, warning that independent audits (akin to those used to measure the effectiveness of security) are needed: "Organisations make their own reality, so you need an external reality check," he said.

independent.co.uk (14 October 2002) - Better than text? Picture messaging on mobile phones has taken Japan by storm, but will it be a hit in Britain too? Michael Fitzpatrick reports on the coming camphone revolution

[ ... ]

As well as being fun, the picture phones are finding serious applications. Famously well-ordered, Japan has less reported crime than the West, but street crime is rising and investigators are happy to enrol any new help - which is where the camphone, now carried by more than seven million people in Japan, has found a role. Police chiefs in Osaka, the country's second biggest city, recently agreed that citizens could wirelessly e-mail them pictures of suspects if they come across a crime.

The social implications of this could be enormous. Not everyone carries a camera, but the majority now carry a phone, and they are much more discreet. When camphones become the norm some sociologists believe that all public activity will come before the recording lens. For Britons who already feel over-scrutinised by surveillance cameras, any claim to privacy will vanish in a flash of clicking mobiles. Japanese individuals can already act as Little Brother, as some multimedia services can now send movie clips by mobile, too.

Other uses for the camphone can be equally sinister. As you might expect from a land awash with advanced digital photography and voyeurs, some Japanese people have combined their twin passions to such a degree that Japan's female inhabitants can be nervous about wearing a short skirt outdoors. Where tiny spy cameras and watches with digital cameras went before, the dirty mac brigade are now zooming in with their mobiles. One method used by men is to stand behind a woman on an escalator while seeming to check the phone display and pass the phone under the woman's skirt while taking a picture.

InfoStructure News from Wired News - Public-Computer Users Beware.

A student at Boston College has been indicted on charges he placed keystroke-monitoring software on over 100 college computers, then secretly watched what people were typing and used the information to steal about $2,000.

[ ... ]

"Richard Smith", a Massachusetts-based Internet security consultant, said the software in question is typically used by jealous husbands or wives to spy on their spouses -- or by employers who want to snoop on their workers. The software is not new but poses a "sinister" threat to unwitting computer users, Smith said, noting that Boudreau could have used it with far more devastating consequences.

"With the amount of information he gathered from so many different people, there could have been a lot of things he could have done," Smith said. "I'm surprised this kind of thing hasn't been done more often."

Business News from Wired News - States Still Trying to Stop Spam.

Legislation proposed in two states would create a list of residents who want to remain off-limits to spammers. Anyone on the list who receives an unwanted e-mail would be allowed to sue the sender.

[ ... ]

In the losing battle against spam, two states are considering a novel approach: the creation of "do not e-mail" registries patterned after the statewide "do-not-call" lists that restrict the activities of telemarketers.

Legislation introduced in Colorado and Missouri would create a central database of residents who don't want to receive unsolicited e-mail and would allow consumers to sue marketers who ignore their wishes.

The Colorado Junk E-Mail Law would require companies to pay an annual fee of up to $500 to access the registry. It would award consumers $10 for each unwanted message that they receive, assuming they are willing to take the spammer to court. If they win the case, their attorney's fees would be reimbursed.

In Missouri, companies would have free access to the list, but residents would be able to sue marketers for up to $5,000 for violating it.

Critics say the proposed opt-out lists are a futile version of equally futile statewide spam laws. (Both Colorado and Missouri already have statutes regulating unsolicited commercial e-mail.)

[ ... ]

According to market research firm Radicati Group, more than 2.3 billion spam messages are broadcast daily over the Internet -- a number the group expects to rise to 15 billion in 2006.

Of the 26 states with antispam laws, Sorkin said Delaware's 1999 regulation is the strongest because it bans bulk commercial e-mail outright.

But few cases have been successfully prosecuted under state laws, partly because spammers hide their identities -- by forging e-mail headers and routing information or by relaying spam through an unsuspecting host. That makes it hard to pinpoint the humans responsible for sending out the illegal missives.

Slashdot | Negative Effects of Workplace Net Monitoring.

Masem writes "Business2.com reports that while many corporations have monitoring tools and restrictions on Internet usages for non-work related activities, these can have negative effects on the productivity of the workplace. The report notes that people have to take days off from work to deal with personal business that could have been done in a few minutes or hours from a work net connection, and that employee morale is generally down when net controls are in place." --- A related study suggests employees spend more time doing work from home than playing at work.

megnut.com - Not another one.

First Trent Lott pines for the days of segregation, now North Carolina's Republican congressman Howard Coble is saying he believes Roosevelt made the right decision to intern Japanese-Americans during WWII. Mr. Coble is chairman of the Judiciary Subcommittee on Crime, Terrorism and Homeland Security and made his remarks on a radio call-in program. Tons of detail about Coblegate over at IsThatLegal?. Apparently Coble doesn't feel he's said anything that warrants an apology.

PCWorld.com - Privacy Certification Gets Tougher.

Privacy advocates applaud TRUSTe rule for safe surfing, but urge vigilance.

[ ... ]

Although the new requirements are an improvement on previous certification guidelines, some privacy advocates are still skeptical. Truste and its member companies are really just playing catch-up to recent Federal Trade Commission rulings, says Chris Hoofnagle, legislative counsel at the Electronic Privacy Information Center.

Recently, the FTC has taken action in several cases to emphasize the need for online security and privacy. It accused Microsoft of misrepresenting aspects of its Passport service. It chided Eli Lilly for lax security practices that compromised consumer data, and criticized American Student List for improperly selling information collected from high school students. According to Hoofnagle, all those motions have raised the bar on consumer online-privacy protections.

Those rulings, more than Truste's guidelines or those of other seal organizations, create what Hoofnagle calls a "common law of privacy" on which future enforcement actions can be taken by organizations like the FTC.

Article also carried by: InfoWorld - Brother, can you spare some privacy?

The Associated Press via NJ.com: Boston College student accused of using software to gather personal information of thousands .

BOSTON (AP) -- A Boston College student collected personal information on nearly 5,000 people by allegedly installing software on campus computers that secretly tracked every keystroke, the state attorney general said Thursday.

The 21-year-old computer science major was indicted on several charges, including interception of wire communications, unauthorized access to a computer system, larceny over $250 and identity fraud.

The college senior, identified by authorities as Douglas Boudreau of Warwick, R.I., collected computer passwords, credit card and social security numbers, prosecutors said.

He also allegedly used some of the stolen information to recode his student ID card, which also serves as a campus debit card. The recoded card was used to make about $2,000 worth of purchases on other students' accounts, prosecutors said.

iRights - (Preliminary) Bayes Attack Report.

A followup public report to my previous posts on Bayesian filtering. I have built the program described in my second post, or at least a prototype of it.

Note this is the first public report of this information and it is quite likely this will change as I get feedback, potentially going so far as to invalidate the work entirely. I'm just doing this with a web page rather then with emails, partially because I don't know who all to email (and I wouldn't want to spam their lists). The only one I know I'm send is a link to the spambayes project dev mailing list.