Niels Provos would like you to help create the perfect lure for crackers. In the style of similar challenges presented by the Honeynet Project, Provos, a doctoral candidate at CITI (a research institute at the University of Michigan) has announced a public competition for contributions to his honeyd project, which the project page describes as "a small daemon that creates virtual hosts on a network." Honeyd does more than that terse description implies, though: read on to see how you can contribute to creative cracker snaring.

Supreme Court of New Hampshire - Helen Remsburg, Administratris of the Estate of Amy Lynn Boyer v. Docusearch, Inc., d/b/a Docusearch.com & a..

1. Under the common law of New Hampshire and in light of the undisputed facts presented by this case, does a private investigator or information broker who sells information to a client pertaining to a third party have a cognizable legal duty to that third party with respect to the sale of the information?

2. If a private investigator or information broker obtains a person’s social security number from a credit reporting agency as a part of a credit header without the person’s knowledge or permission and sells the social security number to a client, does the individual whose social security number was sold have a cause of action for intrusion upon her seclusion against the private investigator or information broker for damages caused by the sale of the information?

3. When a private investigator or information broker obtains a person’s work address by means of a pretextual telephone call and sells the work address to a client, does the individual whose work address was deceitfully obtained have a cause of action for intrusion upon her seclusion against the private investigator or information broker for damages caused by the sale of the information?

4. If a private investigator or information broker obtains a social security number from a credit reporting agency as a part of a credit header, or a work address by means of a pretextual telephone call, and then sells the information, does the individual whose social security number or work address was sold have a cause of action for commercial appropriation against the private investigator or information broker for damages caused by the sale of the information?

5. If a private investigator or information broker obtains a person’s work address by means of a pretextual telephone call, and then sells the information, is the private investigator or information broker liable under N.H. Rev. Stat. Ann. § 358-A to the person it deceived for damages caused by the sale of the information?

For the reasons expressed below, we respond to the first, second and fifth questions in the affirmative, and the third and fourth questions in the negative.

Slashdot | Your Rights Online - Interesting Privacy Decision in New Hampshire.

TCPALaw writes "A huge decision in privacy law was handed down today by the NH Supreme Court in the Amy Boyer case. Amy was stalked and killed by a man who got her personal information, including SSN, from an on-line information broker. Privacy groups such as EPIC have argued that access to sensitive personal information should carry with it liability for misuse, and can constitute a tort. The NH Supreme Court agreed. Now perhaps you can sue the spyware companies."

Irish Examiner - State may restrict personal data access.

The Government is considering restricting the time period within which people can access personal information held by State bodies.

According to an expert on the Freedom of Information Act, the current review of the law may result in time limits being introduced on applications for personal records.

University College Cork law lecturer Maeve McDonagh said last night that introducing time limits for people to seek health, education, tax or social welfare records would be a retrograde step. At the moment, personal files, stretching back indefinitely, can be accessed and this accounts for a large proportion of requests under the Act, she said.

The Seattle Times: Editorials & Opinion: Users should control phone-privacy rights.

A federal judge might temporarily have suspended Washington's strict new rules protecting telephone users' privacy, but state Sen. Margarita Prentice still wants to send a message to phone companies to back off.

The Seattle Democrat is right. Telephone users should have the ability to decide whether their calling habits -- whom they call and even when they answer the phone -- should be sold to the highest bidder. Prentice's bill would forbid telephone companies from making such disclosures without the customer's consent.

Prentice's proposal reflects Washington Utilities and Transportation Commission rules that took effect Jan. 1 and require customers to opt in to such marketing programs. The state rules do not prevent phone companies from using the data to communicate with their own customers, however.

By comparison, federal rules only require phone companies to notify customers they can opt out of the marketing programs. Interestingly enough, these notifications typically are labeled privacy policies, which seems to prove the point.

CNET NEWS.COM - Hackers view credit-card accounts.

More than 5 million Visa and MasterCard accounts throughout the nation were accessed earlier this month after the computer system at a third-party processor was hacked, according to representatives for the credit-card companies.

Early indications were that none of the information, which would include credit card numbers, was used in a fraudulent way, according to the representatives.

Visa and MasterCard said they could not provide a timeline of when the breach took place or details on how it was accomplished because it involved a third-party processor used by merchants and not Visa or MasterCard systems. They would not disclose the name of that processor.

CNN.com - Hacker accesses 2.2 million credit cards. Visa: No accounts have been used fraudulently

Visa says none of its accounts have been used fraudulently after a hacker gained access to as many as 2.2 million Visa and MasterCard accounts.

The hacker breached the security system of a company that processes credit card transactions on behalf of merchants, Visa and MasterCard said.

None of the Visa accounts has been used fraudulently, Visa spokesman John Abrams said.

The affected accounts make up about one-third of 1 percent of the 560 million MasterCard and Visa cards in the United States. Spokesmen for the two companies said they have notified the banks that issued the affected cards.

[ ... ]

Citizens Bank, a financial institution serving the Northeast, shut down the accounts of 8,800 customers whose card numbers had been accessed after being notified by MasterCard on Friday, bank spokeswoman Pamela Crawley said. All of those accounts were safe, she said.

Slashdot | Cracker Gains Access to 2.2 Million Credit Cards.

Doctor Sbaitso writes "CNN reports that a hacker bypassed the security system of a company that processes credit card transactions and gained access to approximately 2.2 million Visa and MasterCard credit cards. Fortunately, none of them seem to have been used fraudulently."

Slashdot | Should you Fear Google?

Ponty writes "Google-watch.com is presenting a list of nine complaints about (almost) everybody's favorite search engine. Some of the salient fears are "Google has no data retention policies. There is evidence that they are able to easily access all the user information they collect and save." and "Matt Cutts, a key Google engineer, used to work for the National Security Agency." The concerns seem like paranoid hand waving to me, but maybe I'm not paranoid enough."