l2718 writes "Ha'aretz has a disquieting report on a presentation made by eBay's senior counsel to law-enforcement officials. Apparently eBay logs all user interaction with them, and will happily hand over all the information to any law-enforcement official without a warrant -- a fax is quite sufficient. He is actually proud of their 'flexible' privacy policy."

Slashdot | U of Wyoming Fingerprinting All P2P Traffic.

mk2mk2 writes "News.com has an article on how they're preparing to shut down P2P sharing of copyrighted content: 'For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song or "Friends" episode.'" --- It's scary until one realizes that most P2P traffic isn't encrypted, like back when everyone still used telnet.

Slashdot | Security Hole Found in 4.3.0.

Saint Aardvark writes "The good folks at PHP.net have warned of a serious vulnerability in PHP 4.3.0: 'Anyone with access to websites hosted on a web server which employs the CGI module may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs. A remote attacker could also trick PHP into executing arbitrary PHP code if attacker is able to inject the code into files accessible by the CGI. This could be for example the web server access-logs.' It's recommend that you upgrade to 4.3.1 right away."

San Jose Mercury News - Privacy protection measure clears Senate committee.

SACRAMENTO - A landmark bill that would give California the toughest privacy protection laws in the nation cleared its first hurdle Tuesday, setting the stage for another herculean war between big business and consumer activists.

For three years, state Sen. Jackie Speier has been leading an almost-quioxtic battle against the banking and insurance industries to give California consumers more control over their financial information. But the San Mateo County Democrat's proposals have been repeatedly shot down by pro-business Democrats in the Assembly.

This year, with the aid of Senate leader John Burton, Speier is taking up arms again with a new bill that would prevent financial institutions from sharing consumer information with outside groups without first getting permission.

Government Computer News - Alliance: Really smart cards guard privacy.

Individual privacy should rank as high as building security in smart-card authentication policies and procedures, the Smart Card Alliance says. "Both privacy and security must be considered fundamental design goals for any personal ID system" based on smart cards, the alliance said in a white paper released last week at its winter meeting in Salt Lake City.

The level of privacy protection depends on when and how smart-card data is accessed, distributed and destroyed. When authenticating a person's identity, a smart-card system should automatically prevent copying, spoofing and unauthorized sharing of the information, and it should access only as much data as is necessary for the immediate task, the alliance said.

It suggested that each smart card should incorporate a safety measure such as a personal firewall, public-key cryptography or biometrics--especially when one card serves several functions. The additional safeguards would not only boost protection but also boost user confidence, it said.

businesstoday.com ( Boston Herald ) - Fed allows banks to gather personal data: Rule change affects nonmortgage loans.

Housing advocacy groups praised the Federal Reserve's move yesterday to end a ban that has kept lenders from tracking the race and other characteristics of applicants for nonmortgage loans.

Advocates said the move could help heighten awareness of lending practices and help avoid discrimination.

``It's a step in the right direction,'' said Abbey Cook, of the Boston chapter of the Association of Community Organizations for Reform Now. ``How can we detect discrimination if we don't really know exactly what is going on?''

But Cook said she would like the Fed to require the banks to report the data to the public.

The Fed's rule change, effective April 15, merely lets banks collect personal information about nonmortgage loan applicants - it doesn't require it. The banks that collect such information could choose to release the data or keep it, a Fed spokeswoman said.

The Fed has banned banks it regulates from inquiring about or noting the personal characteristics of nonmortgage loan applicants since 1976.

The Fed eased the ban yesterday to help lenders examine their own policies and make sure they comply with federal lending laws.

Chicago Tribune - FEDERAL RESERVE: Ban relaxed on collection of personal information This link is an indirect one via Moreover.com - Registration is required and I haven't registered so I can't provide any interesting pull quotes from the article.

BizReport - First Comes Privacy, Then Trust.

Compromising your customers' personal information online will mean they won't trust your company, which ultimately means they won't buy from your company. To avoid all of that, says David Hallerman, present simple, straightforward privacy policies on your site.

Privacy, trust, and permission all unite in an unbreakable web. When companies use personal information without permission, consumers tend not to trust them -- they conclude their privacy has been compromised. Fears about lost privacy equals loss of trust. Loss of trust equals diminished possibilities for profits.

Then consider how the sum of those fears erodes trust on the Internet, and therefore retards the growth of Internet commerce in all its manifestations. According to research done in January 2003 for The Conference Board--a New York-based nonprofit business membership and research organization --only 26.0% of US households experienced trust while doing their primary Internet activity in Q4 2002.

CNET NEWS.COM - Fingerprinting P2P pirates.

Audible Magic's tools are among the first of a new generation that threatens to go much deeper inside the data stream, allowing a network operator to see exactly what files are being transferred.

The software lives inside a router or gateway to the broader Internet. As it is currently configured, it creates a copy of all the traffic flowing past, identifies those bits that are using FTP (file transfer protocol) or the Gnutella technology, and then re-creates those files to identify them.

[ ... ]

The next step for the technology is actually blocking songs and other content, instead of just monitoring--much the same way that Napster wound up filtering songs under court order in the waning days of its service. Audible Magic has a music "fingerprint" library that it says can reliably identify more than 3.5 million different audio files. In theory, songs could be blocked as the data passes the network monitor and is compared against this database of fingerprints.

"We believe that what this does is transform network devices to be content-intelligent," Ikezoye said. "That will be important. You can't just say, 'Let's block peer-to-peer.'"

In practice, this is potentially an enormous computing job that has yet to be tested on a wide scale. Blocking files means that someone has to come up with a list of files to block. Record companies have been loathe to perform that role, a massive undertaking that would require the listing of virtually every copyrighted work ever recorded, and that blocking services such as Audible Magic were updated as new songs were released.

Moreover, the computing power necessary to monitor, identify and block the millions of songs that could traverse a university network in the course of a month would be enormous and expensive, critics say.

[ ... ]

The fingerprint recognition tools, provided in part by Audible Magic competitor Relatable, did block copyrighted songs, but also wound up "overblocking" so completely that even non-copyrighted files were stopped. Concurrently, sources said at the time, a few copyrighted songs that did continue to slip through, endangered Napster's status in the courts.

Moreover, privacy concerns stemming from this kind of network monitoring would likely be deep and immediate. Already the Electronic Privacy Information Center (EPIC), a Washington, D.C.-based lobbyist group, has blasted the recording industry's calls for deeper network traffic monitoring at universities.

"Monitoring the content of communications is fundamentally incompatible with the mission of educational institutions to foster critical thinking and exploration," EPIC wrote in an open letter to universities in November 2002, which followed a Recording Industry Association of America letter to more than 2,000 university presidents. "Such a level of monitoring is not only impracticable; it is incompatible with intellectual freedom."

InfoStructure News from Wired News - XP Hole Plagues All Similar Apps.

A significant security flaw was discovered in Microsoft software this week, but this time Microsoft isn't to blame. Well, not completely.

The most recent security problem uncovered in a Microsoft product is a genuine threat, security experts say, but it isn't a problem particular to the Windows XP operating system.

The producers of Brian's Buzz on Windows newsletter discovered that booting an XP system off a Windows 2000 CD allows the user to start the Windows 2000 Recovery Console, a troubleshooting program. Once Recovery is active, the computer's uninvited guest has complete access to the contents of the computer without ever having to enter a password.

The intruder can also gain access to any other user accounts present on the XP machine, again sans password, and can copy files from the hard drive onto removable media, an activity that is not allowed under Windows 2000, even when a presumably valid administrator is using the recovery console.

Wired News - Summit: DMCA Blocks Tech Progress.

Silicon Valley executives and other insiders meet with lawmakers to discuss how the Digital Millennium Copyright Act adversely impacts technology innovation -- and what they can do about it.

[ ... ]

Litigation costs, for one, have had a crippling effect on companies like Sonicblue, which spends $3 million a quarter fighting lawsuits, according to Greg Ballard, CEO of Sonicblue, which manufactures ReplayTV. Twenty-eight media companies are suing Ballard's company.

ClearPlay creates filters that allow people to strip movies of gore, profanity and nudity. Multiple movie studios, the Directors Guild of America and 15 individual directors are suing ClearPlay for applying its technology to certain films.

"We don't edit or change the DVD in any way," said ClearPlay CEO Bill Aho, who has been dubbed the most hated man in Hollywood. "We don't take money out of studio's pockets.

[ ... ]

London's company, Static Control Components, reverse-engineered a chip on laser toner cartridges meant for Lexmark printers in order to make their less expensive replacement cartridges compatible. Lexmark has subsequently filed a lawsuit against Static Control Components.

Djavaherian is an attorney for Skylink Technologies, which manufactures a universal garage door opener and is being sued by the market leader in garage door openers in a similar dispute to that of Lexmark and Static Control Components.

ABCNEWS.com : EU Agrees to Give Passenger Data to U.S..

EU Agrees to Give Passenger Data to U.S. on Trans-Atlantic Flights in Fight Against Terrorism

[ ... ]

In return, the United States gave assurances about the "appropriate handling" of the records, which include not only names but also the passenger's itinerary, contact phone number and other details, such as credit card numbers.

"That will allow the airlines to be in compliance with the U.S. law at the same time that they meet the EU data protection requirements," a spokesman at the U.S. Mission to the European Union said.

Slashdot | EU Agrees to Give Passenger Data to U.S..

de la mettrie writes "The EU Commission has agreed in principle to make airlines provide U.S. Homeland Security with detailed passenger data for flights to the USA. Things Uncle Sam would like to know about passengers include their itinerary, their credit card number and whether or not they asked for a meal without pork. The data are supposed to help prevent terror attacks and are to be 'handled appropriately'." --- The U.S. is collecting the data for a massive passenger database, intended to increase passenger profiling.