After the hanging-chad fiasco of the 2000 presidential election, Congress funded a nationwide drive to replace punch-card ballots and lever-operated voting machines in time for November 2004. The Help America Vote Act of 2002, or HAVA, authorized $3.9 billion over three years to help state and local governments upgrade their election equipment. The only replacements being considered seriously are electronic voting booths: stand-alone kiosks for which voters are given an encrypted smartcard that identifies them to the computer and lets them vote exactly once. But a report (ed. Link is a PDF file) released last week by the Information Security Institute at Johns Hopkins University says the touch-screen machines are Swiss cheese--full of holes--for hackers. "Common voters, without any insider privileges, can cast unlimited votes without being detected," the report claims. It's based on an analysis of the software source code for voting machines made by Diebold Election Systems, a division of a company that makes automated teller machines. Someone at Diebold accidentally placed the code on a publicly accessible Internet server in January, resulting in its dissemination around the Net.

The Pentagon official who oversaw the development of a plan for the military to operate a terrorist futures-trading market is resigning under pressure, a senior defense official said today.

John M. Poindexter, a retired rear admiral who was President Ronald Reagan's national security adviser, is stepping down "in the next few weeks," the official said, following disclosure of a proposal that outraged lawmakers and embarrassed senior Pentagon officials. The plan was to create in essence an online betting parlor that would have rewarded investors who forecast terrorist attacks, assassinations and coups.

While Defense Secretary Donald H. Rumsfeld did not personally dismiss Admiral Poindexter, the defense official said, Mr. Rumsfeld agreed that the admiral's credibility was shot and it was time for him to go.

Expert Andrew Odlyzko explains how tech advances are making it much easier to charge one price for you and another for your neighbor

Why do corporations want your personal data? The simple answer, according to Andrew Odlyzko, the director of the University of Minnesota's Digital Technology Center, is that such information is the key to a holy grail of capitalism: discriminatory pricing.

[ ... ]

In a paper (ed. Link is a PDF file) to be presented at the Fifth Annual Conference on E-Commerce this fall, Odlyzko, a Bell Labs researcher for 26 years, doesn't argue for or against discriminatory pricing. He focuses on how technology can bring it to new levels of sophistication and prevalence.

[ ... ]

Managers who invest in privacy-eroding data-collection technology aren't always conscious that they're moving toward a world of widespread discriminatory pricing, Odlyzko says. Rather, they're trying out ways to use information to increase profits. But as corporations become more sophisticated in collecting and parsing consumers' personal information, success will lead them to more pervasive price discrimination. On July 28, I talked to Odlyzko about how data is being used to usher in a more efficient -- and privacy-invasive -- economy. Edited excerpts follow:

An anonymous reader writes "BusinessWeek has an interesting interview with academic Andrew Odlyzko about how increased corporate spying will inevitably lead to targeted pricing and how this system can be abused." --- The paper (pdf) makes interesting reading. Very good insights into the reasons why businesses want to get to know you.

mpawlo writes "I have just published an interview with Mr Brad Templeton, chairman of the board of the EFF, over at Greplaw. Mr Templeton presents, among other things, his view on spam and freedom of speech among. If that's not enough, there is also a rather unique tongue-in-cheek interview with Professor Lessig."

When a handful of middle-school students skipped class last April to go to a party near their Manhattan school, they probably didn't think their punishment would involve anything more than an unexcused absence or a detention. Upon returning to Intermediate School 164, they learned that news of the party had made it back to administrators' ears. To return to class, the girls who attended the party were required to be tested for pregnancy and sexually transmitted infections. They were also required to provide administrators with the results of those tests before admission back into the classroom was granted, according to The New York Times.  

Although the girls cooperated with the school's requests, two of them now have lawsuits pending against the school. For once, in an age of legal triviality, it is a well-deserved lawsuit.

Among many problems with the situation is that all students were not treated with the same scale of punishment. A male student who attended the party received no penalty at all, whereas some girls were suspended from school until doctors' notes were presented, and other girls had to go beyond a doctor's note and provide test results, according to The New York Times.

A federal judge overturned portions of three Bay Area financial privacy ordinances Tuesday and put limits on state and local governments' ability to prevent banks from sharing information about customers.

Federal law trumps efforts by Contra Costa and San Mateo counties and Daly City to ban financial institutions from sharing confidential consumer information with affiliated firms, U.S. District Judge Claudia Wilken ruled.

But Wilken upheld sections of all three ordinances that prohibit banks from providing customer information to outside companies, unaffiliated with the banks, unless a customer gives advance consent.

"State and local governments are free to enact (laws) affording some protection to consumer privacy greater than that provided by federal law," as long as they do not restrict banks from giving information to their affiliates, the judge wrote.

Also, the portion of Wilken's ruling that favored the banks could be short- lived, because it was based on a law that expires Jan. 1 unless renewed by Congress. Both sides agreed that the ruling heightens the importance of congressional action this year but disagreed on which side came out ahead Tuesday.

Internet activists concerned about the proposed data mining activities of the Pentagon's controversial Information Awareness Office (IAO) are targeting the privacy of the agency's director, Dr. John Poindexter.

The IAO is an agency of the Defense Advanced Research Projects Agency (DARPA) created in the aftermath of the September 2001 terrorist attacks on New York City and Washington. The goal of the agency is to gather intelligence on possible terrorist activities through electronic sources such as the Internet, telephone and fax lines.

Under Poindexter's leadership the IAO has created a firestorm of controversy with its Total Information Awareness (TIA) program, which seeks to capture the "information signature" of people in order to track potential terrorists and criminals. Critics have called it a domestic spy program and the Senate has temporarily blocked funding for the program.

Earlier this week, Poindexter again came under fire for the IAO's latest proposal to predict terrorist events through the online selling of "futures" in terrorist attacks. The Senate again intervened to block the program.

Inconsistent compliance with the Privacy Act means the federal government cannot adequately assure the public that individual privacy is being protected under the law, federal auditors said.

After surveying the privacy practices and procedures of 25 federal agencies, the General Accounting Office determined that compliance with the act is uneven governmentwide. In a report released today, the auditors say the Office of Management and Budget needs to, among other things, improve monitoring of government actions, consider more guidance for agencies and raise agency awareness.

Sen. Joseph Lieberman (D-Conn.) demanded improved leadership from OMB and a stronger commitment from all agencies.

Armed with 550,000 signatures that could force a ballot proposition on financial privacy, consumer advocates are resurrecting a tough California privacy measure killed ignominiously in the Legislature earlier this month.

Supporters of the financial privacy initiative said Wednesday that they will give California legislators one last chance to pass the bill by Aug. 19. Otherwise, they will submit their petitions, compelling a March 2004 statewide vote, which they predict they would win. (Aug. 20 is the cutoff to submit signatures for the March ballot. A proposition would require 373,000 valid signatures.)

The August deadline would be difficult: It comes one day after lawmakers return from their summer recess. Nevertheless a coalition of banks and other financial institutions that had fought tooth and nail against the bill, along with the state senator backing the bill and consumer advocates, said they think the deadline could be met.

The new law, whether the one passed by the Legislature or the version enacted by proposition, would give Californians the most stringent financial privacy protection in the country. Both would compel banks, insurers, brokerages and other financial institutions to get the permission of customers before sharing information about them with nonaffiliated companies outside the financial arena. The legislative bill would allow the banks and other institutions to share customer information within their own family of firms, while the stricter proposition would bar such "affiliate sharing."

With either a law or a successful ballot measure, consumers would receive next year a flurry of notices from their banks, brokers and insurers asking them to decide whether they want their contact information, account balances and spending histories to be shared with outside companies.

A study of Internet security flaws showed that for serious issues, half of vulnerable systems remain unfixed after 30 days.

The data--released Wednesday at the Black Hat Briefings security Conference here--also showed that some flaws don't completely die out over time but actually make a comeback. The vulnerabilities exploited by the Code Red and SQL Slammer worms, for example, are allowing those threats to reassert themselves on the Internet, said Gerhard Eschelbeck, chief technology officer for vulnerability-assessment company Qualys.

"There is something going on that is bringing vulnerabilities back to life," Eschelbeck said, adding that the main theory is that companies continue to install systems that include out-of-date software.

PerryResearch writes "MacGyver would be jealous - here are the plans for a complete 2.4 ghz wireless video transmission system, mounted on a Mikado Logo 20 R/C helicopter, with realtime video overlay showing wireless signal strength, GPS coordinates, and support for videoglasses. Make sure you check out some of their in-flight videos."

While no one has sympathy for the devils that fill inboxes with promises of lower mortgages and larger members, not everyone is supporting the new movement to banish spammers from the Internet.

Some online advocates worry that heavy-handed antispam measures, such as centralized blacklists and charging for delivery, will destroy e-mail.

Electronic Frontier Foundation's head counsel Cindy Cohn, for instance, argues that antispam crusaders are forgetting the Internet's first principle -- information flows freely from end to end. Cohn fears that the Internet's openness will be collateral damage in the war against unwanted e-mail.

Cohn says her organization's position on spam blocking can be boiled down to a simple proposition: "All nonspam e-mail should be delivered." It's an information age take on the Hippocratic oath, which requires doctors to first do no harm.

"It's not the job of an ISP to block e-mail," added Cohn. "E-mail isn't a toy anymore. If I don't get an e-mailed notice from the federal district court mailing list, it's malpractice."

Even some who sell antispam software to companies say that ISPs shouldn't be blocking mail.

[ ... ]

Several of the bills currently under consideration would make it illegal to mask a sender's identity or forge routing information, both of which are tricks used by spammers to avoid the ire of those who receive their e-mails. But it's also a tactic used by dissidents in countries with repressive governments who want to communicate with like-minded individuals.

"Many of these bills criminalize a message header that isn't accurate," said Johnson. "That's not fraud. If you send out messages through an anonymizer, then you could get sent to jail."

Cohn concurs, arguing that the bills criminalize the behavior of people -- such as closeted gay teens or government whistle-blowers -- who have legitimate reasons for speaking anonymously on the Internet.