Saturday, December 31, 2005

T defends automated fare system against privacy concerns - The Boston Globe Yesterday, MBTA spokesman Joe Pesaturo said it would be impossible for riders to enjoy the convenience of card registration and automatic debiting and still remain anonymous, emphasizing that registration for those services is voluntary. Riders will still be able to purchase passes anonymously, without the debiting option. They ''don't have to volunteer personal information," he said. Pesaturo said the fare-collection system is set up to collect information about where and when registered users are riding in order to properly assess fees. Under the law, that information could become available to lawyers and federal investigators but would not be disseminated to other agencies, he said. Carol Rose, executive director of the American Civil Liberties Union of Massachusetts, said yesterday that she is pleased with privacy provisions drafted by T officials but warned that users who register with the new fare-collection system will sacrifice privacy for convenience. ''We feel like the T has made a good-faith effort," said Rose, noting that ACLU representatives have met with T officials about privacy concerns. ''The T is not and should not be in the business of collecting data for government and other agencies. That is not their job." 1:20:08 PM  PermaLink   / trackback []

NSA's Lamest Spy Tool: Cookies. NSA's Lamest Spy Tool: Cookies. Whether accidental or intentional, the National Security Agency's use of "persistent" cookies, which can be used to track internet use, shows a sloppy disregard for basic privacy rules. [Wired News: Security Blanket] 1:16:40 PM  PermaLink   / trackback []

Hackers Rebel Against Spy Cams. Hackers Rebel Against Spy Cams. As video surveillance creeps into public spaces around the world, tech-savvy activists develop techniques to turn the cameras against their masters. Ann Harrison reports from the Chaos Communication Congress in Berlin. [Wired News: Security Blanket] 1:14:58 PM  PermaLink   / trackback []

Mind Being Tracked by a Tiny Chip? Few advances in recent years have had the tech industry buzzing like the tiny silicon devices called radio frequency identification (RFID) tags, which enable wireless tracking of just about anything -- or anyone. But RFID also has rekindled a debate about whether a new technology's potential for utility outweighs concerns over privacy. The benefits are easy to see. Researchers at Microsoft, for example, believe that RFID eventually could be used to keep track of the location and status of many items typically found in American homes. Other high-tech companies, such as VeriChip Corp., hope to make it possible one day for an individual's medical records to be stored on a chip that could be embedded inside a person's body -- giving medical personnel instant access to potentially life-saving information. The so-called "chipping" of an individual might even become an effective way to thwart kidnappings or locate lost children, some people have suggested. Sounds good so far. But others have gone out of their way to ID the downside to RFID. Critics are claiming that the technology could be misused in ways that would violate a person's right to privacy. RFID potentially could allow unscrupulous individuals to wirelessly "read" the contents of a household's medicine chest, for example, or to track an individual's location without first obtaining his or her consent. 1:04:10 PM  PermaLink   / trackback []

Background checks by companies spark worries -- Newsday.com "There are no standards for what is a background check," said Tal Moise, chief executive of Verified Person, a New-York based company that performs background checks. "This is an industry that has delivered historically a very low-quality product." A national task force funded by the Justice Department this month recommended national standards for screening companies. "The nation's security, as well as on-the-job efficiency, and certainly civil liberties and privacy interests, all demand the development of a blueprint," the task force concluded. Background screeners say companies must conduct thorough searches to determine whether applicants have criminal records. That means searching multiple counties and checking for addresses not listed on job applications. 12:25:57 PM  PermaLink   / trackback []

Editorial: Protecting liberty Nobody ever said it was a risk-free proposition to stand by the U.S. Constitution. Not the nation's founders, certainly: They risked their very lives in waging the war for independence that led to enshrining the Constitution's democratic ideals in the first place. And now the threat of terrorism sharpens the risk posed by living in an open, democratic society. As long as the nation values and protects by law the rights of everyday Americans to be spared from unwarranted snooping, its enemies could find ways to exploit that openness - as they assuredly did on Sept. 11, 2001. Citizens have a choice. They can live with that risk, understanding it for the central role it plays in making this a nation worth preserving. Or they can surrender to fear - out of a misguided sense that no civil liberty is so cherished as to risk another terror attack by its defense. In President Bush's first formal defense to Congress of his secret, warrantless domestic eavesdropping program, there is the scent of surrender. In a letter sent on Thursday to Congress from the Department of Justice, the Bush administration argued that national security trumps the privacy concerns of individuals. 12:21:46 PM  PermaLink   / trackback []

Intelligent Enterprise Magazine: Identity Theft Laws Elevate Security to the C-Level What do Time Warner, Lexis-Nexis, ADP, Wells Fargo and Bank of America all have in common? They all suffered breaches in customer data security in 2005, and the incidents all fueled calls for federal legislation that could lead to onerous security demands on organizations holding consumer information. Even if legislators show restraint in demanding new controls, it's time for corporations to create C-level security positions. Security breaches now lead to high-profile public disclosures thanks to state laws such as California's Security Breach Information Act (SP 1386) and Washington's "Breach Disclosure" law (SB 6043), which require that consumers in those states be notified when their personal data is compromised. With other states eyeing similar bills, some in Congress say it's time for a nationwide approach-an outcome business might favor, too, as long as the law isn't too demanding. Thus far, Congressional committees have proposed at least six bills. One of the most comprehensive is "The Personal Data Privacy and Security Act of 2005" (S.751), proposed by Senator Arlen Specter (R-Pa.), Chairman of the Senate Judiciary Committee and Senator Patrick Leahy (D-Vt.). The bill calls for corporate accountability for data privacy and security programs, but there's controversy over how to define and enforce such a mandate. "The government must assess the risk associated with certain data types so companies aren't notifying consumers every time a breach of even noncritical data occurs," says Jerry Cerasale of the Direct Marketing Association (DMA), a trade association representing more than 5,200 direct, database and interactive marketers. Just what is "critical" personal data? Some would limit that definition to social security numbers, addresses, phone numbers, family members' names and credit or debit numbers, but a broader definition, such as that in California's law, would encompass "marketing" data about hobbies and buying patterns. Cerasale warns that companies will face enormous costs if forced to build departments and systems for detecting and reporting breaches. What's even more troubling to some is the fact the Specter-Leahy bill calls for data brokers to give consumers a chance to "access and correct" their information. "That would open up an entirely different avenue for identity thieves to come in and undercut antifraud efforts," says Cerasale. If such measures are passed, "COSO as a main risk structure and standards such as COBIT, GAAP and GAISP, are no longer going to be adequate," warns Fred Cohen, a principal analyst at Burton Group. 12:18:43 PM  PermaLink   / trackback []

RFID: Boon or Bane? Debate Rages on The tiny silicon devices called radio frequency identification (RFID) tags, capable of tracking just about anything or anyone, are wildly popular in tech circles these days. But RFID has also opened a Pandora's Box with experts questioning whether its utility outweighs concerns over privacy. Software giant Microsoft believes that RFID can eventually be used to keep track of the location and status of many items normally found in American homes. Another company, VeriChip Corp., hopes to make it possible one day for an individual's medical records to be stored on a chip that can be embedded inside the body, giving medics instant access to potentially life-saving information. Some people have even suggested that it will prove helpful in thwarting kidnappings or locating lost children. So far, so good; but critics are criticizing the RFID on the grounds that it can be misused and violate a person's right to privacy. Potentially, RFID may allow unscrupulous individuals to wirelessly "read" the contents of a household's room or track an individual's location without obtaining his or her consent. 12:15:11 PM  PermaLink   / trackback []

Xinhua - English - No safety net for personal privacy on Internet Beijing, Dec. 30 -- Go to a network named Ucloo, type in your name and click "search". You will probably find your mobile or email address appearing on the screen. Angry, aren't you, but it gets even worse: detailed personal information of over 90 million people may have been unveiled by the website. Ucloo claims it is the biggest search engine in China as far as personal information is concerned. The information, however, is suspected to come from another network called 5460, a Chinese Internet alumni group, as the information on both networks is identical from format to content. Users of the alumni website provide detailed personal information, for the convenience of their classmates, but they don't expect it to be stolen by others. But according to Luo Wenxian, spokesman for the alumni website 5460, the information was illegally acquired by Ucloo. "So far, apart from the name of the company, we know nothing about it, there is no valid telephone number, nor any address. We will negotiate with it as soon as we can find it. From our point of view, we are also victims in this event." 12:11:52 PM  PermaLink   / trackback []

Sue Companies, Not Coders. Sue Companies, Not Coders. A former U.S. cybersecurity czar now advocates holding programmers liable for the security holes in their code. He's soooo close to getting it right. Commentary by Bruce Schneier. [Wired News: Security Blanket] 12:08:33 PM  PermaLink   / trackback []

Union Leader - Court: Divorce finances not subject to privacy law - Saturday, Dec. 31, 2005 Concord -- The state Supreme Court ruled yesterday that financial information people disclose in divorce cases is not entitled to sweeping privacy protections. The court struck down part of a 2004 law that said it was. It overturned the law's attempt to shift the legal burden from the person trying to keep the information confidential to someone trying to get it. A lower court upheld the law, leading to the appeal by news organizations that was decided yesterday. "A generalized concern for personal privacy is insufficient to meet the state's burden of demonstrating the existence of a sufficiently compelling reason to prevent public access," the unanimous court said. 12:07:13 PM  PermaLink   / trackback []

RIAA Bullies Witnesses Into Perjury. RIAA Bullies Witnesses Into Perjury. QT writes "A Michigan couple is counter-suing the RIAA after they learned that the RIAA had bullied their witnesses into lying. The story revolves around a 15-year-old girl who, when deposed, told how RIAA lawyers told her that she had to commit perjury just so they could win their case. From the article: 'Q - Did [the RIAA lawyer] tell you why he needed you to stick with your original false story? A - Because he said he didn't have a case unless I did. Q - So, he told you that he didn't have a case unless you stuck with the original false story?'" [Slashdot: Your Rights Online] 11:52:44 AM  PermaLink   / trackback []

Sony Settlement Start of DRM Protection Act? Sony Settlement Start of DRM Protection Act?  An anonymous reader writes  "Sony BMG and a group of class action lawyers have reached a provisional settlement in the U.S. Sony rootkit class actions. Sony will pay cash compensation and give away free downloads from a choice of music download services including Apple iTunes as part of the deal. The settlement includes a host of restrictions on future Sony DRM use, which Michael Geist argues provides the starting point for a future Digital Rights Management Protection Act."  [Slashdot: Your Rights Online] 11:50:41 AM  PermaLink   / trackback []

Programmer Challenges RIAA Investigators. Programmer Challenges RIAA Investigators.   NewYorkCountryLawyer writes  "In court papers filed today in Manhattan federal court, programmer Zi Mei has slammed the investigation on which the 'ex parte' orders obtained in the RIAA's cases against consumers are based. Armed with Mei's affidavit, a midwesterner -- sued in Atlantic v. Does 1-25 in New York City as 'John Doe Number 8' -- has asked the judge to vacate the 'ex parte' order on the ground that the RIAA doesn't have the evidence it needs to get such an order. If Doe wins, the RIAA's subpoenas to the ISP, for its subscriber's identities, will be thrown out." [Slashdot: Your Rights Online] 11:47:45 AM  PermaLink   / trackback []

2005: The year the US government undermined the internet | The Register 2005 will be forever seen as the year in which the US government managed to keep unilateral control of the internet, despite widespread opposition by the rest of the world. However, while this very public spat went on, everyone failed to notice a related change that will have far greater implications for everyday internet users and for the internet itself. That change will see greater state-controlled censorship on the internet, reduce people's ability to use the internet to communicate freely, and leave expansion of the internet in the hands of the people least capable of doing the job. It is also another example of where the US government's control has - in real, verifiable terms - had a direct, unchecked impact on the internet, despite constant assurances that it takes only a benevolent and passive role. And it has come as a result of the US administration's hugely controversial decision to invade Iraq. 11:40:05 AM  PermaLink   / trackback []

How The U.S. Government Undermined the Internet. How The U.S. Government Undermined the Internet. sakshale writes "The Register has an article about U.S. Government backed policy changes that have led ICANN to redelegate top level domains in such a way as to provide 'greater state-controlled censorship on the internet, reduce people's ability to use the internet to communicate freely, and leave expansion of the internet in the hands of the people least capable of doing the job'" More from the article: "At that meeting, consciously and for the first time, ICANN used a US government-provided reason to turn over Kazakhstan's internet ownership to a government owned and run association without requiring consent from the existing owners. The previous owners, KazNIC, had been created from the country's Internet community. ICANN then immediately used that 'precedent' to hand ownership of Iraq's internet over to another government-run body, without accounting for any objections that the existing owners might have." [Slashdot: Your Rights Online] 11:38:23 AM  PermaLink   / trackback []

Sony 'rootkit' settlement clamps down on DRM. Sony 'rootkit' settlement clamps down on DRM. Deal paves way for kinder, gentler music label Sony BMG has agreed to settle with a group of plaintiffs in a New York class action lawsuit relating to the DRM software that triggered consumer outrage and a PR disaster for the company. As part of the settlement, Sony will compensate those who purchased infected CDs and fix their computers. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 11:30:15 AM  PermaLink   / trackback []

US-CERT: 5,198 Software Flaws in 2005. US-CERT: 5,198 Software Flaws in 2005. Security researchers uncovered a record 5,198 vulnerabilities in software products this year, nearly 38 percent more than the number of flaws found in 2004, according to statistics published by US-CERT, a cyber security information-sharing collaboration between the Department of Homeland Security and the CERT Coordination Center at Carnegie Mellon University in Pittsburgh. [Security Fix] 11:27:56 AM  PermaLink   / trackback []

Copy Controls: How Far Will They Go? Copy Controls: How Far Will They Go? Sony's invasive antipiracy efforts point to a coming battle for control of your PC. [PCWorld.com - Latest News Stories] 11:26:10 AM  PermaLink   / trackback []

Congressional copycats. Congressional copycats. HOLLYWOOD ALREADY CONTROLS most of what Americans see on TV. Now a pair of representatives in Washington want to help Hollywood control how Americans see it  whether on their TV or some other new device. As a matter of both law and marketing, it's a bad idea. [Public Knowledge - Breaking News] 11:24:13 AM  PermaLink   / trackback []