Wednesday, October 25, 2006

EFF - miniLinks for 2006-10-25. miniLinks for 2006-10-25. Free Speech Pays The Knight Foundation is dispensing $5 million to cyberjournalism projects Data-Mine Californian Politicians Monitor campaign contributions to Californian politicos. Squeezebox Picked Up by Logitech EFF-supporter Slim Devices remotely transferred to the PC peripheral giant. Internet Governance Forum in Athens: Free Speech Sponsored by EFF and many others. Fortune Profiles DVD Jon Interoperability or bust. Microsoft Privacy Practice Document But does it practice what it preaches? Meet the Censors Masters of the Great Firewall. Shut it up With Tinfoil Wallets that could help prevent your RFID-embedded cards from leaking private info. Spyware-Assisted In-Game Advertising For a better gaming experience. An Electronic Voting Machine Wishlist Step one: not Diebold. Malware King-of-the-Hill A spam-sending trojan purges rival viruses. Big Media Companies Using P2P Networks for Promotion The novelty hasn't worn off yet. UK Court Rules Against Gray Market Importer Sony is still master of your PSP after you buy it. [EFF: Deep Links] 11:26:05 PM  PermaLink   / trackback []

Congressional Report Reveals Data Leaks Throughout the Government. Congressional Report Reveals Data Leaks Throughout the Government. A recent report from the House Committee on Government Reform shows that sloppy handling of personal data is rampant across the federal government, with 19 agencies self-reporting at least one leak of personally identifiable information since 2003. According to the report: Taken as a whole, the agency reports outline hundreds of instances of data breaches involving sensitive personal information since January 1, 2003. The reports show a wide range of incidents, involving employee carelessness, contractor misconduct, and third-party thefts. However, in many cases, the agency does not know what information was lost or how many individuals potentially could be affected. Few of these incidents have been reported publicly, and it is unclear in many cases whether affected individuals have been notified or whether remedial action has been taken. While several data breach notification laws have stalled in the House and Senate, the new report underscores just how much Congress needs to update and strengthen protections for personal data in the hands of third parties -- especially, it seems, the government itself. [EFF: Deep Links] 11:21:52 PM  PermaLink   / trackback []

Creative Labs "Upgrade" Removes FM Radio Recording. Creative Labs "Upgrade" Removes FM Radio Recording. Engadget (via BoingBoing) reports yet another digital media device "upgrade" that actually downgrades certain features. Creative Labs' latest firmware update to the Zen MicroPhoto and Zen Vision:M portable media players removes the ability to record FM radio. None of Creative's customers asked for this misfeature, though certain copyright holders might have. Today radio recording restrictions are not mandatory, but if the major record labels get their way, that won't be the case -- take action now to block digital radio restrictions bills currently in Congress. [EFF: Deep Links] 11:19:30 PM  PermaLink   / trackback []

Dangerous Terms in MS Vista's EULA Dangerous Terms in MS Vista's EULA. Before clicking the "I Agree" button that accompanies software products' dense End User License Agreements (EULA), it's always best to check with Infoworld's Ed Foster first. He is unrelenting in his careful criticisms of EULAs, and, this week, he takes on a section of Microsoft Vista's EULA that aims to stifle the speech of product reviewers and critics. He writes: "[I]f Microsoft has the right to put even the mildest of restrictions on a consumer's rights to comment on their products, why can't a carmaker or an appliance manufacturer have a censorship clause hidden somewhere on their website? There is nothing is copyright law that gives software publishers the right to restrict the rights of their customers to criticize their products." Last week, Brooklyn Law School Professor and former EFF Staff Attorney Wendy Seltzer highlighted a number of other dangerous terms in Vista's EULA. For a user's guide to EULAs, read EFF's white paper. [EFF: Deep Links] 11:16:32 PM  PermaLink   / trackback []

The New Threat: Attackers That Target Healthcare Organizations. The New Threat: Attackers That Target Healthcare Organizations. Third Brigade submits this white paper on the new threats that face medical facilities. By Third Brigade. [Infosec Writers Latest Security Papers] 11:09:28 PM  PermaLink   / trackback []

Anti-Spam Protection in the Network Perimeter. Anti-Spam Protection in the Network Perimeter. Panda Software contributes this white paper on anti-spam in the corporate enterprise. By Panda Software. [Infosec Writers Latest Security Papers] 11:07:46 PM  PermaLink   / trackback []

The Four Key Qualities of Effective Host Intrusion Prevention (HIP) Solutions: Defining Deep HIP. The Four Key Qualities of Effective Host Intrusion Prevention (HIP) Solutions: Defining Deep HIP. This white paper, submitted by Third Brigade, explains what to look for in HIP products, and introduces the concept of "Deep HIP" as a means of characterizing effective solutions in this area. By Third Brigade. [Infosec Writers Latest Security Papers] 11:05:22 PM  PermaLink   / trackback []

Swiss banks broke privacy laws over SWIFT transfers: data chief. Swiss banks broke privacy laws over SWIFT transfers: data chief. 'Serious error of judgement' Swiss banks broke the law by passing customer bank details to US authorities, Switzerland's top data protection official has said. The banks should have told customers that international transaction company SWIFT was passing details to the US, he said. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 11:01:24 PM  PermaLink   / trackback []

EU mulls RFID privacy laws. EU mulls RFID privacy laws. Brussels ready to roll on chips Concern about the privacy implications of using RFID tags need to be overcome if the technology is to gain public acceptance, according to a new EU study. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 10:13:56 PM  PermaLink   / trackback []

Database state could go pear-shaped, says police chief. Database state could go pear-shaped, says police chief. Power corrupts The boss of UK police technology has warned that government attempts to use surveillance and databases to impose law and order could backfire unless those with access to the system are prevented from abusing the power it gives them. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 10:10:56 PM  PermaLink   / trackback []

Congress, Bush defile Constitution with security bill Welcome to the Fourth Reich. Congress, Bush defile Constitution with security bill Comment "It is a rare occasion when a President can sign a bill that he knows will save American lives; I have that privilege this morning," US President George W Bush trilled as he consigned 200 years of judicial oversight to the scrap heap of history. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 10:08:47 PM  PermaLink   / trackback []

UK police share data to foil child abuse. UK police share data to foil child abuse. Track and trace UK police have begun trials of a system that makes it easier for investigators to share information on online child abuse cases. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:26:56 PM  PermaLink   / trackback []

Ryan's ID express still waiting for a platform. Ryan's ID express still waiting for a platform. Chuffing away The British government is still trying to work out how it will implement the ID scheme, six months after it was approved by Parliament. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:25:41 PM  PermaLink   / trackback []

Steal my ID, steal my fingers - the public gets nervous. Steal my ID, steal my fingers - the public gets nervous. So how many fingers do you need anyway? The public fears losing their fingers to ruthless biometric ID thieves in the fingerprint-controlled future, apparently. Or at least, so says Frost & Sullivan analyst Sapna Capoor, who argued unconvincingly that "A dead finger is no good to a thief." [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:22:30 PM  PermaLink   / trackback []

EFF to probe FBI's new monster database. EFF to probe FBI's new monster database. That'll teach them The Electronic Frontier Foundation (EFF) is suing the US Department of Justice to learn more about the FBI's new monster database, called the Investigative Data Warehouse, or IDW. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:20:07 PM  PermaLink   / trackback []

US court denies request to suspend Spamhaus domain. US court denies request to suspend Spamhaus domain. Spam roadblock remains in place A US judge has denied a request to order internet registrars to suspend Spamhaus's domain, easing concerns that the spam blocking service might be interrupted. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:14:40 PM  PermaLink   / trackback []

Beer fingerprints to go UK-wide. Beer fingerprints to go UK-wide. Yeovil, an example for us all The government is funding the roll out of fingerprint security at the doors of pubs and clubs in major English cities. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:10:58 PM  PermaLink   / trackback []

Florida 'botmaster' charged with Akamai DDOS attack. Florida 'botmaster' charged with Akamai DDOS attack. Internet bombardment A Florida man was in federal court today, accused of launching a DDOS attack on Akamai which brought much of the internet to its knees - for a few hours. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:09:17 PM  PermaLink   / trackback []

US publishers say Child Online Protection Act should be struck down. US publishers say Child Online Protection Act should be struck down. COPA non grata A group of US online publishers and a lobby group is taking the Government to court to challenge an eight-year-old law which it says amounts to censorship of the internet. The challenge is to the Child Online Protection Act (COPA), which became law in 1998. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:06:07 PM  PermaLink   / trackback []

Irish passports go RFID, and naked. Irish passports go RFID, and naked. Mug me, my house is currently worth a fortune Analysis The Irish government has begun issuing RFID passports with biometric data that can be read at a distance to comply with US regulations for its visa waiver programme. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:03:53 PM  PermaLink   / trackback []

EFF Sues for Information on Huge FBI Database of Personal Information. EFF Sues for Information on Huge FBI Database of Personal Information. 'Investigative Data Warehouse' Includes Hundreds of Millions of Entries Washington, D.C. - The FLAG Project at the Electronic Frontier Foundation (EFF) filed suit against the Department of Justice today, asking for records concerning the FBI's "Investigative Data Warehouse" (IDW) -- a huge database that contains hundreds of millions of entries of personal information. According to the FBI, the IDW was developed to collect a wide swath of personal information -- like "photographs, biographical information, physical location information, and financial data" -- for use in anti-terrorism investigations. The FBI said earlier this year that there were over 560 million items in the IDW, and that nearly 12,000 law enforcement agents had access to the information. EFF filed its suit after the FBI failed to respond to two Freedom of Information Act (FOIA) requests for records disclosing the criteria for inclusion in the database and the current privacy policy protecting this sensitive information, among other critical issues. The FBI has failed to file a public notice describing the database and the criteria for including personal information, as required by the Privacy Act of 1974. "Americans deserve to know what information is collected under what circumstances, and who has access to it," said EFF Senior Counsel David Sobel, the director of the FLAG Project. "And what if this database contains false information about you? How would you correct that? These are serious questions that the FBI needs to answer." EFF's FLAG Project, launched last month, uses FOIA requests and litigation to expose the government's expanding use of technologies that invade privacy. A lawsuit filed earlier this month demanded that the FBI release records concerning DCS-3000 and Red Hook -- tools the FBI has spent millions of dollars developing for electronic surveillance of personal communications. "The public needs as much information as possible to evaluate tools that put our privacy at risk," said EFF Staff Attorney Marcia Hofmann. "The Department of Justice must abide by the law and publicly release information about these surveillance programs." For the FOIA complaint filed against the Department of Justice: http://www.eff.org/flag/idw/IDW_complaint.pdf For more on the FLAG Project: http://www.eff.org/flag/ Contacts: David Sobel Senior Counsel Electronic Frontier Foundation sobel@eff.org Marcia Hofmann Staff Attorney Electronic Frontier Foundation marcia@eff.org [EFF: Breaking News] 4:48:13 PM  PermaLink   / trackback []

Digital Freedom Campaign Launches to Champion the Public's Rights in the Copyfight. Digital Freedom Campaign Launches to Champion the Public's Rights in the Copyfight. Today, the Digital Freedom campaign was launched by a broad coalition of groups including the Consumer Electronics Association, EFF, Public Knowledge, and the Media Access Project. "Digital technology enables literally anyone and everyone to be a creator, an innovator or an artist -- to produce music, to create cutting-edge videos and photos, and to share their creative work. Digital technology empowers individuals to enjoy these new works when, where, and how they want, and to participate in the artistic process. These are basic freedoms that must be protected and nurtured. "The Digital Freedom campaign is dedicated to defending the rights of students, artists, innovators, and consumers to create and make lawful use of new technologies free of unreasonable government restrictions and without fear of costly and abusive lawsuits." Too often, the entertainment industry has been able to steer Congress' policy agenda towards draconian restrictions on innovation and fans' legitimate use of digital devices. It's high time to turn the tables and set a new, positive agenda for copyright. This campaign is another important step in the right direction. [EFF: Deep Links] 4:46:22 PM  PermaLink   / trackback []

Mozilla Releases Firefox 2.0. Mozilla Releases Firefox 2.0. Mozilla this week unveiled Firefox 2.0, the next generation of its Web browser that includes security enhancements and quite a few new features that make Web browsing a bit more fun and a lot more intuitive [Security Fix] 4:43:58 PM  PermaLink   / trackback []

PC World - T-Mobile Merges Wi-Fi, Cellular T-Mobile USA is tapping into home broadband to give cellular customers a better deal. Subscribers to a new service from the Seattle-based mobile operator will be able to make unlimited U.S. calls via Wi-Fi at home and on Wi-Fi networks that don't require a password. Using the same phone, they can leave the range of the Wi-Fi network and keep talking without an interruption as the call shifts over to the T-Mobile cellular network. 4:21:26 PM  PermaLink   / trackback []

Protect Your Digital Freedom! Protect Your Digital Freedom! The Digital Freedom Campaign was launched today, and I was delighted to join my colleagues from the Consumer Electronics Association, the Media Access Project, Computer and Communications Industry Association and The Electronic Frontier Foundation at a press conference to talk about the campaign. My statement is here. The purpose of the campaign is to build grassroots support for copyright laws that protect, rather than limit, creativity, innovation, free speech and competition. While attempts by the content industry to strengthen copyright further through increased penalties, government technology mandates and lawsuits is nothing new, the past several months have seen perhaps the greatest onslaught of legislation and litigation since Public Knowledge was founded five years ago. You can read about those initiatives here, here and here. These efforts have been particularly irksome because the industry won the Grokster case at the Supreme Court (and just recently at the district court), has been successful in its lawsuits against individuals, got Congress to pass the Family Entertainment and Copyright Act, which gives the industry special protection for âo[ogonek]pre-releaseâo� works, and has entered into agreements with ISPs to pass on warning notices to individuals they believe to be engaged in illegal file sharing. So to paraphrase the immortal words of Howard Beale - Weâo[dot accent]re as mad as hell and we are not going to take it any more. read more [Public Knowledge - Policy Blog] 4:18:47 PM  PermaLink   / trackback []

Broadcast Flag video. Broadcast Flag video. On Friday, PK will be hosting a Higher-Education discussion on the Broadcast Flag. For that meeting, we created a video, much like the net neutrality video, to help explain, in simple terms, what the flag is all about. You can find it on Youtube here or see it below: read more [Public Knowledge - Policy Blog] 4:15:52 PM  PermaLink   / trackback []

Slashdot | Unisys Targets Just 20 Execs With Ad Campaign Carl Bialik from WSJ writes, "Security company Unisys is taking niche marketing to a new level, aiming ads at about 20 top executives, delivering custom-covered issues of their Fortune magazine subscriptions, and even placing billboards where these individuals will be likely to see them, the Wall Street Journal reports." ---- From the article: "If an executive flips over the mock Fortune cover, he or she will discover a letter -- also individually tailored -- from a senior Unisys manager describing challenges in the target's specific industry. The Fortune 'cover wraps' also offer personalized Web addresses, where the executives can find mock news videos that mention their names and tell how they achieved business success. To reinforce the message, Unisys is placing billboards and outdoor signs -- albeit without information-chief portraits -- close to the executives' offices. Some ads will even appear on video screens in the elevators of their office buildings."Carl Bialik from WSJ writes, "Security company Unisys is taking niche marketing to a new level, aiming ads at about 20 top executives, delivering custom-covered issues of their Fortune magazine subscriptions, and even placing billboards where these individuals will be likely to see them, the Wall Street Journal reports." ---- From the article: "If an executive flips over the mock Fortune cover, he or she will discover a letter -- also individually tailored -- from a senior Unisys manager describing challenges in the target's specific industry. The Fortune 'cover wraps' also offer personalized Web addresses, where the executives can find mock news videos that mention their names and tell how they achieved business success. To reinforce the message, Unisys is placing billboards and outdoor signs -- albeit without information-chief portraits -- close to the executives' offices. Some ads will even appear on video screens in the elevators of their office buildings." 3:56:55 PM  PermaLink   / trackback []

Slashdot | Unisys Targets Just 20 Execs With Ad Campaign Carl Bialik from WSJ writes, "Security company Unisys is taking niche marketing to a new level, aiming ads at about 20 top executives, delivering custom-covered issues of their Fortune magazine subscriptions, and even placing billboards where these individuals will be likely to see them, the Wall Street Journal reports." ---- From the article: "If an executive flips over the mock Fortune cover, he or she will discover a letter -- also individually tailored -- from a senior Unisys manager describing challenges in the target's specific industry. The Fortune 'cover wraps' also offer personalized Web addresses, where the executives can find mock news videos that mention their names and tell how they achieved business success. To reinforce the message, Unisys is placing billboards and outdoor signs -- albeit without information-chief portraits -- close to the executives' offices. Some ads will even appear on video screens in the elevators of their office buildings." 3:56:23 PM  PermaLink   / trackback []

Slashdot | Securing a High School Windows XP Computer Lab? An anonymous reader asks: "My SO just inherited a computer lab from a departed teacher who was no security guru. These are Windows XP systems, and security basically consists of a password on the admin account, a subscription to McAfee Security Center, and a free Internet filter. The students have access through a non-passworded 'limited' user account that doesn't seem to limit much. They have been going in and changing settings, downloading games and music, and generally screwing the computers up during class time, in many cases leaving them unusable. As the geek in our house, she has asked me to give her a hand, but while I have dealt with some security issues in the past, it was to protect against remote intruders, not against someone who has to have access to the keyboard. Any suggestions on the best way to lock these systems down?" 3:51:40 PM  PermaLink   / trackback []

Slashdot | RFID In Government Issued ID? RFID! writes,  "The Department of Homeland Security's Data Privacy and Integrity Advisory Committee published a draft report that poured cold water on using RFID in government-mandated identity cards and documents (PDF link). But this met with some consternation among the DHS bureaus that plan to use RFID in this way and the businesses eager to sell the technology to the government, and now a vote on the report has been delayed until December." 3:47:19 PM  PermaLink   / trackback []

Democracy Now! | FCC Commissioner Michael Copps and Juan Gonzalez on the Color of Media Consolidation Copps and Gonzalez spoke at last week's town hall meeting in New York on diversity and media ownership. The FCC is reconsidering a number of broadcast rules -including whether a single company should be able to own both a newspaper and television station in the same market. [includes rush transcript] A town hall meeting on diversity and media ownership was held last week here in New York City. All five commissioners from the Federal Communications Commission were invited. Only two showed up - Commissioners Michael Copps and Jonathan Adelstein. More than 300 activists and citizens came out to show their opposition to further media consolidation as the FCC reconsiders a number of broadcast rules - including whether a single company should be able to own both a newspaper and television station in the same market. Michael Copps, FCC Commissioner. Juan Gonzalez, Daily News columnist and Democracy Now co-host. 3:44:02 PM  PermaLink   / trackback []

Slashdot | FCC Commissioner Stumps For Media Diversity  maynard writes, "Speaking at a New York City town hall meeting on corporate media consolidation and its deleterious impact on the expression of minority viewpoints, FCC Commissioner Michael Copps stumped against greater media concentration and instead argued for greater diversity of media outlets and voices. In 2003 the FCC, under Chairman Michael Powell, changed media ownership rules to favor greater corporate media consolidation at the expense of local owners. In an attempt to reverse totally the prior FCC policy, Mr. Copps argued strongly in favor of independent media owners. Read on for what he had to say. 3:41:16 PM  PermaLink   / trackback []

Slashdot | Quebec Bans Electronic Voting gfilion writes "The Chief Electoral Officer of Québec tabled an evaluation report that makes a troubling diagnosis of the problems that occurred during the municipal elections of November 6, 2005, in some of the 162 Québec municipalities that used electronic voting. He says: "Not only did the systems fail, but the corrective measure proposed were insufficient, poorly adapted and often came too late." There was a moratorium on electronic voting prior to the November 6 election, it will be extented for future elections." 3:39:16 PM  PermaLink   / trackback []

At U.S. Borders, Laptops Have No Right to Privacy - New York Times A LOT of business travelers are walking around with laptops that contain private corporate information that their employers really do not want outsiders to see. Until recently, their biggest concern was that someone might steal the laptop. But now there's a new worry -- that the laptop will be seized or its contents scrutinized at United States customs and immigration checkpoints upon entering the United States from abroad. Although much of the evidence for the confiscations remains anecdotal, it's a hot topic this week among more than 1,000 corporate travel managers and travel industry officials meeting in Barcelona at a conference of the Association of Corporate Travel Executives. Last week, an informal survey by the association, which has about 2,500 members worldwide, indicated that almost 90 percent of its members were not aware that customs officials have the authority to scrutinize the contents of travelers' laptops and even confiscate laptops for a period of time, without giving a reason. "One member who responded to our survey said she has been waiting for a year to get her laptop and its contents back," said Susan Gurley, the group's executive director. "She said it was randomly seized. And since she hasn't been arrested, I assume she was just a regular business traveler, not a criminal." Appeals are under way in some cases, but the law is clear. "They don't need probable cause to perform these searches under the current law. They can do it without suspicion or without really revealing their motivations," said Tim Kane, a Washington lawyer who is researching the matter for corporate clients. In some cases, random inspections of laptops have yielded evidence of possession of child pornography. Laptops may be scrutinized and subject to a "forensic analysis" under the so-called border search exemption, which allows searches of people entering the United States and their possessions "without probable cause, reasonable suspicion or a warrant," a federal court ruled in July. In that case, a man's laptop was found to have child pornography images on its hard drive. 3:32:07 PM  PermaLink   / trackback []

Laptops Searched and Confiscated at U.S. Border An anonymous reader writes, "According to an article in the New York Times, the Association of Corporate Travel Executives is asking the U.S. government for more detailed guidelines on when and why a laptop gets confiscated at the U.S. border, which, anecdotally, is happening more often. The story includes a report from a business traveler who had her laptop confiscated over a year ago and has yet to have it returned." According to the article, a knowledgeable lawyer said: "[Border guards] don't need probable cause to perform... searches under the current law. They can do it without suspicion or without really revealing their motivations." And an ACTE exective is quoted, "Potentially, this is going to have a real effect on how international business is conducted." 3:29:10 PM  PermaLink   / trackback []