Monday, December 11, 2006

E-Gold Gets Tough on Crime. E-Gold Gets Tough on Crime. Weary of being called a haven for money launderers and crooks, the PayPal competitor gets cozy with law enforcement and locks down suspicious accounts. If you've sent $17,000 to the Ukraine "for beer," you may be banned. By Kim Zetter. [Wired News: Security Blanket] 10:54:34 PM  PermaLink   / trackback []

Veterans Affairs CIO: We're more secure. Veterans Affairs CIO: We're more secure. Citing the data breach last May as "a real eye-opener," the CIO of the U.S. Department of Veterans Affairs said the agency has reorganized its IT group and improved cybersecurity. [Computerworld Privacy News] 10:52:06 PM  PermaLink   / trackback []

Congress passes ban on phone record pretexting. Congress passes ban on phone record pretexting. Congress late last week passed a bill making it illegal to use pretexting to gain access to private phone records. [Computerworld Privacy News] 10:49:18 PM  PermaLink   / trackback []

Virginia Partners With MySpace.com to Propose E-mail Registration of Sex Offenders. Virginia Partners With MySpace.com to Propose E-mail Registration of Sex Offenders. "We require all sex offenders to register their physical and mailing addresses in Virginia, but in the 21st century it is just as critical that they register any e-mail addresses or IM screen names" [GT: Security and Privacy] 10:46:35 PM  PermaLink   / trackback []

FCW.com - GPO makes millionth e-passport The Government Printing Office reached a landmark this week when it produced its millionth electronic passport. At the beginning of the year, GPO began producing the passports for the State Department, which then personalizes the blank documents. "We are very proud to reach this milestone," said Ben Brink, assistant public printer for security and intelligent documents. "In the post-[Sept. 11] era, many documents require new levels of security, from their creation to the distribution." The passports contain controversial radio frequency identification tags that contain a document holder's personal information and can be scanned remotely. At the Black Hat conference in early August, a German researcher demonstrated how a remote RFID reader could be used to clone a passport. Members of the Smart Card Alliance industry group said that the multiple security layers in the American e-passport can reduce such risks. 10:44:04 PM  PermaLink   / trackback []

Passport to safety or peril? Though critics say high-tech documents put travelers' privacy at risk, 3M moves into a growing global market with its ePassport devices. 10:40:25 PM  PermaLink   / trackback []

Ok, so I'm wrong - Lawrence Lessig For almost 10 years now, I've been waging a war against retrospective term extension. My simple argument has been that copyright is about creative incentives, and you can't create incentives retrospectively. I now see I am apparently wrong. As reported yesterday, there was an ad in the FT listing 4,000 musicians who supported retrospective term extension. If you read the list, you'll see that at least some of these artists are apparently dead (e.g. Lonnie Donegan, died 4th November 2002; Freddie Garrity, died 20th May 2006). I take it the ability of these dead authors to sign a petition asking for their copyright terms to be extended can only mean that even after death, term extension continues to inspire. I'm not yet sure how. But I guess I should be a good sport about it, and just confess I was wrong. For if artists can sign petitions after they've died, then why can't they produce new recordings fifty years ago? 10:36:21 PM  PermaLink   / trackback []

Dead Musicians Signing Media Rights Petitions. Dead Musicians Signing Media Rights Petitions.  epeus writes  "Following from the Gowers coverage and the Musicians' ad in the FT, Larry Lessig admits he was wrong about term extension: 'If you read the list, you'll see that at least some of these artists are apparently dead (e.g. Lonnie Donegan, died 4th November 2002; Freddie Garrity, died 20th May 2006). I take it the ability of these dead authors to sign a petition asking for their copyright terms to be extended can only mean that even after death, term extension continues to inspire. I'm not yet sure how. But I guess I should be a good sport about it, and just confess I was wrong. For if artists can sign petitions after they've died, then why can't they produce new recordings fifty year ago?'" [Slashdot: Your Rights Online] 10:32:59 PM  PermaLink   / trackback []

Malaysia to embed car license plates with microchips to combat theft - Asia - Pacific - International Herald Tribune KUALA LUMPUR, Malaysia: Malaysia's government, hoping to thwart car thieves, will embed license plates with microchips containing information about the vehicle and its owner, a news report said Saturday. With the chips in use, officials can scan cars at roadblocks and identify stolen vehicles, the New Straits Times reported. The "e-plate" chip system is the latest strategy to prevent car thieves from getting away with their crimes by merely changing the plates, the report said. 10:29:06 PM  PermaLink   / trackback []

Malaysia to Use RFID Number Plates Next Year. Malaysia to Use RFID Number Plates Next Year. durianwool wrote in with a story about Malaysia's plans to introduce RFID number plates. It reads: "'The first thing thieves do after a car theft is change the registration plates,' Road Transport Department Director-General Ahmad Mustapha was quoted as saying. The microchips, using radio frequency identification technology, will be fixed into the number plates and can transmit data at a range of up to 100 meters (yards), the report said. They will have a battery life of 10 years, it said. " [Slashdot: Your Rights Online] 10:22:01 PM  PermaLink   / trackback []

IGN: RIAA Petitions Judges to Lower Artist Royalties RIAA Petitions Judges to Lower Artist Royalties Aggressively litigious group has claimed to protect musicians in the past. Now believes musicians deserve less for "innovative" music distribution. December 7, 2006 - The RIAA rose to public prominence around the year 2000 when the growth of internet file sharing and music piracy was blamed for rapidly declining album sales at the time. The RIAA's subsequent highly publicized and aggressive litigious action against those the group identified as distributors of copyrighted music, which has famously included grandmothers, single mothers in economic hardship, and children, won the organization little sympathy from the general public. While protecting copyrights is a fully legitimate concern, many believe the piracy that blossomed in first blush of the Napster and KaZaa was primarily due to the fact that there were no viable legal means to acquire music in mp3 format via the internet. That changed when Apple launched the iTunes Music Store, the subsequent massive success of which would seem to illustrate consumers' willingness to pay for music files on the internet if they are conveniently available. In publicly defending its strong arm tactics and stated desire to scare consumers into absolute compliance, the RIAA has long cited the negative repercussions of piracy and lost revenue upon the recording artists that pour their talent into making the music that people like to hear. It's a sympathetic defense, yet in the past week the RIAA has made it quite clear whose profits the group is truly out to defend, and it's certainly not the artists who actually make the music. On December 1 The Hollywood Reporter revealed that the RIAA is currently petitioning the panel of federal government Copyright Royalty Judges to lower the rates paid to publishers and songwriters for use of lyrics and melodies in applications like cell phone ring tones and other digital recordings. The last time the American government set the rate was in 1981, but since that time, the RIAA argues in its petition, a lot has changed. 10:19:22 PM  PermaLink   / trackback []

RIAA Wants Artist Royalties Lowered. RIAA Wants Artist Royalties Lowered. laughingcoyote writes "The RIAA has asked the panel of federal government Copyright Royalty Judges to lower royalties paid to publishers and songwriters. They're specifically after digital recordings, and uses like cell phone ringtones. They say that the rates (which were placed in 1981) don't apply the same way to new technologies." ---  From the article: "According to The Hollywood Reporter, the RIAA maintains that in the modern period when piracy began devastating the record industry profits to publishers from sales of ringtones and other 'innovative services' grew dramatically. Record industry executives believe this to be cause to advocate reducing the royalties paid to the artists who wrote the original music." [Slashdot: Your Rights Online] 10:13:00 PM  PermaLink   / trackback []

Market Research Company Secretly Installs Spyware. Market Research Company Secretly Installs Spyware. An anonymous reader writes "Forbes reports that two security experts are raising new questions about comScore, claiming that company's tracking software is being installed without consent on an unknown number of computers. The widely-used online research company takes screenshots of every Web page viewed by its 1 million participants, even transactions completed in secure sessions, like shopping or online checking. ComScore then aggregates the information into market analysis for its clients, which include such large companies as Ford Motor, Microsoft and The New York Times Co." From the article: "'[The] software is sneaking onto users' computers without the user agreeing to receive it,' says Harvard University researcher Ben Edelman, who documented at least ten unauthorized comScore downloads. Eric Howes, director of malware research at antivirus company Sunbelt Software, and his researchers separately observed hundreds of unauthorized comScore downloads in a three-month period this fall." [Slashdot: Your Rights Online] 10:05:46 PM  PermaLink   / trackback []

Information Security as a Business Practice. Information Security as a Business Practice. This paper, written by John Enamait, addresses the role information security plays in an organization with discussions around structure and best practices. By John Enamait. [Infosec Writers Latest Security Papers] 9:58:09 PM  PermaLink   / trackback []

In Web Traffic Tallies, Intruders Can Say You Visited Them - New York Times In late May, more than five million Web users vanished. Benjamin Edelman, a doctoral candidate at Harvard who has built a database to track pop-ups. The disappearing act came when Nielsen/NetRatings, a leading company in measuring Internet traffic, sharply cut its previously reported statistics for the financial Web site Entrepreneur.com to 2 million unique visitors in April, from 7.6 million. Why the change? For millions of Web surfers, Entrepreneur.com visited them -- and not the other way around, the measurement company said. As computer users visited other sites, new browser windows popped up containing articles from Entrepreneur.com, according to Scott Ross, senior product manager for Nielsen/NetRatings. 9:55:59 PM  PermaLink   / trackback []

How Pop-Ups Could Brand You a Pervert or Crook. How Pop-Ups Could Brand You a Pervert or Crook. Greetings. A New York Times article today explores the problem of Web-based "pop-up" ads being used to artificially inflate Web traffic. I'd like to point out a potentially much more serious problem related to pop-ups that can access arbitrary Web sites -- they could be used for purposes that could get innocent Web users into major legal problems. The issue of sites triggering unsolicited access to other sites is not new. In a message over a year ago ("Google's new feature creates another user privacy problem"), I discussed how Google's triggering of top item "prefetch" in returned search results could result in Firefox browsers visiting the referenced site -- and collecting any associated cookies -- without users' knowledge (I also suggested ways to prevent this behavior). The essential problem is that Web logs that record users' access to sites would record such visits as if they had been voluntarily initiated by those users. If those destinations happen to be sites with various forms of "illicit" materials that could be the subject of government or other investigations that would go digging through associated access logs... well, you can imagine the possible complications. Google's prefetch behavior is an example of a well-intended feature with unfortunate negative side-effects. On the other hand, the sorts of nefarious pop-ups described in the NYT piece have much greater potential for intentionally serious sorts of damage, since they can be far more flexible and directed than simple Web prefetches, and so could put innocent consumers at even greater risk. They might not only access pages that could get people arrested (perhaps c-porn?), but also download files that could trigger RIAA and/or MPAA "automatic" lawsuits, or any number of other nightmare scenarios. It's fair to ask why anyone might want to set loose such technical monsters on innocent victims. The simple answer is that there are quite a few people out there who just want to score a point -- to prove that they can do it -- plus of course the sick minds who enjoy watching other people suffer. [Lauren Weinstein's Blog] 9:52:49 PM  PermaLink   / trackback []

NATIONAL JOURNAL: No Secret... Maybe (12/08/2006) "I've talked about the collection of this data and the analysis of this data incessantly," Chertoff said in an interview this week at his office. By "this data," Chertoff means the international passenger name records (PNRs) that airlines give to Homeland Security screeners. Each PNR contains basics such as a passenger's name, address, and seat assignment, but also details how the ticket was paid, whom the person is traveling with, and what telephone number the passenger used to book the reservation. The screeners analyze PNRs, including those of American citizens traveling abroad, as well as passport information, to see if anyone can be connected to a terrorist. But in the past two months, nearly 50 organizations and individuals have contacted the department to express varying degrees of concern and outrage over the computer program that actually performs this analysis: the Automated Targeting System. That's because, in addition to crunching data, ATS tags every international traveler with a "risk assessment," which security officers use when deciding whether to interrogate passengers or to keep them from flying. Once generated, those assessments may stay locked in ATS for as long as 40 years, and it is unlikely that passengers could ever know precisely what their risk rating is and how it was calculated. This is news to just about every major privacy and civil-liberties watchdog in the country; they thought that Homeland Security officials only wanted to use passenger data to target terrorists and assign risk ratings but had refrained from actually doing so. They believed that ATS was being used only to identify risky cargo aboard ships. So, did the watchdogs miss something? 9:47:14 PM  PermaLink   / trackback []

Chertoff Shocked(!) at Privacy Uproar Over "Targeting" System. Chertoff Shocked(!) at Privacy Uproar Over "Targeting" System. In a fascinating article by Shane Harris in the National Journal, Homeland Security Secretary Michael Chertoff professes great surprise at the public uproar over the Automated Targeting System (ATS). He claims that he has discussed the "collection" and "analysis" of personal data -- including airline Passenger Name Records (PNR) -- "incessantly." The Secretary says that critics of the system -- which assigns "risk assessment" scores to all travelers, including U.S. citizens, and retains them for 40 years -- just haven't been paying attention: "Yeah, they missed about 100 speeches that I gave," an exasperated Chertoff told National Journal on December 5. "I've talked about... PNR data and biographic data and using it to analyze and connect the dots about people before they come into the country; I have to have given at least 20 speeches about it." Well, many of us have paid attention, and despite our best efforts, we've been unable to learn much about Homeland Security's collection and use of personal data. Read on for more after the jump. [EFF: Deep Links] 9:43:32 PM  PermaLink   / trackback []

E-Voting Whistleblower Deserves Medal, Gets Punished. E-Voting Whistleblower Deserves Medal, Gets Punished. The need for e-voting reform is now widely-recognized, as this Friday's front page story in the New York Times demonstrates. Along with many other people deserving credit for bringing this issue to the fore, you'd think that whistleblowers like Stephen Heller would be unanimously celebrated. Unfortunately, you'd be mistaken. In 2004, Heller leaked documents showing that Diebold Election Systems used uncertified software in California elections even though it knew that doing so was likely illegal. The documents outraged voters and spurred instant media coverage for an issue that, at that time, was largely ignored. For defending Californians' fundamental right to vote, Heller deserves a medal from the state. Instead, Heller has been facing criminal charges and threats by Diebold's lawyers to sue him for multimillion dollar damages. Last month, Heller accepted a plea agreement of three years probation and a $10,000 payment to lawyers at Jones Day. This sad outcome could only be made worse if Heller's virtuous aims remain unfulfilled and votes continue to be cast on flawed machines. EFF is pushing for voting reform around the country, including in our recent lawsuit in Sarasota, Florida. You can support reform, too, by writing to your representatives through our Action Center. [EFF: Deep Links] 9:41:20 PM  PermaLink   / trackback []