Monday, December 18, 2006

FTC Moves to Unmask Word-of-Mouth Marketing - washingtonpost.com The Federal Trade Commission yesterday said that companies engaging in word-of-mouth marketing, in which people are compensated to promote products to their peers, must disclose those relationships. In a staff opinion issued yesterday, the consumer protection agency weighed in for the first time on the practice. Though no accurate figures exist on how much money advertisers spend on such marketing, it is quickly becoming a preferred method for reaching consumers who are skeptical of other forms of advertising. [...] As the practice has taken hold over the past several years, however, some advocacy groups have questioned whether marketers are using such tactics to dupe consumers into believing they are getting unbiased information. In October 2005, Commercial Alert, an advertising and marketing watchdog group in Portland, Ore., petitioned the FTC to consider taking action against word-of-mouth marketers. The group called for the FTC to issue guidelines requiring paid agents to disclose their relationship to the company whose product they are promoting, including any compensation. The group cited a 2002 Wall Street Journal article on a marketing campaign by Sony Ericsson Mobile for its T68i mobile phone and digital camera. The initiative, called "Fake Tourist," involved placing 60 actors posing as tourists at attractions in New York and Seattle to demonstrate the camera phone. The actors asked passersby to take their photo, which demonstrated the camera phone's capabilities, but the actors did not identify themselves as representatives for Sony Ericsson. 5:09:57 PM  PermaLink   / trackback []

FTC To Investigate 'Viral Marketing' Practices. FTC To Investigate 'Viral Marketing' Practices. mcflaherty writes  "The Federal Trade Commission has stated that it is going to investigate the use of 'Viral Marketing' by corporations. This is the type of advertising that seeks to start a word of mouth campaign for the product via consumers themselves. Previously, consumers themselves set the buzz. But lately advertisement firms are stepping up to the plate themselves, seeding the market with buzz that looks independent of the company, but is in fact funded by them. The crew at Penny Arcade contend that corporate generated buzz is not Viral Marketing, and perhaps Guerrilla Marketing would be a more apt term. Either way, it appears to be a profitable advertising model."  [Slashdot: Your Rights Online] 5:06:33 PM  PermaLink   / trackback []

BBC NEWS | Technology | Gates: Digital locks too complex Microsoft boss Bill Gates has told a group of influential bloggers that copy protection for digital music and video is too complex for consumers. Mr Gates was speaking to an invited party of bloggers and web developers at Microsoft's Seattle headquarters. Digital Rights Management (DRM), which is used to stop copying, is a big issue for some people who feel it limits what they can do with legally bought files. "DRM is not where it should be," said Mr Gates, reported blogger Steve Rubel. "In the end of the day incentive systems (for artists) make a difference," said Mr Gates. "But we don't have the right thing here in terms of simplicity or interoperability," he added. 5:04:32 PM  PermaLink   / trackback []

DRM 'Too Complicated' Says Gates. DRM 'Too Complicated' Says Gates.   arbirk writes "BBC News is reporting on comments made by Bill Gates concerning DRM. It seems he has got the point (DRM is bad for consumers), but that opinion differs widely from the approach taken by Microsoft on Zune and their other music related products. The comments were originally posted on Micro Persuasion. The article also has a take on Apple's DRM." --- From the BBC article:  "Microsoft is one of the biggest exponents of DRM, which is used to protect music and video files on lots of different online services, including Napster and the Zune store. Blogger Michael Arrington, of Techcrunch.com, said Bill Gates' short-term advice for people wanting to transfer songs from one system to another was to 'buy a CD and rip it'. Most CDs do not have any copy protection and can be copied to a PC and to an MP3 player easily and, in the United States at least, legally."  [Slashdot: Your Rights Online] 5:02:32 PM  PermaLink   / trackback []

FCC Won't Release Cell Carrier Reliability Data. FCC Won't Release Cell Carrier Reliability Data. imuffin writes "MSNBC is reporting that the FCC has been collecting data on the reliability of different cell phone carriers in the US. This data could be invaluable to consumers trying to choose a company to sign a lengthy contract with. Just the same, the FCC won't release the data to consumers, citing national security risks. The data collection on cell services began in 2004, but were simultaneously pulled from public view. FOIA requests to obtain the data have been denied, and commentators feel this is simply for the government's convenience." From the article: "'There is nothing mysterious behind it, it is corporate competition protection,' said [terrorism analyst Roger Cressey] ... 'The only reason for the government to not let these records get out is then one telco provider could run a full-page ad saying 'the government says we're more reliable.'' Cressey added that he couldn't imagine a scenario where the reports would be valuable to terrorists." [Slashdot: Your Rights Online] 4:59:24 PM  PermaLink   / trackback []

LiveScience.com - White House Tightens Publishing Rules for USGS Scientists The Bush administration is clamping down on scientists at the U.S. Geological Survey, who study everything from caribou mating to global warming, subjecting them to controls on research that might go against official policy. New rules require screening of all facts and interpretations by agency scientists. The rules apply to all scientific papers and other public documents, even minor reports or prepared talks, according to documents obtained by The Associated Press. Top officials at the Interior Department's scientific arm say the rules only standardize what scientists must do to ensure the quality of their work and give a heads-up to the agency's public relations staff. "This is not about stifling or suppressing our science, or politicizing our science in any way,'' Barbara Wainman, the agency's director of communications, said Wednesday. "I don't have approval authority. What it was designed to do is to improve our product flow.'' Some agency scientists, who until now have felt free from any political interference, worry that the objectivity of their work could be compromised. "I feel as though we've got someone looking over our shoulder at every damn thing we do. And to me that's a very scary thing. I worry that it borders on censorship,'' said Jim Estes, an internationally recognized marine biologist who works for the geological unit. "The explanation was that this was intended to ensure the highest possible quality research,'' said Estes, a researcher at the agency for more than 30 years. "But to me it feels like they're doing this to keep us under their thumbs. It seems like they're afraid of science. Our findings could be embarrassing to the administration.'' The new requirements state that the USGS's communications office must be "alerted about information products containing high-visibility topics or topics of a policy-sensitive nature.'' The agency's director, Mark Myers, and its communications office also must be told -- prior to any submission for publication -- "of findings or data that may be especially newsworthy, have an impact on government policy, or contradict previous public understanding to ensure that proper officials are notified and that communication strategies are developed.'' 4:57:19 PM  PermaLink   / trackback []

White House Clamps Down On USGS Publishing. White House Clamps Down On USGS Publishing. An anonymous reader writes "The White House has begun implementing a new policy toward the U.S. Geological Survey, in which all scientific papers and other public documents by USGS scientists must be screened for content. The USGS communications office must now be 'alerted about information products containing high-visibility topics or topics of a policy-sensitive nature.' Subjects fitting this description might include global warming, or research on the effects of oil drilling in the Alaska National Wildlife Reserve." [Slashdot: Your Rights Online] 4:54:50 PM  PermaLink   / trackback []

BBC NEWS | Programmes | Click | ePassports 'at risk' from cloning So when Lukas Grunwald and Christian Bottger realised they could clone the new ePassport they were pretty sure it would be identical to the original, and undetectable. So how did they do it? The chip inside the ePassport is a Radio Frequency Identification (RFID) chip of the type poised to replace the barcode in supermarkets. A new British biometric European Union passport, which is embedded with a microchip The 'enhanced' security features of ePassports are being questioned The good thing about RFID chips is that they emit radio signals that can be read at a short distance by an electronic reader. But this is also the bad thing about them because, as Lukas demonstrated to me, he can easily download the data from his passport using an RFID reader he got for 200 Euros on eBay. Lukas is less forthcoming about where he got what is called the Golden Reader Tool, it is the software used by border police and it allows him to read the chip on his ePassport, including the photo. Now for the clever bit. Thanks to a software he himself has developed, called RFdump, he downloads the passport's data onto his computer and then onto a blank chip. Using a standard off-the-shelf component you can just buy at a component store you can have a cloned ePassport in less than five minutes. 4:03:48 PM  PermaLink   / trackback []

E-Passport Cloned In Five Minutes. E-Passport Cloned In Five Minutes. Last month a panel of EU experts warned that the e-Passport's security is "poorly conceived", and in fact a week later a British newspaper demonstrated a crack. Now another researcher has shown how to clone a European e-Passport in under 5 minutes. A UK Home Office spokesman dismissed it all, saying "It is hard to see why anyone would want to access the information on the chip." [Slashdot: Your Rights Online] 4:00:23 PM  PermaLink   / trackback []

Boeing laptop with data on 382,000 employees stolen A laptop containing the personal information on 382,000 current and retired workers of Chicago-based Boeing Co. was stolen from an employee's car earlier this month, according to Boeing spokesman Tim Neale. He declined to say exactly where the laptop was stolen. The information included employees' Social Security numbers, home addresses, telephone numbers and birth dates, as well as salary information, Neale said. Although the laptop was turned off and was password protected, Neale said the data on it was not encrypted. Neale said Boeing is working with law enforcement officials to try and recover the laptop and noted that the company began notifying the affected people on Tuesday. Boeing is strongly suggesting that they sign up for a credit monitoring service, which the company will pay for, he said. Neale declined to provide details about the ramifications of the theft for the employee involved in this incident. But he did say that the worker had violated several company policies. The laptop was the third stolen from Boeing in approximately a year, Neale confirmed. In November 2005, a Boeing laptop containing personal data on approximately 160,000 current and former employees was taken. And in April, a laptop containing the personal information on 3,600 employees and retirees was stolen. Although none of the laptops has yet been recovered, Neale said there's been no indication that any information on them has been compromised. Editor: There's that rhetoric again. I wonder what it would take for them to admit that the data had been compromised. My guess is a video of the crook stealing the data and the continuous video going to a store and using the info to get a new CC in the name of the person whose card was stolen. Anything less and they'll keep saying that "there's been no indication that any information on them has been compromised." Yeah ... and nicotine isn't addictive either. 3:56:45 PM  PermaLink   / trackback []

100 Million Victims of Data Theft. 100 Million Victims of Data Theft. jcatcw writes "With the latest significant data breach -- theft of a Boeing laptop with unencrypted personal information on 382,000 employees -- the Privacy Rights Clearinghouse estimates that the total number of data breach victims has passed 100 million since they started tracking in February 2005. The director, Beth Givens, admits 'the number 100 million is largely a fictional number,' but it surely errs on the low side. Since California is still the only state with disclosure laws, incidents are difficult to analyze fully. However, Congress this week passed a bill requiring that the Department of Veterans Affairs report breaches." [Slashdot: Your Rights Online] 3:39:22 PM  PermaLink   / trackback []

Blue Security Reborn As Social Action Enabler. Blue Security Reborn As Social Action Enabler. griswaldo writes "Wired News writes about the re-birth of the ill-fated Blue Security as a social action company. According to the article, founders of the former anti-spam company that made headlines after incurring the wrath of a Russian spam king have set up a company called Collactive that provides tools to organize grassroots action on political and social web sites. The article mentions a global warming initiative called WorldCoolers and, for the Slashdot YRO crowd, the Privacy Alert Network that kicked off by letting people comment on Homeland Security's latest crazy idea."[Slashdot: Your Rights Online] 3:35:52 PM  PermaLink   / trackback []

Information Commissioner names and shames newspapers. Information Commissioner names and shames newspapers. 'Lawbreaking' newspapers outed The Information Commissioner will today name and shame the newspapers he says are breaking the law in their pursuit of stories. Richard Thomas has published a report to Parliament on information theft which contains a league table of alleged offenders. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 3:31:09 PM  PermaLink   / trackback []

Dumpy Senate clears pretexting bill after show trial. Dumpy Senate clears pretexting bill after show trial. Thanks House grunts Silicon Justice The most lackadaisical US Congress in modern history actually got off its keister and passed some legislation before it waddled off last week. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 3:29:09 PM  PermaLink   / trackback []

Ransom-Mail: All Your E-Mails Are Belong to Us. Ransom-Mail: All Your E-Mails Are Belong to Us. Internet security company Websense has an interesting writeup about a unique form of cyber extortion that we can probably expect to see more of in the future, wherein attackers hold their victims' Web mail messages and contact lists for ransom. Unlike previous extortion scams that scramble victims' data files and require payment for a key to unscramble them, this scheme involves the compromise of free Web-based e-mail accounts, Websense found. "When end-users logged into their ... accounts (in this case Hotmail), they noticed that all their 'sent' and 'received' emails were deleted along with all their online contacts. The only message that remained was one from the attacker that requested they contact them for payment in order to receive the data back." According to Websense, the threatening message left in the user's inbox reads (roughly translated from Spanish): "If you want to know where your contacts and your emails are then pay us or if you prefer to lose everything then don't write soon!" This is not a terribly difficult attack to execute. If you are a bad guy in control of a network of hacked Windows machines infected with keystroke logging software that rips out user names and passwords stored in Internet Explorer, it would be trivial to conduct this attack on a large scale. Also, if you've ever seen one of these text files that store keylogger data from thousands of victims (I have seen several) you will quickly notice that far too many victims use the same password at multiple sites, meaning that even if the crooks don't already have a victim's Web mail login, there is a good chance they can guess it from the victim's other passwords. The main problem I see with this attack is that it is far riskier than most cyber crimes, as the bad guys have to arrange to receive the money at some point. The crooks best positioned to execute this kind of fraud are likely to make more money selling bank account information or paying someone else to siphon funds using that stolen information. [Security Fix] 3:25:39 PM  PermaLink   / trackback []

Soft Coercion and the Secret Ballot. Soft Coercion and the Secret Ballot. Today I want to continue our discussion of the secret ballot. (Previous posts: 1, 2.) One purpose of the secret ballot is to prevent coercion: if ballots are strongly secret, then the voter cannot produce evidence of how he voted, allowing him to lie safely to the would-be coercer about how he voted. Talk about coercion usually centers on lead-pipe scenarios, where somebody issues a direct threat to a voter. Nice kneecaps you have there [sigma] be a shame if something unfortunate should happen to them. But coercion needn[base ']t be so direct. Consider this scenario: Big Johnny is a powerful man in town. Disturbing rumors swirl around him, but nothing has ever been proven. Big Johnny is pals with the mayor, and it[base ']s no secret that Big Johnny wants the mayor reelected. The word goes around town that Big Johnny can tell how you vote, though nobody is quite sure how he does it. When you get to the polling place, Big Johnny[base ']s cousin is one of the poll workers. You[base ']re no fan of the mayor, but you don[base ']t know much about his opponent. How do you vote? What[base ']s interesting about this scenario is that it doesn[base ']t require Big Johnny to do anything. No lawbreaking is necessary, and the scheme works even if Big Johnny can[base ']t actually tell how you vote, as long as the rumor that he can is at all plausible. You[base ']re free to vote for the other guy, but Big Johnny[base ']s influence will tend to push your vote toward the mayor. It[base ']s soft coercion. This sort of scheme would work today. E-voting systems are far from transparent. Do you know what is recorded in the machine[base ']s memory cartridge? Big Johnny[base ']s pals can get the cartridge. Is your vote time-stamped? Big Johnny[base ']s cousin knows when you voted. Are the votes recorded in the order they were cast? Big Johnny[base ']s cousin knows that you were the 37th voter today. Paper ballots aren[base ']t immune to such problems, either. Are you sure the blank paper ballot they gave you wasn[base ']t marked? Remember: scanners can see things you can[base ']t. And high-res scanners might be able to recognize tiny imperfections in that sheet of paper, or distinctive ink-splatters in its printing. Sure, the ballots are counted by hand, right there in the precinct, but what happens to them afterward? There[base ']s no perfect defense against this problem, but a good start is to insist on transparency in the election technology, and to research useful technologies and procedures. It[base ']s a hard problem, and we have a long way to go. [Freedom to Tinker] 3:23:18 PM  PermaLink   / trackback []

Microsoft Updates Vista in Latest Piracy Crackdown. Microsoft Updates Vista in Latest Piracy Crackdown. Software giant battles activation of unauthorized copies of its new Vista OS. [PC World: Latest Technology News] 3:20:30 PM  PermaLink   / trackback []

Tuesday Hearing on Critical E-Voting Evidence in Flawed Florida Election. Tuesday Hearing on Critical E-Voting Evidence in Flawed Florida Election. Search for Thousands of Missing Votes in Sarasota County Congressional Race Tallahassee, Fla. - On Tuesday, December 19th, at 1 p.m., a state judge in Tallahassee, Florida, will consider whether representatives of Florida voters will gain access to voting machines and software in a contested election for the U.S. House of Representatives seat for Florida's 13th congressional district. The Electronic Frontier Foundation (EFF) and other election advocacy groups last month filed suit on behalf of Sarasota County voters [^] both Republicans and Democrats [^] and are demanding a thorough investigation into potential electronic voting machine malfunctions. State and local election officials, however, continue to object to making the electronic voting machines and software available for examination. Tuesday's hearing will consider, among other issues, whether such materials must be made available to outside experts. According to the electronic voting machines used during the November general election, more than 18,000 people in Sarasota County [^] approximately 15% of the voter turnout [^] did not cast a vote for any congressional candidate for this hotly contested seat. Instead of performing a robust analysis of the County's voting machines and software, the Florida Elections Canvassing Commission certified Vern Buchanan as the winner by 363 votes. The voters' lawsuit contends that thousands of voters were likely disenfranchised by machine-related problems. WHAT: Fedder v. Gallagher WHEN: 1 p.m. Tuesday, December 19 WHERE: Leon County Courthouse 301 S. Monroe St. Tallahassee, FL 32301 For more on the Florida lawsuit: http://www.eff.org/news/archives/2006_11.php#005020 For more on EFF's E-Voting work: http://www.eff.org/Activism/E-voting/ Contacts: Matt Zimmerman Staff Attorney Electronic Frontier Foundation mattz@eff.org [EFF: Breaking News] 3:18:28 PM  PermaLink   / trackback []

Home Office bumps up innocents on DNA Database. Home Office bumps up innocents on DNA Database. Eight times figure previously announced Less than two thirds of people whose profile is stored on the National DNA Database are there for having been cautioned or convicted of a criminal offence, Home Office figures have revealed. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 3:16:22 PM  PermaLink   / trackback []