Monday, January 15, 2007

FCW.com - Democrats put spotlight on data mining As expected, Democrats are delving into the Bush administration's programs and peeling back the covers. On Jan. 10, the Senate Judiciary Committee's first hearing of the new Congress looked at the executive branch's use of data-mining programs. In his opening statement, committee chairman Sen. Patrick Leahy (D-Vt.) vowed more investigations into the administration's privacy initiatives. Leahy said the government has dramatically increased its collection and monitoring of sensitive personal data from the public. He said efforts have gone ahead without congressional oversight or comprehensive privacy safeguards. He cited a May 2004 Government Accountability Office report that found at least 52 federal agencies using data-mining technology and at least 199 government data-mining programs in operation or planned throughout the federal government. Technological advances make data banks and data mining useful as a national security tool, Leahy said. "But we need to ensure we use them appropriately," he added. Also on Jan. 10, Sens. Russ Feingold (D-Wis.) and John Sununu (R-N.H.) introduced a bill that would require federal agencies to report to Congress on data-mining programs and how they affect people's civil liberties and privacy rights. 1:48:07 AM  PermaLink   / trackback []

Bill to restrict federal data mining wins praise. Bill to restrict federal data mining wins praise. A bill introduced this week to place greater checks and balances on data mining efforts by the federal government is winning praise from analysts. But they warn that the measure needs to be well crafted to work. [Computerworld Privacy News] 1:43:31 AM  PermaLink   / trackback []

Two universities disclose data breaches. Two universities disclose data breaches. A data breach at the University of Idaho may have exposed personal information on some 331,000 people, while a computer break-in at the University of Arizona disrupted several school services. [Computerworld Privacy News] 1:41:10 AM  PermaLink   / trackback []

The Snoop Next Door - WSJ.com It used to be the worst you could get for a petty wrong in public was a rude look. Now, it's not just brutal police officers, panty-free celebrities and wayward politicians who are being outed online. The most trivial missteps by ordinary folks are increasingly ripe for exposure as well. There is a proliferation of new sites dedicated to condemning offenses ranging from bad parking (Caughtya.org) and leering (HollaBackNYC.com) to littering (LitterButt.com) and general bad behavior (RudePeople.com). One site documents locations where people have failed to pick up after their dogs. Capturing newspaper-stealing neighbors on video is also an emerging genre. Helping drive the exposés are a crop of entrepreneurs who hope to sell advertising and subscriptions. One site that lets people identify bad drivers is about to offer a $5 monthly service, for people to register several of their own plate numbers and receive notices if they are cited by other drivers. But the traffic and commercial prospects for many of the sites are so limited that clearly there is something else at work. The embrace of the Web to expose trivial transgressions in part represents a return to shame as a check on social behavior, says Henry Jenkins, director of the comparative media studies program at the Massachusetts Institute of Technology. Some academics believe shame became less powerful as a control over everyday interactions with strangers in all but very small neighborhoods or social groups, as people moved to big cities or impersonal suburbs where they existed more anonymously. The sites documenting minor wrongs are the flip side of an online vigilantism movement that tackles meatier social issues. Community organization Cop Watch Los Angeles encourages users to send in stories and pictures of people being brutalized or harassed by police, for posting on the Web. The governor of Texas plans to launch a site this year that will air live video of the border, in hopes that people will watch and report illegal crossings. In a trial run in November, the site received more than 14,000 emails. Tips included spottings of individuals swimming in the Rio Grande, a person wearing a large white hat and a "wild" boy at the border. In China, Web postings have become a powerful social weapon, used to rally thousands of people to hound a man who allegedly had an affair with a married woman. 1:35:04 AM  PermaLink   / trackback []

The Snoop Next Door Is Posting to YouTube. The Snoop Next Door Is Posting to YouTube. Carl Bialik from WSJ writes "Your most trivial missteps are increasingly ripe for exposure online, reports the Wall Street Journal, thanks to cheap cameras and entrepreneurs hoping to profit from websites devoted to the exposure. From the article: 'The most trivial missteps by ordinary folks are increasingly ripe for exposure as well. There is a proliferation of new sites dedicated to condemning offenses ranging from bad parking and leering to littering and general bad behavior. One site documents locations where people have failed to pick up after their dogs. Capturing newspaper-stealing neighbors on video is also an emerging genre. Helping drive the exposés are a crop of entrepreneurs who hope to sell advertising and subscriptions.' But other factors are at work, including a return to shame as a check on social behavior, says an MIT professor." [Slashdot: Your Rights Online] Editor: Sorry about the in-line ad that was here. I forgot to strip it out when I created the entry. 1:31:29 AM  PermaLink   / trackback []

Copyright law changes could leave consumers vulnerable Ever recorded a television show or a movie so you can watch it later? Or ripped a CD so you can listen to it on your MP3 player? With changes to Canada's copyright laws expected as early as next month, these mundane 21st century activities could theoretically be open to prosecution -- unless the Conservative government steps in with expanded "fair use" or "fair dealing" protections for consumers. Close observers of the file say all signs point to a new regime that will improve safeguards for major music, film and media companies and artists for unpaid use of their material, but neglect to make exemptions for personal use of copyrighted content. 'About as market interventionist as you can get' "We're dealing with an industry minister [Maxime Bernier] that's tried to extricate government from the telecom area with a very strong deregulatory focus," said Michael Geist, the Canada Research Chair of Internet and E-commerce Law at the University of Ottawa. "Yet the kind of copyright reform that is being contemplated is about as market interventionist as you can get." Amendments to the Copyright Act are fraught with problems, since there are so many players with contradictory views. 1:21:47 AM  PermaLink   / trackback []

Canada May Lose Copyright Fair-Use Rights. Canada May Lose Copyright Fair-Use Rights. DotNM writes with an article from the CBC reporting that the Canadian government is considering removing fair-use rights from Canada's copyright law. From the article: "Exacerbating the situation is intense pressure from the United States, where Canada is considered a rogue when it comes to copyright and intellectual property. It still hasn't ratified a 1997 World Intellectual Property Organization copyright treaty... Two of the most controversial issues are [DRM] and the closely related technological protection measures." [Slashdot: Your Rights Online] 1:14:14 AM  PermaLink   / trackback []

New Plan In UK For "Big Brother" Database. New Plan In UK For "Big Brother" Database. POPE Mad Mitch writes "The BBC is reporting that Tony Blair is going to unveil plans on Monday to build a single database to pull together and share every piece of personal data from all government departments. The claimed justification is to improve public services. The opposition party and the Information Commission have both condemned the plan as another step towards a 'Big Brother' society. Sharing information in this way is currently prohibited by the 'over-zealous' data protection legislation. An attempt to build a similar database was a key part of the, now severely delayed, ID card scheme." [Slashdot: Your Rights Online] 12:51:25 AM  PermaLink   / trackback []

BBC NEWS | Politics | Whitehall plan for huge database A giant database of people's personal details could be created at Whitehall under government plans which ministers say will help improve public services. Tony Blair is expected to unveil the proposal in Downing Street on Monday. Strict regulations currently prevent one part of government sharing personal information it holds with another. Ministers argue the data-sharing rules are "overzealous" but the Conservatives say relaxing them would be "an excuse for bureaucrats to snoop". So-called citizens' panels will gauge public reaction to relaxing privacy procedures so people do not have to repeat personal information to different public bodies - particularly at times of stress such as a family death. 12:50:20 AM  PermaLink   / trackback []

New E-Commerce Identity Tag Makes Online Debut. New E-Commerce Identity Tag Makes Online Debut. A long-promised technology for helping consumers verify the legitimacy of commercial Web sites made its debut on the Internet Friday: Visit online security company Entrust's login page with Microsoft's Internet Explorer 7 Web browser and you'll notice that the address bar has turned from white to green. Entrust's site appears to be the first to feature what are being called "extended validation certificates," a development that is equal parts technology, process and collaboration. It comes in response to an epidemic of phishing attacks, or online scams in which bad guys erect Web sites that impersonate trusted e-commerce and banking sites in order to trick users into revealing personal and financial data. "EV certs," as they're known in the industry, are meant to serve as a more user-friendly version of secure-sockets layer (SSL) certificates, the digital placards long handed out by Entrust and other "certificate authorities" that are meant to signify to consumers that they are on a site that uses encryption technology. The goal is to assure visitors that unauthorized third parties can't intercept user names, passwords, and other sensitive data that consumers enter when shopping or banking online. SSL certs also have been touted as a means of helping consumers verify that they are truly at Ebay.com or some other commercial site, not at some clever fake. The problem is that most consumers don't know how to read the more relevant, technical information contained in an SSL cert. What's more -- the scam artists themselves have even begun purchasing and using SSL certs in an effort to make their sites appear more legitimate. Hence, the idea for EV Certs. Unlike most processes for obtaining a regular SSL -- which are largely automated and often can be issued the same day they are purchased -- issuers of EV certs are supposed to do a lot more background checking into the entity that's requesting an EV cert, a process that can take several weeks. The idea with EV certs is that when you log in to your bank's Web site, you should notice the browser's address bar turning green. If you single click on the lock icon, it will pop up a box that has a bit more information about which certificate authority vouched for the identity of the site. Visitors who aren't convinced can click on a link that brings up the more technical information on the certificate, or a link to IE7's "Help" page that has a long lists of answers that might pop up in the visitor's mind. The benefit from these certs won't be fully realized until a lot more sites implement them, and more importantly until the general public has had a chance to become familiar enough with the certs that they begin to look for them. But here's where it gets a bit tricky. These new and improved EV certs are quite a bit more expensive than SSL certs: Entrust plans to sell its EV certs at $499 apiece per year (and that's its "intro price"), whereas its regular SSL certs sell for about $150 (and you can find SSL certs for much cheaper elsewhere). Verisign, the world's largest and probably most recognizable SSL provider, has set its price for EV certs starting at a hefty $1,300 per year. All of which raises some questions. Where does the small mom-and-pop-shop fit into this brave new world? If the average Web surfer (i.e., IE user) becomes accustomed to seeing green browser bars at Ebay.com, what will they think of Bargainwidgets.com if their login page isn't tinted by the familiar green address bar? Also, what about the bank Web sites, which Security Fix and others have taken to task for confusing average consumers? For years, the banks trained customers to look for the little "padlock icon" in the corner of their Web browser window. Over the past couple of years, however, many of the nation's largest financial institutions have done away with the padlock on their home pages in the name of convenience and costs savings. On a number of banking sites, you don't see that padlock until you click on the "login" link or click on a separate portion of the bank's site. It will be interesting to see whether the banks adapt their policies yet again to accommodate the increased recognition that may be afforded to them through EV certs. Meantime, the folks at Mozilla say they are hard at work on a new version of Firefox that can accommodate EV certs, but it may be some time yet before that becomes a reality (that's based on interviews with them...there may indeed be other browser makers who are ready to roll this out, I just don't know). Of course, it is possible that phishers may figure out a way to fake the green address bar at some point. At any rate, please drop me a line or leave something in the comments section below if -- in the days after reading this post -- your bank or other sites you do business with roll out this technology. [Security Fix] 12:34:26 AM  PermaLink   / trackback []

EFF - Line Noise at CES. Line Noise at CES. EFF's audio segment, Line Noise, returns with a visit to the Consumer Electronics Show. Activist Derek Slater takes a look at the latest gadgets, with an eye to how the market has been affected by the shifting sands of copyright law. As ever, you can hear this episode directly as a MP3 formatted or Ogg Vorbis file, or subscribe to our podcast feeds in iPod-friendly MP3 feeds, or patently unencumbered Ogg format. [EFF: Deep Links] 12:30:50 AM  PermaLink   / trackback []

PERFORM Act = DRM Mandate. PERFORM Act = DRM Mandate. Hey, RIAA, satellite radio and webcasters already pay you licensing fees. Leave their engineers alone. Much of the coverage of the PERFORM Act, S. 256, recently reintroduced by Senator Feinstein (D - Calif.), seems to treat the issue as a tussle between XM and the RIAA over royalties. More important, however, is the DRM mandate tucked in there. Webcasters and satellite radio both rely on compulsory licenses that permit them to broadcast whatever music they like, so long as they pay a license fee and follow a variety of rules (like playing no more than 3 songs from any one album in any 3-hour time period, if you're a webcaster). While the compulsory license imposes certain restrictions, it does not tell you what technology to use. Instead, it leaves webcasters free to use non-DRMd formats (like streaming MP3). In fact, all the streaming radio stations in iTunes use MP3 streams. And it's the use of non-DRMd formats that has permitted innovative technology like Streamripper and RadioLover to evolve to meet the home recording demands of music fans. The PERFORM Act would change all that by requiring that anyone who wants the compulsory license must use a DRMd format. (For a full analysis of the statutory language, take a look at the analysis we posted last year.) This is not only bad news for the world's MP3 webcasters (like Shoutcast, Live365, and public radio stations like KCRW and KEXP, as well as any 'caster who wants to be included in iTunes), but it's also a bad precedent for our copyright laws. Over the course of a century, our copyright laws have responded to changing technology not with government technology mandates, but rather by letting new business models evolve or, when absolutely necessary, by plugging revenue shortfalls with compulsory licenses. And government technology mandates are particularly bad for copyright because they tend to stick around in the statute books long after they become obsolete, complicating the lives of future generations of innovators (hey, anyone remember SCMS? it's still in the Copyright Act!). This is not about "piracy". The music flowing so freely today in darknet channels is not sourced from recordings off satellite radio and webcasts. This is just another example of the entertainment industries using DRM to put a chokehold on tomorrow's disruptive innovations. Help us hold the line against government DRM mandates. Ask your members of Congress to oppose the PERFORM Act. [EFF: Deep Links] 12:28:45 AM  PermaLink   / trackback []