Friday, February 23, 2007

Going to Canada? Check your past / Visitors with minor criminal records turned back at border There was a time not long ago when a trip across the border from the United States to Canada was accomplished with a wink and a wave of a driver's license. Those days are over. Take the case of 55-year-old Lake Tahoe resident Greg Felsch. Stopped at the border in Vancouver this month at the start of a planned five-day ski trip, he was sent back to the United States because of a DUI conviction seven years ago. Not that he had any idea what was going on when he was told at customs: "Your next stop is immigration.'' Felsch was ushered into a room. "There must have been 75 people in line," he says. "We were there for three hours. One woman was in tears. A guy was sent back for having a medical marijuana card. I felt like a felon with an ankle bracelet.'' [...] Welcome to the new world of border security. Unsuspecting Americans are turning up at the Canadian border expecting clear sailing, only to find that their past -- sometimes their distant past -- is suddenly an issue. While Canada officially has barred travelers convicted of criminal offenses for years, attorneys say post-9/11 information-gathering, combined with a sweeping agreement between Canada and the United States to share data, has resulted in a spike in phone calls from concerned travelers. They are shocked to hear that the sins of their youth might keep them out of Canada. But what they don't know is that this is just the beginning. Soon other nations will be able to look into your past when you want to travel there. [...] "From the time that you turn 18, everything is in the system,'' says Lucy Perillo, whose Canada Border Crossing Service in Winnipeg, Manitoba, helps Americans get into the country. [...] So it isn't as if rules have stiffened. But what has changed is the way the information is gathered. In the wake of 9/11, Canada and the United States formed a partnership that has dramatically increased what Lesperance calls "the data mining'' system at the border. The Smart Border Action Plan, as it is known, combines Canadian intelligence with extensive U.S. Homeland Security information. The partnership began in 2002, but it wasn't until recently that the system was refined. "They can call up anything that your state trooper in Iowa can,'' Lesperance says. "As Canadians and Americans have begun cooperating, all those indiscretions from the '60s are going to come back and haunt us.'' [...] The lesson, the attorneys say, is that if you must travel to Canada, you should apply for "a Minister's Approval of Rehabilitation" to wipe the record clear. Oh, and by the way, if you don't need to travel to Canada, don't think you won't need to clear your record. Lesperance says it is just a matter of time before agreements are signed with governments in destinations like Japan, Indonesia and Europe. "This,'' Lesperance says, "is just the edge of the wedge.'' 5:25:44 PM  PermaLink   / trackback []

Canadian Border Tightens Due to Info Sharing. Canadian Border Tightens Due to Info Sharing. blu3 b0y writes "The San Francisco Chronicle is reporting that new information sharing agreements have made it as easy for a Canadian border officer to know the full criminal records of US citizens as it is for their local police. As a result, Canadian officials are turning away American visitors for ancient minor convictions, including 30-year-old shoplifting and minor drug possession convictions. Officials claim it's always been illegal to enter Canada with such convictions without getting special dispensation, they just had no good way of knowing about them until recent security agreements allowed access. One attorney speculates it's not long before this information will be shared with other countries as well, causing immigration hassles worldwide." [Slashdot: Your Rights Online] 4:21:12 PM  PermaLink   / trackback []

Mass. Bill Would Make Retailers Pay for Data Breaches. Mass. Bill Would Make Retailers Pay for Data Breaches. Lawmakers in Massachusetts are poised to consider legislation that would force retailers who suffer data breaches to cover the costs associated with any fraud-related losses by their customers, according to a story in today's Wall Street Journal (link is by subscription only). The bill, sponsored by Rep. Michael A. Costello (D), would make any company (retailer, bank or data processor) financially liable if it is the operator of the system that is hacked. The bill doesn't cover other types of credit-card fraud, such as those perpetrated by means of a lost or stolen card." The legislation also "would mandate that companies whose security systems are breached assume full financial responsibility for any fraud-related losses, costs associated with the canceling and reissuing of cards, and -- in cases of identity theft -- the freezing of accounts and credit information. The bill would apply to any company doing business in Massachusetts, wherever it may be based." While this is a state measure, it's hard to ignore the nationwide impact of the California data breach notification law that took effect in 2003. It seems like everyone is getting data breach or loss notices these days (my wife and I received one last week). Now, some 35 states have laws on the books that mimic the California law. You can bet that a ton of businesses will be keeping a close eye on the debate surrounding this Massachusetts bill. It's worth noting that the intent behind this bill is very similar to a legislative idea sketched out earlier this year by House Financial Services Committee Chairman Barney Frank, a Democrat who just happens to hail from Massachusetts. [Security Fix] 12:16:34 PM  PermaLink   / trackback []

EFF - miniLinks for 2007-02-21. miniLinks for 2007-02-21. Free Congress! Coders gather to open up more of the legislature's deliberations. Republicans, Democrats Spat Over IP Rights in Congress TV After Speaker of the House Nancy Polosi is accused of "pirating" C-SPAN, the TV service reiterates that it has no copyright interest in the video. Chinese Lawyers Protest Sina's Blog Censorship Fight the arbitrary nature of China's limits on free speech. New York Times on the DJ Mixtape Arrests "DJs continued to release tapes -- some with hastily added tracks on which rappers cursed the RIAA" Disney Must Consider Sharing Pooh's Honey The endless fight over the merchandising rights to A.A. Milne's work continues to plague the copyright maximalist company. Students Balk at University's "Free" Music Deals One insider's view of dealing with the college-only licensed music services. Bipartisan Effort to Junk Real ID Law Democrat Rep. Tom Allen and Republican Rep. Scott Lansley push for reform of costly, invasive national ID mandate. A 55-inch TV Is too big for the Super Bowl Consumer electronics mavens scratch their heads at NFL's Super Bowl rules. UK Government Rejects Calls for DRM Ban While faulty, DRM is good for price discrimination, Prime Minister's office says. Framing the DRM Debate LinuxJournal's Don Marti says it's about more than property. Europe's Plan to Track Phone and Net Use Data retention implementation to be far worse than original plans. UK Now Running 439,000 E-mail and Phone Taps Report's author declares wiretap error rate "unacceptably high." [EFF: Deep Links] 12:14:58 PM  PermaLink   / trackback []

Studios, FBI Teach Swedish Cops to Hunt File Sharers. Studios, FBI Teach Swedish Cops to Hunt File Sharers. The FBI and the MPAA, with the Swedish antipiracy organization Antipiratbyren, are training Swedish law enforcement officers in copyright and piracy matters.  [PC World: Latest Technology News] 12:10:37 PM  PermaLink   / trackback []

Critical IE Graphics Flaw Resurfaces. Critical IE Graphics Flaw Resurfaces. Plus: More Office holes, and a major Adobe problem that affects all browsers. [PC World: Latest Technology News] 12:06:50 PM  PermaLink   / trackback []

Cerf: Internet Reflects Society. Cerf: Internet Reflects Society. Online abuses merely mirror its users' interests, says Net luminary and ICANN chief. [PC World: Latest Technology News] 12:04:22 PM  PermaLink   / trackback []

Famed ID Thief to Speak at Security Event. Famed ID Thief to Speak at Security Event. Frank Abagnale, subject of the film 'Catch Me If You Can', will keynote the London RSA Conference in October. [PC World: Latest Technology News] 12:00:45 PM  PermaLink   / trackback []

Pharming Attack Targeted Bank Customers Worldwide. Pharming Attack Targeted Bank Customers Worldwide. A pharming attack that targeted online banking customers in the U.S., Europe and Asia-Pacific has been shut down. [PC World: Latest Technology News] 11:58:49 AM  PermaLink   / trackback []

What would you do as chief information security officer? What would you do as chief information security officer. Becoming the chief information security officer (CISO) of a corporation makes you a strategic IT advisor to business management, the chief information officer, and the rest of the information technology staff. Just as no company is the same as another, the job of CISO -- or alternately, "chief security officer," which might include physical security as well -- isn't either. The four security professionals who share their priorities with us make it clear there's nothing cookie-cutter about the top IT security job. [CSO Online Data Security Briefing] 11:56:57 AM  PermaLink   / trackback []

Data Breach Hits Close to Home. Data Breach Hits Close to Home. I took some time off work last fall to spend with my wife, who had just been diagnosed with a golf-ball-sized tumor in her brain that needed to be removed. With the help of a few well-connected friends, we were privileged to have her seen by one of the top neurosurgeons in the world, a surgical ninja at The Johns Hopkins Hospital in Baltimore. The surgery was a great success, and the wife is just fine now. She carries nary a lingering symptom, visible scar or traumatic memory from the ordeal, save perhaps for the seemingly endless stream of bills and letters from our health insurance provider. That is, until last week, when she returned from the mailbox with a letter from the hospital alerting us that she was among some 83,000 Hopkins patients whose hospital records may have been compromised on account of a lost backup tape. According the letter, the lost tape contained data on new patients seen between July 4 and Dec. 18, 2006, or who had changes to their demographic information during that time. Among the data stored on the tape was the patient's name, mother's maiden name, father's name, race, sex, birth and medical record number. However, Hopkins was emphatic that there was no medical or Social Security data on the tapes. I must have read the letter three times in all, and at first I was pretty alarmed. But looking back now, I must say I don't think I've ever read a more thorough breach notification. The letter explained in detail what they thought happened to the backup tape and listed a number of reasons why Hopkins believed the risk to patient privacy was low in this case (many other medical data breach notifications I've read ask you simply to accept their pat answer that there is little chance of the data being misused). The hospital created a very informative Web site for affected patients, and listed a toll-free number for people who don't have Internet access. [Security Fix] 11:54:10 AM  PermaLink   / trackback []

Social Networks Key to 2008 Race. Social Networks Key to 2008 Race. Social networking sites have changed the game for political candidates. [PC World: Latest Technology News] 11:51:14 AM  PermaLink   / trackback []

Colleges Struggle to Cope With Flood of Copyright Complaints. Colleges Struggle to Cope With Flood of Copyright Complaints. The major record labels are sending thousands more copyright nastygrams to colleges regarding student file sharing this year. Of course, file sharing continues unabated, and these P2P-related notices will simply push fans to use other readily-accessible technologies that the RIAA can't easily monitor -- copying music through iTunes over the campus LAN, swapping hard drives and USB flash drives, burning recordable DVDs, and forming ad hoc wireless networks. So the RIAA's strategy still won't stop file sharing, but it certainly will cause collateral damage to academic freedom, free speech, and privacy. In a recently released report, the Brennan Center lays out what that cost looks like today based on interviews with representatives from 25 service providers including 10 from universities. Universities are already being forced to waste substantial resources on doing the RIAA's dirty work. Flooded with machine-generated complaints, schools are unable to evaluate the merits of particular complaints. While lacking procedural safeguards to make sure students wrongly accused of infringement are not penalized, many schools have adopted stricter penalties than the law requires. Schools have also adopted network monitoring and filtering tools that interfere with legitimate expression. The increase in P2P-related notices stands only to make matters worse. The RIAA's Cary Sherman states that the increase in the notices is "something we feel we have to do," but blanket licensing provides a clear alternative to blanket lawsuits. Take action now to help stop the lawsuit campaign. [EFF: Deep Links] 11:49:38 AM  PermaLink   / trackback []

Fight Over Google's 'Sponsored Links' Threatens Internet Free Speech. Fight Over Google's 'Sponsored Links' Threatens Internet Free Speech. EFF Asks Judge to Uphold Key Trademark Ruling San Francisco - The Electronic Frontier Foundation (EFF) asked the U.S. 2nd Circuit Court of Appeals today to uphold an important ruling allowing anyone to purchase Google's "sponsored links" tied to trademarks, arguing that the practice is legal under trademark law and provides a vital means for online speakers to connect with audiences on the Internet. Google's "sponsored links" feature allows customers to buy advertisements attached to certain search terms. When a Google user types those terms into the search engine, the sponsored links appear along with the search results. However, a company named Rescuecom filed a lawsuit against Google over the program, claiming that selling sponsored links for the term "Rescuecom" infringed its trademark. In an amicus brief filed with the appeals court today, EFF argues that the sponsored links are not an infringing use, and in fact promote a vibrant public sphere by helping online speakers reach a broader audience. An example cited in the brief is that of "The Coalition of Immokalee Farmworkers," a group critical of McDonald's business practices. The coalition bought sponsored links attached to searches for "McDonald's" in order to stimulate debate and mobilize support. "The Internet has brought together speakers of many kinds -- some competing with trademark owners, others criticizing them, still others simply referring to them while discussing other subjects or products," said EFF Staff Attorney Corynne McSherry. "Services like Google's 'sponsored links' help people with something to say reach those who might be interested in hearing it." Rescuecom has asked the court to hold that trademark law regulates virtually any use of search keywords that are also trademarks. This would give trademark holders a legal sword to wield against critics and competitors, as well as the intermediaries upon which those critics and competitors rely to spread their message. But courts have historically taken care to ensure that trademark restrictions do not allow markholders to interfere with Constitutionally-protected free speech. "On the Internet, trademarks aren't just identifiers. They are essential navigation tools and vehicles of expression," said EFF Staff Attorney Jason Schultz. "Quashing this speech goes against both the law and the public interest." A judge dismissed Rescuecom's case against Google last year, but the company is appealing the decision. For the full brief filed in Rescuecom v. Google: http://www.eff.org/legal/cases/rescuecom_v_google/EFF_amicus.pdf Contacts: Corynne McSherry Staff Attorney Electronic Frontier Foundation corynne@eff.org Jason Schultz Staff Attorney Electronic Frontier Foundation jason@eff.org [EFF: Breaking News] 11:47:09 AM  PermaLink   / trackback []