Saturday, March 3, 2007

Concurring Opinions: The Rise of Customer Blacklists Blacklists appear to be the rage these days. With the ease of storing and sharing personal information -- coupled with lax privacy law restrictions on such activities -- companies can increasingly create blacklists of bad customers. In this article from the Ottawa Citizen, hotels in Australia and Canada (and soon the United States) are signing up for a service that compiles a blacklist against "bad" hotel guests: 11:55:39 PM  PermaLink   / trackback []

Telco customers at risk for online privacy breach. Telco customers at risk for online privacy breach. A study released by the Customer Respect Group indicates that telecommunications companies are slipping when it comes to customer privacy, especially in comparison to retail and high-tech industries. A majority of companies surveyed were dound to ask for excessive, inappropriate personal data. [Computerworld Privacy News] 11:51:07 PM  PermaLink   / trackback []

Activists Claim Success: No RFID Chips Required in Driver's License Regulations - March 2007 Citizens Against Government Waste (CAGW) declared a victory for taxpayers and drivers yesterday after the Department of Homeland Security (DHS) released proposed regulations for personal identification that do not mandate the use of radio-frequency identification (RFID) technology. The REAL ID Act requires DHS to establish federal standards for state-issued driver's licenses and identification cards. 11:49:12 PM  PermaLink   / trackback []

Malware Threat Report for February 2007. Malware Threat Report for February 2007. "Storm Worm," continues to severely impact worldwide mailboxes in successive waves. [GT: Security and Privacy] 11:44:32 PM  PermaLink   / trackback []

Breach of Personal Information at Calif. Dept. of Health Service Handled Quickly. Breach of Personal Information at Calif. Dept. of Health Service Handled Quickly. "We are taking steps to notify you of this, consistent with our policy, and with the sensitivity around all HIV related issues." [GT: Security and Privacy] 11:40:00 PM  PermaLink   / trackback []

FCW.com News - OMB: Agencies make headway with IT security The state of the government's cybersecurity position has improved over the past year, but significant holes remain, especially in the areas of categorizing the risk level of systems and training, according to the Office of Management and Budget. OMB found that more than 700 systems, including 397 managed by agencies, had not been categorized as high, medium or low risk. Also, the administration said more agency employees have received information technology security training -- up 10 percent since last year -- but more needs to be done. In its fourth annual Federal Information Security Management Act report sent to Congress March 1, OMB said it will rely on the Security Line of Business effort to better train employees by using a standard program. OMB named three shared-service centers for security training in February: the Office of Personnel Management, the State Department and the U.S. Agency for International Development, and the Defense Department. 11:38:06 PM  PermaLink   / trackback []

Hartford Courant - Best Buy Confirms It Has Secret Website Under pressure from state investigators, Best Buy is now confirming my reporting that its stores have a secret intranet site that has been used to block some consumers from getting cheaper prices advertised on BestBuy.com. Company spokesman Justin Barber, who in early February denied the existence of the internal website that could be accessed only by employees, says his company is "cooperating fully" with the state attorney general's investigation. Barber insists that the company never intended to mislead customers. State Attorney General Richard Blumenthal ordered the investigation into Best Buy's practices on Feb. 9 after my column disclosed the website and showed how employees at two Connecticut stores used it to deny customers a $150 discount on a computer advertised on BestBuy.com. Blumenthal said Wednesday that Best Buy has also confirmed to his office the existence of the intranet site, but has so far failed to give clear answers about its purpose and use. "Their responses seem to raise as many questions as they answer," Blumenthal said in an interview. "Their answers are less than crystal clear." 11:26:10 PM  PermaLink   / trackback []

Canadian Gov't Grants Olympics Ownership of Winter. Canadian Gov't Grants Olympics Ownership of Winter. An anonymous reader writes  "Michael Geist reports that the Canadian government has introduced new legislation that grants Vancouver Olympic organizers broad powers to police the use of any commercial use of the words associated with the Olympics. These incredibly include 'winter, Vancouver, and games.' As Geist notes, the government 'has no time to deal with spam, spyware, privacy, or net neutrality, but commits to legislation on behalf of the organizers of a sporting event?'"  [Slashdot: Your Rights Online] 11:17:34 PM  PermaLink   / trackback []

Justice Department takes aim at image-sharing sites | CNET News.com   The Bush administration has accelerated its Internet surveillance push by proposing that Web sites must keep records of who uploads photographs or videos in case police determine the content is illegal and choose to investigate, CNET News.com has learned.  That proposal surfaced Wednesday in a private meeting during which U.S. Department of Justice officials, including Assistant Attorney General Rachel Brand, tried to convince industry representatives such as AOL and Comcast that data retention would be valuable in investigating terrorism, child pornography and other crimes. The discussions were described to News.com by several people who attended the meeting. A second purpose of the meeting in Washington, D.C., according to the sources, was to ask Internet service providers how much it would cost to record details on their subscribers for two years. At the very least, the companies would be required to keep logs for police of which customer is assigned a specific Internet address. Only universities and libraries would be excluded, one participant said. "There's a PR concern with including the libraries, so we're not going to include them," the participant quoted the Justice Department as saying. "We know we're going to get a pushback, so we're not going to do that." Attorney General Alberto Gonzales has been lobbying Congress for mandatory data retention, calling it a "national problem that requires federal legislation." Gonzales has convened earlier private meetings to pressure industry representatives. And last month, Republicans introduced a mandatory data retention bill in the U.S. House of Representatives that would let the attorney general dictate what must be stored and for how long. 11:12:46 PM  PermaLink   / trackback []

DoJ Mulls Tracking Picture Uploads. DoJ Mulls Tracking Picture Uploads.   Dominus Suus passed us a link to a C|Net article about a disturbing threat to privacy from the Justice Department. According to the article, a private meeting was held Wednesday between Justice officials and telecom industry representatives. With individuals from companies such as AOL and Comcast looking on, the officials continued overtures to increase data retention by ISPs on American citizens. This week, they were specifically looking to have records kept of photo uploads. In this way, and 'in case police determine the content is illegal and choose to investigate,' an easy trail from A to Z will be available. The article provides a good deal of background on the Bush Administration's history with data retention, with ties to events even older than the Bush presidency.  --- "The Justice Department's request for information about compliance costs echoes a decade-ago debate over wiretapping digital telephones, which led to the 1994 Communications Assistance for Law Enforcement Act. To reduce opposition by telephone companies, Congress set aside $500 million for reimbursement and the legislation easily cleared both chambers by voice votes. Once Internet providers come up with specific figures, privacy advocates worry, Congress will offer to write a generous check to cover all compliance costs and the process will repeat itself." [Slashdot: Your Rights Online] 10:57:23 PM  PermaLink   / trackback []

Homeland Security offers details on Real ID | CNET News.com Hundreds of millions of Americans will have until 2013 to be outfitted with new digital ID cards, the Bush administration said on Thursday in a long-awaited announcement that reveals details of how the new identification plan will work.  The announcement by the U.S. Department of Homeland Security offers a five-year extension to the deadline for states to issue the ID cards, and proposes creating the equivalent of a national database that would include details on all 240 million licensed drivers. According to the draft regulations (PDF), which were required by Congress in the 2005 Real ID Act and are unlikely to assuage privacy and cost concerns raised by state legislatures: âo¢ The Real ID cards must include all drivers' home addresses and other personal information printed on the front and in a two-dimensional barcode on the back. The barcode will not be encrypted because of "operational complexity," which means that businesses like bars and banks that require ID would be capable of scanning and recording customers' home addresses. âo¢ A radio frequency identification (RFID) tag is under consideration. Homeland Security is asking for input on how the licenses could incorporate "RFID-enabled vicinity chip technology, in addition to" the two-dimensional barcode requirement. 10:52:36 PM  PermaLink   / trackback []

Homeland Security Offers Details on Real ID. Homeland Security Offers Details on Real ID. pr0nqu33n writes  "C|Net is running an article on the DHS's requirements for the Real ID system. Thursday members of the Bush administration finally unveiled details of the anticipated national identification program. Millions of Americans will have until 2013 to register for the system, which will (some would argue) constitute a national ID. RFID trackers for the cards are under consideration, as is a cohesive nation-wide design for the card. States must submit a proposal for how they'll adopt the system by early October of this year. If they don't, come May of next year their residents will see their licenses unable to gain them access to federal buildings and airplanes. The full regulations for the system are available online in PDF format. Likewise, the DHS has a Questions and Answers style FAQ available to explain the program to the curious." [Slashdot: Your Rights Online] 10:48:45 PM  PermaLink   / trackback []

RIAA's 'Expert' Witness Testimony Now Online. RIAA's 'Expert' Witness Testimony Now Online.   NewYorkCountryLawyer writes  "The online community now has an opportunity to see the fruits of its labor. Back in December, the Slashdot ('What Questions Would You Ask an RIAA Expert?') and Groklaw ('Another Lawyer Would Like to Pick Your Brain, Please') communities were asked for their input on possible questions to pose to the RIAA's 'expert'. Dr. Doug Jacobson of Iowa State University, was scheduled to be deposed in February in UMG v. Lindor, for the first time in any RIAA case. Ms. Lindor's lawyers were flooded with about 1400 responses. The deposition of Dr. Jacobson went forward on February 23, 2007, and the transcript is now available online (pdf) (ascii). Ray Beckerman, one of Ms. Lindor's attorneys, had this comment: 'We are deeply grateful to the community for reviewing our request, for giving us thoughts and ideas, and for reviewing other readers' responses. Now I ask the tech community to review this all-important transcript, and bear witness to the shoddy investigation and junk science upon which the RIAA has based its litigation war against the people. The computer scientists among you will be astounded that the RIAA has been permitted to burden our court system with cases based upon such arrant and careless nonsense.'" [Slashdot: Your Rights Online] 10:43:58 PM  PermaLink   / trackback []

Researchers Say They Peeled the Onion Router. Researchers Say They Peeled the Onion Router. Researchers in the U.S. say they've successfully shown how attackers could compromise a network designed to make it harder to trace Web sites they are viewing. [PC World: Latest Technology News] 10:31:22 PM  PermaLink   / trackback []

European Retailer Embeds RFID Chips in Shoes. European Retailer Embeds RFID Chips in Shoes. One of Europe's largest shoe companies plans to embed wireless chips in shoes sold at hundreds of stores across the continent. [PC World: Latest Technology News] 10:28:01 PM  PermaLink   / trackback []