In Bid to Sway Sales, Cameras Track Shoppers: Via NYT > Privacy.

Retailers say they are using video cameras to watch customers as a way to make shopping in stores more enjoyable, but privacy advocates are skeptical.

[...]

At a mall, a father emerged from a store dragging his unruly young son by the scruff of the neck, as if he were the family cat. The man had no idea his parenting skills were being immortalized.

At an office supply store, a mother decided to get an item from a high shelf by balancing her small child on her shoulders, unaware that she, too, was being recorded.

These scenes may seem like random shopping bloopers, but they are meaningful to stores that are striving to engineer a better experience for the consumer, and ultimately, higher sales for themselves. [ Read more ... ]

Unprecedented 25-Year Sentence Sought for TJX Hacker: Via Threat Level.

Computer hacker Albert Gonzalez deserves a quarter-century behind bars for leading a gang of cyberthieves who stole tens of millions of credit and debit card numbers from a transaction processor and several giant retail chains, federal prosecutors argued in a court filing Thursday night.

“[T]he sentences would be the longest ever imposed in an identity theft case and among the longest imposed for a financial crime, which is appropriate because Gonzalez was at the center of the largest and most costly series of identity thefts in the nation’s history,” wrote Boston-based Assistant U.S. Attorney Stephen Heymann. “He knowingly victimized a group of people whose population exceeded that of many major cities and some states.”

The government also disputed a defense claim that Gonzalez suffers from Asperger’s disorder, a mild form of autism that was grounds for a slightly reduced sentence in a previous hacking prosecution.

Gonzalez, 28, is set for sentencing next week on three indictments covering virtually every headline-making bank-card theft in recent years, including intrusions at TJX, DSW Shoe Warehouse, Office Max, Hannaford Brothers, 7-Eleven, and Heartland Payment Systems, which alone exposed magstripe data on 130 million credit and debit cards. He performed the intrusions while an informant for the Secret Service.

The hacker’s plea agreements contemplate a total prison term of between 17 and 25 years. [ Read more ... ]

EFF Appeals Dismissal of Warrantless Wiretapping Case: Via EFF.org Updates.

EFF today filed its appeal to the 9th Circuit Court of Appeals of the dismissal of Jewel v. NSA, the case EFF brought against the U.S. government and government officials on behalf of AT&T customers to stop the National Security Agency's illegal, unconstitutional, and ongoing mass surveillance of their communications and communications records. The case arises from the still growing stacks of evidence confirming the surveillance, including the technical documents presented by former AT&T employee Mark Klein that describe the NSA's secret mass wiretapping facility in San Francisco. [ Read more ... ]

Viacom Makes Its Case Against Yesterday's YouTube: Via EFF.org Updates.

Today, after three years of litigation, the Viacom v. YouTube combatants finally publicly released their briefs (Viacom's; YouTube's; Class Action Plaintiffs') in what most expect to be the main event in the case, namely, cross-motions for summary judgment (for the non-lawyers: a summary judgment motion asks the court to rule that the case is such a slam dunk in your favor that no trial is necessary).

One surprise from Viacom is a concession that it basically has no beef with YouTube as it has been run since May 2008: "[W]e do not ask the Court to address potential liability for post-May 2008 infringement in this motion and, if Viacom's summary judgment motion is granted, do not intend to do so at trial." What happened in May 2008? That would be when YouTube launched its Content ID system, enabling copyright owners to "claim" their content and decide whether it will be blocked or monetized on YouTube.

In other words, this case isn't really about YouTube (at least YouTube circa 2010). It's about Viacom's effort to get the court to re-write the DMCA safe harbors to require everyone else to implement (and pay for) copyright filtering. If Viacom succeeds, it would radically change the innovation environment for all Internet companies that depend on the DMCA safe harbors.

Why are the DMCA safe harbors so important? YouTube says it best: [ Read more ... ]

Senators draft plan to rework U.S. immigration policy - washingtonpost.com: Via washingtonpost.com .

Sens. Charles E. Schumer (D-N.Y.) and Lindsey O. Graham (R-S.C.) announced the building blocks Thursday for a new push in Congress to overhaul the nation's immigration laws, outlining a plan to require U.S. citizens and legal immigrants to obtain a new high-tech Social Security card tied to their fingerprints or other biometric identifiers and to create a system to bring in temporary workers as the U.S. economy demands.

The immigration "blueprint," outlined in an opinion column posted on The Washington Post's Web site, drew an immediate vow of support from President Obama, who urged Congress "to act at the earliest possible opportunity." [ Read more ... ]

Domain Names Can't Defend Themselves: Via Freedom to Tinker.

Today, the Kentucky Supreme Court handed down an opinion in the saga of Kentucky vs. 141 Domain Names (described a while back here on this blog). Here's the opinion.

This case is fascinating. A quick recap: Kentucky attempted a property seizure of 141 domain names allegedly involved in gambling on the theory that the domain names themselves constituted "gambling devices" under Kentucky law and were therefore illegal. The state held a forfeiture hearing where anyone with an interest in the "property" could show up to defend their interest in the property; otherwise, the State would order the registrars to transfer "ownership" of the domain names to Kentucky. No individual claiming that they own one of the domain names showed up. Litigation began when two industry associations (iMEGA and IGC) claimed to represent unnamed persons who owned these domain names (and another lawyer showed up during litigation claiming representation of one specific domain name). [ Read more ... ]

Hacker Disables More Than 100 Cars Remotely: Via Threat Level.

More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.

“We initially dismissed it as mechanical failure,” says Texas Auto Center manager Martin Garcia. “We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due. The system will not stop a running vehicle. [ Read more ... ]

Judges Approves $9.5 Million Facebook ‘Beacon’ Accord: Via Threat Level.

A federal judge on Wednesday approved a $9.5 million settlement to a class action lawsuit challenging Facebook’s program that monitored and published what users of the social networking site were buying or renting from Blockbuster, Overstock and other locations.

The case concerned allegations Facebook’s now defunct “Beacon” program breached federal wiretap and video-rental privacy laws. Terms of the settlement, in which Facebook denied any wrongdoing, require the site to finance what the deal calls a “Digital Trust Fund” that would issue more than $6 million in grants to organizations to study online privacy.

The social networking site will have a seat on the fund’s three-member board — a fact that was a big bone of contention (.pdf) in the privacy community, but one U.S. District Judge Richard Seeborg in San Jose, California, said Wednesday was immaterial.

“There has been no pervasive showing that the foundation will be a mere publicity tool for Facebook,” (.pdf) Seeborg wrote.

Seeborg gave preliminary approval to the deal last year, but finalized it Wednesday after reviewing objections. [ Read more ... ]

Hooking Up The Big Brother Machine... And Fighting It: Via EFF.org Updates.

Here's a movie pitch: One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren't quite what they seem. There's a "secret room" downstairs, and ordinary employees aren't allowed to enter it. Coworkers — almost casually! — remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government's ominous eye-and-pyramid "Total Information Awareness" logo.

Soon, the plot thickens. Mundane technical procedures produce startling revelations. He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic. And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans.

All this in the early 2000s, when "the political atmosphere in the country after 9/11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse."

What happens to our hero when he finally decides to go public? [ Read more ... ]

Court: State Can Dump Non-Sex Offenders Into Registry: Via Threat Level.

Georgia’s Supreme Court is upholding the government’s right to put non-sex offenders on the state’s sex offender registry, highlighting a little-noticed but growing practice nationwide.

Atlanta criminal defense attorney Ann Marie Fitz estimated that perhaps thousands of convicts convicted of non-sexual crimes have been placed in sex-offender databases. Fitz represents a convict who was charged with false imprisonment when he was 18 for briefly detaining a 17-year-old girl during a soured drug deal. He unsuccessfully challenged his mandatory, lifelong sex-offender listing to the Georgia Supreme Court, which ruled against him Monday.

Under the Adam Walsh Child Protection and Safety Act of 2007, the states are required to have statutes demanding sex-offender registration for those convicted of kidnapping or falsely imprisoning minors. The Georgia court ruled that the plain meaning of “sex offender” was overridden by the state’s law.

“Rainer’s belief that the term ’sexual offender’ may only apply to offenders who commit sexual offenses against minors does not change the fact that the definition provided in the statute, and not the definition that Rainer wishes to impose upon the statute, controls,” the court’s majority said. [ Read more ... ]

How Privacy Vanishes Online: Via NYT > Privacy.

Using innocuous bits of data from Web sites like Facebook and Twitter, researchers gleaned people’s names, ages and even Social Security numbers.

Yet people often dole out all kinds of personal information on the Internet that allows such identifying data to be deduced. Services like Facebook, Twitter and Flickr are oceans of personal minutiae — birthday greetings sent and received, school and work gossip, photos of family vacations, and movies watched.

Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number.

“Technology has rendered the conventional definition of personally identifiable information obsolete,” said Maneesha Mithal, associate director of the Federal Trade Commission’s privacy division. “You can find out who an individual is without it.” [ Read more ... ]

Undercover Feds on Social Networking Sites Raise Questions: Via Threat Level.

The next time someone ties to “friend” you on Facebook, it may turn out to be an undercover fed looking to examine your private messages and photos, or surveil your friends and family, according to an internal Justice Department document obtained by the Electronic Frontier Foundation.

The 33-page document shows that law enforcement agents from local police to the FBI and Secret Service have been logging on to MySpace and other sites undercover to communicate with suspects, read private postings and view photos and videos that are restricted to a user’s friends, according to the Associated Press.

The document also describes techniques for verifying alibis — such as checking messages posted by a suspect on Twitter disclosing his whereabouts at the time a crime was committed — and uncovering information that might point to illegal activity, such as photos depicting a suspect with expensive jewelry, a new car or even a weapon.

The document says that evidence from social networking sites can: [ Read more ... ]

FBI Uses Fake Facebook Profiles To Spy On Suspects: Via Huffington Post.

WASHINGTON — The Feds are on Facebook. And MySpace, LinkedIn and Twitter, too.

U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting.

Think you know who's behind that "friend" request? Think again. Your new "friend" just might be the FBI.

The document, obtained in a Freedom of Information Act lawsuit, makes clear that U.S. agents are already logging on surreptitiously to exchange messages with suspects, identify a target's friends or relatives and browse private information such as postings, personal photographs and video clips. [ Read more ... ]

Lawrence Lessig: Citizens Unite: Via Huffington Post.

There has been a growing fury about the Supreme Court's decision in the Citizens United case, but much of that fury hangs upon an odd reading of the Court's opinion. The Court, it is said, has given corporations all the rights of "persons." It has elevated these artificial beings into entities "endowed by their Creator" (us) "with certain unalienable rights," including the right to free speech.

No doubt the Court has a long history of recognizing the "person" in "Inc." But this current wave of criticism is hard to understand, because the Court's entire Citizens United opinion hung upon the fact that the First Amendment says nothing about who or what is to get the benefit of its protection. It simply bans certain kinds of regulation. As Justice Scalia put it in his concurrence: "The Amendment is written in terms of 'speech,' not speakers." Thus, the government is blocked by the First Amendment from constraining the free speech of any entity, whether that entity is a corporation or a dolphin. [ Read more ... ]

Case Report – BCCA says aerial surveillance by telphoto zoom lens not a search « All About Information: Via A legal blog about the law of information – By Toronto, Ontario lawyer Dan Michaluk.

Today, the British Columbia Court of Appeal held that the police did not violate section 8 of the Charter by conducting aerial surveillance of a rural property from in excess of 1000 feet by using a digital camera equipped with a telephoto lens. [ Read more ... ]

Obama threatens to veto greater intelligence oversight: Via Salon: Glenn Greenwald.

(updated below)

One of the principal weapons used by the Bush administration to engage in illegal surveillance activities -- from torture to warrantless eavesdropping -- was its refusal to brief the full Congressional Intelligence Committees about its activities.  Instead, at best, it would confine its briefings to the so-called "Gang of Eight" -- comprised of 8 top-ranking members of the House and Senate -- who were impeded by law and other constraints from taking any action even if they learned of blatantly criminal acts. 

This was a sham process:  it allowed the administration to claim that it "briefed" select Congressional leaders on illegal conduct, but did so in a way that ensured there could be no meaningful action or oversight, because those individuals were barred from taking notes or even consulting their staff and, worse, because the full Intelligence Committees were kept in the dark and thus could do nothing even in the face of clear abuses.  The process even allowed the members who were briefed to claim they were powerless to stop illegal programs.  That extremely restrictive process also ensures irresolvable disputes over what was actually said during those briefings, as illustrated by recent controversies over what Nancy Pelosi and other leading Democrats were told about Bush's torture and eavesdropping programs.  Here's how Richard Clarke explained it in July, 2009, on The Rachel Maddow Show: [ Read more ... ]

EFF Asks Illinois Appellate Court to Block Unmasking of Anonymous Online Critic: Via EFF.org Updates.

Chicago - The Electronic Frontier Foundation (EFF) and the Media Freedom and Information Access Practicum (MFIA) at Yale Law School filed a friend-of-the-court brief today urging the Illinois Court of Appeals to block the unmasking of an anonymous online critic of a local political candidate.

The critic, commenting on a story on the website of a suburban Chicago newspaper called the Daily Herald, engaged in a heated debate with other commenters. One turned out to be the son of the village trustee candidate in Buffalo Grove, Illinois, who was discussed in the article. The candidate, Lisa Stone, who eventually won her race, asked a state court to order the newspaper to release the critic's name and address without appropriately showing that the statements directed towards her son were defamatory or otherwise illegal. Stone indicated that she may choose to subsequently file a lawsuit once she determines the critic's identity through the pre-complaint procedure.

"Because of the enormous potential for abuse, the First Amendment requires litigants to demonstrate that they have a legitimate case before they can use the courts to unmask anonymous online critics," said EFF Senior Staff Attorney Matt Zimmerman. "Insults are not enough, especially when the conversation takes place in the context of a political campaign." [ Read more ... ]

Who You Love Shouldn't Matter When You Serve: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Jene Newsome served nine years in the Air Force. She was recently discharged under the "Don't Ask, Don't Tell" policy after she was outed by South Dakota's Rapid City Police Department.

On November 20, 2009, the Rapid City Police Department came to serve a warrant on Jene Newsome's wife. Jene and her wife, Cheryl, were just married in Iowa a few weeks before the police came knocking on their door.

When the police entered the house, they saw the marriage certificate sitting on the kitchen table. The marriage certificate didn't have anything to do with Cheryl's arrest; one of the officers just saw it as an opportunity to out Jene and end her career. [ Read more ... ]

EFF Posts Documents Detailing Law Enforcement Collection of Data From Social Media Sites: Via EFF.org Updates.

EFF has posted documents shedding light on how law enforcement agencies use social networking sites to gather information in investigations. The records, obtained from the Internal Revenue Service and Department of Justice Criminal Division, are the first in a series of documents that will be released through a Freedom of Information Act (FOIA) case that EFF filed with the help of the UC Berkeley Samuelson Clinic.

One of the most interesting files is a 2009 training course that describes how IRS employees may use various Internet tools -- including social networking sites and Google Street View -- to investigate taxpayers. [ Read more ... ]

Smackdown: Consumer Privacy vs. Advertiser Revenue: Via CDT - Center for Democracy & Technology..

I attended Smackdown: Consumer Privacy vs. Advertiser Revenue and was expecting to hear good discussion about how advertising and targeting firms are battling with privacy groups to meet the needs of the consumer. I was a little disappointed in how little representation from the privacy end there was in the room. The panel opened with moderator Alan Chapell from BlueKai asking whom in the room represented the business side of consumer data and who was from the advocacy end. I was one of three people representing the advocacy end.

The talk began with defining what data they were talking about as panelists tiptoed around exactly what data is being taken by marketers and commented that nothing used is personally identifiable and is used to tailor a better online experience; however, the panel didn’t really discuss one of the most important questions of user data being used for marketing - how long this data is kept and stored?

Discussion from the panelists turned to how advertisers can adapt their industry practices and data practices in the changing legislative environment. The FTC’s public roundtables, in which CDT participated, were discussed as was legislation in Congress being proposed by Rep. Boucher. [ Read more ... ]

Secret Document Calls Wikileaks ‘Threat’ to U.S. Army: Via Threat Level.

Wikileaks presents a “threat to the U.S. Army” and publishes “potentially actionable information” for targeting military personnel, according to a classified intelligence report posted Monday on the whistleblowing site.

The 32-page report entitled Wikileaks.org – An Online Reference to Foreign Intelligence Services, Insurgents, or Terrorist Groups? (.pdf) indicates the government’s concern that “current employees or moles” within the Defense Department or the U.S. government “are providing sensitive or classified information to Wikileaks.” To stop this, the 2008 report had suggested a campaign to expose and punish those who leak to the site, which was founded in 2007 by Chinese dissidents, journalists and mathematicians.

“Wikileaks.org uses trust as a center of gravity by assuring insiders, leakers, and whistleblowers who pass information to Wikileaks.org personnel or who post information to the website that they will remain anonymous,” according to the report. “The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public.” [ Read more ... ]

EFF to Urge True Transparency in Congressional Hearing Thursday: Via EFF.org Updates.

Washington, D.C. - On Thursday, March 18, at 2 p.m., members of the U.S. House of Representatives Oversight and Government Reform Committee will hold a public hearing on the Freedom of Information Act (FOIA) and the Obama administration compliance with transparency law. The hearing comes as transparency advocates celebrate Sunshine Week, the annual celebration of our nation's open government laws that features numerous events measuring the progress made in combating official secrecy.

Senior Counsel David Sobel of the Electronic Frontier Foundation (EFF) will testify at Thursday's hearing, urging the White House to fulfill its promises for open government. Despite President Obama's order to government agencies last year to renew their commitment to FOIA, EFF and other organizations still see delays in releasing relevant documents, excuses for not releasing other records, and excessive redactions, among other needless secrecy. [ Read more ... ]

Investigators: Businesses buying your credit card number: Via NorthWest Cable News.

$10 here. $15 there. 

By putting little charges on your credit card  some companies are making tens of millions of dollars a year. These are businesses that you never gave your credit card number to.

Some consumer groups call it fraud, but it may be perfectly legal.

Christie Frison-Thornton, of Rainier, spotted a $19.95 charge just a few weeks ago.   A company called "Privacy Matters" billed her credit card.

"I thought what the heck is this? Cause I really did not have a clue," said Frison-Thornton. [ Read more ... ]

Global Internet Freedom and the U.S. Government: Via Freedom to Tinker.

Over the past two weeks I've testified in both the Senate and the House on how the U.S. should advance "Internet freedom." I submitted written testimony for both hearings which can be downloaded in PDF form here and here. Full transcripts will become available eventually but meanwhile you can click here to watch the Senate video and here to watch the House video. In both hearings I advocated a combination of corporate responsibility through the Global Network Initiative backed up by appropriate legislation given that some companies seem reluctant to hold themselves accountable voluntarily; revision of export controls and sanctions; and finally, funding and support for tools, and technologies and activism platforms that will counter-act suppression of online speech.
[ Read more ... ]