| |
|
Thursday, March 8, 2007
|
|
Crank Calling for Jesus. A "family values" group trying to clean up Hollywood employs a determined computer dialer named Cammie, which manages to annoy people from coast to coast. In 27B Stroke 6. [Wired News: Top Stories]
11:59:01 PM 
|
|
Credit companies hope a possible change to privacy laws will make it
easier for people with a good credit history to borrow money or get a
mortgage. A change to the Privacy Act, which is being reviewed by
the Law Commission, could open the door for credit companies to sell
both the positive and negative details of people's credit history. Veda
Advantage - formerly Baycorp - holds credit files for 2.4 million
credit-active individuals and 800,000 companies in New Zealand, but
cannot sell details about positive credit history. The Credit
Reporting Privacy Code does not allow positive reports, because such
people should not be forced to reveal private financial dealings. Veda
says a comprehensive credit service would benefit responsible
consumers, who at present often have to borrow at the same rate as
those with a poor credit history.
7:34:43 PM
|
|
The telecoms industry has been accused of
collecting excessive amounts of personal data from its customers, with
telecom firms faring worse for privacy than companies in other
industries.
The accusations come in the
"First Quarter 2007 Online Customer Respect Study of the
Telecommunications Industry", from international research... Editor: Just this teaser unless you register at their site.
7:27:48 PM
|
|
Homeland Security officials are testing a supersnoop computer system that sifts through personal information on U.S. citizens to detect possible terrorist attacks, prompting concerns from lawmakers who have called for investigations.
The system uses the same data-mining process that was developed by the Pentagon's Total Information Awareness (TIA) project that was banned by Congress in 2003 because of vast privacy violations.
A Government Accountability Office (GAO) investigation of the project called ADVISE -- Analysis, Dissemination, Visualization, Insight and Semantic Enhancement -- was requested by Rep. David R. Obey, Wisconsin Democrat and chairman of the House Appropriations Committee.
The investigation focuses on whether the program violates privacy laws, and the findings will be released after completion of the Iraq war supplemental spending bill, possibly as early as this week, a panel aide said.
The ADVISE and TIA data-mining projects rely on personal data to track individual behavior and consumer transactions to develop computer algorithms that create a pattern that some behavioral scientists say can predict terrorist behavior.
Data can include credit-card purchases, telephone or Internet details, medical records, travel and banking information.
Privacy concerns prompted lawmakers on both sides of the aisle to introduce legislation in January to require that government agencies disclose data-mining practices in regular reports to Congress.
"A serious discussion on the implications of data-mining programs is long overdue," Sen. Russ Feingold, Wisconsin Democrat and a sponsor of the bill, said yesterday. Sen. John E. Sununu, New Hampshire Republican, is also a bill sponsor.
7:21:29 PM
|
|
Microsoft Chairman Bill Gates asked the U.S. Congress to pass a comprehensive privacy law this year, allowing consumers to
control how their personal information is used.
Gates
repeated past Microsoft calls for a wide-ranging privacy law during a
speech at advocacy group the Center for Democracy and Technology's
(CDT) annual gala dinner Wednesday. A comprehensive privacy bill should
allow consumers to control their personal data, should provide
transparency about what their data is used for, and should notify them
when their data has been compromised, Gates said.
Gates said he believes the U.S. can achieve a balance between privacy and protecting the country against terrorists and other
criminals. But the balance will not be an easy one to create, Gates said.
While
many U.S. residents would say they want as much privacy "as possible,"
law enforcement needs to be able to track criminals, Gates said. "These
privacy issues are not as easy as you might think," he told the crowd.
7:09:19 PM
|
|
Possibly as a reaction to heise Security's report that Windows Genuine Advantage Notification sends back data to Redmond even when users choose to terminate its installation, a Microsoft developer using the pseudonym alexkoc has now posted an entry in the WGA blog. There he reveals that every update that flows through Windows Update at the very least informs Microsoft about whether the installation was successful or not. In the Privacy Statement of Windows Update Microsoft grants itself fairly far-reaching rights. Thus the information collected by the Redmond-based behemoth includes the computer make and model, version information for the operating system, browser, and any other Microsoft software for which updates might be available, Plug&Play ID numbers of hardware devices, region and language setting, Globally Unique Identifier (GUID), Product ID and Product Key, BIOS name, revision number, and revision date. By way of justifying Microsoft's approach, alexkoc writes that the EULA, likewise presented by the WGA installer, also covered the relaying of such information. With some updates such as the WGA Notification, the installer transmits data that Microsoft says it merely requires for quality control purposes and to improve the installer itself. The WGA package thus, among other things, sends back an event code. To calm the fears of users, alexkoc presents a graphic explaining the various fields of such a data packet. When the product IDs and product keys found belong to legal software, Microsoft will delete the data right away; only in cases of suspected software piracy will it store the data, the company has said. In the blog, the company once again explicitly states that it does not use the information gathered to identify or contact users.
6:54:34 PM
|
|
Patch Reprieve for March's Black Tuesday. Windows PC users and corporate system administrators worldwide will earn a reprieve from Redmond next week. Microsoft said today it has no plans to release new software security updates this month.
It's not as if there aren't any outstanding security flaws that Microsoft could fix this month, but the situation could be a lot worse.
Perhaps Redmond is simply being kind to corporate IT folk, many of whom are working hard to update their companies' software and hardware for the early daylight saving switch this weekend: For the first time in 20 years, daylight saving time will not start on the first Sunday in April. Instead, it will begin three weeks earlier, at 2 a.m. on the second Sunday in March, the 11th. Our IT staff has sent numerous e-mails to laptop users to drop by and make sure the Macs and PCs are all up to date. (Apple and Microsoft have already pushed out patches to address this issue, and if you've been keeping up to date with them, you should be fine, but Windows users can consult this page to be sure.) By the way, updates are available to fix this shift for Palm and Windows Mobile PDAs.
Normally, Microsoft plugs security holes in its software on the second Tuesday of every month, also known as "Patch Tuesday." Microsoft moved to a regular patch cycle a few years ago to make it more predictable for companies who need to staff or schedule extra IT personnel to test and deploy the updates to what could be thousands of systems. The system administrators to whom that task falls typically dread the monthly chore and have a different name for it: "Black Tuesday."
It's been a while since Windows users have been given a pass on patches. By my count, the last time Microsoft skipped a cycle was back in September 2005. [Security Fix]
6:03:31 PM
|
|
C-SPAN Unchains Congressional Hearing Videos. C-SPAN has announced that, effective immediately, its videos of Congressional hearings, White House briefings, and other federal events will be freely available for noncommercial copying, sharing and posting, so long as attribution is included (sounds like the Creative Commons by-nc license, but no confirmation on whether that's what they are using). According to the C-SPAN press release, the move recognizes that we're in "an age of explosive growth of video file sharers, bloggers and online citizen journalists."
This is fantastic news! A considerable helping of the credit belongs to Carl Malamud, who responded to a copyright kerfuffle involving House Speaker Nanci Pelosi's use of C-SPAN hearing footage by writing an open letter to C-SPAN's CEO Brian Lamb challenging him to open up the archives to enable these kinds of public uses of C-SPAN content. Several meetings later, it appears C-SPAN decided to rise to the challenge.
Kudos to Carl, and kudos to C-SPAN. This is an amazing bit of public service all around. (Full disclosure: EFF represented Carl in connection with this issue, but we hardly lifted a finger -- all credit goes to Carl.) [EFF: Deep Links]
Editor: Hmm maybe I'll have to consider making some snippets available in the future. A lot of hearings are dry, but every once in a while you get a real gem.
5:56:27 PM
|
|
Open Government Bill Makes Beeline for House Floor. Government accountability supporters throughout the country are preparing to celebrate the public's right to know during Sunshine Week (March 11-17), and it looks like Congress may have the same idea. On Monday, Reps. William Lacy Clay, Todd Russell Platts, and Henry Waxman introduced a bipartisan bill to make several requester-friendly changes to the Freedom of Information Act (FOIA), which hasn't been significantly updated since 1996. Today the amendments got a thumbs-up from the House Committee on Oversight and Government Reform, and could be on the House floor as early as next week. Improvements that H.R. 1309 will make to the FOIA include: - Not allowing agencies to charge fees for requests that aren't processed within 20 working days.
- Ensuring that a broader range of journalists is entitled to reduced processing fees.
- Making it easier for requesters to recover attorney's fees when they prevail in FOIA lawsuits against the government.
- Creating an ombudsman's office to help resolve disputes between requesters and agencies without litigation.
- Establishing a system to help people track the progress of their FOIA requests.
- Imposing greater reporting requirements to let Congress and the public know more about how agencies are handling requests.
- Making sure that government records held by private contractors are subject to release under FOIA.
EFF thinks this bill will give agencies greater incentive to follow the law and make it easier for all FOIA requesters to access government documents. Learn more about open government through EFF's Flag Project and our FOIA FAQ for bloggers. [EFF: Deep Links]
5:51:20 PM
|
|
Yochai Benkler, Cory Doctorow, and Bruce Schneier Win EFF Pioneer Awards. Mark Cuban to Keynote Award Ceremony in San Diego
San Francisco - The Electronic Frontier Foundation (EFF) is pleased to announce the winners of its 2007 Pioneer Awards: Professor Yochai Benkler of Yale Law School, writer and Boing Boing co-editor Cory Doctorow, and security technologist Bruce Schneier. Mark Cuban -- HDNet Chairman and NBA Dallas Mavericks owner -- will give the keynote address at the award ceremony. The 16th annual Pioneer Awards will be held at 7:30pm, March 27th, at the Manchester Grand Hyatt in San Diego in conjunction with the O'Reilly Emerging Technology Conference.
Professor Yochai Benkler of Yale Law School researches the effects of laws on information, knowledge, and culture in the digital world. Benkler's important contributions include a theoretical explanation of how the Internet has allowed decentralized groups to produce things like technologies and bodies of knowledge more efficiently than any centrally organized corporation or trade-based marketplace could. After the publication of Benkler's most recent book, "The Wealth of Networks," Lawrence Lessig called him "the leading intellectual of the information age."
Cory Doctorow is an activist, writer, blogger, and public speaker about copyright, digital rights management, and electronic freedom. As a co-editor of the Boing Boing blog, he highlights critical technology issues for more than a million readers a day. Doctorow has lectured around the globe and has been nominated for Hugo and Nebula Awards for his science fiction novels. Doctorow is currently the Canadian Fulbright Chair at the USC Center on Public Diplomacy. He was EFF's European Affairs Coordinator until December of 2005.
Bruce Schneier is an internationally renowned security technologist acclaimed for his criticism and commentary on everything from network security to national security. His books -- including the highly influential "Secrets and Lies" and "Applied Cryptography" -- his monthly newsletter, and his security blog have reached hundreds of thousands of people with candid and lucid analysis of security issues. Schneier has often testified before Congress on security policy.
"This year's award winners have all provided important analysis and criticism of our digital world, educating the public on how electronic systems really work and what it means to us and our future," said EFF Executive Director Shari Steele. "I'm thrilled to honor Yochai, Cory, and Bruce. They are truly pioneers of the electronic frontier."
Since 1991, the EFF Pioneer Awards have recognized individuals and organizations that have made significant and influential contributions to the development of computer-mediated communications and to the empowerment of individuals in using computers and the Internet. Past winners include World Wide Web inventor Tim Berners-Lee, Linux creator Linus Torvalds, science fiction writer Bruce Sterling, and Wikipedia founder Jimmy Wales, among many others.
Benkler, Doctorow, and Schneier were nominated by the public and then chosen by a panel of judges. This year's panel includes Kim Alexander (President and founder, California Voter Foundation), Esther Dyson (Internet court jester and blogger, Release 0.9; founding chairman of ICANN; former chairman of EFF), Mitch Kapor (Chair, Open Source Applications Foundation; co-founder and former chairman EFF), Drazen Pantic (Co-director, Location One), Barbara Simons (IBM Research [Retired] and former president ACM), James Tyre, (Co-founder, The Censorware Project; EFF policy fellow) and Jimmy Wales, (Founder, Wikipedia; co-founder, Wikia; chair emeritus of the Wikimedia Foundation).
The Pioneer Awards are sponsored by Sling Media, the world's leading digital lifestyle company offering consumer services and products. Sling Media's product family includes the internationally acclaimed Slingbox that allows consumers to watch and control their living room television at any time, from any location, using PCs, Macs, PDAs and smartphones. For more information on Sling Media or the Slingbox, visit www.slingmedia.com.
Tickets to the Pioneer Awards ceremony and Mark Cuban's keynote address are $35. If you plan to attend, RSVP to events@eff.org. You can also pay for your tickets in advance at http://secure.eff.org/pioneerfundraiser. Members of the media interested in attending the event should email press@eff.org.
For more on attending the Pioneer Awards:
http://www.eff.org/awards/pioneer
Contact:
Katina Bishop
Associate Director of Development
Electronic Frontier Foundation
katina@eff.org [EFF: Breaking News]
5:39:43 PM
|
|
How Computers Can Make Voting More Secure. By now there is overwhelming evidence that today[base ']s paperless computer-based voting technologies have such serious security and reliability problems that we should not be using them. Computers can[base ']t do the job by themselves; but what role should they play in voting?
It[base ']s tempting to eliminate computers entirely, returning to old-fashioned paper voting, but I think this is a mistake. Paper has an important role, as I[base ']ll describe below, but paper systems are subject to well-known problems such as ballot-box stuffing and chain voting, as well as other user-interface and logistical challenges.
Security does require some role for paper. Each vote must be recorded in a manner that is directly verified by the voter. And the system must be software-independent, meaning that its accuracy cannot rely on the correct functioning of any software system. Today[base ']s paperless e-voting systems satisfy neither requirement, and the only practical way to meet the requirements is to use paper.
The proper role for computers, then, is to backstop the paper system, to improve it. What we want is not a computerized voting system, but a computer-augmented one.
This mindset changes how we think about the role of computers. Instead of trying to make computers do everything, we will look instead for weaknesses and gaps in the paper system, and ask how computers can plug them.
There are two main ways computers can help. The first is in helping voters cast their votes. Computers can check for errors in ballots, for example by detecting an invalid ballot while the voter is still in a position to fix it. Computers can present the ballot in audio format for the blind or illiterate, or in multiple languages. (Of course, badly designed computer interfaces can do harm, so we have to be careful.) There must be a voter-verified paper record at the end of the vote-casting process, but computers, used correctly, can help voters create and validate that record, by acting as ballot-marking devices or as scanners to help voters spot mismarked ballots.
The second way computers can help is by improving security. Usually the e-voting security debate is about how to keep computers from making security too much worse than it was before. Given the design of today[base ']s e-voting systems, this is appropriate [~] just bringing these systems up to the level of security and reliability in (say) the Xbox and Wii game consoles would be nice. Even in a computer-augmented system, we[base ']ll need to do a better job of vetting the computers[base '] design [~] if a job is worth doing with a computer, it[base ']s worth doing correctly.
But once we adopt the mindset of augmenting a paper-based system, security looks less like a problem and more like an opportunity. We can look for the security weaknesses of paper-based systems, and ask how computers can help to address them. For example, paper-based systems are subject to ballot-box stuffing [~] how can computers reduce this risk?
Surprisingly, the designs of current e-voting technologies, even the ones with paper trails, don[base ']t do all they can to compensate for the weaknesses of paper. For example, the current systems I[base ']ve seen keep electronic records that are subject to straightforward post-election tampering. Researchers have studied approaches to this problem, but as far as I know none are used in practice.
In future posts, we[base ']ll discuss design ideas for computer-augmented voting.
Share This
[Freedom to Tinker]
5:35:06 PM
|
|
|
© Copyright 2007 Paul Hardwick.
Last update: 3/18/07; 6:30:21 PM.
|
|
|
