The Beginning of the End of Data Retention: Via EFF.org Updates.

Last week, the German Constitutional Court issued a much-anticipated decision, striking down its data retention law as violating human rights. It was an important victory for Europe’s Freedom Not Fear movement, which was formed to oppose the EU Data Retention Directive. But it was also a reminder of the political work which remains to be done to defeat it.

When the European Union first passed the Data Retention Directive in 2006, despite a hard-fought campaign by European activists, it seemed like the beginning of the end for Internet privacy. The directive sought to require telecommunications service providers operating in Europe to retain a detailed history of each of their customers' activity for up to 2 years for possible use by law enforcement; including phone calls made and emails sent and received.

The response from European citizens was swift and outraged. Under the banner of Freedom Not Fear, mass protests were held in cities all across Europe and beyond. [ Read more ... ]

Zeus botnet dealt a blow as ISP Troyak knocked out: Via Computerworld Cybercrime/Hacking News.

Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.

Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.

The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it." [ Read more ... ]

European Parliament Rips Global IP Accord: Via Threat Level.

The European Parliament delivered a political blow to Hollywood and the Obama administration, voting Wednesday 663 to 13 in opposition to a proposed and secret intellectual property agreement being negotiated by the European Union, United States and a handful of others.

Wednesday’s developments concerning the Anti-Counterfeiting and Trade Agreement are substantial because the European Union’s 27 countries vastly outnumber the remaining countries negotiating the deal. They are Australia, Canada, Japan, South Korea, Mexico, Morocco, New Zealand, Singapore, Switzerland and the United States. Ambassador Ron Kirk, the top U.S. trade official, is spearheading the deal that began being crafted under the George W. Bush administration.

Kirk’s office declined comment.

To be sure, there is a dispute and heavy confusion concerning whether internet service providers under ACTA would be forced to punish customers deemed copyright scofflaws by reducing or eliminating service, according to a string of leaked documents. So Parliament members also agreed Wednesday to oppose the measure if it contains so-called “three strikes” or “graduated response” policies — regardless of whether that’s now in the text.

And because of the text’s secrecy, Parliament on Wednesday also demanded (.pdf) that the private agreement still under negotiation be publicly released. [ Read more ... ]

Italy Convicts Google Execs To Protect Privacy: Via NPR.

Europeans are debating the overall reach of the Internet into their lives. An Italian court recently convicted three Google executives for privacy violations after a clip was posted on Google Video showing a disabled student being bullied by classmates in Turin. The ruling highlights a deep trans-Atlantic cultural gap: Americans see the ruling as undermining the concept of freedom of expression, while Europeans put privacy first — they consider it a fundamental human right. [ Read more ... ]

Spain Busts Hackers for Infecting 13 Million PCs: Via Threat Level.

BOSTON (Reuters) — Spanish police have shut down a ring of computer hackers who infected more than 13 million PCs with a virus that stole credit card numbers and other valuable data in what may be the biggest cyber-raid to date.

Spain’s Civil Guard said on Tuesday that it arrested three men suspected of running the so-called Mariposa botnet, named after the Spanish word for butterfly. A press conference to give more details is scheduled for Wednesday.

Mariposa had infected machines in 190 countries in more than half of the world’s 1,000 largest companies and in at least 40 big financial institutions, according to two Internet security firms that helped Spanish officials crack the ring, Canada’s Defense Intelligence and Spain’s Panda Security. [ Read more ... ]

In Italian Google Case, American and European Ideas of Privacy Collide: Via NYTimes.com .

“On the Internet, the First Amendment is a local ordinance,” said Fred H. Cate, a law professor at Indiana University. He was talking about last week’s ruling from an Italian court that Google executives had violated Italian privacy law by allowing users to post a video on one of its services.

In one sense, the ruling was a nice discussion starter about how much responsibility to place on services like Google for offensive content that they passively distribute.

But in a deeper sense, it called attention to the profound European commitment to privacy, [ Read more ... ]

Open Wi-Fi 'outlawed' by Digital Economy Bill(UK)k: Via ZDNet.co.uk .

The government will not exempt universities, libraries and small businesses providing open Wi-Fi services from its Digital Economy Bill copyright crackdown, according to official advice released earlier this week.

This would leave many organisations open to the same penalties for copyright infringement as individual subscribers, potentially including disconnection from the internet, leading legal experts to say it will become impossible for small businesses and the like to offer Wi-Fi access.

Lilian Edwards, professor of internet law at Sheffield University, told ZDNet UK on Thursday that the scenario described by the Department for Business, Innovation and Skills (BIS) in an explanatory document would effectively "outlaw open Wi-Fi for small businesses", and would leave libraries and universities in an uncertain position. [ Read more ... ]

Italian Court Finds Google Violated Privacy: Via NYT > Privacy.

Google said the case, involving a video of bullying, could undermine freedom of expression on the Internet.

MILAN — Three Google executives were convicted Wednesday of violating Italian privacy laws in a ruling that the company denounced as an “astonishing” attack on freedom of expression on the Internet.

The case involves online videos showing an autistic boy being bullied by classmates in Turin, which were posted in 2006 on Google Video, an online video-sharing service that Google ran before its acquisition of YouTube.

Prosecutors charged that the videos violated Italian personal privacy protections. They said the clips were removed only after complaints from Vivi Down, an Italian organization representing people with Down syndrome, whose name was mentioned in the videos.

“We are definitely satisfied that someone has to take responsibility for this violation of privacy,” said Guido Camera, a lawyer for Vivi Down. [ Read more ... ]

Augmented Identity App Helps You Identify and Friend Perfect Strangers, Face to Face : Via Popular Science.

By this point, we're all familiar with augmented reality, but Swedish mobile software firm The Astonishing Tribe is taking information overload to the next logical step: augmented identity. Mashing up face recognition technology, computer vision, cloud computing, and augmented reality with the complex digital lives many of us lead on the Internet, TAT has created an app that allows you to gather information on a person and their social networking life simply by pointing your camera phone at their face.

Dubbed Recognizr, the app essentially works like this: the user points the camera at a person across the room. Face recognition software creates a 3-D model of the person's mug and sends it across a server where it's matched with an identity in the database. A cloud server conducts the facial recognition since and sends back the subject's name as well as links to any social networking sites the person has provided access to. [ Read more ... ]

ACTA "internet enforcement" chapter leaks: Via Boing Boing .

Someone has uploaded a PDF to a Google Group that is claimed to be the proposal for Internet copyright enforcement that the USA has put forward for ACTA, the secret copyright treaty whose seventh round of negotiations just concluded in Guadalajara, Mexico. This reads like it probably is genuine treaty language, and if it is the real US proposal, it is the first time that this material has ever been visible to the public. According to my source, the US proposal is the current version of the treaty as of the conclusion of the Mexico round.

I've read it through a few times and it reads a lot like DMCA-plus. It contains, for example, a duty to technology firms to shut down infringement where they have "actual knowledge" that such is taking place. This argument was put forward in the Grokster case, and as Fred von Lohmann argued then, this is a potentially deadly burden to place on technology companies: in the offline world Xerox has "actual knowledge" that its technology is routinely used to infringe copyright at Kinko's outlets around the world -- should that create a duty to stop providing sales and service to Kinko's?

This also includes takedown procedures for trademark infringement, as well as the existing procedures against copyright infringement. [ Read more ... ]

Shell hit by massive data breach: Via The Register(UK).

Shell has been hit by a massive data breach - the contact database for 176,000 staff and contractors at the firm has been copied and forwarded to lobbyists and activists opposed to the company.

John Donovan, an activist who received the database, said he had voluntarily destroyed the files. But he warned that other copies were available online.

The email supposedly comes from 176 "concerned staff" to highlight Shell's activities in Nigeria. The database is about six months old and could have been released by a recently laid off staff member, or there could really be a rogue campaign group within Shell. [ Read more ... ]

EP ditches US SWIFT deal on bank data over privacy - : Via Banking : europa, europe | euronews.

An EU deal with the US has been judged not good enough for the European Parliament — the so-called SWIFT agreement on sharing bank data. This would have meant exposing ordinary Europeans’ accounts to American anti-terrorist investigators.

A nine-month interim agreement went into force provisionally at the start of this month. But Liberal, Socialist and Green euro-MPs opposed it. They said the correct balance between security and the protection of civil liberties was missing.

[...]

Washington previously had access to the data, collected by the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which registers money transfers among states. EU diplomats say one way to regain access could be to seek bilateral agreements.

Read Original Article:(Via Banking : europa, europe | euronews.)

Researchers find huge weakness in European payment cards: Via Computerworld Security News.

Hundreds of millions of payment cards throughout Europe have a flaw that could allow criminals with a stolen card to enter any random PIN to complete a transaction, according to researchers from the University of Cambridge.

The findings, which will be presented at the IEEE Symposium on Security and Privacy in California in May, cast new doubts on chip-and-PIN or EMV cards. The cards contain a microchip that verifies a correct PIN in order to complete a transaction.

European banks hail the system as more secure, as U.S. cards do not have the microchip, which has so far prevented some types of card cloning.

But the Cambridge researchers have found a weakness in the complicated EMV protocol that allows for a man-in-the-middle attack. It essentially tricks the point-of-sale terminal into believing it has received a correct PIN no matter what digits are entered. [ Read more ... ]

Wikileaks and Iceland MPs propose 'journalism haven': Via BBC News.

Iceland could become a "journalism haven" if a proposal put forward by some Icelandic MPs aided by whistle-blowing website Wikileaks succeeds.

The Icelandic Modern Media Initiative (IMMI), calls on the country's government to adopt laws protecting journalists and their sources.

It will be filed with the Althingi - Iceland's parliament - on 16 February.

If the proposal succeeds it will require the Icelandic government to consider introducing legislation.

Julian Assange, Wikileaks' editor, told BBC News that the idea was to "try and reform Iceland's media law to be a very attractive jurisdiction for investigative journalists".

He has been in Iceland for a number of weeks and is advising MPs on the IMMI.

The hope is that journalist-friendly laws will encourage media businesses to move to Iceland. [ Read more ... ]

Another View: Why Privacy Matters to the Swiss: Via DealBook Blog - NYTimes.com .

The United States, the European Union and its individual member countries, the Organization for Economic Cooperation and Development, a host of nongovernmental organizations and a phalanx of other interested parties have drawn a bead on Switzerland, howling that it refuses to see the light and pin up the names of foreign bank clients on the front doors of its banks.

[...]

Swiss banks in general, and the country’s banking secrecy laws in particular, have been blamed for a lot of the world’s evils, including tax evasion, tax fraud, capital flight, Third World poverty, money-laundering and the financing of terrorism. Let’s add climate change, continental drift and lumps in mashed potato to the charge sheet for good measure. But what exactly is this fabled “banking secrecy” now being harpooned by boatloads of Captain Ahabs, and why are the Swiss so attached to it? [ Read more ... ]

British Court Orders Release Of Torture Evidence In Extraordinary Rendition Case: Via American Civil Liberties Union.

Ruling May Affect British Resident's Case In ACLU Lawsuit Against Boeing Subsidiary For Its Role In Unlawful Extraordinary Rendition Program 

FOR IMMEDIATE RELEASE
CONTACT: (212) 549-2666; media@aclu.org

NEW YORK – The American Civil Liberties Union commended today's ruling by a British court that the British government must release evidence of torture in the case of British resident Binyam Mohamed, who was captured in Pakistan and detained in Morocco, Afghanistan and Guantánamo Bay as part of the Bush administration's extraordinary rendition program. While in detention, Mohamed was subjected to physical and psychological abuse by his captors. Upon his release, Mohamed sought documents from the British government that would confirm that U.K. officials were aware of and complicit in his abuse by U.S. forces. Today's ruling orders the disclosure of seven previously suppressed paragraphs from an earlier court ruling that summarize British government documents related to Mohamed's detention and torture while under the control of U.S. authorities. [ Read more ... ]

Sweden Probing Cisco, NASA Hacks: Via Threat Level.

Swedish investigators are probing a hacker U.S. authorities accuse of unlawfully intruding into Cisco Systems, NASA’s Ames Research Center and NASA’s Advanced Supercomputing Division, the authorities said Monday.

Philip Gabriel Pettersson, known in the hacking world as “Stakkato,” allegedly seized computer code that controls internet traffic. After the 2004 breach of Cisco, the proprietary source code for Cisco’s IOS operating system was discovered on a Russian website.

Pettersson was indicted in the United States in May on five hacking counts, (.pdf) but could not be brought from Sweden to the United States for trial. Sweden does not extradite its own citizens, but said it was examining whether to prosecute him in Sweden after U.S. authorities in San Francisco initiated that request. [ Read more ... ]

Hackers Steal Millions in Carbon Credits: Via Threat Level.

Credit card numbers are so passe. Today’s hackers know the real powerhouse data to steal is emission certificates.

That’s exactly what hackers went after last week when they obtained unauthorized access to online accounts where companies maintain their carbon credits, according to the German newspaper Der Spiegel.

The hackers launched a targeted phishing attack against employees of numerous companies in Europe, New Zealand and Japan, which appeared to come from the German Emissions Trading Authority. The workers were told that their companies needed to re-register their accounts with the Authority, where carbon credits and transactions are recorded. [ Read more ... ]

Europe Looms as Major Battleground for Google: Via NYT > Privacy.

PARIS — Google has a problem in China. It may be headed for a bigger one in Europe.

So far, no one has accused European governments of cyberattacks like those that Google says it has suffered in China. But on issues from privacy to copyright protection to the dominance of Google’s Internet search engine, clashes with European lawmakers, regulators and consumer advocates are escalating.

Europe matters to Google and its shareholders — potentially more than China. For nowhere else in the world is the company as powerful and as potentially vulnerable. Across most of Europe, Google is by far the biggest search engine, with a substantially bigger market share than in the United States. In a single European country, Britain, Google has roughly 10 times its estimated sales in China.

On a region where the media sector is mostly fragmented along national lines and sometimes dependent on public subsidies, Google’s border-straddling scale, its ambitious pursuit of profit and its embrace of an open, anything-goes Web are raising alarms. [ Read more ... ]

Irish blogger agrees €100,000 settlement for libel: Via IT Law in Ireland.

The Sunday Times has details of the settlement which was obliquely mentioned in Forbes last week:

A blogger has agreed a €100,000 settlement after libelling Niall Ó Donnchú, a senior civil servant, and his girlfriend Laura Barnes. It is the first time in Ireland that defamatory material on a blog has resulted in a pay-out.

Barnes, an American book dealer, made a profit of up to €800,000 in 2005 from selling a cache of James Joyce papers to the state. One year later she began a relationship with Ó Donnchú, an assistant secretary in the Department of Arts, Sports and Tourism.

In December 1, 2006, a blogger who styles himself as Ardmayle posted a comment about the couple and the sale of the Joycean manuscripts under the headline “Barnes and Noble”. Following a legal complaint, he took down the blog and in February 2007 he posted an apology which had been supplied by Ó Donnchú’s and Barnes’ lawyer, Ivor Fitzpatrick solicitors. [ Read more ... ]

Bookmark/Search this post with:

• Twitter
• Digg
• StumbleUpon
• Technorati
• del.icio.us
• Facebook
• Furl
• LinkedIn
• Yahoo

Net Neutrality book now out: Via IT Law in Ireland.

I've been looking forward to reading Chris Marsden's new book Net Neutrality and am glad to see that it's now been released by Bloomsbury - with a free download (PDF) under a CC licence being the icing on the cake. This passage gives a sense of the perspective he takes: [ Read more ... ]

CCTV in the sky: police plan to use military-style spy drones: Via UK news | The Guardian.

Police in the UK are planning to use unmanned spy drones, controversially deployed in Afghanistan, for the "routine" monitoring of antisocial motorists, protesters, agricultural thieves and fly-tippers, in a significant expansion of covert state surveillance.

The arms manufacturer BAE Systems, which produces a range of unmanned aerial vehicles (UAVs) for war zones, is adapting the military-style planes for a consortium of government agencies led by Kent police.

Documents from the South Coast Partnership, a Home Office-backed project in which Kent police and others are developing a national drone plan with BAE, have been obtained by the Guardian under the Freedom of Information Act.

They reveal the partnership intends to begin using the drones in time for the 2012 Olympics. They also indicate that police claims that the technology will be used for maritime surveillance fall well short of their intended use – which could span a range of police activity – and that officers have talked about selling the surveillance data to private companies. [ Read more ... ]

CCTV in the sky: police plan to use military-style spy drones: Via UK news | The Guardian.

Police in the UK are planning to use unmanned spy drones, controversially deployed in Afghanistan, for the "routine" monitoring of antisocial motorists, protesters, agricultural thieves and fly-tippers, in a significant expansion of covert state surveillance.

The arms manufacturer BAE Systems, which produces a range of unmanned aerial vehicles (UAVs) for war zones, is adapting the military-style planes for a consortium of government agencies led by Kent police.

Documents from the South Coast Partnership, a Home Office-backed project in which Kent police and others are developing a national drone plan with BAE, have been obtained by the Guardian under the Freedom of Information Act.

They reveal the partnership intends to begin using the drones in time for the 2012 Olympics. They also indicate that police claims that the technology will be used for maritime surveillance fall well short of their intended use – which could span a range of police activity – and that officers have talked about selling the surveillance data to private companies. A prototype drone equipped with high-powered cameras and sensors is set to take to the skies for test flights later this year. [ Read more ... ]

EU has doubts as ISP rolls out DPI for copyright enforcement: Via Law & Disorder Section - Ars Technica.

Back in November, UK ISP Virgin Media announced that it would start using deep packet inspection gear to start riffling through user traffic. The goal was to search some of the leading P2P networks in order to measure copyrighted material passing through them. Today, the European Commission indicated that the plan is problematic, and it will keep a close eye on the trial. [ Read more ... ]

Terms of (Ab)Use: US and UK Consumers Dance to Different iTunes: Via EFF.org Updates.

Too often, online services draft their "Terms of Service" (TOS) agreements in ways that are one-sided and overreaching. In Europe, however, regulators are beginning to step in to protect consumers. In late November, the U.K.'s Office of Fair Trading (or OFT) announced that Apple, Inc. agreed to change the terms and conditions for its popular iTunes online music store in the United Kingdom. In particular, according to the statement from the OFT, the changes make the iTunes terms "clear, fair and easy to understand," and, more importantly, give consumers "clear and accurate information about their [] rights in case things go wrong." The OFT took action following a similar intervention by the Norwegian Consumer Council.

In the U.S., by contrast, there has been little regulatory attention paid to protecting consumers from overreaching TOS agreements. Thanks to a history of deference to "freedom of contract" in the U.S., along with a dearth of consumer protection laws that apply to online services, U.S. consumers often lack adequate protections from unfair "terms and conditions." [ Read more ... ]