U.S. Intel Wants Super-Sensitive Human Lie-Detectors: Via Danger Room.

The U.S. intelligence community wants to master the art of BS-detection. But instead of improving on pre-existing methods, like polygraph tests or voice stress analysis, they want to amplify our own, intuitive, “pre-conscious human assessment of trustworthiness.”

Iarpa, the intelligence community’s out-there research unit, are behind the effort to overcome even the sneakiest deceivers. Last year, Iarpa held a researchers conference to discuss a little idea they call TRUST, short for “Tools for Recognizing Useful Signals of Trustworthiness.” Now, Iarpa has started soliciting proposals for the project, which they envision as a five-year, three-phased overhaul of current deception-detection technology. [ Read more ... ]

ACTA: International Harmonization at What Cost?: Via EFF.org Updates.

The next round of negotiations on ACTA start today in Guadalajara, Mexico. This week’s negotiations will apparently focus on civil enforcement, border measures, and enforcement procedures in the digital environment, and briefly, transparency.

One of the main goals of ACTA is creating new harmonized international IP enforcement standards above those in the 1994 TRIPs agreement. Thirty-seven countries with 37 different national laws are negotiating ACTA, so reaching agreement on new substantive IP enforcement standards will inevitably involve compromises. Some countries will be required to change their national law to bring them closer to other countries' approaches to IP regulation. Since two of the major powers negotiating ACTA are the US and the European Union (and its 27 Member States), there is much scope for different approaches and disagreements to arise. This is particularly true for Internet intermediary liability — where laws in the US and the various EU Member States take quite different approaches.

Which country prevails in this battle of legal wills will have tremendous consequences for citizens' access to knowledge and the future of the Internet as a powerful tool for communication, cross-border collaboration and a platform for innovation. [ Read more ... ]

Report: U.S. Fears Public Scrutiny Would Scuttle IP Treaty Talks — Update: Via Threat Level.

The proposed Anti-Counterfeiting Trade Agreement, or ACTA, has been shrouded in secrecy, and the Bush and the Obama administrations have declared it unsuitable for public debate because divulging its contents could harm America’s “national security.”

A few recent leaks have showed that the unfinished agreement, which is being negotiated largely between the European Union and the United States, is likely to benefit the content industry. At the same time, it might pave the way for international guidelines that could lead to consumers losing their internet accounts if they are believed to be digital copyright scofflaws.

But we now know that the real reason for secrecy, the one suspected all along, was that the United States does not think it could reach an accord with Europe and the nearly dozen other nations if the proposal came under public scrutiny. [ Read more ... ]

NPR Story on Google Books, Privacy and the Future of the Book: Via EFF.org Updates.

NPR had a radio story yesterday on the Google Books settlement and the privacy concerns raised by EFF and many authors and publishers. It's short but does a great job of covering the basic points, and includes excellent commentary from author Jonathan Lethem, who has joined EFF in calling on Google to do more to commit to privacy protections for readers: [ Read more ... ]

EFF and PK to Congress: U.S. Trade Advisory Committee Needs Technology Users' Input: Via EFF.org Updates.

EFF and Public Knowledge this week urged Congress to give American technology users more input in international trade agreements that have broad ramifications for digital freedom. In written testimony submitted to the House Ways and Means Committee, the groups told lawmakers that the U.S. Trade Representative's influential industry trade advisory committee on intellectual property should represent the interests of all stakeholders, and not just IP owners. PK and EFF also called on Congress to amend the Trade Act to change the default rules that allow the USTR to close ITAC meetings and prevent disclosure of ITAC documents to the public.

The current controversy over the proposed Anti-Counterfeiting Trade Agreement (ACTA) demonstrates why this is necessary. Representatives of the MPAA, the RIAA, ESA and BSA have called for treaty provisions that would require Internet service providers to engage in filtering of their customers' Internet communications for potentially copyright-infringing material, force mandatory disclosure of personal information about alleged copyright infringers, and adopt "Three Strikes" policies requiring ISPs to automatically terminate customers' Internet access upon a repeat allegation of copyright infringement. [ Read more ... ]

Sears Credit Card Problem Shines Light On Marketing Data Madness: Via PogoWasRIght - Privacy News Headlines.

Thousands of Sears consumers this month started receiving letters inviting them to join in a class-action lawsuit against the retailer, all because of a charge that Sears shared consumer payment card data (name, address, telephone number and scrambled or unscrambled credit card number) with a marketing partner without authorization.

To be clear, the credit- and debit-card data sharing that Sears is accused of sharing happened between Sept. 9, 1995, and June 22, 2001, long before PCI even existed. But such a thing could never happen today, in our PCI-compliant environment, right? Think again, Breach Boy.

Source - StorefrontBacktalk

Read Original Article:(Via PogoWasRIght - Privacy News Headlines.)

Spock sale sparks privacy concerns: Via Computerworld Blogs.

There's some hand-wringing going on over the recent announcement that Intelius, an online background check service has purchased Spock, a people search engine, for an undisclosed amount. Some say there's a shady vibe that emanates from Intelius that may not bode well for Spock, but the big concern seems to be that this marriage signals a slippery slide toward an invasion of privacy. [ Read more ... ]

Every Vote Counts: the EU Copyright Term Extension Battle Heats Up: Via EFF.org Updates.

The recording industry has been stridently preparing for victory in their battle to double the term of sound copyright in the EU. But their campaign has hit an unexpected hitch -- individual governments among the EU member states think their demands overstep the mark. [ Read more ... ]

'Smart Grid' may be vulnerable to hackers: Via CNN.com .

WASHINGTON (CNN) -- Is it really so smart to forge ahead with the high technology, digitally based electricity distribution and transmission system known as the "Smart Grid"? Tests have shown that a hacker can break into the system, and cybersecurity experts said a massive blackout could result.

Until the United States eliminates the Smart Grid's vulnerabilities, some experts said, deployment should proceed slowly.

"I think we are putting the cart before the horse here to get this stuff rolled out very fast," said Ed Skoudis, a co-founder of InGuardians, a network security research and consulting firm. [ Read more ... ]

USTR Misses the Transparency Memo Via CDT - PolicyBeta :

When President Obama signed a Transparency and Open Government memo as well as a Freedom of Information Act memo on his first day in office, we were very heartened to see transparency made a key element of the start of this administration. In his first day in office, the President revoked Bush-era policies of data secrecy and returned the federal government to a presumption of openness, and we lauded him. We could not say it any better than the memos did: “In the face of doubt, openness prevails. The government should not keep information confidential merely because public officials might be embarrassed by disclosure,” and “openness will strengthen our democracy and promote efficiency and effectiveness in Government.”

Unfortunately, the office of the U.S. Trade Representative seems to have missed these memos. [ Read more ... ]

WBUR and NPR's On Point with Tom Ashbrook - Via Cyber Insecurity on NPR OnPointRadio.com :

In the Bruce Willis thriller “Live Free or Die Hard,” fiendish computer hackers throw the United States into a wild tailspin of fire and flood and national gridlock.

You don’t have to go to the movies to assess this threat. Every hour of every day, global gangs and thinly-veiled government probes are poring through digital America — through corporate secrets and the Pentagon, Obama and McCain campaign files, White House e-mail, front-line American military bases.

A big new report says it has to be stopped. But can it be?

This hour, On Point: Cyber insecurity, out of control. [ Read more ... ]

Once greeted warmly, Google wears out welcome: Via International Herald Tribune>

When Google began hiring in Zurich for its new engineering center in 2004, local officials welcomed the U.S. company with open arms. Google's arrival is still bearing fruit for Zurich: 450 employees, about 300 of them engineers, work in Google's seven-story complex in a converted brewery on the outskirts of the placid mountain metropolis.

But almost five years into its expansion into Europe - where it has a headquarters in Dublin, large facilities in Zurich and London and smaller centers in Denmark, Russia and Poland, among other countries - Google is beginning to bump up against a web of privacy laws that threaten its growth and the positive image it has cultivated as a company dedicated to doing good - its unofficial motto.

In Switzerland, data protection officials are quietly pressing Google to scrap plans to introduce Street View, a mapping service that provides a vivid, 360-degree, ground-level photographic panorama from any address. Swiss privacy law prohibits the unauthorized use of personal images or property.

In Germany, where Street View is also not available, the simple process of taking photographs for the service violates privacy laws. [ Read more ... ]

EU Council Refuses To Release ACTA Documents: Via Slashdot

CaptSolo writes "The EU Council refuses to release secret Anti-Counterfeiting Trade Agreement documents, stating that disclosure of this information could impede the proper conduct of the negotiations, would weaken the position of the EU in these negotiations, and might affect relations with the third parties concerned. The Foundation for a Free Information Infrastructure requested these documents last week. FFII's response questions ACTA's secrecy saying: 'The argument that public transparency regarding 'trade negotiations' can be ignored if it would weaken the EU's negotiation position is particularly painful. At which point exactly do negotiations over trade issues become more important than democratic law making? At 200 million euro? At 500 million euro? At 1 billion euro? What is the price of our democracy?'"

Read Original Article (Via Slashdot .)

Data security: What the law requires of IT - Via InfoWorld | Analysis | 2008-08-18 | By Thomas J. Smedinghoff :

IT's legal duty to secure sensitive data is complex and continuously evolving. Here's how to avoid the legal ramifications of a data breach 

        
For most IT organizations, securing corporate data against compromise is priority No. 1. Girding the enterprise against breaches is a constant, thankless task requiring foresight, vigilance, and much in the way of IT expenditures. Keep up with the latest threats, or find your company in the headlines -- and your job on the line.

Such is the shift in attitude toward security in IT. In the Wild West, when Jesse James and Butch Cassidy robbed banks, we felt sorry for the banks and hunted down the outlaws. Today, when someone breaks into a company's computer system, our response is totally different: We blame the company for failing to provide adequate security.

Codifying this shift is a complex blend of laws and regulations enacted to protect the confidentiality and integrity of valuable personal data and the individuals who might be harmed by a breach. Not complying with these mandates can result in grave legal consequences should your organization suffer a breach. [ Read more ... ]

Technology's Toll on Privacy and Security: In-Depth Reports in Scientific American's Special Issue - Via Scientific American:

Computers, databases and networks have connected us like never before, but at what cost?

SciAm's issue on Privacy. Our jittery state since 9/11, coupled with the Internet revolution, is shifting the boundaries between public interest and "the right to be let alone"

A cold wind is blowing across the landscape of privacy. The twin imperatives of technological advancement and coun­terterrorism have led to dramatic and possibly irreversible changes in what people can expect to remain of private life. Nearly 10 years ago Scott McNealy of Sun Microsystems famously pronounced the death of privacy. “Get over it,” he said. Some people, primarily those younger than about 25, claim to have done just that, embracing its antithesis, total public disclosure. And of course in many cases—determining the whereabouts of a terrorist or the carrier of a disease—public interest has an overwhelming claim on information that is usually private.

Yet in many contexts—banking, commerce, diplomacy, medicine—private com­­munications are essential. The founding fa­­thers of the Republic put great stock in personal privacy; privacy is embodied (though, as we are often reminded, not stated) in the Bill of Rights. In her keynote essay Esther Dyson clarifies what “privacy” means by reminding us what it is not: several important issues commonly labeled dilemmas of privacy are better understood as issues of security, health policy, insurance or self-pre­sentation. [ Read more ... ]

China's All-Seeing Eye : Rolling Stone - Via Rolling Stone:

With the help of U.S. defense contractors, China is building the prototype for a high-tech police state. It is ready for export.

Now, as China prepares to showcase its economic advances during the upcoming Olympics in Beijing, Shenzhen is once again serving as a laboratory, a testing ground for the next phase of this vast social experiment. Over the past two years, some 200,000 surveillance cameras have been installed throughout the city. Many are in public spaces, disguised as lampposts. The closed-circuit TV cameras will soon be connected to a single, nationwide network, an all-seeing system that will be capable of tracking and identifying anyone who comes within its range — a project driven in part by U.S. technology and investment. Over the next three years, Chinese security executives predict they will install as many as 2 million CCTVs in Shenzhen, which would make it the most watched city in the world. (Security-crazy London boasts only half a million surveillance cameras.)

The security cameras are just one part of a much broader high-tech surveillance and censorship program known in China as "Golden Shield." The end goal is to use the latest people-tracking technology — thoughtfully supplied by American giants like IBM, Honeywell and General Electric — to create an airtight consumer cocoon: a place where Visa cards, Adidas sneakers, China Mobile cellphones, McDonald's Happy Meals, Tsingtao beer and UPS delivery (to name just a few of the official sponsors of the Beijing Olympics) can be enjoyed under the unblinking eye of the state, without the threat of democracy breaking out. With political unrest on the rise across China, the government hopes to use the surveillance shield to identify and counteract dissent before it explodes into a mass movement like the one that grabbed the world's attention at Tiananmen Square. [ Read more ... ]

Dear Potus 08 - Via CFP: Technology Policy '08:

From the in-progress page on the program wiki:

If the Computers, Freedom, and Privacy community wrote a letter to the next President of the United States about our priorities for technology policy, what would we say -- and how would we get him or her to read it?

There's only one way to find out.

At this year's conference dinner, we will launch a collaborative effort to write a short letter to the next President from the CFP '08 attendees. We'll get these initial results up on a wiki for comments and evolution, and refine them over the follwing 36 hours. By Friday morning, if we've managed to converge on something plausible, we'll start circulating the current draft for signatures. At the end of the conference, we'll mail the current draft to the presidential campaigns and invite their response.

We'll also put it all up on the web - with a Creative Commons "by" (attribution) license - and invite others to use it for whatever purposes they want as we revise our initial draft, get broader involvement and discussion, and try to get our voice heard amidst the din of the campaigns.

We'll be using this blog as a big part of the "Dear Potus 08" project, both to update the details -- currently described as "mostly TBD" -- and to discussparticular topics. The 9.5 theses thread is the best place to get involved with the technology policy discussion right now.

In this thread, any questions or thoughts about "Dear Potus 08" -- or links to similar projects?

(Read Original Article - Via CFP: Technology Policy '08.)

Bruce Schneier's Security Matters: Prediction -- RSA Conference Will Shrink Like a Punctured Balloon - Via Wired Magazine:

Last week was the RSA Conference, easily the largest information security conference in the world. More than 17,000 people descended on San Francisco's Moscone Center to hear some of the more than 250 talks, attend I-didn't-try-to-count parties, and try to evade over 350 exhibitors vying to sell them stuff.

Talk to the exhibitors, though, and the most common complaint is that the attendees aren't buying.

It's not the quality of the wares. The show floor is filled with new security products, new technologies, and new ideas. Many of these are products that will make the attendees' companies more secure in all sorts of different ways. The problem is that most of the people attending the RSA Conference can't understand what the products do or why they should buy them. So they don't. [ Read more ... ]

Wisconsin Court Upholds Discipline of Pharmacist - Via ACLU Blog:

Today RHRealityCheck blogged on the victory for reproductive freedom today in Wisconsin. Today an appeals court upheld a lower court's ruling that the state's Pharmacy Examining Board was right to discipline pharmacist Neil Noesen for failing to fill, based on religious objections, a woman's birth control prescription. On the decision, RHRealityCheck writes: [ Read more ... ]

Social Network Aggregation, Killer App in 2008? - Via Slashdot:

blogdig writes "Managing scattered online Social Life on multiple Social Networking sites, I sense, will become a Killer App Category 2008. There are several startups now in the "Social Network Aggregation" space and this App Category should diversify and catch momentum in 2008. Some startups are focusing on identity consolidation, others on messaging consolidation and on tracking friends. Some like Profilefly offer consolidation of multiple things like Profiles, Contacts and Bookmarks... [ Read more ... ]

Obama’s Digital Policy - Via Freedom to Tinker:

The Iowa caucuses, less than a week away, will kick off the briefest and most intense series of presidential primaries in recent history. That makes it a good time to check in on what the candidates are saying about digital technologies. Between now and February 5th (the 23-state tsunami of primaries that may well resolve the major party nominations), we’ll be taking a look.

First up: Barack Obama. A quick glance at the sites of other candidates suggests that Obama is an outlier — none of the other major players has gone into anywhere near the level of detail that he has in their official campaign output. That may mean we’ll be tempted to spend a disproportionate amount of time talking about him — but if so, I guess that’s the benefit he reaps by paying attention. Michael Arrington’s TechCrunch tech primary provides the best summary I’ve found, compiled from other sources, of candidates’ positions on tech issues, and we may find ourselves relying on that over the next few weeks. [ Read more ... ]

Branding and Building Trust: Social and Ethical Issues - Via IT Conversations: Panel Discussion :

Studies show that consumers care about the perceived honesty and values of brands and companies. They want to trust that companies will do the right thing with any and all data collected on line. This raises a number of interesting and difficult problems. The panelists first examine what exactly we mean by trust, privacy, transparency, security and fraud. One thorny issue is the inherent asymmetry of information. Consumers can't always tell when they are revealing information to companies, and they can't always know how the companies may use that data. They often assume security laws protect them when they don't. [ Read more ... ]

The Airport Security Follies - Jet Lagged - Air Travel - Via Opinion - New York Times Blog:

Six years after the terrorist attacks of 2001, airport security remains a theater of the absurd. The changes put in place following the September 11th catastrophe have been drastic, and largely of two kinds: those practical and effective, and those irrational, wasteful and pointless.

The first variety have taken place almost entirely behind the scenes. Explosives scanning for checked luggage, for instance, was long overdue and is perhaps the most welcome addition. Unfortunately, at concourse checkpoints all across America, the madness of passenger screening continues in plain view. It began with pat-downs and the senseless confiscation of pointy objects. Then came the mandatory shoe removal, followed in the summer of 2006 by the prohibition of liquids and gels. We can only imagine what is next. [ Read more ... ]

Ohio Study Confirms Voting Systems Vulnerabilities - Via Slashdot:

bratgitarre writes "A comprehensive study of electronic voting systems (PDF) by vendors ES&S, Hart InterCivic and Premier (formerly Diebold) found that 'all of the studied systems possess critical security failures that render their technical controls insufficient to guarantee a trustworthy election'. In particular, they note all systems provide insufficiently protection against threats from election insiders, do not follow well-known security practices, and have 'deeply flawed software maintenance' practices." --- Some of these machines are the ones California testers found fault with last week.

(Read Original Article - Via Slashdot.)

Cracking open the cybercrime economy - Via ZDNet UK:

"Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don't think we are really winning this war."

As director of antivirus research for F-Secure, you might expect Mikko Hypponen to overplay the seriousness of the situation. But according to the Finnish company, during 2007 the number of samples of malicious code on its database doubled, having taken 20 years to reach the size it was at the beginning of this year.

There seems to be some serious evidence then for the idea of an evolution from hacking and virus writing for fun to creating malicious code for profit. Security experts are increasingly pointing to the existence of a "black" or "shadow" cyber-economy, where malware services are sold online using the same kinds of development methods and guarantees given by legitimate software vendors. [ Read more ... ]