Paul Hardwick: Asia

Administrivia: Possible unscheduled upgrade of Privacy Digest

Sun, 18 Mar 2007 01:39:04 GMT

Administrivia: Possible unscheduled upgrade of Privacy Digest.

I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.

There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.

Please let me know what you think.

SignOnSanDiego.com > Technology -- Official: Yahoo didn't violate laws in case of jailed journalist

Wed, 14 Mar 2007 19:43:01 GMT

HONG KONG - Investigators said Wednesday there was not enough evidence to show that Yahoo Inc.'s Hong Kong branch provided private information that helped convict a Chinese reporter accused of leaking state secrets.

The case raised questions about whether Internet companies should cooperate with governments that deny freedom of speech and frequently crack down on journalists.

Yahoo! Hong Kong Limited was accused of helping Chinese authorities by Hong Kong lawmaker Albert Ho, who filed a complaint last year with the city's privacy commissioner. Ho alleged the Internet company provided information that helped convict journalist Shi Tao, sentenced to 10 years in jail in 2005 on mainland China.

Google Aids Indian Goverment Censorship.

Tue, 13 Mar 2007 02:36:33 GMT

Google Aids Indian Goverment Censorship. An anonymous reader writes "Google's Orkut has made a deal to provide IP addresses of posters of content deemed objectionable by Bombay police. They object, among others, to posts against certain Indian personalities, young women admiring Indian mobsters, and, amazingly, "anti-Indian words" (!)." [Slashdot]

China Blocks LiveJournal.

Tue, 06 Mar 2007 16:20:10 GMT

China Blocks LiveJournal. Beijing cuts its people off from 1.8 million blogs with the push of a button. By Quinn Norton. [Wired News: Security Blanket]

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Tue, 27 Feb 2007 23:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 21:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

EFF - miniLinks for 2007-02-21.

Fri, 23 Feb 2007 16:14:58 GMT

miniLinks for 2007-02-21.

Free Congress!
Coders gather to open up more of the legislature's deliberations.

Republicans, Democrats Spat Over IP Rights in Congress TV
After Speaker of the House Nancy Polosi is accused of "pirating" C-SPAN, the TV service reiterates that it has no copyright interest in the video.

Chinese Lawyers Protest Sina's Blog Censorship
Fight the arbitrary nature of China's limits on free speech.

New York Times on the DJ Mixtape Arrests
"DJs continued to release tapes -- some with hastily added tracks on which rappers cursed the RIAA"

Disney Must Consider Sharing Pooh's Honey
The endless fight over the merchandising rights to A.A. Milne's work continues to plague the copyright maximalist company.

Students Balk at University's "Free" Music Deals
One insider's view of dealing with the college-only licensed music services.

Bipartisan Effort to Junk Real ID Law
Democrat Rep. Tom Allen and Republican Rep. Scott Lansley push for reform of costly, invasive national ID mandate.

A 55-inch TV Is too big for the Super Bowl
Consumer electronics mavens scratch their heads at NFL's Super Bowl rules.

UK Government Rejects Calls for DRM Ban
While faulty, DRM is good for price discrimination, Prime Minister's office says.

Framing the DRM Debate
LinuxJournal's Don Marti says it's about more than property.

Europe's Plan to Track Phone and Net Use
Data retention implementation to be far worse than original plans.

UK Now Running 439,000 E-mail and Phone Taps
Report's author declares wiretap error rate "unacceptably high."

[EFF: Deep Links]

China Creates Massive Online ID Database.

Mon, 12 Feb 2007 03:48:50 GMT

China Creates Massive Online ID Database. schwaang writes that while the US continues to hash out concerns over the Real ID Act, which aims to create a national ID by standardizing state driver's licenses, China has already implemented a massive online ID database, which they say will help prevent fraud. --- From the Xinhua English-language site: "Anyone can now send a text message or visit the country's population information center's website, to check if the name and the ID number of a person's identity card match. If they do match the ID card-holder's picture also appears, said the Ministry, adding that no other information is available to ensure a citizen's privacy is protected. Completed at the end of 2006, China's population information database, the world's largest, contains personal information on 1.3 billion citizens. Giving public accessing to the database is also designed to correct mistakes if an individual discovers that their name, number and picture don't match." [Slashdot: Your Rights Online]

China's Hu Calls for More Internet Regulation.

Fri, 26 Jan 2007 14:15:55 GMT

China's Hu Calls for More Internet Regulation. Chinese president tells Communist Party officials to create a 'healthy online culture.' [PC World: Latest Technology News]

Great Strides in Phishing.

Thu, 18 Jan 2007 02:13:09 GMT

Great Strides in Phishing.

Earlier this month, Security Fix called attention to a phishing scam where bad guys were making use of the real Amazon.com Web site to trick people into entering personal information at a fake Amazon site they created.

Now, according to fraud investigators at RSA Security Inc., comes the release of a simple, point-and-click tool for sale in the hacker underground that is designed to help criminals automate the construction of more scam sites employing this same, sophisticated approach.

What made the Amazon phishing site that I wrote about so unusual was that it relied on a so-called man-in-the-middle attack, in which the fraudsters' fake site passes victim-supplied login credentials to the targeted institution's site on the user's behalf. The data passed to the legitimate site is stored or e-mailed to some free Webmail account set up by the fraudsters, and the victim is then typically handed off to the targeted institution's site.

This is a tactic used to make the fraudulent site appear more authentic: I've heard far too many people say they can tell whether a site is legit or not simply by entering completely made up or gibberish user names and passwords at a suspected phishing site. The reasoning here: "If this site is fake, it will accept my bogus login information, but if it tells me that the account information doesn't exist or is incorrect, then it must be the real thing." Obviously, the man-in-the-middle phishing method shows the folly of that line of thinking.

The phishing automation tool discovered by RSA is installable software that automates the creation of man-in-the-middle attacks so that any novice can set them up, and do so quickly. Using this tool, a criminal no longer has to buy or create custom phishing kits for a targeted organization. Also, the scam artist can intercept any data that is sent back and forth between the customer and the institution for as long as the victim is logged into his or her account.

I checked with a couple of reliable sources, and they said this simple software tool is indeed being sold on various shadowy online forums, apparently under the unassuming title "scams and fakes creation tool." It is being sold for about $1,000, a hefty price -- roughly five to ten times the amount that most phishing kits fetch on the Internet black market. However, the inflated price makes sense if you consider that the kit offers the ability to create more effective and convincing phishing sites targeting multiple institutions in a very short period of time, said Marc Gaffan, director of marketing at RSA's consumer division.

"This thing absolutely increases the scalability [of phishing attacks] and the vulnerability of smaller companies, particularly non-financial institutions [and] retail institutions that are more gearing toward credit card fraud," Gaffan said.

As of last Tuesday, Gaffan said RSA had spotted fewer than a dozen sites generated by the new tool. Still, scammers are always looking for greater automation tools. Given some of the sophistication that is being built into online fraud tools these days, it's probably safe to assume that we will see this type of phishing attack become the norm very soon.

[Security Fix]

Malaysia to embed car license plates with microchips to combat theft - Asia - Pacific - International Herald Tribune

Tue, 12 Dec 2006 02:29:06 GMT

KUALA LUMPUR, Malaysia: Malaysia's government, hoping to thwart car thieves, will embed license plates with microchips containing information about the vehicle and its owner, a news report said Saturday.

With the chips in use, officials can scan cars at roadblocks and identify stolen vehicles, the New Straits Times reported.

The "e-plate" chip system is the latest strategy to prevent car thieves from getting away with their crimes by merely changing the plates, the report said.

Malaysia to Use RFID Number Plates Next Year.

Tue, 12 Dec 2006 02:22:01 GMT

Malaysia to Use RFID Number Plates Next Year. durianwool wrote in with a story about Malaysia's plans to introduce RFID number plates. It reads: "'The first thing thieves do after a car theft is change the registration plates,' Road Transport Department Director-General Ahmad Mustapha was quoted as saying. The microchips, using radio frequency identification technology, will be fixed into the number plates and can transmit data at a range of up to 100 meters (yards), the report said. They will have a battery life of 10 years, it said. " [Slashdot: Your Rights Online]

Online Media Representatives Face Jail.

Fri, 08 Dec 2006 14:17:12 GMT

Online Media Representatives Face Jail. OSDNBoss writes "According to the US Watchdog Committee to Protect Journalists a total of 134 journalists were in jail on December 1, 49 of which were Internet journalists. China leads the way with the highest number in jail. I'm sure the censors have already blocked Slashdot and other news and opinion sites in the countries mentioned. It begs the question, however, as the blogosphere grows are online journalists and editors more or less protected than their print and TV counterparts?" From the article: "China is challenging the notion that the Internet is impossible to control or censor, and if it succeeds there will be far-ranging implications, not only for the medium but for press freedom all over the world." [Slashdot: Your Rights Online]

Backdown on draconian laws - smh.com.au

Wed, 06 Dec 2006 14:00:25 GMT

Attorney-General Philip Ruddock's copyright reforms are almost certain to become law by January, after significant changes were made to ensure innocent consumers are not criminalised.

The Copyright Amendment Bill 2006 passed through the Senate on Friday after a number of modifications were made. It will now go back to the House of Representatives for re-approval.

Before the amendments to the bill, experts warned that simply owning an iPod, camera phone or a DVD recorder might be enough to land one in jail or lumbered with a large fine.

On-the-spot fines of $1320 were also proposed, which would be issued like speeding tickets, even to those who had no idea they were dealing with copyright infringing material.

Professor Brian Fitzgerald, head of the Queensland University of Technology's school of law, went as far as saying: "These new provisions have the potential to make everyday Australians in homes and businesses across the country into criminals on a scale that we have not witnessed before."

But following an outcry by industry bodies and the public, Mr Ruddock amended the bill.

PayPal Phishers Use Malaysian Government Portal.

Sat, 25 Nov 2006 03:02:56 GMT

PayPal Phishers Use Malaysian Government Portal. Even secure sites were co-opted as zombies to distribute spam with scams. [PC World: Latest Technology News]

Report: Singapore teen faces 3 years' jail for tapping into another's wireless Internet - iht,asia,Singapore Internet Charges - Asia - Pacific - International Herald Tribune

Mon, 13 Nov 2006 22:57:41 GMT

SINGAPORE: A Singapore teenager has been charged with tapping into someone else's wireless Internet connection, a crime that carries a penalty of up to three years in jail, a newspaper reported Saturday.

Garyl Tan Jia Luo, 17, is the first person to be charged with this crime under the Computer Misuse Act, the Straits Times reported.

The report said Tan is accused of using a laptop computer to gain unauthorized access to a home wireless network on May 13.

The newspaper said a neighbor had apparently lodged a complaint against Luo.

Jailtime For Leeching Wireless?

Mon, 13 Nov 2006 22:54:15 GMT

Jailtime For Leeching Wireless? jginspace writes "A 17-year-old from Singapore is is facing three years' jailtime for accessing his neighbor's wireless network. His neighbor complained and now the unfortunate Tan Jia Luo is facing charges under the computer misuse act and is scheduled to appear in court on Wednesday." [Slashdot: Your Rights Online]

Halt to school fingerprinting.

Fri, 10 Nov 2006 23:23:59 GMT

Halt to school fingerprinting.

China strikes blow for privacy

The Hong Kong privacy commissioner has ordered a school to stop fingerprinting children before it becomes a runaway trend that is too late to stop.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

China: We don't censor the Internet. Really | CNET News.com

Tue, 31 Oct 2006 17:24:18 GMT

ATHENS, Greece--While many countries block off some Web sites, China has long drawn heightened scrutiny because of the breadth and sophistication of its Internet censorship

Which is why it came as a surprise on Tuesday when a Chinese government official claimed at a United Nations summit here that no Net censorship existed at all.

The only problem: Few cases of Net censorship are as carefully and publicly documented as the Great Firewall of China. A study by researchers at Harvard Law School found 19,032 Web sites that were inaccessible inside China.

A report from a consortium of British, American and Canadian universities concluded: "China's Internet-filtering regime is the most sophisticated effort of its kind in the world. Compared to similar efforts in other states, China's filtering regime is pervasive, sophisticated and effective."

In fact, Google has cited China's intermittent blocking of Google.com as the primary factor in the company's creation of the Google.cn censored search site.

China - We Don't Censor the Internet.

Tue, 31 Oct 2006 17:17:18 GMT

China - We Don't Censor the Internet. kaufmanmoore writes "A Chinese government official at a United Nations summit in Athens on internet governance has claimed that no Net censorship exists at all in China. The article includes an exchange by a Chinese government official and a BBC reporter over the blocking of the BBC in China." --- From the article: "I don't think we should be using different standards to judge China. In China, we don't have software blocking Internet sites. Sometimes we have trouble accessing them. But that's a different problem. I know that some colleagues listen to the BBC in their offices from the Webcast. And I've heard people say that the BBC is not available in China or that it's blocked. I'm sure I don't know why people say this kind of thing. We do not have restrictions at all." [Slashdot: Your Rights Online]

Amnesty calls for action on internet freedom.

Thu, 26 Oct 2006 23:20:09 GMT

Amnesty calls for action on internet freedom.

Bloggers united, will never be defeated...

Amnesty International is calling on the bloggers of the world to unite to defend the freedoms of their brother bloggers in countries such as China, Iran, and Tunisia.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Thailand faces media clampdown.

Thu, 21 Sep 2006 16:13:44 GMT

Thailand faces media clampdown.

No news is not good news

Thai radio, television and internet operators will from tomorrow face closure if they disseminate "news and comments deemed a threat to national security and the monarchy", Reuters reports.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Beijing Big Brother gets bigger.

Thu, 14 Sep 2006 17:54:10 GMT

Beijing Big Brother gets bigger.

New laws tighten grip on media, technology

Beijing today attempted to defend sweeping new powers which gag foreign media and bar citizens from subscribing to news from abroad. The laws were published Sunday and went into effect immediately.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

The Observer | World | Wikipedia defies China's censors

Tue, 12 Sep 2006 16:13:37 GMT

The founder of Wikipedia, the online encyclopaedia written by its users, has defied the Chinese government by refusing to bow to censorship of politically sensitive entries.

Jimmy Wales, one of the 100 most influential people in the world according to Time magazine, challenged other internet companies, including Google, to justify their claim that they could do more good than harm by co-operating with Beijing.

Wikipedia, a hugely popular reference tool in the West, has been banned from China since last October. Whereas Google, Microsoft and Yahoo went into the country accepting some restrictions on their online content, Wales believes it must be all or nothing for Wikipedia.

His stand comes as Irrepressible.info, a joint campaign by The Observer and Amnesty International for free speech on the web, continues with the support of more than 37,000 people around the world. The campaign calls on governments to stop persecuting political bloggers and on IT companies to stop complying with these repressive regimes.

Wikipedia Won't Bow to Chinese Censors.

Tue, 12 Sep 2006 16:11:44 GMT

Wikipedia Won't Bow to Chinese Censors. truthsearch writes "Jimmy Wales has defied the Chinese government by refusing to bow to censorship of politically sensitive Wikipedia entries. He challenges other internet companies, including Google, to justify their claim that they could do more good than harm by co-operating with Beijing. Wikipedia has been banned from China since last October. Whereas Google, Microsoft, and Yahoo went into the country accepting some restrictions on their online content, Wales believes it must be all or nothing for Wikipedia. 'We occupy a position in the culture that I wish Google would take up, which is that we stand for the freedom for information.'" [Slashdot: Your Rights Online]

China to Control Reports of Foreign News Agencies.

Tue, 12 Sep 2006 16:06:47 GMT

China to Control Reports of Foreign News Agencies. afa writes "According to Xinhuanet.com, Xinhua News Agency on Sunday promulgated a set of measures to regulate the release of news and information in China by foreign news agencies. From the article: 'Where a foreign news agency violates the Measures in one of the following manners, Xinhua News Agency shall give it a warning, demand rectification within a prescribed time limit, suspend its release of specified content, suspend or cancel its qualifications of a foreign news agency for releasing news and information in China, on the merits of each case.'" [Slashdot: Your Rights Online]

Net censorship 'morally unacceptable', report says.

Thu, 17 Aug 2006 22:58:48 GMT

Net censorship 'morally unacceptable', report says.

But is some information better than none?

The UK Parliamentary Foreign Affairs Committee recently issused a report in which it stated that "search engines' agreement to block the access of computer users to certain information (in China) was 'morally unacceptable'"

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

China wants remote control for video sites.

Wed, 16 Aug 2006 18:00:13 GMT

China wants remote control for video sites.

Censor extends reach

The Chinese regulator of broadcast services is looking to extend its patch to include web-based video services.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Search Engines Censured for Censorship

Sun, 13 Aug 2006 21:43:11 GMT

Activists want Yahoo!, Google, and Microsoft to do more to disclose to Chinese users how and why their searches are being censored

All year, human-rights and free-speech advocates have been chastising big U.S. Internet companies for helping to censor the Internet in China. Critics of Beijing's policies have focused on Google , Yahoo! , and Microsoft , all of whose search engines operate in China under requirements to filter results from many Web sites related to such things as independence movements in Taiwan and Tibet, democracy advocates, and the Falun Gong religious movement.

Censured for Censorship in China.

Sun, 13 Aug 2006 21:32:06 GMT

Censured for Censorship in China. Dwarg writes "On Aug. 10, [Human Rights Watch], headquartered in New York, came out with a report criticizing the three companies for their role helping to censor the Internet in China. The report is particularly damning of Yahoo, which Human Rights Watch says censors its Chinese site far more vigorously than either Google or Microsoft." [Slashdot: Your Rights Online]

Covert surveillance allowed in China law

Tue, 08 Aug 2006 01:01:48 GMT

Pro-Beijing lawmakers in Hong Kong have approved legislation granting authority to police to conduct covert surveillance.

Such surveillance includes wiretapping phones, bugging offices and residences and monitoring e-mail, The New York Times reported.

The bill passed on a vote of 32-0 in the 60-member Legislative Council.

The Democratic party and other opponents of the bill had reportedly tried to introduce close to 200 amendments in four days of debates, many of them citing the issue of personal privacy. However, all were defeated or ruled out, the Times said.

Vietnam latest news - Thanh Nien Daily - Hong Kong passes contentious surveillance law

Sun, 06 Aug 2006 19:14:43 GMT

Hong Kong lawmakers passed Sunday a contentious law on covert surveillance that rights activists and pro-democracy politicians fear could erode privacy rights and allow the government to spy for political purposes.

The Interception of Communications and Surveillance Bill will regulate how law enforcement agencies in the former British colony now ruled by China monitor private communications by tapping telephones or screening e-mails.

The 60-member legislature, dominated by pro-government lawmakers, passed the bill 32-0 after pro-democracy legislators walked out in protest. The vote came after a marathon debate stretching over five days.

While the government says safeguards have been built into the new law - such as the need for law enforcement officers to obtain warrants for covert surveillance from a panel of judges in secret courts - critics say they are not enough.

Law Yuk Kai, director of Hong Kong Human Rights Watch, said the law is riddled with loopholes that will give the government broad surveillance powers to target individuals indiscriminately.

"If there's one thing I'm most concerned about, it's that the law will be used for political purposes," Law said.

Secretary for Security Ambrose Lee assured lawmakers earlier that the new bill would not be used to target political opponents, but he refused calls to put this into writing.

"If they've made such a guarantee, why not write it in the law then? This would give a much better assurance to the public," Law said.

The new law has also drawn fierce opposition from the legal community because it will allow law enforcement agencies to bug lawyers and their clients, which effectively strips the right of clients to confidential legal advice.

Peace and Privacy in the Pacific.

Wed, 02 Aug 2006 17:03:03 GMT

Peace and Privacy in the Pacific. The Japanese have no native word for "privacy" -- but a government crackdown on peace activists is quickly expanding their vocabulary. Commentary by Jennifer Granick. [Wired News: Security Blanket]

PCWorld.com - Amnesty Blasts Google, Microsoft, Yahoo

Wed, 26 Jul 2006 15:10:43 GMT

BEIJING -- Google, Microsoft, and Yahoo have undermined the rights of Chinese to freedom of expression through their actions in China, according to Amnesty International.

"All three companies have, in one way or another, facilitated or colluded in the practice of censorship in China," Amnesty said in a report, noting that these actions contradict the companies' stated values. The full report, entitled "Undermining freedom of expression in China," is available online in PDF.

Amnesty called on all three companies to take several measures aimed at ensuring better freedom of expression in China. The measures include making public all agreements with the Chinese government that relate to the censorship of information. In addition, the group called on the firms to make public the list of words that are censored by content filters.

This is not the first time that Amnesty has criticized the business practices of these three companies. Yahoo has taken heat for handing over user information that helped Chinese authorities identify and jail dissidents, including Shi Tao, a journalist imprisoned in 2005 for ten years.

Microsoft and Google have also faced criticism from Amnesty and other human rights groups. Microsoft shut down a blog on its MSN Spaces Web site following a request from the Chinese government, and Google introduced a censored version of its search engine specifically designed for China.

Amnesty calls for action on China.

Fri, 21 Jul 2006 05:03:52 GMT

Amnesty calls for action on China.

Cisco, Google, Microsoft, Nortel, Sun and Yahoo! named and shamed

Amnesty International is calling on internet users to join its campaign to reclaim the web as a place of freedom.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Punish Spying? I Must be Abroad.

Wed, 19 Jul 2006 16:52:56 GMT

Punish Spying? I Must be Abroad. South Korea's high-tech eavesdropping scandal offers proof that democratic countries aren't immune to government-surveillance abuses. But the Koreans are actually holding the perpetrators accountable. Commentary by Jennifer Granick. [Wired News: Security Blanket]

Indian bloggers switched off.

Wed, 19 Jul 2006 16:35:02 GMT

Indian bloggers switched off.

Government blamed

Indian bloggers have reacted with fury to government orders that ISPs block access to certain sites.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Little Brother Is Watching.

Wed, 19 Jul 2006 16:25:40 GMT

Little Brother Is Watching.

Attention Hong Kong Boy Scouts! Log on to the internet and make some room on your sash for a new merit badge. The New York Times has a story today discussing the Hong Kong governments plans to have 200,000 children from nine uniformed youth groups volunteer to scour internet discussion rooms for copyright infringement. The Youth Ambassadors are being asked to send reports of illegal copying to customs officials who will verify the posting and then forward that information to the content industry.

While teaching kids about copyright law is a noble goal, using hundreds of thousands of school children as unpaid internet snitches is a biased and exploitive way for the content industry to achieve it. Why are the Youth Ambassadors stopping at reporting music and video file sharing? If we really wanted to teach them about copyright law then why not have them report incidents of companies engaging in copyfraud and put them on the lookout for the content industry abridging fair use?

[Public Knowledge - Policy Blog]

Blue Box ETel2006 Podcast #5 - Interview with Alec Saunders of Iotum.

Mon, 10 Jul 2006 14:44:33 GMT

Blue Box ETel2006 Podcast #5 - Interview with Alec Saunders of Iotum.

Synopsis: Interview with Alec Saunders, CEO and "Relevance Revolutionary" of Iotum about security and privacy as they relate to Iotum's new relevance engine. The interview was recorded at O'Reilly's Emerging Telephony Conference in January 2006.

Welcome a special edition of Blue Box: The VoIP Security Podcast from the floor of the Emerging Telephony Conference in San Francisco, CA. Every now and then startups emerge that are just doing things that I personally find interesting. Iotum is one of those companies. The main thing they are focused on is making communication more relevant to you... as they say on their home page:

iotum is the world's first smart platform that lets you control who reaches you and how. Get the calls you want, where you want, and avoid those you don't.

As I came to know more about the company, I was curious to know about how they handled securely gathering all the context information about you and how they preserved the privacy. So out at ETel 2006 I sat down with Iotum CEO Alec Saunders to talk about what Iotum is doing and issues around security and privacy. In this interview, we covered those points and also ranged into a wide variety of other privacy-related issues such as GPS and cellphones in Japan, social issues around privacy and other points. While it is a bit outside the realm of topics we normally cover, I hope you find it as interesting as I did.

If you would like to learn more about Iotum, Alec Saunders also maintains his own weblog where he writes on Iotum, VoIP and other topics. I'll also note that Alec's "mug shot" photo is not from any recent trip to jail but rather from a bit of fun the company had creating images for all the company members. (Ahh, the things you can do as a startup...)

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. The interview runs about 20 minutes.

NOTE: This is the last of the interviews and shows coming out of ETel 2006.

[Blue Box: The VoIP Security Podcast]

The Fourth of July, 2006 is Privacy Digest's 7th Anniversary

Mon, 03 Jul 2006 16:14:11 GMT

Tomorrow, The Fourth of July 2006, Privacy Digest will have been publishing as this domain for seven years. We were actually around a bit longer as part of another blog. But on July 4, 1999, I decided that the issue was important enough to warrant it's own dedicated domain.

If you would like to help out my Amazon wishlist has a few things I need. More ideas on ways to support us can be found here.

Japanese MMOG suffers privacy leak - News at GameSpot

Mon, 03 Jul 2006 13:42:14 GMT

Game Garden, an online game developer and provider, announced today that personal user information from Xenepic Online, a free massively multiplayer online role-playing game for PCs, was inadvertently compromised. Game Garden manages the server on behalf of NHN Japan Corporation, the game's provider.

The information was mistakenly stored on an open download server, potentially allowing anyone to access it using certain exploits. Data for 297,805 users was put at risk, including their game-server usernames and passwords, e-mail addresses, and game log files, which contain information on items purchased and chat history.

MercuryNews.com | 07/01/2006 | Piercing China's great firewall

Sun, 02 Jul 2006 13:06:39 GMT

He's a mild-mannered real estate broker by day and a guerilla hacker by night. From a cramped apartment in Silicon Valley, the Chinese dissident wages battle at his computer, poking small holes through the great firewall that censors the communications of China's 110 million Internet users.

His firm, UltraReach, is part of an eclectic band of free speech advocates, members of the Falun Gong spiritual movement, a U.S. government agency and even a high school Eagle Scout fighting to put circumvention technology into the hands of Chinese Web users so they can troll the Internet unfettered and anonymously.

In recent months, some of Silicon Valley's leading tech giants -- Cisco, Yahoo and Google -- have come under withering criticism for helping China police the Internet, whether by supplying surveillance hardware and software, or by acquiescing to its censorship demands. But in the shadow of those Goliaths, a small army of Davids is developing technology to loosen China's authoritarian grip.

Up against one of the biggest and most tightly-restricted Internet networks in the world, the so-called hacktivists -- part hacker, part activist -- use proxy servers located outside of China to dig digital tunnels through the Chinese government's firewall. As soon as one opens, China's Internet surfers sneak through and visit censored Web sites, send e-mail and blog anonymously -- until the Internet police find the hole and plug it.

``It is like a chase,'' said the soft-spoken UltraReach programmer, a Falun Gong practioner who insisted on anonymity because he fears for his family's safety. China banned the group in 1999. ``We have to outrun them with better technology. And do it very fast.''

Their weapons can be in the form of simple Web address links or, in some cases, software that can be downloaded from an e-mail to connect Chinese users to proxy servers beyond the reach of the Chinese government. Once users reach a proxy site, that computer stands in as their own, allowing them access to the same, uncensored Internet the rest of the world gets. Their connection with the proxy computer is encrypted, and passes undetected through China's firewall.

Chinese computer users who now access proxy servers are a relatively small but influential group, according to Xiao Qiang of the China Internet Project at the University of California at Berkeley.

``These are the people who are using the Internet as their primary information source -- writers, journalists, bloggers, people who can influence others,'' Xiao said. ``That's why the government has committed massive resources and go to every technological length to censor the Internet.''

China targets blogs. - Wants to 'purify' the net

Fri, 30 Jun 2006 16:53:38 GMT

China targets blogs.

Wants to 'purify' the net

China has launched yet another crackdown on the country's net users after officials said that blogs and search engines would "undergo strict supervision of the government".

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Schneier on Security: Ignoring the 'Great Firewall of China'

Wed, 28 Jun 2006 14:26:11 GMT

Richard Clayton is presenting a paper (blog post here) that discusses how to defeat China's national firewall:

Light Blue Touchpaper - Ignoring the 'Great Firewall of China'

Wed, 28 Jun 2006 14:23:48 GMT

The Great Firewall of China is an important tool for the Chinese Government in their efforts to censor the Internet. It works, in part, by inspecting web traffic to determine whether or not particular words are present. If the Chinese Government does not approve of one of the words in a web page (or a web request), perhaps it says "f" "a" "l" "u" "n", then the connection is closed and the web page will be unavailable -- it has been censored.

This user-level effect has been known for some time... but up until now, no-one seems to have looked more closely into what is actually happening (or when they have, they have misunderstood the packet level events).

Defeating China's National Firewall.

Wed, 28 Jun 2006 14:19:06 GMT

Defeating China's National Firewall. Bruce Schneier is reporting on his blog that a recent paper is discussing how to defeat China's national firewall. From the article: "However, because the original packets are passed through the firewall unscathed, if both of the endpoints were to completely ignore the firewall's reset packets, then the connection will proceed unhindered! We've done some real experiments on this -- and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9 3/4." [Slashdot: Your Rights Online]

Online Freedom Legislation Needs Refining.

Sun, 25 Jun 2006 14:01:15 GMT

Online Freedom Legislation Needs Refining. The House Subcommittee on Africa, Global Human Rights and International Operations today is considering H.R. 4780, the Global Online Freedom Act of 2006. The bill, introduced by Rep. Chris Smith (R-N.J.), attempts to address the human rights and civil liberties issues faced by Internet service providers doing business in China and other repressive regimes. CDT supports the goal of the legislation and applauds several provisions of the bill, including the establishment of an Office for Global Internet Freedom at the State Department, but CDT is concerned that other provisions are premature and may have unintended consequences, both for companies doing business in repressive regimes and for Internet users in those countries. [Center for Democracy and Technology]

Yahoo! worst in China.

Sun, 18 Jun 2006 20:11:50 GMT

You! can! censor! the! internet!

Yahoo! restricts access to more websites than any other search engine in China.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Journalists' union calls for boycott of Yahoo!

Tue, 06 Jun 2006 14:01:31 GMT

Journalists' union calls for boycott of Yahoo!

That'll hurt 'em...

The National Union of Journalists (NUJ) is calling for a boycott of Yahoo! because of its "unethical behaviour" in China.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

China's WAPI will not go down without a fight.

Sun, 04 Jun 2006 01:07:15 GMT

China's WAPI will not go down without a fight. Chinese backers of the rejected WLAN Authentication and Privacy Infrastructure or, WAPI, wireless security protocol have accused rivals of unethical behavior in a last-ditch attempt to revive their standardization hopes.

[Network World on Privacy]

US fears Chinese PCs may be bugged - smh.com.au

Mon, 22 May 2006 15:55:52 GMT

The US State Department will disconnect 900 new Chinese-made computers from its most top secret network for fear that they may have been fitted with spying equipment.

But the department's purchase of about 16,000 personal computers
(PCs) from Chinese company Lenovo raises serious questions given accusations that China is aggressively spying on the United States, Republican lawmaker Frank Wolf said.

Word of the State Department order for the desktop PCs was made public in March, 10 months after Lenovo completed its $US1.75 billion acquisition of IBM's PC division.

The department chose to install about 900 of the PCs on its secure network at home and at embassies around the world, according to documents released by Wolf.

But after angry objections from the US-China Economic and Security Review Commission, a bipartisan panel of experts appointed by Congress, the department opted this week to pull the computers from the network.

"This decision would have had dire consequences for our national security, potentially jeopardizing our investment in a secure IT infrastructure," said Wolf, whose House appropriations subcommittee funds the State Department.

"It is no secret that the United States is a principal target of Chinese intelligence services," he said.

While welcoming the department's reversal, Wolf said the purchase of the 16,000 computers from the Chinese state-backed company was still troubling.

Slashdot | US Government Fears China Bugs Lenovo PCs

Mon, 22 May 2006 15:52:28 GMT

An anonymous reader writes "After approving the sale of IBM's PC Division to the Chinese Corporation Lenovo, the US Government has realized China could bug Lenovo PCs destined for US Government customers. Would the US have done the same to China? With American businesses so eager for business in China no matter what, where are we headed?"

MS Word Zero-Day Exploit Found.

Sun, 21 May 2006 22:35:10 GMT

MS Word Zero-Day Exploit Found. subbers writes "A zero-day flaw in Microsoft Word program is being used in an active exploit by sophisticated hackers in China and Taiwan, according to warnings from anti-virus researchers. The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail and drops a backdoor with rootkit features when the document is opened and the previously unknown vulnerability is triggered. From the article: 'The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software.'" [Slashdot]

Is Google.cn Still Evil if No One Uses It?

Sat, 13 May 2006 20:18:27 GMT

Is Google.cn Still Evil if No One Uses It?

The answer is yes.

In yesterday[base ']s stockholder meeting, Sergey Brin noted that Chinese users haven[base ']t yet flocked to the censored Google.cn service, noting that usage of Google.cn is just a fraction of one percent of Google searches in China, while the uncensored Google.com is still used for more than 99% of all Google searches. (Google[base ']s primary argument for creating the censored version was that the user experience was awful on the Google.com site, which has to go through China[base ']s firewall)

Brin was responding to a question from Amnesty International, and seemed to be arguing that since no one is using the new censored service yet, Google hasn[base ']t actually violated their [base "]Don[base ']t be evil[per thou] mantra, that they are not profiting from active censorship in China.

Not yet, that is.

This reasoning is on par with a toy company designing a hazardous product, and then using the defense that [base "]no one bought it anyway, so what[base ']s the big deal.[per thou] Sometimes I really wonder how their logical and moral compasses are aligned over at the G[base ']plex.
[via Don[base ']t Be Evil]

[michaelzimmer.org]

India to tighten offshoring data security | Tech News on ZDNet

Wed, 10 May 2006 15:50:22 GMT

India is creating a regulatory body to improve the level of security in companies providing offshore IT services and business process outsourcing.

The initiative has been spearheaded by the National Association of Software and Service Companies, or Nasscom, to assuage fears about Indian data security in the wake of incidents of call center data theft. The technology trade association also aims to promote the region as the safest place for IT and BPO amid rising competition from other offshoring locations.

"The key objective of creating the SRO (self-regulatory organization) is to raise the floor in security and safety standards in Indian outsourcing across the IT industry," Sunil Mehta, a vice president of Nasscom, told Silicon.com.

He said data security and privacy concerns have been identified as "the largest barriers to free trade."

The body will set standards for privacy and security, and monitor its members to ensure that they adhere to them. If it discovers breaches, it will consider a "range of punishments" that could include expelling members or involving law enforcement, Mehta said.

Training will also be offered to companies that need support in order to be compliant with the security standards.

Chinese Government Continues Internet Censorship.

Sat, 06 May 2006 01:45:09 GMT

Chinese Government Continues Internet Censorship. China's long tradition of censoring information continues into the Internet age with major U.S. companies like Google and Microsoft agreeing to practices that block banned Web sites there. By NewsHour with Jim Lehrer. [NewsHour with Jim Lehrer Podcast | PBS]

Yahoo! Allegedly Helps Beijing Arrest a Third Reporter.

Thu, 20 Apr 2006 15:38:09 GMT

Yahoo! Allegedly Helps Beijing Arrest a Third Reporter. reporter writes "According to a damning press release from Reporters without Borders, Yahoo has helped Beijing to locate, arrest, and imprison a 3rd reporter. This latest incident occurs about 2 months after Yahoo testified, under oath in front of Congress, that the company regrets being 'forced' to help Beijing." From the article: "'We hope this Internet giant will not, as it has each time it has been challenged previously, hide behind its local partner, Alibaba, to justify its behaviour. Whatever contract it has with this partner, the email service is marketed as Yahoo !' the organisation said. According to the verdict, Yahoo! Holdings (Hong Kong) confirmed that the email account ZYMZd2002 had been used jointly by Jiang Lijun and another pro-democracy activist, Li Yibing." [Slashdot: Your Rights Online]

China vs. Germany: Comparing Google's Censorship Practices.

Fri, 14 Apr 2006 13:29:58 GMT

China vs. Germany: Comparing Google's Censorship Practices.

Part of Google CEO Eric Schmidt's justification for being complicit with China's censorship of search engine results is that Google does the same thing in Germany and France, so what's the big deal with time around. Consider this recent statement:

Asked whether Google might try to persuade Beijing to change its restrictions, Schmidt said he didn't rule anything out, but said it hasn't tried to change such limits elsewhere. He noted that Google's site in Germany is barred from linking to Nazi-oriented material.

"There are many cases where certain information is not available due to local law or local custom," he said.

I've been meaning to write a response to this flawed argument, pointing out that while Germany's attempt to restrict access to hate-speech and other Nazi-related information does constitute censorship, it is mean to prevent the return of a dark moment in the nation's history. (Note, I don't agree with this German policy.) Meanwhile, China wants to block access to information that might give its citizens glimpses of democracy and freedom - its censorship is meant to protect the monopolization of power by the state. Both forms of censorship are "evil," but if we were to make comparisons, the Chinese version is perhaps a greater violation of a citizen's rights than the German form.

Philipp Lenssen, the German owner of the blog Google Blogoscoped, provides a much more articulate description of this distinction:

I think it's a fuzzy issue. Censoring nazi sites is a little less evil than censoring human rights sites, and censoring human right sites is a little less evil than handing over email account information, and handing over email account information is a little less evil than jailing the dissident yourself. However, they're all acts of the same line of thought, and often set precedents for each other, and I oppose all of them.
[[sigma]]
Don't burn books even if you think you burn the right books. And digital censorship is modern book burning. Google in Germany is "only" censoring the results to these sites, not the sites itself, but that's like saying they're only securing the area while someone else burns the books.

Often, these acts of cooperating with the gov't ruin more trust than any number like "only 2 dissidents" or "only 5% of searches" could express. If I know Yahoo Mail is cooperating with the Chinese gov't, I can't use it to voice my human rights concern over the Chinese gov't anymore, period 'Äì and that affects all mails. If I know some of the Yahoo search results are censored, I have reason to mistrust *any* Yahoo search results (and also be careful about what I'm searching for). If only 1 person is in jail for unjustified reasons, then everyone must be afraid to live and work in China and confront the Chinese gov't (or use western online tools whose leaders cooperate with the Chinese gov't). If I know that *some* morals don't need to be respected *some* of the time by *some* people[sigma] what keeps me from disrespecting all kinds of moral rules? That's the broken window phenomenon.

Google, Yahoo and others, by exposing their line of thought, also show us that they could do basically anything. E.g. their line of thought allows them to cooperate with Nazis. Their line of thought allows an image search to stop showing black people just because a segregationist gov't would ask them to ("we follow local laws" [sigma] "we think showing at least some images helps spread the information better"). In the end it's always the same: such "evil" gov'ts need people to build their tools. The Nazis relied on IBM for parts of their work. If Einstein would have just followed local laws, instead of making sure he's preventing the Nazis from getting his technological inventions by going to the US, then this might be a different world today.

Now I don't believe Google is that bad 'Äì I just believe their arguments are logically flawed, and pretty much useless. But they might have become deaf to outside criticism[sigma] they've survived every kind of criticism so far (copyright issues with Google Books, Google News China omitting several sources, Gmail "privacy invasion" through ads, the acquisition of the Deja News usenet archive). But the results seem to prove them right, pragmatically speaking; everyone is still using Google, no law so far is making their decisions illegal, and news coverage of their China move dies down over time. As we can see, Eric Schmidt is now getting more and more self-assured over the decision.

[via Don't Be Evil]

[michaelzimmer.org]

Taiwan President pans Google, Yahoo on free speech.

Tue, 11 Apr 2006 18:41:54 GMT

Taiwan President pans Google, Yahoo on free speech. In a speech commemorating a local human-rights activist, Taiwan President Chen Shui-bian accused Yahoo Inc. and Google Inc. of allowing the prospect of corporate profits to lure them into compromising free speech in China. [Computerworld Privacy News]

Anonymizer Takes on China's Net Censors.

Tue, 04 Apr 2006 16:14:52 GMT

Anonymizer Takes on China's Net Censors. Company readies new software designed to allow Chinese users access to blocked sites. [PCWorld.com - Latest News Stories]

Anonymizer software circumvents China's Great Firewall.

Tue, 04 Apr 2006 16:06:12 GMT

Anonymizer software circumvents China's Great Firewall. Anonymizer Inc. Saturday announced the availability of its Operation: Anti-Censorship software, which is designed to circumvent Chinese government efforts to block access to certain Web sites. [Computerworld Privacy News]

Yahoo may face penalty over jailed Chinese journalist.

Tue, 04 Apr 2006 15:38:25 GMT

Yahoo may face penalty over jailed Chinese journalist. Yahoo Holdings (Hong Kong) Ltd. could face a fine, a civil lawsuit or both if it is found to have illegally divulged personal data used to put a Chinese journalist in jail for 10 years. [Computerworld Privacy News]

Totally Random One Time Pads.

Fri, 31 Mar 2006 15:58:21 GMT

Totally Random One Time Pads. liliafan writes "Scientists in Japan have come up with a way of harnessing a truly random datasource for generating one time encryption pads: Quasars. One time encryption pads are widely accepted as being the most secure form of encryption, but this new technology from the National Institute of Information and Communications Technology makes the pads even more secure." [Slashdot]

Lenovo Under U.S. Probe for Spying.

Thu, 30 Mar 2006 17:51:12 GMT

Lenovo Under U.S. Probe for Spying. BigControversy writes "The DailyTech has a report indicating that Lenovo, the giant Chinese PC manufacturer, is under a probe by the U.S.-China Economic Security Review Commission (USCC) for possible bugging. Apparently, the government has ordered 16,000 PCs from Lenovo but is now requesting that Lenovo be investigated by intelligence agencies. The fear is of foreign intelligence applying pressure to Lenovo to equip its PCs so that the U.S. can be spied on." From the article: "Despite the probe, Lenovo says that its international business, especially those that deal with the US, follow strictly laid out government regulations and rules. Lenovo also claims that even after purchasing IBM's PC division, its international business has not been affected negatively. Interestingly, in an interview with the BBC, Lenovo mentioned that an open investigation or probe may negatively affect the way that the company deals with future government contracts or bids." There just has to be better uses of our intelligence community's time. [Slashdot]

Resident ID Cards Seen Driving China's RFID Market.

Sat, 18 Mar 2006 20:05:15 GMT

Resident ID Cards Seen Driving China's RFID Market. China's resident identification card program is expected to be a major driver behind its soaring use of electronic tags. [Security Pipeline]

ISO rejects China's WAPI security protocol.

Tue, 14 Mar 2006 13:44:19 GMT

ISO rejects China's WAPI security protocol. The International Organization for Standardization (ISO) last week rejected a security protocol that was backed by some Chinese representatives as an amendment to the group's wireless LAN standard. [Network World on Privacy]

Hacked bank server hosts phishing sites.

Mon, 13 Mar 2006 14:37:31 GMT

Hacked bank server hosts phishing sites. Criminals appear to have hacked a Chinese bank's server and are using it to host phishing sites targeting customers of eBay and a major U.S. bank. [Computerworld Privacy News]

China to issue 1.3 billion RFID identification cards.

Sat, 11 Mar 2006 03:40:17 GMT

China to issue 1.3 billion RFID identification cards. China's Ministry of Public Security plans to issue more than 1.3 billion second-generation resident identification cards based on RFID chips, according to an industry analyst at In-Stat China. [Computerworld Privacy News]

China malware increasing, Symantec says.

Wed, 08 Mar 2006 05:00:13 GMT

China malware increasing, Symantec says. The amount of malware coming from China rose 153% during the last six months of 2005, Symantec Corp. reported Tuesday. [Computerworld Security Holes News]

EFF - Google Stops Storing Personal Data in China.

Wed, 08 Mar 2006 04:03:09 GMT

Google Stops Storing Personal Data in China.

On the heels of Google's setting up shop in China, EFF has called on Internet companies operating abroad to implement services that better protect human rights. According to ComputerWorld, Google has taken a step in the right direction and decided to store their massive data logs outside of China. That way, the logs can't become a dangerous honeypot of personal information for the oppressive regime, helping it monitor citizens' Internet activities and crack down on disfavored behavior.

Much more can still be done to protect Chinese citizens, but this decision is laudable. Yahoo!, MSN, and others should follow Google's lead and limit their data collection and retention.

(And while they're at it, why not change such practices back home and protect the privacy of US citizens, too?)

[EFF: Deep Links]

ID Theft Victims Sue NCSoft in South Korea.

Sat, 04 Mar 2006 04:01:02 GMT

ID Theft Victims Sue NCSoft in South Korea. greyfeld writes "South Korean lawyers have filed a class action lawsuit against NCSoft related to the identity theft of 230,000 people whose information was then used to register accounts on Lineage and Lineage2. From the Vnunet article: 'Most of the identify thefts took place over the past six months as underground gaming syndicates stole victims' official Korean ID numbers in hacking attacks and used them to register hundreds of thousands of Lineage accounts...the new accounts were then 'farmed' by low paid workers in Chinese gaming sweatshops to generate 'gold' and other game-world items that could be sold for real world cash.'" [Slashdot: Your Rights Online]

Google Moving Search Records Out of China.

Fri, 03 Mar 2006 22:47:50 GMT

Google Moving Search Records Out of China. Aims to prevent Chinese government access to records without Google permission. [PCWorld.com - Latest News Stories]

China's media censorship rattling world image.

Wed, 01 Mar 2006 02:31:41 GMT

China's media censorship rattling world image. The deposing of an editor is part of a two-year campaign to control public debate. [Christian Science Monitor | Top Stories]

Li verdict shows Yahoo played key role, group says.

Tue, 28 Feb 2006 22:32:53 GMT

Li verdict shows Yahoo played key role, group says. Yahoo Inc. played an important role in the Chinese government's prosecution of Li Zhi, Reporters Without Borders said Wednesday, citing a copy of the court's verdict to back up its claims. [Computerworld Privacy News]

Yahoo! link confirmed in second Chinese dissident case.

Mon, 27 Feb 2006 21:15:17 GMT

Yahoo! link confirmed in second Chinese dissident case.

'Auxiliaries of Beijing'

Court papers about cyberdissident Li Zhi confirm that Yahoo! collaborated with the Chinese authorities, according to media watchdog Reporters Without Borders. Yahoo! and local competitor Sina both provided evidence that allowed the Chinese to imprison Li.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]