Paul Hardwick: Companies

Google's Blog Software Hijacked by Scammers.

Sun, 18 Mar 2007 02:58:36 GMT

Google's Blog Software Hijacked by Scammers. Google's blogger.com is being hijacked to spread malware through fake blogs, a security vendor warns. [PC World: Latest Technology News]

Hackers Promise Month of MySpace Bugs.

Sun, 18 Mar 2007 01:58:02 GMT

Hackers Promise Month of MySpace Bugs. They won't divulge their real names, they call their project a "whiny, attention-seeking ploy," and they appear to take their fashion cues from Beastie Boys music videos. [PC World: Latest Technology News]

Administrivia: Possible unscheduled upgrade of Privacy Digest

Sun, 18 Mar 2007 01:39:04 GMT

Administrivia: Possible unscheduled upgrade of Privacy Digest.

I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.

There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.

Please let me know what you think.

HP Case Wraps Up but Pretexting Problems Remains.

Sun, 18 Mar 2007 01:26:39 GMT

HP Case Wraps Up but Pretexting Problems Remains. Although a new federal law makes pretexting illegal, it will likely remain a problem for phone companies and other potential victims of the practice. [PC World: Latest Technology News]

CEBIT : IBM researchers take on video surveillance privacy.

Sun, 18 Mar 2007 01:17:36 GMT

CEBIT : IBM researchers take on video surveillance privacy. IBM researchers are looking to tackle one of the thornier problems with video surveillance systems: How do you secure the privacy of innocent bystanders? [Computerworld Data Mining News]

Your Clickstream Data: 40 cents; Losing Your Privacy: Priceless.

Sun, 18 Mar 2007 01:15:54 GMT

Your Clickstream Data: 40 cents; Losing Your Privacy: Priceless.

Adam Fields points to this disturbing revelation that ISPs are apparently selling their customer[base ']s clickstream data. The guilty ISPs apparently took the same [base "]anonymization[per thou] seminar as AOL, merely replacing user names with User 1, User 2, etc.

And what kind of price are they charging for such a violation of user[base ']s privacy? About 40 cents a month per user. Unbelievable.

[michaelzimmer.org]

GoDaddy, Get a Backbone and Protect Your Users' Rights.

Sun, 18 Mar 2007 00:50:31 GMT

GoDaddy, Get a Backbone and Protect Your Users' Rights.

A few weeks back, we wrote about how domain name registrar GoDaddy took offline Seclists.org based merely on an informal request and without providing any meaningful notice to the site's operator. Unfortunately, this isn't the only instance in which GoDaddy has carelessly ignored its users' rights.

In February, EFF was contacted by an anonymous owner of a parody and criticism website forum that allegedly exposes the financial corruption and domestic scandal of a local politician in Birmingham, Alabama. As part of a civil case in family court, an attorney representing the politician's girlfriend issued a subpoena to GoDaddy seeking the identity of the website owner, who was not a party to the lawsuit.

With the website owner's right to anonymous speech on the line, what did GoDaddy do? It caved without any apparent hesitation, providing its customer with a mere three days to find a lawyer and decide whether to file a challenge. GoDaddy also refused to provide a copy of the subpoena, which included essential information to determine whether and how to respond.

GoDaddy promises in its privacy policy to turn over customers' information only if required by law, but its lawyers didn't give this subpoena even a shred of scrutiny. Had they done so, they could have seen it was clearly invalid -- GoDaddy is located in Arizona and Alabama state law doesn't permit a subpoena to be issued on someone out of state. That was the ultimate conclusion of the state judge who eventually quashed the subpoena, no thanks to GoDaddy.

Even putting aside this aspect of GoDaddy's casual disregard for its customer's interests, the company's behavior is shameful. The First Amendment limits the ability of litigants to pierce a speaker's anonymity, particularly when that person isn't even being sued. GoDaddy owes its customers meaningful notice, time, and information so that they can fight back and protect their rights.

With the help of lawyer Lewis Page, the anonymous website operator did manage to move to quash before it was too late. But GoDaddy's sloppy practices still put an unfair burden on this user and continue to threaten all of its customers' rights.

For what online service providers ought to do to protect their users, check out our best practice guide.

[EFF: Deep Links]

Injunction Against Companies Allegedly Engaged in ID Theft.

Fri, 16 Mar 2007 19:48:47 GMT

Injunction Against Companies Allegedly Engaged in ID Theft. "Combating identity theft is one of my top priorities in the consumer protection arena." [GT: Security and Privacy]

Visa Chief: Customer Data Theft Neither Random Nor Unavoidable - Software Technology News by InformationWeek

Fri, 16 Mar 2007 19:39:19 GMT

Although the use of the Internet to buy and sell online has introduced a slew of security concerns within the payment services industry, Visa USA president and CEO John Philip Coghlan insists that technology is the solution to combating fraud -- not the cause of it. Coghlan also pointed out during Visa's security summit in Washington, D.C., Thursday that data breaches are neither random nor inevitable if proper security measures are taken.

The TJX data breach "was a stark reminder to all of us that such events can have vast reach and consequences," Coghlan said. Such breaches create mistrust and can undermine efforts make to build a good brand image. But, he made clear, "the majority of compromises come from storage of prohibited data and using vulnerable systems to process data."

TJX, the parent company of retailers T.J. Maxx, Marshalls, HomeGoods, and others, made headlines in February when it revealed an attack on its systems had resulted in the theft of customer information. Just as the headlines were threatening to die down, TJX announced a few weeks later that intrusions into its system actually began as early as July 2005, rather than beginning in May 2006 as the company had originally reported.

While the exact nature of the TJX data breach has not yet been revealed, in general, financial information is stolen in a number of ways, including the physical theft of a wallet, checkbook, or credit card; theft of information from one's home from friends, relatives, or in-home employees; phishing messages that trick people into divulging information to fraudsters; hacks, viruses, and spyware on a PC or ATM machine; and a corrupt business employee with access to your records.

But data theft is not random. Instead, it's perpetrated against businesses with the weakest security and the most valuable information, Coughlin said Thursday, adding, "More than 80% of all dollars lost come from 20% of fraudulent transactions."

Security Watch - Visa - customer data theft neither random nor unavoidable

Fri, 16 Mar 2007 19:36:34 GMT

Very revealing speech last week by John Coughlan, Visa USA's CEO, who insists that the technology is available to prevent cardholder data falling into the wrong hands.

In a speech at Visa's security summit in Washington late last week, Coughlan said that cardholder data breaches are neither random nor inevitable if proper security measures are taken.

The TJX (TJ Maxx) data hack, he said, "was a stark reminder to all of us that such events can have vast reach and consequences."

According to Coughlan, such hacks can create mistrust and undermine efforts to build a positive brand image. But, he said, the majority of system compromises result from the storage of prohibited data and using vulnerable systems to process data.

RIAA Has to Disclose Attorneys Fees In Foster Case.

Fri, 16 Mar 2007 19:02:44 GMT

RIAA Has to Disclose Attorneys Fees In Foster Case. NewYorkCountryLawyer writes "The RIAA has been ordered to turn over its attorneys' billing records by March 26, 2007, in Capitol v. Foster in Oklahoma. The 4- page decision and order, issued in connection with the determination of the reasonableness of Ms. Foster's attorneys fees, requires the RIAA to produce the attorneys' time sheets, billing statements, billing records, and costs and expense records. The Court reviewed authorities holding that an opponent's attorneys fees are a relevant factor in determining the reasonableness of attorneys fees, quoting a United States Supreme Court case which held that 'a party cannot litigate tenaciously and then be heard to complain about the time necessarily spent by his opponent in response' (footnote 11 to City of Riverside v. Rivera)." [Slashdot: Your Rights Online]

NPR Takes First Step To Fight Internet Royalties.

Fri, 16 Mar 2007 18:57:50 GMT

NPR Takes First Step To Fight Internet Royalties. jmcharry sent in an article that opens, "After the Copyright Royalty Board (CRB) decided to drastically increase the royalties paid to musicians and record labels for streaming songs online, National Public Radio (NPR) will begin fighting the decision on Friday, March 16 by filing a petition for reconsideration with the CRB panel." [Slashdot: Your Rights Online]

Groklaw - Transcript of the March 7 Hearing in SCO v IBM

Fri, 16 Mar 2007 18:55:03 GMT

Here is the transcript of the March 7th hearing in SCO v IBM, the last of the summary judgment hearings transcripts. Thanks yet again to Chris Brown for arranging to obtain the transcripts.

On this day, Kimball was quite busy. He heard several motions, all the ones left over from the first two hearings on March 1 and March 5:

IBM's Motion for Summary Judgment on its Claim for Declaratory Judgment of Non-Infringement (Tenth Counterclaim) (PDF) -- asking for a judgment that the Linux kernel does not infringe copyrights owned by SCO
IBM's Motion for Summary Judgment on its Claim of Copyright Infringment (Eighth Counterclaim) -- IBM's counterclaim regarding SCO's violation of the GPL and consequent copyright infringment -- (PDF)
SCO's cross motion in which it tries to say it never violated the GPL (if you spin the wording their way) (PDF) and
SCO's motion for Summary Judgment on IBM's Second, Third, Fourth, and Fifth Counterclaims (PDF) -- SCO's motion trying to get SCO off the hook for all the trash talk in the media.

On this day, we learn from IBM's attorney, David Marriott that the "mountain of code" SCO's CEO Darl McBride told the world about from 2003 onward ends up being a measly 326 lines of noncopyrightable code that IBM didn't put in Linux anyway.

On the other hand, SCO has infringed all 700,000 lines of IBM's GPL'd code in the Linux kernel.

SCO's GPL defense is of the lip-curling variety and quite funny. And it's also quite amusing to watch SCO try to wriggle out of responsibility for all the trash talk its executives treated us to in its PR campaign.

The Score is IBM - 700,000 / SCO - 326.

Fri, 16 Mar 2007 18:52:31 GMT

The Score is IBM - 700,000 / SCO - 326. The Peanut Gallery writes "After years of litigation to discover what, exactly, SCO was suing about, IBM has finally discovered that SCO's 'mountain of code' is only 326 scattered lines. Worse, most of what is allegedly infringing are comments and simple header files (like errno.h). These probably aren't copyrightable for being unoriginal and dictated by externalities and aren't owned by SCO in any event. Above and beyond that, IBM has at least five separate licenses for these elements, including the GPL, even if SCO actually owned those lines of code. In contrast IBM is able to point out 700,000 lines of code, which they have properly registered copyrights for, which SCO is infringing upon if the Court rules that it repudiated the GPL." [Slashdot: Your Rights Online]

RIAA to Universities: Help Us Threaten Your Students.

Fri, 16 Mar 2007 18:43:13 GMT

RIAA to Universities: Help Us Threaten Your Students.

Not content with wasting universities' resources via their usual tactics--i.e., flooding them with machine-generated complaints about file sharing--the major record labels are now demanding that universities help them shake down students.

The RIAA has asked universities and colleges to forward "pre-lawsuit" letters to alleged filesharers that promise a "discounted" settlement price if the student agrees to pay up immediately. Forwarding the letters saves the RIAA the trouble and expense of filing a lawsuit to obtain students' contact information--a savings that may be redirected to more lawsuits.

To add insult to injury, the letters advise students to contact the RIAA if they have any questions. It's safe to say that the RIAA is unlikely to give students the full picture. For example, will the RIAA tell students that parents are generally not liable for infringements committed by their kids, or that the record labels sometimes sue the wrong people? Probably not.

We think students should seek out less biased sources of information--and their institutions should assist in that process. Toward that end, we've put together a short FAQ to help students learn more about their options; we hope colleges and universities that forward the RIAA's threat letter will take the additional step of directing students to this FAQ as well as other neutral information sources.

Of course, the RIAA should not be putting universities in this perverse position in the first place. If you'd like to help academic institutions get back to their real mission--educating students, not helping to threaten them--Take action now to help stop the lawsuit campaign.

[EFF: Deep Links]

Beeb shuts down Jam education website.

Fri, 16 Mar 2007 18:40:35 GMT

Beeb shuts down Jam education website.

Internet no place for free stuff, says EC

The BBC has suspended its free online education website after complaints from commercial providers.

[The Register - Music and Media]

How SMBs Eliminate IT Threats with Proactive Security.

Thu, 15 Mar 2007 19:19:14 GMT

How SMBs Eliminate IT Threats with Proactive Security. (Source: MessageLabs) In this exclusive Webcast, Chris Christiansen and a panel of security experts will examine the fundamental link between IT security and its effects on business health. [Computerworld Privacy News]

Google's New Plan to "Anonymize" Search Logs: A Good First Step, But More Is Needed.

Thu, 15 Mar 2007 19:05:57 GMT

Google's New Plan to "Anonymize" Search Logs: A Good First Step, But More Is Needed.

After years of criticism from EFF and other privacy advocates, Google announced yesterday a new policy on how it handles logs of its users' searches: after 18-24 months, it will delete key information in its server logs that could be used to link particular users to records of their search queries.

This is a big change from Google's previous policy, which was essentially to keep all of those logs forever in identifiable form, and we're certainly glad to see that Google is starting to limit its retention of such sensitive data. Your Google search history can paint an intimate portrait of your most private interests and concerns. Particularly in light of the disastrous AOL search terms disclosure, recent scandals involving government surveillance, and Google's own recent court fight with the government over a subpoena for search records, it seems that Google has finally realized that limiting the retention of such records is essential to protecting your privacy.

Hopefully, Google's change in policy will spur other online service providers to consider how they can minimize the amount of personal data that they store, and perhaps even prompt competition between service providers to offer the most privacy-protective services. However, we hope that this new announcement is only Google's first step in changing its privacy practices, because additional changes would better protect user privacy and set an even better example for the industry:

Google should shorten the retention period for identifiable logs to six months at the outside, and ideally to only thirty days (which is AOL's retention limit for similar logs). Barring this, it should at least justify why it needs such records for up to two years, beyond offering one-sentence platitudes about how such records are used to improve Google's service.
Google should also shorten the retention of the "anonymized" logs, which Google apparently still intends to keep forever. As Google itself admits, the new policy changes still don't guarantee users' anonymity, and holding onto those records indefinitely still poses a serious private threat.
Therefore, Google should consider more robust anonymization techniques, up to and including scrubbing entire IP addresses rather than just the last quarter or "octet" of such addresses.
Finally, Google should expand its new anonymization policy to include the search records of users with Google Account log-ins, and to records generated by their myriad other services, rather than limiting the policy change to regular search logs.

Beyond making these additional policy changes, there's one more thing that Google should be doing[~]something we think it actually has a duty to do as a good corporate citizen and as a preeminent Internet powerhouse[~]and that is using its considerable political clout to fight for better Internet privacy laws on Capitol Hill. Right now, there are significant questions as to whether or how Internet search logs are protected by existing federal privacy laws, and Google owes it to its customers to publicly advocate for updating those privacy laws for the 21st century.

[EFF: Deep Links]

Comments on Google's Privacy Announcement.

Thu, 15 Mar 2007 18:22:07 GMT

Comments on Google's Privacy Announcement. Greetings. Google has announced significant changes to their data retention policy. Since I'm already being asked for my opinion regarding their announcement, I'm sending this out now rather selfishly to avoid having to generate a large number of individual responses... [Lauren Weinstein's Blog]

Google adding search privacy protections | CNET News.com

Thu, 15 Mar 2007 18:21:06 GMT

Google is changing its data retention practices to make it harder to identify the specific computers used in searches.

Google's servers log information every time someone conducts a Web search, keeping data such as the keywords used, the Internet Protocol address or unique number assigned to that person's computer, and information from Web cookies, which are small bits of data exchanged between a server and a Web browser each time the browser accesses the server. Cookies are used to authenticate the user and maintain information such as the user's site preferences.

Currently, Google maintains the search data logs indefinitely. Under the new policy announced on Wednesday, which Google expects to have fully implemented by the end of the year, the company will anonymize the final eight bits of the IP address and the cookie data after somewhere between 18 months and 24 months, unless legally required to retain the data for longer. The information on specific searches will remain indefinitely, but it will be much harder to tie the searches to specific individuals or computers.

"Logs anonymization does not guarantee that the government will not be able to identify a specific computer or user, but it does add another layer of privacy protection to our users' data," the company said.

The policy change will apply to future Web search data as well as archived logs and all copies of the data stored on other servers, Google said. Users will be able to opt out of the practice and request that their search data be maintained indefinitely.

Privacy advocates in general said Google's policy change is a step in the right direction but not nearly enough to really protect Web searchers from overzealous law enforcers. Keeping the search histories could enable investigators and governments to get to all sorts of personal information about people, they argue.

"I don't think the Google proposal is adequate. This period is too long and it's not in fact data destruction, it's more data de-identification, and that should be happening in 18 to 24 hours, not months," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "I'm not persuaded that this isn't still a ticking time bomb for Google's search engine."

Richard M. Smith, an Internet security and privacy consultant at Boston Software Forensics, said Google should never be archiving the IP address and cookies on servers. "Google should not be in the spy business," he said. "By logging IP addresses and search strings they are running the largest intelligence operation in the world."

Anonymizing the last eight bits of the IP address effectively would enable investigators to narrow the IP address down to 256 possible computers or users. That would be similar to obscuring the last digit in someone's street address.

[...]

Kevin Bankston, staff attorney at the Electronic Frontier Foundation, said he would like to see Google scrub the entire IP address within six months, but praised Google for making this "positive first step."

"We hope other online service providers will heed this example and work to minimize the amount of data they keep about their customers," Bankston said.

[...]

The risks associated with Web search data were highlighted last August when AOL inadvertently exposed on the Internet the search history of more than 650,000 of its users. The move prompted widespread criticism from privacy advocates and Congress and the filing of a complaint against AOL with the Federal Trade Commission, as well as the firing of two AOL employees and the resignation of its chief technology officer and a class action lawsuit.

Google To Anonymize Data -- Updated WIRED Blogs: 27B Stroke 6

Thu, 15 Mar 2007 18:15:53 GMT

Googleis reversing a long-standing policy to retain all the data on its users indefinitely, and by the end of the year will begin removing identifying data from its search logs after 18 months to two years, depending on the country the servers are located in.

Currently, Google retains indefinitely detailed server logs on its search engine users, including user's IP addresses - which can identify a user's computer, the query, any result that is clicked on, their browser and operating system, among other details. Even if a user never signs up for a Google account, those searches are all tied together through a cookie placed on the user's computer, which currently expires in 2038.

The new policy will be global, but there will be variances by country, especially in Europe where a data retention rule passed in 2005 requires ISPs and phone companies to keep data from six months to two years. After that time period, Google will "anonymize" the search data from web and image searches by dropping either the second half or last quarter of I.P. addresses, thus turning an address such as 127.0.34.35into127.0or127.0.34. The goal is to make it technically impossible to retroactively tie a query back to a computer, unless the query included identifying information.

User logs from services that require log-ins, such as personalized search, Google Documents and Gmail will not be subject to this policy. Those services are governed by their own privacy policies. More can be found on this at Google's official blog announcement.

Civil libertarians have long criticized the search giant's hoarding for data, saying that the data store created an attractive target for law enforcement and civil suits. Google successfully quashed a Justice Department request for large chunks of user data in 2005.

Google To "Anonymize" Personal Data after 18-24 Months.

Thu, 15 Mar 2007 18:12:41 GMT

Google To "Anonymize" Personal Data after 18-24 Months.

Google made a major announcement today that by the end of the year will begin removing identifying data from its search logs after 18 -24 months:

When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details. Previously, we kept this data for as long as it was useful. Today we're pleased to report a change in our privacy policy: Unless we're legally required to retain log data for longer, we will anonymize our server logs after a limited period of time. When we implement this policy change in the coming months, we will continue to keep server log data (so that we can improve Google's services and protect them from security and other abuses)--but will make this data much more anonymous, so that it can no longer be identified with individual users, after 18-24 months.

They've released a log retention FAQ (PDF) with more details, including how they will "anonymize" the log data:

What does it mean to anonymize the logs?
We will change some of the bits in the IP address in the logs as well as change the cookie information. We're still developing the precise technical methods and approach to this, but we believe these changes will be a significant addition to protecting user privacy.

How do these anonymizing measures protect user privacy?
Changing the bits of an IP address makes it less likely that the IP address can be associated with a specific computer or user. Cookie anonymization makes it less likely that a cookie can be used to identify a user.

Do these changes guarantee anonymization?
It is difficult to guarantee complete anonymization, but we believe these changes will make it very unlikely users could be identified.

This is an important and promising step towards greater privacy and protection of personal search history records. But remember, AOL thought they had released anonymized data as well. Just because and IP and cookie has been modified doesn't mean that user privacy is ensured. The preferred solution would be for Google to purge the data altogether after, or just don't collect it in the first place.

Unfortunately I don't have much time for further analysis (baby, dissertation, oh my!), but 27B Stroke 6 is on top of it, and CNet has reaction from CDT, EFF, and others.

michaelzimmer.org]

Google to anonymize user data.

Thu, 15 Mar 2007 18:03:25 GMT

Google to anonymize user data.

It's about time

Google is to discard some of the information it stores about user search requests in an effort to address concerns by privacy watchdogs and defend itself against government demands for data.

[The Register - Music and Media]

Google to Make Search Logs Anonymous.

Thu, 15 Mar 2007 18:01:09 GMT

Google to Make Search Logs Anonymous. Google announced today that it will start making its records about users' searches anonymous after 18 to 24 months. [PC World: Latest Technology News]

Sun CSO: Endless Internet Growth Keeps Security on Back Burner.

Wed, 14 Mar 2007 20:07:25 GMT

Sun CSO: Endless Internet Growth Keeps Security on Back Burner. Q&A: Whitfield Diffie, chief security officer at Sun and co-inventor of public-key cryptography, talks about the state of computer security and Microsoft[base ']s role in it. [Computerworld Privacy News]

Medical data on Blue Cross members may be lost | CNET News.com

Wed, 14 Mar 2007 19:45:41 GMT

WellPoint, one of the nation's largest health insurers, has begun notifying 75,000 members of its Empire Blue Cross and Blue Shield unit in New York that a CD holding their vital medical and other personal information has disappeared.

The information was on an unencrypted disc that a subcontractor recently sent to Magellan Behavioral Services, a company in Avon, Conn., that specializes in monitoring and coordinating mental health and substance abuse treatments for insurance companies.

Empire began notifying the affected consumers by mail on Saturday that their records--including their names, Social Security numbers, health plan identification numbers and description of medical services back to 2003--had been lost.

[...]

Before shipping the information to Magellan, the coding and passwords that protect the privacy of the information was removed by a Magellan subcontractor, Lisa Ann Greiner, an Empire spokeswoman, said Tuesday.

Janlori Goldman, the director of the Health Privacy Center, a nonprofit organization in Washington, said the error was an "egregious breach of privacy." She said that insurance companies were responsible under a federal privacy law for ensuring that their contractors use adequate security procedures.

Greiner said that the subcontractor, Health Data Management Services, worked for Magellan, not Empire. "If any contract was breached, we are going to take direct action," she said.

SignOnSanDiego.com > Technology -- Official: Yahoo didn't violate laws in case of jailed journalist

Wed, 14 Mar 2007 19:43:01 GMT

HONG KONG - Investigators said Wednesday there was not enough evidence to show that Yahoo Inc.'s Hong Kong branch provided private information that helped convict a Chinese reporter accused of leaking state secrets.

The case raised questions about whether Internet companies should cooperate with governments that deny freedom of speech and frequently crack down on journalists.

Yahoo! Hong Kong Limited was accused of helping Chinese authorities by Hong Kong lawmaker Albert Ho, who filed a complaint last year with the city's privacy commissioner. Ho alleged the Internet company provided information that helped convict journalist Shi Tao, sentenced to 10 years in jail in 2005 on mainland China.

Google Cooperating with Mumbai & Brazilian Police.

Wed, 14 Mar 2007 15:39:49 GMT

Google Cooperating with Mumbai & Brazilian Police.

Boing Boing has two good posts detailing how Google has been cooperating with Mumbai and Brazilian authorities to help censor content and track down offenders on their Orkut social networking service.

In the Mumbai case:

The Indian Express and other regional media are reporting that Google[base ']s social networking service Orkut will cooperate with the Mumbai Police to share IP addresses of users who post [base ']Äúobjectionable content[base ']Äù on Orkut. If reports are to be believed, the police need only email a complaint to Orkut, and Orkut will send back the personally identifying data, no questions asked.

The police are said to be targeting a number of [base "]problematic[per thou] Orkut posts, including items that criticize various public figures in India, others that glorify Indian mobsters, and [base "]anti-Indian words.[per thou] The latter probably has to do with a group on Orkut called [base "]I Hate India,[per thou] which pissed off Indian officials so much, they decided to sue Google over it last October.

And the Brazilian matter:

Google has designed a special Orkut admin tool for deleting or blocking illegal content, and given Brazilian police access to this tool. This means that if you[base ']re on Orkut and you say something that in Brazil could be considered illegal (such as celebrity gossip, Consumerist-style corporate bashing, mistreating animals), the Brazilian police can censor the community where this [base "]illegal[per thou] speech is seen.

Much more if you follow the links.

[michaelzimmer.org]

Viacom, YouTube, and Privacy.

Wed, 14 Mar 2007 15:36:38 GMT

Viacom, YouTube, and Privacy.

Yesterday[base ']s top tech policy story was the copyright lawsuits filed by Viacom, the parent company of Comedy Central, MTV, and Paramount Pictures, against YouTube and its owner Google. Viacom[base ']s complaint accuses YouTube of direct, contributory, and vicarious copyright infringement, and inducing infringement. The complaint tries to paint YouTube as a descendant of Napster and Grokster.

Viacom argues generally that YouTube should have done more to help it detect and stop infringement. Interestingly, Viacom points to the privacy features of YouTube as part of the problem, in paragraph 43 of the complaint:

In addition, YouTube is deliberately interfering with copyright owners[base '] ability to find infringing videos even after they are added to YouTube[base ']s library. YouTube offers a feature that allows users to designate [base "]friends[per thou] who are the only persons allowed to see videos they upload, preventing copyright owners from finding infringing videos with this limitation[sigma]. Thus, Plaintiffs cannot necessarily find all infringing videos to protect their rights through searching, even though that is the only avenue YouTube makes available to copyright owners. Moreover, YouTube still makes the hidden infringing videos available for viewing through YouTube features like the embed, share, and friends functions. For example, many users are sharing full-length copies of copyrighted works and stating plainly in the description [base "]Add me as a friend to watch.[per thou]

Users have many good reasons to want to limit access to noninfringing uploaded videos, for example to make home movies available to family members but not to the general public. It would be a shame, and YouTube would be much less useful, if there were no way to limit access. Equivalently, if any copyright owner could override the limits, there would be no privacy anymore [~] remember that we[base ']re all copyright owners.

Is Viacom really arguing that YouTube shouldn[base ']t let people limit access to uploaded material? Viacom doesn[base ']t say this directly, though it is one plausible reading of their argument. Another reading is that they think YouTube should have an extra obligation to police and/or filter material that isn[base ']t viewable by the public.

Either way, it[base ']s troubling to see YouTube[base ']s privacy features used to attack the site[base ']s legality, when we know those features have plenty of uses other than hiding infringement. Will future entrepreneurs shy away from providing private communication, out of fear that it will be used to brand them as infringers? If the courts aren[base ']t careful, that will be one effect of Viacom[base ']s suit.

Carriers mum on DoJ report that FBI abused powers - Network World

Tue, 13 Mar 2007 20:57:01 GMT

Three carriers would not discuss the U.S. Department of Justice findings that the FBI overstepped its authority in accessing private phone records in investigations of terrorism or espionage suspects under the Patriot Act.

Neither AT&T, Verizon nor Qwest would comment on the matter in which a Justice Department audit released Friday determined the FBI, without a court order, improperly exercised Patriot Act powers to obtain phone, credit and Internet records of suspected terrorists and spies.

Three Indicted for Alleged Online Brokerage Scam.

Tue, 13 Mar 2007 20:11:34 GMT

Three Indicted for Alleged Online Brokerage Scam. A federal grand jury indicted three people on charges of conspiracy, fraud, and aggravated identity theft related to a "high-tech" scheme to hijack online brokerage accounts. [PC World: Latest Technology News]

McAfee Says Vista's StickyKeys Could Be Misused.

Tue, 13 Mar 2007 20:02:15 GMT

McAfee Says Vista's StickyKeys Could Be Misused. A Windows Vista feature designed to simplify computing for disabled users has security implications, according to a McAfee researcher. [PC World: Latest Technology News]

Secure your enterprise data.

Tue, 13 Mar 2007 19:57:32 GMT

Secure your enterprise data. For DuPont, Gary Min may have seemed a model employee. A research chemist at DuPont's research laboratory in Circleville, Ohio, Min was a naturalized U.S. citizen with a doctorate from the University of Pennsylvania who had worked for DuPont for 10 years, even earning a business degree from Ohio State University with help from his employer. But Min's veneer of respectability began to crack on Dec. 12, 2005, when he told his employer he would be leaving his job. [CSO Online Data Security Briefing]

EFF Kills Bogus Clear Channel Patent.

Tue, 13 Mar 2007 19:55:43 GMT

EFF Kills Bogus Clear Channel Patent.

Patent Busting Project Wins Victory for Artists and Innovators

San Francisco - The U.S. Patent and Trademark Office (PTO) has announced it will revoke an illegitimate patent held by Clear Channel Communications after a campaign by the Electronic Frontier Foundation (EFF).

The patent covered a system and method of creating digital recordings of live performances. Clear Channel claimed the bogus patent created a monopoly on all-in-one technologies that produce post-concert digital recordings and threatened to sue those who made such recordings. This locked musical acts into using Clear Channel technology and blocked innovations by others.

However, EFF's investigation found that a company named Telex had in fact developed similar technology more than a year before Clear Channel filed its patent request. EFF -- in conjunction with patent attorney Theodore C. McCullough and with the help of Lori President and Ashley Bollinger, students at the Glushko-Samuelson Intellectual Property Clinic at American University's Washington College of Law -- asked the PTO to revoke the patent based on this and other extensive evidence.

"Bogus patents like this one are good examples of what's wrong with the current patent system," said EFF Staff Attorney Jason Schultz. "We're glad that the Patent Office was willing to help artists and innovators out from under its shadow."

The Clear Channel patent challenge was part of EFF's Patent Busting Project, aimed at combating the chilling effects bad patents have on public and consumer interests. The Patent Busting Project seeks to document the threats and fight back by filing requests for reexamination against the worst offenders.

"The patent system plays a critical role in business and the economy," said McCullough. "Everyone loses if we allow overreaching patent claims to restrict the tremendous benefits of new software and technology development."

For the notice from the Patent Office:
http://www.eff.org/patent/wanted/clearchannel/notice_of_intent_to_cancel.pdf

For more on EFF's Patent Busting Project:
http://www.eff.org/patent

Contacts:

Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org

Theodore C. McCullough
Registered Patent Attorney
theo702000@yahoo.com

[EFF: Breaking News]

American Studios' Secret Plan to Lock Down European TV Devices.

Tue, 13 Mar 2007 19:53:46 GMT

American Studios' Secret Plan to Lock Down European TV Devices.

EFF Exposes Standards Jeopardizing Innovation and Consumer Rights

San Francisco - An international consortium of television and technology companies is devising draconian anti-consumer restrictions for the next generation of TVs in Europe and beyond, at the behest of American entertainment giants.

The Electronic Frontier Foundation (EFF) is the only public interest group to have gained entrance into the secretive meetings of the Digital Video Broadcasting Project (DVB), a group that creates the television and video specifications used in Europe, Australia, and much of Asia and Africa. In a report released today, EFF shows how U.S. movie and television companies have convinced DVB to create new technical specifications that would build digital rights management technologies into televisions. These specifications are likely to take away consumers' rights, which will subsequently be sold back to them piecemeal -- so entertainment fans will have to pay again and again for legitimate uses of lawfully acquired digital television content.

"DVB is abetting a massive power grab by the content industry, and many of the world's largest technology companies are simply watching," said Ren Bucholz, EFF Policy Coordinator, Americas. "This regime was concocted without input from consumer rights organizations or public interest groups, and it shows."

Despite recent record profits, American movie and television studios insist that new technologies could ruin their industry. In past battles against innovation, these same studios sued to block the sale of the VCR and the first mass-marketed digital video recorder in the U.S. Having failed in those efforts, they have now turned to creating technical standards that, when backed by law, are likely to restrict consumers' existing rights and threaten the future of technological innovation.

With DVB, the plan begun by entertainment companies in the U.S. has now gone global. EFF's report is aimed at alerting European consumer groups and consumers about the dangers posed by the proposed standards and providing informational resources for European regulators.

"DVB members' active indifference, even hostility, to user rights is shameful," said EFF Staff Technologist Seth Schoen. "When American studios ask for regulatory support for restrictions pushed through the DVB Project, public officials must stand up for consumer rights, sustain competition and innovation, and tell Hollywood to back off."

For the full report:
http://www.eff.org/IP/DVB/dvb_briefing_paper.php

EFF's 2005 Submission to the U.K. Department of Media, Sports and Culture:
http://www.eff.org/IP/DVB/dvb_critique.php

Contacts:

Ren Bucholz
Policy Coordinator, Americas
Electronic Frontier Foundation
ren@eff.org

Seth Schoen
Staff Technologist
Electronic Frontier Foundation
seth@eff.org

[EFF: Breaking News]

Google Aids Indian Goverment Censorship.

Tue, 13 Mar 2007 02:36:33 GMT

Google Aids Indian Goverment Censorship. An anonymous reader writes "Google's Orkut has made a deal to provide IP addresses of posters of content deemed objectionable by Bombay police. They object, among others, to posts against certain Indian personalities, young women admiring Indian mobsters, and, amazingly, "anti-Indian words" (!)." [Slashdot]

Spying Too Secret for the Courts.

Tue, 13 Mar 2007 02:33:23 GMT

Spying Too Secret for the Courts. AT&T and the government tell an appeals court that the case against the telecom for allegedly helping the government spy on Americans is too secret for any court, despite the Administration's admission it did spy on Americans without warrants. [Wired News: Top Stories]

courant.com | Our I.D., Their Trash - Sensitive Records Turn Up In Ohio

Mon, 12 Mar 2007 20:41:49 GMT

Papers with sensitive information about Connecticut residents - Social Security numbers, medical records, names, phone numbers, addresses and bank records began blowing from an Ohio landfill onto nearby homeowner Harry Evans' yard months ago.

At first he just picked up the litter - dozens of papers in all - and threw it away. But about a week ago, Evans says, he talked with his wife about the personal nature of some of the windblown papers and decided he'd had enough. He called the local media. Soon, newspaper and TV reporters descended on his home in Negley.

'Do the Right Thing'. Editorial

Mon, 12 Mar 2007 20:32:08 GMT

'Do the Right Thing'. Editorial: There is no greater hallmark of an IT leader than the courage it takes to do what[base ']s right, says Don Tennant. [Computerworld Privacy News]

Seagate Ships Super-Secure Hard Disk Drive.

Mon, 12 Mar 2007 20:18:52 GMT

Seagate Ships Super-Secure Hard Disk Drive. ASI Computer Technologies will use the automatically encrypted Momentus in a laptop. [PC World: Latest Technology News]

Conn. lawmakers want MySpace, others to verify user ages.

Sun, 11 Mar 2007 17:32:38 GMT

Conn. lawmakers want MySpace, others to verify user ages. Connecticut lawmakers are pushing a bill that would require age verification rules for social networking sites and would allow parents more control over their children's pages. [Computerworld Privacy News]

Open-source ID project awaits Microsoft's blessing | CNET News.com

Fri, 09 Mar 2007 20:42:06 GMT

An open-source rival to a Microsoft identity tool has been in limbo for months, awaiting the software giant's go-ahead on certain patent-related issues.

Developers working on the Higgins project want to create a tool equivalent to Microsoft's Windows CardSpace, but fear the software giant's legal wrath if they don't receive permission on certain features. Although parts of the project continue to move forward, proponents say it may not reach its full potential without Microsoft's help.

"There are some pieces that we would not be able to release that we would like to," Mary Ruddy, a Higgins project leader, said Thursday. "We want to make sure that the intellectual property for all of our open-source projects is really clean, so that people can feel confident about using our code."

In September, Microsoft pledged not to assert its patents pertaining to nearly three dozen Web services specifications. That did help the Higgins project, but developers say that wasn't enough to help them deliver all the features they hope to. They have asked Microsoft to provide guarantees that it won't sue on other parts of its intellectual property.

Open-Source ID Project Awaits Microsoft's Blessing.

Fri, 09 Mar 2007 20:39:39 GMT

Open-Source ID Project Awaits Microsoft's Blessing. An anonymous reader writes to mention that an open-source alternative to Microsoft's CardSpace tool has been on hold for months while they await patent blessing from the Redmond software giant. "While CardSpace is available on Windows, one goal of the Higgins project is to cover other operating systems. Higgins wants to offer an open-source alternative that works on Windows and on alternatives such as Linux and Mac OS X. The application would work similarly to CardSpace." [Slashdot]

Justice: FBI misused Patriot Act powers - Yahoo! News

Fri, 09 Mar 2007 20:34:53 GMT

The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

Attorney General Alberto Gonzales, who oversees the FBI, described the problems cited in the report as unacceptable and left open the possibility of criminal charges. He ordered further investigation.

"Once we get that information, we'll be in a better position to assess what kinds of steps should be taken," Gonzales told reporters following a speech to privacy officials.

[...]

The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

"In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded.

In a letter to Fine, Gonzales asked the inspector general to issue a follow-up audit in July on whether the FBI had followed recommendations to fix the problems.

"To say that I am concerned about what has been revealed in this report would be an enormous understatement," Gonzales told the privacy officials. "Failure to adequately protect information privacy simply is a failure to do our jobs."

Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI -- and perhaps limit its power.

"The report indicates abuse of the authority" Congress gave the FBI, said Senate Judiciary Committee Chairman Patrick Leahy (news, bio, voting record), D-Vt. "You cannot have people act as free agents on something where they're going to be delving into your privacy."

The committee's top Republican, Pennsylvania Sen. Arlen Specter (news, bio, voting record), said the FBI appears to have "badly misused national security letters." The senator said, "This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized."

Sen. Russ Feingold (news, bio, voting record), D-Wis., another member on the panel that oversees the FBI, said the report "proves that 'trust us' doesn't cut it."

The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information. "The Attorney General and the FBI are part of the problem and they cannot be trusted to be part of the solution," said Anthony D. Romero, the ACLU's executive director.

The Local - Olofsson claims Sweden has tapped phones 'for decades'

Fri, 09 Mar 2007 20:23:29 GMT

Deputy prime minister Maud Olofsson has added a new twist to Sweden's divisive surveillance debate. The Centre Party leader claims that defence minister Mikael Odenberg's proposed legislation would merely codify practices that have already been in operation for decades.

Previously, at a time when all telecommunications were state-operated, Sweden's National Defence Radio Establishment (FÃ¶rsvarets Radioanstalt - FRA) regularly tapped telephone lines in and out of the country, says Olofsson.

Symantec: Adult Spam Down, Image Spam Climbs.

Fri, 09 Mar 2007 20:04:44 GMT

Symantec: Adult Spam Down, Image Spam Climbs. New study finds spammers now focus on health-related products and general product pitches. [PC World: Latest Technology News]

NHL Union Denies E-mail Spying.

Fri, 09 Mar 2007 03:55:23 GMT

NHL Union Denies E-mail Spying. The union's chief Ted Saskin denies monitoring player's e-mails, pointing fingers at his predecessor Bob Goodenow, who also denied the spying allegations. By the Associated Press. [Wired News: Top Stories]

State Eyes Age Checks for MySpace.

Fri, 09 Mar 2007 03:36:59 GMT

State Eyes Age Checks for MySpace. Connecticut legislators want to force social-networking sites to verify users' ages and lock down parents' permission before minors can post personal profiles. By the Associated Press. [Wired News: Security Blanket]

Now on the menu at Ruby Tuesday: Better security.

Fri, 09 Mar 2007 03:30:36 GMT

Now on the menu at Ruby Tuesday: Better security. Spurred by the growing list of data breaches that have plagued other companies in recent years, restaurant chain Ruby Tuesday is moving to strengthen its credit card security efforts. [Computerworld Privacy News]

Telecoms.com - Telecoms industry "worst for consumer privacy"

Thu, 08 Mar 2007 23:27:48 GMT

The telecoms industry has been accused of collecting excessive amounts of personal data from its customers, with telecom firms faring worse for privacy than companies in other industries.

The accusations come in the "First Quarter 2007 Online Customer Respect Study of the Telecommunications Industry", from international research...

Editor: Just this teaser unless you register at their site.

heise Security - All Microsoft updates phone home

Thu, 08 Mar 2007 22:54:34 GMT

Possibly as a reaction to heise Security's report that Windows Genuine Advantage Notification sends back data to Redmond even when users choose to terminate its installation, a Microsoft developer using the pseudonym alexkoc has now posted an entry in the WGA blog. There he reveals that every update that flows through Windows Update at the very least informs Microsoft about whether the installation was successful or not.

In the Privacy Statement of Windows Update Microsoft grants itself fairly far-reaching rights. Thus the information collected by the Redmond-based behemoth includes the computer make and model, version information for the operating system, browser, and any other Microsoft software for which updates might be available, Plug&Play ID numbers of hardware devices, region and language setting, Globally Unique Identifier (GUID), Product ID and Product Key, BIOS name, revision number, and revision date. By way of justifying Microsoft's approach, alexkoc writes that the EULA, likewise presented by the WGA installer, also covered the relaying of such information.

With some updates such as the WGA Notification, the installer transmits data that Microsoft says it merely requires for quality control purposes and to improve the installer itself. The WGA package thus, among other things, sends back an event code. To calm the fears of users, alexkoc presents a graphic explaining the various fields of such a data packet.

When the product IDs and product keys found belong to legal software, Microsoft will delete the data right away; only in cases of suspected software piracy will it store the data, the company has said. In the blog, the company once again explicitly states that it does not use the information gathered to identify or contact users.

All Microsoft Updates Phone Home.

Thu, 08 Mar 2007 22:49:17 GMT

All Microsoft Updates Phone Home. juct writes "In the wake of heise Security's report on the garrulous WGA Notification, Microsoft has now supplied additional details on the data sent. They have revealed to developers that apparently all updates relay information to the company in Redmond." [Slashdot: Your Rights Online]

SEC Suspends Trading for 35 Companies Due to Spam.

Thu, 08 Mar 2007 22:46:03 GMT

SEC Suspends Trading for 35 Companies Due to Spam. The U.S. Securities and Exchange Commission says the companies allegedly benefited from spam e-mail campaigns to hype their stocks. [PC World: Latest Technology News]

Vishing: Dialing for Dollars, Part II.

Thu, 08 Mar 2007 22:41:03 GMT

Vishing: Dialing for Dollars, Part II.

Security Fix received a copy of a new scam e-mail targeting Bank of America customers that is likely to con quite a few folks before it is shut down.

Sure, Bank of America is hit by this sort of thing all the time. It's the fourth most popular target for "phishing" scams that use e-mail to lure people into giving away their data at counterfeit sites, according to stats just released by PhishTank. But this is one of the more convincing voice phishing or "vishing" attacks I've seen yet.

Vishing scams start with an e-mail lure that asks the recipient to call a specific 1-800 number to settle some matter with his or her account. The numbers usually are connected to an automated system that asks the caller to key in data from a credit card -- the 16-digit account number, the expiration date and the three-digit security code on the back.

This new Bank of America scam has the same elements, but its execution is nearly flawless (unlike the majority of previous vishing scams Security Fix has seen, which either bungle the voice mail system or use a lure full of poor spelling and grammar). It informs the recipient that his account has been suspended because it was used to purchase "obscene or certain sexually oriented goods or services." From the e-mail:

"We are hereby notifying you that, after a recent review of your account activity, it has been determined that you are in violation of Bank of America's Acceptable Use Policy. Therefore, your account has been temporarily limited for: hotjasmin.com cam shows. In order to remove the limit please call our TOLL FREE number [omitted]." That domain is registered to a guy in the Netherlands, but it's currently inactive.

I recorded a short snippet of the first 45 seconds or so of the automated phone message used in this attack. If the you enter the requested information, the voice then asks for your bank PIN: "Bank of America asks for your PIN in order to verify your identity. This also enables us to assist federal authorities in order to prevent money laundering and other illegal activities."

Generally, it's a good idea not to even dial these bogus 1-800 numbers, as you're essentially giving the scammers your phone number, a key piece of your personal data. It's also a good idea to be very suspicious of e-mails that ask you to call any number. When in doubt, open up a browser Window and find the official Web site of your financial institution, then look up the customer-service number listed there.

[Security Fix]

Patch Reprieve for March's Black Tuesday.

Thu, 08 Mar 2007 22:03:31 GMT

Patch Reprieve for March's Black Tuesday.

Windows PC users and corporate system administrators worldwide will earn a reprieve from Redmond next week. Microsoft said today it has no plans to release new software security updates this month.

It's not as if there aren't any outstanding security flaws that Microsoft could fix this month, but the situation could be a lot worse.

Perhaps Redmond is simply being kind to corporate IT folk, many of whom are working hard to update their companies' software and hardware for the early daylight saving switch this weekend: For the first time in 20 years, daylight saving time will not start on the first Sunday in April. Instead, it will begin three weeks earlier, at 2 a.m. on the second Sunday in March, the 11th. Our IT staff has sent numerous e-mails to laptop users to drop by and make sure the Macs and PCs are all up to date. (Apple and Microsoft have already pushed out patches to address this issue, and if you've been keeping up to date with them, you should be fine, but Windows users can consult this page to be sure.) By the way, updates are available to fix this shift for Palm and Windows Mobile PDAs.

Normally, Microsoft plugs security holes in its software on the second Tuesday of every month, also known as "Patch Tuesday." Microsoft moved to a regular patch cycle a few years ago to make it more predictable for companies who need to staff or schedule extra IT personnel to test and deploy the updates to what could be thousands of systems. The system administrators to whom that task falls typically dread the monthly chore and have a different name for it: "Black Tuesday."

It's been a while since Windows users have been given a pass on patches. By my count, the last time Microsoft skipped a cycle was back in September 2005.

[Security Fix]

Cuban gets stuck into YouTube, demands it squeals.

Thu, 08 Mar 2007 21:47:54 GMT

Cuban gets stuck into YouTube, demands it squeals.

'Talk, morons'

Attention-seeking tech billionaire Mark Cuban has set the legal dogs on YouTube, demanding it snitch on users who uploaded video which one of his investments owns the rights to.

[The Register - Music and Media]

No Microsoft Security Updates Coming Mext Week.

Thu, 08 Mar 2007 21:40:55 GMT

No Microsoft Security Updates Coming Mext Week. In one of only a handful of times since 2003, Microsoft won't have security patches available next week. [PC World: Latest Technology News]

The Fix is In: Massive Web Radio Fee Hike and the XM/Sirius Merger.

Thu, 08 Mar 2007 21:37:56 GMT

The Fix is In: Massive Web Radio Fee Hike and the XM/Sirius Merger. Greetings. While no conspiracy beyond "business as usual" is required to explain this confluence of events, it is fascinating to note the continuing collapse of true competition in the music and radio industries (as in the Internet ISP industry). [Lauren Weinstein's Blog]

WGA Reports Back To MS Even If You Choose Not To Install - Aviran's Place

Wed, 07 Mar 2007 17:06:01 GMT

Heise online reports on a very interesting action Microsoft is taking during the installation of WGA.

When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send your info and the fact that you choose not to install WGA back to their servers.

In addition to that it seems that the setup program send some information stored in your registry to http://genuine.microsoft.com/. While it does not specifically identify the user, it looks like it does send some identification of your computer and Windows version (see picture) to Microsoft servers.

Microsoft WGA Phones Home Even When Told No.

Wed, 07 Mar 2007 17:00:00 GMT

Microsoft WGA Phones Home Even When Told No. Aviran writes "When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send information stored in your registry and the fact that you choose not to install WGA back to Microsoft's servers." [Slashdot]

Stations agree on anti-payola settlement | Houston Chronicle

Wed, 07 Mar 2007 16:17:54 GMT

Radio listeners weary of hearing the same songs over and over may have something to cheer about: Broadcasters have tentatively agreed to anti-payola settlements that could shake up music playlists at some of the nation's largest radio chains.

Four major broadcast companies would pay the government $12.5 million and provide 8,400 half-hour segments of free airtime for independent record labels and local artists, The Associated Press has learned.

The agreement is aimed at curbing payola -- generally defined as radio stations accepting cash or other consideration from record companies in exchange for airplay. The practice has been around as long as the radio industry and was made illegal after scandals in the late 1950s.

Two Federal Communications Commission officials, who spoke on condition of anonymity because final language has not been approved by the full commission, said the monetary settlement is part of a consent decree between the FCC and Clear Channel Communications Inc., CBS Radio, Entercom Communications Corp. and Citadel Broadcasting Corp.

The settlement was reached at the same time as a separate deal designed to lead to more airtime for smaller record companies and their lesser-known artists as well as local musicians.

Major Broadcasters Hit With $12M Payola Fine.

Wed, 07 Mar 2007 16:15:47 GMT

Major Broadcasters Hit With $12M Payola Fine. Gr8Apes writes with a just-breaking AP story reporting that the FCC is wrapping up a settlement in which four major broadcast companies would pay the government $12.5 million and provide 8,400 half-hour segments of free airtime for independent record labels and local artists. The finish line is near after a 3-year investigation. An indie promoter is quoted: "It's absolutely the most historic agreement that the independent community has had with radio. Without a doubt, nothing else comes close." [Slashdot]

Wal-Mart fires technician who recorded phone calls

Wed, 07 Mar 2007 15:52:20 GMT

March 05, 2007 (Reuters) -- CHICAGO - Wal-Mart Stores Inc. said today it fired a systems technician for intercepting text messages of people who were not Wal-Mart employees and for recording telephone conversations with a New York Times reporter without authorization.

Wal-Mart, the world's largest retailer, said an internal investigation found the technician had monitored and recorded phone calls between Wal-Mart public relations employees and a New York Times Co. reporter between September and January.

The Bentonville, Ark.-based retailer also said the technician, who worked in its information systems division, intercepted and stored text messages that contained certain key words, including those sent by people in the Bentonville area who were not Wal-Mart employees.

Wal-Mart spokeswoman Mona Williams said on a call with reporters that the technician "did this on his own."

While interviews with the technician gave the retailer an idea as to why he recorded the calls, Williams said she could not disclose the reasons because the case has been turned over to federal investigators.

Spying at Wal*Mart: Human nature run amuck?

Wed, 07 Mar 2007 15:46:37 GMT

Spying at Wal*Mart: Human nature run amuck? Does the Wal-Mart eavesdropping debacle have the potential to be this year's HP scandal? A former IT security staffer for the retailer evaluates what might have happened. [Computerworld Privacy News]

Wal-Mart fires technician who recorded phone calls.

Tue, 06 Mar 2007 16:18:41 GMT

Wal-Mart fires technician who recorded phone calls. Wal-Mart Stores Inc. said it fired a systems technician for intercepting text messages of people who were not Wal-Mart employees and for recording telephone conversations with a New York Times reporter without authorization. [Computerworld Privacy News]

Tonight(Tuesday) on Nightline - The NSA at AT&T

Tue, 06 Mar 2007 15:55:07 GMT

Tonight(Tuesday) on Nightline is an episode on the NSA having a monitoring station in the AT&T wire room. They have the guy who originally broke the story being interviewed tonight.

Real Life "Candid Camera" in Advertising Billboards

Mon, 05 Mar 2007 21:00:18 GMT

No, no, no, the government isn't spying on us again this time around. Advertisers are actually putting hidden cameras in their billboards to see how customers react to their slogans, products, and pictures. It's all apart of a grocery store experiment/product that senses when people come to an item, and zooms into their faces to find how out what their expression is.

Wired: AP Tech - Diebold Weighs Strategy for Voting Unit

Mon, 05 Mar 2007 20:48:03 GMT

CLEVELAND (AP) -- Diebold Inc. saw great potential in the modernization of elections equipment. Now, analysts say, executives may be angling for ways to dump its e-voting subsidiary that's widely seen as tarnishing the company's reputation.

Though Diebold Election Systems - the company's smallest business segment - has shown growth and profit, it's faced persistent criticism over the reliability and security of its touch-screen voting machines. About 150,000 of its touch-screen or optical scan systems were used in 34 states in last November's election.

Diebold to Withdraw from E-Voting?

Mon, 05 Mar 2007 20:44:56 GMT

Diebold to Withdraw from E-Voting? ICA writes "It appears after years of criticism, Diebold may be ready to withdraw from electronic voting entirely. The company is concerned that this relatively small and marginally profitable unit is hurting the company's overall image." [Slashdot]

PC World - Microsoft OneCare Last in Antivirus Tests

Mon, 05 Mar 2007 02:27:26 GMT

Microsoft's Windows Live OneCare came in dead last out of a group of 17 antivirus programs tested against hundreds of thousands of worms, viruses, Trojan horses and other malware, an Austrian antivirus researcher reported Wednesday.

The AV Comparatives Web site, which is maintained by Andreas Cleminti from Innsbruck, Austria, posts quarterly results of tests that pit the top antivirus products against a dynamic list of nearly half a million individual pieces of malware.

Microsoft OneCare Last in Antivirus Tests.

Mon, 05 Mar 2007 02:23:42 GMT

Microsoft OneCare Last in Antivirus Tests. Juha-Matti Laurio writes "PC World has a story reporting that Microsoft's Windows Live OneCare came in dead last out of a group of 17 antivirus programs tested against hundreds of thousands of pieces of malware. The report of an Austrian antivirus researcher was released at the AV Comparatives Web site this week. Several free AV products were included in the test as well." --- While the top dog was able to find 99.5% of the malicious code, OneCare clocked in at 82.4%. Of course, there's no metric for the severity of the malware in the 17% gap. [Slashdot]

Techdirt: An Economic Explanation For Why DRM Cannot Open Up New Business Model Opportunities

Mon, 05 Mar 2007 02:11:01 GMT

Continuing my increasingly lengthy series of posts on the economics of non-scarce goods, I wanted to take a look at an issue that I mentioned in passing earlier this week concerning the ongoing insistence among the entertainment industry (and the DRM industry) that DRM somehow will open up new business models. I'd like to explain why, economically, that doesn't make sense.

First, to clarify, I should point out that, technically, I mean that it doesn't make sense that DRM could ever open up feasible or successful business models. Anyone can create a new unsuccessful business model. For example, I'm now selling $1 bills for $1,000. It's a new business model (well, perhaps not to the dot coms of the original dot com boom), but it's unlikely to be a successful one (if you disagree, and would like to pay me $1,000 for $1, please use the feedback form above to make arrangements). However, for a new business model to make sense, it needs to provide more value. Providing more value than people can get elsewhere is the reason why a business model succeeds. So, any new business model must be based on adding additional value.

Why DRM Cannot Open Up New Business Models.

Mon, 05 Mar 2007 02:08:11 GMT

Why DRM Cannot Open Up New Business Models. An anonymous reader writes "Techdirt has a cool post up that doesn't just explain why DRM is bad, but gives a really interesting economic explanation for why DRM cannot create successful new business models. Since the RIAA and MPAA keep insisting that DRM will create new business models, it's useful to see an argument for why that's basically impossible." As the article says, anyone can create a "new" business model. Creating a successful "new" business model is what is so elusive here. [Slashdot]

Concurring Opinions: The Rise of Customer Blacklists

Sun, 04 Mar 2007 03:55:39 GMT

Blacklists appear to be the rage these days. With the ease of storing and sharing personal information -- coupled with lax privacy law restrictions on such activities -- companies can increasingly create blacklists of bad customers. In this article from the Ottawa Citizen, hotels in Australia and Canada (and soon the United States) are signing up for a service that compiles a blacklist against "bad" hotel guests:

Telco customers at risk for online privacy breach.

Sun, 04 Mar 2007 03:51:07 GMT

Telco customers at risk for online privacy breach. A study released by the Customer Respect Group indicates that telecommunications companies are slipping when it comes to customer privacy, especially in comparison to retail and high-tech industries. A majority of companies surveyed were dound to ask for excessive, inappropriate personal data. [Computerworld Privacy News]