Paul Hardwick: Hmmm...

Hackers Promise Month of MySpace Bugs.

Sun, 18 Mar 2007 01:58:02 GMT

Hackers Promise Month of MySpace Bugs. They won't divulge their real names, they call their project a "whiny, attention-seeking ploy," and they appear to take their fashion cues from Beastie Boys music videos. [PC World: Latest Technology News]

Administrivia: Possible unscheduled upgrade of Privacy Digest

Sun, 18 Mar 2007 01:39:04 GMT

Administrivia: Possible unscheduled upgrade of Privacy Digest.

I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.

There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.

Please let me know what you think.

HP Case Wraps Up but Pretexting Problems Remains.

Sun, 18 Mar 2007 01:26:39 GMT

HP Case Wraps Up but Pretexting Problems Remains. Although a new federal law makes pretexting illegal, it will likely remain a problem for phone companies and other potential victims of the practice. [PC World: Latest Technology News]

U.S. Lawmakers Introduce New Spyware Bill.

Sun, 18 Mar 2007 01:21:55 GMT

U.S. Lawmakers Introduce New Spyware Bill. Two U.S. lawmakers reintroduce a bill that would impose penalties of up to five years of prison time and fines for spyware activities. [PC World: Latest Technology News]

CEBIT : IBM researchers take on video surveillance privacy.

Sun, 18 Mar 2007 01:17:36 GMT

CEBIT : IBM researchers take on video surveillance privacy. IBM researchers are looking to tackle one of the thornier problems with video surveillance systems: How do you secure the privacy of innocent bystanders? [Computerworld Data Mining News]

Your Clickstream Data: 40 cents; Losing Your Privacy: Priceless.

Sun, 18 Mar 2007 01:15:54 GMT

Your Clickstream Data: 40 cents; Losing Your Privacy: Priceless.

Adam Fields points to this disturbing revelation that ISPs are apparently selling their customer[base ']s clickstream data. The guilty ISPs apparently took the same [base "]anonymization[per thou] seminar as AOL, merely replacing user names with User 1, User 2, etc.

And what kind of price are they charging for such a violation of user[base ']s privacy? About 40 cents a month per user. Unbelievable.

[michaelzimmer.org]

FOIA Reforms Plow Forward in Congress.

Sun, 18 Mar 2007 00:58:34 GMT

FOIA Reforms Plow Forward in Congress.

The House of Representatives has passed a bill that will make much-needed updates to the Freedom of Information Act (FOIA), and strengthen the public's right to get records from the federal government. H.R. 1309, the Freedom of Information Act Amendments of 2007, was approved yesterday by a considerable 308-117 margin. But the White House lashed out against the legislation, calling FOIA improvements "premature and counterproductive" in light of an 2005 presidential order requiring agencies to streamline their FOIA processes.

Just this week the National Security Archive released a report showing how necessary FOIA improvements are. The non-profit research group found that most federal agencies have failed to improve online access to public information in spite of a decade-old FOIA change requiring that they do so.

In related news, a bipartisan bill similar to H.R. 1309 was introduced earlier this week in the Senate. Like the House bill, S. 849, the Openness Promotes Effectiveness in our National Government Act of 2007, will improve the public's right to access government information through the FOIA and penalize agencies that don't comply with the law.

Learn more about the FOIA and EFF's Flag Project here.

[EFF: Deep Links]

GoDaddy, Get a Backbone and Protect Your Users' Rights.

Sun, 18 Mar 2007 00:50:31 GMT

GoDaddy, Get a Backbone and Protect Your Users' Rights.

A few weeks back, we wrote about how domain name registrar GoDaddy took offline Seclists.org based merely on an informal request and without providing any meaningful notice to the site's operator. Unfortunately, this isn't the only instance in which GoDaddy has carelessly ignored its users' rights.

In February, EFF was contacted by an anonymous owner of a parody and criticism website forum that allegedly exposes the financial corruption and domestic scandal of a local politician in Birmingham, Alabama. As part of a civil case in family court, an attorney representing the politician's girlfriend issued a subpoena to GoDaddy seeking the identity of the website owner, who was not a party to the lawsuit.

With the website owner's right to anonymous speech on the line, what did GoDaddy do? It caved without any apparent hesitation, providing its customer with a mere three days to find a lawyer and decide whether to file a challenge. GoDaddy also refused to provide a copy of the subpoena, which included essential information to determine whether and how to respond.

GoDaddy promises in its privacy policy to turn over customers' information only if required by law, but its lawyers didn't give this subpoena even a shred of scrutiny. Had they done so, they could have seen it was clearly invalid -- GoDaddy is located in Arizona and Alabama state law doesn't permit a subpoena to be issued on someone out of state. That was the ultimate conclusion of the state judge who eventually quashed the subpoena, no thanks to GoDaddy.

Even putting aside this aspect of GoDaddy's casual disregard for its customer's interests, the company's behavior is shameful. The First Amendment limits the ability of litigants to pierce a speaker's anonymity, particularly when that person isn't even being sued. GoDaddy owes its customers meaningful notice, time, and information so that they can fight back and protect their rights.

With the help of lawyer Lewis Page, the anonymous website operator did manage to move to quash before it was too late. But GoDaddy's sloppy practices still put an unfair burden on this user and continue to threaten all of its customers' rights.

For what online service providers ought to do to protect their users, check out our best practice guide.

[EFF: Deep Links]

Governor Announces Florida First in Nation to Access National Crime Database.

Fri, 16 Mar 2007 19:50:03 GMT

Governor Announces Florida First in Nation to Access National Crime Database. "This powerful tool will help protect both the victims of child abuse and neglect and the public servants charged with protecting them." [GT: Security and Privacy]

Careful What You Search For..... LIVE WEBCAST

Fri, 16 Mar 2007 19:43:39 GMT

Careful What You Search For..... LIVE WEBCAST
(Source: Oracle) Security is the greatest single issue for IT groups today. IT must balance how to enable people to find the information they need to do their work, and at the same time protect the information they should not access. See how Oracle Secure Enterprise Search enables two organizations to deliver secure, low-cost, and easy-to-deploy search solutions that eliminate information overload, and are as easy to use as popular Internet search engines. [Computerworld Privacy News]

Visa Chief: Customer Data Theft Neither Random Nor Unavoidable - Software Technology News by InformationWeek

Fri, 16 Mar 2007 19:39:19 GMT

Although the use of the Internet to buy and sell online has introduced a slew of security concerns within the payment services industry, Visa USA president and CEO John Philip Coghlan insists that technology is the solution to combating fraud -- not the cause of it. Coghlan also pointed out during Visa's security summit in Washington, D.C., Thursday that data breaches are neither random nor inevitable if proper security measures are taken.

The TJX data breach "was a stark reminder to all of us that such events can have vast reach and consequences," Coghlan said. Such breaches create mistrust and can undermine efforts make to build a good brand image. But, he made clear, "the majority of compromises come from storage of prohibited data and using vulnerable systems to process data."

TJX, the parent company of retailers T.J. Maxx, Marshalls, HomeGoods, and others, made headlines in February when it revealed an attack on its systems had resulted in the theft of customer information. Just as the headlines were threatening to die down, TJX announced a few weeks later that intrusions into its system actually began as early as July 2005, rather than beginning in May 2006 as the company had originally reported.

While the exact nature of the TJX data breach has not yet been revealed, in general, financial information is stolen in a number of ways, including the physical theft of a wallet, checkbook, or credit card; theft of information from one's home from friends, relatives, or in-home employees; phishing messages that trick people into divulging information to fraudsters; hacks, viruses, and spyware on a PC or ATM machine; and a corrupt business employee with access to your records.

But data theft is not random. Instead, it's perpetrated against businesses with the weakest security and the most valuable information, Coughlin said Thursday, adding, "More than 80% of all dollars lost come from 20% of fraudulent transactions."

Security Watch - Visa - customer data theft neither random nor unavoidable

Fri, 16 Mar 2007 19:36:34 GMT

Very revealing speech last week by John Coughlan, Visa USA's CEO, who insists that the technology is available to prevent cardholder data falling into the wrong hands.

In a speech at Visa's security summit in Washington late last week, Coughlan said that cardholder data breaches are neither random nor inevitable if proper security measures are taken.

The TJX (TJ Maxx) data hack, he said, "was a stark reminder to all of us that such events can have vast reach and consequences."

According to Coughlan, such hacks can create mistrust and undermine efforts to build a positive brand image. But, he said, the majority of system compromises result from the storage of prohibited data and using vulnerable systems to process data.

More Than 100 Security Breaches Reported Under Law to Thwart ID Thieves.

Fri, 16 Mar 2007 19:31:47 GMT

More Than 100 Security Breaches Reported Under Law to Thwart ID Thieves. "Consumers who get notice can act fast to protect their good names." [GT: Security and Privacy]

FT.com - Web censorship spreading globally

Fri, 16 Mar 2007 19:14:16 GMT

Internet censorship is spreading rapidly, being practised by about two dozen countries and applied to a far wider range of online information and applications, according to research by a transatlantic group of academics.

The warning comes a week after a Turkish court ordered the blocking of YouTube to silence offensive comments about Mustafa Kemal Ataturk, the founder of modern Turkey, marking the most visible attack yet on a website that has been widely adopted around the world.

A recent six-month investigation into whether 40 countries use censorship shows the practice is spreading, with new countries learning from experienced practitioners such as China and benefiting from technological improvements.

OpenNet Initiative, a project by Harvard Law School and the universities of Toronto, Cambridge and Oxford, repeatedly tried to call up specific websites from 1,000 international news and other sites in the countries concerned, and a selection of local-language sites.

The research found a trend towards censorship or, as John Palfrey, executive director of Harvard Law School's Berkman Center for Internet and Society, said, "a big trend in the reverse direction", with many countries recently starting to adopt forms of online censorship.

Ronald Deibert, associate professor of political science at the University of Toronto, said 10 countries had become "pervasive blockers", regularly preventing their citizens seeing a range of online material. These included China, Iran, Saudi Arabia, Tunisia, Burma and Uzbekistan.

New censorship techniques include the periodic barring of complete applications, such as China's block on Wikipedia or Pakistan's ban on Google's blogging service, and the use of more advanced technologies such as "keyword filtering", which is used to track down material by identifying sensitive words.

Methods such as these are being copied as countries new to censorship learn from those with more experience. "There's a growing awareness of best practice - or rather, worst practice," Mr Deibert said.

Web Censorship on the Increase.

Fri, 16 Mar 2007 19:10:15 GMT

Web Censorship on the Increase. mid-devonian writes "Close on the heels of the temporary blocking of YouTube by a Turkish judge, a group of academics has published research showing that Web censorship is on the increase worldwide. As many as two dozen countries are blocking content using a variety of techniques. Distressingly, the most censor-heavy countries (which includes China, Iran, Saudi Arabia, Tunisia, Burma and Uzbekistan) seem to be passing on their technologically sophisticated techniques to other areas of the world. 'New censorship techniques include the periodic barring of complete applications, such as China's block on Wikipedia or Pakistan's ban on Google's blogging service, and the use of more advanced technologies such as 'keyword filtering', which is used to track down material by identifying sensitive words.'" [Slashdot: Your Rights Online]

RIAA Has to Disclose Attorneys Fees In Foster Case.

Fri, 16 Mar 2007 19:02:44 GMT

RIAA Has to Disclose Attorneys Fees In Foster Case. NewYorkCountryLawyer writes "The RIAA has been ordered to turn over its attorneys' billing records by March 26, 2007, in Capitol v. Foster in Oklahoma. The 4- page decision and order, issued in connection with the determination of the reasonableness of Ms. Foster's attorneys fees, requires the RIAA to produce the attorneys' time sheets, billing statements, billing records, and costs and expense records. The Court reviewed authorities holding that an opponent's attorneys fees are a relevant factor in determining the reasonableness of attorneys fees, quoting a United States Supreme Court case which held that 'a party cannot litigate tenaciously and then be heard to complain about the time necessarily spent by his opponent in response' (footnote 11 to City of Riverside v. Rivera)." [Slashdot: Your Rights Online]

NPR Takes First Step To Fight Internet Royalties.

Fri, 16 Mar 2007 18:57:50 GMT

NPR Takes First Step To Fight Internet Royalties. jmcharry sent in an article that opens, "After the Copyright Royalty Board (CRB) decided to drastically increase the royalties paid to musicians and record labels for streaming songs online, National Public Radio (NPR) will begin fighting the decision on Friday, March 16 by filing a petition for reconsideration with the CRB panel." [Slashdot: Your Rights Online]

Groklaw - Transcript of the March 7 Hearing in SCO v IBM

Fri, 16 Mar 2007 18:55:03 GMT

Here is the transcript of the March 7th hearing in SCO v IBM, the last of the summary judgment hearings transcripts. Thanks yet again to Chris Brown for arranging to obtain the transcripts.

On this day, Kimball was quite busy. He heard several motions, all the ones left over from the first two hearings on March 1 and March 5:

IBM's Motion for Summary Judgment on its Claim for Declaratory Judgment of Non-Infringement (Tenth Counterclaim) (PDF) -- asking for a judgment that the Linux kernel does not infringe copyrights owned by SCO
IBM's Motion for Summary Judgment on its Claim of Copyright Infringment (Eighth Counterclaim) -- IBM's counterclaim regarding SCO's violation of the GPL and consequent copyright infringment -- (PDF)
SCO's cross motion in which it tries to say it never violated the GPL (if you spin the wording their way) (PDF) and
SCO's motion for Summary Judgment on IBM's Second, Third, Fourth, and Fifth Counterclaims (PDF) -- SCO's motion trying to get SCO off the hook for all the trash talk in the media.

On this day, we learn from IBM's attorney, David Marriott that the "mountain of code" SCO's CEO Darl McBride told the world about from 2003 onward ends up being a measly 326 lines of noncopyrightable code that IBM didn't put in Linux anyway.

On the other hand, SCO has infringed all 700,000 lines of IBM's GPL'd code in the Linux kernel.

SCO's GPL defense is of the lip-curling variety and quite funny. And it's also quite amusing to watch SCO try to wriggle out of responsibility for all the trash talk its executives treated us to in its PR campaign.

The Score is IBM - 700,000 / SCO - 326.

Fri, 16 Mar 2007 18:52:31 GMT

The Score is IBM - 700,000 / SCO - 326. The Peanut Gallery writes "After years of litigation to discover what, exactly, SCO was suing about, IBM has finally discovered that SCO's 'mountain of code' is only 326 scattered lines. Worse, most of what is allegedly infringing are comments and simple header files (like errno.h). These probably aren't copyrightable for being unoriginal and dictated by externalities and aren't owned by SCO in any event. Above and beyond that, IBM has at least five separate licenses for these elements, including the GPL, even if SCO actually owned those lines of code. In contrast IBM is able to point out 700,000 lines of code, which they have properly registered copyrights for, which SCO is infringing upon if the Court rules that it repudiated the GPL." [Slashdot: Your Rights Online]

PATRIOT Act Apologist Site Didn't Get the Memo.

Fri, 16 Mar 2007 18:45:28 GMT

PATRIOT Act Apologist Site Didn't Get the Memo.

Last week, the Department of Justice Inspector General's office released a damning report documenting the FBI abusing its powers under the PATRIOT Act and violating the law to collect Americans' telephone, Internet, financial, credit, and other personal records about Americans without judicial approval.

It appears that not everyone at the DOJ got the memo. The DOJ's Life and Liberty website, a site dedicated to defending the honor of the PATRIOT Act during the re-authorization process last spring, still reads as if nothing has changed. Particularly in the light of the newly revealed truth, many of the quotes now seem (at best) naive.

Under the headline of "Examining the Facts", the DOJ asserts that PATRIOT has "four-year track record with no verified civil liberties abuses." The site quotes an op-ed by former House Judiciary Committee Chairman James Sensenbrenner:

Zero. That's the number of substantiated USA PATRIOT Act civil liberties violations. Extensive congressional oversight found no violations. Six reports by the Justice Department's independent Inspector General, who is required to solicit and investigate any allegations of abuse, found no violations.

Wow, that sure sounds good. Unfortunately, the new report reveals that is is simply not true: the inspector general identifies dozens of instances in which extra-judicial demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations.

In the Archive section, the site includes quotes from an op-ed by Senator Pat Roberts responding to critics like ourselves:

I regret to say it, but the rhetoric of those opposed to permanently authorizing the act has no substance and borders on paranoia. Opponents have criticized the act for years but can cite only hypothetical abuses. Facts are stubborn things. The actual record is quite clear - there have been no substantiated allegations of abuse of Patriot Act authorities, period.

Critics could only point to hypothetical abuses because the fox was guarding the hen house. Senator Roberts also opined that:

Through aggressive congressional oversight, we know the FBI uses Patriot Act authorities within the law.

It's now clearer than ever that the oversight was not aggressive enough, with the report documenting that the FBI decieved Congress about its use of the letters. The report is likely only the tip of the iceberg. Immediate and thorough oversight hearings are necessary to uncover the truth and hold the Administration accountable.

Tell Congress to defend your privacy now.

[EFF: Deep Links]

RIAA to Universities: Help Us Threaten Your Students.

Fri, 16 Mar 2007 18:43:13 GMT

RIAA to Universities: Help Us Threaten Your Students.

Not content with wasting universities' resources via their usual tactics--i.e., flooding them with machine-generated complaints about file sharing--the major record labels are now demanding that universities help them shake down students.

The RIAA has asked universities and colleges to forward "pre-lawsuit" letters to alleged filesharers that promise a "discounted" settlement price if the student agrees to pay up immediately. Forwarding the letters saves the RIAA the trouble and expense of filing a lawsuit to obtain students' contact information--a savings that may be redirected to more lawsuits.

To add insult to injury, the letters advise students to contact the RIAA if they have any questions. It's safe to say that the RIAA is unlikely to give students the full picture. For example, will the RIAA tell students that parents are generally not liable for infringements committed by their kids, or that the record labels sometimes sue the wrong people? Probably not.

We think students should seek out less biased sources of information--and their institutions should assist in that process. Toward that end, we've put together a short FAQ to help students learn more about their options; we hope colleges and universities that forward the RIAA's threat letter will take the additional step of directing students to this FAQ as well as other neutral information sources.

Of course, the RIAA should not be putting universities in this perverse position in the first place. If you'd like to help academic institutions get back to their real mission--educating students, not helping to threaten them--Take action now to help stop the lawsuit campaign.

[EFF: Deep Links]

Beeb shuts down Jam education website.

Fri, 16 Mar 2007 18:40:35 GMT

Beeb shuts down Jam education website.

Internet no place for free stuff, says EC

The BBC has suspended its free online education website after complaints from commercial providers.

[The Register - Music and Media]

Remote Exploit Discovered for OpenBSD.

Thu, 15 Mar 2007 19:39:14 GMT

Remote Exploit Discovered for OpenBSD. An anonymous reader writes "OpenBSD is known for its security policies, and for its boast of "only one remote exploit in over 10 years". Well, make that two, because Core Security has found a remotely exploitable buffer overflow in the OpenBSD kernel. Upgrade your firewalls as soon as possible." [Slashdot]

Newsroom | AssignmentZero

Thu, 15 Mar 2007 19:36:39 GMT

Welcome. We're covering a story: How the Web makes it possible for the crowd to be the source of good ideas. But instead of one journalist reporting, we've created a site where many people can work on the story, with editors as guides. You are now in the Newsroom, where you can find an overview and learn what others are doing. The Assignment Desk is where you can see what we're covering in detail, and get an assignment. The Exchange is a place to offer new ideas. Check the day's developments with The Scoop. Ready? Join up.

Wired News: Citizen Journalism Wants You!

Thu, 15 Mar 2007 19:35:07 GMT

Welcome to Assignment Zero. It's pro-am journalism in the open style made possible by the web. This is a collaboration among NewAssignment.Net, Wired and those who choose to participate.

I hope you will. Because we're trying to figure something out here. Can large groups of widely scattered people, working together voluntarily on the net, report on something happening in their world right now, and by dividing the work wisely tell the story more completely, while hitting high standards in truth, accuracy and free expression?

If they can, this would matter.

It's called Assignment Zero because we needed to jump start our site somehow, and this project with Wired turned out to be it. We're trying to create a pro-am, open-platform reporting tool that we can improve and modify later, for use in bigger, more sprawling and difficult stories down the road. Maybe about the environment. Or the schools. Or -- who knows? -- the war.

Assignment Zero Tests Pro-Am Journalism

Thu, 15 Mar 2007 19:32:28 GMT

Assignment Zero Tests Pro-Am Journalism Jay Rosen writes "Assignment Zero is a pro-am, open-platform reporting project. The investigation: crowd sourcing and peer production are a social trend growing well beyond tech. Why is this happening? Partners: NewAssignment.Net and Wired.com, with Newsvine. From the Wired essay: 'We're trying to figure something out here. Can large groups of widely scattered people, working together voluntarily on the net, report on something happening in their world right now, and by dividing the work wisely tell the story more completely, while hitting high standards in truth, accuracy and free expression?' Wired.com: 'We want out readers and our sources to be one and the same. We think it will make for better journalism.'" [Slashdot]

Democrats grill FCC about neutrality, surveillance, more.

Thu, 15 Mar 2007 19:24:37 GMT

Democrats grill FCC about neutrality, surveillance, more. Surveying the FCC's accomplishments in the three years since commissioners were last been required to make an account before a House oversight committee, some representatives question whether recent Republican supervision on such issues as emegency preparedness, NSA surveillance and Net neutrality wasn't somewhat lax [Computerworld Privacy News]

AP Wire | 03/15/2007 | Senate votes against ad inserts in vehicle registration renewal notices

Thu, 15 Mar 2007 19:22:18 GMT

JEFFERSON CITY, Mo. - Residents tired of getting junk ads in the mail could get a slight reprieve after action by the Senate on Wednesday night.

The Department of Revenue last year began sending out advertisements along with license plate renewal notices. The state contracted with a company to handle the printing of vehicle registration notices in exchange for the right to sell and insert commercial ads in the packets. Senate Transportation Committee chairman Bill Stouffer, R-Napton, said the decision saves the state about $750,000.

Missouri signed up partly because of the savings and partly in response to privacy concerns after it began mailing renewal notices on postcards in another budget-cutting move, the Revenue Department said at the time.

The Senate was debating a wide-ranging bill to change motor vehicle laws, and Sen. Tim Green, D-St. Louis, offered an amendment preventing the state from including ads in the vehicle renewal notices.

"The state has become a marketing agent," Green said. "It's just not the right of the state to use a requirement you have to fulfill to sell a product."

Chertoff: Security and privacy not at odds.

Thu, 15 Mar 2007 19:12:44 GMT

Chertoff: Security and privacy not at odds. Calling privacy groups "Luddites," DHS head Michael Chertoff defends the Real I.D. Act. He claims that the data-chipped drivers licenses, which will be linked to a numbers of databases around the country, will actually protect privacy Editor:And down is up, black is white, and I have a bridge I'd like to sell you.

[...]

The head of the Department of Homeland Security on Thursday downplayed privacy concerns raised by the government's efforts to create standardized, data-chipped drivers licenses across the country.

The same technology that makes information on identification cards more reliable can also protect privacy, DHS Secretary Michael Chertoff said during a speech to the Northern Virginia Technology Council. "It's my contention that properly used technology ... actually protects privacy," he said. "We should not allow folks to be captivated by the argument that every time we do something with a computer, it invades privacy."

Chertoff was referring to privacy concerns surrounding the Real ID Act, a law passed by Congress in 2005 that would require states to create machine-readable ID cards containing the name of the holder, the data of birth, a digital photograph and other information.

Privacy groups, including the Electronic Privacy Information Center (EPIC), have said that the DHS hasn't come up with rules on how the information on the cards should be protected. DHS has made only "vague" plans for card security and for restricting which state motor vehicle agency employees would have access to the information, EPIC says.

"On security and privacy standards for the card, state motor vehicle facilities, and the personal data and documents collected in state motor vehicle databases, DHS shows little interest," EPIC says on its Web site.

But Chertoff said those raising privacy concerns about the use of IT in the U.S. government's domestic security efforts create a false tension between security and privacy. "This kind of Luddite attitude ... is exactly wrong," he said. "Security and privacy are very much the same type of value. I don't think they're mutually exclusive, they're mutually reinforced."

Chertoff also talked about how DHS is using IT. Technology plays a part in nearly all the agency's efforts, including machines that read fingerprints at border crossings, databases that link law enforcement investigations and scanning technologies for containers coming into the U.S.

[Computerworld Privacy News]

Google's New Plan to "Anonymize" Search Logs: A Good First Step, But More Is Needed.

Thu, 15 Mar 2007 19:05:57 GMT

Google's New Plan to "Anonymize" Search Logs: A Good First Step, But More Is Needed.

After years of criticism from EFF and other privacy advocates, Google announced yesterday a new policy on how it handles logs of its users' searches: after 18-24 months, it will delete key information in its server logs that could be used to link particular users to records of their search queries.

This is a big change from Google's previous policy, which was essentially to keep all of those logs forever in identifiable form, and we're certainly glad to see that Google is starting to limit its retention of such sensitive data. Your Google search history can paint an intimate portrait of your most private interests and concerns. Particularly in light of the disastrous AOL search terms disclosure, recent scandals involving government surveillance, and Google's own recent court fight with the government over a subpoena for search records, it seems that Google has finally realized that limiting the retention of such records is essential to protecting your privacy.

Hopefully, Google's change in policy will spur other online service providers to consider how they can minimize the amount of personal data that they store, and perhaps even prompt competition between service providers to offer the most privacy-protective services. However, we hope that this new announcement is only Google's first step in changing its privacy practices, because additional changes would better protect user privacy and set an even better example for the industry:

Google should shorten the retention period for identifiable logs to six months at the outside, and ideally to only thirty days (which is AOL's retention limit for similar logs). Barring this, it should at least justify why it needs such records for up to two years, beyond offering one-sentence platitudes about how such records are used to improve Google's service.
Google should also shorten the retention of the "anonymized" logs, which Google apparently still intends to keep forever. As Google itself admits, the new policy changes still don't guarantee users' anonymity, and holding onto those records indefinitely still poses a serious private threat.
Therefore, Google should consider more robust anonymization techniques, up to and including scrubbing entire IP addresses rather than just the last quarter or "octet" of such addresses.
Finally, Google should expand its new anonymization policy to include the search records of users with Google Account log-ins, and to records generated by their myriad other services, rather than limiting the policy change to regular search logs.

Beyond making these additional policy changes, there's one more thing that Google should be doing[~]something we think it actually has a duty to do as a good corporate citizen and as a preeminent Internet powerhouse[~]and that is using its considerable political clout to fight for better Internet privacy laws on Capitol Hill. Right now, there are significant questions as to whether or how Internet search logs are protected by existing federal privacy laws, and Google owes it to its customers to publicly advocate for updating those privacy laws for the 21st century.

[EFF: Deep Links]

Google To "Anonymize" Personal Data after 18-24 Months.

Thu, 15 Mar 2007 18:12:41 GMT

Google To "Anonymize" Personal Data after 18-24 Months.

Google made a major announcement today that by the end of the year will begin removing identifying data from its search logs after 18 -24 months:

When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details. Previously, we kept this data for as long as it was useful. Today we're pleased to report a change in our privacy policy: Unless we're legally required to retain log data for longer, we will anonymize our server logs after a limited period of time. When we implement this policy change in the coming months, we will continue to keep server log data (so that we can improve Google's services and protect them from security and other abuses)--but will make this data much more anonymous, so that it can no longer be identified with individual users, after 18-24 months.

They've released a log retention FAQ (PDF) with more details, including how they will "anonymize" the log data:

What does it mean to anonymize the logs?
We will change some of the bits in the IP address in the logs as well as change the cookie information. We're still developing the precise technical methods and approach to this, but we believe these changes will be a significant addition to protecting user privacy.

How do these anonymizing measures protect user privacy?
Changing the bits of an IP address makes it less likely that the IP address can be associated with a specific computer or user. Cookie anonymization makes it less likely that a cookie can be used to identify a user.

Do these changes guarantee anonymization?
It is difficult to guarantee complete anonymization, but we believe these changes will make it very unlikely users could be identified.

This is an important and promising step towards greater privacy and protection of personal search history records. But remember, AOL thought they had released anonymized data as well. Just because and IP and cookie has been modified doesn't mean that user privacy is ensured. The preferred solution would be for Google to purge the data altogether after, or just don't collect it in the first place.

Unfortunately I don't have much time for further analysis (baby, dissertation, oh my!), but 27B Stroke 6 is on top of it, and CNet has reaction from CDT, EFF, and others.

michaelzimmer.org]

Google to Make Search Logs Anonymous.

Thu, 15 Mar 2007 18:01:09 GMT

Google to Make Search Logs Anonymous. Google announced today that it will start making its records about users' searches anonymous after 18 to 24 months. [PC World: Latest Technology News]

Honoring Sunshine Week. The Total Information Awareness project FOIA saga.

Wed, 14 Mar 2007 20:29:39 GMT

Honoring Sunshine Week. 27B tells the sad tale of requesting open records on the government's Total Information Awareness project. 44 months later, still no word. In 27B Stroke 6. [Wired News: Top Stories]

FBI Slips Demand Patriot Act Cuts.

Wed, 14 Mar 2007 20:25:02 GMT

FBI Slips Demand Patriot Act Cuts. A probe finds the bureau abused its expanded powers to obtain Americans' private records. Time to put the G-men on a shorter leash. Commentary by Jennifer Granick. [Wired News: Top Stories]

Swap your stuff using the latest peer-to-peer network

Wed, 14 Mar 2007 20:22:33 GMT

Downloading by Mail. Swap your stuff using the latest peer-to-peer network -- the U.S. Postal Service. By Jeff Howe from Wired magazine. [Wired News: Top Stories]

Citizen Journalism Wants You!

Wed, 14 Mar 2007 20:19:01 GMT

Citizen Journalism Wants You! Wired News, Wired magazine and NewAssignment.Net invite you to join an open-ended experiment in distributed journalism. Project leader Jay Rosen explains all.Plus: Wired Meets Assignment Zero. [Wired News: Top Stories]

Sun CSO: Endless Internet Growth Keeps Security on Back Burner.

Wed, 14 Mar 2007 20:07:25 GMT

Sun CSO: Endless Internet Growth Keeps Security on Back Burner. Q&A: Whitfield Diffie, chief security officer at Sun and co-inventor of public-key cryptography, talks about the state of computer security and Microsoft[base ']s role in it. [Computerworld Privacy News]

Four Colorado Counties Placed on Election Watch List.

Wed, 14 Mar 2007 20:04:05 GMT

Four Colorado Counties Placed on Election Watch List. Errors with voting machines, delays in voting, inadequate security cited. [GT: Security and Privacy]

ID Fraud Manufacturing Ring Uncovered in Arizona.

Wed, 14 Mar 2007 20:00:48 GMT

ID Fraud Manufacturing Ring Uncovered in Arizona. Three month investigation of Arizona Homeland Security Fraudulent Identification Task Force (AFIT) uncovers one of the largest manufacturers of fraudulent identification in Southern Arizona. [GT: Security and Privacy]

Latest ID-Theft Worry? Copiers.

Wed, 14 Mar 2007 19:55:53 GMT

Latest ID-Theft Worry? Copiers. Digital photocopiers use hard drives to store data. If not properly secured, they can be vulnerable to data thieves. By the Associated Press. [Wired News: Security Blanket]

FCW.com News - Bill would protect information about students from recruiters

Wed, 14 Mar 2007 19:54:06 GMT

An amendment to the No Child Left Behind (NCLB) Act seeks to keep military recruiters from accessing secondary students' personal data by requiring parents to choose to share that information rather than having to opt out of sharing it.

Rep. Mike Honda (D-Calif.) introduced the legislation March 6. The Student Privacy Protection Act would require local school systems to obtain written consent before releasing information on secondary school students to military recruiters or their agents.

The measure will next be referred to the House Education and Labor Committee sometime during this session, said a spokesperson for Honda. That committee's chairman, Rep. George Miller (D-Calif.), is a co-sponsor of the bill.

Because of a provision in the NCLB, school districts are directed to give information about students to military recruiters unless parents explicitly request that their children's data remains private. Since the enacting of NCLB, secondary schools have been supplying the names, addresses and telephone numbers of students to recruiters sponsored by the military services.

However, schools often failed to make parents aware of the option to keep that information private, Honda said.

SignOnSanDiego.com > Technology -- Official: Yahoo didn't violate laws in case of jailed journalist

Wed, 14 Mar 2007 19:43:01 GMT

HONG KONG - Investigators said Wednesday there was not enough evidence to show that Yahoo Inc.'s Hong Kong branch provided private information that helped convict a Chinese reporter accused of leaking state secrets.

The case raised questions about whether Internet companies should cooperate with governments that deny freedom of speech and frequently crack down on journalists.

Yahoo! Hong Kong Limited was accused of helping Chinese authorities by Hong Kong lawmaker Albert Ho, who filed a complaint last year with the city's privacy commissioner. Ho alleged the Internet company provided information that helped convict journalist Shi Tao, sentenced to 10 years in jail in 2005 on mainland China.

DMCA Abuser Apologizes for Takedown Campaign.

Wed, 14 Mar 2007 19:33:48 GMT

DMCA Abuser Apologizes for Takedown Campaign.

Michael Crook Agrees to Stop Attacks on Free Speech

San Francisco - Michael Crook, the man behind a string of meritless online copyright complaints, has agreed to withdraw those complaints, take a copyright law course, and apologize for interfering with the free speech rights of his targets.

The agreement settles a lawsuit against Crook filed by the Electronic Frontier Foundation (EFF) on behalf of Jeff Diehl, the editor of the Internet magazine 10 Zen Monkeys. Diehl was forced to modify an article posted about Crook's behavior in a fake sex-ad scheme after Crook sent baseless Digital Millennium Copyright Act (DMCA) takedown notices, claiming to be the copyright holder of an image used in the story. In fact, the image was from a Fox News program and legally used as part of commentary on Crook. But Crook repeated his claims and then attempted to use the same process to get the image removed from other websites reporting on his takedown campaign.

"Crook's legal threats interfered with legitimate debate about his controversial online behavior," said EFF Staff Attorney Jason Schultz. "Public figures must not be allowed to use bogus copyright claims to squelch speech."

In addition to withdrawing current complaints against Diehl and every other target of his takedown campaign and taking a copyright law course, Crook has also agreed to limit any future DMCA notices to works authored or photographed by himself or his wife, or where the copyright was specifically assigned to him. All future notices must also include a link to EFF information on his case, as well as the settlement agreement. Crook has also recorded a video statement to apologize and publicize the dangers of abusing copyright law.

"We're pleased that Crook has taken responsibility for his egregious behavior," said EFF Staff Attorney Corynne McSherry. "Hopefully, this will set a precedent to prevent future abuse of the law by those who dislike online news-reporting and criticism."

The settlement with Michael Crook is part of EFF's ongoing campaign to protect online free speech from the chilling effects of bogus intellectual property claims. EFF recently filed suit against the man who claims to have created the popular line dance "The Electric Slide" for misusing copyright law to remove an online documentary video that included footage of people trying to do the dance.

For the video statement from Michael Crook:
http://blip.tv/file/169553

For more on Diehl v. Crook:
http://www.eff.org/legal/cases/diehl_v_crook/

Contacts:

Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org

Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org

[EFF: Breaking News]

OpenCongress

Wed, 14 Mar 2007 19:30:38 GMT

OpenCongress brings together official government data with news and blog coverage to give you the real story behind each bill.

Tracking the Password Thieves.

Wed, 14 Mar 2007 15:30:56 GMT

Tracking the Password Thieves.

The Washington Post today ran a story I wrote about an epidemic of data theft being fueled by password-stealing viruses and phishing attacks. In some ways, the story behind the reporting that went into the piece is just as interesting, so I'd like to share a few of those details.

I based the story in part on a cache of stolen data I found online (more on how I obtained it in a bit). The data was being compiled by a password-stealing virus that had infected many thousands of computers worldwide; the particular text file that I found included personal information on 3,221 victims scattered across all 50 U.S. states.

Using a custom-built application that makes use of the Google Maps API, I was able to chart the approximate locations of the victims. This was possible because at the beginning of each record was the virus's best guess of the longitude and latitude of the infected computer's Internet address. This so-called "geo-IP" process is far from perfect: Sometimes these automated guesses are disturbingly accurate, and other times they are miles wide or completely wrong.

The approximate location of the 3,221 U.S. residents victimized by this virus (Data gathered by washingtonpost.com; image courtesy Secure Science Corp. and Google).

Scammers collect information about the location of their victims because it becomes useful when they want to conduct fraud with a hijacked credit or debit card account. The idea here is to evade a key component of fraud detection in the financial industry -- transaction location tracking. If Joe in Georgia starts suddenly withdrawing money or making purchases in Nigeria or Europe when his last transaction was an hour earlier in Atlanta, Joe's bank is going to flag the transactions as fraudulent and in all likelihood cancel the card.

[Security Fix]

Carriers mum on DoJ report that FBI abused powers - Network World

Tue, 13 Mar 2007 20:57:01 GMT

Three carriers would not discuss the U.S. Department of Justice findings that the FBI overstepped its authority in accessing private phone records in investigations of terrorism or espionage suspects under the Patriot Act.

Neither AT&T, Verizon nor Qwest would comment on the matter in which a Justice Department audit released Friday determined the FBI, without a court order, improperly exercised Patriot Act powers to obtain phone, credit and Internet records of suspected terrorists and spies.

How to surf anonymously without a trace - ComputerWorld

Tue, 13 Mar 2007 20:51:27 GMT

The punchline to an old cartoon is "On the Internet, nobody knows you're a dog," but these days, that's no longer true.

It's easier than ever for the government, Web sites and private businesses to track exactly what you do online, know where you've visited, and build up comprehensive profiles about your likes, dislikes and private habits.

And with the federal government increasingly demanding online records from sites such as Google and others, your online privacy is even more endangered.

But you don't need to be a victim. There are things you can do to keep your surfing habits anonymous and protect your online privacy. So read on to find out how to keep your privacy to yourself when you use the Internet, without spending a penny.

Do You Need to Surf Anonymously?

Tue, 13 Mar 2007 20:48:57 GMT

Do You Need to Surf Anonymously? An anonymous reader writes "Computerworld has up an article entitled 'How to Surf Anonymously without a Trace'. It purports to offer tips on how to avoid detection by anyone attempting to monitor your internet access. 'If you don't like the limitations imposed on you by [proxy] sites like the Cloak or would simply prefer to configure anonymous surfing yourself, you can easily set up your browser to use an anonymous proxy server to sit between you and the sites you visit. To use an anonymous proxy server with your browser, first find an anonymous proxy server. Hundreds of free, public proxy servers are available, but many frequently go offline or are very slow. Many sites compile lists of these proxy servers, including Public Proxy Servers and the Atom InterSoft proxy server list.'"

[Slashdot: Your Rights Online]

EFF: Paper: Who Controls Your Television?

Tue, 13 Mar 2007 20:46:30 GMT

Today, consumers can digitally record their favorite television shows, move recordings to portable video players, excerpt a small clip to include in a home video, and much more. The digital television transition promises innovation and competition in even more great gadgets that will give consumers unparalleled control over their media.

But an inter-industry organization that creates television and video specifications used in Europe, Australia, and much of Africa and Asia is laying the foundation for a far different future -- one in which major content providers get a veto over innovation and consumers face draconian digital rights management (DRM) restrictions on the use of TV content. At the behest of American movie and television studios, the Digital Video Broadcasting Project (DVB) is devising standards to ensure that digital television devices obey content providers' commands rather than consumers' desires. These restrictions will take away consumers' rights and abilities to use lawfully-acquired content so that each use can be sold back to them piecemeal.

Consumers would never choose this future, so Hollywood will try to force it on them by regulatory fiat. DVB's imprimatur may put restrictive standards on the fast-track to becoming legally-enforced mandates, and existing laws already limit evasion of DRM even for lawful purposes. In effect, private DRM standards will trump national laws that have traditionally protected the public's interests and carefully circumscribed copyright holders' rights.

Hollywood has long pursued this goal in the U.S., but its schemes in DVB have taken place behind the public's back and outside of scrutiny by elected officials. In this paper, we will summarize and expose Hollywood's plan.

The Electronic Frontier Foundation (EFF) is the only public interest group to have attended DVB's closed technical meetings. As a condition of participation, DVB imposed restrictions on our ability to report on these meetings. Now, after key parts of DVB's new DRM specification have been sent to the European standards body and may soon be provided to other EU regulators, we are releasing this paper to help consumer organizations and EU regulators understand the significant public policy implications of various DVB work items.

CPCM: A System to Control Innovation, Competition, and Television Viewers

Despite record profits in recent years, American movie and television studios have not relented in their cries that new technologies are a mortal threat to their industry. They sued to block the VCR and the first mass-market Digital Video Recorder (DVR) in the U.S., and, having failed to stamp out recording in those efforts, they have increasingly turned to creating restrictive technical standards backed by law.

Who Controls Your Television?

Tue, 13 Mar 2007 20:37:40 GMT

Who Controls Your Television? Nurgled writes "The EFF, reportedly the only consumer rights organization to be granted membership of the Digital Video Broadcasting consortium, reports that TV and movie industry representatives have been pushing for DRM in the DVB technologies. This in itself is not entirely unexpected, but these talks have been going on in closed meetings. The EFF itself has been blocked from reporting on this until now as a condition of being allowed to attend. The proposed technologies allow rights-holders and broadcasters to severely hamper your ability to make use of broadcast television content, including the ability to retroactively blacklist any devices that consumers may already own that act in ways undesirable to the rights-holder or broadcaster. The EFF concludes that public interest and consumer rights advocates must fight back." [Slashdot: Your Rights Online]

New US Computer Forensic Institute.

Tue, 13 Mar 2007 20:33:22 GMT

New US Computer Forensic Institute. Quincy writes "The DHS and Secret Service are setting up a new computer forensic institute in Alabama. Set to open in mid-2008, the new National Computer Forensic Institute will be able to train over 900 law enforcement officers per year. 'It will initially be staffed by 18 Secret Service agents and will feature classrooms, a forensic laboratory, an evidence vault, and server rooms. Courses will be offered in the investigation of electronic crimes, network intrusion investigation, and computer forensics... [T]he Secret Service says that it will help to bring judges and prosecutors up to speed as well.'" Maybe over time we'll see fewer botches of justice like those in the news recently [Slashdot: Your Rights Online]

Action Alert: Reform the PATRIOT Act and Stop the Abuse of Surveillance Powers!

Tue, 13 Mar 2007 20:28:38 GMT

Action Alert: Reform the PATRIOT Act and Stop the Abuse of Surveillance Powers!

The FBI has blatantly abused a key PATRIOT Act provision and knowingly violated the law to spy on Americans' telephone, Internet, and other personal records, as documented in a report recently released by the Justice Department. Congress must rein in this egregious behavior, but it can't stop there -- the Bush Administration's unprecedented pattern of disregarding the law stretches far beyond the examples in this report. Tell Congress to defend your privacy now.

Before PATRIOT, the FBI could use so-called National Security Letters only for securing the records of suspected terrorists or spies. But under PATRIOT the FBI can use them to get private records about anybody without any court approval as long as it believes the information could be relevant to an authorized terrorism or espionage investigation.

According to the Justice Department's Inspector General, the FBI's misuse of its authority included issuing NSLs to spy on people who weren't the subject of any existing investigation whatsoever. The FBI also lied to Congress and underreported its use of NSLs by many thousands. Worse still, the FBI has ignored its own lawyers' advice and intentionally evaded PATRIOT's thin bounds, improperly requesting and obtaining personal records through so-called "exigent letters" that Congress never authorized.

That's only a sampling of the horror story painted by the report, and, had Congress not ordered the Inspector General to review the FBI's activities last year, these abuses might have never been revealed. From the moment PATRIOT was passed, we said the NSL power was ripe for abuse and unconstitutional, and it's clearer than ever that Congress should repeal PATRIOT's expansion of NSL powers and reform the PATRIOT Act as a whole.

Moreover, Congress must broadly investigate the Administration's use of surveillance powers, including the NSA's massive and illegal domestic spying program. Congress and the American public have been kept in the dark about such clear violations of the law and Americans' privacy for far too long. Immediate and thorough oversight hearings are necessary to uncover the truth and hold the Administration accountable.

Take action now.

[EFF: Deep Links]

FBI Data Demands Lack Adequate Checks and Balances.

Tue, 13 Mar 2007 20:08:45 GMT

FBI Data Demands Lack Adequate Checks and Balances. A report by the Department of Justice Inspector General finds numerous failures of internal processes for FBI issuance of so-called National Security Letters, which are used to compel disclosure of sensitive financial, credit and communications records. The rules limiting the circumstances under which NSLs can be issued were weakened by the PATRIOT Act. Tighter internal controls announced by DOJ and FBI in response to the IG report, while welcome, will not cure the NSLs' fundamental flaw: giving FBI agents power to compel disclosure of private information without judicial approval. [Center for Democracy and Technology]

CDT Opposes Bill Expanding Pentagon Domestic Data Mining.

Tue, 13 Mar 2007 20:07:21 GMT

CDT Opposes Bill Expanding Pentagon Domestic Data Mining. CDT and other civil liberties groups are urging Congress to reject legislation that would exempt the Department of Defense from a key provision of the Privacy Act. The little-noticed amendment, already included in the Senate version of the Intelligence Authorization Act, would permit government agencies to disclose information on US citizens to the Defense Department. Such language could pave the way for entire databases of information to be transferred to the Defense Department without a clear purpose -- in turn opening the door to greater data mining by military agencies. [Center for Democracy and Technology]

CDT Calls for Reform of National Security Letters.

Tue, 13 Mar 2007 20:04:02 GMT

CDT Calls for Reform of National Security Letters. CDT is calling on Congress to require judicial approval of FBI efforts to access the sensitive records of US citizens. Recent revelations regarding violations in the use of so-called "national security letters" have shown that no matter how many internal controls the FBI adopts, self-certification in not sufficient when the government is obtaining the sensitive financial and communications records of citizens. CDT believes Congress should reform the law and adopt a reasonable system of judicial checks and balances. [Center for Democracy and Technology]

ORG to enlighten music industry on DRM's limitations.

Tue, 13 Mar 2007 19:59:26 GMT

ORG to enlighten music industry on DRM's limitations.

Readying a white paper

The Open Rights Group (ORG) is developing a new paper to inform the music industry about the technical suitability of Digital Rights Management (DRM) as an aid to enforcing copyright.

[The Register - Music and Media]

EFF Kills Bogus Clear Channel Patent.

Tue, 13 Mar 2007 19:55:43 GMT

EFF Kills Bogus Clear Channel Patent.

Patent Busting Project Wins Victory for Artists and Innovators

San Francisco - The U.S. Patent and Trademark Office (PTO) has announced it will revoke an illegitimate patent held by Clear Channel Communications after a campaign by the Electronic Frontier Foundation (EFF).

The patent covered a system and method of creating digital recordings of live performances. Clear Channel claimed the bogus patent created a monopoly on all-in-one technologies that produce post-concert digital recordings and threatened to sue those who made such recordings. This locked musical acts into using Clear Channel technology and blocked innovations by others.

However, EFF's investigation found that a company named Telex had in fact developed similar technology more than a year before Clear Channel filed its patent request. EFF -- in conjunction with patent attorney Theodore C. McCullough and with the help of Lori President and Ashley Bollinger, students at the Glushko-Samuelson Intellectual Property Clinic at American University's Washington College of Law -- asked the PTO to revoke the patent based on this and other extensive evidence.

"Bogus patents like this one are good examples of what's wrong with the current patent system," said EFF Staff Attorney Jason Schultz. "We're glad that the Patent Office was willing to help artists and innovators out from under its shadow."

The Clear Channel patent challenge was part of EFF's Patent Busting Project, aimed at combating the chilling effects bad patents have on public and consumer interests. The Patent Busting Project seeks to document the threats and fight back by filing requests for reexamination against the worst offenders.

"The patent system plays a critical role in business and the economy," said McCullough. "Everyone loses if we allow overreaching patent claims to restrict the tremendous benefits of new software and technology development."

For the notice from the Patent Office:
http://www.eff.org/patent/wanted/clearchannel/notice_of_intent_to_cancel.pdf

For more on EFF's Patent Busting Project:
http://www.eff.org/patent

Contacts:

Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org

Theodore C. McCullough
Registered Patent Attorney
theo702000@yahoo.com

[EFF: Breaking News]

American Studios' Secret Plan to Lock Down European TV Devices.

Tue, 13 Mar 2007 19:53:46 GMT

American Studios' Secret Plan to Lock Down European TV Devices.

EFF Exposes Standards Jeopardizing Innovation and Consumer Rights

San Francisco - An international consortium of television and technology companies is devising draconian anti-consumer restrictions for the next generation of TVs in Europe and beyond, at the behest of American entertainment giants.

The Electronic Frontier Foundation (EFF) is the only public interest group to have gained entrance into the secretive meetings of the Digital Video Broadcasting Project (DVB), a group that creates the television and video specifications used in Europe, Australia, and much of Asia and Africa. In a report released today, EFF shows how U.S. movie and television companies have convinced DVB to create new technical specifications that would build digital rights management technologies into televisions. These specifications are likely to take away consumers' rights, which will subsequently be sold back to them piecemeal -- so entertainment fans will have to pay again and again for legitimate uses of lawfully acquired digital television content.

"DVB is abetting a massive power grab by the content industry, and many of the world's largest technology companies are simply watching," said Ren Bucholz, EFF Policy Coordinator, Americas. "This regime was concocted without input from consumer rights organizations or public interest groups, and it shows."

Despite recent record profits, American movie and television studios insist that new technologies could ruin their industry. In past battles against innovation, these same studios sued to block the sale of the VCR and the first mass-marketed digital video recorder in the U.S. Having failed in those efforts, they have now turned to creating technical standards that, when backed by law, are likely to restrict consumers' existing rights and threaten the future of technological innovation.

With DVB, the plan begun by entertainment companies in the U.S. has now gone global. EFF's report is aimed at alerting European consumer groups and consumers about the dangers posed by the proposed standards and providing informational resources for European regulators.

"DVB members' active indifference, even hostility, to user rights is shameful," said EFF Staff Technologist Seth Schoen. "When American studios ask for regulatory support for restrictions pushed through the DVB Project, public officials must stand up for consumer rights, sustain competition and innovation, and tell Hollywood to back off."

For the full report:
http://www.eff.org/IP/DVB/dvb_briefing_paper.php

EFF's 2005 Submission to the U.K. Department of Media, Sports and Culture:
http://www.eff.org/IP/DVB/dvb_critique.php

Contacts:

Ren Bucholz
Policy Coordinator, Americas
Electronic Frontier Foundation
ren@eff.org

Seth Schoen
Staff Technologist
Electronic Frontier Foundation
seth@eff.org

[EFF: Breaking News]

Justice Department Report Reveals FBI Misused Patriot Act.

Tue, 13 Mar 2007 02:41:50 GMT

Justice Department Report Reveals FBI Misused Patriot Act. A Justice Department audit released Friday said that the FBI used the Patriot Act improperly and unlawfully to gain information about people in the United States. Two members of the House Judiciary Committee debate the audit's conclusions. By NewsHour with Jim Lehrer. [NewsHour with Jim Lehrer Podcast | PBS]

Google Aids Indian Goverment Censorship.

Tue, 13 Mar 2007 02:36:33 GMT

Google Aids Indian Goverment Censorship. An anonymous reader writes "Google's Orkut has made a deal to provide IP addresses of posters of content deemed objectionable by Bombay police. They object, among others, to posts against certain Indian personalities, young women admiring Indian mobsters, and, amazingly, "anti-Indian words" (!)." [Slashdot]

Spying Too Secret for the Courts.

Tue, 13 Mar 2007 02:33:23 GMT

Spying Too Secret for the Courts. AT&T and the government tell an appeals court that the case against the telecom for allegedly helping the government spy on Americans is too secret for any court, despite the Administration's admission it did spy on Americans without warrants. [Wired News: Top Stories]

Making Sense of Census Data With Google Earth.

Tue, 13 Mar 2007 02:20:05 GMT

Making Sense of Census Data With Google Earth. mikemuch writes "Imran Haque has developed a mashup of Google Earth with data from the U.S. Census Bureau, called gCensus. The app uses the XML format known as KML (Keyhole Markup Language), which can create shapes and colors on the maps displayed by GE. Haque had to build custom code libraries (which he's made available as open source) that could generate KML for the project. He also had to extract the relevant data from the highly counter-intuitive Census Bureau files and store them in a database that could handle geographic data. gCensus lets you do stuff like create colorful overlays on maps showing population ages, race, and family size distributions." [Slashdot]

No Reprieve for Jailed Blogger.

Tue, 13 Mar 2007 02:16:01 GMT

No Reprieve for Jailed Blogger. An appeals court upholds an Egyptian man's four-year prison sentence for insulting Islam and the country's president. By the Associated Press. [Wired News: Top Stories]

Government Sites Fail FOIA Rules.

Tue, 13 Mar 2007 02:14:21 GMT

Government Sites Fail FOIA Rules. A study shows 79 percent of federal agencies are violating a Freedom of Information Act amendment requiring they post records online and help citizens request info over the internet. In 27B Stroke 6. Plus: States' secrecy penalties. [Wired News: Top Stories]

'Do the Right Thing'. Editorial

Mon, 12 Mar 2007 20:32:08 GMT

'Do the Right Thing'. Editorial: There is no greater hallmark of an IT leader than the courage it takes to do what[base ']s right, says Don Tennant. [Computerworld Privacy News]

Congress Targets Pretexting.

Mon, 12 Mar 2007 20:22:56 GMT

Congress Targets Pretexting. Legislation would add protections against the practice of posing as another to gain personal data. [PC World: Latest Technology News]

Human Error Causes Most Data Loss, Study Says.

Mon, 12 Mar 2007 20:08:30 GMT

Human Error Causes Most Data Loss, Study Says. Three-quarters of incidents involving loss of sensitive data are caused by human error, according to researchers. [PC World: Latest Technology News]

Open Government Gets Its Week in the Sunshine.

Mon, 12 Mar 2007 20:04:59 GMT

Open Government Gets Its Week in the Sunshine.

This week is Sunshine Week - a gentle name for celebrating the serious business of uncovering secretive government practices. Taking its cue from the famous line by Justice Brandeis that "sunlight is ... the best of disinfectants", this year's Sunshine Week reflects on a year of continuing efforts to increase government visibility, and a renewed interest by the press, activists, and netizens in investigating its secrets.

Projects like our own Freedom of Information Act Lltigation for Accountable Government (FLAG) project have been working hard to use statutory tools like FOIA and the Privacy Act to uncover the misuse of technology by the state. Josh Richman's overview of FLAG's work in several of Sunday's papers highlights the work our Washington office does, from uncovering the edges of the warrantless wiretapping program, to probing the connections between the NSA and Windows Vista's development.

EFF's work monitoring Washington developments in the world of technology are helped by many other dedicated sites, like OpenCRS, which distributes the fascinating, but previously restricted, Congressional Research Service reports, and OpenSecrets, which can illustrate Washington connections that are otherwise obscure (want to know why Bill Frist was so keen on the Audio Flag? Inquire within.) Researchers at EPIC, coalition groups like Open The Government and the politicians behind H.R.1309, which seeks to update the FOIA laws to react faster to inquiries, help keep the tools of exposing government sharp and relevant.

Meanwhile, across the Net, hackers and activists have been working to extract, sift and re-present what information federal and state governments do provide in a way that ordinary citizens can use. There's now a wealth of sources to choose from, from the amazing work by the volunteer-run GovTrack.us, to the new OpenCongress that builds on GovTrack's database and more, to the many new APIs that can stitch all of this data together.

Each of this tools, like each of our organizations, builds on the others. This week, the Sunlight Foundation is sponsoring a $2000 prize for the best Web mash-up of Congressional information, as judged by EFF friends Esther Dyson, Jimmy Wales, and Craig Newmark. We look forward to seeing how far the sunlight breaks this year.

[EFF: Deep Links]

Don't Let OneCare Eat Your Email - AppScout

Sun, 11 Mar 2007 19:08:23 GMT

Whenever a program gets wide distribution there are bound to be some users who, rightly or wrongly, feel it has caused them pain. Sometimes it's a case of post hoc ergo propter hoc (Latin for "the hog was here, so the hog did it"). Other times there really is a problem, perhaps due to an unusual configuration or a compatibility problem with some less-common applications. But it's rare that the problem is as serious and the response as limited as in this case.

A reader brought to my attention a thread in Microsoft's discussion forums for Windows OneCare titled "Outlook and Outlook Express Mail Store Missing or Quarantined". The thread started with a message in January and it's still running today, with no clear resolution. In brief, if you get a virus in an email message received by Outlook, OneCare's next virus sweep may quarantine or delete your entire email store. If you receive a virus via Outlook Express OneCare may quarantine or delete the entire folder containing the virus. Really!

As the thread goes on, more and more users weigh in reporting the problem. Moderators attempt soothing responses like "Obviously, the action by OneCare is undesirable. However, you can ... exclude the Outlook PST file" and "I know it won't make you feel any better, but you're all really helping to make OneCare a better program for everyone" and "You never want email scanned on the way in or out of the system as it causes more problems than it fixes." At one or two points the moderators announce a fix, but the problem reports keep coming in. One moderator mused that this had been a problem in the beta of OneCare 1.0, but he hadn't seen it since then. Another suggested that version 1.5 may have been coded from the wrong "code branch" of the base 1.0/1.1 version. Hmm....

Windows Live OneCare Can Eat Your Email.

Sun, 11 Mar 2007 19:04:30 GMT

Windows Live OneCare Can Eat Your Email. FutureDomain writes in to point us to a blog sponsored by PC Magazine, reporting about another problem with Windows Live OneCare. Apparently, it sometimes deletes the entire Outlook or Outlook Express .PST mailbox when it finds a virus in one of the messages. The only solution is to tell OneCare to exclude the entire Outlook mailbox. This is the software that came in last in antivirus tests. The trail of tears is ongoing over on the Microsoft forums. [Slashdot]

SSL optimization over the WAN needs scrutiny - Network World

Sun, 11 Mar 2007 17:45:40 GMT

Rather than passing through SSL sessions between clients and servers located in remote data centers, some WAN optimization gear can terminate the SSL sessions, shrink the traffic and re-encrypt it for the next leg of the trip. These chains of encrypted sessions introduce potential vulnerabilities that different vendors address in different ways.

SSL traffic represents a growing percentage of total traffic on WAN links, according to Forrester Research. So SSL support in WAN optimization appliances will become more important to businesses that want to keep traffic secure while minimizing the size of their WAN links.

In a survey last month of 1,300 IT executives by WAN-optimization vendor Blue Coat Systems, one-third of respondents said that 25% of their WAN traffic is SSL. And of those surveyed, 45% plan to roll out more SSL applications this year.

About a third of all WAN traffic at Richardson Partners Financial Ltd. in Toronto is SSL, says Andrew McKinney, director of technical services for the firm. But if only the urgent business traffic is considered, the percentage is much higher. "For critical business traffic, it's all encrypted," he says. So he uses Blue Coat Systems gear to secure traffic and optimize it for good performance.

SSL Optimization Over WAN Needs Scrutiny.

Sun, 11 Mar 2007 17:41:59 GMT

SSL Optimization Over WAN Needs Scrutiny. coondoggie writes with word of the expansion of WAN optimization appliances to handle SSL traffic and the security concerns this brings up. From the article: "With more and more WAN optimization vendors extending their capabilities to include encrypted traffic, corporate IT executives have a decision to make: Should they trust the security these devices provide? Rather than passing through SSL sessions between clients and servers located in remote data centers, some WAN optimization gear can terminate the SSL sessions, shrink the traffic, and re-encrypt it for the next leg of the trip. These chains of encrypted sessions introduce potential vulnerabilities that different vendors address in different ways. SSL traffic represents a growing percentage of total traffic on WAN links, according to Forrester Research. So SSL support in WAN optimization appliances will become more important to businesses that want to keep traffic secure while minimizing the size of their WAN links."
[Slashdot]

Utah court: Drug odor didn't justify search without warrant

Sun, 11 Mar 2007 17:24:33 GMT

SALT LAKE CITY -- The odor of burning marijuana didn't justify a search of a trailer without a warrant, the Utah Supreme Court said Friday.

Police officers broke through the door of a trailer in April 2003 because they believed the suspects were eliminating evidence by smoking it. The court, however, said there was no sign that Bernadette Duran knew authorities were around.

wcco.com - Senate Committee Approves 'PhotoCops'

Sun, 11 Mar 2007 17:21:18 GMT

(AP) St. Paul Amid a court fight over a Minneapolis's stop-on-red camera program, a Senate committee has approved legislation that would allow all Minnesota cities the power to put PhotoCops at intersections.

The Senate Transportation Committee voted 11 to 5 on Friday to move the bill along, but not without serious questions about its use as a revenue generating tool and its threat to privacy.

Minneapolis began the program to catch and ticket red-light runners, but it was halted by court actions questioning whether it overstepped state law. The Supreme Court is due to hear arguments in the case next week.

The bill permits cities to install cameras to record violators and mail out citations to the owners of the photographed vehicles.