Saturday, July 29, 2006

Something must qualify as prior art. If not commercial TV or radio, how about those free newspapers that I keep finding on my lawn?

Microsoft Patent Envisions Free Computing

Posted by Zonk on Friday July 28, @05:15PM from the free-is-a-variable-term dept. Microsoft Hardware

Dotnaught writes "A Microsoft patent application published on Thursday shows the company contemplating free computers and software for its customers. It suggests 'a service provider such as a telephone company, an Internet service provider, or a leasing company may provide computer systems or components to users at a reduced charge or for free in exchange for targeted advertising delivery.'"

Tools to watch.

Text Mining the New York Times

Posted by Zonk on Saturday July 29, @06:29AM from the good-place-to-mine dept. Software Technology

Roland Piquepaille writes "Text mining is a computer technique to extract useful information from unstructured text. And it's a difficult task. But now, using a relatively new method named topic modeling, computer scientists from University of California, Irvine (UCI), have analyzed 330,000 stories published by the New York Times between 2000 and 2002 in just a few hours. They were able to automatically isolate topics such as the Tour de France, prices of apartments in Brooklyn or dinosaur bones. This technique could soon be used not only by homeland security experts or librarians, but also by physicians, lawyers, real estate people, and even by yourself. Read more for additional details and a graph showing how the researchers discovered links between topics and people."

Is this a viable technique? Does the fact that a bigger fish isn't named in the suit any kind of defense?

Torrentspy Asks Why Hollywood Isn't Suing Google Too

from the don't-give-them-any-ideas dept

For years, we've pointed out that the entertainment industry doesn't seem to get that many of the individuals and companies they go after for file sharing are just search engines. Just because they're vertically focused, it doesn't make them any different than Google. In fact, last year, when Norway tried to outlaw sites that simply linked to downloadable MP3s, we wondered if they had effectively outlawed Google. It seems that the folks at torrent search engine Torrentspy have picked up on this line of reasoning as well. If you remember, Torrentspy is challenging the entertainment industry, pointing out that they're just a search engine, they don't infringe and (a la the Grokster decision) they don't induce infringement either. They've now put that "just a search engine" defense directly into their court filings. Threadwatch points out that their latest filing to dismiss the case wonders why the MPAA isn't suing Google as well, since they effectively do the same thing. As the filing notes: "There is nothing alleged to distinguish defendants' website from that maintained by Google. Everything alleged about defendants' website is true about Google, and even more so, because Google outperforms the allegations in the complaint." Of course, given the way the entertainment industry reacts these days, you never know... they might just sue Google next.

Unless they're Oakland fans, clearly those folks are up to no good.

Federal judge: football fans can't be searched at the gate

giantAppleCore submitted by giantAppleCore 15 hours 59 minutes ago (via )

Security "pat-downs" of fans at Tampa Bay Buccaneers games are unconstitutional and unreasonable, a federal judge ruled Friday, throwing into question the practice at NFL games nationwide.

Friday, July 28, 2006

It's Friday, so here are the latest identity theft stories...

Laptop and Personal Data Stolen

Jul, 26 2006 - 6:30 AM

EDMONTON/630 CHED - The theft of a laptop from a financial services company containing thousands of personal files has hundreds of angry clients asking how it could have happened.

M-D Management president Guy Belanger (ghee beh-LAHN'-zhay) says the company is working to improve its information handling procedures.

The laptop containing information on eight-thousand clients was stolen from a parked car in an Edmonton shopping mall parking lot on June 19th.

The computer has not been recovered.,4670,ArmstrongDataStolen,00.html

Laptop With Armstrong Worker Data Stolen

Wednesday, July 26, 2006

LANCASTER, Pa. — A laptop stolen from a payroll auditor contains personal information on 12,000 current and former Armstrong World Industries Inc. employees, the company said.

The data include home addresses and phone numbers, Social Security numbers and how much the people were paid. A two-page letter sent by Armstrong last week said the company was not aware of any misuse of the information, and that a password was required to access the information on the computer.

The laptop was stolen from a locked car belonging to a Deloitte&Touche LLP employee, Armstrong said. Deborah G. Harrington, a spokeswoman for the consulting firm, declined to comment.

Armstrong advised employees to watch their bank accounts, credit cards, bills and financial statements for signs of unusual transactions. It also suggested that for three months they place a fraud alert on their credit files.

Lancaster-based Armstrong makes flooring, ceilings and cabinets.

Armstrong spokeswoman Dorothy Brown Smith did not reply to a voice mail message seeking comment Wednesday.

There have been a number incidents in recent months involving sensitive information stored on laptops that have been lost or stolen. Earlier this year, a notebook PC with information on 26.5 million veterans and active-duty troops was swiped from the home of a Veterans Affairs analyst in Maryland. The machine was later recovered.

On the Net: Armstrong:,1,6596448.story?coll=la-news-politics-california

Riverside City Workers' Personal Data Are Sent to 2,300 Employees

The computer operator who sent the e-mail, intended for payroll officials, is put on leave. There's been 'no indication' that the information has been misused, official says.

By Susannah Rosenblatt Times Staff Writer July 28, 2006

Personal and financial data of nearly 2,000 Riverside city employees were sent out across City Hall's e-mail system because of a computer operator's error, officials confirmed this week.

The message, intended for payroll department databases, reached the inboxes of about 2,300 city employees late last week, said Assistant City Manager Tom DeSantis.

City officials did not learn of the mistake until the following morning, when they shut down the city's internal e-mail system, blocking access to inboxes for about 12 hours while they deleted the messages, DeSantis said.

The correspondence contained workers' Social Security numbers and financial deduction information for 401(k) and other accounts, as well as "specific identification information," DeSantis said, without elaboration.

About 20 copies of the confidential e-mail were opened, [What action would you take? Bob] DeSantis said, although there was "no indication" that any personal data had been misused.

Preliminary investigations by local law enforcement suggested that the transmission was accidental; Riverside police and the Riverside County district attorney's office were continuing their inquiries, DeSantis said.

The computer operator who sent the e-mail was put on administrative leave during the investigation. That employee did not follow newly established city procedures to encrypt sensitive material, [If he had encrypted the data, would sending it be okay? (or is this just another nonsequetor? Bob] DeSantis said.

City Hall converted to a new e-mail system last week, [also irrelevant Bob] officials said.

"Trust is paramount," DeSantis said, adding that steps had been taken to ensure that employees were protected.

The Riverside employees union, which just wrapped up negotiations with city officials, complained that security safeguards should have been in place. [Ya think? Bob]

"It was just an accident waiting to happen," said Greg Hagans, a senior office specialist with the city parks department and president of the Riverside chapter of Service Employees International Union, Local 1997, which represents about 850 municipal employees.

City officials notified workers of the situation with several faxes and mailed a letter to employees' homes Thursday. The city also offered $50,000 in identity-theft insurance to anyone whose information was in the e-mail.


by Ryan Singel and Kevin Poulsen Thursday, 27 July 2006

Kaiser Joins Lost Laptop Crowd

Kaiser Permanente mailed letters this week to 160,000 of its Northern California-based HMO subscribers, informing them that a laptop containing their personal information, including their phone numbers and Kaiser numbers, had been stolen.

The data was being used to market Hearing Aid Services to 160,000 Health Plan members in Northern California, though the person who tipped Wired News to the story has no history of hearing problems.

No social security numbers were on the laptop, which was stolen sometime in late June from a "secure office" in the Permanente Medical Group Business Development Group, according to a Kaiser spokeswoman and a member represent answering a toll free number for Kaiser members.

The letter suggested that the risk may be limited, as the laptop required a user name and password, but made no mention of encryption.

The Oakland Police Department is investigating, according to a written statement released Thursday night.

"We believe it was a random and isolated crime," the statement read, in part. "We apologize to all patients affected by this unfortunate incident and we regret that it occurred. We take protecting the privacy and security of our members' personal medical information seriously, and are taking appropriate actions to further guard against future such incidents."

A Kaiser spokesperson was unable to provide any more information immediately.

It's unclear whether the letters were required by California's disclosure law or federal medical privacy rules, known as HIPAA.

California's rule (.pdf) generally only requires disclosure when a person's financial information, such a social security number, credit card number, or debit number-and-PIN are acquired by an unauthorized person.

Is the the future of class actions suit “techniques?”

Google’s Lawyers Admit To gmail Privacy Leak

The background: Google was sued recently regarding their efforts to prevent click-fraud in AdWords. It was a class-action suit, which basically means that there are a large number of people who were “harmed” by the tortious action at issue and that some lawyer has taken it upon themselves to sue on behalf of all of the ones who don’t opt out. Class action suits are a huge scam but that is another matter altogether.

Google attempted to settle the suit. In the process, the would have to contact class members (the people who have theoretically lost money due to fradulent clicks), and they hired a firm which specializes in this sort of work. So far so good. And that firm zealously tried to contact class members in a variety of ways, including through snail mail and email. So far so good.

Now, we all know the problems with getting mail to large numbers of people. Mail addresses changed, people go on vacation, challenge-response systems are engaged, what have you. The firm zealously tried to correct for all of these, by investigating new email addresses, tracking people down after vacation, clicking through the “I am a human” tests, etc. So far so good.

Now, what is the other main way for a mail delivery to fail? Spam filters. Now, remember, as a class member you haven’t opted-in to the lawsuit or the settlement. You might not even think you’ve been harmed by the action at issue, or you have no desire to waste your time for what is typically a sliver of a credit (the attourneys, of course, get 25%-33% of millions — in this case attourney fees will probably go above $20 million). So you might understandably not want to really talk to someone wanting to talk to you about the lawsuit. In this case, service from an agent of Google’s to tell you about your rights regarding the lawsuit is spam. You didn’t ask for it, you don’t want it, and it has a commercial purpose (they’re being paid to get the email to you, and the email is sent to divide up a pot of money — although unlike most spam its not your money).

So, as can be expected, lots of these advertisers have Gmail accounts. And what did Google do? It checked them. Google algorithmically [i.e. A program rather than a person “looked” Bob] peaked at all the accounts on the list their agent had developed which they had access to, to see if the mail was marked spam or not. There were 75,000 accounts in which it was marked spam, and an unknown (larger) amount of accounts must have been compromised to get that statistic.

Unhinged rantings of a conspiracy nut? Well, no. Google’s lawyers bragged about this in a recent document they filed to the court regarding the settlement (which is tied up in legal wrangling). In relevant part (page 13 of the pdf of the document which Matt Cutts provided on his blog while responding to concerns about click fraud):

Gilardi [ed: the firm Google was using to contact people] also re-sent 74,591 email notices to intended recipients whose addresses ended in “” and “”, and for whom Google had information that the first email notice had been directed to the recipient’s spam folder. (italics mine)

Google is apparently hunky-dory [Legal term Bob] with this. Its essential for the Google lawyers to demonstate that their notices stand up to certain legal requirements regarding legitimately trying to notify class members (note that its completely non-essential to go peeking). Google brags on page twelve:

[T]here is no question that Google complied with the notice procedures ordered by this court. In fact, Google did more than was required to provide the best notice practicable. (italics mine)

I’m sorry Google, I just don’t remember telling you you could go peeking at the mail, even to “provide the best notice practicable”. As a matter of fact, given that I know you’ll be storing it for life I actually bothered to read that privacy policy of yours. Lets see, where was it… aha.

Information sharing

Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:

* We have your consent. We require opt-in consent for the sharing of any sensitive personal information.

* We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.

* We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.

Hmm, thats what I remember: opt-in consent for all disclosures of private data. I think the contents of my inbox is pretty darn private. So that ones out. You’ve already explained in your own words that the peeping was more than the court required, so excuse #3 is out. So what about #2: were you “processing information on [Google’s] behalf”? If you were, then this exemption swallows the entirety of the policy policy!

I’m less than happy, and now seriously wondering if all those business documents I’ve got floating around my Gmail inbox are going to end up in the hands of your lawyers without so much as a by-your-leave if your lawyers, in their sole discretion, think its for my own good strategically a good idea to get Google out of a lawsuit.

Do no evil, indeed.

Inventing new ways to violate privacy?

Voter Privacy Becoming an Issue

With a revised policy on voting in Wisconsin, a government watchdog group now says allowing a unique voter identification number to be made public violates state privacy laws.

The Wisconsin Democracy Campaign is taking issue with a recent memo from the State Elections Board. In it, the board says voter I.D. numbers are public information. The Wisconsin Democracy Campaign is pointing to a Wisconsin law that certain information contained in the state database is not public.

The campaign's executive director says it's up to the elections board to decide which voter privacy protections should be upheld and which ones should be ignored.

So are emoticons “pictures?” :),0,2561855.story?coll=ny-leadhealthnews-headlines

Court rules sexually explicit e-mails are legal without pics

BY ANN GIVENS Newsday Staff Writer July 27, 2006, 9:11 PM EDT

One of the strongest tools local law enforcement officials use to prosecute pedophiles was snatched away from them this week when a state appeals court ruled that sending children sexually explicit e-mails is only illegal if the e-mails include photographs.

United States: Navigating The Privacy Maze In The U.S. And Abroad

27 July 2006 Article by Demetrios Eleftheriou

We continue to see a growing number of reported data security breach incidents in the U.S. They involve such things as hacking, stolen or missing computers and backup tapes, inside jobs and stolen passwords. According to one source, approximately 85 million accounts have been compromised since the ChoicePoint incident in February 2005.

I think this process is a disaster waiting to happen.

Microsoft to Distribute IE7 as Automatic Update

By Jennifer LeClaire TechNewsWorld 07/27/06 10:40 AM PT

Microsoft has announced that it will distribute its next-generation Internet Explorer 7 browser as a "high-priority" update through its Automatic Updates for Windows XP systems. The software giant's latest IE version includes a variety of safety and security enhancements, as well as a more streamlined look and more efficient printing features.

Typical – they don't know how may laptops they have or who has them, and they have no strategy for securing them.

July 27, 2006

DHS OIG Report on Enhancing Laptop Computer Security

Improved Administration Can Enhance Science and Technology Laptop Computer Security (Redacted), OIG-06-42 (PDF, 36 Pages), July 27, 2006.

If you have no other strategy, greed is good.

Utility Stalling Muni WiFi, But It's Not A Telco

from the be-a-shame-if-these-packets-were-to-get-dropped dept

We've seen plenty of cases before where incumbent utilities have done their best to stymie municipal broadband projects (unless they can profit from it, of course). Typically, it's a telco or cable company trying to put up the obstacles, but in southern California, it's the electric company. As Glenn Fleishman notes, just because a municipality might control an area's utility poles, it may not control who supplies power to them -- and in several cities around Los Angeles, that's Southern California Edison Co., which says it needs to "understand the technology better" before it starts providing the power to WiFi access points on utility poles. What's so difficult to understand about a piece of equipment that draws a consistent amount of power on par with a reading lamp? In one city, where a year of discussions have been fruitless, the company told officials they might be able to come to some sort of agreement if they paid rates on par with what cellular carriers pay to hang their antennas on utility poles, a quite reasonable $2,000 a month, compared to the $36 per year one WiFi provider cites as the average rate it pays. Other than the obvious greed, it's hard to figure out exactly why the company could be stalling: indifference, incompetence or perhaps some telco-style roadblocking in an attempt to boost some future broadband over power line offering?

How The FBI Tracks Down An Online Criminal

from the a-little-more-advanced-than-just-getting-an-IP-address dept

Yesterday, we noted how weak the RIAA's "evidence" is in the civil cases they bring against people for file sharing. In the comments, a few people tried to compare that to the way law enforcement officials go about tracking down online criminals. However, thanks to Steve Bryant we have at least one example of how much more thorough the FBI is. He details the process the FBI used to track down someone who made a threat online using a gmail account. They got a grand jury subpoena to get Google to hand over some info, including the IP address of the user and the alternate email he used, which happened to be from Yahoo. They then got info from Yahoo to link the email address to a person -- and got more IP info from Yahoo as well. Both IP addresses were linked to a law firm, which was interviewed. From the law firm, they discovered that there was an annex office attached to an apartment. The office had an open computer. The apartment, not surprisingly, had been rented to the guy earlier identified as the person who registered those email addresses. It certainly seems like they have a bit more proof concerning who was involved.

Another reason to bash McDonalds?

Fast Food Cooking Worse for Air Than All the Trucks on the Road

July 27, 2006 07:41 AM - Lloyd Alter, Toronto

Here is a great statistic to bite into: Cooking four normal sized hamburgers in a fast food joint emits the same amount of VOC's (volatile organic compounds) as driving a current model car for 1,000 miles.


Downloadable Episodes of Favorite PBS Programs Make Their Debut on Google Video

Wednesday July 26, 1:00 pm ET

PASADENA, Calif., July 26 /PRNewswire/ -- PBS Press Tour -- PBS today announced the launch of PBS content on Google Video (, making it possible for users to download and own a selection of PBS primetime and children's programming for the first time ever. The announcement was made by PBS President and CEO Paula Kerger at the Television Critics Association Press Tour.

Gooder? (Convergence?)

July 26, 2006

Jeff's Quick Guide to TV on the Net (TV/IP) - July, 2006

Thursday, July 27, 2006

Not everyone knows what a passport looks like. The picture does look official.

Passport proxy

A seasoned traveler who ventured further into third world slums than I ever would told me about this nifty trick-of-the-trade. Make a good color copy of your passport, including the covers. Align the inside sheet of your passport data with the outside passport cover sheet. Glue together. Laminate. Score and fold. You now have a fairly official looking travel document.

I have found that for most purposes -- changing money at a bank, rentals, hotel front desks, and even police -- this passport clone is sufficient. You hide or store your real one and use this one for everything else except crossing borders. I don't know why, but most people seem happy to accept it. It may be because it seems like some new futuristic version 2.0 passport and who are they to question it?

(According to the US Passport Agency, it is perfectly legal for you to make a color copy of your passport -- although Kinko's can't -- and in fact they recommend you do so.)

Well, better late than never. Perhaps a few of you young lawyers could find work explaining how these “new ideas” have been working for the last 20 years in other industries...

From Confrontation to Experimentation: The Music Industry Is Playing a New Tune

Published: July 26, 2006 in Knowledge@Wharton

EMI Music backs a label that turns the traditional economics of the recording industry on its head. Vivendi's Universal Music Group creates multiple pricing schemes for CDs. Sony BMG Music Entertainment and Yahoo decide to sell a single without digital rights restrictions.

These moves typify a flurry of experimentation by major record labels in recent weeks, and stand in stark contrast to earlier behavior by an industry that six years ago was best known for launching anti-piracy lawsuits against Napster -- a network that originally swapped music files for free -- and individual users.

... Fader also notes another factor behind the music industry's willingness to try new approaches: It has no choice but to embrace the Internet. Like other media such as print, movies and television, the Internet is revamping the way entertainment is shared.

You can see why they might attract competition...

Who gets what in a 99 cents download?

July 26, 2006 4:56 PM PDT

Record companies tend to complain about downloads, particularly since most songs are still downloaded illegally. But when it comes to legal downloads, they get most of the cash.

Record companies keep about 72.5 cents on average for a 99 cent song, Dave Jaworski, CEO of PassAlong Networks, at the AlwaysOn Stanford Summit. PassAlong sets up online music services for other web sites. It has a big store on Ebay too.

The credit card company then gets a small slice. The rest goes to the people who sold the song. In PassAlong's case, the company divides the remainder with the retailer.

Perhaps this was not a data theft in the first place... In that case, why wouldn't they provide enough detail to convince us? (and why all the testing?),0,3671645.story

Computer Holding Personal Data Found

By MARK JOHNSON Associated Press Writer July 26, 2006, 4:10 PM EDT

ALBANY, N.Y. -- A computer that was lost with the personal information of as many as 540,000 injured workers has been located, state officials said Wednesday.

The FBI and the private company that had been in possession of the state-owned personal computer would not say how or where it was found, only that it was in "a secure location."

Officials said Monday the computer was missing from a secured facility [They lock the door? Bob] of Chicago-based CS Stars, an independent insurance brokerage. Most of the workers are New Yorkers from across the state who are in two special funds of the workers' compensation system.

CS Stars was using the computer to move the data -- including names, addresses and Social Security numbers -- from the state to the company's computerized claim system, according to the letter.

Mike Kachel, a spokesman for CS Stars' New York City office, said the FBI located the computer, missing since May 9, and that it appeared no one had used any of the information it contained. [You can tell just by looking at the computer? Bob]

FBI spokeswoman Cynthia Yates would not release any other information, saying the investigation was continuing. She said forensic tests were still being completed to verify the information had not been stolen.

The 'senior service' screws up again? (That's really not like them.)

Navy Computers With Personal Data Stolen

By LOLITA C. BALDOR Associated Press, 07.26.2006, 07:14 PM

Two laptop computers with personal information on about 31,000 Navy recruiters and their prospective recruits were stolen from Navy offices in New Jersey in June and July, the Navy disclosed on Wednesday.

It was the third time in little more than a month that personal data on Navy personnel has been lost or unintentionally released publicly over the Internet.

... He said the information on the laptops was secured by several layers of password protection. [So no serious security... Bob]

According to the Navy, one laptop was reported stolen from a recruiting station in Trenton, N.J., in early June, and the other was taken from a Jersey City, N.J., recruiting station in early July. While the thefts were initially reported to the police, the head of Naval personnel was not informed until mid-July.

Do you have anything on your computer worth saving? (Multi-national backup sites could make subpoenas interesting.)

Saving data is a moneymaker

BOSTON, Massachusetts (AP) -- Shalin Mody's computer held innumerable things he'd love to have forever: TV shows, video games, papers and more than 50 gigabytes of music. So normally he would have panicked the day the PC completely failed, unable to start up.

Fortunately, the 26-year-old investment manager had only weeks earlier come across a blog describing Carbonite, [ Bob]an inexpensive new service that backed up everything on his PC over the Internet and stored it remotely.

When he bought a replacement PC, Carbonite repopulated it with his old files.

"It was extremely lucky," Mody said. "I just didn't stress too much."

... Taking advantage of cheap data storage and the proliferation of broadband Internet connections, Web-based services such as Carbonite can provide the equivalent of a fireproof safety deposit box for digital content.

"I think this is stuff that people don't really realize they can do," said David Friend, CEO of Boston-based Carbonite, which lets users back up unlimited amounts of data for less than $5 a month.

Carbonite runs in the background of a Windows-based computer, copying files, encrypting them and sending them to remote servers. Because most broadband connections have much slower upload speeds than download speeds, the initial backup process can take several days.

... Microsoft Corp. and Google Inc. are also weighing vast remote-storage services that could be free and backed by advertising, though neither company would offer details.

Even before products like that emerge, however, the choices for consumers are mushrooming.

IBM Corp. recently rolled out a $35-per-computer software package that automatically backs up a consumer's files by routing the data to whatever sources happen to be available, including inexpensive "thumb" drives and online storage accounts offered by Internet providers.

For those willing to manually make sure important files are safely stored in more than one place, thumb drives and free services like Google's Gmail offer several gigabytes of space. That would be enough room to protect many users' important documents, though richer media like photos, music and video quickly eat up far more space.

... Of course, if a fire or flood destroys your house, what good is it to have backed up your data on something that was sitting right next to the PC?

... IBackup launched in 1999 and now holds more than 150 terabytes of data for its customers in five locations around the world, spokesman Raghu Kulkarni said.

Recall that 150 terabytes would be roughly equivalent to 150 million books. So it would seem iBackup is no secret. But Kulkarni suggests that amount of data is nothing compared to what would roll in if online backup really became widespread.

"It's still a field that has to get the real attention of the consumers," he said. "Because backup in general is not a very cool thing."

Another reason to use off site backup?

Court Says Border Patrol Can Look Through Your Hard Drive

from the so-says-the-courts dept

A court of appeals has determined that, if you're entering the US, border guards have every right to search through the contents of your laptop, even if they have no reason to be suspicious. This fits with an earlier Supreme Court ruling that basically said the 4th Amendment doesn't apply at the border. All this case does is say that the data on your laptop is equally available to border guards. The author of the article, Declan McCullough, suggests people learn how to encrypt data on their laptops if they're worried -- but will that matter? What happens if the border guards ask to see the encrypted data as well? [What happens if there is gibberish on your computer and the border guards think it's encrypted data? Bob] What are the limits? Also, we've noted in the past that officials have used just the presence of encryption software as evidence that you may have committed a crime, so encrypting data you'd like to keep confidential hardly seems likely to protect that data.

History is not understanding.

July 26, 2006

CRS Report on the Middle East - Israel-Hamas-Hezbollah: The Current Conflict, July 21, 2006

Israel-Hamas-Hezbollah: The Current Conflict, July 21, 2006 (45 pages, PDF)

July 26, 2006

GAO: Key Federal Privacy Laws Do Not Require Information Resellers to Safeguard All Sensitive Data

Personal Information: Key Federal Privacy Laws Do Not Require Information Resellers to Safeguard All Sensitive Data, Full text GAO-06-674, and Highlights, June 26, 2006.

  • "The growth of information resellers--companies that collect and resell publicly available and private information on individuals--has raised privacy and security concerns about this industry. These companies collectively maintain large amounts of detailed personal information on nearly all American consumers, and some have experienced security breaches...GAO found that the applicability of the primary federal privacy and data security laws--the Fair Credit Reporting Act (FCRA) and Gramm-Leach-Bliley Act (GLBA)--to information resellers is limited."

Astroturfing: Building false 'grassroots' support.

Shareholder Astroturfing: Latest Tactic In Net Neutrality Debate

from the the-next-pointless-battle dept

We've spent way too much time on how both sides of the net neutrality debate have used astroturfing and other dishonest (or simply ridiculous) tactics to push their own side forward. However, it seems that every time you think you've seen it all, one side sinks even lower. The latest can best be described as "shareholder astroturfing." A mutual fund that owns a tiny bit of Microsoft stock is trying to use that to force the company to issue a report explaining its stand on net neutrality -- which, of course, the mutual fund claims is "expanded government regulation for the internet." Microsoft is asking the SEC if it can ignore the demand, as it really has nothing to do with Microsoft explaining its position, but is really just a PR stunt by anti-net neutrality supporters.

3 Ways to Immediately Increase Search Engine Traffic

amarelito submitted by amarelito 22 hours 9 minutes ago (via )

Amongst the commercial blogosphere there is huge interest in the dark, and mysterious art of SEO, or Search Engine Optimization. There shouldn't be. Not because paying attention to Search traffic is bad, or that wanting to rank higher in Google is evil, simply because it's not rocket science, and anyone can do it. Even you.

You can ignore these, they are for my students.

10 nasty money habits to kick

Geekforlife submitted by Geekforlife 19 hours 37 minutes ago (via )

Stop making the same mistakes every year and wondering why you can't save. Break the cycle and change your life.


Flying an F-15 with one wing!

Frinkahedron submitted by Frinkahedron 8 hours 36 minutes ago (via )

"The IAF (Israeli Air Force) contacted McDonnel Douglas and asked for information about possibility to land an F-15 with one wing . MD replied that this is aerodynamically impossible, as confirmed by computer simulations... Then they received the photo...."

Wednesday, July 26, 2006

July 26, 2006

This sounds like politicians who want to point to numbers indicating they “did something”

Air Marshals Place Innocents on Secret Watch List

Posted by ScuttleMonkey on Tuesday July 25, @04:15PM from the just-wait-till-a-system-upgrade-mistake dept. Security Politics

An anonymous reader writes "The Denver Channel 7 News reports that federal air marshals are operating under a quota for reporting a minimum number of suspicious travelers which is resulting in innocent people being placed on a secret government watch list. From the article: 'These unknowing passengers who are doing nothing wrong are landing in a secret government document called a Surveillance Detection Report, or SDR.'"

Bad strategy. They picked the wrong court.

Wiretapping Lawsuit Against AT&T Dismissed

Posted by ScuttleMonkey on Tuesday July 25, @09:42PM from the hollow-sound-of-justice dept. Security The Courts

BalanceOfJudgement writes "A major victory by the federal government was won today when a federal judge dismissed the lawsuit against AT&T for providing phone records to the federal government. From the article: 'The court is persuaded that requiring AT&T to confirm or deny whether it has disclosed large quantities of telephone records to the federal government could give adversaries of this country valuable insight into the government's intelligence activities'" Not to be confused with the EFF case, this case was filed by the ACLU on behalf of author Studs Terkel and other activists who argued that their constitutional rights had been violated by the actions of AT&T and the NSA.

How about an article titled “What you can't say in corporate email?” Perhaps a traveling seminar?

Why employers are cracking down on e-mail

By Eric J. Sinrod Story last modified Wed Jul 26 04:00:04 PDT 2006

Employers are quite concerned about the legal and financial risks caused by inappropriate employee electronic communications. In fact, they are firing employees who violate workplace computer policies.

I recently wrote about how employers face considerable challenges figuring out to handle employees' electronic communications, such as blogging and instant messaging.

According to the 2006 Workplace E-Mail, Instant Messaging & Blog Survey by the American Management Association and the ePolicy Institute, 26 percent of employers have fired employees for misuse of e-mail. Another 2 percent have terminated workers for inappropriate instant messaging chat; while yet a further 2 percent have dismissed employees for offensive blogging content, including content posted on employees' personal home computers.

Why are employers fighting back so hard against their own employees? The AMA and the ePolicy Institute believe that this backlash follows a wave of lawsuits caused by employee e-mails. The survey points out that 24 percent of companies have been served with subpoenas for their employees' e-mails. About 15 percent of companies have gone to court to battle lawsuits triggered by e-mails from their employees. The failure by employees to retain certain e-mails, as required, has led to significant financial sanctions in some cases.

... Also, some employees cling to the mistaken belief that the First Amendment of the U.S. Constitution protects all forms of their speech, including their electronic speech. Not so.

... On top of all of this, many employers have employees sign company business equipment policies that make plain that workers have no privacy interests in their workplace communications and that provide the do's and don'ts of communications. However, while 76 percent of employers have policies that address workplace e-mail usage and content, only 2 percent of employers have educated their employees with respect to blogging.

... While 34 percent of surveyed companies have in place written e-mail retention/deletion policies, fewer than 34 percent of employees understand the difference between e-mails that must be saved and insignificant e-mails that should be purged.

Detroit CEO declares Bishop “Illegal, immoral and fattening!”

Bishop of London: SUVs are sinful

dirtyfratboy submitted by dirtyfratboy 21 hours 25 minutes ago (via,,1827412,00.html )

An executive from one of the country's leading motoring groups yesterday told religious leaders to "stick to what they know best", after a senior bishop suggested that driving a fuel-hungry car was a "symptom of sin".

Why should we help you? Your license is invalid!

WGA and Activation Failures Don't Faze Redmond

schestowitz submitted by schestowitz 1 day 6 hours ago (via )

"..Now, all of a sudden, Microsoft is saying that their licenses are invalid. And - to make things more exciting - they've dimmed the Automatic Updates settings so we can't change them to Manual. One by one, all of the machines are becoming unusable."

Tuesday, July 25, 2006

July 25,2006

Looks like that white hat has turned black...

HOPE Speaker Rombom Charged with Witness Tampering

Posted by timothy on Monday July 24, @02:45PM from the complicationism dept. The Courts Security United States

An anonymous reader writes "Steven Rombom -- a.k.a. "Steven Rambam" -- the licensed private investigator who was arrested Saturday by FBI agents minutes before his talk on privacy at the Hope Number Six hacker convention in New York -- is being charged with witness tampering and obstruction of justice in a money laundering case the government is pursuing against Albert Santoro, a former Brooklyn assistant district attorney, according to's Security Fix blog. The government alleges that Santoro hired Rombom to locate a government confidential informant whom Santoro accuses of entrapment, and that Rombom visited the informant's in-laws under the guise of an FBI agent and tried to convince them tha their son-in-law was a danger to their daughter and grandkids."

Extending the “Shrink-wrap” contract to the “Think-wrap” contract?

How to Deal w/ Dubious 'Contracts'?

Posted by Cliff on Tuesday July 25, @12:46AM from the nowadays-you-don't-need-to-sign-anything dept. The Courts Businesses The Almighty Buck

phorm asks: "It seems that for almost every service out there nowadays businesses want to fix customers into a contract. Some are pretty obvious (cellphone service, etc), but others are downright sneaky. About a year ago, my grandparents signed up for internet service with one of the bigger ISP's (Telus). They were offered an lesser rate for the first year, followed by $10/month more for following years, as well as their DSL modem for free (to be returned when service ends). None of the documentation received with the modem indicated that any 'contract' was being entered, nor were any documents signed. However, when they recently tried to cancel their service, Telus has indicated they will be charged a fee due to being within the 'contract'."

Similar to EULAs, sometimes companies will enter you into a "contract" without providing anything to sign and will hold you to terms you may not even know about simply by your use of the service. How can you deal with companies practices, especially if dealing with their representatives becomes...difficult? [More... Bob]

This technology will “improve” something – we just don't know what.”

Law of Unintended Consequences Strikes Grocers

Posted by ScuttleMonkey on Tuesday July 25, @01:45AM from the try-not-to-shed-too-many-tears dept. Businesses Technology

netbuzz writes "The law of unintended consequences is taking a chomp out of grocery chain profits as more stores transition from human clerks to self-service checkout technology, thus reducing the time shoppers spend in line and under the temptation of impulse items. That's the upshot of research being released tomorrow by IHL Consulting Group in Franklin, Tenn., which provides market analysis to the retail industry and its IT vendors."

Enough of these and we could precipitate a return to global cooling! We gotta do something!

Solar Power Minus the Light

Posted by ScuttleMonkey on Tuesday July 25, @05:27AM from the green-energy-saving-green dept. Power Hardware

An anonymous reader writes "Popular Science is running a story about a small company trying to take advantage of all the global warming hype. Matteran Energy uses 'thermal-collection technology to heat a synthetic fluid with a very low boiling point (around 58F), creating enough steam to drive a specially designed turbine. And although a fluid-circuit system converting heat into electricity is nothing new, Matterans innovative solution increases the systems efficiency to a point where small-scale applications make economic sense.' Notably, this comes during a record breaking heat wave here in the US. So has the day finally arrived where I can run my AC off of all that heat outdoors?"

MySpace Outage Blamed on L.A. Power Loss

By ANICK JESDANUN AP Internet Writer Jul 24, 1:42 PM EDT

NEW YORK (AP) -- The popular social-networking site suffered a pair of extended outages over the weekend because of power problems at a key data center in the Los Angeles area, the company said Monday.

In a message to MySpace users, company co-founder and President Tom Anderson said MySpace "has been screwy" since Saturday because of failures in both the main power supply and the backup generators.,1759,1993067,00.asp?kc=EWRSS03119TX1K0000594

Visa Changes Retail Security Rules

July 22, 2006 By Evan Schuman

Visa on July 21 changed its retail security requirement structure, which will—because of a change in definition of what a qualifying transaction is—force more retailers to use its more stringent security procedures.

The core change includes all transactions when determining what level a retailer should be; Visa uses four levels to group retailers based on their volume of transactions.

The criteria was previously limited to online purchases. "The most significant modification involves the Level 2 merchant category, which previously only applied to merchants processing between 150,000 and 6 million Visa e-commerce transactions per year," a Visa statement said. "Level 2 has now been broadened to include all acceptance channels and applies to any merchant processing 1 million to 6 million Visa transactions per year."

... Retail technology analysts who discussed the new Visa PCI rules in a Web audiocast late on July 21 agreed that the changes will almost certainly impact a lot more than the thousand or so merchants that Visa said it will impact, as the changes will likely cause all retailers to be more strict about credit card authentication issues.

When do we reach consensus? (Pay me now or pay me later?)

Companies take costly steps to secure laptops

Posted 7/23/2006 10:52 PM ET By Jon Swartz, USA TODAY

SAN FRANCISCO — Big U.S. companies are taking tough measures to shore up laptop security amid a rash of thefts.

... About 88 million Americans have been exposed to potential ID theft since February 2005 as a result of reported data breaches, says the Privacy Rights Clearinghouse. In at least 43 instances — a fourth of all reported breaches — stolen or missing laptops were involved. Few of the laptops have been recovered.

What companies are doing:

Ernst & Young started encrypting — or scrambling — data on laptops for its 30,000-person workforce in the USA and Canada after a laptop with personal information on about 38,000 customers was stolen from an employee's car in February.

Fidelity accelerated encryption on thousands of employee laptops. The mutual fund giant was the victim of a laptop breach in March that affected data of 196,000 current and former Hewlett-Packard workers. It also is increasing training on laptop security and protection of customer data.

Aetna undertook several preventive measures after a laptop containing names, addresses and Social Security numbers for 59,000 members was swiped from an employee's car in April. The insurer had employees re-encrypt and recertify files. Every company PC was audited to ensure files were properly encrypted. Aetna also tightened restrictions for storage devices such as thumb drives.

Encryption can be pricey. Gartner estimates a company with 100,000 customer accounts can spend $30 to $40 per laptop on data encryption. Yet, the cost of a data breach is even higher. Companies with 100,000 customer accounts will spend at least $90 per account if data are compromised or exposed — not including fines and lawsuits, Gartner says.

... Personal information sells on the Internet for about $1 per stolen record, Egner says.

Toward ubiquitous surveillance,71436-0.html?tw=rss.index

License Plate Tracking for All

By Luke O'Brien 02:00 AM Jul, 25, 2006

WASHINGTON -- Jealous lovers may soon have an alternative to sniffing for perfume to catch a cheating mate: Just follow their license plate.

In recent years, police around the country have started to use powerful infrared cameras to read plates and catch carjackers and ticket scofflaws. But the technology will soon migrate into the private sector, and morph into a tool for tracking individual motorists' movements, says former policeman Andy Bucholz, who's on the board of Virginia-based G2 Tactics, a manufacturer of the technology.

Bucholz, who designed some of the first mobile license plate reading, or LPR, equipment, gave a presentation at the 2006 National Institute of Justice conference here last week laying out a vision of the future in which LPR does everything from helping insurance companies find missing cars to letting retail chains chart customer migrations. It could also let a nosy citizen with enough cash find out if the mayor is having an affair, he says.

Giant data-tracking firms such as ChoicePoint, Accurint and Acxiom already collect detailed personal and financial information on millions of Americans. Once they discover how lucrative it is to know where a person goes between the supermarket, for example, and the strip club, the LPR industry could explode, says Bucholz.

Private detectives would want the information. So would repo men or bail bondsmen. And the government, which often contracts out personal data collection -- in part, so it doesn't have to deal with Freedom of Information Act requests -- might encourage it.

"I know it sounds really Big Brother," Bucholz says. "But it's going to happen. It's going to get cheaper and cheaper until they slap them up on every taxicab and delivery truck and track where people live." And work. And sleep. And move.

Privacy advocates worry that Bucholz, who wants to sell LPR data to consumer data brokers like ChoicePoint, knows what he's talking about.

"We have pretty much a Wild West society when it comes to privacy rights," says Jay Stanley, a spokesman for the American Civil Liberties Union. "The overall lesson here is that we really need to put in place some broad-based privacy laws. We need to establish basic ground rules for how these new capabilities are constrained."

Current laws don't constrain much. Just as it's legal for the paparazzi to take pictures of celebrities in public, it's legal for anyone to photograph your license plate on the street. Still, there aren't enough LPR units in service yet to follow your car everywhere.

... The next step is connecting the technology to databases that will tell cops whether a sexual offender has failed to register in the state or is loitering too close to a school, or whether a driver has an outstanding warrant. It could also snag you if you're uninsured, if your license expired last week or even if your library books are overdue.

The subway has never looked more appealing.

So who is liable? (Who isn't?),71453-0.html?tw=rss.index

E-Health Gaffe Exposes Hospital

By Kevin Poulsen| Also by this reporter 02:00 AM Jul, 25, 2006

Georgetown University Hospital suspended a trial program with an electronic prescription-writing firm last week after a computer consultant stumbled upon an online cache of data belonging to thousands of patients, Wired News has learned.

... The hospital had securely transmitted the patient data to e-prescription provider InstantDx. But an Indiana-based consultant accidentally discovered the data on InstantDx's computers while working to install medical software for a client.

"The initial investigation has found that no patient demographic data was inappropriately used," says Worley, who says between 5,600 and 23,000 patients were affected. She added that the hospital learned of the breach when Wired News contacted it last week.

... The breach highlights the liabilities of sharing private medical records with third parties as the industry crawls toward electronic record keeping.

... Maryland-based e-prescription firm InstantDx was quick to accept responsibility for leaking the Georgetown file. The company wouldn't say whether other hospitals and doctors' offices were represented in the vulnerable files, but said that its systems have been secured. InstantDx chairman and CEO Allan Weinstein describes the incident as "a one-time quirk."

The consultant responsible for the discovery, Goshen, Indiana-based Randall Perry, says bad security practices contributed heavily to the incident. Perry says he accessed the data using a password he discovered hard-coded into a popular medical practice application, where any moderately skilled user could retrieve it.

"This is just security through obscurity," says Perry. "My home network is probably 10 times more secure than what they have set up over there."

... "One of the biggest problems you have is people inadvertently stumble upon security vulnerabilities, and frequently it's because they're trying to get their job done," says Rasch. "And what we do now is say, 'He did something wrong. He shouldn't have been there. Let's go after him.' How does that encourage people to report vulnerabilities and get them fixed? What they should do is give him a $10,000 finder's fee."

... "There's over 20,000 HIPAA complaints to (the Department of Health and Human Services), but zero civil enforcement actions so far," says Swire. "If HHS refuses to enforce the law, then medical organizations will be less careful with patient data.... I believe that will make it harder to do the next shift towards electronic medical records."

Who would you like to be? Can you think of someone you would like to turn into Osama bin Lauden?

VeriChip VeriEasy To Clone, Researchers Say

from the not-inspiring-much-confidence dept

For some time we've been following the colorful past of RFID maker VeriChip, a company that promotes implanting RFID chips in humans for identification purposes. As if the stated goal of the company wasn't disturbing enough, it has a history of lying to regulators and to the public about the nature of its devices, and how they would be used. Now, two researchers, presenting at a hacker conference, have demonstrated that the company's chips can easily be cloned, essentially allowing an individual to assume another's identity. Not surprisingly, this stands in contradiction to VeriChip's claim that their products are impossible to counterfeit. In fact, the researchers claim that the company's chips have no security mechanism whatsoever. For its part, VeriChip has responded saying it hasn't reviewed the evidence, and that it's still easier to steal someone's ID out of a wallet than it is to gain information from a chip in someone's arm. That may be true, but when your wallet is stolen, you can realize it quickly and alert the relevant authorities. How do you know when someone's passed by you with a wireless scanner? If fingerprint identification can be defeated with Play-Doh, and someone can clone your embedded identity chip without you knowing it, there's something to be said for old-fashioned, disposable ID systems.

The Porn industry is always looking at new technologies... Is this their doing? remember, phones now have video cameras...

Mobile Phones' Impact On Sexual Relations

from the in-many-different-ways dept

Last year, we wrote about how many people in Germany choose not to turn off their mobile phones during sex (you know, in case something more important happens). A similar study just concluded in the UK found that even more people in the UK feel it's okay to leave it on while they get it on. Of course, this study also dug deeper into other areas, and discovered that the mobile phone has become an important part of a sexual relationship these days, whether it's just flirting by phone or, for some, sending sexually explicit text and photos. On the flip side, about one-fifth of those surveyed had sent or received a text message designed to end a relationship. There are also some uses of mobile phones in relationships that may not be quite as obvious -- such as the large number of women who use mobile phones to deter men from approaching them. Amusingly, five years ago, we had written about a study saying that men used phones as a mating call, to show off to women. It sounds like there may be some mixed signals between the sexes.

Does this make my old Monopoly game an “instant antique?”

Monopoly replaces cash with Visa debit card

vezquex submitted by vezquex 15 hours 18 minutes ago (via )

Say goodbye to the rainbow-colored monopoly money of yore.

Outlaw chocolate and only outlaws will have chocolate. "He's an outlaw, look at those rotten teeth!”

The War on Chocolate.

johndi submitted by johndi 22 hours 39 minutes ago (via )

Economists doubt that schools can sucessfully ban junk food. Thirteen year old William Guntrip is a good example why it might not work. He is a junk food dealer, and is making nearly $100 a day selling junkfood on the playground.