Saturday, September 23, 2006

Everyone is jumping on poor HP. That's what they get for not dealing with this more aggressively! There are MANY articles today, so I selected a sample.

To my mind, this blog is reporting better and more completely than those sources that carry HP advertising...

The HP Saga: Dunn is Indeed Done; Hunsaker Sacked

September 22, 2006 at 19:20

The WSJ and NYT have now issued their first pieces (AP here) after the news flashes that followed HP CEO Hurd’s press conference today (audio). HP Chair Patricia Dunn is resigning as Chair and from the Board effective immediately, at the request of the Board. Hurd will take her place. The NYT reports, with tongue-in-cheek, I hope, that it “was not clear from Mr. Hurd’s remarks if the departure of Ms. Dunn from the board was meant to indicate that she is considered culpable for the failings of the investigation” - is it ever, in press conference land? See also Alex Simpson’s Corporate and Securities Law Blog, particularly his part the twenty-eighth (oy!), with detailed point-by-point notes of the press conference (including more new facts about the surveillance operations).

As for himself, Hurd asserts only a passing familiarity with the leak investigations, and no awareness of the pretexting:

The chief executive admitted he attended a “brief” board meeting last year where the probe was discussed. He said it was a discussion about the first phase of the investigation, which yielded no results.

Mr. Hurd said he and others in the management chain weren’t privy to a second phase of the investigation, begun earlier this year in which “pretexting” and other practices were used. Mr. Hurd said he knew investigators planned to send a fake email to a reporter but said he doesn’t recall approving use of tracing technology.

In the first positive development in some time, at least from a PR standpoint, Hurd announced that HP has hired Bart M. Schwartz, a former U.S. prosecutor, “as counsel, to perform a forward-looking and independent review of investigative methods that were used.” (The NYT reports only that HP has “retained a law firm to do a comprehensive investigation to explain the chain of events that led to the improper conduct”, leaving one to wonder why, when it worked so damnably poorly the first time, under Wilson Sonsini’s watch.) I’ll assume for the time being that the Schwartz choice is grounded in crisis management advice that HP engage someone with a reputation for tough-mindedness and independence, even if it means blood on the floor, and that Schwartz fits that bill.

In the press conference Hurd also apologized to the journalists that were pretexted. My sense is that a public display of contrition will, together with swift action to investigate and act, actually be one of the more important elements of the HP communications strategy over the next few days. I would guess that the California AG will, in an unclear case of HP liability, be reluctant to prosecute if the company has visibly suffered, taken responsibility, and committed to corrective measures. (One of the notable elements of the conference was that Morgan, Lewis & Bockius, the outside counsel retained to manage the investigation, indeed seems to be working intensely towards that end - a positive sign.)

What’s needed now is that swift action. Who directed the pretexting, and who knew it was being done?

Update: The NYT is reporting that two senior employees, unnamed as of yet, have been fired.

Update: NYT has updated its story and says the departures are Kevin Hunsaker, HP’s senior counsel and director of ethics, and Anthony Gentilucci, the Boston-based manager of global investigations for HP. And in what must be the sourest note for HP today, it looks like the Democrats are now involved:

The burgeoning scandal at Hewlett-Packard reflects a broader problem that Congress must tackle through new laws, the Democratic co-chairman of the Congressional Privacy Caucus said Friday.

“Clearly the problem of corporations using private detectives and information brokers to obtain illicit access to telephone records and other personal information is not limited to Hewlett-Packard,” Rep. Edward Markey, a veteran Massachusetts politician, said in a statement. “Congress needs to be asking exactly how widespread this practice is, and whether companies are skirting or even violating the law by prying into the details of people’s telephone records or other personal information.”

The statement came the week before a U.S. House of Representatives oversight and investigations panel plans to grill Hewlett-Packard executives and outside investigators about the company’s probe into journalists, employees and board members suspected of involvement in media leaks.

Markey called for enactment of new consumer privacy laws and a bill–sponsored, not surprisingly, by himself–designed to outlaw the sale of Social Security numbers.

The WSJ reports on the departures thusly:

A person familiar with the matter said Mr. Gentilucci and Mr. Hunsaker “are in the process of leaving the company.” Ms. Baskins relied on the legal opinions provided her by Mr. Hunsaker, a lawyer, this person said. Mr. Gentilucci did not return calls seeking comment. Mr. Hunsaker could not be reached.

“In the process of leaving the company”? Escorted to the door window, perhaps, and not yet having hit the ground.

The obvious question is whether HP’s general counsel will be next.

Update: The Recorder raises the question of whether new outside counsel ought to be reporting to Hurd, now that he may be under a cloud.

Update: Hurd’s press conference bought him about 12 hours of respite, by my reckoning. WaPo is already running a piece questioning why, in light of what is known now about his conduct, he has been given additional duties in the shake-up.

Has HP done enough in corporate governance?

By Stefanie Olsen Story last modified Fri Sep 22 17:53:03 PDT 2006

In the world of corporate governance, Hewlett-Packard committed a no-no.

Legal experts give HP credit for taking early steps [clearly not “early” by non-legal expert standards Bob] to clean up the mess that followed revelations that the Silicon Valley giant investigated board leaks using measures such as obtaining journalists' home phone records. Yet some experts said HP may need to go further, given that potentially unethical behavior among top executives could undermine the fabric of the company.

"At the center of corporate governance is an ethical corporate culture, and a corporate culture that could produce something like this needs to be re-examined by all involved," said Charles Elson, director of the Weinberg Center for Corporate Governance at the University of Delaware.

CEO Mark Hurd said Friday that HP Chairman Patricia Dunn would step down immediately, [If you don't take sufficient action at the start of a critical situation, you will probably have to keep taking more and larger actions later. Did the directors even recognize this as a critical situation? Bob] and that the company has hired the law firm Morgan Lewis & Bockius to investigate internal operations.

Corporate governance refers to the background rules, regulations and incentives of a board of directors that aim to ensure managers look after shareholders' welfare. All corporations have a board of directors that are bound by fiduciary law, which stipulates that members exercise "care and loyalty" while managing the company. That means they're looking out for the company's and shareholders' financial interests, not their own.

When trying to discover board leaks, which could pose problems to the company's overall strategy, board members would be obligated to join together collectively and decide how to handle it, according to corporate governance experts. The problem, it seems, is the questionable tactics such as "pretexting," or posing as an indivual to obtain that person's phone records, that HP and its investigators used to investigate those leaks.

"You could go a long way down that road without violating the law," said Robert Daines, co-director of the Arthur and Toni Tembe Rock Center for Corporate Governance at Stanford University. "They went to great extremes and chose bad methods to what might have been a valuable goal."

So what's next? Daines said it's important that HP do no less than law enforcement officials in investigating itself and ensure that it doesn't happen again.

Still, Elson believes that HP should have kept the board leaks a matter only for the board itself. "The tone that was set by this is very damaging to the company and its reputation," he said.

HP press conference: Inventory of gory details, Hurd "clean," Dunn steps down

Posted by David Berlind @ 2:22 pm September 22, 2006

Download the MP3

... The press conference principally involved two speakers — HP CEO Mark Hurd and Mike Holston, an attorney with Morgan Lewis, the law firm that was retained by Hurd in the earlier days of the investigation and now, the law firm that represents HP in its dealing with state and federal authorities on this particular matter.

As Hurd began the conference, he made it clear that he still did not have all the facts, and also pointed out that they may never have all of them. [Who does? Perhaps they should be in charge of corporate governance? Bob] Later in the conference, he pointed out that part of the problem in getting all the facts had to do with the fact that they were dealing with an outside investigative firm. That firm was identified as Security Outsourcing Solutions (aka: SOS) and it was also pointed out during the conference that SOS outsourced some of the work it was doing to another outfit known as Active Research Group.

Hurd seemed incredibly contrite [i. e. He didn't repeat Dunn's mistake. Bob] during his presentation (far more so than Patricia Dunn, the now former HP chairwoman, ever did) and, on several occasions reminded the attendees and listeners that the practices used to uncover certain information (in the course of the investigation) were very uncharacteristic of the sort of integrity that HP's management wants the company to be known for [weasel phrase Bob] by both its customers and employees. While he didn't condone the techniques, Hurd did say that the investigation was justified given the fact that the leaks were damaging to the company and that the practice of leaking information to the press violated company policies. Hurd said that investigating the leaks was an "appropriate course of action" but characterized the techniques as "isolated incidents of impropriety" and as "having no place in HP."

Hurd looked to clear his own name, saying he never approved of the tracing technology that was embedded into the e-mails sent to CNET's Dawn Kawamoto. HP investigators hoped that Kawamoto would forward the e-mail to her source and that the tracing technology might lead them to whoever was responsible for the leaks. Hurd apparently approved the content of the e-mail, a detail that was offered later in the conference by Holston.

Effectively immediately, Hurd had accepted Patricia Dunn's resignation from what appears to be the board of directors entirely. A different move from the one originally planned where she would step down as chairwoman in January but remain on the board as director. Apparently replacing her, as an independent director, is Richard Hackborn.

Before handing the microphone to Holston, Hurd said he was taking full accountablity for the matter from this point forward.

Holston then went into the four primary techniques involved in the investigation. Namely

  • The use of pretexting to obtain phone and fax records

  • The use of social security numbers in the course of pretexting

  • The sending of emails with tracers

  • Physical surveillance

Holston noted that investigators, in the course of physical surveillance, had even engaged in a bit of dumpster diving — looking through one female reporter's (probably Kawamoto's) trash. In all, Holston said the investigation targeted two current HP employees, seven current or former members of the board of directors, and nine journalists.


Calif AG Says No Evidence to Link HP CEO to Crime

By Reuters September 22, 2006

NEW YORK (Reuters)—The California attorney general said on Sept. 22 there was no evidence yet linking Hewlett-Packard Chief Executive Mark Hurd to any criminal wrongdoing, as scrutiny grew over his role in the PC maker's probe of a boardroom leak.

... Hurd became a new focus in the scandal following published reports this week that he was more involved in the probe than originally thought.

The Washington Post reported Thursday that Hurd approved an elaborate "sting" operation on a reporter to determine the source of the leaks.

HP shares fell 29 cents to $34.58 on the New York Stock Exchange on Friday. The stock dropped 5.2 percent after the Post report Thursday.

... Hurd may face greater pressure to resign, even if his involvement is not proven, as HP aims to rebuild credibility, analysts said.

Another ethics question?

Data Theft Notifications - How Soon is Too Soon?

Posted by Cliff on Friday September 22, @11:36PM from the sooner-than-later dept. Privacy Security

bsdbigot asks: "I started getting a bunch of stock-tout spam in the last month or so. The other day, I happened to look and see it was coming in to an email address I had dedicated to my online trading account [dedicated email acounts... think about it! Bob] account. I've spoken to the online trading company, and I've given them the info on these spams. It turns out there is an 'ongoing investigation,' which includes 'outside agencies,' but they stop short of saying that there is any theft or breach. How soon should such a company let its customers know that their data has been compromised? Should they wait until they have all the details and have plugged the breach, or should they let customers know that there is a possible problem as soon as they recognize it?"

"Personally, I believe a security breach has occurred. So, I asked them how many people are affected by this; they feel certain that it's an isolated problem, because they haven't received a deluge of complaints. They don't know how these spammers got my reserved email address from my online broker (but they didn't sell it, they are quite clear on that), so how can they be so certain it's not their entire database, and how can they be so sure that things like my SSN and bank routing information wasn't also stolen?"

Isn't this the question almost everyone asks every 10 years?

Um, Aren't You Guys Supposed To Count And Keep Track Of Stuff?

from the one-two-four-five dept

Government data leaks are becoming so common, they're hardly noteworthy anymore. But it does seem slightly ironic that the government agency tasked with counting the country's citizens and keeping track of all sorts of demographic data can't keep track of its own computers, as the news emerges that since 2001, the Census Bureau has lost 672 laptops, 246 of which contained people's personal information. It's also lost track of 15 of the PDAs census workers use to collect information, and 46 portable data storage devices. The best part? They've got no idea whose data, or how many people's was compromised, since the information workers collect is removed from the laptops at the end of every day -- though they are in the process of contacting the 558 households whose information was on the PDAs. But it gets better: other units within the Department of Commerce have lost another 500 or so laptops, in addition to those lost by the Census Bureau. It seems inevitable that, at some point, data leaks will come back to haunt private companies as their customers put a higher priority on data security and the impact of identity theft becomes more widespread. But the government's customers -- meaning us -- can't really take our business elsewhere, to a more secure vendor or retailer. So what motivation will they have to solve their leaky data problems?

Classroom lawyers...

The Growing Backlash Against Automated Cheating Detectors

from the but-for-a-good-reason dept

It's been nearly four years since we wrote about students and parents being upset that online services that check student homework for plagiarism were also uploading and storing a copy of every paper they checked. [Why would they do this? Bob] It got to the point, earlier this year, that at least one university banned the use of Turnitin, one of the most popular services in this field. It seems that the student rebellion against such tools is growing, as many more students are questioning the legality of such tools, and asking their schools to stop using them. They're not just upset about the uploads, but about the assumption of guilt. While there clearly is plenty of plagiarism to go around, that doesn't mean this is the right solution to it. It's often easy to just throw technology at a problem, but it's worth recognizing that doing so always raises unexpected issues -- and those issues may not be technological on their own, but legal and cultural issues. It seems like many of the schools who jumped on the Turnitin bandwagon didn't spend much time thinking about those additional consequences, [“Thinking? Damn, I knew we forgot something!” Bob] and are now facing student anger because of it.

Another case of “forgot to think?”

Not Just Third World Nations Banning Skype; Universities Get On Board Too

from the bad-policies dept

It looks like it's not just third world countries with government-backed telephone monopolies to protect that are banning VoIP. Some universities are getting in on the game as well. San Jose State University, just down the road from Skype's parent company eBay, has apparently decided to block all Skype use on campus. The reasoning isn't entirely clear, as school administrators say that it's because Skype's peer-to-peer nature effectively allows others to use the on-campus network -- though the same could be said of any peer-to-peer application, and hardly seems like a reasonable explanation for the outright ban. A more likely explanation probably has something to do with whatever contracts the university has with its telecom provider -- who doesn't like the idea of being undercut. In the case of San Jose State, it looks like outrage from both professors and students (as well as a pending visit from eBay) has caused the university to hold off on the ban for now.

Friday, September 22, 2006

What, again?

SEC broadens its probe of HP

HP agrees not to file lawsuits against two former directors caught up in the boardroom scandal

By Robert Mullins, IDG News Service September 22, 2006

Hewlett-Packard has entered into mutual agreements with two former directors caught up in the board spying scandal not to file lawsuits over the dispute.

The company disclosed the agreement in a filing to the U.S. Securities and Exchange Commission on Thursday. In the same filing, HP said it has agreed to pay some of the directors' legal expenses in connection with the investigations.

The SEC has asked for more information on the circumstances surrounding Thomas Perkins' resignation from HP's board of directors over the spying scandal, HP said in the filing.

HP also revealed the terms under which Perkins and director George Keyworth left the board. They resigned after it was revealed that private investigators hired by HP may have used illegal methods to identify Keyworth as the source of leaks of board deliberations to the news media.

Separately on Thursday, HP said chief executive officer Mark Hurd "has offered to appear" before a House subcommittee probing the scandal. Other HP executives, Chairman Patricia Dunn and others implicated in the scandal have accepted invitations to appear at a Sept. 28 hearing.

HP said in the SEC filing that it has entered into a "Mutual Release and Indemnification Agreement" with Perkins and Keyworth in which the two former directors agreed not to file claims against other directors, officers or employees of HP. In turn, the company agreed not file claims against them. HP will also pay legal fees Perkins and Keyworth may incur in cooperating with government investigations of the scandal. Besides the House inquiry, the California Attorney General and the U.S. Attorney for Northern California are conducting probes.

The SEC filing also said Perkins and Keyworth reserve the right to take legal action against private investigation companies that HP allegedly hired to probe the source of board leaks. HP told the SEC on Sept. 6 that it had discovered those outside firms engaged in a possibly illegal practice called "pretexting" while digging into the personal phone records of directors, HP employees and journalists. The investigators' probe identified Keyworth as the confidential source. He initially refused to resign when confronted by the board in May, but he quit on Sept. 12.

HP also said in the filing that it is cooperating with an SEC request for additional information about the circumstances of Perkins' resignation in May. HP's SEC filing at that time noted Perkins' resignation without elaborating. Perkins, who said he resigned in protest of the way HP was conducting its investigation, later lobbied the company to amend its notice with more detail.

Hurd is set to lead a news conference Friday at HP headquarters in Palo Alto, California, to reveal the results of a separate investigation of HP's leak probe. After the scandal broke and reports surfaced about how involved HP executives may have been in overseeing the private investigators' activities, HP brought in the law firm of Morgan, Lewis & Bockius to investigate. A representative of the firm will present its findings at the news conference.

News reports in recent days have revealed Hurd, Dunn and other HP executives were more involved in the leak probe than they had earlier indicated.

“In the category “Best Bad Example” the winner is....

Amid spying scandal, HP sponsors award for 'privacy innovation'

Posted on Thu, Sep. 21, 2006

BOSTON (AP) - Insert your own punch line: Hewlett-Packard Co., the technology company facing federal and state investigations for spying on board members and journalists, is co-sponsor of an award for ``privacy innovation.''

... According to the award's Web site, the prize was created to honor ``strong and unique contributions to the privacy industry.''

“At present, there is not sufficient recognition for organizations that have embraced privacy as a competitive advantage, and as a business/governmental imperative,'' the site states.

... ------ On the Net:

A NEW RECORD!,1,5114336.story?coll=la-headlines-nation

1,100 Missing Laptops Held Personal Data

From Times Wire Reports September 22, 2006

More than 1,100 laptop computers have vanished from the Department of Commerce since 2001, including nearly 250 from the Census Bureau containing such personal information as names, incomes and Social Security numbers, federal officials said.

The disclosure by the department came in response to a request by the House Committee on Government Reform, which asked 17 federal departments to detail any loss of computers holding sensitive personal information.

Of the 10 departments that have responded, the losses at Commerce are "by far the most egregious," said David Marin, staff director for the committee.

Luddites. “We don't know how to control them, so let's ban them!”

September 20, 2006 3:19 PM PDT

Silencing cell phones on campus

Aside from intelligent design and other political bombshells, one of the most hotly debated topics in public schools is how to handle mobile phones. In addition to the obvious problem of distraction, the proliferation of student phones has been linked to everything from cyberbullying to teen depression.

Most recently, New York City has taken the issue to new heights because of the size of its public school system and the nature of its tactics. Police units have set up metal detectors throughout the city's 1,400 schools, according to the Associated Press, and more than 5,000 phones were confiscated from April through the end of summer school.

Such crackdowns across the country have even prompted legal action among parents groups, many of whom claim that their children need phones for safety reasons. And with some estimates that as many as 3 out of every 4 middle-school students carry mobile phones, this debate has only just begun.

27B Stroke 6

by Ryan Singel and Kevin Poulsen Wednesday, 20 September 2006

Privacy Expert on Feds' Identity Theft Recs

Posted by ryansingel at 4:41 PM PDT

As noted earlier today, a federal task force recommended some changes to how the federal government, states and the law deal with the growing problem of identity theft and identity fraud.

What does Beth Givens, the head of the Privacy Rights Clearinghouse which works to help identity theft victims, think of the suggestions?

The recommendations are as fine as far as they go. Some are quite good, for example the uniform police report, I think that's quite excellent.

But there are some things missing. I was surprised they didn't touch specifically on the whole matter of the Medicare card having the SSN printed on it and the military id number being your SSN, We see a great deal of identity theft that is caused because millions and millions of Americans are forced to carry these cards in their pockets.

And when those wallets are stolen, they don't have their SSN card in there but they certainly have their Social Security number in there.

The other thing they missed the biggest issue of all which is prevention.

Identity theft is at epidemic proportions because credit issuers are giving credit to crooks. Now why aren't credit issuers doing a better job of identifying illegitimate applications?

Givens points to some complicated rulemaking that was left to the Federal Trade Commission and the Federal Reserve Board when Congress passed the Fair and Accurate Credit Transactions Act in 2003. That bill contained a number of consumer protections, such as free annual credit reports (get yours here).

One of the rules still being developed is known as the "Red Flag" rulemaking, which details the kinds of data discrepancies that credit issuers would be required to look for.

The Red Flag rules say, "Hey, credit issuers, if there is an address discrepancy (between what is on an application and what is in your credit file) maybe that's a red flag. So it's the rulemaking that requires credit issuers to pay attention to the anomalies and discrepancies that could be an indicator of fraud. And it has taken so long for even the agencies to issue the rules.

What they need to do is issue the regulations and not let it drag on anymore because that's where the rubber meets the road in terms of identity theft prevention.

Givens says if a credit issuer were to ignore the most prominent red flags on an ongoing basis, then the FTC could have reason to investigate or punish the company.

Given that credit issuers currently are liable and pay for most credit fraud, why haven't they stopped identity theft by tightening the loose standards of an instant credit society, say by requiring a phone call or email to your contact information on record?

Apparently, they are still making more money by extending credit to lots and lots people with minimal evaluation of the applications, than they are losing from the small percentage of those that are fraudulent.

I suppose the algebra is still on the plus side

Follow-up from yesterday... I wonder if there is a time when spy satellites are not overhead?

Dutch TV hounds Google Earth topless sunbather

By Lester Haines Published Thursday 21st September 2006 11:26 GMT

Here's a cautionary tale for those of you who like to indulge in a bit of light sunbathing in the privacy of your own patio: make sure you ring Google to see if they're planning a satellite pass-over before whipping off your top (

No sooner had the poor Dutch woman pictured here popped up on Google Sightseeing (, than Digg got hold of her assets ( This immediately prompted a heated debate - sadly not on the technological threat to privacy - but rather as to whether or not she really was enjoying her leisure time as nature intended.

Sadly, we may never know. Dutch TV quickly identified the address and moved in for the kill, dispatching a team armed with grabs from Google Earth to the sun-worshipping resident's domicile. Luckily for her, she wasn't in.

So this makes them the world's leading authority?

New Online Computer and Internet Law Library Now Available from Wolters Kluwer Law & Business

Wolters Kluwer 9/21/2006 1:22:07 PM

(RIVERWOODS, ILL., September 21, 2006) – Now there’s a one-stop research solution for specialists in computer and Internet law that brings together the resources of CCH, Aspen Publishers and Kluwer Law International in the integrated electronic environment of the CCH Internet Research NetWork. The Computer and Internet Law Integrated Library covers the full range of computer and Internet law issues with analytical, primary source and current awareness information. CCH, Aspen Publishers, Kluwer Law International and Loislaw are part of Wolters Kluwer Law & Business.

... Wolters Kluwer

Think this might impact those RIAA subpoenas?

Free Torpark App Enables Anonymous Browsing

By Jay Lyman Part of the ECT News Network 09/21/06 1:12 PM PT

Developers have created a variant of the open source Firefox browser dubbed "Torpark" that enables users to browse the Web anonymously. The free program works by frequently changing the Internet protocol address of users via The Onion Router network in order to mask users' machines and to thwart eavesdropping and tracking efforts.


China is learning... Learning to be more litigious!

Jailed Chinese journalist to file US suit against Yahoo

Other dissidents that Yahoo helped identify to Chinese authorities could get on board for a class-action suit

By Dan Nystedt, IDG News Service September 22, 2006

A Chinese journalist jailed in part due to e-mail evidence provided by a Yahoo subsidiary plans to file a lawsuit in the U.S. against the Internet company within the next few months.

"We're also trying to line up other victims for a class-action. We've been in touch with a few others, but we haven't signed anyone up yet. It's a very sensitive issue because there could be reprisals against their families," said Albert Ho, a legislator in Hong Kong and lawyer in the case, in a telephone interview.

A Yahoo spokeswoman in Hong Kong could not be reached for comment.

A U.S. civil suit against Yahoo on behalf of Shi Tao, a Chinese journalist convicted of "divulging state secrets" by Beijing in part due to an e-mail Yahoo provided to Chinese authorities, will likely be filed in either New York or California, Ho said. Tao's e-mail, sent from a Yahoo account in April, 2004 to a pro-China democracy Web site in New York, contained a Beijing order for officials to be on guard for unrest and dissident activity ahead of the 15th anniversary of the Tiananmen Square massacre.

Tao was sentenced to 10 years in prison.

The new lawsuit would come just months after Ho filed a complaint to Hong Kong authorities against Yahoo Holdings (Hong Kong) on behalf of Tao. It also comes at a time when international pressure is increasing on Internet companies to handle the private data of their users more carefully, particularly with respect to human rights.

Amnesty International and Reporters Without Borders have both criticized Yahoo over the Tao incident, and a group of U.S. lawmakers blasted a group of Internet companies earlier this year, including Yahoo, Google, Microsoft, and Cisco Systems, for failing to uphold free expression in China.

"Internet companies should not disclose personal information that could violate the basic human rights of their users," Ho said.

He said Tao, who is not a U.S. citizen, could file a lawsuit in the country under the Alien Tort Claims Act of 1789. The group has not yet decided on a U.S. law firm to retain for the case, nor would Ho divulge the specific strategy or damages the group intends to seek.

The Hong Kong case remains pending because an investigation by authorities has not been finished yet, Ho said. Yahoo could face a fine, a civil lawsuit, or both if Hong Kong's Office of the Privacy Commissioner for Personal Data rules that it illegally divulged personal data used to put Tao in jail. The plaintiffs argue that Yahoo Hong Kong had no right to comply with a request from China for Tao's personal data, and requested that the office investigate the matter.

Yahoo has denied any involvement in the case by its Hong Kong arm. The company has said any information provided to Chinese authorities in this case would have come from Yahoo's operations in China, rather than Hong Kong. However, Yahoo's Chinese and Hong Kong operations were both part of the same corporate entity, Yahoo Hong Kong, at that time

In 2005, acquired Yahoo's Chinese operations as part of a deal that saw Yahoo take a stake in the Chinese Internet company.

There is a simple way to avoid this type of problem.

Taking passwords to the grave

Family members are increasingly unable to access important data because their loved ones have not left passwords behind.

By Elinor Mills Staff Writer, CNET Published: September 22, 2006, 4:00 AM PDT

William Talcott, a prominent San Francisco poet with dual Irish citizenship, had fans all over the world. But when he died in June of bone marrow cancer, his daughter couldn't notify most of his contacts because his e-mail account--and the online address book he used--was locked up.

Talcott, 69, a friend of beatnik Neil Cassidy, apparently took his password to the grave.

One would think that manufacturers would constantly strive to make their products more secure. I guess not...,71832-0.html?tw=rss.index

ATM Maker Readies Anti-Hack Patch

By Kevin Poulsen 14:00 PM Sep, 21, 2006

The maker of a popular line of automated teller machines is planning a software upgrade that forces operators to change a default administrative pass code, [...for people who don't bother reading the user's manual OR thinking. Bob] after a surveillance tape showed a high-tech thief successfully hacking one of its ATMs in a Virginia gas station.

"If we can make them change this default password, the security will be infinitely greater," [Crap! Why can you enter a password from the customer console? Move that function INSIDE the ATM. Bob] said Hansup Kwon, CEO of California-based Tranax Technologies.

Last week, news and video reports circulated of a swindler who strolled into a Virginia Beach, Virginia, gas station and, with no special equipment, reprogrammed a mini ATM to act as if it had $5 bills in its dispensing tray instead of $20 bills.

Using a pre-paid debit card, the crook then made a withdrawal and casually strolled off with a 300 percent profit. The ATM stayed misprogrammed for nine days [perhaps all changes should be reported? Bob]-- presumably to the delight of other customers -- before a good Samaritan reported the issue and exposed the caper. The thief was not caught.

Details on how the swindle worked were scant until Wednesday, when Dave Goldsmith, a computer security researcher at Matasano Security in New York, analyzed CNN's report on the crime and identified the ATM as a Tranax Mini-Bank 1500 series.

He then set out to see if he could obtain a copy of the manual for the apparently vulnerable ATM and find out how the crime was pulled off. Fifteen minutes later, he reported success on both counts.

Wired News located a copy of the manual on a Tranax distributor's website. The manual reveals a special key sequence that puts the Mini-Bank ATM into "Operator Mode," from which the machine can be reconfigured. One of the options lets the user change the denominations of the bills the machine dispenses -- exactly as the Virginia thief did.

A numeric password is required to perform the operation, but the default factory-set password is listed in the manual. Kwon acknowledged Thursday that ATM owners don't always change the password from that default.

"Raising this type of awareness is very important," said Kwon. "We've been trying, and are continuously trying, to talk to our customers and operators. A very high percentage change their passwords."

The manual includes a note that: "Tranax Technologies, Inc. highly recommends changing your passwords from default as soon as possible."

Kwon said the company first heard of the denomination-change hack a few years ago, [No one thought this was important? Bob] when its ATMs had only a single passcode to access all the management functions. That meant the person who performs routine servicing of the machine had more privileges than he needed, and could leak the passcode to accomplices or hack the machine himself.

Tranax responded by changing its software to incorporate a hierarchy of three levels of access, so "the average guy who puts the money into it and services the ATM can work without accessing the denomination changes and other things," Kwon said. The company thought that ended the push-button heists, until news of the Virginia Beach caper broke last week.

When CNN's video showed a Tranax Mini-Bank at the heart of the crime, the company began exploring its options, said Kwon, and decided to make the password change mandatory in a new firmware release.

The patch will be ready "in weeks, not months," he said, and will be installed in all new ATMs the company sells. Tranax has no way to force the upgrade onto existing machine operators, however. They'll have to choose to install it.

The company has 75,000 Mini-Bank ATMs in service. They are sold through distributors, either to independent operators like gas stations and convenience stores, or to companies that run a number of machines in a geographic area.

Kwon said the service manual should not have been published on the web, but he defended the company's practice of including the default passcodes in its pages. "It's almost the industry standard practice," he said.

Indeed, a manual for a line of retail ATMs made by Tranax-competitor Triton reveals that company's cash machines also contain a special key sequence to gain control of the ATM. A default passcode is listed in the manual. Triton didn't immediately return a phone call for comment.

The Tranax machines will dispense at most 40 bills at a time, which puts an $800 dollar cap on a fraudulent withdrawal from a machine loaded with twenties.

It's unclear whether the Virginia incident was an isolated case, or part of a broad scheme, exposed only because the crook neglected to change the ATM back to its proper configuration before leaving with his cash. Kwon said he hasn't heard of a similar crime in years, and believes they are exceedingly rare.

"However the chances are there ... (and) going up."

Some years back, the Denver Post sold for $1000 per subscriber.,,13129-2369527.html

Yahoo! poised to put a price on Facebook's following

By Joe Bolger and Rhys Blakely September 22, 2006

THE attraction of online hangouts was underlined yesterday with news that Yahoo! is contemplating an offer for Facebook that would value the social networking website’s registered users at more than $100 each.

The US search giant is thought to have held “serious discussions” with Facebook over a deal rumoured to value the California-based company at about $1 billion (£523 million). A deal would give Yahoo! access to Facebook’s base of more than nine million users, who use the the website to set up an online profile and share information with friends.

... Big media groups are drawn to social networking sites because of their “sticky” nature. The average Bebo user spends an hour on the site’s pages in each session.

Look! Up in the sky! It's flying pigs!

Microsoft mulls free Web-based business software

Fri Sep 22, 2006 5:10 AM IST137 By Daisuke Wakabayashi

SEATTLE (Reuters) - Microsoft Corp. said on Thursday it may offer a free, advertising-supported version of its basic word processing and spreadsheet software, in an apparent bid to fend off a nascent challenge from Google Inc. in the business software market.

... The challenge for Microsoft will be to make sure a free or, possibly, a subscription-supported version of Works won't hurt sales of its dominant Office software, which accounted for a quarter of the company's $44 billion in sales last year.

Coming soon: The Oprah Blog Club! (You know you've arrived when your one of Oprah's “Favorite Things.”)

How to explain RSS the Oprah way

Today, I’m going to explain how RSS can help you live your best life online.

We all have busy lives with very little time. Web surfing is fun but can take hours going to visit every single website and blog you enjoy. Wouldn’t it be fabulous if you could just get all the headlines of the most current stories from all your favorite websites and blogs in one place?

Well now you can, and it is called RSS feed.

The Oprah definition

The technical acronym for RSS is “Really Simple Syndication”, an XML format that was created to syndicate news, and be a means to share content on the web. Now, to geeks and techies that means something special, but to everyday folks like you and me, what comes to mind is, “Uh, I don’t get it?”

So, to make RSS much easier to understand, in Oprah speak, RSS stands for: I’m “Ready for Some Stories”. It is a way online for you to get a quick list of the latest story headlines from all your favorite websites and blogs all in one place. How cool is that?

Attention Intellectual Property Lawyers!

Microsoft Media Player shreds your rights

Comment No more backups, or Tivo

By Charlie Demerjian: Thursday 21 September 2006, 10:08

Thursday, September 21, 2006

Many stories on HP. This isn't going to die a quiet death... WSJ also has a full 'timeline' – they at least are taking this seriously, why isn't HP?

H-P's Dunn Was Closely Involved In Leak Probe

Emails Point to Prime Role Of Chairman, Top Counsel In Setting Direction, Tactics

By PETER WALDMAN September 20, 2006; Page A3

... Ms. Dunn has said in interviews that she couldn't supervise the investigation because, as one of the H-P directors being investigated for leaking information to the media, she was a potential target of the probe. Instead, Ms. Dunn has said, she turned to H-P's security department to handle it.

However, H-P emails reviewed by The Wall Street Journal suggest that Ms. Dunn and Ms. Baskins were closely involved in helping direct the course of the investigation. The emails indicate that the two were kept well informed of the investigation's tactics and progress by the H-P security officials who ran the probe, as well as by some of the private investigators H-P hired to assist the computer company.

... H-P emails indicate that lawyers and others inside H-P knew the company was on shaky legal ground in going after personal phone records, yet pursued them anyway. On Jan. 28, 2006, Kevin Hunsaker, a senior ethics attorney in H-P's legal department, asked a colleague if it was legal to acquire people's personal text messages, presumably from their cellphone records.

Feds Haven't Paid From ChoicePoint Fund

The Associated Press By HARRY R. WEBER September 20, 2006

We have full faith that the FTC is working hard [Translation: These guys are 'hardly working' Bob] to come up with a process to ensure that the money we contributed [Interesting word choice... Bob] to help consumers is wisely spent for the benefit of anyone actually affected.

Nearly eight months after federal regulators trumpeted a settlement they secured with ChoicePoint Inc. over a data breach, the government has not paid any money to victims from a $5 million fund that was to be set up as part of the agreement.

The Federal Trade Commission also has not yet implemented procedures for how the 800 fraud victims it has identified so far can apply for and receive compensation from the fund, nor has it hired anyone to administer the fund on behalf of the agency, [We will clearly need this procedure in the future. This should be trivial – model it on the hurricane fund giveaways. Anyone want this job? Bob] said FTC spokeswoman Claudia Bourne Farrell.

... Jessica Rich, assistant director of the FTC's division of privacy and identity theft, [new to me Bob] said in a statement released to AP on Wednesday that 'law enforcement is still identifying victims and we want to make sure we have the right people.' [“We figure that if we stall long enough, everyone will die of old age and we can spend the money on new staplers...” Bob

All the techie sites have stories on Google...

Google Hoping Someone In Belgium Recognizes How The Internet Works

from the here,-let-us-show-you.... dept

Earlier this week, we wrote about how a Belgian court had ordered Google to stop indexing French and German speaking newspapers on their Google News site and within the Google cache. As we noted at the time, the ruling seemed confused, as it often mixed up the idea of Google News and Google cache (as well as how Google advertises, claiming that it advertised on Google News, which it does not). Since then, Google has appealed the case (which has been accepted) and also followed through on the demand that they remove those Belgian sources from their index (they did so for both Google News and the full Google index, on the Belgian versions only).

However, today, they're contesting the second part of the order, requiring the company to post the entire text of the order on the front page of each site, without any commentary from Google. Google is claiming that this is unnecessary and disproportionate. Instead, they are simply linking to an online copy of the order -- which seems to make a lot more sense. The best coverage of this story, however, may come from search engine expert Danny Sullivan who spent some time talking to the Belgian industry association that's pushing this. He comes to the conclusion that they don't really understand what they're doing and they don't really understand the internet. He tried discussing it with them, but it seems to come back to the same ridiculous thinking we've come across before: jealousy. The newspapers are jealous that Google has created something that's useful. Even though it adds great value to their sites, they feel that Google should pay them to make their sites more useful. It's this kind of thinking that pretty much dooms them to obsolescence. Google can get by just fine without them. Whether or not they'll be able to survive without Google giving them traffic is, perhaps, a more important question.

One of the “benefits” of global warming? (Just an aside: Does this suggest that the pole has less ice than the “northwest passage,” which is still blocked?)

Scientists Shocked as Arctic Polar Route Revealed

Posted by samzenpus on Thursday September 21, @04:24AM from the no-more-pesky-ice dept. Science

Paladin144 writes "A route unencumbered by perennial sea ice leading directly to the North Pole has been revealed by recent satellite pictures. European scientists indicated their shock as they noted a ship could sail from Europe's northern-most outpost directly to the pole, something that hasn't been possible during most of recorded human history. The rapid thawing of the perennial sea ice has political implications as the U.S., Canada, Russia and the EU jockey for control of the newly opened passages." [Because of the deep strategic significance? Bob]

...and I suspect that hiring from the outside helps too.

Vigilant vs. Operational Leaders: Changes at Ford, the Coke-Pepsi Fiasco, and Other Management Moments

Published: September 20, 2006 in Knowledge@Wharton

As Wharton marketing professors George Day and Paul Schoemaker see it, the recent and well-publicized travails of the Ford Motor Co. offer a clear example of the distinction between vigilant leadership and operational management.

To explain that distinction, Day and Schoemaker -- building on research from their recently published book, Peripheral Vision: Detecting the Weak Signals That Will Make or Break Your Company -- have identified four leadership traits: external focus, conceptual ability, organizational role and time horizon.

Vigilant leaders are more externally oriented: They are open to new ideas, seek diverse perspectives, listen to a wide array of sources and foster broad social and professional networks. Richard Branson, says Day, is an example: The inveterate inventor and promoter -- with 200 start-ups under his belt -- is now developing alternative fuels. Operational leaders are more narrowly focused, have less interest in outside opinions and confine their networking to familiar settings.

Think of it as preparation for travel!

26B Stroke 6 by Ryan Singel and Kevin Poulsen Tuesday, 19 September 2006

Not Security Theater, Security Game

Posted by ryansingel at 2:02 PM PDT

screenshot of airport security gameTired of whinging about the rules that prevent you from bringing bagels with cream cheese, but not bagels with butter, onto airplanes?

Give The Arcade Wire's Airport Security flash game a go and see how good you are at removing passenger's hemorrhoid cream, shirts, shoes and pants.

Careful, though, the game's pace and arbitrary rules might make you sympathetic to the poor folks who have to paw through your belongings at the airport.

Also, don't bring rules with you. For instance, snakes seem to be fine on the plane, until you get a security alert telling you otherwise.

Let me know if you can best my high score of 100 points.

I could ad a hottub, sauna, and a few thousand square feet without even hacking the system? Lets Homeowners Add New Info

By ELIZABETH M. GILLESPIE AP Business Writer Sep 20, 6:56 PM EDT

SEATTLE (AP) --, a real estate site that publishes estimated values for some 68 million U.S. homes, is now giving homeowners the chance to add newer information about their properties to its vast database.

Lots of “fun quotes”,1759,2018143,00.asp?kc=EWRSS03119TX1K0000594

Many U.S. Workers Favor E-Mail Monitoring, Research Shows

By Matt Hines September 20, 2006

Despite the implied submission of personal privacy, most workers at U.S.-based companies believe that their employers should be allowed to monitor electronic communications to help protect against misuse of sensitive data.

According to a report published by researchers from Iowa State University and network security software maker Palisade Systems, 100 percent of the workers the group surveyed at U.S.-based corporations said it was appropriate for companies to scan their employees' e-mail, instant messaging and other communications systems to ensure that people were not inappropriately sharing information with outsiders.

The study specifically asked if companies should be allowed to scan electronic communications for proprietary business data such as customers' personally identifiable information, including Social Security numbers, bank account data or credit card numbers.

By comparison, the study, which is based on interviews conducted with people working in 171 organizations in the government, university and commercial sectors, found that only 11 percent of survey respondents working for government agencies and 31 percent of people working for universities felt that employee communications should be monitored.

Researchers involved in the study said that the disparity in opinions is largely based on the realization among workers at U.S. companies that so-called insider threats represent one of the greatest dangers to data security, and that workers understand that businesses must keep a closer eye on their employees to prevent costly information leaks.

"What we've seen over the last 18 months is a rapidly growing acceptance in corporate America of monitoring behavior not only among executives who want to watch their employees, but also among employees in terms of understanding that anything they do using company resources can and should be watched," said Kurt Shedenhelm, chief executive of Palisade, which is based in West Des Moines, Iowa.

"In some cases such as the financial services industry, we obviously see the government requiring this type of activity via Sarbanes-Oxley and other compliance regulations.

While U.S. workers have increasingly accepted that their bosses might be reading their e-mails to ensure that critical data isn't being distributed without approval, the picture remains far less clear internationally, where some countries including Germany still bar companies from monitoring almost any employee communications, Shedenhelm said.

Among the changing trends within the context of scanning workers' electronic communications is a growing desire on the part of businesses to monitor instant messaging systems in addition to e-mail, according to Palisade, which markets software specifically designed to help companies perform such security tasks.

"Whereas 12 months ago everyone was scared about e-mail, there is now a move within more companies to monitor IM and other messaging systems as some experts contend that IM is becoming an even more broadly used business tool than e-mail," said Shedenhelm.

"Clearly people are accepting the fact that when you are operating within the walls or network of any company, anything that you do can be watched, and that regulations requiring companies to do so are only likely to become more stringent."

Among the other findings of the study, which was conducted by Dr. Doug Jacobson, a professor in the department of Electrical and Computer Engineering at Iowa State, was that 78 percent of the organizations surveyed stored, sent or accessed consumers' personally identifiable information or proprietary data on their computer systems.

Some 84 percent of the companies involved in the research said that they were already required by law or industry regulations to protect client records and information.

In addition, of all the organizations that said they handle and store private information, 83 percent said they maintain files that include customers' addresses and phone numbers, with 67 percent reporting that they still harbor people's Social Security numbers.

An additional 36 percent of those interviewed said they use customers' bank account information, and 30 percent said they store and handle customers' credit card data.

Of the organizations that maintain such databases of sensitive information, 64 percent indicated they have technology in place to monitor the data, but not to prevent mishandling of the files.

Some 30 percent of those firms said they can monitor content traveling out of the network by e-mail, but did not have tools in place to prevent such behavior.

An additional 16 percent of respondents said they can monitor specific content flowing out of their networks via instant messaging, but said they could not block such communications.

Only 13 percent of those surveyed said they could scan for information leaving the network by Web mail, with no ability to stop the practice.

Palisade Systems was founded in 1996 by Doug Jacobson, an Iowa State University professor of computer engineering.

Maryland Governor Wants To Scrap E-Voting Machines; Go All Paper For The Election

from the not-a-partisan-thing dept

Following all the problems (both technical and human) in last week's primaries in Maryland, combined with the rather damning report on the security of the machines put out by Ed Felten (which Diebold has responded weakly to, making all sorts of claims that don't refute anything Felten put in the paper), Maryland's Governor, Robert Ehrlich is calling for the state to scrap all of the e-voting machines for the November election and focus on paper ballots. This comes as even more problems were found with the electronic voting machines used in the election. Of course, the head of the Elections Board and the state Senate President are fighting against this plan, saying that they can "correct" the problems with the machines. That would be impressive, considering just how many problems have been found with Diebold e-voting machines over the years, and the company's blatant unwillingness to deal with them.

The rationale for keeping the machines also leaves us scratching our heads: "We paid millions. These are state-of-the-art machines." Two responses: The evidence is pretty clear that these are not state of the art machines. They're badly made, with ridiculously weak security, and a company behind them that bullies its critics, blatantly misleads in its responses to security problems and cracks jokes about their weak security when confronted. Therefore, it really doesn't matter how many millions you spent on them, the machines are a problem. The Senate President also accused Ehrlich of simply using this issue as a political ploy to rally his supporters. By the way, for those of you who want to believe e-voting is simply a big Republican conspiracy (based on some offhand remarks by Diebold's former chief), we should note that Ehrlich (who wants to scrap the machine) is a Republican, and the folks who want to keep the machines are Democrats. So, once again, we'll note that this is not a partisan issue. It's an issue about having secure, fair and accurate voting.

So you can do it from the customer keypad! DUMB!

Reprogramming Your ATM For Fun And For Profit (Mainly For Profit)

from the not-so-hard-at-all dept

There was some buzz last week after CNN showed a video of an ATM machine that had been programmed to believe it had $5 bills instead of $20s (so any withdrawal actually gave you 4X the money you asked for). The guy who did this just walked in and knew the code to reprogram the ATM. He then left the ATM programmed that way, and the ATM gave a lot of people extra money for nine days before someone pointed out the problem. So how easy would it be for anyone else to do this? Apparently it's ridiculously easy. With a bit of hunting online, it's not too hard to obtain a copy of the manual for the type of ATM machine used, including instructions on how to switch it to diagnostic mode. You do need a password, but the manual lists the typical default passwords that it seems likely many of these ATM owners failed to switch. Hopefully, this new burst of publicity over the issue will encourage owners of the machines to change their passwords -- but if you happen to see certain ATMs with unusually long lines in the near future (and don't mind committing fraud), you might want to withdraw some money.

Market gossip goes high-tech

By Saskia Scholtes in New York Published: September 20 2006 22:07 | Last updated: September 20 2006 22:07

Market gossip is to take on a more high-tech form thanks to a new automated system that will trawl through more than 40m internet sources – from blogs to regulatory filings – on behalf of hedge funds.

... “It’s important to know that the smoke is out there and that others see it,” he said. “There may be more information value in online trends in the aggregate: 5,000 more web mentions of a product than the week before could be an important signal for an analyst covering the product’s manufacturer.”

... Another example is internet search company Yahoo, which last week enhanced its finance site with a blog that compiles postings from portfolio managers, hedge fund managers and other finance professionals. Yahoo is making the change to help counter Google, which has links to blogs on its Google Finance website.

Where burglars go to select victims?

Monkey Bites

by Michael Calore Wednesday, 20 September 2006

Zebo Is Growing

Zebo now has 4.9 million global users. The social networking site that asks members to list what possessions they own officially launched last week. Zebo was even profiled in The New York Times, and in that article, their membership number was cited at 4 million. Today, a Zebo representative told me that the site's membership has now reached 4.9 million users globally.

Wednesday, September 20, 2006

Could it be that someone at Google reads my blog? (This is smarter than what I suggested)

Ballsy Google Kicks Belgian Newspapers’ Asses

By Nathan Weinberg

Sometimes Google just makes me jump up and pump my fist, yelling, “Yes! You show those motherf-ers!” This is definitely one of those times. Google responding to Belgian newspaper’s complaints about being included in Google News and the Google cache, as well as a court ruling that they remove those newspapers from their services, decided to show them who’s boss and banned the newspapers outright from Google Belgium’s search results.

Take a look at this search. It returns zero results, just this message:

In response to a legal request submitted to Google, we have removed 1237 result(s) from this page. If you wish, you may read more about the request at

That’s right: those Belgian newspapers wanted Google to pay for the privelege of sending them readers, so Google is going to take their greed and use it to cut off their legs. Want to bet those papers lose tens of percentages of their traffic? All statistics say yes, and I’ll bet the Hitwise blog is working up a real pretty chart to prove it.

Old, dying media, here’s your lesson for the day: Google doesn’t steal your content, it just points its millions of users at you. That is to your benefit. Don’t blow it next time.

Oh, and Google can basically argue to the judge that it isn’t using dirty tactics, because it simply followed the awful wording of the judge’s ruling:

Order the defendant to withdraw the articles, photographs and graphic representations of Belgian publishers of the French - and German-speaking daily press, represented by the plaintiff, from all their sites (Google News and “cache” Google or any other name within 10 days of the notification of the intervening order, under penalty of a daily fine of 1,000,000.- € per day of delay;

Uh, whoops. Yeah, don’t screw with the Goog.

Coverage also at Slashdot. Found on Findory.

The coup in Thailand seemed to generate far fewer articles than the death of the Crocodile Hunter... Go figure!

UPDATED: 19:52, September 20, 2006

Roundup: Asia-Pacific reaction to Thailand's military coup

The sudden bloodless military coup in Thailand has aroused concern, unease and criticism from some Asia-Pacific nations on Wednesday.

HP's Dunn to testify before House on spying scandal

Committee hearing will investigate company wrongdoings, consider legislation to make 'pretexting' illegal

By Robert McMillan and Robert Mullins, IDG News Service September 19, 2006

Hewlett-Packard Co. Chairman Patricia Dunn will answer questions on the spying scandal that has embroiled her company during a House committee hearing on Capitol Hill next week.

HP's general counsel, Ann Baskins, will also appear at the hearing of the Subcommittee on Oversight and Investigations of the House Committee on Energy and Commerce, being held next Thursday, said HP spokesman Ryan Donovan.

HP's lead outside counsel, Larry Sonsini of the Palo Alto law firm Wilson, Sonsini, Goodrich & Rosati, will also testify, according to Terry Lane, a committee spokesman. Sonsini advised HP on the legality of its investigation into media leaks of details from the company's board meetings between 2005 and 2006.

... The committee is looking into HP's methods and is considering new federal legislation that would make this practice, called 'pretexting,' illegal.

HP is also being investigated by the Attorneys General of California and Massachusetts, the U.S. Federal Bureau of Investigation and the U.S. Attorney's office.

Ronald DeLia of investigation firm Security Outsourcing Solutions is also set to appear, but Lane said it is possible he will invoke his Fifth Amendment right to not testify to protect against self-incrimination. Prosecutors reportedly are looking into DeLia's company and a Melbourne, Florida, investigation company, Action Research Group, in connection with the scandal.

... The committee has also asked HP Global Security Manager Anthony Gentilucci and Action Research Group owner Joe Depante to testify, but has not heard back from them, Lane said.

You (should) know you're in trouble when this kind of question is being asked...

Is California Law Sufficient For A Prosecution At HP?

from the will-they-walk? dept

There's little doubt that HP or people hired by the company engaged in identity fraud in its drive to determine the identity of a boardroom leaker. Clearly, the best that company officials can do is to claim maximum ignorance about what tactics were used. But while California Attorney General Bill Lockyer claims he has enough evidence to indict people within HP, the law may not be so clear cut. Today, the New York Times surveys various legal professionals, and comes to the conclusion that under existing California law, a criminal case may prove difficult. In fact, a law that would have specifically gone after pretexting failed to get through the state legislature. This is not to say that Lockyer couldn't win a conviction, as the actions may violate broader consumer protection laws. But it is worth asking whether he is bluffing at all by announcing so quickly that he already has enough evidence to bring an indictment. And since he's running for state Treasurer, he also has personal motivations for taking a high-profile role in this case. It's no wonder that he's been compared to another state attorney general on the opposite coast. Of course, if the law isn't sufficient to go after this kind of behavior, that's not Lockyer's fault, and it shows the need for state and federal governments to strengthen laws that govern identity-related fraud.

This is disturbing...

Hezbollah Hacked Israeli Military Radio

Posted by kdawson on Tuesday September 19, @02:39PM from the how-to-kill-tanks dept. Encryption Science

florescent_beige writes, "Newsday is reporting that Hezbollah was able to monitor secure Israeli military communications, perhaps using technology supplied by Iran, during the recent Lebanon war. A former Israeli general, speaking anonymously, called the results 'disastrous' for Israel. The story reports that an anonymous Lebanese source said that Hezbollah might have taken advantage of Israeli soldiers' mistakes in following secure radio procedures. The radio gear uses frequency hopping and encryption."

The article identifies the Israeli communications equipment as the US-designed Single Channel Ground and Airborne Radio System.

Well, if they've got nothing to hide...

DHS seeks Privacy Act exemption for new database Click to Listen

By Alice Lipowicz Staff Writer 09/19/06

The Homeland Security Department wants exemption from most Privacy Act requirements for a new database that will keep personal information on its employees, visiting contractors, job applicants and student interns, among others.

The Office of Security File System will include classified and unclassified information, according to a recent notice posted in the Federal Register.

On the other hand...

Terrorism no excuse for privacy breaches, says EU regulator

No need to change laws

By Published Tuesday 19th September 2006 17:22 GMT

Terrorism and organised crime should not be used as excuses for passing laws which undermine people's privacy and data protection rights, according to the European Data Protection Supervisor (EDPS). Existing laws do not need changed, he said.

Copyright lawyer job opportunity?

YouTube Seeking Ways to Avoid Copyright Issues

Video-sharing site YouTube Inc., in a move that could defuse the threat of legal action against it, is racing to overhaul the way media and entertainment companies view unlicensed online use of their content. YouTube is rolling out technology designed to automatically spot copyrighted material that users upload without the permission of media companies, and then to share ad revenue with those companies.

Read the article: The Wall Street Journal | Posted: 9/19/2006 04:20:00 PM

September 19, 2006

World Legal Information Institute September News Issue Available

Via Madeleine Davis: "The September issue of 'WorldLII News' is available here. Contents this month include new databases on AustLII, CanLII, Droit
francophone, CommonLII and NZLII and a new Privacy Law Library on WorldLII. 'WorldLII News' is free and published regularly. Previous issues can be accessed here.

September 19, 2006

President's Identity Theft Task Force Announces Interim Recommendations

FTC press release: "The President’s Identity Theft Task Force has adopted interim recommendations on measures that can be implemented immediately to help address the problem of identity theft, Attorney General Alberto R. Gonzales and Federal Trade Commission Chairman Deborah Platt Majoras announced today."

“Stupid is as stupid does” F. Gump (It amazes me how often I quote this particular philosopher...)

Things Not To Do When On Trial For Stealing Computers: Steal The Court's Computers

from the just-saying dept

Not that we fully understand the mind of a criminal, but, generally speaking, while you're on trial for committing a specific crime, you should probably do your best to make yourself look innocent. That probably includes not committing the identical type of crime. Especially in the courthouse where your case is being tried. Of course, no one ever said that you had to be smart to be a criminal. Apparently a man was convicted of stealing a computer after he stole computers from the courthouse during his own trial for stealing computers elsewhere. He says he did it "for personal reasons" and as his way of "asking for help." It would seem like there are better ways to ask for help, but, now it looks like he'll be getting somewhere around five years of "help" in prison.

Worth passing on?

Beginner's guide to wireless auditing

David Maynor 2006-09-19

Old, but useful?

Create a Timeline in Microsoft Excel

Updated: April 14, 2004

This is humor? I think there is more to it...

New Office Slang

How to be memorable... (and arrested for possession of burglary tools?)

Lock-Pickin’ Business Card

Posted on 09.18.06 @ 8:42 pm

It looks like even Google has been overwhelmed by the users trying to view this (ahem) article...

Topless Sunbather Caught in Google Earth!

Gregd submitted by Gregd 8 hours 34 minutes ago (via )

Imagine having a quiet afternoon's sunbathing on your private, secluded, back patio - and then one day discovering that your nearly naked body has been posted all over the Internet!

[Messge I got...

The server at is taking too long to respond.

  • The site could be temporarily unavailable or too busy. Try again in a few moments.