Saturday, October 21, 2006

Diebold source code leaked again

Maryland state legislator receives anonymous disks containing code for electronic voting machines

By Robert McMillan, IDG News Service October 20, 2006

... This is not the first time that Diebold source code has been leaked. In early 2003, Diebold critic Bev Harris uncovered similar source code while conducting research using Google Inc.'s search engine.

Soon after, researchers at Johns Hopkins University and Rice University published a damning critique of Diebold's products, based on an analysis of the software.

They found, for example, that it would be easy to program a counterfeit voting card to work with the machines and then use it to cast multiple votes inside the voting booth.,0,946289.story?coll=bal-local-headlines

Diebold declares machines secure

Release of code raises concerns among critics of electronic vote system

By Sumathi Reddy Sun reporter October 21, 2006

... "You have the software because you are a credible person who can save the state from itself," the note said. "You must alert the media and save democracy."

... Goldstein said the board was never aware of missing disks. [If they were copied, the originals wouldn't be missing, would they? Bob] He said there is no internal investigation [Why investigate ourselves? Bob] and that all information is being referred to the FBI.

The fight to own your computer begins!

Trojan Installs Anti-Virus, Removes Other Malware

Posted by Zonk on Saturday October 21, @07:25AM from the clever-little-monkey dept. Security Programming

An anonymous reader writes "SpamThru takes the game to a new level. The new virus uses an anti-virus engine to remove potential 'rival' infectious code." From the article: "At start-up, the Trojan requests and loads a DLL from the author's command-and-control server. This then downloads a pirated copy of Kaspersky AntiVirus for WinGate into a concealed directory on the infected system. It patches the license signature check in-memory in the Kaspersky DLL to avoid having Kaspersky refuse to run due to an invalid or expired license, Stewart said. Ten minutes after the download of the DLL, it begins to scan the system for malware, skipping files which it detects are part of its own installation."

[From the comments: Any system that is badly protected enough to get infected is probably already bogging down and in danger of the user getting it fixed. This is probably a very good strategy to improve the usefulness of the machine to the hijacker, and reduce the chances of the user doing anything about the infection. I'm surprised this hasn't happened before.

... Actually, I am waiting for the BSA to come in and sue the people whose machines were "infected" with this pirated version of Kaspersky AV software. The BSA poses a greater threat than the spywear that was removed.

User: "I didn't install it! I swear!"

BSA: "Yea right, it just installed itself...."

North Carolina Law Helps Police Target Online Predators

Posted: October 20th, 2006 04:14 PM EDT Story by

The Internet can be a dangerous place for children without supervision. A new state law allows law enforcement to crack down on online solicitation.

... The Child Exploitation Act that went into effect 10 months ago in North Carolina makes it a felony for someone to solicit an officer online. [Why is this needed? Isn't it a crime to solicit a minor? Bob]

27B Stroke 6

by Ryan Singel and Kevin Poulsen Friday, 20 October 2006

FBI Pairs With Website Violating Law To Make Kids Safer

The FBI has set up a masterful site called Safe Online Surfing to help kids learn how to use the internet safely. Via a scavenger hunt, children get to learn that it's okay to talk about Disney characters online, get online safety tips from the Miami Dolphins website and take an Internet test at the Common Knowledge Scholarship Foundation.

Now, what's great isn't that the final Internet quiz actually tests you on whether you know how to become an FBI Special Agent (Sample question: What do you say to a female applicant who says she's not strong enough to bust down doors?)

What's great is that the Common Knowledge site violates the Children's Online Privacy Protection Act, which mandates that any site collecting personal information on a child under the age of 13 must get verifiable consent from a parent. While Common Knowledge claims to be in compliance with COPPA, I was able to register as a 12 year-old (First name: Vulnerable, Last name: Child Address:123 TouchMe Way). Registration requires a name, an address, a phone number, a date of birth, an email address, your school name, and your extra-curricular interests just to take an online quiz. While I was required to add my parent's email address, the site never sent an email to that address, let alone complied with the law requiring the site to get a parent's verifiable consent. The site's legitimacy is only burnished by having its domain registered to a post office box and running Yahoo! ads on the front page.

This is brilliant since any child going through the scavenger hunt should have learned never to give any of this information out, so the way to finish the scavenger hunt is not to finish it. Pretty sneaky, FBI. Schools that do really good on the test get a visit from a professional football player, which makes sense, because nothing says online smarts like a 6', 230lb linebacker sitting in your school's cafeteria.

Since video is exploding onto the Internet, this will have to change – quickly!

Can you find Murphy Brown engaging Dan Quayle?

In Free Culture, chapter 9, I wrote the following:

In addition to the Internet Archive, Kahle has been constructing the Television Archive. Television, it turns out, is even more ephemeral than the Internet. While much of twentieth- century culture was constructed through television, only a tiny proportion of that culture is available for anyone to see today. Three hours of news are recorded each evening by Vanderbilt University - thanks to a specific exemption in the copyright law. That content is indexed, and is available to scholars for a very low fee. “But other than that, [television] is almost unavailable,” Kahle told me. “If you were Barbara Walters you could get access to [the archives], but if you are just a graduate student?”

As Kahle put it,”Do you remember when Dan Quayle was interacting with Murphy Brown? Remember that back and forth surreal experience of a politician interacting with a fictional television character? If you were a graduate student wanting to study that, and you wanted to get those original back and forth exchanges between the two, the 60 Minutes episode that came out after it … it would be almost impossible. … Those materials are almost unfindable. …”

Jeff Ubois has just published a paper about his effort to find out whether Brewster was right. His conclusion: Brewster’s right. As he writes:

I searched for footage of the Quayle/Brown interaction with an eye towards making some general assessments of the accessibility of historic broadcasts, and detailed the results in a paper called Finding Murphy Brown: How Accessible are Historic Television Broadcasts? It’s finally out this week in the peer reviewed Journal of Digital Information….

Copyright restrictions ultimately made it impossible to get the original Dan Quayle speech, or the Murphy Brown episodes in question. In an odd coda to this project, one digital library journal (from which I withdrew this paper) insisted that the correspondence detailing refusals by various organizations to allow access to or use of the Quayle/Brown footage was itself copyrighted, and therefore unsuitable for publication. Those excerpts are included in the current piece. It was disturbing how one effect of copyright law is to chill academic discussions of copyright law.

You can read the paper by linking from the blog entry.

Records retention and Disaster Recovery tools,1759,2034378,00.asp?kc=EWRSS03119TX1K0000594

BridgeHead Makes Disaster Recovery, Archiving Play

October 20, 2006 By Karen D. Schwartz

BridgeHead Software has integrated its policy-based data lifecycle management software with EMC's Centera CAS, offering users more options for disaster recovery and data archiving.

By integrating BridgeHead's HT ISM (Integrated Storage Management) software platform with EMC's Centera CAS content-addressed storage solution, EMC users now have an advanced rules-based system for finding data around the network and writing it in an efficient manner to Centera, said Patrick Dowling, BridgeHead's senior vice president of product management.

With the integration, users now can use BridgeHead software to search both content and metadata, [Content: Contains the phrase “attack America” Metadata: Document was written on September 12th Bob] which makes Centera easier to populate with data while keeping that data within easy view and access. And because HT ISM offers the ability to write to multiple copies in multiple places, archives can now be simultaneously maintained for better protection and multiple business purposes, such as compliance and disaster recovery, Dowling said.

... "If you're going to play in this ecosystem, you have to continue to evolve," he said. [Well, DUH! Bob]

What is security worth?,1759,2034667,00.asp?kc=EWRSS03119TX1K0000594

Cost of Data Breaches Rises Sharply

By Matt Hines October 20, 2006

Leaks of sensitive customer information and other corporate data are costing companies in the United States substantially more in related financial and business losses in 2006, according to a new study published by the Ponemon Institute.

Based on the findings of the Ponemon Data Breach Study, to be published on Oct. 23, information losses cost U.S. companies an average of $182 per compromised record in 2006, compared to an average loss of $138 per record in 2005, for an increase of about 31 percent.

The report, which is based on interviews held with 56 individual companies known to have experienced a data loss in the last year, maintains that roughly $128 of the 2006 figure is related to indirect fallout from information leaks, such as higher-than-normal customer turnover.

Other associated costs spurred by data mishandlings or thefts were an average price tag of $660,000 per company in expenses related to notifying customers, business partners and regulators about data leaks.

Ponemon contends that each company surveyed sacrificed roughly $2.5 million in lost business, based on their incidents.

To arrive at the figure, researchers combined costs from legal, investigative and administrative expenses with information related to affected companies' stock performance and customer defections, among other indicators.

Each company interviewed has parted with an average of $4.7 million in payouts and lost business in total, related to the incidents.

Companies in the study paid almost $300,000 on average to investigate their data leaks and spent just over $1.24 million on average for other efforts aimed at responding to records losses, such as setting up customer support hotlines or offering credit monitoring services to help protect against related fraud.

... The greatest leap was measured in lost business, which cost companies an average of $22 per record more in 2006 than it did in 2005. Firms lost an average of $98 in business per record this year, compared to $75 per record in 2005.

... "The burden companies must bear as a result of a data breach are significant, making a strong case for more strategic investments in preventative measures such as encryption and data loss prevention," said Dr. Larry Ponemon, chairman of Ponemon Institute, which is based in Elk Rapids, Mich.

"Tough laws and intense public scrutiny mean the consequences of poor security are steep—and growing steeper for companies entrusted with managing stores of consumer data."

In charting the most common sources of data leaks, researchers found that lost or stolen laptops remain the top culprit, accounting for 45 percent of all the incidents studied.

Records lost by third party-business partners or outsourcing companies represented the second most popular type of event, representing 29 percent of all the reported leaks.

Misplaced or stolen backup files, such as those stored on magnetic tapes, accounted for 26 percent of the incidents, while the much-publicized usage of malware programs that steal data were reported in only 10 percent of the losses.

Friday, October 20, 2006

Because they were slow to react and then tried to minimize their guilt...

Reporter's Story — How HP Kept Tabs On Me

Posted by Zonk on Thursday October 19, @06:36PM from the in-case-you-were-wondering dept. HP Businesses Media

Carl Bialik from WSJ writes "An outside lawyer working for H-P, John Schultz, yesterday told Wall Street Journal reporter Pui-Wing Tam how H-P's investigators collected information on her for a year, scoping out her trash and compiling a dossier on her phone calls. From Tam's article about her time spent, unwittingly, under surveillance: 'H-P's agents had my photo and reviewed videotaped footage of me, said Mr. Schultz, of the law firm of Morgan, Lewis & Bockius. They conducted "surveillance" by looking for me at certain events to see if I would show up to meet an H-P director. (I didn't.) They also carried out "pre-trash inspections" at my suburban home early this year, Mr. Schultz said. ... But what was surprising were the questions Mr. Schultz left unanswered: How did H-P's agents get my phone numbers in the first place? When did they review videotaped footage of me? Did their gumshoes park their cars outside my house at night? And what the heck is pre-trash inspection?'"

October 17, 2006 11:48 AM Posted By News Questions & comments 0

Hewlett-Packard and Corporate Authority to Eavesdrop on Employees

by Alexander Wolfe, Editor at Large

The uproar over the Hewlett-Packard spy scandal has brought to the forefront the issue of companies spying on their own employees. Executive employees of Hewlett-Packard employed private investigators to spy on members of HP’s board in an effort to determine where leaks pertaining to internal operations originated from, and they are now facing criminal charges in California. But to what extent may a company legally monitor the activities of its employees, both in and out of the work place?

Generally, employees have a reduced expectation of privacy in the work place. Public employees enjoy some protections [Are we 'second class' citizens if we don't work for the government? Bob] as a result of the application of the Fourth Amendment to state and local governments, but employees of private employers have historically not received much protection of their privacy. Congress dealt with such privacy issues only incidentally in the last 1960’s with the passage of a comprehensive wiretap law that essentially made it illegal to intercept communications between persons. This law was updated in 1986 by the Electronic Communications Privacy Act, which extended the protections of the original wiretap law to e-mail and other electronic communications. Because of exceptions in the law that created uncertainty of the extent to which the act regulated private employers, legislation was introduced in Congress that would not ban electronic monitoring, but would provide that employers must give notice to employees that they may be monitored while performing job-related duties. This legislation failed to make it out of committee.

Many states make provisions for the protection of an employee’s privacy. Some states, such as California, recognize employee rights in the workplace where a reasonable expectation of privacy exists. However, state courts have undermined such protections in narrow readings of such an expectation as it relates to video surveillance and e-mail.

Employees who find themselves the target of monitoring or surveillance can in some instances pursue a remedy at common law for tortuous invasion of privacy. As with much state legislation, an objectively reasonable expectation of privacy is key, and even where such an expectation is found it can be outweighed by the countervailing legitimate business interests of the employer. Many employees have found this to be a high hurdle to overcome, as in a Texas case where an employee had no privacy expectation in a password protected personal folder on the company’s network, or another where the employee had no privacy expectation in personal emails despite the employer’s assertion that the employee e-mails would remain confidential.

Such results have led some to call for greater protection of employee privacy rights, in the form of an Employee Privacy Bill of Rights or model statutes on electronic monitoring, or drug testing. However, efforts to increase employee privacy protection at both the state and the federal level have not met with much success in recent years.


The real reason that Google bought YouTube?

The $1.65 billion purchase of the video-sharing site could actually be a boon for traditional TV ads.

FORTUNE Magazine By David Kirkpatrick, Fortune senior editor October 19 2006: 3:03 PM EDT

NEW YORK (Fortune) -- When Google spent $1.65 billion for 19-month-old online video phenomenon YouTube, it was portrayed as a sign of the triumph of online video. And in important ways it is. But the voluminous coverage missed something central. Google's interest in the video-sharing site, ironically, also has a lot to do with its belief in the staying power of conventional broadcast television and cable.

It's important in watching Google never to forget that it makes just about all its money from advertising. The fact that its role in advertising keeps growing is what, in turn, keeps its stock in the stratosphere, thus giving it the $128 billion market capitalization which enabled it to purchase YouTube with stock.

Many writers recently pointed to the obvious opportunity for a Google-owned YouTube to profit from placing video ads next to the 100 million video streams that YouTube claims users view there each month. That is surely one reason Google can justify paying so much money, but a closely-related reason may be even more important.

Google has for about a year-and-a-half been talking about its ambition, considered quirky or worse by some, to extend its auction-driven ad sales model beyond the net into what we think of as "old media." It has said it wants to get into the business of placing ads in print, radio and television.

Indeed, while last week's YouTube purchase was Google's largest, the second largest was January's $102 million acquisition of dMarc Broadcasting Services, a company with a successful automated system for placing ads on radio stations all over the country.

Television advertising is the biggest ad market of all, still dwarfing the Net. Last year it totaled $61 billion in the United States compared to the Net's $8 billion. Google executives confirm that the company bought YouTube in part to better position itself for getting into the business of selling traditional television advertising.

Google CEO Eric Schmidt has not been secret about his ambitions to do so. This summer at a conference he said Google would soon deliver "targeted measurable television ads" and complained that today when you watch TV you see commercials that are "a waste of your time," and "clearly not targeted for you."

What separates Google's current ad service from what has come before is its orientation towards results. Advertisers only pay for ads that attract user attention as evidenced by clicks. But the way Google enables its advertisers to get results has a lot to do with the process of repetition and refinement that identifies the most effective ads.

Google's most successful search advertisers are those who methodically experiment with multiple messages. Sometimes they try thousands of combinations of different texts displayed in response to various search keywords, quickly - often in hours - eliminating those that don't attract the clicks of users and refining those that do, until they arrive at the ideal combination of message and keyword.

A similar process of refinement takes place in Google's AdSense service. It places ads on the Web sites of affiliates with which it shares ad revenues.

I don't know if they're right, but Google's managers now seem to believe they can do the same thing with print, radio and TV, albeit with much of the testing taking place on the more immediate and low-cost medium of the Internet. Buying YouTube will give Google a platform on which advertisers can experiment with TV ads in different forms.

If you were a big TV advertiser, before you spend what is sometimes millions for a primetime spot, wouldn't you like to know how it fared on YouTube compared to alternate versions? How many people willingly chose to view it? How many clicked through for more information? Did it perform better adjacent to some kinds of content than others? Presumably Google has a variety of ideas about how it could help advertisers evaluate TV ads online before placing them offline.

If Google can offer advertisers such tools to test the efficacy of offline ads, it could put them in a far better position to also assist in placing those ads. Google can buy ad inventory in TV, radio, and print to place ads there it pre-tested online. If it chose to, I suppose, it could even create its own offline media products on which to host such ads. (This part is purely my speculation, by the way.)

When Google advertising boss Tim Armstrong first explained to me that he believed the repeat-and-refine approach used for search ads could be extended to other media, I was skeptical and didn't understand. Now, in the wake of the YouTube deal, I finally think I do.

Google's competitors are mostly still trying to figure out how to better take advantage of today's online advertising opportunity. Meanwhile, Google is already looking ahead to a still-to-come era when the Web links tightly with all other media.

Is this the beginning?

Friday » October 20 2006

YouTube deletes 30,000 files after Japanese copyright complaint

Canadian Press Friday, October 20, 2006

TOKYO (AP) - The popular U.S.-based video-sharing Web site YouTube has deleted nearly 30,000 files over copyright concerns after being asked by a group representing Japan's entertainment industry.

The Japan Society for Rights of Authors, Composers and Publishers, found 29,549 files such as video clips from TV programs, music videos and movies posted on YouTube's site without permission, said Fumiyuki Asakura, an official from the organization, on Friday.

The group found the files posted by users without authorization from Japanese copyright holders during research done earlier this month, Asaskura said.

Acting on behalf of 23 Japanese TV stations and movie and music companies, the group asked YouTube to remove the copyrighted materials, he said.

San Bruno, California-based YouTube quickly removed all the files requested, he said.

Most videos posted on YouTube are homemade, but the site also features volumes of copyrighted material - a problem that has caused some critics to predict the startup eventually would be sued.

Asakura said the entertainment industry group is considering asking YouTube to introduce a preliminary screening process to prevent illegal video clips from being posted.

Since YouTube started in February 2005, the company has blossomed, now showing more than 100 million video clips per day.

YouTube's worldwide audience was 72.1 million by August, up 2.8 million from a year earlier, according to comScore Media Metrix.

Storage volumes also impact record retention and of course the volume of information gathered via electronic discovery...

Storage budgets may not keep up with demand in 2007

Gartner study finds that 26 percent to 37 percent of managers worldwide planned to increase spending

By Robert Mullins, IDG News Service October 19, 2006

... Fifty-five percent of the IT managers surveyed said their biggest storage challenge was keeping up with growing demand, estimating that their capacity needs would grow by an average 25 percent in one year and by 41 percent in two years.

Charles Darwin's works go online

The complete works of one of history's greatest scientists, Charles Darwin, are being published online.

The project run by Cambridge University has digitised some 50,000 pages of text and 40,000 images of original publications - all of it searchable.

Surfers with MP3 players can even access downloadable audio files. [Darwin raps? Bob]

... The historian said he was inspired to build the library at when his own efforts to study Darwin while at university in Asia were frustrated.

Reporters Not Required to Turn Over Computers to Pa. Attorney General

Asher Hawkins The Legal Intelligencer October 19, 2006

The Pennsylvania Supreme Court has blocked state Attorney General Tom Corbett's effort to force newspaper reporters in Lancaster, Pa., to turn over their computers in connection with an investigation of alleged leaks from the Lancaster County coroner to local media.

In In re 24th Statewide Investigating Grand Jury, a six-justice majority agreed that forcing the journalists to cede their entire hard drives would be akin to asking them to hand over their filing cabinets.

But the court unanimously agreed with Common Pleas Senior Judge Barry F. Feudale, who is supervising the grand jury proceedings, that there is no reason for the attorney general not to make available to Lancaster Newspapers Inc. a copy of the previously undisclosed document that officially kicked off the investigation. [isn't the court saying there was no reason to keep the document secret in the first place? Bob] Lancaster Newspapers publishes the Intelligencer Journal, Lancaster New Era and Sunday News.

... Werner's co-counsel in the case, William DeStefano of Buchanan Ingersoll & Rooney in Philadelphia, said the current investigation was sparked when the Lancaster County coroner's office, for the sake of convenience, showed local reporters how to access electronically information they regularly received over the phone from coroner's office staff.

Should it be: “No leak, no foul?” Would the HP Board have followed this rule?

'No Harm No Foul' Becoming The Norm In Data Breach Lawsuits

from the no-blood-no-foul dept

Back in April, a judge ruled that Wells Fargo should not be penalized for a data breach because there was no evidence that those who acquired the data had done anything criminal with it. This seemed like poor reasoning; Wells Fargo had no control whether anyone would use the data in a criminal manner, but it did have control over how it stored the data. In that case, data was lost because it was stored in an unencrypted format on a laptop. Certainly some could argue that that was negligent. But it looks like this line of reasoning is becoming standard. A recent suit brought against data broker Axciom for letting customer data slip out was dismissed since the plaintiffs couldn't prove that anything bad had been done with it. Again, either the company was negligent in letting personal data out, or it wasn't; that should be the measure upon which these cases are decided, not what was done later with the data. There is a flipside, which is that if plaintiffs started winning these cases, data breach lawsuits could easily become the latest class action charade (We can see the commercials now, "Has your personal data been leaked? Call the law offices of..."). But companies can't keep getting let off the hook just because harm can't be proven, or they'll have little incentive to protect the data.

October 19, 2006

New Laws and Machines May Spell Voting Woes


WASHINGTON, Oct. 18 — New electronic voting machines have arrived in Yolo County, Calif., but there is one hitch: the audio program for the visually impaired in some of them works only in Vietnamese.

“Talk about panic,” said Freddy Oakley, the county’s top election official. “I’ve got gray-haired ladies as poll workers standing around looking stunned.”

As dozens of states are enforcing new voter registration laws and switching to paperless electronic voting systems, officials across the country are bracing for an Election Day with long lines and heightened confusion, followed by an increase in the number of contested results. [Isn't that obvious? Bob]

... “We’ve got new laws, new technology, heightened partisanship and a growing involvement of lawyers in the voting process,” said Tova Wang, who studies elections for the Century Foundation, a nonpartisan research group. “We also have the greatest potential for problems in more places next month than in any voting season before.”

... “We’re expecting arguments at the polls in these states that will slow everything down and probably cause large numbers of legitimate voters to be turned away or to be forced to vote on provisional ballots,” said Barbara Burt, an elections reform director for Common Cause.

Meanwhile, votes in about half of the 45 most competitive Congressional races, including contests in Florida, Georgia and Indiana, will be cast on electronic machines that provide no independent means of verification.

“In a close race, a machine error in one precinct could leave the results in doubt and the losing candidates won’t be able to get a recount,” [Take THAT Al Gore! Bob] said Warren Stewart, policy director for VoteTrustUSA, an advocacy group that has criticized electronic voting.

... Whether there are problems or not, post-election litigation is likely. A study released this year by the Washington and Lee Law Review found that the number of court cases challenging elections has risen in recent years. In 2004, the number was 361, up from 104 cases in 1998.

Thursday, October 19, 2006

Oh come on! You can hit 25 million easy!

Oct 19, 7:13 AM EDT

Sony Battery Recall to Hit 9.6 Million

TOKYO (AP) -- The number of laptop batteries Sony is recalling will total 9.6 million worldwide, the company said Thursday, shedding more light on the scope of a problem that has rattled confidence in the company's image.,1759,2033438,00.asp?kc=EWRSS03119TX1K0000594

Special Report on the Data Center

October 18, 2006 By Eric Lundquist

CIOs and IT managers should stop thinking of the data center as a place and start seeing it as more of a process. [YES! Bob]

The idea of a data center as an enclosed, climate-controlled room where all of a company's computing takes place is being replaced by the concept of virtual data centers that draw on storage, computing and networking resources, wherever they may reside.

Virtual storage, virtual servers and software services that can be provisioned internally or procured on a contract basis from external vendors confront the CIO with an overwhelming array of infrastructure choices. And the number of those choices keeps growing.

Lots on ethics and how little impact Chief Ethic Officers seem to have,

What Hewlett-Packard's Spying Scandal Tells Us about the Limitations of Corporate Boards

Published: October 18, 2006 in Knowledge@Wharton

The crisis at Hewlett-Packard over allegations that its chairwoman, Patricia Dunn, authorized illegal surveillance of HP board members in order to find out who leaked sensitive company information to the press, is dragging on, perhaps longer than most people first expected. And it has raised a number of important issues about corporate governance, privacy protection and surveillance of employees. Tom Donaldson, professor of legal studies and business ethics at Wharton, joins Knowledge@Wharton to talk about HP's woes as they relate to business practices both in the U.S. and abroad. Donaldson's research areas include business ethics, leadership, risk management and corporate compliance. He has consulted with companies ranging from Goldman Sachs and Wachovia to Exelon and KPMG, and is currently working on articles about corporate risk management programs and cash management practices at non-profit organizations.

If you have iTunes, you can subscribe with one click:

If you have your favorite podcast source, the url is:

Not exactly what Prof. Donaldson says above... (Interesting photo accompanying the story)

La difference’ is stark in EU, U.S. privacy laws

EU citizens well protected against corporate intrusion, but red tape is thick

By Bob Sullivan Technology correspondent MSNBC Updated: 6:22 p.m. MT Oct 18, 2006

... In many parts of Europe, for example:

  • Personal information cannot be collected without consumers’ permission, and they have the right to review the data and correct inaccuracies.

  • Companies that process data must register their activities with the government.

  • Employers cannot read workers’ private e-mail.

  • Personal information cannot be shared by companies or across borders without express permission from the data subject.

  • Checkout clerks cannot ask for shoppers’ phone numbers.

... Privacy law: Not the product of logic [Think that is true? Bob]

Other privacy experts are skeptical of such measurements. After all, if privacy as a concept is hard to define, quantifying levels of privacy seems almost impossible.

To Blog or Not to Blog: Report from the Front

Published: October 18, 2006 in Knowledge@Wharton

Dan Hunter, Wharton professor of legal studies and business ethics, used to read more than 100 blogs a day, but after a while he had trouble keeping up. Now he tracks a mere 50 blogs, spending a couple of hours each day on topics such as technology, intellectual property, video games, architecture and interior design. "They fulfill an information need I have: to keep up to date on what is going on in my professional life, or see cool stuff for my personal life, or to be amused," he says.

Knowledge@Wharton recently asked a group of Wharton faculty and staff to share their thoughts on the blogosphere. Those who are enthusiastic participants (and not all fall into this category) have lots of company. About 57 million American adults -- or 39% of Internet users -- read individually authored web logs, or "blogs," according to the Pew Internet & American Life Project, which does surveys to track Internet use. About 12 million American adults, or 8% of Internet users, keep a blog. They do so for a number of reasons -- to share professional or personal ideas and opinions, crack jokes, air political views, or comment on current events.

Here is a sampling of what Wharton faculty members have to say about blogging.

Building a Better Voting Machine

Posted by Zonk on Wednesday October 18, @05:56PM from the better-mousetrap-not-included dept. Software Politics

edmicman writes "Wired News has an interesting article about what would make the perfect voting machine: 'With election season upon us, Wired News spoke with two of the top computer scientists in the field, UC Berkeley's David Wagner and Princeton's Ed Felten, and came up with a wish list of features we would include in a voting machine, if we were asked to create one. These recommendations can't guarantee clean results on their own. Voting machines, no matter how secure, are no remedy for poor election procedures and ill-conceived election laws. So our system would include thorough auditing and verification capabilities and require faithful adherence to good election practices, as wells as topnotch usability and security features.'"

Perhaps the industry will learn from Coke? At least, this will help train the next generation of pirates!

Record Labels Turn Piracy

Into a Marketing Opportunity


A video clip from Jay-Z's live concert in June at Radio City Music Hall is popping up on all sorts of illicit music-sharing hotspots. But Jay-Z isn't upset.

That's because the rapper, at the request of Coca-Cola Co., agreed to allow distribution of the eight-minute clip -- which included promotions for Coke -- on the peer-to-peer sites, using technology usually used to thwart music pirates.

This one too?

Peter Gabriel Wants You to Re-Shock the Monkey

Posted by samzenpus on Thursday October 19, @12:40AM from the daddy-wants-more-cowbell dept. Music The Internet

PreacherTom writes "The party line for the music industry has been clear: discourage music downloads at all cost. However, singer Peter Gabriel is taking things in a different direction. In order to promote his own label, he is actually encouraging people to not only download his music, but also adapt it into something more modern. In doing so, he actually posted a sample pack of Shock the Monkey consisting of vocals and other pieces of the original multitrack recording. Some in the music business would call this the commercial equivalent of hiring kidnappers to babysit. In actuality, Gabriel is pleased with the results."

Oct 18, 7:14 PM EDT

RadioShack Offers Tech Classes Online

DALLAS (AP) -- RadioShack Corp. is turning to online classes to help consumers navigate the confusing world of technology. Consumers can learn how to edit digital photos, choose and set up high-definition televisions, buy a new computer and explore satellite radio.

The free classes announced Wednesday will have staggered start dates beginning this month and November.

Participants who sign up online can take the courses at their own pace but it shouldn't take more than a month to complete. The classes will be moderated by instructors with experience in the specific topics, company officials said.

The hope, of course, is that shoppers will use their newfound wisdom to buy products from RadioShack. [Is this a “Well, DUH!” statement? Bob]

How to reduce a products value to the consumer...

Microsoft limits Vista transfers

By Ina Fried Story last modified Tue Oct 17 06:14:58 PDT 2006

Windows Vista may have new features for mobile computers, but the operating system itself is becoming considerably less portable.

Under changes to Microsoft's licensing terms, buyers of retail copies of Vista will be able to transfer their software to a new machine only once. If they want to move their software a second time, they will have to buy a new copy of the operating system.

... Separate rules apply for the versions of Windows installed on new PCs, which is how most people get their copy of the software, Boettcher said. In most cases, copies of Windows purchased on a new PC cannot legally be transferred.

The license changes also apply to virtualization, in which a computer runs multiple operating systems, or multiple copies of the same operating system, at the same time. Customers can only transfer the copy of Windows once, including a transfer from one physical machine to a virtual machine, or from a virtual machine on one PC to a virtual machine on another PC.

"Virtualization is a new technology," Boettcher said. "We are going to learn more about the use cases as we move forward."

Can this be right?

'Jane Doe' Status Is Not Compromised by MySpace Postings

By Thomas B. Scheffey The Connecticut Law Tribune 10-18-2006

Lawyers for Gregory A. Firn, superintendent of the Milford, Conn., school system, took to the Internet to challenge the "Jane Doe" anonymity of a 2005 high school graduate who is suing him for failing to protect her from the sexual depredations of volunteer basketball coach Robert Dulin.

It backfired.

Brian S. Frank, an associate in Anthony B. Corleto's Danbury, Conn., law offices, said in a sworn affidavit he did not know the plaintiff's real name when his firm began representing Firn separately from three other defendants late last July. He found out by going to the Web site of, which is popular with high school and college students.

There Frank searched for the profiles of alumnae of Jonathan Law High School in the class of 2005. He found two profiles of Jane Doe, which included seven photos of her, her real first and last names, and a New Year's Eve reflection on her life.

"This year," she wrote online, "has been complete chaos for me ... . It started out mad cool but ended in pure hell. I fell in love with someone ... . Is that wrong? It may be "gross" or "wrong" to some people but to me it's just right." She added, "I've been in and out of the police station almost every week since Aug. 4th. I go out in public and people ask me 'Are you the girl?' Proudly I look at them and say ''"

In a motion to reconsider Doe's anonymous status, Corleto argued that the plaintiff waived anonymity by voluntarily publicizing her name, image and the "circumstances of her case on an Internet website."

Doe's lawyer, Michael T. Meehan of Meehan, Meehan & Gavin in Bridgeport, Conn., responded by filing a motion for contempt and a motion for sanctions, on grounds that Corleto's filings violated the standing "Jane Doe" order.

Milford Superior Court Judge Brian T. Fischer socked Corleto with a $1,000 sanction, and on Sept. 22, ordered that four documents that reveal Doe's identity be sealed until Corleto can replace them with redacted copies.

Corleto did not return repeated telephone messages last week. The plaintiff's MySpace profiles apparently have been removed from the Web site.

... Meehan, whose firm does criminal defense work, said the new phenomenon of Web log sites like has created a new trove of potential information for criminal defense lawyers.

"[W]here there's a close call on the credibility of a complainant, we have found that these MySpace postings are causing more and more issues in cases. It's an opportunity, in a criminal case, where you can gather information about a complainant where you would not otherwise have access, short of cross-examination during a trial," he said.

No doubt this will become mandatory on US cars. Then the computer will “adjust” the car to comply with the law. Then what?

Gear Factor by Michael Ansaldo Wednesday, 18 October 2006

Car Computer Reads Road Signs

Topic: Automotive

Siemens Soon you'll have no more excuses for driving 55mph in a 35mph zone, making illegal U-turns or narrowly missing pedestrians in a crosswalk. Siemens has developed an in-car technology that uses a special camera and on-board computer to read and interpret road signs and display the information in your field of vision For instance, if you're coming up on a speed limit sign, the system will float the posted limit alongside your actual speed on your windshield. Siemens hopes to have the technology integrated into vehicles in the next couple of years.

Yes, Believe It Or Not, Libel Online Falls Under The Same Laws As Libel On Paper

from the is-it-that-hard-to-figure-out? dept

This is one of those legal decisions that's apparently being hailed as "important," but which could just as easily be described as a no brainer. A U.S District Court in Texas has ruled that libel laws face the same statute of limitations online as they do offline. This seems like it should be obvious, but one company apparently felt that the rules should be extended since the content "lives on" online. Of course, it lives on offline too, it's just not as easily findable (in most cases). However, it hardly seems fair to change the statute of limitations just because the ability to find the content is easier. If anything, you'd think that's an argument to limit the statute of limitations, since it's so much easier to find the potentially libelous content in the first place.

BusinessWeek looks to web in battle for readers

By Aline van Duyn in New York Published: October 17 2006 22:25 | Last updated: October 17 2006 22:25

For the editor-in-chief of the world’s biggest business magazine, one goal is paramount: keeping his title on the “must read” list.

“You don’t want to be a discretionary read, that is too dangerous,” says Stephen Adler, the 51-year-old who last year stepped into the potential danger zone, taking over responsibility for all of the content in BusinessWeek, its website and its seven foreign language editions.

The perils come from the fact that financial news and information, most of it free, has proliferated online. Also, newspapers increasingly provide the analysis that weekly magazines used to, putting the role of titles such as BusinessWeek, Forbes and Fortune under scrutiny.

... “There is no question people need reliable and accurate business information. I want BusinessWeek to be in a position not to care too much if they want it in print, online or on mobile devices. As long as we’re doing that, we have a purpose in the world.”

Surveillance goes both ways...

Key Civil Liberties Votes in Congress

Click on a bill below to see how your Representative or Senators voted.

Wednesday, October 18, 2006

I guess Microsoft didn't want to wait until Thursday. Also this is not what I expected – it's a guide for developers, not corporate policy. Could be useful though if we ever have to take MS to task...

Microsoft releases guidelines for customer privacy

To counter accusations of misuse of consumer records, Redmond offers up recommendations for software developers

By Elizabeth Montalbano, IDG News Service October 17, 2006

Criticized in the past for an initiative that would require the company to collect and catalog personal information about its customers, Microsoft on Tuesday released an internal document about how it protects customers' privacy in the hopes other companies will adopt similar practices.

The company publicly published a 49-page document, called Microsoft’s Privacy Guidelines for Developing Software Products and Services, at the International Association of Privacy Professionals Privacy Academy 2006 in Toronto.

Often insightful...

Ten security trends worth watching

Systems are growing more complex and cybercriminals more sophisticated, but it's often an enterprise's own users that pose the biggest threat

By Sumner Lemon, IDG News Service October 18, 2006

In a keynote speech that was webcast at last month's Hack in the Box Security Conference in Kuala Lumpur, Malaysia, Bruce Schneier, chief technology officer of U.S.-based managed security services provider Counterpane Internet Security, identified 10 trends affecting information security today.

Schneier outlined the following:

1.) Information is more valuable than ever. For example, relies on information to make purchasing of books easier through its one-click purchasing system. Similarly, when Internet retailer went belly-up, the company's database of customers "was the only asset of value they had," he said.

Information also has value for controlling access, such as single sign-on and authentication for users, and law enforcement, which uses information to help track criminals and gather evidence.

2.) Networks are critical infrastructure. The Internet was not designed to serve as critical infrastructure. "It just sort of happened," Schneier said, noting that hasn't stopped more critical systems from migrating to the Internet. The Internet helps companies run more efficiently and eases communication between people, but there are real economic risks involved. "If the Net goes down, or part of the Net goes down, it really affects the economy," he said.

3.) Users do not necessarily control information about themselves. For example, Internet service providers have control over records of the Web sites that users visit and e-mail messages they send and receive. Also, some mobile operators keep a copy of users' phone books on their servers.

"There's a lot of value in information about you," Schneier said. "But you have no control over the security of that information, even though it may be highly personal."

4.) Hacking is increasingly a criminal profession. Hacking is no longer for hobbyists. More and more, attacks are organized and led by criminals who are driven by a profit motive. "The nature of the attacks is changing because the adversary is changing," Schneier said. Extortion related to denial of service attacks and phishing attacks are two examples of criminal attacks. In addition, there is a black market for exploits that allow attackers to penetrate corporate IT systems.

5.) Complexity is your enemy. "As systems get more complex they get less secure," Schneier said, calling the Internet "the most complex machine ever built." Advances in security technology simply have not kept pace with the Internet's growth. "Security is getting better, but complexity is getting worse faster," Schneier said.

6.) Attacks are faster than patches. New vulnerabilities and exploits are being discovered faster than vendors can patch them. In other cases, vulnerabilities in some embedded systems, such as Cisco Systems routers, cannot be patched, leaving companies vulnerable.

7.) Worms are more sophisticated than ever. They already contain vulnerability assessment tools, and are scanning corporate defenses for weaknesses and using Google for intelligence gathering. "This trend is a result of more worms being criminal."

8.) The end point is the weakest link. "It doesn't matter how good your authentication schemes are if the remote computer isn't trustworthy," Schneier said. In many cases, computers outside your company's security are the weakest link. [i. e. Contractor and Client computers Bob] These computers are often infected with worms and spyware, presenting an opportunity for attackers.

9.) End-users are seen as threats. Companies are increasingly developing software that is intended to defend against the end-user, Schneier said, citing DRM (digital rights management) software as an example. "More and more we're seeing security that doesn't protect the user, but protects against the user." In at least one case, involving DRM software installed by Sony without users' permission, the software caused damage to the end-user's computer. "Rules and regulation around this is going to be a big battleground," Schneier said, predicting that a battle will be fought between PC software that is protecting the user and software that is designed to protect against the user.

10.) Regulations will drive security audits. There’s no shortage of regulations that detail how companies should handle data. Regulations such as the Sarbanes-Oxley Act will be the driving force behind corporate security audits.

Marketing opportunities are where you find them.

Apple: "How to remove the Windows virus"

Posted by Sean @ 11:06 GMT Wednesday, October 18, 2006

First McDonald's and now Apple.

Apple Support has a very interesting notice available today. It seems that some of the iPod (video) units available for purchase from September 12th contain the RavMonE.exe virus. More details are available from:

Also of interest is Apple's framing of this support issue. Note that the notice is located in a sub-folder named "WindowsVirus" rather than "virus". In fact, the words "Windows Virus" appear eight times while the actual name of the virus - RavMonE.exe - is mentioned only twice. Let's be clear, some Apple iPods have shipped with a virus that affects mass storage devices. So it might not be a Mac OS or an iPod issue. But this is an Apple issue, not just Windows.

"Small number", "less than 1%", "less than 25", "and easy to restore" are also mentioned frequently in the notice. With more than eight million iPods shipped in Apple's third quarter we would be interested in a raw number for that 1% effected by this. What's one percent of a few million?

From the notice: "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it." Whom do you think the people that bought those iPods will be more upset with?


Scholarly Electronic Publishing Bibliography 10th Anniversary

Filed under: Reference

Congratulations to Charles Bailey for making the 10th anniversary of the Scholarly Electronic Publishing Bibliography! For those of you playing along at home, this is version 64, and covers over 2,750 articles, books, and other resources related to scholarly electronic publishing online.

The HTML version is available at .

Someday, every judge will have two blogs – pro and con...

Project Posner

Tim Wu and Stuart Sierra have built “Project Posner” — a free database of all of Judge Posner’s opinions. There isn’t a federal judge I respect more, both as a judge and person, and while I clerked for him, I can claim credit for only one thing that he’s done: The Posner-Becker Blog.

posted by [ Lessig ] on [ Oct 18 06 at 12:35 AM ]

It's Election Season, And The Web Is Letting You Know How Much Your Elected Officials Cost You

from the who-needs-a-law-for-transparency? dept

The bipartisan "transparency" bill sponsored by Tom Coburn and Barack Obama has received plenty of attention for at least shining some amount of light on the pork and back scratching that gets thrown into various bills and laws. However, you don't always need someone to pass a law to get transparency. While things like real-time fact checking may not be all that useful to the political process, taking existing data and making it easier to access can be quite helpful. We've already seen that with a bunch of online sites, such as those who track where political donations come from. Now, the website Washington Watch has launched a new effort as we head into election season to shine some more of that transparency light on politicians. It's showing just how much various laws passed by the last Congress cost or saved each American household. Of course, in some ways, it's a little unfair to reduce everything simply to a dollar amount. After all, some things are worth spending money on. However, it does provide yet another way to look at the data that most people never had access to previously.

Not all strategic decisions are wise...

Removing Features Is Not An Upgrade

from the strategic-stupidity dept

It's sometimes amazing at how the entertainment industry seems to make strategically backwards decisions sometimes. Just as they're finally recognizing that they really do need to compete with free -- and that that's absolutely possible -- someone goes and does the opposite. The way you compete with free is by embracing free as a promotional mechanism and then offering something else or something more that's worth paying for, that people want to pay for and that they don't mind paying for. It's about increasing value. Not so hard really... though you'd never believe it to watch the way the industry acts sometimes. The latest, as sent to us by John is an Engadget posting about Creative sending a firmware "update" to a few of its portable media players that fixes some bugs... and also disables the previously available feature for recording FM radio. Yes, this is a feature that existed one moment and is now gone. It's a feature that people may have paid extra for. It's a feature that may have convinced people to buy the Creative device for over the competition. And, for some reason, it's now gone. Hopefully, it's just an error -- but if it really is at the urging of the recording industry (as many are assuming -- perhaps too quickly), then it's a huge step in the wrong direction. It's trying to compete by making your own product less valuable, rather than increasing the value and offering something that's worth paying for. So, hopefully this is a mistake, but if it was done on purpose, it's definitely a step backwards.

Typical strategy? Beat up on the small players to establish precedent, then go for the gold?

Universal Music Sues Grouper and, YouTube Escapes

October 17, 2006 Pete Cashmore

The story everyone expected to see this week was a major media company suing YouTube over copyright. Well, Universal Music has indeed sued some video-sharing companies today, but thanks to a deal struck with YouTube last week, the market leader escaped unharmed. Instead it’s two smaller players - and Grouper - that face the wrath of Universal’s lawyers and a possible $150,000 in damages for every infringement.

Universal says that thousands of videos are being shared without permission, which would put the total figure owed in the hundreds of millions. According to Reuters, the charge is “copying, reformatting, distributing and creating derivative works from Universal’s musicians”. As it happens, the $150,000 figure is pretty standard in these cases: it’s the amount that News Corp, NBC Universal and Viacom could sue YouTube for if the site doesn’t offer them a decent cut of the revenue. A Universal spokesperson is quoted as saying “Grouper and Bolt… cannot reasonably expect to build their business on the backs of our content and the hard work of our artists and songwriters without permission and without compensating the content creators”. The lawsuit was filed in the U.S. District Court, Central District of California, late today.

It’s very strange that and Grouper in particular were called out, while Metacafe, MySpace Video, Guba, vSocial, Veoh and big players like Google Video have so far avoided any issues - none of these sites encourage the sharing of copyrighted content and all of them take it down when alerted, but the uploading of infringing material is inevitable when you run a decently-sized video sharing service. Grouper operates a P2P network which might be somewhat shady, but Bolt works just like YouTube and the other video-sharing services. It’s not even a particularly high-profile site. Universal, however, are comparing the services to Kazaa and Napster, which will seriously worry the parties involved. We can only assume that Universal at least approached the sites about the issue, or that they’ve been considering their options for a long time. Perhaps they spoke to a number of companies and YouTube were more willing to co-operate - we simply don’t know right now.

This lawsuit is almost certainly going to set the precedent for future legal action involving video sharing sites - everybody will be following the story closely.

On the other hand...

The Good News About 'GooTube'

webtech submitted by webtech 15 hours 9 minutes ago (via,71943-0.html?tw=wn_index_7 )

As users fret about what YouTube/Google's label deals mean for the site's copyright-protected content, the silver lining goes unnoticed: Anyone can now legally make music videos using copyright music and upload them to GooTube. Commentary by Eliot Van Buskirk.

Not bad...

Google to score ad revenues coup: eMarketer

By Ben Charny, MarketWatch Last Update: 6:23 PM ET Oct 16, 2006

SAN FRANCISCO (MarketWatch) -- Google Inc. is on track in 2006 to become the first company ever to pocket 25% of all U.S. online ad spending in a calendar year, according to a new report from eMarketer, an online ad tracker.

For 2006, Google's expected to report U.S. advertising revenues of $4 billion of the $16 billion expected to be spent in 2006 this year in this regard.

Google's U.S. ad revenues represent a 65% jump from the $2.4 billion in comparable revenues Google reported last year, according to the upcoming eMarketer report.

The newly-revised figures eMarketer is to formally release Tuesday demonstrates how Google continues to pull away from Yahoo Inc., which is ranked second in this important revenue category.

,,, In 2005, Yahoo and Google had virtually the same amount of U.S. ad revenues. Yet by the end of 2006, Google is expected to pocket almost twice the amount of U.S. ad revenues as Yahoo, according to the new eMarketer report.