Wednesday, April 04, 2007

Sure to be a big debate?

http://www.boston.com/news/local/articles/2007/04/04/some_see_scans_for_lunch_as_taste_of_big_brother/

Some see scans for lunch as taste of Big Brother

Taunton schools to use fingerprints

By Maria Sacchetti, Globe Staff | April 4, 2007

Taunton schools this spring could become the first in Massachusetts to have students pay for lunch by scanning their fingerprints, a plan that is triggering an uproar among parents and ACLU officials worried about privacy and possible identity theft.

... School officials say the new system will speed the cafeteria line, possibly let parents monitor what children eat, and lift the stigma from poor students who receive free or reduced-price lunches. They say the system is secure because the fingerprint image is never stored, only a numeric representation of it. [Perhaps they need to actually read the definition of secure... If I have that number, what can I do? Bob]

The school superintendent initially said the plan was mandatory, but faced with opposition, decided to make it voluntary.

... Still, some parents are concerned that the fingerprints their children register with the school district could be stolen, misplaced, or used for a form of fraud that hasn't even been invented.

They note that supermarkets and retail stores have had customer information compromised, and argue that there are no state guidelines for schools using the technology. The parents also say they are skeptical that the 8,100-student Taunton school system can keep their children's information secure.

... Malvern, Pa.-based identiMetrics, a leading vendor, said hundreds of schools nationwide use its system, including nearly a third of the school districts in West Virginia and a private enrichment center for children in Wellesley.

... Sarah Wunsch , a staff attorney with the American Civil Liberties Union of Massachusetts, said in a letter to Taunton Superintendent Arthur W. Stellar that teaching students to be casually fingerprinted is "the wrong lesson."

She said she was concerned that a child's fingerprint could be re-created from the mathematical formula used for the unique identification number, and used for identity theft. [It couldn't be that easy, could it? Well, we don't know, do we? Bob]

... Other states are facing similar battles. Iowa passed a law in 2005 effectively banning finger-scanning technology in schools. Illinois is considering regulations, and a school system in California has nixed fingerprinting.

... Taunton schools will probably use it to alert cafeteria workers of a student's food allergies, [How far can we take this? Bob] and may allow parents to keep track of how much their students eat.



Note that this was the employee's computer, not his employer's...

http://www.kten.com/Global/story.asp?S=6322345&nav=menu410_3_1_6

Court: Personal computer at work not always private

DENVER A federal appeals court affirms today that an Oklahoma man who allegedly had child pornography on a personal computer he used at work didn't have a reasonable expectation of privacy for that machine.

A three-judge panel from the 10th U-S Circuit Court of Appeals in Denver made the ruling in the case of Michael Barrows, a former treasurer for the city of Glencoe.

Barrows was sentenced to 6-and-a-half years in prison on child pornography charges.

In 2005, Barrows had to share a work computer with the city clerk. He brought in his own computer and networked it to the city computer so they could access records at the same time.

When the city computer started having problems, the clerk asked a passing police officer to help her. The ruling noted that the officer found the child pornography on Barrows' computer.

The appeals court says that because Barrows used his computer in a public space, connected it to the city network, and didn't protect his computer with a password, he had no reasonable expectation to privacy.

[Opinion: http://www.ck10.uscourts.gov/opinions/06/06-6274.pdf



This is still simmering, think it might bubble up?

http://www.reuters.com/article/domesticNews/idUSN0427711620070404

Fired Wal-Mart worker claims surveillance ops: report

Wed Apr 4, 2007 2:51AM EDT

NEW YORK (Reuters) - The Wal-Mart Stores Inc. worker fired last month for intercepting a reporter's phone calls says he was part of a larger, sophisticated surveillance operation that included snooping not only on employees, but also on critics, stockholders and the consulting firm McKinsey & Co., The Wall Street Journal reported.

... The company also deployed cutting-edge monitoring systems made by a supplier to the Defense Department that allowed it to capture and record the actions of anyone connected to its global computer network, the Journal said.

The company fired Gabbard, a 19-year employee, last month for unauthorized recording of calls to and from a New York Times reporter and for intercepting pager messages. Wal-Mart conducted an internal investigation of Gabbard and his group's activities, fired his supervisor and demoted a vice president over the group.



The data is out there!” (Not the X Files)

http://159.54.226.83/apps/pbcs.dll/article?AID=/20070404/OPINION/704040309/1050

If you vote, your identity is for sale by Oregon

April 4, 2007

Your identity is for sale by the state of Oregon. If you are a registered voter, you should be aware that anyone can purchase your personal information (name, address, phone number, date of birth, gender, political party) from any county elections office or the secretary of state's office. I know, because I recently purchased 175,000 records for Marion, Polk, Multnomah and Washington counties, no questions asked. I was actually offered 1.9 million records.



How secure is your home WiFi net?

http://hardware.slashdot.org/article.pl?sid=07/04/03/2116239&from=rss

WEP Broken Even Worse

Posted by kdawson on Tuesday April 03, @05:43PM from the give-me-a-minute dept.

collin.m writes in with news of results out of Darmstadt. Erik Tews and others there have demonstrated how to recover a 104-bit WEP key in under a minute, requiring the capture of fewer than 10% the number of packets the previous best method called for. The paper is here (PDF). Quoting: "We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets... for 85,000 data packets [the success probability is] about 95%... 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz..."



Think about this...

http://techdirt.com/articles/20070403/090135.shtml

Agency Tasked With Keeping Nuclear Secrets Can't Keep Track Of Its Computers

from the good-to-know dept

Stories about government agencies losing computers with sensitive information have become depressingly common. Last month it was revealed that the FBI tends to lose three or four laptops every month, either through theft or carelessness. But the FBI can feel better about itself knowing it's not the only agency with this problem. An audit of the National Nuclear Security Agency found that it's lost 20 desktop computers (how do you misplace those?) and that some of the computers it is using were not part of its official inventory. [A classic Trojan Horse technique. Use my computer and every night it will “phone home” and tell me what you did. Bob] Since the NNSA's job is to safeguard the country's nuclear secrets, this news is not particularly comforting. What makes it even worse is the fact that the agency has failed 13 of these audits over the last four years, so it's not as though this news could be characterized as a wake up call that will prompt better practices. Nope, it looks like the government, across many agencies, is chronically ill-equipped to keep track of its own belongings (though it's not as if that's any surprise).



I mentioned this yesterday, but didn't catch the bit about telling the FBI... Another “Second Class Citizen” rule?

http://techdirt.com/articles/20070403/085018.shtml

FCC Creates New Anti-Pretexting Rules -- Makes Sure The FBI Knows About Your Leaked Data Before You Do

from the take-your-time-informing-customers dept

The concept of "pretexting" got a lot of attention when HP's CEO used it to spy on the phone calls of board members and the press in trying to stop information leaks from the board. However, it's been a problem for quite some time. Of course, the real problem was that the mobile operators were leaking this data without any protections to make sure that the person they were giving the info to was authorized to have it. However, every time such a story came out, the mobile operators tried to blame everyone else for their own failure to protect the data. The FCC has taken its time, but has finally ruled that mobile operators cannot release data over the phone without a password and need to let customers know if there are changes to their account. Why the operators hadn't done this already to protect their customers isn't readily explained. Of course, all this really means is that pretexters will need to come up with a new scheme to figure out how to get passwords out of people before accessing their phone records.

There is one other interesting side note in the FCC's ruling. Matthew Lasar notes that the ruling also includes that the operators need to inform the FBI about data leaks quickly, but can take their time informing the customers whose data was actually leaked. Apparently, the FBI lobbied for this particular rule, because they were afraid if customers involved in illegal activities found out their data was leaked, it would cause them to destroy evidence, potentially ruining investigations. This doesn't make much sense... unless it turned out that the FBI was using pretexting itself, rather than going through the process of getting subpoenas and search warrants. You would think that as long as the FBI went through the proper channels to get the info they needed, investigations wouldn't be harmed -- but perhaps we should know better than to expect such things.



http://techdirt.com/articles/20070403/183804.shtml

Study Says Over 90% Of YouTube Videos Are Not Infringing Copyrights (Sorta, Not Really)

from the not-entirely dept

Kevin writes "A new study by industry analyst Vidmeter shows that more than 90% of videos on YouTube are not infringing of copyright." As the blog post notes, the methodology is questionable, as they only count videos that have been successfully taken down as infringing, rather than actually looking at the content to see what's infringing and what's not. That certainly could mean that plenty of the other content is infringing, but no one has sent a takedown notice about it (either because they don't know about it, don't care about it or are too lazy to do anything about it). The study also found that those infringing clips also represented less than 6% of the views on YouTube -- which certainly is a worthwhile data point. If anything, it suggests that Viacom and the other Hollywood players are exaggerating just how much of their content YouTube relies on for traffic. The idea that YouTube's success is built entirely around infringing content has always been an exaggeration, and it's nice to see at least some attempts to show what the actual numbers are. Hopefully there are more studies on the way that will look more closely at the content to get an idea of what the actual split is.

[The report: http://www.vidmeter.com/i/vidmeter_copyright_report.pdf



Have I just been patented?

http://yro.slashdot.org/article.pl?sid=07/04/03/2211258&from=rss

Amazon Patents Humans Assisting Computers

Posted by kdawson on Tuesday April 03, @07:54PM from the mechanical-turk dept. Patents

theodp writes "Amazon's latest patent, the Hybrid Machine/Human Computing Arrangement, reads like scary sci-fi, with claims covering the use of humans 'of college educated, at most high school educated, at most elementary school educated, and not formally educated' to perform subtasks dispatched by a computer. From the patent: 'For examples, the task on hand requires French speaking humans, and Task Server has requested that each subtask be performed by at least 10 humans with a past accuracy record of at least 90%.' Yikes."


Perhaps we need the Amazon patent...

http://news.com.com/2061-10788_3-6173035.html?part=rss&tag=2547-1_3-0-5&subj=news

Annual H-1B visa cap met--already

April 3, 2007 2:53 PM PDT

Add to your del.icio.usdel.icio.us Digg this storyDigg this

The rush by companies, particularly of the high-tech persuasion, to apply for H-1B visas has come to an end--only one day after it began.

... Last year, it took about two months for USCIS to receive enough petitions to exhaust its visa quota. High-tech industry associations said the current state of affairs points to the need for Congress to raise the H-1B cap.



So, am I a library or a store? (Can't I be the front porch of my home? How about the back fence?)

http://news.com.com/2010-1030_3-6172900.html?part=rss&tag=2547-1_3-0-5&subj=news

A cyberspace update for hoary legal doctrine

By Eric J. Sinrod Story last modified Wed Apr 04 04:00:02 PDT 2007

The ancient legal doctrine of trespass to chattels establishes liability when one person dispossesses or causes physical harm to the chattel (private property) of another person. What does that doctrine have to do with conduct in cyberspace? Quite a lot, actually.

Information technology development continues to advance at an astonishing pace, and with the law evolving at a much slower rate, traditional legal theories have had to be dusted off to grapple with Internet disputes. The best example is the application by the courts of the trespass to chattels notion to the new world of the Internet.

Some of the first Internet trespass cases involved unsolicited commercial e-mail (aka spam). For example, in the Compuserve v. Cyber Promotions case, the court sustained an Internet service provider's claims of trespass against a spammer who sent bulk e-mail spam to the ISP's members.

Other courts have found spam generators liable for trespass to chattels when they sent spam through another's computer facility. A case in point is AOL v. LCGM, in which the defendant transmitted more than 92 million e-mail messages to AOL members while advertising pornographic Web sites, and which resulted in 450,000 complaints to AOL. The court held that the e-mail practices constituted trespass to chattels.

And in AOL v. IMS, the defendants sent 60 million messages to AOL members, many of which contained AOL.com as a falsified return address in the header. The court held that the defendant's unauthorized contact with AOL's computer network amounted to trespass to chattels.

More recently, with spam messages finding their way onto cell phones, Verizon Wireless has filed suit against various cell phone spammers, asserting various causes of action, including trespass to chattels.

Furthermore, in Kerrins v. Intermix Media, a court held that trespass is a viable legal theory to address alleged distribution of spyware and adware programs.

It appears that the model behind these decisions is that the Internet is like a series of private stores, where Web sites can determine under what circumstances people can gain access and use information. This point is best brought home by the case of eBay v. Bidder's Edge.

In that case, Bidder's Edge, by using a Web-crawling program, or "spider," compiled listings for specific items from various online auctions, including eBay, and placed them on the Bidder's Edge site. eBay asserted that this practice trespassed its servers. Bidder's Edge argued that it merely was providing a service by compiling information from the public domain.

The judge granted a preliminary injunction in favor of eBay on the basis that Bidder's Edge's spider, along with potential spiders of other companies, if allowed, could slow down eBay's servers. [Any access does. If I aggressively access eBay manually, is that as bad as slowly accessing via software? At what point does accessing public areas become trespass? When the owner says so? Bob] The judge noted that "eBay's servers are private property, conditional access to which eBay grants the public." This, obviously, represents the private store model of the Internet.

However, there are some courts that instead have adopted a public library view of the Internet, where people can access Web sites and information as they deem fit.

This was true with respect to the case of Ticketmaster v. Tickets.com. There, Tickets.com, by deep linking, had made Ticketmaster tickets directly available on the Tickets.com site while bypassing the gateway advertising pages on the Ticketmaster site.

Ticketmaster raised the trespass theory, but it failed on a preliminary injunction motion. The judge found that the Web crawlers used by Tickets.com to temporarily copy information from the Ticketmaster site did not come within the ambit of what the trespass laws were designed to redress.

Also, the trespass theory did not succeed factually in the case of Intel v. Hamidi. In that case, a former employee sent six waves of thousands of e-mails to Intel employees over a two-year period complaining about Intel's personnel practices. The California Supreme Court ruled in favor of the former employee and against Intel, because Intel had not proven damage to its computers or their usefulness. Perhaps this decision then embraces the public library model of the Internet when it comes simply to accessing and using information on the Internet.

Still, in the main, it seems that the trespass to chattels legal theory is alive and well in cyberspace, especially when aggrieved parties can show actual harm or interference with their computer systems.

Does this matter? Yes, indeed. There need to be mechanisms to resolve disputes, even, and perhaps especially, in new contexts.



I can think of a few applications for this...

http://digg.com/design/Combine_Google_Maps_With_Your_Photo_Album

Combine Google Maps With Your Photo Album

This site has a tutorial on using Google Maps with your photo album. Looks awesome. Each album has a latitude and longitude so it shows up as a pin on a map of the world. When you click a pin, up pops the highlight photo for the albums at that location. Makes a great front page to a gallery. Includes a demo with 200 albums.

http://gallery.jobemedia.org/map_about.html


This would not be one of them...

http://digg.com/general_sciences/Map_that_shows_where_evolution_is_taught_in_schools

Map that shows where evolution is taught in schools

Wow! It's like the whole Red-State vs. Blue-State thing all over again.

http://strangemaps.wordpress.com/2007/04/03/97-%E2%80%93-where-and-how-evolution-is-taught-in-the-us/



It used to be a few students doodling in their notebooks, now it's online.

http://www.timesonline.co.uk/tol/news/uk/education/article1610447.ece

Teachers to sue over online humiliation at hands of pupils

Alexandra Frean, Education Editor From The Times April 4, 2007

Teachers are threatening to sue websites that allow pupils to post abuse and humiliating videoclips and photographs taken on mobile phones on the internet.

One of the worst cases involved a woman teacher who discovered that a photograph of her face had been superimposed on a naked body and circulated. Another teacher learnt that a female pupil had posted lies about her sex life on the internet. Other teachers have had cleavages or underwear photographed while they were bending over.

... Andy Brown, a drama teacher from Northern Ireland, cautioned that some teachers might even be losing out on jobs because employers were using such websites to help to select candidates. [Would you want to work for people who can't tell fact from fantasy? Bob]

.Mr Brown, who claims to have been the target of website abuse by a pupil, said that the internet gave malicious children a far wider audience for their pranks and vitriol than any medium in the past. “Could you imagine the outcry if we started a website that allowed teachers to say whatever they wanted about pupils? ‘Jim is a useless lump, who couldn’t succeed in this subject even if I did the exam for him’; ‘Sally will do her best work on her back’; ‘Tony needs to eat a few less pies’ . . .” he said. [Talk about vicious! Bob]



Maybe Steve is smarter... (Remember, you don't need total victory today, you only need to dictate how fast the industry moves...)

http://www.wired.com/entertainment/music/news/2007/04/cultofmac_0403

How Steve Jobs Calls the Tunes

04.03.07 | 12:00 AM

Steve Jobs' new partnership with EMI to sell music without copy protection is a lesson in how to wield power in the digital age.

Carefully and strategically, Jobs set up the pieces to create a new business model for online music -- one without copy protection -- and now we're starting to see the dominos fall.

The first to topple is EMI, the smallest and weakest of the big four record labels. With EMI on board, the other record labels must act. Either they join the DRM-free party, or hold out like dinosaurs from a bygone, locked-down age.

A key move that brought them to the table was his February open letter critiquing DRM copy-protection systems -- the first time to my knowledge that Jobs has expressed his thinking in such detail.

At the time, Jobs' letter seemed to be in response to several European governments that were making threats to break the lock between iTunes and the iPod. Now the open letter looks like a lever to weaken the position of the record labels at the negotiating table.

Jobs wrote:

"Imagine a world where every online store sells DRM-free music encoded in open licensable formats. In such a world, any player can play music purchased from any store, and any store can sell music which is playable on all players. This is clearly the best alternative for consumers, and Apple would embrace it in a heartbeat. If the big four music companies would license Apple their music without the requirement that it be protected with a DRM, we would switch to selling only DRM-free music on our iTunes store."

With the letter, Jobs planted the idea that DRM is the wrong way to run an online music business. Since its publication two months ago, the letter has created a broad consensus that the current copy-protected system isn't working, and puts considerable pressure on the labels to drop DRM. When Jobs published the letter, he likely already had EMI in his back pocket, and now the other labels are on the defensive.

The open letter also allowed Jobs to take a leadership position on the copy protection issue. Thanks to the letter, Monday's deal looks like it was his idea, not EMI's. If Jobs' hadn't published the letter, or published it now after the fact, people would assume EMI came to Apple with idea -- now it appears the other way around.

Only Jobs has the power and the cojones to make such a move.

Only Jobs could so boldly rip down the system he had previously built -- the iTunes music store, which is the most-successful online store (perhaps the only one), which was built on copy-protected music, and force the music industry to follow suit. He's tearing down the old system for something much more modern -- high-fidelity tracks that can be played on any device. Oddly for a business leader with a reputation for tight control and lock in, Jobs is ceding control of a locked-down format in favor of a much bigger, open market.

The move is sure to remake the online music business. The old DRM system is going to be swept aside in favor of a much more open approach. Jobs is already confident his power plays will work. In a statement on Monday, Jobs said he expects half of the songs on iTunes will be sold DRM-free by the end of the year.

It will also have ramifications for other digital media further down the line -- maybe movies, Jobs' other business.



How perceptive!

http://www.forbes.com/security/2007/04/03/comscore-ipo-privacy-tech-security-cx_ll_0404comscore.html

Tracking The Trackers

Lisa Lerer, 04.04.07, 6:00 AM ET

Does ComScore have a privacy problem?

The Web-traffic tracking company has faced complaints in the past that its software has been unwittingly installed by users who don't realize the company is following their Internet use. And in general, ComScore executives have dismissed those concerns as unwarranted.

But in documents filed with Securities and Exchange Commission this week, the company acknowledges that simply the perception of a problem is a problem.

The Reston, Va.-based company registered for an initial public offering Monday that could raise as much as $86.3 million. In ComScore's initial S-1 prospectus filing, the company argues that while it doesn't consider its tracking software to be spyware, others may disagree.

No comments: