Saturday, June 02, 2007

Does this merit Class Action attention? (If not, why not?) and it this part of Steve Jobs strategy to destroy the RIAA?

Personal data found hidden in iTunes tracks

Names, e-mails and other sensitive information embedded in files

Rhys Blakely From Times Online June 1, 2007

Fresh privacy fears have been sparked after it emerged that Apple has embedded personal information into music files bought from its iTunes online music store.

Technology websites examining iTunes products discovered that personal data, including the name and e-mail addresses of purchasers, are embedded into the AAC files that Apple uses to distribute music tracks.

The information is also included in tracks sold under Apple’s iTunes Plus system, launched this week, where users pay a premium for music that is free from the controversial digital rights (DRM) software that is designed to safeguard against piracy.

The Electronic Freedom Foundation, the online consumer rights group, added that it had identified a large amount of additional unaccounted-for information in iTunes files. It said it was possible that the data could be used to “watermark” tracks so that the original purchaser could be tracked down were a track to appear on a file-sharing network.

... The discovery of the data, of which most iTunes users will have been unaware, underscores the reluctance of music groups to allow music to circulate freely over the web.

... Apple had sought to present itself as a consumer champion, with the group’s chief executive, Steve Jobs, insisting earlier this year that his company would drop DRM “in a heartbeat” if allowed to by the labels.

... Online music sales still account for only 10 per cent of the total market and are not yet growing at a rate which compensates for the decline in revenues from CDs – approximately 2 to 3 per cent per year. [Parallels the Porn industry (see article below) with no compensating business model. Bob]

All too common.,,2093524,00.html

Mortgage customers' details lost in the post

By Jill Treanor Friday June 1, 2007 Guardian Unlimited

An estimated two-thirds of Bank of Scotland's mortgage customers could be vulnerable to fraud after a computer disk containing their details was lost in the post.

The Edinburgh-based arm of the HBOS banking group was apologising to 62,000 customers today but trying to reassure them that the risk of a fraud being committed with the details lost was "almost impossible".

See what I mean... (Story contains all the normal “I'm a bad manager” statements)

Fresno Co. loses track of sensitive data

Information on thousands of health workers, clients on missing disk.

By Kerri Ginis / The Fresno Bee 06/01/07 04:59:26

Fresno County officials are desperately searching for a missing computer disk that contains the names, addresses, Social Security numbers and other personal information for thousands of home health care workers and the thousands of clients they serve.

The disk, which was being used to determine workers' eligibility for health care benefits, was lost last week after the county sent it via a courier to a software vendor's office in San Jose.

"We've been doing this for three years and there has never been a glitch," said Kristin Bengyel, executive director of the county's In-Home Supportive Services Public Authority, which oversees training and support for the county's 10,000 home-care workers. "But it's missing and we don't know what happened."

County officials are hoping the disk will turn up and don't know that any of the personal information has been compromised.

But with identify theft on the rise throughout the United States, county officials suggest that health care workers and their 10,000 elderly, blind and disabled clients [One worker per client? Bob] check their credit reports for suspicious activity.

... Officials don't know how many people had their information contained on the disk.

Not much of a story. Is this type of breach too common to be news? (There was a Northwestern ad next to the story. Paying to keep them quiet?),1,4642849.story?coll=chi-news-hed

Personal data leaked from NU computer files

Published June 2, 2007

CHICAGO -- The personal information of about 4,000 people associated with Northwestern University's medical school ended up online in a security breach, officials said on Friday.

The leaked files were from a university computer and contained the names and personal identification information for people who applied to or attended the university's Integrated Graduate Program in the Life Sciences between 1991 and 2007, according to a statement.

When the breach was discovered recently, the university's technical support staff shut down the computer.

The ultimate summary...

Data “Dysprotection” Weekend Roundup for Week Ending June 1 (update1)

Friday June 01st 2007, 4:43 pm

Will these lessons stay learned? History says no... Do these “lessons” translate to all IT users? Fat chance – see above.

One year later: Five lessons learned from the VA data breach

Jaikumar Vijayan June 01, 2007 (Computerworld)

It's been just over a year since the U.S. Department of Veterans Affairs disclosed that a laptop PC and external hard disk containing personal data on 26.5 million veterans and active-duty military personnel were stolen from the home of a VA employee.

The disclosure sparked widespread concern over the perceived lack of information security controls at the agency. It prompted a sweeping overhaul of the agency's IT organization including top-level personnel changes and a centralization of all IT development, operations and maintenance activities at the VA.

Both the laptop and disk were later recovered by the FBI, which also certified that the data had been untouched. Even so, the massive scope of the compromise and the attention it generated has driven considerable change in information security policies not just at the VA, but governmentwide, analysts and vendor executives said.

... Here are five lessons learned ....

1. A greater focus on data encryption within government

2. Stronger breach notification guidelines within agencies

3. More attention to data retention, classification and minimization

4. Stronger remote access policies

5. More authority for agency CIOs

What implications for the world's most surveilled society? Will they drop out of the EU?

College fined for listening in to employee's calls

1 June 2007

case report

Lynette Copland, a secretary at Carmarthenshire College, was awarded 3,000 euros plus costs of double that by the European Court of Human Rights in the case of Copland v. UK after succeeding in a challenge against her employer and the UK Government (the College being a statutory body, publicly funded and administered by the state).

A senior member of staff at the college secretly monitored Ms Copland's telephone calls, email correspondence and internet usage, allegedly for 18 months, without her consent. Ms Copland claimed her employer's activity breached her rights under Article 8 of the European Convention of Human Rights, which provides that "everyone has the right to respect for his private and family life, his home and his correspondence".

An interesting article. (And lots of amusing quotes.) It seems to be saying that even if the RIAA changes its business model today, it is too late. The model I suggested earlier (do the tech for the content producers) seems the most viable.

For Pornographers, Internet’s Virtues Turn to Vices

By MATT RICHTEL Published: June 2, 2007

The Internet was supposed to be a tremendous boon for the pornography industry, creating a global market of images and videos accessible from the privacy of a home computer. For a time it worked, with wider distribution and social acceptance driving a steady increase in sales.

But now the established pornography business is in decline — and the Internet is being held responsible. [Hey, ya gotta blame someone! Bob]

The online availability of free or low-cost photos and videos has begun to take a fierce toll on sales of X-rated DVDs. Inexpensive digital technology has paved the way for aspiring amateur pornographers, [Now there's a hobby! Bob] who are flooding the market, while everyone in the industry is giving away more material to lure paying customers. [See RIAA? It works. Bob]

... After years of essentially steady increases, sales and rentals of pornographic videos were $3.62 billion in 2006, down from $4.28 billion in 2005, according to estimates by AVN, an industry trade publication.

... The industry’s online revenue is substantial but is not growing quickly enough to make up for the drop in video income.

... “The barrier to get into the industry is so low: you need a video camera and a couple of people who will have sex,” Mr. Fishbein said.

. The more traditional pornographic film companies are not giving up, of course. They say they have an answer to the new competition: quality.

They are seeking to differentiate themselves from makers of inexpensive films by selling with fancier packaging in stores or through slicker Web sites, and by using better cameras and more experienced directors and performers. They are banking that viewers will be discerning when it comes to sex.

... One site operated by Adult Entertainment Broadcast Network has 200,000 videos, [No link? I'll have to Google it. Bob] many of them submitted by amateur videographers, said Scott Coffman, the company’s president.

... Mr. Coffman said he was not in the business of giving away content. About half the videos submitted to the site, he said, are from pornographic movie companies looking to get viewers interested and persuade them to pay for a longer download or DVD. Some companies pay to have their clips displayed on the site, and some give it a cut of the revenue if a visitor turns into a customer.

... Mr. Ulele said his company could pay $500 to $600 a day to get its short clips listed prominently on popular video clearinghouses. He said that fee could be justified by the rates at which people follow through: 1 in 1,000 viewers of the free content click onto his site, he said, and 1 in 600 of those might buy something — a subscription, DVD or other product. [One in 600,000 buys something, and that makes a $600/day investment worth while? Bob]

Toward ubiquitous surveillance

Public urged to record crime with cameraphones

Central photo and movie database means it's a fair cop

Andrew Charlesworth, 01 Jun 2007

Europeans will soon be encouraged to use cameraphones to photograph and video criminal activity to send directly to a national police database.

Dutch technology consultancy Waleli has developed MMS-witness, a system which enables citizens to send photographs or movies to a central police database as part of an emergency call.

Once viewed, the photographs or video can be sent to beat officers to increase the chances of a successful arrest or kept as evidence in further investigations.

The concept is in its very early stages. Waleli has conducted a few experiments with police in Rotterdam and is to approach forces in Sweden in conjunction with Ericsson, Waleli chief executive Siete Hamminga told

... However, there are some major issues which need to be resolved before MMS-witness can be used by the public.

These include dealing with false reports and very large volumes of reports, for example in the event of a terrorist attack when hundreds of people might send in photographs or video footage of the same incident.

"We asked the police about [false reports] and they were less concerned than we were," said Hamminga. "They are used to dealing with spoof emergency calls and anonymous reports."

MMS-witness can be configured to ignore anonymous messages, he added. [That would be a mistake... Bob]

Waleli has yet to approach police forces in the UK but expects the system to arouse plenty of interest.

... According to market researchers at Gartner, there are 295 million cameraphones in circulation worldwide, so Waleli's system could significantly increase the number of "digital witnesses".


Photo Tagging as a Privacy Problem?

Posted by Zonk on Saturday June 02, @03:33AM from the unflatteringscarf-needstogetahaircut-newshoestoo dept. Privacy The Courts The Internet

An anonymous reader writes "The Harvard Law Review, a journal for legal scholarship, recently published a short piece on the privacy implications of online photo-tagging (pdf). The anonymously penned piece dourly concludes that 'privacy law, in its current form, is of no help to those unwillingly tagged.' Focusing on the privacy threat from newly emergent automatic facial recognition search engines', like Polar Rose but not Flickr or Facebook, the article states that 'for several reasons, existing privacy law is simply ill-suited for this new invasion.' The article suggests that Congress create a photo-tagging opt-out system, similar to what they did with telemarketing calls and the Do-Not-Call Registry."

How would you enforce such a registry, though?

Is this a bad thing?

The Private Outsourcing of US Intelligence Services

Posted by Zonk on Saturday June 02, @07:06AM from the who-spies-on-the-spies dept. The Almighty Buck United States Privacy Politics

mrbluze writes "It appears that more and more of the data collection sanctioned by the US government is passed through the hands of private enterprise, Salon reports. 'Because of the cloak of secrecy thrown over the intelligence budgets, there is no way for the American public, or even much of Congress, to know how those contractors are getting the money, what they are doing with it, or how effectively they are using it. The explosion in outsourcing has taken place against a backdrop of intelligence failures for which the Bush administration has been hammered by critics, from Saddam Hussein's fictional weapons of mass destruction to abusive interrogations that have involved employees of private contractors operating in Iraq, Afghanistan and Guantánamo Bay, Cuba. Aftergood and other experts also warn that the lack of transparency creates conditions ripe for corruption.'"

Wire me up!,1759,2140512,00.asp?kc=EWRSS03119TX1K0000594

Gartner: The 40-Hour Workweek Era Is Ending

June 1, 2007 By Deborah Perelman

By 2015, there will be more workers who interact with technology, but they'll be working a whole lot less hours each week, finds a Gartner research report released on May 30.

Gartner argues that three of the four traditional pillars of work—the living wage, long-term relationships with loyal employers, and government- or company-provided pensions—have already gone the way of the dinosaurs, leaving only the 40-hour workweek.

But this, too, is not long for the employment economy, the report said. Societal views on primary wage-earner and caregiver roles, as well as on retirement, are in the midst of changing, taking with them the de facto 40-hour work week. Individuals are already reconsidering its pervasive influence, the report argues, and the dialogue is becoming increasingly political.

Those most affected are at the helm. Retiring Baby Boomers, working-age mothers and Generation X workers are seeking a more fulfilling work/life balance, and the traditional workplace structure is holding them back. The report said that no longer will the workplace be dominated by single bread-winners who expect to retire at the end of their working life, and that businesses need to reckon with this trend.

"When people in these demographics have marketable skills, employers will find it difficult to ignore their requests for more flexibility," said Brian Prentice, research director of emerging trends and technologies at Gartner, in a statement.

... The report suggests that rather than adopt a draconian measure of cutting in half the working hours of all employees, employers that create 20-hour job descriptions will be in the best place to attract and retain the most qualified workers.

... Digital free agents as change agents

Yet, the decline of the standard 40-hour workweek will not occur in a bubble, but at the same time as a consumerization trend increases the roles that IT plays in people's personal lives.

"It will be very hard to draw a distinction between the personal and work computing environment. The shift in power away from the organization, and in particular, the IT department, will be even more significant with these people," said Prentice.

In what Gartner calls the emergence of the "Digital Free-Agency," individuals will be expecting to blend professional and personal computing requirements in an integrated environment. The report said that the effect of this user-driven practice coupled with new 20-hour job descriptions will change the workplace as IT knows it.

Friday, June 01, 2007

Keylogger Wireless Network?,0,2083352.story

Computer hackers steal Carson funds

Cyber-thieves make off with $45,000 after shifting nearly $450,000 from the city's coffers.

By Hector Becerra, Times Staff Writer June 1, 2007

If Carson Treasurer Karen Avilla had had a nagging feeling she was being watched whenever she got on her laptop computer, she would have been right.

Cyber-thieves were able to shift nearly $450,000 from the city's general fund last week by using a program that was able to mimic the computer strokes made by Carson's financial officer. Each time Avilla logged on to her city-provided laptop in the morning, someone was — virtually — looking over her shoulder, recording every single keystroke.

Armed with the spyware program, the hackers obtained bank passwords. They wired $90,000 to a "Diego Smith" in North Carolina. One day later, on May 24, the thieves got bolder and wired $358,000 from the city's bank account to a bank in Kalamazoo, Mich.

Avilla and her deputy discovered the theft just in time to have all but $45,000 of the funds frozen. But the experience left city leaders rattled.

"As I sat there with the detectives and the forensic folks from the bank, I thought, 'I don't even want to touch a computer,' " Avilla said Thursday. "I felt violated. It made me think, 'Who's out there?' "

The crime raised concerns about the security of municipal coffers, especially when wireless networks are used. Although such city hacking cases have been isolated, some experts said many municipalities lack the large information technology staffs and large budgets for computer security. [Specious argument. You can invest in computerized financial systems but don't plan for security? Sort of like cutting the cost of your yacht be not bothering to make it water tight... Bob]

... Avilla said she still doesn't know how her computer was targeted. [They probably went after everyone, and then looked theough the “take.” Bob] She said she doubts it had the latest security software patch protections [Now's a great time to think of that Bob] — something sheriff's detectives and bank investigators told her is essential in safeguarding her computer.

She said that as soon as word got out, Carson fielded calls from officials in other cities, asking how they could protect themselves. [Sort of like asking John Kerry how to win an election... Bob]

... Earlier this year, the finance director of the Northern California city of Willows discovered that a hacker had taken $4,000 from a city fund. Avilla said cities may not always notice smaller thefts.

... "It's not an inexpensive enterprise to have a full team that goes around checking every laptop ever used. [Precisely the wrong strategy. Bob]

... Avilla said she noticed a problem when she found she was unable to log on to the city's bank account. She thought she must have been typing the password incorrectly.

On May 22, the bank gave her a new password. But unbeknownst to her, the cyber thieves got that password as soon as she tapped it into her computer.

On May 24, Avilla and her deputy checked bank balances and discovered the previous day's $90,000 wire transfer to someone in Wilson, N.C. Avilla checked with the bank and discovered the $358,000 transfer that day through National City Bank in Kalamazoo.

... Avilla said the experience has made her angry and determined to seek legislation that would address the problem. [Agreed! Let's call it the “Fire All Stupid and Thoughtless MANagers Act” (FASTMAN) Bob] "There's got to be more than one way to fight this," she said. "They get us in so many ways. There's got to be a way for us to get them."

See? Nothing to it. Settlement in only 28 months! Of course, this was a tiny breach by today's standards...

ChoicePoint Settles With 44 States

By HARRY R. WEBER 05.31.07, 12:11 PM ET

ChoicePoint Inc. said Thursday it settled with 44 states over allegations it failed to adequately secure consumers' personal information related to a breach of its database that it disclosed in 2005.

The Alpharetta, Ga.-based consumer data provider has agreed to adopt significantly stronger security measures, including written certification and, in some cases, onsite visits by ChoicePoint to ensure the legitimacy of companies before they are allowed access to personally identifiable information.

ChoicePoint will also conduct periodic audits to ensure that companies are using consumer data for legitimate purposes, according to the settlement.

ChoicePoint will also pay a total of $500,000 to the states to use for public education campaigns about identity theft.

The breach that was disclosed in February 2005 involved thieves posing as small business customers who gained access to ChoicePoint's database, possibly compromising the personal information of 163,000 Americans, according to the Federal Trade Commission.

Don't you love quotes like this? Seriously, this points out some issues that could easily impact investigations as well as e-discovery. Well worth a read.

Forensics Losing Relevance? New Tools Let Even Hobbyists Thwart Experts

from the cat-and-mouse dept

Chris Lindquist writes "Scott Berinato has written an article about how the declining complexity and increased effectiveness of antiforensic tools is making life difficult for data experts looking to snag the bad guys. "Five years ago, you could count on one hand the number of people who could do a lot of these things," says one investigator. "Now it's hobby level." The result of all this antiforensic activity, Berinato concludes, is that someday soon the TJX case could be considered ordinary, a quaint precursor to an age of rampant electronic crime, run by well-organized syndicates and driven by easy-to-use, widely available antiforensic tools." It's an interesting article, but it seems to overplay the woe-is-me factor for investigators. This is always a back and forth game, where the tools used by scammers and criminals gets more advanced -- but so should the tools and tricks (note that it need not all be technology) used by those charged with tracking down the criminals.

If we don't open this can of worms, we can claim we haven't seen a single worm?

'No evidence' of CCTV data breach

The Information Commissioner's Office says it has not seen evidence which suggests that most CCTV systems are breaching its own code of practice. [“Nor have we seen evidence of compliance.” Bob]

Newly-launched industry body Camerawatch has said its own research showed 90% of CCTV was not complying.

Camerawatch said this could have an impact if images from incorrectly used CCTV were presented as legal evidence.

But the ICO said no audit of CCTV systems had been done: "We don't believe there is any such evidence."

The commissioner's office does not have audit and inspection powers itself, but has enforcement powers and can investigate complaints of CCTV being used in breach of the Data Protection Act.

There are up to 4.2m CCTV cameras in Britain - about one for every 14 people.

... "When evidence is presented in court, it could well be that even before they get to court, if the system is deemed to not have been operating under data protection properly - and there are 70 odd points of law, if it's not been run correctly then the evidence could well be challenged," he told BBC Radio 4's Today programme.

The code of practice covers such areas as signage, permission and storage of images.

Using the Streisand Effect for Strategic Advantage... I love it!

RealMedia Looking For A Lawsuit; Launches Software To Download And Burn Streaming Video

from the this-ought-to-be-fun dept

RealNetworks has become something of an also ran online. The company that really pioneered both web audio and video went astray over the last few years as it became more focused on tricking its users into installing all sorts of adware they didn't need or want. All that did was piss people off and send them looking for alternatives. And, of course, given the demand, many alternatives hit the market, and most were a lot more innovative, because Real stopped innovating. So, now, in an attempt to return RealNetworks to the spotlight, Rob Glaser is begging for a lawsuit. The latest version of RealPlayer will make it easy to download streaming video and audio and burn it to a CD or DVD. Obviously, there are already a ton of other products out there that do this -- but none is really mainstream beyond the geekier crowd. RealPlayer, on the other hand, can certainly be considered mainstream. It's definitely a good attempt at delivering exactly what the customer wants -- which is just the type of thing that will cause the entertainment industry to freak out and send in the lawyers. My guess is that RealNetworks is hoping for exactly that, as the resulting publicity can only help the software get even further adoption -- and there's a better than decent chance that Real would prevail in any such lawsuit (they just need to point the court to the Betamax decision and ask anyone to explain what's different).

Yeah, we knew that...

GAO: FBI Network Not Very Secure

from the shocking dept

The Government Accountability Office continues to break through the political clutter with its reports on what's really going on. The latest in a long series of reports notes that the FBI's new Trilogy data network "place sensitive information transmitted on the network at increased risk of unauthorized disclosure or modification, and could result in a disruption of service." Should this really comes as a surprise? After all, this is the same FBI that wasted hundreds of millions of dollars on a computer system that was late, overbudget and useless at tracking terrorists -- which was eventually scrapped entirely before researchers who examined its security could kick off a crime spree to celebrate how useless the system was. After completely ditching the old useless system, the government set aside another $500 million for this new system -- but apparently forgot to do anything to make sure that the system was actually useful. While it's nice that the GAO is actually pointing out how bad the new system is, wouldn't it be nice if there were some actual accountability from the folks who both commissioned and built the systems?

What happened here? “We want to limit our potential market?”

eHarmony sued for excluding gays

Thu May 31, 2007 2:45 PM ET By Jill Serjeant

LOS ANGELES (Reuters) - The popular online dating service eHarmony was sued on Thursday for refusing to offer its services to gays, lesbians and bisexuals.

... Lawyers bringing the action said they believed it was the first lawsuit of its kind against eHarmony, which has long rankled the gay community with its failure to offer a "men seeking men" or "women seeking women" option.

They were seeking to make it a class action lawsuit on behalf of gays and lesbians denied access to the dating service.

eHarmony was founded in 2000 by evangelical Christian Dr. Neil Clark Warren and had strong early ties with the influential religious conservative group Focus on the Family.

... eHarmony could not immediately be reached for comment. Commenting in the past on eHarmony's gay and lesbian policy, Warren has said that he does not know the dynamics of same-sex relationships but he expects the principles to be different. [Not the smartest statement to make... Bob]

Let the kicking and screaming begin? This distresses me. With a minimal investment, they could try a variety of business models and measure the customer response. Once they see what works, they can increase the investment and try a few tweeks. Is this rocket science?

Warner Music's Online Video Archive: Too Little, Too Late

from the this-is-big-news? dept

Lots of news sites are covering Warner Music's announcement today that they're going to offer music videos from their archives for free (with ads) streaming online. About the only reason why this should be news is the fact that it took them until 2007 to realize that these promotional videos could be used for promotional purposes. Remember, the whole point of music videos was to attract more interest in the music and musicians. In other words, music videos have always been promotional materials, and as such it's bizarre that it's taken Warner Music this long to realize that it might make sense to offer them up for people to view. That said, Warner Music still seems confused about this, as they're focused not on making it even easier to use these music videos for promotional purpose, but on "monetizing" them. First, these videos are at Warner's own hub, rather than distributed to content sites where people already go. They seem to believe that people will want to search them out, a strategy that hasn't worked for other media companies because it goes against the way people want to interact with the content. People don't know which artists are on the Warner Music label, and they don't care. If they want music videos they want to go to places where they can get all kinds of music videos, rather than just a random group that happens to have a business relationship with a company that the users don't care about. Then, of course, these videos are only for streaming -- not for promoting. Users can't share them with their friends, they can only download videos for a fee. At some point you would think that the folks at the major labels would start to realize the difference between promotional goods and goods that should be sold, but it appears they're still a long way away from that epiphany.


Baghdad Embassy Plans Appear on Internet

By MATTHEW LEE Associated Press Writer Jun 1, 3:24 AM EDT

WASHINGTON (AP) -- Detailed plans for the new U.S. Embassy under construction in Baghdad appeared online Thursday in a breach of the tight security surrounding the sensitive project.

Computer-generated projections of the soon-to-be completed, heavily fortified compound were posted on the Web site of the Kansas City, Mo.-based architectural firm that was contracted to design the massive facility in the Iraqi capital.

The images were removed by Berger Devine Yaeger Inc. shortly after the company was contacted by the State Department.

On the Net:


N.J. GOP Sues Governor for E-Mails

By TOM HESTER Jr. 05.31.07, 7:57 PM ET

The state Republican Party chairman sued Democratic Gov. Jon S. Corzine on Thursday to force the release of e-mails between the governor and a state union leader he once dated and lavished with gifts.

GOP chief Tom Wilson said he particularly wants messages that Corzine and his staff exchanged with Carla Katz, the leader of a state workers union, during recent state employee contract talks.

"The people have a right to know whether or not his personal relationship with Ms. Katz unduly or inappropriately influenced Jon Corzine's actions," Wilson said.

Put a little information on the Internet (campaign contributions) and first thing you know you have people using it! How surprising! No one from Colorado – not worth the effort?

Contact Info for 50 Politicians Who Take Campaign Money from the RIAA

"We've linked their contact information so that you, as their constituents, can inform them that they're taking money from the "Worst Company in America," and that's going to cost them your vote."

Have you played with Google Maps recently?

[How it works: Bob]

New video footage, apparently somewhat compelling, of Loch Ness Monster

An amateur scientist believes he could have captured the Loch Ness Monster - on videotape. Yorkshireman Gordon Holmes was carrying out experiments at the famous loch when by chance he happened to spot a strange creature in the waters. Now his film of the incident is causing a sensation.

What's the techie equivalent of “Couch Potato?” If nothing else, this type of story stirs up lots of comments...

TV over Internet is already here and its free - watch it now

This site has over 320 TV channels you can watch for free in your browser. You can watch sports, movies, news, comedy, business, cartoons, adult TV and more. Most popular channels are ESPN, E-Music, ABC News, BBC, FOX, Bloomberg, Galaxy Cartoons, Comedy TV, PETN Music and of course adult channels. Site has recently been upgraded.

Thursday, May 31, 2007

Another threat to privacy? A False Positive could be more damaging than Identity Theft...

MySpace Gets False Positive In Sex Offender Search

Posted by ScuttleMonkey on Wednesday May 30, @12:33PM from the not-if-but-when dept. The Internet

gbulmash writes "In its eagerness to clear sex offenders off its site and publish their identities, MySpace identified an innocent woman as a sex offender. She shares a name and birth month with a sex offender who lives in a neighboring state and that was apparently enough to get MySpace to wrongly brand her and completely ignore her protests."

...and another. I bet a false positive here would have consequences...

UNC student may sue over Web site list

written by: Jeffrey Wolf , Web Producer and Cheryl Preheim , Anchor/Reporter

created: 5/30/2007 8:58:50 PM Last updated: 5/30/2007 9:24:44 PM

GREELEY – A former University of Northern Colorado Student says she may sue the school because she was included in an online list of potentially dangerous students.

Brittney Bethel says she was included on the list because of her anorexia.

UNC has since taken the list down, but still says she was a threat to the school. [“We didn't mean it, but we did mean it?” Bob]

Bethel was suspended by UNC in October. The school says her cardiac arrest on campus, caused by her eating disorder, made her a threat to herself, which violates school code.

UNC put the list of banned students on its Web site in April in response to the shootings at Virginia Tech University.

Bethel's picture was next to Mitch Cozad, the football player accused of stabbing another player.

After the list went up, Bethel hired an attorney and they considered filing a civil lawsuit against the school.

"Simply to put her on the list implied she was a danger to others and she poses no danger to others," said her attorney, Erik Johnson.

"It doesn't make sense to be on the list for that reason," said Bethel. "So of course people are going to think - that must not be why she is on the list."

After the list went up, the school sent out a letter, assuring people on campus they would never suspend someone for medical reasons.

"It implied I was basically lying," said Bethel.

UNC released a statement saying: "We don't ban anyone from campus because of an illness. We hold people accountable for their behavior."

Bethel says her behavior, like resisting treatment, was part of her illness.

While the list of banned students is no longer on the UNC Web site, it is still on the campus police Web site.

"I think the damage has kind of been done already, but it is a step in the right direction," said Bethel.

UNC says if a doctor and therapist cleared Bethel, she could come back to school, but she says after all that has happened, she does not want to.

She plans on starting her junior year elsewhere in the fall.

One day turnaround...

CDT Offers Recommendations on Model Privacy Form

Wednesday, May 30 2007 @ 02:42 PM CDT - Contributed by: PrivacyNews - Businesses & Privacy

From A model privacy notice created by a group of government agencies to give consumers clearer information about their financial institutions' privacy practices is a big step in the right direction. In comments filed this week with the agencies responsible for the "Interagency Proposal for Model Privacy Form under the Gramm-Leach-Bliley Act," CDT praised the clarity of the model form and offered minor suggestions to make the proposed notice even more useful for consumers. The form is intended to make the ubiquitous financial privacy statements issued by banks and other financial institutions more understandable for consumers.

Source - CDT Comments: GLB Form [PDF]

[The proposed “Privacy Form” Bob]

Ah! Facts! (And at least some of the concerns I expressed, but in much more polite terms...)

Data protection watchdogs’ letter to Google goes public

OUT-LAW News, 30/05/2007

A letter from an influential group of privacy experts in Europe saying that Google’s new privacy policies appear to breach the requirements of the EU’s data protection regime was published today.

Google isn't the only one... Not the most useful set of answers I've ever seen...

Which ISPs Are Spying on You?

Ryan Singel Email 05.30.07 | 2:00 AM

The few souls that attempt to read and understand website privacy policies know they are almost universally unintelligible and shot through with clever loopholes. But one of the most important policies to know is your internet service provider's -- the company that ferries all your traffic to and from the internet, from search queries to BitTorrent uploads, flirty IMs to porn.

... Only four of the eight largest ISPs responded to the 10-question survey, despite being contacted repeatedly over the course of two months. Some ISPs wouldn't talk to us, but gave answers to customers responding to a call for reader help on Wired's Threat Level blog.

... "From a user perspective, the best practice would be for ISPs to delete data as soon as possible," Rotenberg said. "(The government) will treat ISPs as one-stop shops for subpoenas unless there is a solid policy on data destruction," Rotenberg said.

The results:

AOL, AT&T, Cox and Qwest all responded to the survey, with a mix of timeliness and transparency.

But only Cox answered the question, "How long do you retain records of the IP addresses assigned to customers."

... Cox's answer: six months. AOL says "limited period of time," while AT&T says it varies across its internet-access offerings but that the time limits are all "within industry standards."

... Some of the most sensitive information sent across an ISP's network are the URLs of the websites that people visit. This so-called clickstream data includes every URL a customer visits, including URLs from search engines, which generally include the search term.

AOL, AT&T and Cox all say they don't store these URLs at all, while Qwest dodged the question. Comcast, EarthLink, Verizon and Time Warner didn't respond.

Much of it free!

BBC Motion Gallery - BBC's Legendary Footage Collection

"We offer easy access to the BBC's legendary footage collection, as well as some of the most-respected footage archives in the world. From the freshest HD content to feature-quality productions to historic film rarities, it's all here. Dive in. "

At least look at the first video. And you wonder why those laptops keep getting stolen from your employee's cars?

Feature: Strange Ways to Unlock Car Doors

[Also at: Bob]

Wednesday, May 30, 2007

Ignorance or “we don't need to think about that...”?

Priority One Credit Union's Security Breach

Tuesday, May 29 2007 @ 07:45 PM CDT - Contributed by: PrivacyNews - Breaches

I'm watching my credit union account like a hawk. That's because Priority One Credit Union -- the one I use -- had a security breach that was stunning.

They recently sent election ballots to members. Printed on the outside of the envelope were some numbers. The first was our account number.

That might not have been enough to help with anyone intent on identity theft, so they also printed my social security number on the envelope.

Source - PCWorld

Related - Priority One Notification

Looks like a real simple way to make the news... Good for Ags with political aspirations, bad for businesses with bad habits.

Texas AG's trash trawlers bag checks for sixth ID-protection suit

by Rob Luke 5/29/2007

Greg Abbott announces action against Check 'n Go

AUSTIN -- It's a rare fisherman who shifts from where the fish are biting, no matter how bad it might smell there.

So Texas retailers have discovered with state Attorney General Greg Abbott, who last Thursday announced his sixth suit in the past two months against stores who toss customer ID records into their backyard trash bins.

Related Dumpster Diving goes international – perhaps it will become an Olympic sport?

Sensitive information on Dutch royal family found in rubbish dump

Posted on : 2007-05-30 | Author : DPA News Category : Europe

Amsterdam - The Dutch government will take measures to prevent classified information about the royal family from becoming public after journalists found sensitive material in rubbish deposited by the queen's office, reports said Wednesday. Prime Minister Jan-Peter Balkenende announced the measures on Tuesday evening, after a TV current affairs programme had shown how the secretarial office of Queen Beatrix in The Hague deposits its rubbish, including classified information about the royal family, in a dumpster accessible to the general public.

No doubt they started working on them in 1939...

SSA finalizes revision of privacy and disclosure rules

Tuesday, May 29 2007 @ 06:45 AM CDT - Contributed by: PrivacyNews - Fed. Govt.

The Social Security Administration has finalized its revision of the privacy and disclosure rules to provide regulatory support for new and existing responsibilities and functions. According to the agency's announcement, the "changes in the regulations will increase Agency efficiency and ensure consistency in the implementation of the Social Security Administration's (SSA) policies and responsibilities under the Privacy Act and the Social Security Act." The new rules become effective on May 29, 2007.

Source - Wolters Kluwer

Relying on their ignorance...,1759,2138285,00.asp

Spam Attack Steals High-Level Execs' Data

By Brian Prince May 29, 2007

The Better Business Bureau has issued a fraud alert regarding the resurgence of a spam attack that targets high-level executives in various industries.

Another story of ignorance... (And more of Best Buy's “customer service”)

Man arrested, cuffed after using $2 bills

Best Buy customer on being jailed: 'At this point, I'm a mass murderer'

Posted: April 7, 2005 5:12 p.m. Eastern

A man trying to pay a fee using $2 bills was arrested, handcuffed and taken to jail after clerks at a Best Buy store questioned the currency's legitimacy and called police.

I doubt most small businesses are any better...,1759,2138128,00.asp?kc=EWRSS03119TX1K0000594

Survey: Schools at Risk for E-Discovery-related Litigation

May 29, 2007 By Chris Preimesberger

A new survey of IT administrators of kindergarten through 12th grade schools indicates that 90 percent of them have no plan in place to handle the newly mandated retention of electronically stored information by the federal court system.

The findings came as a result of a customer survey released May 29 by storage vendor CommVault in Oceanport, N.J.

The amended Federal Rules of Civil Procedure (PDF), went into effect on Dec. 1, 2006. The new regulations, sanctioned by the U.S. Supreme Court in April 2006, require organizations—for-profit and non-profit alike—to be able to quickly find such data when required by the federal court.

This means that every electronic document stored by an organization—e-mail, instant messages, financials, voice mail and all text and graphical documents—must be retrievable in a "reasonable" amount of time, which the court further defined as 30 days.

In the CommVault survey, only two-thirds of responding IT managers indicated that they are even aware of the amended federal court rules.

Further, the survey revealed that 90 percent of schools have yet to initiate an FRCP compliance-preparedness plan.

Eighty Percent Unclear on the Concept

Eighty percent of the administrators surveyed said they are unclear about their governing school district's e-discovery policies, CommVault said.

... For more information on CommVault and its survey, go here.

One side of the argument...

May 29, 2007

Report on The Dangers of Domestic Spying by Federal Law Enforcement

ACLU: History Repeated: The Dangers of Domestic Spying by Federal Law Enforcement, (63 pages, PDF).

Very interesting idea. Why haven't other groups done this before? (Not just lawyers...)

May 29, 2007

New Website Offers Lawyers Easy Access to Pro Bono Opportunities

ABA press release: "Helping lawyers find opportunities for meaningful pro bono work in their communities is the goal of a project jointly sponsored by the American Bar Association’s Standing Committee on Pro Bono and Public Service, the ABA Center for Pro Bono and Pro Bono Net. The National Pro Bono Opportunities Guide provides listings of more than 1,100 programs from across the United States that need volunteer lawyers. Through the directory’s convenient search option, lawyers can find programs based on location, area of law, the population served and CLE credits for training or service. Users can also pinpoint projects that require their skills and experience with features highlighting opportunities for transactional lawyers, litigators, law students and others...Pro Bono Net (PBN) is a national nonprofit organization based in New York City that works to increase access to justice for the millions of low income people who face legal problems every year without help from a lawyer. Founded in 1998 with support from the Open Society Institute, PBN has created a broad and powerful network of nonprofit legal aid providers, courts and bar associations across the United States."

I think I've mentioned this before...

May 29, 2007

GAO Report on Evaluated DHS Privacy Office

DHS Privacy Office: Progress Made but Challenges Remain in Notifying and Reporting to the Public GAO-07-522, April 27, 2007:" The Department of Homeland Security (DHS) Privacy Office was established with the appointment of the first Chief Privacy Officer in April 2003, as required by the Homeland Security Act of 2002. The Privacy Office's major responsibilities include: (1) reviewing and approving privacy impact assessments (PIA)--analyses of how personal information is managed in a federal system, (2) integrating privacy considerations into DHS decision making, (3) ensuring compliance with the Privacy Act of 1974, and (4) preparing and issuing annual reports and reports on key privacy concerns."

On occasion, someone sends me the odd quotation that I find amusing, so I pass it along.

Following is the winning entry from an annual contest calling for the most appropriate definition of a contemporary term. This year's term: Political Correctness.

"Political Correctness is a doctrine fostered by a delusional, illogical liberal minority, and rabidly promoted by an unscrupulous mainstream media, which holds forth the proposition that it is

entirely possible to pick up a turd by the clean end."

Tuesday, May 29, 2007

Stonewalling, academic style

St. Paul / Files stolen, and identities used

One victim frustrated with St. Kate's response to loss of Social Security data

BY PAUL TOSTO Pioneer Press Press Article Last Updated:05/27/2007 11:09:19 PM CDT

Kelsey Tape's Social Security number and other personal data were stolen April 2 from the College of St. Catherine. But until April 16, the college didn't tell her and 18 other students that their identities may be at risk.

... St. Catherine's says it went "beyond what state and federal laws require to ensure the safety and security of students' information." Officials won't say much more, citing an open police investigation. That's left some students and families frustrated as they seek answers to exactly what happened and why they weren't notified for two weeks.

Tape says her school adviser was told not to discuss the issue and that college officials have been difficult to deal with.

... She says it's taken days sometimes for school officials to return e-mails on the matter, and she hasn't heard from any school official since May 11.

This is a new scam to me. (Are these ex-RIAA lawyers?) The best part is the description of the software that automates letters to the ISPs. Who need lawyers?

I Didn’t Download it, My Router Got Hacked!

Written by enigmax on May 28, 2007

People accused of uploading the game ‘Dream Pinball’ who claim they are the victim of a hacker, are starting to get letters back from lawyers explaining what they should do next. Among other things, the lawyers are demanding that the accused demonstrate computer security skills in providing evidence detailing exactly how their equipment was exploited. [Unique. Bob]

Earlier this year, 500 people received letters accusing them of illegally distributing a computer game. The letters demand a settlement payment, or a court appearance was threatened.

Many people wondered how they were caught at all, while others claimed they had no knowledge of such a game and stopped to consider that their router security may have been compromised.

Data is data, isn't it? Are these kinds of cases chipping away our ownership rights?

Storing Personal Music Online Is Illegal In Japan

Posted by kdawson on Monday May 28, @08:25PM from the bad-precedent dept. The Courts Music

An anonymous reader writes "A decision in Tokyo District Court could have implications in Japan for online services that let users store files, if any music files are involved. The court case pitted JASRAC, the Japanese organization that collects fees for public music performances, against Image City, whose MYUTA service lets users employ a central server to store songs from their own CDs, to play on their own phones. The Tokyo District Court handed down a ruling declaring Image City guilty of copyright infringement (Google translation). Despite the music being stored strictly for personal use, the ruling reasoned that the act of uploading music to a central server owned by a company is the equivalent of distributing music to that company. This has implications for other services such as Yahoo! Briefcase and Apple's .Mac, which could mean these companies are guilty of copyright infringement if any of their users in Japan store music in their accounts for personal use. Here are some additional details on JASRAC's activities and methods." Neither article talks about possible appeals, or about how strong a precedent this case sets in the Japanese legal system.

How not to do it?

Germany adopts "anti-hacker" law; critics say it breeds insecurity

By Nate Anderson | Published: May 28, 2007 - 11:57AM CT

Germany has just passed a new law that adds more "anti-hacker" provisions to the German criminal code. Although the new rules are meant to apply narrowly to hacking, critics are already complaining that they may prevent necessary security and network research.

The new rules tighten up the existing sanctions and prohibit any unauthorized user from disabling or circumventing computer security measures to access secure data (see the law, sections 200 and following [in German]). Manufacturing, programming, installing, or spreading software that can circumvent security measures is verboten, which means that some security scanning tools might become illegal. The Chaos Computer Club in Germany said of the decision, "Forbidding this software is about as helpful as forbidding the sale and production of hammers because sometimes they also cause damage."

In addition, denial of service attacks are now explicitly illegal, even if they're done as pranks. People convicted under the new law could face ten years in prison and be held liable for monetary damages.

Chaos Computer Club spokesman Andy Mueller Maguhn said that "safety research can [now] take place only in an unacceptable legal gray area." The group is also concerned that the new legislation will make it easier for the police to obtain information by hacking—something that was outlawed by the courts a few months back.

Germany's decision to tighten up the statutes against hacking come as the EU develops its own framework for dealing with cyber-crime. The European Commission circulated a "communication" this week that seeks to start a dialogue on crafting a European-wide policy to fight cyber-crime.

That document suggests working first on international relations and cross-border police cooperation, but additional legislation might also be necessary on the national level. DDoS attacks and botnets are both explicitly mentioned in the document, and the EU is no doubt worried about more than "traditional" cyber-crime in the wake of the massive DDoS attack against Estonia in the last few weeks.

These are the apps that will make operating systems immaterial. The ability to run any program on any machine means you can buy the cheapest machine. Now a free operating system has a real impact.

Run Linux apps on Windows or OS X with Lina

Posted May 27th 2007 5:00PM by Brad Linder

Next month a California-based startup plans to release an application that will allow Windows, Mac, and Linux users run Linux binaries without any modifications. Lina is a Linux virtual machine that allows users to run applications with the native look of their host operating system. It also lets you install applications with a mouse-click, no need to compile software from source code.

Someone had to do it.!

Our website and services are free! Use Research Copyright .com to learn all about copyrights, patents, trademarks, and intellectual property. Learn how to copyright your own works, whether you are a writer, artist, musician, filmmaker, or other creative person. Learn about copyright infringement and how to search for copyrights to obey U.S. Copyright Laws. Download our free guides on copyright law, copyright search, and how to use copyright protection.

I don't see much yet...

May 25, 2007

New Technorati Search Includes User-Generated Video, Photos, Podcasts, Music, Games

Technorati Blog: "We've streamlined a blogsearch-only homepage at (an easy shortcut is ...With this launch, we also provide you with more context around more stuff like videos, music, and blogs. Over time, these pages will become richer and more comprehensive as we add more information about the thing itself, like where it was published, who links to it, what other things are similarly tagged, and more...We currently track over 250 million videos, blogs, photos, podcasts, events, and other social media objects in addition to more than 80 million blogs..."

Think of it as “Convergence” (Who does the product recall?)

Cell Phones Disable Keys for High-End Cars

Posted by ScuttleMonkey on Monday May 28, @04:53PM from the fun-toys-to-exploit dept.

Geoffrey.landis writes "Turns out if you have a top-end Nissan car, your cellphone may erase your car key. '"We discovered that if the I-Key touches a cellphone, outgoing or incoming calls have the potential to alter the electronic code inside the I-Key," Nissan spokesman Kyle Bazemore said. "The car won't start and the I-Key cannot be reprogrammed."'"

Military applications of microcomputers – Targets & Techniques... Might make an interesting seminar

China Crafts Cyberweapons

Posted by ScuttleMonkey on Monday May 28, @03:11PM from the virtual-arms-race dept.

MitmWatcher writes to mention that a recent report by the Department of Defense revealed that China is continuing to build up their cyberwarfare units and develop viruses. "'The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks,' the annual DOD report on China's military warned. At the same, Chinese armed forces are developing ways to protect its own systems from an enemy attack, it said, echoing similar warnings made in previous years."


Computer Glitch Tangles Japanese Flights

Hundreds of All Nippon Airways flights were cancelled or delayed Sunday because of computer error.

Martyn Williams, IDG News Service Monday, May 28, 2007 08:00 AM PDT

Hundreds of domestic flights in Japan were cancelled or delayed on Sunday as a result of a glitch in the computer system of All Nippon Airways Co. Ltd.

... The problems began to resolve themselves on Sunday afternoon and by Monday morning the airline was operating close to a normal schedule. As of 9 a.m. just one flight was cancelled and nine had been delayed.

ANA doesn't yet know the cause of the problem, he said.

Dennis Dallas pointed me to this site. I'm not certain it does much for me, but if you have an in-house blog, their “Clip-to-Blog” feature looks very useful.


Our hope is that people will clip the great moments they experience on the web. We often refer to these as the woah moments.