Does this merit Class Action attention? (If not, why not?) and it this part of Steve Jobs strategy to destroy the RIAA?
Personal data found hidden in iTunes tracks
Names, e-mails and other sensitive information embedded in files
Rhys Blakely From Times Online June 1, 2007
Fresh privacy fears have been sparked after it emerged that Apple has embedded personal information into music files bought from its iTunes online music store.
Technology websites examining iTunes products discovered that personal data, including the name and e-mail addresses of purchasers, are embedded into the AAC files that Apple uses to distribute music tracks.
The information is also included in tracks sold under Apple’s iTunes Plus system, launched this week, where users pay a premium for music that is free from the controversial digital rights (DRM) software that is designed to safeguard against piracy.
The Electronic Freedom Foundation, the online consumer rights group, added that it had identified a large amount of additional unaccounted-for information in iTunes files. It said it was possible that the data could be used to “watermark” tracks so that the original purchaser could be tracked down were a track to appear on a file-sharing network.
... The discovery of the data, of which most iTunes users will have been unaware, underscores the reluctance of music groups to allow music to circulate freely over the web.
... Apple had sought to present itself as a consumer champion, with the group’s chief executive, Steve Jobs, insisting earlier this year that his company would drop DRM “in a heartbeat” if allowed to by the labels.
... Online music sales still account for only 10 per cent of the total market and are not yet growing at a rate which compensates for the decline in revenues from CDs – approximately 2 to 3 per cent per year. [Parallels the Porn industry (see article below) with no compensating business model. Bob]
All too common.
Mortgage customers' details lost in the post
By Jill Treanor Friday June 1, 2007 Guardian Unlimited
An estimated two-thirds of Bank of Scotland's mortgage customers could be vulnerable to fraud after a computer disk containing their details was lost in the post.
The Edinburgh-based arm of the HBOS banking group was apologising to 62,000 customers today but trying to reassure them that the risk of a fraud being committed with the details lost was "almost impossible".
See what I mean... (Story contains all the normal “I'm a bad manager” statements)
Fresno Co. loses track of sensitive data
Information on thousands of health workers, clients on missing disk.
By Kerri Ginis / The Fresno Bee 06/01/07 04:59:26
Fresno County officials are desperately searching for a missing computer disk that contains the names, addresses, Social Security numbers and other personal information for thousands of home health care workers and the thousands of clients they serve.
The disk, which was being used to determine workers' eligibility for health care benefits, was lost last week after the county sent it via a courier to a software vendor's office in San Jose.
"We've been doing this for three years and there has never been a glitch," said Kristin Bengyel, executive director of the county's In-Home Supportive Services Public Authority, which oversees training and support for the county's 10,000 home-care workers. "But it's missing and we don't know what happened."
County officials are hoping the disk will turn up and don't know that any of the personal information has been compromised.
But with identify theft on the rise throughout the United States, county officials suggest that health care workers and their 10,000 elderly, blind and disabled clients [One worker per client? Bob] check their credit reports for suspicious activity.
... Officials don't know how many people had their information contained on the disk.
Not much of a story. Is this type of breach too common to be news? (There was a Northwestern ad next to the story. Paying to keep them quiet?)
Personal data leaked from NU computer files
Published June 2, 2007
CHICAGO -- The personal information of about 4,000 people associated with Northwestern University's medical school ended up online in a security breach, officials said on Friday.
The leaked files were from a university computer and contained the names and personal identification information for people who applied to or attended the university's Integrated Graduate Program in the Life Sciences between 1991 and 2007, according to a statement.
When the breach was discovered recently, the university's technical support staff shut down the computer.
The ultimate summary...
Data “Dysprotection” Weekend Roundup for Week Ending June 1 (update1)
Friday June 01st 2007, 4:43 pm
Will these lessons stay learned? History says no... Do these “lessons” translate to all IT users? Fat chance – see above.
One year later: Five lessons learned from the VA data breach
Jaikumar Vijayan June 01, 2007 (Computerworld)
It's been just over a year since the U.S. Department of Veterans Affairs disclosed that a laptop PC and external hard disk containing personal data on 26.5 million veterans and active-duty military personnel were stolen from the home of a VA employee.
The disclosure sparked widespread concern over the perceived lack of information security controls at the agency. It prompted a sweeping overhaul of the agency's IT organization including top-level personnel changes and a centralization of all IT development, operations and maintenance activities at the VA.
Both the laptop and disk were later recovered by the FBI, which also certified that the data had been untouched. Even so, the massive scope of the compromise and the attention it generated has driven considerable change in information security policies not just at the VA, but governmentwide, analysts and vendor executives said.
... Here are five lessons learned ....
1. A greater focus on data encryption within government
2. Stronger breach notification guidelines within agencies
3. More attention to data retention, classification and minimization
4. Stronger remote access policies
5. More authority for agency CIOs
What implications for the world's most surveilled society? Will they drop out of the EU?
College fined for listening in to employee's calls
1 June 2007
Lynette Copland, a secretary at Carmarthenshire College, was awarded 3,000 euros plus costs of double that by the European Court of Human Rights in the case of Copland v. UK after succeeding in a challenge against her employer and the UK Government (the College being a statutory body, publicly funded and administered by the state).
A senior member of staff at the college secretly monitored Ms Copland's telephone calls, email correspondence and internet usage, allegedly for 18 months, without her consent. Ms Copland claimed her employer's activity breached her rights under Article 8 of the European Convention of Human Rights, which provides that "everyone has the right to respect for his private and family life, his home and his correspondence".
An interesting article. (And lots of amusing quotes.) It seems to be saying that even if the RIAA changes its business model today, it is too late. The model I suggested earlier (do the tech for the content producers) seems the most viable.
For Pornographers, Internet’s Virtues Turn to Vices
By MATT RICHTEL Published: June 2, 2007
The Internet was supposed to be a tremendous boon for the pornography industry, creating a global market of images and videos accessible from the privacy of a home computer. For a time it worked, with wider distribution and social acceptance driving a steady increase in sales.
But now the established pornography business is in decline — and the Internet is being held responsible. [Hey, ya gotta blame someone! Bob]
The online availability of free or low-cost photos and videos has begun to take a fierce toll on sales of X-rated DVDs. Inexpensive digital technology has paved the way for aspiring amateur pornographers, [Now there's a hobby! Bob] who are flooding the market, while everyone in the industry is giving away more material to lure paying customers. [See RIAA? It works. Bob]
... After years of essentially steady increases, sales and rentals of pornographic videos were $3.62 billion in 2006, down from $4.28 billion in 2005, according to estimates by AVN, an industry trade publication.
... The industry’s online revenue is substantial but is not growing quickly enough to make up for the drop in video income.
... “The barrier to get into the industry is so low: you need a video camera and a couple of people who will have sex,” Mr. Fishbein said.
. The more traditional pornographic film companies are not giving up, of course. They say they have an answer to the new competition: quality.
They are seeking to differentiate themselves from makers of inexpensive films by selling with fancier packaging in stores or through slicker Web sites, and by using better cameras and more experienced directors and performers. They are banking that viewers will be discerning when it comes to sex.
... One site operated by Adult Entertainment Broadcast Network has 200,000 videos, [No link? I'll have to Google it. Bob] many of them submitted by amateur videographers, said Scott Coffman, the company’s president.
... Mr. Coffman said he was not in the business of giving away content. About half the videos submitted to the site, he said, are from pornographic movie companies looking to get viewers interested and persuade them to pay for a longer download or DVD. Some companies pay to have their clips displayed on the site, and some give it a cut of the revenue if a visitor turns into a customer.
... Mr. Ulele said his company could pay $500 to $600 a day to get its short clips listed prominently on popular video clearinghouses. He said that fee could be justified by the rates at which people follow through: 1 in 1,000 viewers of the free content click onto his site, he said, and 1 in 600 of those might buy something — a subscription, DVD or other product. [One in 600,000 buys something, and that makes a $600/day investment worth while? Bob]
Toward ubiquitous surveillance
Public urged to record crime with cameraphones
Central photo and movie database means it's a fair cop
Andrew Charlesworth, vnunet.com 01 Jun 2007
Europeans will soon be encouraged to use cameraphones to photograph and video criminal activity to send directly to a national police database.
Dutch technology consultancy Waleli has developed MMS-witness, a system which enables citizens to send photographs or movies to a central police database as part of an emergency call.
Once viewed, the photographs or video can be sent to beat officers to increase the chances of a successful arrest or kept as evidence in further investigations.
The concept is in its very early stages. Waleli has conducted a few experiments with police in Rotterdam and is to approach forces in Sweden in conjunction with Ericsson, Waleli chief executive Siete Hamminga told vnunet.com.
... However, there are some major issues which need to be resolved before MMS-witness can be used by the public.
These include dealing with false reports and very large volumes of reports, for example in the event of a terrorist attack when hundreds of people might send in photographs or video footage of the same incident.
"We asked the police about [false reports] and they were less concerned than we were," said Hamminga. "They are used to dealing with spoof emergency calls and anonymous reports."
MMS-witness can be configured to ignore anonymous messages, he added. [That would be a mistake... Bob]
Waleli has yet to approach police forces in the UK but expects the system to arouse plenty of interest.
... According to market researchers at Gartner, there are 295 million cameraphones in circulation worldwide, so Waleli's system could significantly increase the number of "digital witnesses".
Photo Tagging as a Privacy Problem?
Posted by Zonk on Saturday June 02, @03:33AM from the unflatteringscarf-needstogetahaircut-newshoestoo dept. Privacy The Courts The Internet
An anonymous reader writes "The Harvard Law Review, a journal for legal scholarship, recently published a short piece on the privacy implications of online photo-tagging (pdf). The anonymously penned piece dourly concludes that 'privacy law, in its current form, is of no help to those unwillingly tagged.' Focusing on the privacy threat from newly emergent automatic facial recognition search engines', like Polar Rose but not Flickr or Facebook, the article states that 'for several reasons, existing privacy law is simply ill-suited for this new invasion.' The article suggests that Congress create a photo-tagging opt-out system, similar to what they did with telemarketing calls and the Do-Not-Call Registry."
How would you enforce such a registry, though?
Is this a bad thing?
The Private Outsourcing of US Intelligence Services
Posted by Zonk on Saturday June 02, @07:06AM from the who-spies-on-the-spies dept. The Almighty Buck United States Privacy Politics
mrbluze writes "It appears that more and more of the data collection sanctioned by the US government is passed through the hands of private enterprise, Salon reports. 'Because of the cloak of secrecy thrown over the intelligence budgets, there is no way for the American public, or even much of Congress, to know how those contractors are getting the money, what they are doing with it, or how effectively they are using it. The explosion in outsourcing has taken place against a backdrop of intelligence failures for which the Bush administration has been hammered by critics, from Saddam Hussein's fictional weapons of mass destruction to abusive interrogations that have involved employees of private contractors operating in Iraq, Afghanistan and Guantánamo Bay, Cuba. Aftergood and other experts also warn that the lack of transparency creates conditions ripe for corruption.'"
Wire me up!
Gartner: The 40-Hour Workweek Era Is Ending
June 1, 2007 By Deborah Perelman
By 2015, there will be more workers who interact with technology, but they'll be working a whole lot less hours each week, finds a Gartner research report released on May 30.
Gartner argues that three of the four traditional pillars of work—the living wage, long-term relationships with loyal employers, and government- or company-provided pensions—have already gone the way of the dinosaurs, leaving only the 40-hour workweek.
But this, too, is not long for the employment economy, the report said. Societal views on primary wage-earner and caregiver roles, as well as on retirement, are in the midst of changing, taking with them the de facto 40-hour work week. Individuals are already reconsidering its pervasive influence, the report argues, and the dialogue is becoming increasingly political.
Those most affected are at the helm. Retiring Baby Boomers, working-age mothers and Generation X workers are seeking a more fulfilling work/life balance, and the traditional workplace structure is holding them back. The report said that no longer will the workplace be dominated by single bread-winners who expect to retire at the end of their working life, and that businesses need to reckon with this trend.
"When people in these demographics have marketable skills, employers will find it difficult to ignore their requests for more flexibility," said Brian Prentice, research director of emerging trends and technologies at Gartner, in a statement.
... The report suggests that rather than adopt a draconian measure of cutting in half the working hours of all employees, employers that create 20-hour job descriptions will be in the best place to attract and retain the most qualified workers.
... Digital free agents as change agents
Yet, the decline of the standard 40-hour workweek will not occur in a bubble, but at the same time as a consumerization trend increases the roles that IT plays in people's personal lives.
"It will be very hard to draw a distinction between the personal and work computing environment. The shift in power away from the organization, and in particular, the IT department, will be even more significant with these people," said Prentice.
In what Gartner calls the emergence of the "Digital Free-Agency," individuals will be expecting to blend professional and personal computing requirements in an integrated environment. The report said that the effect of this user-driven practice coupled with new 20-hour job descriptions will change the workplace as IT knows it.