Saturday, June 16, 2007

It's becoming clear that computer security is a figment of the imagination at most organizations. We need something massive to serve as a motivator.

Can we shoot them now? Please? (This happened in January, they just didn't bother telling Congress...)

Los Alamos Managers E-Mail Nuke Secrets

By Noah Shachtman Email June 15, 2007 | 2:26:27 PM

Because hiding secrets in a meth lab is just too secure...

Officials with the contractor that runs Los Alamos National Laboratory sent top-secret data regarding nuclear weapons through open e-mail networks, the latest potentially dangerous security breach to come to light at the birthplace of the atomic bomb, two congressmen said...

But [Energy Department] and lab officials who subsequently appeared before a congressional committee investigating security problems at the nuclear weapons lab never mentioned it, according to a letter the congressmen sent Energy Secretary Samuel Bodman...

The breach occurred when a consultant to the LANS [Los Alamos National Security LLC] board, Harold Smith, sent an e-mail containing highly classified, non-encrypted nuclear weapons information to several board members, who forwarded it to other members, according to a Washington aide familiar with the investigation who asked not to be named because the information is sensitive.

The notice went out that there had been a breach, an official was pulled out of a White House meeting and told, and Lawrence Livermore National Laboratory flew a team across California and recovered the laptops within six hours, [Did they get the copies the ISPs make? Bob] the aide said.

Lawmakers were assured no damage was caused, [Usually it's the politicians who do the lying... Bob] according to the aide.

Deny, deny, deny! Also try some obfuscation...;_ylt=AhgLs7pWq7pTw.JOZzb4qIYE1vAI

Disk with Ohio state worker data stolen

Fri Jun 15, 11:28 AM ET

A disk carrying the Social Security numbers and other personal information on all 64,000 Ohio state employees was stolen from a state worker's car last weekend, Gov. Ted Strickland said Friday.

Strickland said it takes special equipment to access the information on the disk, [Wait! Don't tell me! It takes a CD reader, right? Bob] so he doesn't believe the workers' privacy is in jeopardy.

... Strickland said the Ohio employee mistakenly left the disk, a backup, in a vehicle parked outside an apartment Sunday.

The employee is being investigated, [How common is this? Bob] but there is no reason to believe there was a security breach, [...other than our announcement of a security breach. Bob] he said. He also issued an executive order [“Be more careful! “ Bob] that would change state procedures for handling the data.


64,000 Ohio Workers Caught In Data Breach

By Martin H. Bosworth ConsumerAffairs.Com June 15, 2007

... The unidentified intern had been incorrectly authorized to take the copied data home with him as part of the state government's regular policies on backing up sensitive data. [I can't seem to parse that sentence. Is it policy to take backup file home? (Yes. See below) Could the intern have been “correctly authorized?” Does anyone in Ohio know what's happening? Bob]

... Strickland said. "There's no reason to believe a breach of information has occurred." Nevertheless, Strickland authorized all affected employees to be provided with free credit monitoring for one year, at a cost to the state of $660,000. [That's a $660,000 “nevertheless” Bob]

More... Including telling the CPO to do what he should have been doing all along! News June 15, 2007 –

Governor Reports Theft of State Data Storage Device

... It was determined the device contained personal employee information after reviewing 338,634 files in 24,333 folders over four days. [Why was this necessary? Because they don't have a data management system! Bob]

Tuesday it appeared that some of those 338,634 files might have contained names and social security numbers. After two days of review, it was determined that the names and social security numbers for all state employees were on the device.

... Electronic data management standards at the intern’s worksite call for one set of backup data to be stored off-site and the intern had been inappropriately designated to store the data at his home. [Fire that manager! Bob]

Does this make you feel all warm and fuzzy, or are you thinking it would be a great way to slow down the investigation? Could they at least check to see if the guy who took the device passed anywhere near the place it was found?

Missing UTPA mobile drive found; security scare declared over

Daniel Perry June 15, 2007 - 8:51AM

EDINBURG — A University of Texas-Pan American groundskeeper was credited Friday with finding a portable storage device that had gone missing more than a week earlier, causing an information security scare for 1,500 full-time employees.

... An employee took the storage device home to do work the weekend of June 2-3 and discovered it lost June 4. University police were notified June 5, according to a statement UTPA released Thursday. The device contained the names, salaries and Social Security numbers of more than two-thirds of the university’s 2,200 employees.

... Langabeer said he has now banned employees from taking thumb drives and other Internet technology off campus. And university leaders are considering putting limits on how much work employees can do at home. [Tossing out the baby with the bathwater? Bob]

Tools & Techniques

June 14, 2007

Investigations Involving the Internet and Computer Networks

"This National Institute of Justice Special Report is intended as a resource for individuals responsible for investigations involving the use of the Internet and other computer networks. Any crime could involve devices that communicate through the Internet or through a network. Criminals may use the Internet for numerous reasons, including trading/sharing information (e.g., documents, photographs), concealing their identity, and gathering information on victims. The report is among a series of guides on investigating electronic crime."

You CAN have it both ways! (OR) Why you need a lawyer.

Is Banning Bootlegs Constitutional? No... But, Yes

from the say-again? dept

Apparently, the Second Circuit Court of Appeals has taken on the issue of whether or not a law banning concert bootleg recordings is unconstitutional. The court found that it actually is unconstitutional. It violates the copyright clause of the Constitution ("promote the progress... for a limited time...") because it does not set a limited term on the rights of the content producer. However, even after admitting that, the court then turns around and says that the law is constitutional, as long as you ignore the copyright clause and focus instead on just the commerce clause, which allows Congress to make laws regarding commerce. This seems like an odd sort of ruling, and basically suggests that Congress can now start passing more draconian, unconstitutional intellectual property laws... as long as they're related to commerce. That seems problematic since it opens up quite a loophole in the limitations that the Constitution put on intellectual property laws.

Is this common?

Patrol's subpoena power bringing calls for change


WORLD-HERALD BUREAU Published Friday | June 15, 2007

LINCOLN - Laws allowing the Nebraska State Patrol to gather information on people without a court order give that agency a troubling amount of power, some legal and communication experts say.

On the Web: Attorney general's opinion on State Patrol administrative subpoenas

Am I reading this right? The law sucks?,1759,2146674,00.asp?kc=EWRSS03119TX1K0000594

Judges Back Retailers in Credit Card Cases

By Evan Schuman, Ziff Davis Internet June 15, 2007

Unless the U.S. Court of Appeals for the Ninth Circuit intervenes early next year, retailers who have been sued for printing federally prohibited information on consumer credit card receipts will almost certainly get off the hook.

Two federal judges this week rejected a critical class-action certification request from the consumers suing the retailers.

Those two federal judges are in addition to a third federal judge who recently ruled in an almost identical manner.

In the initial lawsuits filed early this year, nearly 50 of the nation's top retailers—including Rite Aid, Harry & David, Ikea, KB Toys, Disney, Regal Cinemas and AMC Theaters—were accused of printing full credit card numbers and expiration dates on printed customer receipts, violating a provision of the FACTA (Fair and Accurate Credit Transactions Act) that makes it illegal for a retailer to print more than the last five digits of a credit/debit card number. It also forbids printing the card's expiration data on that receipt. This is known as masking or truncation. The rule took effect in phases, but by December 2006, the latest of its phases kicked in.

More recently, at least two of those defendants have filed lawsuits against their POS vendors, saying that the POS firms should have protected the retailers when writing their POS software. [...and they couldn't find one who did? Bob]

... Three of this week's decisions came from cases in front of U.S. District Court Judge R. Gary Klausner. Klausner—ruling in Taline Soualian v. International Coffee and Tea, Frida Najarian v. Charlotte Russe and Fredrick Najarian v. Avis Rent-A-Car—said that the retailers involved couldn't afford to pay the fines involved in the case if it were certified to proceed as a class-action. [Is that a defense? Bob]

"A finding of willful violation would create liability of up to $1.66 billion in the absence of actual harm," Klausner wrote in the Avis decision. "The potential statutory damages would be particularly excessive here, since Plaintiff alleges no actual injury on behalf of himself or any class member, admits he has suffered no actual damages and expert analysis shows that it is impossible for there to be any injury."

In his Charlotte Russe decision, Klausner also said that the retailer changed its procedures after being sued, which showed good faith. [So, ignorance of the law IS a defense. Bob]

... "Apparently, some of the judges think our cases are too good to be certified. We’ll see what the Ninth Circuit thinks about this sort of legislating from the bench," Moore said. "The Ninth Circuit is going to have to decide whether judges can deny class certification because they don’t like the laws passed by Congress."

Some really interesting “guidelines” Can we expect this to broaden to all “employee monitoring? Lots of risk here!,1759,2147078,00.asp?kc=EWRSS03119TX1K0000594

NYSE, NASD Propose E-Communication Guidelines

By Brian Prince June 15, 2007

The New York Stock Exchange and NASD have proposed new guidelines to help companies supervise and review electronic communications.

The 12-page document, released June 14, is the result of work by a committee that included representatives from securities firms.

... Among the highlights: Companies should review and supervise any communication between employees and customers made through non-company e-mail, such as Web-mail; they should have policies relating to message boards and e-faxes, and should clearly delegate who is responsible for reviewing the communications.

How dare they enforce the law! (The last couple of paragraphs are interesting...

HIPAA audit at hospital riles health care IT

Industry on edge after feds examine data security procedures at Atlanta facility

June 15, 2007 (Computerworld) -- An audit of Atlanta's Piedmont Hospital that was initiated by the U.S. Department of Health and Human Services in March is raising concerns in the health care industry about the prospect of more enforcement actions related to the data security requirements of the federal HIPAA legislation.

The audit was the first of its kind since the Health Insurance Portability and Accountability Act's security rules went into effect in April 2005, joining data privacy mandates that were already in place. The security rules require organizations that handle electronic health data to implement measures for controlling access to confidential medical information and protecting it against compromise and misuse.

... But an HHS document obtained by Computerworld shows that Piedmont officials were presented with a list of 42 items that the agency wanted information on.

Among them were the hospital's policies and procedures on 24 security-related issues, including physical and logical access to systems and data, Internet usage, violations of security rules by employees, and logging and recording of system activities.

... The fact that the audit appears to have been conducted by the Office of the Inspector General (OIG) at the HHS is puzzling, said Lisa Gallagher, director of privacy and security at the Healthcare Information and Management Systems Society in Chicago. She said most people in the health care industry had assumed that any security-related enforcement actions would be taken by the CMS, which administers the HIPAA security rules.

... However, it isn't just enforcement by the HHS that health care providers and other organizations handling medical data need to be concerned about, said Peter MacKoul, president of HIPAA Solutions, a Sugar Land, Texas-based firm that offers tools and services to help companies comply with the law.

MacKoul said that increasingly, law enforcement authorities and courts are using and interpreting HIPAA in ways that could have broad implications for organizations handling health care data.

For instance, the North Carolina Court of Appeals last year overturned the decision of a trial court to dismiss a HIPAA-related complaint brought by an individual against a psychiatrist's office. The verdict basically allowed the plaintiff to use HIPAA as "a standard of care" to bring an individual action against an organization, MacKoul said.

In addition, he noted that HIPAA initially applied only to electronic medical records. But, MacKoul said, courts have extended the law to cover paper records as well -- a fact that some health care providers may not be aware of.

Go figure!

Avvo lawyer-rating site slapped with class action

Posted by Declan McCullagh June 15, 2007 1:19 PM PDT

A lawyer-rating site that inexplicably gave convicted felons higher numeric scores than law school deans is, in a move that was entirely predictable, being sued.

For those of us getting into video...

Video: Open-source video player works for all file types

Democracy Player wants to replace your TV

Democracy Player, set to be called Miro Player with its next release, is an open-source video player that works for almost every type of video file. With an interface similar to iTunes, it also has a channel guide where you can set up automatic downloads of your favorite Web shows, from "Ask a Ninja" to National Geographic Wild's Seth Rosenblatt takes a look.

2 minutes 4 seconds Jun 15, 2007 4:00:00 PM

Friday, June 15, 2007

Ignorance R us! (OR) “Don't bother me with details!”

Personal data was just a few clicks away

Simple log-in names let Cedarburg students into server

By TOM KERTSCHER Posted: June 13, 2007

Cedarburg - A generic log-on and a few simple mouse clicks enabled students to see personal data of hundreds of current and former Cedarburg School District employees, several teachers and students said this week.

The breach in the district's computer network was revealed last week when a Cedarburg High School student asked a teacher if a certain nine-digit figure - the teacher's Social Security number - meant anything to him.

The student then gave the teacher more than 30 pages of printouts of the data, as well as instructions on how to access it on the district's computer network, teachers said.

The log-on and password, according to students, were simple: Both were the word student. [Remember that the next time someone claims their files are “Password Protected” Bob]

... The students and teachers who spoke this week about the breach did so on the condition of remaining anonymous, saying they feared reprisals from the School District.

According to those interviews:

One or more students discovered that logging on to the computer network using the student-student user name and password allowed them access to the names, addresses and Social Security numbers of current and former School Board members, administrators, teachers and staff of the School District.

The data was contained in a folder labeled "W-2," which could be reached with a few keystrokes after logging on to the network.

The W-2 folder, and the files inside of it containing the personal data, did not require any passwords to be viewed.

Herrick said the addresses and Social Security numbers of employees may have been accessible as early as September 2004. [We just don't know... Bob]

Herrick said he would not discuss until tonight's meeting how often the data might have been improperly accessed by students or employees.

He also would not discuss whether any actions are being taken against an employee who put the data on a "shared drive" of the computer network, but said the employee did so believing it was secure there. [At minimum, the need for a little security training is indicated. Bob]

... Another student said district officials questioned students who are computer savvy, [You have skills, you might be guilty? Bob] but that in his opinion the data was easy to access.

... So far, the School District has not received any reports of misuse of the personal data since the problem was disclosed June 5. [Another self-serving but meaningless statement. Bob]

... "It was definitely a lapse in security," said School Board President John Pendergast, but he added that he wants to reserve judgment until tonight's meeting about whether the School District had taken proper precautions with the personal data. [I'll save you time: NO! Bob]

... Bank account numbers were also accessible in the area where the addresses and Social Security numbers were stored, but it is not known whether the account numbers were accessed.

Same problem, different “manager”

Arkansas Board of Psychology Web Exposure of SSN and DOB

Thursday, June 14 2007 @ 04:25 PM CDT Contributed by: PrivacyNews

On June 11, Aaron Titus notified of a breach involving web exposure of the SSN, DOB, and other information on 285 licensed psychologists in Arkansas. You can read more details in his blog.

As has been the policy of this site, and at the request of the Executive Director of the Arkansas Psychology Board whom I contacted about the breach, this site withheld posting notice of the breach until the cached copy of the file was removed from Google.

Despite Google's assurances to the Board that the cached copy would be removed within 24-48 hours, it took three days for the cached copy to be removed. Google can and must do better when it comes to removing files that contain sensitive information.

If this was a big bag of cash, would it have been transferred this way?

Personal banking info goes missing

By Jenn Marshall The news Bulletin Jun 14 2007

Personal and financial information of about 120,000 Coastal Community Credit Union members could be in jeopardy.

Data tapes that the credit union moves from site to site to do computer backups were stolen from the courier company that transports them, said Garth Sheane, CCCU president and CEO.

But the credit union is confident the thieves cannot access the information on the tapes, as specialized commercial software is needed. [“Commercial” means, you have to buy it at WalMart Bob]

Well that didn't last long. I still think this is a natural (and ethical) tool for the police. (Not that there might not be potential abuses later...)

Court reverses ban on NYPD videotaping of protesters

By The Associated Press 06.14.07

NEW YORK — A federal judge reversed his own ban on routine police videotaping of political activities, saying uncertainty had arisen about whether demonstrations at the heart of the case had been as law-abiding as participants maintained. [That should not be the deciding factor. Bob]

... The case evolved from what are known as the Handschu guidelines, which date to 1985. They require that police videotaping be for legitimate law enforcement purposes and follow a procedure that includes getting permission from a police official. The guidelines were named after the lead plaintiff in a 1971 case that included 1960s radical activist Abbie Hoffman and others as plaintiffs.

The Handschu guidelines were modified after the terrorist attacks of Sept. 11, 2001, to help the police department investigate terrorism or terrorism-related crimes.

In exchange for those modifications, the police department “promised to enact (and impliedly to follow)” the guidelines, Haight wrote Wednesday.

“If the N.Y.P.D. should break its promise to the court, I am not required to sit idly by with my hands tied,” he wrote.

Isn't everyone doing this? Shouldn't they?

Monitoring of workers e-mail jumps

The Associated Press June 14, 2007, 2:09PM EST

NEW YORK Jane Terry has done more than her fair share of e-mail policing.

As president of Santa Ana, Calif.-based manufacturer Ajax Boiler Inc., Terry has on two occasions caught employees breaching network security. While testing a new company software system, she stumbled upon a staff member bringing a rival's proprietary information into Ajax's system. Terry spent $6,000 fixing that problem, and hundreds more when a senior manager at the 100-employee company hacked into the network of a former employer, with whom he was involved in a lawsuit.

"We found him reading the HR manager's e-mail," said Terry. "He was involved in a lawsuit and was probably looking for information on it. It was unbelievable."

Both staff members would have escaped notice if it weren't for a recent upgrade to Ajax's security software. The product, made by Vero Beach, Fla. -based SpectorSoft Corp., essentially records everything employees do on their computers including Web sites they have visited, time spent looking at a site, e-mails they have sent, and more.

... "You want to monitor your existing technology, but you need to stay up on what's new -- especially if you have a young work force," said Nancy Flynn, executive director of the ePolicy Institute.

... Some applications can detect credit card and Social Security numbers in an e-mail message, [Sounds like a great identity theft tool... Bob] a spreadsheet or an attached Word document; others limit accessibility of certain documents to a specific number or group of people.

... Washington D.C. RPost provides a service sponsored by 15 bar associations nationwide that gives legal proof that a message was received and also provides proof of the contents of the message, including attachments.

Not a common dissertation topic...

Fi: Doctoral thesis says privacy protection has expanded

Friday, June 15 2007 @ 06:30 AM CDT Contributed by: PrivacyNews

Protection of privacy has been underscored considerably by Finnish courts in recent years, alongside freedom of speech, says Päivi Tiilikka in a doctoral thesis that she is defending on Friday at the Faculty of Law at the University of Helsinki.

Her thesis, Sananvapaus ja yksilön suoja: Lehtiartikkelin aiheuttaman kärsimyksen kovaaminen ("Freedom of Expression and Protection of Privacy. Compensating for Suffering Caused by a Newspaper Article") is the first doctoral thesis in Finland on the legal responsibilities of the press.

"Courts have given more attention than before to the fact that people in the public eye have the right to protect their privacy, if their private lives are not linked with the use of power in society", Tiilikka points out.

Source - Helsingin Sanomat

Is your organization a potential target of protesters?

Coming attractions for history's first cyber-war

By Charles Cooper Story last modified Fri Jun 15 04:00:04 PDT 2007

... Another fascinating whodunit novella is playing out a few time zones away from here in the nation of Estonia--but this one is for real. In case you missed the news, here's the headline version: in late April, Estonia's government moved a Soviet-era war memorial commemorating an unknown Russian killed fighting the Germans.

... So it was that Estonia's decision triggered rioting among that same population. One man was killed, and 153 people were injured. In Moscow, President Vladimir Putin very publicly criticized Estonia and demonstrators blockaded the Estonian Embassy.

Up until that point, the storyline played out with few surprises. Eastern Europe is still a cauldron of conflicting nationalistic passions where there's not always a shared, agreed-upon narrative of the post-War era.

Then things got squirrelly.

Despite their nation's small size, Estonia's 1.4 million people represent one of the most wired populations in the entire world. The Parliament actually declared Internet access to be a basic human right. Unlike the U.S., which seems congenitally unable to resolve the mystery of e-voting, Estonia has been using the Internet to elect representatives since 2005.

So if some group wanted to really wreak havoc, how better than to strike at Estonia's Internet infrastructure? And that's what happened. Shortly after the government announced its decision, Estonia's Web sites--including those of government ministries and the prime minister's Reform Party--came under attack in a distributed denial of service attack that lasted for weeks.

Russia rejected accusations that the government had anything to do with the cyber barrage. In an earlier interview with CNET, Jose Nazario, a security researcher from Arbor Networks, suggested that the 100 to 200 megabit per second size of the attack waves was on the low side of the average DOS attack. Whoever it was, though, knew what they were doing. Things got so bad that NATO was invited to provide technical assistance to help shore up Estonia's defenses. A NATO spokesman had it right when he said that in the 21st century, it's not just going to be about tanks and planes. What he didn't say was whether this represented the opening shots of history's first cyber war.

... "It's taken cyber protest to the next level," Denning said. "It can happen here or to any country where people are unhappy. These were serious attacks which lasted long time. And it proves you need defenses."

How to encourage sex offenders to use anonymity tools?

7 Sex Offenders Who Use MySpace Arrested

By MONICA RHOR Associated Press Writer Jun 15, 7:36 AM EDT

HOUSTON (AP) -- Seven convicted sex offenders with profiles on have been arrested in what Texas officials said was the country's first large-scale crackdown of registered offenders who use the social networking Web site.

... They were picked up after released the names of offenders with online profiles to the state Attorney General's Office, which had issued a subpoena for the site's subscriber information.


Are Social Network Private Messages More Private Than Email Under The Law?

from the courts-and-technology dept

It's always interesting to see how courts deal with changing technology. For example, it's pretty common for courts to order emails to be handed over in certain lawsuits as part of the discovery process. However, for many younger people, email has taken a backseat to more popular private messaging features on social networks like MySpace and Facebook. In a recent court case, one side requested access to the private messages in the same manner that they would normally request access to email. However, both MySpace and Facebook have privacy policies saying they won't share the info (though, both say that they will under a court order). In this case, the court decided that it was too early to hand over access to such private messages, saying that the defendant's lawyer needed to first use other routes to try to find the information he was looking for before the court would blindly hand over access to social network private messages. It's likely that this type of request will start to become more popular in court cases -- and it may be difficult for judges to believe that social networking private messages are effectively any different than email. [Agree. Bob]

From the CPO. In brief, it says “do no evil,” but it nicely summarizes the major points.

June 14, 2007

DHS OIG Privacy Policy Guidance Memo Regarding Use of Social Security Numbers

Privacy Policy Guidance Memorandum 2007-02 Regarding Use of Social Security Numbers at the Department of Homeland Security, June 4, 2007 (PDF, 4 pages)

Attention graphics people! Imagine this as a way to tour the neighborhood when you are looking to buy a house. Lots of potential! (Can Google be far behind?)

Everyscape: A 3D Worldviewer Made From 2D Photos

Everyscape aims to be able to show you the whole world -- both inside and out -- from its website. It plans to do this with normal 2D photos. Using proprietary technology Everyscape will stitch these photos together and 3D-ify them. The result is a pan-n-scan world accessible through a Flash viewer.


Google to use YouTube to amass video database


By Elise Ackerman Mercury News Article Launched: 06/13/2007 01:37:35 AM PDT

It is commonly believed that Google bought YouTube for $1.6 billion because the wildly popular video-sharing site represented a great way for the search giant to expand into video advertising.

It turns out the site could bring an even bigger benefit to the Mountain View company: It may provide a way for Google to easily and legally amass the world's biggest database of video, helping it figure out better ways to search that kind of material.

This is amusing, but not very likely (in my humble opinion...)

Future of Media Video: Google Takes Over the World by 2050

Written by Richard MacManus / June 14, 2007 / 15 comments

Davide Casaleggio sent a tip to Read/WriteWeb about a video his company produced exploring the future of media. It is a very cool 6-minute video, which takes some educated (and imaginative) guesses at how the Web and media will evolve over the next 40-50 years.

Turning education into entertainment?

NBC Developing Web Site for Students


Imagine Tim Russert introducing a classroom history lesson about the Articles of Confederation, or Brian Williams describing the reverberations of the Stamp Act.

NBC News actually has, and in a formal presentation to broadcast industry analysts today, the network is to announce an online venture intended as a supplement to Advanced Placement high school courses in three subjects: American history, government and English. The effort, which the network is spending nearly $10 million to develop, draws heavily on its exhaustive film and video archives chronicling the most important events of the last half century, as well as on its best-known journalists, who will have a chance to report on stories that occurred long before they were born.

... In turning to the classroom as a potential pool of new viewers, NBC is following in the footsteps of other mainstream media organizations, including newspapers like The New York Times, which has long had a newspaper-in-education program, and Time magazine, which repackages some of its articles for use in classrooms as early as the first grade.

Thursday, June 14, 2007

This is “Do no evil?”

Want Off Street View? Google Wants Your ID and a Sworn Statement

Wednesday, June 13 2007 @ 09:09 AM CDT Contributed by: PrivacyNews

EFF privacy advocate and unhappy Street View model Kevin Bankston made good on his vow to try out Google's take-down policy after THREAT LEVEL found a picture of his unwitting mug stalking the sidewalks near EFF's offices. What he learned: Google is happy to remove you from Street View ... provided you give them a wealth of additional information, including a photo of your driver's license.

Source - Threat Level (blog)

First use of IM?

Police Blotter: Teenage murderers convicted through IM logs

By Declan McCullagh Story last modified Wed Jun 13 19:19:14 PDT 2007

What: A teenage girl, her boyfriend, and a mutual friend jointly murder girl's mother, who was opposed to the relationship.

When: California's Court of Appeal, Fourth District, rules on June 8.

Outcome: Convictions upheld, based in part on a series of incriminating e-mails and instant messages.

What happened, according to court documents:

... What makes this case relevant to Police Blotter is that detectives unearthed a series of e-mail and instant-message exchanges between the then-teenagers and used them as evidence in the trial. In them, Bell referred to himself as a potential murderer and said he would do anything for DeMola, including "kill'n for you."

Circumstantial evidence that you “have something to hide?”

Companies That Clean Up Bad Online Reputations

Posted by samzenpus on Wednesday June 13, @10:02PM from the it-never-happened dept. The Internet

Radon360 writes "As the ever-increasing amount of information available online becomes indexed and searchable, more and more people find themselves potentially at risk of having unwanted personal information revealed or their names incorrectly associated with inflammatory topics. The are several firms that now sell their services of trying to remove or bury such information that their client deems offensive or troublesome. Companies, such as ReputationDefender and DefendMyName will, for a fee, do the legwork to find content that negatively impacts your reputation and have it removed or buried deeper in search rankings. However, some of these efforts can backfire, as the act to get it taken down can sometimes draw more attention than the offending content in the first place."

Who could use that service you ask?

Site Exposed More Than Paris Hilton

Wednesday, June 13 2007 @ 06:35 PM CDT Contributed by: PrivacyNews News Section: Breaches

The operators of an X-rated Paris Hilton web site exposed the credit card numbers and identities of about 750 subscribers who signed up after the site recently returned online in the face of a federal court injunction, The Smoking Gun has learned. After a tip from a visitor who read TSG's June 11 story about the re-launching of the site,, a reporter was able to easily access the subscriber list by changing a few characters in the web address for the site's sign-up page. [I'm shocked! Imagine, a porn site using technology poorly! Bob] Included in the lengthy list are a subscriber's name, e-mail address, password, phone number, mailing address, and credit card number.

Source - The Smoking Gun

Well, DUH!

June 13, 2007

Paper Addresses Legal Education and the Promise of New Technology

Koo, Gene, New Skills, New Learning: Legal Education and the Promise of New Technology (March 26, 2007). Berkman Center Research Publication No. 2007-4, via SSRN. [thanks Darlene Fichter]

  • "Today's legal workplace demands technology-related skills that the traditional law school curriculum does not cover. The original research conducted for this white paper finds that these skills include organizing complex distributed teams, exploiting data and information on the Web, and "meta-lawyering" (establishing systems of practice). The study also finds that traditional methods of training such as apprenticeship have eroded in recent years and that law schools often overlook skills education, leaving a large gap in training of all skills and not just technology-related ones. The paper discusses how thoughtful use of pedagogical technology can address these needs, arguing for integrated and authentic learning experiences rather than "teaching technology" in the abstract."

A direct consequence of the “long tail!” If there is a market (one person in ten million) you can build a business around them.

Online Patient Groups Demonstrate The Power Of Coordination And Information

from the feeling-better dept

Groups of patients advocating for more research on specific diseases are nothing new. But thanks to the internet, these groups are rapidly growing in clout. Not only are they able to push for more research on a given disease, but they are able to do things like share information with members and raise funds together. They're also taking a proactive role in medical innovation, as patients can coordinate ad-hoc drug trials among themselves (e.g. everyone keeps track of their side effects and shares them with each other) or find individuals for studies in need of volunteers. One of the things the internet is great at is lowering the costs of coordination among widely dispersed groups. Projects like Wikipedia are an obvious example of this phenomenon, but as this story demonstrates, online coordination can also serve an offline purpose. And it often does; even sites like Facebook and MySpace tangibly help young people, ahem, "hook up". More professional networks are there to help people land jobs or fill vacancies. A site for film photography enthusiasts helped establish an actual factory for making a certain kind of film that had gone out of production. In addition to the obvious connection between these examples, they also underline the point that the "information economy" isn't about selling information, but about using it to create value in other things.

Interesting trend. Will “national” currencies be replaced? (Isn't that a Euro?) Could games launder money? Or hold value during a domestic economic disruption?

Could In-Game Currencies Substitute For The Real Thing During A Crash?

from the WoW-gold-to-the-rescue dept

There's been a lot of discussion about the fact that currencies and goods in virtual worlds have become quite valuable in the real world. This has prompted lawmakers all over the world to address the economic implications of these currencies, as existing regulations aren't designed to handle in-game economies. But perhaps lawmakers should be looking to the past for clues. Dave Birch discusses a period during the Great Depression when the US literally ran out of currency, and private organizations had start printing their own currency for local use. One such printer was Parker Brothers, which used their Monopoly money printing presses to help out their hometown of Salem, Mass. Technically, they weren't printing Monopoly money itself, but the company was able to take advantage of the fact that it had experience printing out bills. Hopefully, we won't have another collapse again, but if we were to, you might want to hold onto your Linden Dollars.

Would this be illegal if Apple was a monopoly?,132851-c,pdacellphonehybrids/article.html

IPhone Requires iTunes, Apple Says

Customers will need an iTunes Store account to activate the iPhone--separate from the wireless contract.

John Blau, IDG News Service Wednesday, June 13, 2007 6:00 AM PDT

... The move will allow Apple to create its own billing relationship with iPhone customers, rather than collecting payments for any iTunes purchases they make via the mobile operator.

Not California!

California Looking To Pervert The Meaning Of Trademark Law

from the tragic dept

We've always tried to highlight how trademark law is quite different than copyright and patents, in such a way that it shouldn't even be considered under the same "intellectual property" umbrella. Both copyright and patents were designed as limited monopolies to provide incentives to creators of content or ideas. That is, it's a "necessary evil" for the sake of promoting content and ideas. Trademark law, on the other hand, is supposed to be about consumer protection. The idea is that Bob can't pretend that Bob's Cola is really Coca-Cola and mislead you into buying a different product than the one you thought you were buying. In other words, it's not about the incentives for the ownership of rights -- but about making sure consumers aren't misled. Unfortunately, ever since people started incorrectly lumping trademark law into the "intellectual property" bucket with copyrights and patents, plenty of people have tried to change the meaning and purpose of trademark law to make it more like those others (with similarly damaging results). One of the key ways to do this is to focus not on the consumer confusion aspect, but on claiming that trademark law is really about preventing "dilution" of the trademark. This is twisting the purpose of trademark law, but it's increasingly becoming an accepted aspect of trademark law -- though, the stronger it becomes the worse off we'll be.

In fact, it appears that legislators in California have been convinced that trademark needs to be a lot more like copyrights, and have put forth a bill that would greatly expand the power of trademark law along these lines. Even worse, it would remove many of the fair use protections that people get, that are supposed to protect intellectual property law from being abused. The law would also add liabilities to sites like eBay if trademark infringing goods are sold on the site -- even though it's impossible for eBay to recognize what's infringing and what isn't. Basically, this is a law (at the state level) that makes trademark law much worse than the worst points of copyright law. Considering just how badly copyright law is already abused, just imagine how badly this trademark law would be abused if passed?

I'm not sure how to take this. 1,000,000 victims and three arrests?

Over 1 Million Potential Victims of Botnet Cyber Crime

June 13, 2007 Washington D.C. FBI National Press Office (202) 324-3691

Today the Department of Justice and FBI announced the results of an ongoing cyber crime initiative to disrupt and dismantle “botherders” and elevate the public’s cyber security awareness of botnets. OPERATION BOT ROAST is a national initiative and ongoing investigations have identified over 1 million victim computer IP addresses.

... “The majority of victims are not even aware that their computer has been compromised or their personal information exploited,” said FBI Assistant Director for the Cyber Division James Finch. [So will the FBI let us know? Do we need a law requiring someone (our ISP) to tell us? Bob]

From the same guys...

New FBI Guidelines Aim to Curb Abuse

By LARA JAKES JORDAN Posted on: Thursday, 14 June 2007, 00:03 CDT

WASHINGTON - The FBI is warning its agents to carefully review all personal data collected from Americans in terror investigations to protect their privacy rights and not to expect the evidence to remain secret.

The warning came in draft FBI guidelines made public Wednesday to be issued to correct abuses of so-called national security letters that were revealed in a Justice Department audit three months ago. The letters allow investigators to subpoena records, without court approval, in terrorism and spy cases.

Under the 24-page guidelines, which are effective immediately, investigators must request specific information - and justify its need - before the demand for data is sent.

What did J. Edgar know and when did he know it? (No doubt genealogists will find this useful as well.)

Get Grandpa's FBI File

"Find out now by ordering a copy of their FBI files and learn a bit more about your family history. Best of all, it's free! (Well, except for the cost of a postage stamp.)"

Would this be tolerated in any other department?,1759,2145815,00.asp

31 Days Lost Each Year Putting Out IT Fires

By Deborah Perelman June 13, 2007

Business managers in the United Kingdom lose 31 working days—more than 10 percent of the year—putting out fires that result from bad management of IT systems, according to a study released June 4 by Partners in IT, a U.K.-based service management company.

Nearly three-quarters (74 percent) of non-IT business managers surveyed said they spent, on average, 12 percent of their time each week dealing with problems caused by their IT systems. Eighty percent admitted IT system downtime was a productivity issue, and 90 percent of IT respondents in large companies admitted that downtime was such an issue that half (51 percent) cited it as a serious problem for them and their colleagues.

Isn't this more important than the Paris Hilton saga? Why nothing on the evening news?

Kim Jong Il has 'heart surgery'

June 14, 2007 Leo Lewis in Tokyo

Kim Jong Il, the enigmatic despot who runs communist North Korea, may have undergone major surgery last month in a secret operation performed by German doctors.

News of Kim’s alleged heart bypass operation and failing health has reportedly thrown intelligence agencies in the US, China and South Korea into a state of high-alert as the region contemplates the spectre of a leaderless, but still nuclear-armed, North Korea.

Another great marketing tool: Angry (and ignorant) politicians!

Politician offended by landfill ice cream


NEW YORK -- One Staten Island politician apparently doesn't have a sweet tooth for a locally-made vanilla ice cream with brownie chunks and cherries.

That's because the ice cream in question, marketed under the moniker "Staten Island Landfill," is "insulting and derogatory," borough president James Molinaro wrote in a letter on his Web site, in which he calls for a boycott of the treat, which is also packed with heart-shaped chocolate "crunchies" and fudge.

... Kim and Scott Myles, the Queens couple who founded 5 Boroughs Ice Cream, which produces "Staten Island Landfill," said they intended no harm with the moniker.

... The company markets other city-based ice cream flavors, including "Jackson Heights Mangodesh," "South Bronx Cha Cha Chocolate" and even "Upper East Side Rich White Vanilla."

... Those who tried the Landfill ice cream said the name wasn't a big deal.

"It's not like we'll be expecting to see a syringe or a rubber boot in there," said Joe Melendez, an ironworker from Brooklyn.

Wednesday, June 13, 2007

One of my personal heros...,0,7656221.story

Don Herbert, 89; TV's 'Mr. Wizard' taught science to young baby boomers

By Dennis McLellan, Times Staff Writer June 13, 2007

Will this make the news? I doubt it.

20,000 Utahns May Be Victims of Identity Theft

June 12th, 2007 @ 5:00pm Mary Richards & Sandra Yi Reporting

This week, the Utah Attorney General's Office will send out 100 letters to Utahns whose social security numbers may have been compromised. They are the first in the country, to do this. Utah authorities call it a moral obligation.

Some 20,000 Utahns have been identified as victims. Most of them don't even know their identity has been stolen; so many people will be surprised to get one of these letters in their mailbox.

Coming soon to a police force near you!

ChoicePoint Subsidiary Rolls Out License Plate Tracking System in UK

By Luke O'Brien May 30, 2007 | 5:43:43 PMCategories: Surveillance

Giant American data peddler ChoicePoint last week unveiled a new system in the United Kingdom for analyzing the thousands of license plate numbers collected by automated cameras nestled surreptitiously throughout the English heather. Called the "analyst's workstation" and designed by i2, a ChoicePoint-owned company, the system interfaces with three major databases and uses license plate information to help cops bust bad guys.

Say a passerby spots a suspicious green lorry idling near the scene of a burglary and gets a partial read on the tags. The workstation can call up a list of matching vehicles in the area. If John Smith, the notorious bandit, was rolling through the neighborhood in his green 2001 Ford Windstar at the time, the police now have a good suspect.

The last time we mentioned ChoicePoint in connection with license plate reading (LPR) technology, we got a stern reprimand from corporate flack Chuck Jones, who took issue with our quoting an LPR expert opining that ChoicePoint, which already harvests extensive personal info from the government, might one day find a use for trading in LPR data.

"To be clear, ChoicePoint does not obtain or sell -- and is not interested in obtaining and selling -- license plate information collected from license plate reading (LPR) equipment, better known as traffic or red light cameras. ChoicePoint is not in the business of monitoring the daily location of consumers." --Chuck Jones

In a follow-up e-mail, Jones said ChoicePoint would never [What is a promise like this worth? Bob] be interested in such a market. Our LPR expert tends to disagree. To be clear ourselves, when reached by phone in Cambridge, i2 spokeswoman Sarah Cooper said i2 does not obtain or sell LPR data. No word yet on when or if the analyst's workstation will reach American shores.

Readers might also be interested in this aggressively reassuring memo (.pdf) from ChoicePoint that seeks to dispel all your worst fears about the company.

On the flip side... Isn't this the path to a “Secret Police” mentality? Or perhaps we have just been demoted to second class citizens, again.

Is Videotaping the Police a Felony?

Posted by kdawson on Tuesday June 12, @07:42PM from the turnabout-is-fair-play dept. The Courts

AtomicSnarl writes "When Carlisle, PA, police noticed their traffic stop was being videotaped, they arrested the fellow with the camera for felony wiretapping. From the story: 'Kelly is charged under a state law that bars the intentional interception or recording of anyone's oral conversation without their consent... An exception to the wiretapping law allows police to film people during traffic stops.. [An assistant DA] said case law is in flux as to whether police can expect not to be recorded while performing their duties.'"

Attention Students! We're offering a new Major! (...and potential new grants)

Congressman Wants to Train Spies in College

By Luke O'Brien EmailMay 25, 2007 | 2:25:55 PMCategories: Politics, Spooks Gone Wild

Wiretapping is fundamental. An earmark tacked on to a new intelligence spending bill by Rep. Alcee Hastings (D-Florida) would fund college programs to train future spies. Hastings wants $2 million to finance "centers of academic excellence" at Florida schools that would educate America's youth on snooping and spooking and other intelligence matters.

... The $100 million in earmarks attached to the intelligence bill has riled some folks (more from USA Today here). Rep. John Murtha (D-Pennsylvania) hopes to bring home the bacon -- $23 million -- for his home state's National Drug Intelligence Center (NDIC) And Reps. Ed Markey (D-Massachusetts) and Roscoe Bartlett (R-Maryland) put in the most politically controversial amendment: a provision to require future National Intelligence Estimates to look into the dangers of climate change.

This might be a better (more profitable) major

Tech Lessons From Organized Crime And The Red Light District

from the just-what-the-world-needed dept

Chris Lindquist writes "Organized crime, porn peddlers, gambling sites--they all use technology to make a killing. has posted a collection of stories that spell out how these shady-side businesses uses IT for profit. Sadly, they seem to be far better at it than most companies: They're more agile, approach their operations with clear goals, apply appropriate technology for specific purposes, and they don't throw good money after bad. From the online techniques of penny stock scammers to innovation lessons from a pair of "accidental pornographers," to what you can do to fend off cybercriminals, the stories examine what the seedy side does right when it's doing wrong."

Whoever thought this one up should write for the movies. Take a minute to read it

Appeals Court Rules Cops Can Steal Cars and Lie to Victims To Conduct a Warrantless Search

By Ryan Singel EmailJune 08, 2007 | 1:11:23 PM

Hard to imagine how testing would fail to show this...

Ads Behaving Badly -- An Apology from Wired News

By Wired Admin EmailJune 12, 2007 | 2:35:55 PMCategories: Advertising

An advertisement went live on last night that obscured much of the site and gave readers no way to remove it for close to 8 hours. The ad was a so-called interstitial, admittedly one of the more invasive styles of online advertising, even when executed properly. In this case it was not, and for that we apologize.

Wired News has an ad review process to prevent things like this from happening, but it failed us in this case. We are examining what went wrong to ensure it does not happen twice. In the meantime, we are suspending all interstitial ads from the site until further notice.