Saturday, July 21, 2007

Utah makes Ohio look good!

Nevada governor accidentally posts Outlook password

Friday, July 20 2007 @ 03:45 PM CDT Contributed by: PrivacyNews News Section: Breaches

If you ever wanted to be Nevada's governor for a day, it doesn't seem to be that hard. In what could be a whopping security hole, Nevada has posted the password to the gubernatorial e-mail account on its official state Web site. It appears in a Microsoft Word file giving step-by-step instructions on how aides should send out the governor's weekly e-mail updates, which has, as a second file shows, 13,105 subscribers.

Source - C|net

Note: Declan notes in email that: The files have been deleted since my story went up, but, unfortunately for the governor's office, are still available on Google's cache:

You remember Ohio...

Ohio Inspector General releases report on state data theft; no referrals for criminal prosecution made

Friday, July 20 2007 @ 01:27 PM CDT Contributed by: PrivacyNews News Section: Breaches

An investigative report released this afternoon assigns "shared blame" for a series of decisions that led to the theft of a state computer device containing the personal information of more than 1 million Ohioans.

The report also revealed that the 22-year-old intern instructed to take the device home actually had two such devices in his car at the time, although only one was stolen.

Source - Toledo Blade

Related - State of Ohio OIG Report (pdf)

Do we have a data spill larger than TJX in the wings?

AU: Westpac scare snags cardholders

Friday, July 20 2007 @ 02:08 PM CDT Contributed by: PrivacyNews News Section: Breaches

THOUSANDS of credit card holders may find themselves in an embarrassing position the next time they go shopping.

Westpac confirmed yesterday it had cancelled thousands of Visa credit cards over the past week, due to a security scare. But a spokeswoman disputed a customer's claims the bank was leaving it up to cardholders to figure out whether they are affected, due to the sheer volume of cards involved.

Source - SMH Editor's note: wonder if this report could be linked to another story reported here yesterday out of upstate NY yesterday involving M&T Bank Visa

Fortunately Delaware is a tiny-tiny little state.

Computer data from Delaware courts stolen

Friday, July 20 2007 @ 01:25 PM CDT Contributed by: PrivacyNews News Section: Breaches

A computer hard drive containing personal information related to criminal cases in Superior Court, Family Court and the Court of Common Pleas has been stolen, Delaware’s judicial branch announced this morning.

The hard drive was in luggage stolen from an employee of Affiliated Computer Services Inc., which manages some of Delaware's information technology.

... More than 2,700 people will receive letters informing them that their personal information may have been contained on the stolen hard drive.

Source - Delaware Online

(update) SAIC: 900,000 health records possibly compromised

Friday, July 20 2007 @ 10:51 AM CDT Contributed by: PrivacyNews News Section: Breaches

The personal health care records of close to 900,000 troops, family members and other government employees stored on a private defense contractor’s nonsecure computer server were exposed to compromise, the company announced Friday.

... Although SAIC announced the data breach Friday, the company acknowledged it has known about the problems since May 29, when U.S. Air Forces Europe notified SAIC that it had detected “an unsecure transmission [The data wasn't encrypted! Bob] of personal information concerning uniformed service members and other individuals,” according to a SAIC press release.

However, SAIC had concerns about a potential problem even earlier. Two weeks before USAFE contacted the contractor, SAIC shut down the server “based on general concerns regarding the security of transmissions,” the press release said. SAIC confirmed that personal information had, in fact, been transmitted in a nonsecure manner and stored on an unsecured computer.

... Affected are service members and family members of the Army, Navy, Air Force, Marine Corps and the Department of Homeland Security. The breakdown includes 173,939 Army; 151,315 Air Force; 96,925 Navy; 26,171 Marine and 10,415 Coast Guard. All told, SAIC officials said, the breach involves data on 867,000 individuals.

Source - Army Times
Related - SAIC Response to Data Security Failure

Will Google follow? (Nope) To Launch AskEraser To Erase Search History & New Data Retention Policy

Jul. 19, 2007 at 5:36pm Eastern by Barry Schwartz announced that they will be launching "AskEraser" in the near future, a feature to allow you to erase your search history. Ask also said it will be implementing a new 18 month data retention policy, where searches will be disassociated from IP addresses or cookies that might possibly be used to link them back to searchers.

Tools & Techniques Yes Virginia, it is that easy! (You don't suppose this is what the FBI uses...),1759,2161000,00.asp?kc=EWRSS03119TX1K0000594

Dirty e-Deeds Done Dirt Cheap

July 20, 2007 By Lisa Vaas

A security firm has uncovered an easy-to-use, affordable tool for making a variety of customized Trojans—from downloaders to password stealers—on sale at several online forums.

The tool, discovered by PandaLabs, is called Pinch, a tool that allows cybercriminals to specify what type of password they want their Trojans to steal—be it for e-mail or system tools.

Pinch also has encryption capabilities to ensure that nobody intercepts stolen data. [Something government contractors might consider... Bob] Pinch's interface also has a SPY tab that lets criminals turn Trojans into keyloggers. In addition, the tool can design Trojans that snap screenshots from infected computers, steal browser data and look for specific files on the target system.

... "Although it may look difficult to find Web pages where these tools are sold, it is not. All you have to do is search in browsers for forums where hacking services are rented or where Trojans are sold," said Luis Corrons, technical director for PandaLabs, in the release.

... Wondering whether purchasing malware at these prices can be profitable? PandaLabs ran a few calculations to find out. Say a cyber-crook were to purchase a Trojan for $500, a 1 million-address mailing list for about $100, a $20 encryption program, and a $500 spamming server. The total outlay would be $1,120.

Given a 10 percent success rate, which PandaLabs said is "really low," hackers could infect 100,000 people. If the criminals managed to steal bank details from 10 percent of infected systems, that means access to 10,000 bank accounts and funds therein.

"Just imagine the money a normal person could keep in the bank and multiply it by 10,000 to calculate the cybercrooks' profits," said the report.

... As for the custom Trojan maker, Pinch, other abilities include a feature called NET that lets attacks turn an infected computer into a proxy so that it can be used to perform malicious or criminal activities without leaving a trace. Trojans can also be turned into downloaders that download other executable files onto the compromised computer, PandaLabs said.

Pinch also has a BD tab that allows criminals to specify the ports that the Trojan will open on the infected computer, thus providing backdoors. A tab labeled ETC also allows the Trojans to be hidden through techniques including rootkits.

But one of the most dangerous features in Pinch can be found on the WORM tab, PandaLabs said. This allows users to add worm features to their Trojans, thus allowing the malware to replicate and spread via e-mail.

Other goodies Pinch can deliver: turning infected computers into zombie PCs; packing Trojans to make detection more difficult; and killing certain system processes, particularly those of security solutions.

Pinch also lets users define how stolen data will be sent: via SMTP, HTTP or by leaving stolen data in a file on the infected computer to retrieve it later through a port opened by the Trojan itself.

Pinch is powerful—scary powerful. But what's even more scary than its powerful features is that it's so easy to use.

Some speech isn't free. “Fire! Fire!”

Nearly Ten Percent of Companies Have Fired Bloggers, Survey Claims

By Ryan Singel EmailJuly 19, 2007 | 4:17:10 PM

Nearly ten percent of companies have fired an employee for violating corporate blogging or message board policies, and 19 percent have disciplined an employee for the same infractions, according to a new survey from Proofpoint, a messaging security company.

Get me a Patent Attorney! I would like to patent my process for protecting new processes so inventors can profit from them. Like a monopoly, but only for a few (hundred) years... Then I want to sue the lawyers who use that process.

Wish I Could Save Your Life, But That Kind Of Surgery Is Patented...

from the apparently,-it-will-never-stop dept

Patent madness keeps on growing as patent attorneys keep trying to convince people in all different professions that patents are an important strategy to "protect" their interests. It explains the ridiculous explosion in patents in areas that never would have bothered with patents in the past. That's why we see things like tax strategies being patented. Now, Marc has alerted us to an alarming rise in patents for surgery techniques, once again being pushed by patent attorneys. It seems that medical device companies were getting rich patenting their equipment and patent attorneys realized an even better route was to talk to surgeons themselves, convince them to patent any new kind of surgical technique and then sue any device maker who created devices for those types of surgeries. Never mind that lives may be at stake, there's more money to be made and the patent attorneys are thrilled.

Now get me a Copyright Lawyer! I've got a story (unpublished by copyrighted) about an evil client that wants his lawyers to sue even when there is no legal basis, and so I'm gonna sue anyone who writes stories like this one. Or any story about the RIAA... Or the MPAA... Or Major League baseball... Or...

Potter Publisher Says Selling Legally Obtained Copy Is Illegal

from the it's-magic-lawyer-speak-for-bullying dept

The hysteria over tonight's launch of the latest Harry Potter book has been covered to death in many places, but it still amazes us how ridiculous JK Rowling and her entourage are about the way they view intellectual property surrounding the books. Rowling has said she's against putting out an eBook because it would be pirated, even though that makes almost no sense. The book gets scanned and put online anyway, meaning anyone who finds it more convenient to read an electronic copy has to get an unauthorized copy rather than paying for a legitimate copy. And, of course, even booksellers are pointing out that they're unlikely to lose a single sale over scanned versions that are found online.

However, the Potter crew is still going nuts over the secrecy of the book, claiming intellectual property rights that they don't actually have. It's no secret that there's an extensive process that the publisher makes booksellers go through to avoid an "early" leak of the books, but what happens if a legitimate copy of the book actually does get out? That's what happened when an engineer received a copy of the book earlier this week when an online bookstore accidentally shipped it out early. He quickly (and smartly) put it up on eBay where the price shot up to $250... and then, JK Rowling's lawyer demanded eBay take the auction down as infringing on its rights. What rights? That's not clear. The book is legitimate. The sale to the guy was legitimate. The bookseller may have violated an embargo from the publisher, but that's between the bookseller and the publisher -- not the guy who ended up with the book. Once the book has gone out to the guy he has every right to sell it, and JK Rowling's lawyer was wrong for demanding it be taken down and eBay was wrong in agreeing to take it down. This is simply a case where they seem to be claiming copyright privileges that simply don't exist.

Of course there are other ways to misuse copyright law...

Prisoners Figure Copyright Abuse Is A Way To Get Out Of Jail

from the a-sign-of-the-times dept

Well, we've seen all kinds of companies abuse copyright law for a variety of purposes, and it seemed only a matter of time until outright criminals caught on as well. A group of inmates apparently copyrighted their names and then demanded millions of dollars from the prison they were in for using their names without permission. The claims were sent to the warden of the prison and when he didn't pay up, the prisoners were able to file claims against his property -- and then hired someone to seize the warden's property and freeze his bank accounts. At this point they then demanded to be released from prison before they would return the property. Instead, they were charged with extortion and "conspiring to impede the duties of federal prison officials." While the story is amusing, it does show how copyright law is being perceived these days. As intellectual property lawyers push more and more ridiculous positions concerning copyright law, people are beginning to realize that it can be used as a hammer for all kinds of ridiculous lawsuits that have absolutely nothing to do with creating incentives for the creation of new content.

On the other hand, some folks are getting the message...

CBS Aims to Spread Web Content

Broadcast Network Targets 400 Sites by Fall

By Linda Haugsted -- Multichannel News, 7/19/2007 3:59:00 PM

CBS television content will be available through 400 sites on the Internet by the fall, according to executives from the broadcast network's interactive division.

"CBS is al about open, nonexclusive partnerships," CBS Interactive president Quincy Smith said. "Just is not the answer" to reaching viewers, he added, so the network is devoted to going out where the viewers are, not forcing them to

The network already partnered with 24 sites including, Comcast's The Fan, Slingbox and Brightcove to offer clips and other CBS content.

Those have already resulted in a huge lift in unique viewership to -- from 21 million unique users per month in May to the current 134 million -- from people linking in from partners.

Each partner is displaying the content in a way that best suits its demographic, CBS executives said. For instance, Comcast's users are more affluent and highly educated than the norm for Web users, so that site will pick clips that speak to that audience.

So, they underpaid?

Journal Investment Group's Brad Greenspan Issues Open Letter to Dow Jones Shareholders Detailing Valuation Assumptions

Sometimes you have to use a two-by-four just to get their attention. Long (detailed) article well worth reading.

Real World Computing

I fought the law...

12th July 2007 [PC Pro]

Davey Winder reveals how he took on the government and won, and why incident disclosure is so important to your business...

Fortunately, this only happens with software..

Slot Machine with Bad Software Sends Players To Jail

Posted by Zonk on Friday July 20, @04:22PM from the can't-you-see-the-code dept. The Courts Programming Software The Almighty Buck

dcollins writes "Previous discussions here have turned into debates over who is liable for faulty software: the programmers, the publisher, etc. Yahoo has a new option: perhaps the users are criminally liable for using the software. From the AP: 'Prosecutors are considering criminal charges against casino gamblers who won big on a slot machine that had been installed with faulty software ... A decision on whether to bring criminal charges could come in a couple of weeks, said John Colin, chief deputy prosecutor for Harrison County. He said 'criminal intent' may be involved when people play a machine they know is faulty.' [Would that argument invalidate elections when voting machines were “suspect?” Bob] Would your average user be able to distinguish 'faulty software' from 'lucky'?"

...except when it doesn't.

Marketer copes with contest disaster

ROSWELL, [Them damned aliens again... Bob] N.M. (July 19, 2007) - A Georgia marketing company that mistakenly printed 50,000 winning scratch-off ads for a Roswell car dealer was there today trying to make good on the mess.

The ads promised a $1,000 grand prize, and 30,000 game ads were mailed before anyone realized they had all been printed as winners.

Google instructs the FCC on how to run its auction. (Hey, its cheaper than a lobbyist or a bribe...)

Google announces intent to bid on 700MHz spectrum auction, if...

By Eric Bangeman | Published: July 20, 2007 - 09:46AM CT

In a letter sent to the Federal Communications Commission today, Google CEO Eric Schmidt announced his company's intentions to enter the bidding for the 700MHz spectrum early next year—if Google's proposed auction rules are adopted. Earlier this month, a draft of Martin's proposed auction rules were released, rules which embraced some principles of open access, but left proponents of the principle wanting more.

Why would Google want to own the wireless spectrum you ask? (Can you say gPhone?)

Google invests in home cell-station vendor

The search giant participated in a $25 million round of venture funding for Ubiquisys, which makes femtocells -- small cellular base stations for homes and offices

By Stephen Lawson, IDG News Service July 20, 2007

Femtocells, an emerging technology for improving cellular coverage in homes and enterprises, have attracted the interest of none other than Google.

Maybe its time? I've been thinking about using only for my web site class, since I've been stealing... er... I mean, making fair use of all their stuff.

Professor Says Textbooks Are Too Expensive, Quits Using Them

Ron Hammond, Phd, professor at Utah Valley State College, has quit using textbooks in his classes. Why? They're too expensive. [...and they are obsolete by the time they are published. Bob]

Another good list...

100 Open Source Downloads

July 17, 2007 By Cynthia Harvey

All you have to do is find what you want.

Government Podcasts

Wed, 2005-07-06 08:47 — dcornwall Federal Podcasts listing - Official listing of federal podcasts by subject.

Friday, July 20, 2007

Ooh! A student project for my Security Class!

Leaks Found In Louisiana University Systems

Thursday, July 19 2007 @ 11:28 AM CDT Contributed by: PrivacyNews News Section: Breaches

Aaron Titus, a law school student in Louisiana, wanted to prove a point about user privacy. So he started Googling -- and ended up with names, addresses, Social Security numbers, and other personal data on some 80,000 students and employees in the state's university system.

Titus revealed his findings to a local television news station, WDSU, which issued a report yesterday. The FBI and the Louisiana Board of Regents are investigating the leak.

According to the WDSU report, Titus found much of the information on an internal Internet site operated by the Board of Regents, which oversees all of the state's higher education. Most of the network was password-protected, but the area containing the most potentially dangerous data -- including thousands of student Social Security numbers -- was not, he said.

Source - Forbes

Related - For Aaron's own report on this incident and additional information, see Privacy Podcast: Louisiana Board of Regents Breach

Curious. Could this be an old breach (e.g. TJX) or has a new “Retailer” had a data spill they aren't talking about yet? At least they won't be able to claim “We have no evidence of illegal use...”

Breach forces M&T to reissue cards

Friday, July 20 2007 @ 01:58 AM CDT Contributed by: PrivacyNews News Section: Breaches

Thousands of M&T Bank Visa cardholders have been issued new cards because of a security breach at a major retailer.

Visa notified Buffalo-based M&T Bank that some of its customers' debit and credit cards may have been involved in the breach, M&T spokesman Chet Bridger said. The breach was not on M&T's side, but rather at the retailer, who Bridger declined to name. ... In its letter to customers, M&T said "some fraudulent activity" had already been reported both in and outside the U.S.

Source - Press & Sun-Bulletin

Very weird. (Sounds like he pawned it...)

State officials weigh in on recovered laptop

01:00 AM EDT on Friday, July 20, 2007 By Donita Naylor Journal Staff Writer

The case of a state Division of Taxation laptop computer reported stolen in March and reported found three weeks later is generating some carefully worded statements from the state police and the attorney general’s office.

Robert Ritacco, chairman of the Westerly Democratic Town Committee and until recently a senior tax auditor, reported that his state-owned laptop was stolen March 20 from his office at the Department of Administration Building on Capitol Hill in Providence.

State police Detective Christopher J. Dicomitis, in an affidavit filed April 13, said that Ritacco told Capitol police on April 9 that he had found the laptop April 7 in a computer bag in the trunk of his vehicle.

The affidavit said that Ritacco’s immediate supervisor, Robert Narcavage, went to Ritacco’s home April 10 to retrieve it, finding that Ritacco had been “de-fragging” it “to make it run faster and to get everything in order.”

A state police forensic examination found that the laptop had been used March 27 and April 2, 3 and 6, the affidavit says, by Internet user “bobr,” who had deleted or exported four files.

On the basis of the affidavit, Ritacco was arraigned April 20 on a charge of filing a false report of a crime. He pleaded not guilty, and on June 1 the misdemeanor charges were dismissed.

Mike Healey, a spokesman for the attorney general’s office, said the charges were dismissed “for a couple of reasons.” The one listed on the dismissal form was insufficient evidence, he said.

“Had Mr. Ritacco been allowed to plead to the misdemeanor,” Healey said, “that would have foreclosed any further charges, possibly felony charges, coming out of the same incident. After consulting with the state police, we dismissed the misdemeanor so the state police could fully investigate the matter.”

In the wrong hands. this would be a great technique for stealing SSANs.


Thursday, July 19 2007 @ 11:35 AM CDT Contributed by: PrivacyNews News Section: Breaches

The Liberty Coalition is sponsoring a new site where individuals can check to see if their personal information has been exposed. From their site's description of the search tool:

This site is a list of the names of individuals, some of whose personal information may have been exposed to others. The level of potential exposure for any name on this list will vary.

This website does NOT contain sensitive data, such as Social Security Numbers (SSN), Birth Dates, Addresses, and the like. Consequently, there is no way to search for your SSN or any other type of sensitive data on this site, so don’t bother looking.

Where possible, the database includes an indication of the way that your information was exposed, what information was exposed, and tools for your additional action or investigation to help correct any harm resulting from this exposure.

Source -

A foretaste of things to come? Goodbye athletic scholarships?

Houston district keeping baseball stats private from parent

Thursday, July 19 2007 @ 06:09 PM CDT Contributed by: PrivacyNews News Section: Older News Stories Editor's note: if the district declares athletics statistics "Directory Information" and allows students and their parents to opt out of being listed, I suspect that would address any FERPA issues. As noted in the story, most districts definitely do not consider team/player statistics protected educational records.

The Houston Independent School District has denied a parent's request for the statistics of high school baseball players, citing a federal privacy law.

In April, Scott Rothenberg made a formal request for the statistics, such as hits and home runs, of players on the Bellaire High School baseball team.

He received a letter Tuesday from the district's lawyer telling him the information is private under the Family Educational Rights and Privacy Act.

Source - Associated Press

Even more ridiculous?

EU: Mentioning someone by name on a web site

Thursday, July 19 2007 @ 06:59 PM CDT Contributed by: PrivacyNews News Section: Non-U.S. News

Colleague Karen McCullagh has pointed out a decision from the European Court of Justice that appears to suggest that the inclusion of identifiable personal data on a personal web page could run afoul of the European data directive.

Source - Concurring Opinions (blog)

[From the article: The full opinion can be found here.

Attention Class Action Lawyers? My experience: My database students sent me their Access final and Hotmail deleted it as “unidentified”

Hotmail Delivers Far Fewer Emails with Attachments

Posted by CowboyNeal on Friday July 20, @12:51AM from the dead-letter-office dept. Microsoft The Internet

biednyFacet writes "It has long been suspected that there is a silent policy that makes Hotmail automatically delete the majority of attachments to save on bandwidth and internal disk space. Therefore it really doesn't matter if every client has access to 2GB of storage since they don't deliver the attachments to fill that space up anyway. If that truly is the case, then Microsoft may be liable for several hundred million cases of conspiracy and mail fraud."

Well, we gotta pay for the war somehow!

Executive Order Overturns US Fifth Amendment

Posted by kdawson on Thursday July 19, @01:03PM from the deprived-of-life-liberty-or-property-without-due-process-of-law dept. United States Politics

RalphTWaP writes "Tuesday, there wasn't even a fuss. Wednesday, the world was a little different. By executive order, the Secretary of the Treasury may now seize the property of any person who undermines efforts to promote economic reconstruction and political reform in Iraq. The Secretary may make his determination in secret and after the fact."

There hasn't been much media notice of this; the UK's Guardian has an article explaining how the new authority will only be used to go after terrorists.

Frequently worth listening to.

Richard Stallman Talks on Copyright V. The People

Posted by CowboyNeal on Friday July 20, @03:32AM from the it-takes-a-village dept. Communications Networking

holden writes "Richard M. Stallman recently gave a talk entitled Copyright vs Community in the Age of Computer Networks to the University of Waterloo Computer Science Club. The talk looks at the origin of copyright, and how it has evolved overtime from something that originally served the benefit of the people to a tool used against them. In keeping with his wishes to use open formats, the talk and QA are available in ogg theora only."

Media strategy. Interesting

Podcast: Rupert Murdoch and the Wall Street Journal

Published: July 19, 2007 Interviewer: James Aisner Running Time: 17 min., 15 sec.

... Meanwhile, the Journal reported on July 18 that ad revenue for newspapers fell 4.8 percent in the first quarter year-over-year as a major industry slump continues to worsen. The industry is now going through full-scale consolidation and reorganization in the face of competition from Internet properties.

The trend begs the question: Is Murdoch overpaying for Dow Jones?

... o listen to this interview with professor Bharat N. Anand, click on the triangular play button below.

Download Audio File

New Jersey cures Global Warming?

New Flexible Plastic Solar Panels Are Inexpensive And Easy To Make

Science Daily — Researchers at New Jersey Institute of Technology (NJIT) have developed an inexpensive solar cell that can be painted or printed on flexible plastic sheets. "The process is simple," said lead researcher and author Somenath Mitra, PhD, professor and acting chair of NJIT's Department of Chemistry and Environmental Sciences. "Someday homeowners will even be able to print sheets of these solar cells with inexpensive home-based inkjet printers. Consumers can then slap the finished product on a wall, roof or billboard to create their own power stations."

Stupid is as stupid does...

Why You Shouldn't Smash a Can of WD-40

You've gotta love natural selection caught on video.

Thursday, July 19, 2007

Because we can, we must! Surveillance is a slippery slope.

Police Given Access to Congestion-Charge Cameras

Posted by ScuttleMonkey on Wednesday July 18, @03:17PM from the creep-hard-to-stop dept.

The BBC is reporting that anti-terror Police officers in London have been given live access to the "congestion charge cameras", allowing them to view and track vehicles in real time. This is a change from the original procedure that required them to apply for access on a case-by-case basis. "Under the new rules, anti-terror officers will be able to view pictures in "real time" from Transport for London's (Tfl) 1,500 cameras, which use Automatic Number Plate Recognition (ANPR) technology to link cars with owners' details. But they will only be able to use the data for national security purposes [Sure... Bob] and not to fight ordinary crime, the Home Office stressed."

Attention 'garage sale' subversives!

eBay Bargains Soon To Be A Thing Of The Past?

Posted by ScuttleMonkey on Wednesday July 18, @05:45PM from the capitalists-attacking-capitalism dept.

ScaredOfTheMan writes to mention that, as expected, companies are utilizing the decision in Leegin Creative Leater Products v. PSKS to force the take-down of auctions on eBay because auctions are priced too low or even stating the auction itself is an infringement of their intellectual property rights.

[My favorite comment:

Auctions (if fair & open) yield the RIGHT price... in other words, the price which the buyer is willing to pay and which the seller is willing to accept. Any other kind of pricing is rigged.

Too “European” for the US?

EU File Sharers Protected in Civil Cases

By AOIFE WHITE 07.18.07, 3:07 PM ET BRUSSELS, Belgium -

Copyright groups may not be able to demand that telecom companies hand over the names and addresses of people suspected of swapping music illegally online, a senior legal adviser to the EU's highest court said.

Advocate General Juliane Kokott, advising the European Court of Justice, said Wednesday that EU law directs governments to resist the disclosure of personal data on Internet traffic in civil cases - unlike criminal cases, where compliance would be required.

... Separately, a Belgian court ruled last month that a local Internet provider, Scarlet, must filter or block file-sharing software to prevent users downloading music owned by Belgian copyright owners. It has six months to comply or faces daily fines.

Bell killer?

Ooma Launches Free Consumer Phone Service

Michael Arrington July 18 2007

An ambitious and long awaited new consumer VOIP startup - Ooma - launches on Thursday morning. Much like Vonage and the ill-fated SunRocket, Ooma allows consumers to use their normal phones to make and receive telephone calls, but at drastically reduced prices.

Vonage provides unlimited calling in the U.S. and Canada for a flat $25/month. Ooma, however, is using an innovative peer-to-peer architecture to significantly reduce their cost overhead. Because of that cost reduction, they’re charging for hardware only. Calls in the U.S. are free, and will be forever.

... Ooma has a very deep management team and board of directors, and has raised $27 million over two rounds of financing.

I had the opportunity to interview founder and CEO Andrew Frame and Creative Director Ashton Kutcher (yeah, the actor) a couple of days ago. Kutcher is actively engaged in the business - part of his work will consist of creating a viral video series to promote the product. The podcast is up at TalkCrunch.

Think what you will, they're gonna sell a ton of them!

$298 Wal-Mart PC features, no crapware

By Eric Bangeman | Published: July 18, 2007 - 05:00PM CT

Looking to get a jump on the lucrative back-to-school shopping season, Wal-Mart has begun selling a sub-$300 PC. The Everex IMPACT GC3502 comes with Windows Vista Home Basic and 2.2 installed on a system that includes a 1.5GHz VIA C7 CPU, 1GB of DDR-2 SDRAM, an 80GB hard drive, a DVD burner, and integrated graphics, as well as a keyboard, mouse, and speakers. [Monitor extra Bob]

... for basic word processing, e-mailing, listening to music, watching video, and web surfing, the machine should be adequate, and Windows Vista Home Basic doesn't have the graphical overhead of the other versions.

Bill said that? What was he drinking at the time?

Gates: how piracy worked for me in China

The Microsoft chairman says that bootlegged software is creating a demand for his legitimate products in the longer term

Rhys Blakely From Times Online July 18, 2007

Bill Gates has unveiled Microsoft’s unlikely secret weapon in China, a territory he is adamant will turn out to be the software giant's largest market: piracy.

"It's easier for our software to compete with Linux when there's piracy than when there's not," the Microsoft co-founder and chairman told Fortune magazine.

... Mr Gates's fondness for China and its potential looks as if it were being reciprocated.

His latest remarks came as he visited the country on a tour on which he met the kind of adulation more usually reserved for Hollywood’s glitterati.

On his trip he was made an honorary trustee of Peking University and awarded an honorary doctorate from Tsinghua University in Beijing.

... However, there are signs that Microsoft is gaining traction in China — a feat that Mr Gates suggested was aided by the vast volume of the company’s software that has been bootlegged by Chinese pirates, making Windows the nation’s de facto standard.

Cutting prices for Windows — to as low as £1.50 for students — has also helped.

Points to free software...

Bringing Doctors and Lawyers Into the 21st Century

By Jack M. Germain TechNewsWorld 07/18/07 4:00 AM PT

Doctors and lawyers generate huge amounts of electronic records and are under increasing regulatory and legal scrutiny. With recent changes to the Federal Rules to Civil Procedure, courts are requiring solo law practitioners and large practices alike to become litigation-ready and establish the integrity of their electronic records over their retention periods and throughout their chain of custody.

One out of three. We're getting better too slowly?

Identifying (and Fixing) Failing IT Projects

Posted by ScuttleMonkey on Wednesday July 18, @04:57PM from the if-it-aint-baroque-don't-fix-it dept. Software IT

Esther Schindler writes "Often, the difference between the success and failure of any IT project is spotting critical early warning signs that the project is in trouble. offers a few ways to identify the symptoms, as well as suggestions about what you can do to fix a project gone wrong. ' The original study (which is still sometimes quoted as if it were current) was shocking. In 1994, the researchers found that 31 percent of the IT projects were flat failures. That is, they were abandoned before completion and produced nothing useful. Only about 16 percent of all projects were completely successful: delivering applications on time, within budget and with all the originally specified features. "As of 2006, the absolute failure rate is down to 19 percent," Johnson says. "The success rate is up to 35 percent." The remaining 46 percent are what the Standish Group calls "challenged": projects that didn't meet the criteria for total success but delivered a useful product.'"

Perhaps we could tap the sewer lines for our cars? (When they say 'green,' they don't mean 'around the gills,' do they?)

Boeing Helping to Develop Algae-Powered Jet

Posted by ScuttleMonkey on Wednesday July 18, @12:48PM from the powerful-pond-scum dept. Science Technology

jon_cooper writes "Air New Zealand, Aquaflow Bionomic Corporation and Boeing are working together to develop and test a bio-fuel derived from algae. Aquaflow Bionomic Corporation began operating in May last year after it met a request from the local council to deal with excess algae on sewage ponds. Boeing's Dave Daggett was reported this year as saying algae ponds totaling 34,000 square kilometers could produce enough fuel to reduce the net CO2 footprint for all of aviation to zero."

More thinking about RFID

AMA Issues Ethics Code for RFID Chip Implants

RFID Journal ^ | July 17, 2007 | Beth Bacheldor Posted on 07/18/2007 10:49:01 AM PDT by TheTruthAintPretty

The American Medical Association (AMA) has officially established a code of ethics designed to protect patients receiving RFID implants. The recommendations focus on safeguarding a patient's privacy and health, and are the result of an evaluation by the AMA's Council on Ethical and Judicial Affairs (CEJA) regarding the medical and ethical implications of RFID chips in humans, as well as a follow-up report recently released. The latter discusses the possible advantages and specific privacy and ethical issues of using RFID-enabled implantations for clinical purposes.

Entitled "Radio Frequency ID Devices in Humans," the report is presented by Robert M. Sade, M.D., who chairs the CEJA. It acknowledges that RFID's use in health care "represents another promising development in information technology, but also raises important ethical, legal and social issues." The report adds, "Specifically, the use of RFID labeling in humans for medical purposes may improve patient safety, but also may pose some physical risks, compromise patient privacy, or present other social hazards."

[Direct link to the WORD document: ]

A lovely little (11 page) summary, with suggestions for Best Practices and pointers to resources. (Makes me wonder why all government data hasn't been compromised.)

Common Risks Impeding the Adequate Protection of Government Information

1. Security and privacy training is inadequate and poorly aligned with the different roles and responsibilities of various personnel.

2. Contracts and data sharing agreements between agencies and entities operating on behalf of the agency do not describe the procedures for appropriately processing and adequately safeguarding information.

3. Information inventories inaccurately describe the types and uses of government information, and the locations where it is stored, processed or transmitted, including personally identifiable information.

4. Information is not appropriately scheduled, archived, or destroyed.

5. Suspicious activities and incidents are not identified and reported in a timely manner.

6. Audit trails documenting how information is processed are not appropriately created or reviewed.

7. Inadequate physical security controls where information is collected, created, processed or maintained.

8. Information security controls are not adequate.

9. Inadequate protection of information accessed or processed remotely.

10. Agencies acquire information technology and information security products without incorporating appropriate security and privacy standards and guidelines.

Wednesday, July 18, 2007

Trust us! (Many similarities to the TJX data spill?)

Breach, undetected since '05, exposes data on Kingston customers

Tuesday, July 17 2007 @ 04:15 PM CDT Contributed by: PrivacyNews News Section: Breaches

A September 2005 security breach that remained undetected until 'recently' may have compromised the names, addresses and credit card details of about 27,000 online customers of computer memory vendor Kingston Technology Company Inc.

The company began sending out letters to affected customers informing them of the incident last week. But it did not offer any details on how or when exactly the breach was discovered and how long the company may have waited to notify customers about the potential compromise of personal data.

Source - ComputerWorld

How many other organizations aren't bothering to check?

La. Security Breach Exposes Thousands To ID Theft

Tuesday, July 17 2007 @ 05:46 PM CDT Contributed by: PrivacyNews News Section: Breaches

It seems like a list without end -- thousands of student names, addresses, ZIP codes, birthdays -- and Social Security numbers.

In all, more than 80,000 names and Social Security numbers were accessible for perhaps as long as two years on an internal Internet website run by the Louisiana Board of Regents, the body that has oversight over HOW MANY students at WHICH universities.

Source - WDSU

Related - Statement from the Board Of Regents

Someone will learn about the First Amendment...

Conn. teen punished for Internet insult sues school officials

By The Associated Press 07.18.07

HARTFORD, Conn. — A Burlington teenager has sued two top school officials, saying they violated her constitutional rights by removing her as class secretary because she used offensive slang to refer to administrators on an Internet blog.

Avery Doninger, a 16-year-old student at Lewis Mills High School, wants to be immediately reinstated as class secretary. She also wants a new election for class officers for the upcoming school year, when she will be a senior, and a chance to give the campaign speech she was forbidden from giving to her classmates.

Doninger's mother, Lauren, filed motions for temporary and permanent injunctions on her daughter's behalf against Principal Karissa Niehoff and Region 10 Superintendent of Schools Paula Schwartz, according to court documents filed July 16 in New Britain Superior Court.

Niehoff removed Doninger as the class of 2008 secretary and banned her from running for re-election after discovering the teen called unnamed school administrators "douchbags" (sic) on an online journal.

Avery Doninger posted the message to, which is not associated with the school, from a home computer.

... "This is something that I felt was really necessary to stand up for, because you really have to stand up (for) the little things about democracy, the little things that make democracy really work in the big world," she said.

Several weeks after Avery Doninger posted the message in April, Niehoff demanded she apologize to the superintendent of schools, tell her mother about the blog entry, resign from the student council and withdraw her candidacy for class secretary, the lawsuit alleges.

She was the only candidate running for class secretary.

While Doninger apologized and reported the incident to her mother, she refused to resign. Niehoff then "administratively removed" her from the post, the lawsuit states.

Besides being banned from running for re-election, Doninger was barred from giving a speech to her school class, the lawsuit claims. Doninger and fellow students were also prohibited from wearing printed shirts supporting her free-speech rights.

I can surrender my inalienable rights?

CA: Court OKs pat-down searches of 49er fans

Wednesday, July 18 2007 @ 05:40 AM CDT Contributed by: PrivacyNews News Section: In the Courts

A legal challenge to pat-down searches at San Francisco 49ers home games got a brush-off today from a state appeals court, which said the two fans who filed the suit had consented to the searches when they bought their season tickets.

In a 2-1 ruling, the First District Court of Appeal in San Francisco sidestepped the question of whether the pat-downs ordered by the National Football League in 2005 as an anti-terrorism measure are an invasion of privacy. Instead, the court said spectators waive their right to privacy when they show up for the games after learning about the searches.

Source - San Francisco Chronicle

Related - Did a Federal Appeals Court Avoid Tackling the Real Issues Behind Football Fan's Lawsuit? (commentary)

I bet there are some unique cases here...

African legal judgments go online

'Ordinary people in the region will benefit if the law is open and judges can be held accountable,' Constitutional Court justice says


... The bulk of the material now available on is South African, but Mr. Mafukidze and the librarians and information technology experts with whom he works are quickly adding judgments and law reports from other countries.

Miles today, location, speed, times tomorrow? (Save more by using my patented “Little old lady from Pasadena” hack to 'adjust' the numbers. Also helps with speeding tickets. “As you can see your honor, I was only driving 13 MPH when I passed that Ferrari...))

Big Brother can save you money

Car insurers explore ways to track drivers so they know whom they can charge less.

By Peter Valdes-Dapena, staff writer July 17 2007: 2:20 PM EDT

NEW YORK ( -- A new discount plan from GMAC Insurance gives a discount on premiums to drivers of General Motors vehicles with the OnStar service if they let the insurer track the number of miles they drive.

An article yesterday suggested that security software should stop this. Perhaps they lied? (At least the FBI doesn't need to break into the house any longer.)

FBI remotely installs spyware to trace bomb threat

Posted by Declan McCullagh July 18, 2007 1:00 AM PDT

The FBI used a novel type of remotely installed spyware last month to investigate who was e-mailing bomb threats to a high school near Olympia, Wash.

Federal agents obtained a court order on June 12 to send spyware called CIPAV to a MySpace account suspected of being used by the bomb-threat hoaxster. Once implanted, the software was designed to report back to the FBI with the Internet Protocol address of the suspect's computer, other information found on the PC and, notably, an ongoing log of the user's outbound connections.

... While there's been plenty of speculation about how the FBI might deliver spyware electronically, this case appears to be the first to reveal how the technique is used in practice. The FBI did confirm in 2001 that it was working on a virus called Magic Lantern but hasn't said much about it since. The two other cases in which federal investigators were known to have used spyware--the Scarfo and Forrester cases--involved agents actually sneaking into offices to implant key loggers.

An 18-page affidavit filed in federal court by FBI Agent Norm Sanders last month and obtained by CNET claims details about the governmental spyware are confidential. The FBI calls its spyware a Computer and Internet Protocol Address Verifier, or CIPAV.

... has posted Sanders' affidavit and a summary of the CIPAV results that the FBI submitted to U.S. Magistrate Judge James Donohue.

A better analysis than I offered...

RIAA Says It Shouldn't Have To Pay Legal Fees Because Woman Didn't Settle; Judge Says Think Again

from the a-new-low dept

Despite the RIAA's astounding legal gymnastics and its questionable -- if not illegal -- investigative techniques, it typically finds a way to wiggle out of paying the legal bills of anybody it has sued in its misguided legal campaign against record labels' customers. Though there's been a few exceptions, the group's strategy of dropping cases when people notice their flimsy evidence seems to generally shield them from having to pay costs. That's a real problem, since it makes it very easy, and relatively cheap, for the RIAA to abuse the legal system by filing thousands of suits, then suffer no repercussions when it drops them after they're exposed as bogus. [Good strategy though... Bob] Hopefully, though, that's starting to change, as more judges become aware of the RIAA's tactics, or at least pay attention to the facts of its cases. A judge in Oklahoma has now ordered the RIAA to pay $70,000 in legal fees to an Oklahoma woman, after tossing out the group's suit against her earlier this year. In this case, the RIAA didn't make a very good impression on the judge by claiming that they shouldn't have to pay the defendant's legal bills because she could have avoided being sued, had she "appropriately assisted their copyright infringement investigation and litigation" -- which means had she given in to their bullying and accepting one of their generous settlement offers. That's absolutely ridiculous, as the judge noted, since it steamrolls a defendant's right to defend themselves against bogus suits. It's up there with the RIAA's promise in another case not to incorrectly sue a woman a second time, as long as they didn't have to pay her legal bills for the first time they wrongly sued her. The RIAA has gotten away for far too long with bending the legal system to fit its desires; hopefully those days are coming to an end.

How much market penetration do the video services have?

3 Out of 4 U.S. Internet Users Streamed Video Online in May

Average American Video Streamer Watched More than 2.5 Hours of Video Online