Saturday, September 01, 2007

Hey! They bought those voters fair and square – give 'em back! (No doubt we will have an equally severe Republican data spill... Makes you wonder who will claim to be the “Party of Privacy”)

Hard drive containing Ark. Democratic Party data sold on eBay

Friday, August 31 2007 @ 03:04 PM CDT Contributed by: PrivacyNews News Section: Breaches

Imagine Bill Ries-Knight's surprise when he purchased a supposedly new hard drive on eBay only to discover it contained information from the Arkansas Democratic Party.

As it that weren't bad enough, Ries-Knight, who lives in Stockton, Calif., said none of the information was encrypted and only a small amount of it was password protected.

In a telephone interview, Ries-Knight, a computer technician, said that while he didn't look at all the files on the drive, he did determine that the data included the private cell phone numbers of Democratic members of Arkansas' congressional delegation and of financial contributors to the party, including U.S. Sens. Blanche Lincoln and Mark Pryor, as well as U.S. Reps. Marion Berry, Mike Ross and Vic Snyder.

Source - Computerworld

Coming soon to a legislature near you!

Calif. bill holding retailers responsible for breach costs advances

Friday, August 31 2007 @ 01:00 PM CDT Contributed by: Wiwoh News Section: Breaches

Retailers hoping to convince California lawmakers not to pass a proposed bill that would require them to pay banks and credit unions for the costs associated with a data breach lost another important round Thursday.

The state's Senate Appropriations Committee approved the landmark Consumer Data Protection Act or AB 779, by a 13-2 vote late Thursday. The measure, authored by Assemblyman Dave Jones, (D-Sacramento), won overwhelming approval (58-2) in the State Assembly in early June.

The bill is now expected to go before the full Senate in as little as a week. If approved, it would then go to Gov. Arnold Schwarzenegger for his approval.

Source - Computerworld

Is Colorado in danger of becoming California?

Illegal immigration crackdown jeopardized

By Mark P. Couch Denver Post Staff Writer Article Launched: 08/31/2007 01:00:00 AM MDT

A conflict between federal immigration authorities and local law enforcement is jeopardizing the effectiveness of a new Colorado State Patrol unit set up to crack down on illegal immigration.

In early August, the State Patrol's newly created Immigration Enforcement Unit pulled over a van loaded with 18 suspected illegal immigrants on Interstate 70 near the Utah border.

But the federal Immigration and Customs Enforcement agency failed to respond to the State Patrol's request for help. [Perhaps they take August off? Bob]

In addition, the Garfield County jail - the nearest jail with available cells to hold the suspects - is no longer considered an allowable detention facility by ICE because the sheriff allows his officers to carry Tasers. [“We would much rather have these people shot than give them an excuse to sue...” Bob]

"Without knowing more, whether this is something that is going to be an issue across the state, and possibly across the country, our efforts in Colorado to crack down on illegal immigration are again being thwarted by the federal government," said Evan Dreyer, spokesman for Gov. Bill Ritter.

... Carl Rusnok, public affairs officer for ICE in Dallas, said the suspects were not detained because "we did not have the detention space."

... Rusnok said he could not answer questions about the Taser policy.

... A spokeswoman in ICE's Washington, D.C., office referred questions to Rusnok on Wednesday.

On Aug. 7, when the State Patrol pulled over the van, the Garfield County jail had "room in the inn," Vallario said, but ICE had already revoked its contract [You need a contract with ICE to jail lawbreakers? Bob] allowing the county to hold suspected illegal immigrants.

Interesting at many levels...

Spamhaus off the hook for $11 million judgment

By Eric Bangeman | Published: August 31, 2007 - 01:00PM CT

Last year, Spamhaus found itself on the wrong end of a $11.7 million default judgment awarded to online marketing firm e360insight after it decided not to fight the case due to its belief that US courts had no jurisdiction over the group because of its location in the UK. Yesterday, an appeals court overturned the award, sending the case back down to a lower court.

Based in the UK, the not-for-profit Spamhaus maintains a blacklist of known spammers and spam operations that is used by ISPs to help filter the spam from legitimate e-mail. Its antispam crusade has drawn the ire of some spammers, including e360insight owner David Linhardt, who sued Spamhaus in federal court.

... In its opinion (PDF), the Seventh Circuit Court of Appeals noted that while Spamhaus intentionally decided against mounting a defense in the case, the court erred by awarding damages and ordering Spamhaus to exonerate e360insight of spamming. "The district court failed to undertake an inquiry into the proof of damages and the necessity of injunctive relief and issued an injunction that is overbroad," wrote the court. [Wouldn't that apply in the reverse – where (for instance) TJX or Ohio University asserts that their data spills caused no damage to the cardholders? Bob]

As a result, the default judgment stands, but the lower court will now have to consider the remedy once again. It's important to note that since the appeals court declined to overturn the original finding, further court action will be only related to the damages e360insight should be awarded. Ironically, Spamhaus' original decision to not fight the original lawsuit because it believed that it is not subject to the jurisdiction of a US District Court because it is based in the UK may have proven to be effective—if it had decided to show up in court and make the argument.

Sounds like this should improve research dramatically

Original stories, from the source

Friday, August 31, 2007 10:48 AM Posted by Josh Cohen, Business Product Manager

Today we’re launching a new feature on Google News that will help you quickly and easily find original stories from news publishers -- including stories from some of the top news agencies in the world, such as the Associated Press, Agence France-Presse, UK Press Association and the Canadian Press -- and go directly to the original source to read more.

... Enter “duplicate detection.” Duplicate detection means we’ll be able to display a better variety of sources with less duplication. Instead of 20 “different” articles (which actually used the exact same content), we'll show the definitive original copy and give credit to the original journalist.

... Because the Associated Press, Agence France-Presse, UK Press Association and the Canadian Press don't have a consumer website where they publish their content, they have not been able to benefit from the traffic that Google News drives to other publishers. As a result, we’re hosting it on Google News. [Huge change! Expect multiple (stupid) lawsuits! Bob]

Attention Law School students! This could be the outline for a paper.

What to do when the RIAA comes callig

Great Engadget technology law article!

Another demonstration of techno-illiteracy ?

Watchdog presses ISPs to clamp down on illegal net use

Asher Moses August 30, 2007 - 4:10PM

The Australian Federation Against Copyright Theft is pressing ahead with its proposal to have internet service providers send warning notices to customers who have been identified as illegal downloaders, and disconnect the services of repeat offenders.

... AFACT says the ISPs are not doing enough to combat the illegal downloading of movies and music, which it says increases ISPs' costs by chewing up bandwidth [Interesting argument. Bob] and robs income from those who sell the content legally.

A report produced last year by web monitoring company Envisional found the per capita rate of television show piracy in Australia was the highest in the world. It said Australians accounted for 15.6 per cent of all online TV piracy.

... She proposes that AFACT would identify the internet addresses of those suspected of illegal downloading and pass those details on to the ISPs, which would be able to identify the specific customers. [Would AFACT then assume all liability for their errors? Bob]

... Ms Pecotic said her proposal was reasonable because ISPs already state in their contracts that their customers cannot use their internet connections for illegal activity.

A history of bad decisions – not the courts, SCO's management

SCO Wants Summary Ruling, Wants To Appeal Unix Ownership Decision

Posted by Zonk on Friday August 31, @01:54PM from the before-the-door-shuts dept. Patents Caldera The Courts Linux

An anonymous reader writes "SCO is asking the court to enter a final judgment on the Unix ownership issues so that it can seek an immediate appeal. The logic for this, according to Groklaw Editor Pamela Jones, is that SCO would rather appeal right away so it can try all its claims at IBM, should it successfully appeal the judge's order. Otherwise, SCO has to wait until Novell goes through trial to a verdict and then appeal, and while it is in the appeal process, IBM would go forward in its now much smaller version, based on the August 10th ruling ... The trial starts, though, in less than a month and it will last less than a week, so none of this makes any sense if you look at a calendar. I think, therefore, it must be about FUD, so it sounds like SCO is on the move again.' The text of the request is available online. "

A baseline minimum for your IT Security?

August 30, 2007

NIST Guide to Secure Web Services

August 29, 2007: "NIST announces the publication of Special Publication (SP) 800-95, Guide to Secure Web Services (128 pages, PDF). SP 800-95 seeks to assist organizations in understanding the challenges in integrating information security practices into Service Oriented Architecture (SOA) design and development based on Web services. The publication also provides practical, real-world guidance on current and emerging standards applicable to Web services, as well as background information on the most common security threats to SOAs based on Web services. SP 800-95 presents information that is largely independent of particular hardware platforms, operating systems, and applications. Supplementary security devices (i.e., perimeter security appliances) are considered outside the scope of this publication. Interfaces between Web services components and supplementary controls are noted as such throughout this publication on a case-by-case basis."

Bob's Rule: “On the Internet, someone will rat you out.” Bob's First Corollary: If a politician thinks he can gain a slight advantage by breaking a rule, that rule is history.

August 30, 2007

Anonymous Lawmaker Helps to Build OpenCRS Database

"A member of Congress has agreed to provide [Center for Democracy and Technology} CDT with a running list of new Congressional Research Service reports in order to help bolster CDT's OpenCRS project, which provides the reports to the public at no cost. CRS generates in-depth, non-partisan research on a wide range of issues critical to Americans, but while the taxpayer-funded reports are unclassified, the government has never made them readily available to the public. Drawing on the catalog provided by the lawmaker -- who asked to remain anonymous -- CDT has created a list of "fugitive" reports that are not yet in the database. OpenCRS is an interactive project that encourages users to obtain and add new reports to the database."

Given the tools to discover this type of modification, I've been seeing many, many stories like this one.

Ark. Computers Delete Huckabee Criticism

By JON GAMBRELL Associated Press Writer Aug 31, 5:28 PM EDT

LITTLE ROCK, Ark. (AP) -- Internet criticism of Republican presidential candidate Mike Huckabee's involvement in the pardon of a castrated rapist and his heavy use of a state airplane disappeared with a mouse click.

Such edits are common on Wikipedia, a collaborative Internet reference site where anyone can add, change or even delete entries. But the changes made to pages about the former governor, current Democratic Gov. Mike Beebe and others were made using state government computers, according to an analysis by The Associated Press of records from Wikipedia and the state.

Anyone can do R&D

Innovation through Global Collaboration: A New Source of Competitive Advantage

Published: August 31, 2007 Paper Release Date: July 2007, revised August 2007 Authors: Alan MacCormack, Theodore Forbath, Peter Brooks, and Patrick Kalaher

Executive Summary:

Collaboration is becoming a new and important source of competitive advantage. No longer is the creation and pursuit of new ideas the bastion of large, central R&D departments within vertically integrated organizations. Instead, innovations are increasingly brought to the market by networks of firms, selected according to their comparative advantages, and operating in a coordinated manner. This paper reports on a study of the strategies and practices used by firms that achieve greater success in terms of business value in their collaborative innovation efforts. Key concepts include:

* Consider the strategic role of collaboration, organize effectively for collaboration, and make long-term investments to develop collaborative capabilities. Successful firms found that attention to these 3 critical areas generated new options to create value that competitors could not replicate.

* Successful firms went beyond simple wage arbitrage, asking global partners to contribute knowledge and skills to projects, with a focus on improving their top line. They redesigned their organizations to increase the effectiveness of these efforts.

* Managing collaboration the same way a firm handles the outsourcing of production is a flawed approach. Production and innovation are fundamentally different activities and have different objectives.

Trying to be the RIAA? Is there anyone who can see beyond the “we can, therefore we must” paradigm? (see next article)

Science Fiction Writers Write DMCA Takedowns

Posted by Zonk on Friday August 31, @03:21PM from the quit-using-our-free-stuff-for-free dept. Sci-Fi Books The Courts

TheGreatGraySkwid writes “With an ironic lack of forward thinking, the Science Fiction Writers of America (or, more specifically, their Vice President Andrew Burt) have issued scattershot DMCA takedown notices against numerous items on the document-sharing site Scribd, many of which were not infringing on SFWA copyrights in any way. It appears that a simple keyword search for prominent science fiction names (like 'Asimov' and 'Silverburg') was used to determine which documents were to be singled out. Included in the documents was Cory Doctorow's 'Down and Out in the Magic Kingdom,' which was released under the Creative Commons license and is freely available at any number of places. Doctorow is up in arms over at BoingBoing, with several other Science Fiction notables speaking up in the comments."

Direct application to Open Source? At least I see it that way...

Exclusivity and Control

Published: August 31, 2007 Paper Release Date: August 2007 Authors: Andrei Hagiu and Robin S. Lee

Executive Summary:

Music, television shows, movies, Internet and mobile content, computer software, and other forms of media often require a consumer to join a platform in order to access or utilize the media. This affiliation may take the form of a subscription to a distribution channel or purchase of a hardware device. One of the primary means of differentiation and competition between platforms for consumer adoption is the acquisition of premium or quality content. However, whether or not certain content is exclusive to one platform or is present on multiple platforms varies significantly from industry to industry. One can even view Apple's exclusive U.S. provision of the iPhone to AT&T as even more variation in the degree of exclusivity across industries. Why is it that some forms of content are available only on one platform, while others are distributed through several or all platforms available—that is, they "multihome"? This paper analyzes industry propensity for exclusivity and presents a model of platform competition. The key driving force is the nature of the relationship between the content and the platforms: outright sale (all control rights, particularly over content pricing, are transferred from the content provider to the platform) or affiliation (the content provider maintains control rights over pricing). Key concepts include:

* The key is control rights over factors such as content pricing and cash flow. Strategic interactions around control rights between platforms and the content provider can push the industry structure in either direction.

* High-quality content will multihome, because foreclosing a portion of the market by being exclusive will be too costly. [So why does Microsoft ignore users of other browsers? Bob] Mid-quality content will be exclusive and can soften price competition at the platform level enough to offset the losses from excluding a portion of the market. Low-quality content will multihome, since it would not yield any comparative advantage if it were exclusive.

* A platform that has exclusive rights to content may prefer to relinquish control over pricing and associated revenues to the content provider in order to relax price competition with a rival platform.

Just a suspicion, but isn't it possible a Google Geek just stuck this in for his own amusement? (However it does fit my interpretation of Google's strategy: “Try to have a Google version of everything”)

Friday, August 31, 2007

Google Earth Flight Simulator

Some time last week, Google expanded Google Earth with Google Sky. As fascinating as Google Sky is, that's not the focus of this post. Along with the latest update comes a hidden feature of which I cannot seem to find any other information about. It's not in the release notes and a search on Google produces no results. Seems Google have done one of their unpublicised updates they're becoming well-known for.

What I'm talking about is a flight simulator embedded within GE.

Friday, August 31, 2007

Oh what a shock. Initial reports underestimated the scope of the data spill...

Personal data stolen on gov. jobs Web site

Hackers took information from about 146,000 users of site run by Monster

By Jim Finkle Reuters Updated: 5:31 p.m. MT Aug 30, 2007

BOSTON - About 146,000 people using a jobs Web site sponsored by the U.S. government have had their personal information stolen by hackers who broke into computers at Monster Worldwide Inc, a government spokesman said on Thursday.

The theft on the site, which has about 2 million total users, was part of the hacking operation that Monster disclosed last week, according to Peter Graves, a spokesman for the U.S. Office of Personnel Management.

... The information stolen was names, mailing addresses, phone numbers and e-mail addresses. Social security numbers, which are encrypted in the database, were not compromised, Graves said.

... The government got its first clue that the site had been compromised on July 20, when a subscriber submitted what appeared to be a fraudulent e-mail, Graves said.

Very (too) common.,1759,2177674,00.asp?kc=EWRSS03119TX1K0000594 Admits It's Been Hit Before

By Brian Prince August 30, 2007

Monster officials admit the database breach was larger than previously announced and promise to tighten security controls.

The fallout from the data breach at is growing wider, as the company has confirmed that the company's databases have been targeted by hackers before.

Monster copped to a large security breach Aug. 22, but is now admitting that the data leakage has been going on for longer and could involve more customers than originally announced.

... But company officials noted that the theft of confidential information was not an isolated incident and said the scope of illegal activity was impossible to pinpoint.

... This kind of rolling disclosure is likely to become widespread, according to Prat Moghe, chief technology officer and founder of Tizor, a data auditing software firm also based in Maynard.

"We will continue to see this pattern, where a breach is announced and then days, even months later it comes to light that the scope of the breach was much larger than first thought."

Moghe said thieves can exploit the fact that most enterprises don't have real-time visibility into what is happening with data (see next article) once credentialed users access it. "Without visibility into the data core, the escalation of damage is inevitable," he said.

Another HP scandal? What effect will this have on e-Discovery? (See why you need to know where your data flows?)

Turns Out The MPAA Did Get Access To TorrentSpy Execs' Email

from the ethically-challenged dept

The MPAA has been pushing the courts to force TorrentSpy to spy on its users -- something TorrentSpy refuses to do, noting that it would break their own privacy policy and is simply ethically questionable. It should come as no surprise, of course, that the MPAA has no such qualms. In fact, it came out today that the MPAA had, in fact, been snooping through TorrentSpy's executives' emails. So, which organization looks more ethically challenged? This stems from a case TorrentSpy filed last year, after finding out that a former co-worker gave the MPAA access to TorrentSpy emails. While a court has found that the MPAA's actions did not violate wiretap laws, it's still pretty questionable. What appears to have happened, is that a former TorrentSpy employee who had access to the company's email system set it up so all executives' emails also forwarded to a gmail account he owned. He then sold access to that gmail account to people at the MPAA. Clearly, the MPAA knew that the TorrentSpy execs thought these emails were private, and yet they still eagerly paid up for access to them, which is really sleazy. TorrentSpy is appealing the case, but they'd probably have a much stronger case against the former employee who set up the email forwarding system in the first place.

Their immediate reaction shows how serious they are!

Cell carriers fined over missed e911 deadlines

Posted by Anne Broache August 30, 2007 2:17 PM PDT

Federal regulators late on Thursday slapped three wireless firms, including No. 3 operator Sprint Nextel, with a total of $2.83 million in fines for not meeting a long-passed deadline for equipping subscribers with enhanced 911 service.

The Federal Communications Commission had set a December 31, 2005 date by which all mobile carriers had to ensure that 95 percent of their subscribers had location-sensitive handsets--that is, those that allow emergency responders to pinpoint a caller's location upon connection to the 911 switchboard.

Use the 'Streisand Effect' wisely, Luke” (The video is also at this link)

Supermarket A&P Makes Sure That People Associate Mock Gangsta Rap Video With A&P

from the nice-work,-Streisand dept

Well, here's an interesting variation on the Streisand Effect. Apparently, the well known supermarket in the northeastern US, A&P, recently fired two young brothers who worked at the grocery store for making a satirical gangsta rap video about the produce section of a supermarket. The brothers never actually mention A&P in the video, which is clearly just parodying typical gangsta rap videos, but the company now says that it's going to sue the brothers for a million dollars for defamation. Of course, in doing so, they've now made it so that a lot more people will both see the video and associate it with A&P. Before this, it's unlikely most people would have known that it was filmed in an A&P. But, now that they're suing... everyone will know and a lot more people will see it. It's hard to see how that's beneficial to anyone. In the meantime, the video remains up on YouTube:

This must be why Copyright Lawyers get the big bucks... (Might make an interesting exam question – if I knew what to ask...)

Viacom Accuses Guy Of Copyright Infringement For Showing Video Of Viacom Infringing On His Copyright

from the follow-that? dept

Ben S. was the first of many folks to submit to us this incredible story of Viacom's latest ridiculous claim of copyright infringement. As you're most likely aware by this point, Viacom is in the middle of a nasty $2 billion lawsuit with Google over what it alleges are videos that infringe on Viacom's copyright appearing on YouTube. Of course, in making those claims, Viacom has been known to be a bit too aggressive in taking down videos -- including some that clearly did not violate Viacom's copyright. This latest case, however, may be the most ridiculous.

VH1 is a Viacom property that has a popular TV show called "Web Junk 2.0." It basically just takes the more popular/funny/stupid clips that show up on YouTube every week and shows them on TV along with some goofy commentary from the show's host. I'd always wondered if Viacom compensated the owners of those videos -- especially given the company's position about YouTube. It turns out that neither Viacom nor VH1 compensate the video owners, or even ask their permission. It just assumes that it can use them. Most turn out to be perfectly happy (not surprisingly) to get this sort of free publicity. One guy thought it was so cool that he recorded the clip of Web Junk that featured his own video and posted that on YouTube so he could blog about it. And, in an incredibly ironic move, Viacom sent a takedown notice to YouTube forcing it offline. Just to make it clear: Viacom used this guy's work without permission and put it on TV. The guy then takes Viacom's video of his video and puts it online... and Viacom freaks out claiming copyright infringement. Effectively, Viacom is claiming that it's infringement of Viacom's copyright to display an example of Viacom infringing on copyright.

[The original(?) copyright holders web site: ]

Lots of legal stuff on email discovery...

Caution: Private E-Mails Might Turn Public

Friday, August 31 2007 @ 05:22 AM CDT Contributed by: PrivacyNews News Section: In the Courts

Recent headlines have highlighted the blurring divide between professional and private e-mail accounts: The White House and its staffers were subjected to criticism and scrutiny for their use of non-governmental e-mail accounts and BlackBerrys in connection with official business; New York Governor Eliot Spitzer's aides' personal e-mail accounts have been targeted for communications concerning the investigation into the Senate majority leader; and New Jersey Governor Jon Corzine recently declared that he would stop using e-mail entirely in response to legal requests for private e-mails between the governor and his ex-girlfriend.

Source -

For my Web Site classes. Imagine a map showing everyplace to get pizza within 2 miles of the campus! - Build Your Own Map

Calling all travel bugs, geography buffs, and anyone else who sees the world as their playground. is a clever site that helps users construct their own special map sprinkled with different tags. Maps can be concentrated in a certain town or can include all seven continents. Once an area is decided on, users can tag locations with data feeds from blogs and websites, photos, text, weather, and add other personal touches.

My artistic ability isn't... - Software for New Programmers

Are you a current or future computer programming student with a passion for electronic art? Processing might be right up your alley, as it is a free dowloadable software program designed for students learning the art and technique of both computer programming and electronic art. Started by fellow peers in the MIT Media Lab, the application aims to simplify and deconstruct the programming process using visual aids (or 'sketching') as its main teaching tool. Further, it focuses on the process of creating a new program rather than the finished product, and wants to be a transition tool for more complicated programs like Java. Right now their software is in beta testing, and they encourage users to try it out. The site contains links to many other resources and teaching tools for other kinds of programming.

Thursday, August 30, 2007

Free isn't always...

Downloadable Coupons Come With Sneaky Extras, Researcher Says

Wednesday, August 29 2007 @ 07:02 PM CDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Thousands of shoppers clipping downloadable coupons from may be getting more than they bargained for, according to a Harvard researcher who says the site's free software hides deceptively named tracking files on users' PCs, and leaves them there after the software is ostensibly uninstalled.

Coupons Inc., which makes the software and runs, is the same Mountain View, California, firm that last month sued a Fremont, California, man for posting a program that lets consumers print as many copies of a particular coupon as they want, circumventing company limits.

Source - Threat Level (blog)

(h/t, InfoWarrior)

Summary? Least common denominator rule applies?

Data Breach Disclosure Laws - A State by State Perspective

Wednesday, August 29 2007 @ 07:06 AM CDT Contributed by: PrivacyNews News Section: Breaches

Is your company aware of all the different data-breach-notification laws in the U.S.? Sure, there’s California Senate Bill 1386, but what about the other 35 states that have similar laws? Do you think you’re familiar with the subtle differences between the various state laws?

Okay, let’s test your knowledge. True or false: A breach of data that includes a person’s first name, last name and their credit card account number without the PIN doesn’t require disclosure? If you think that’s always true, look up Kansas Senate Bill 196 and think again. Are you legally required to securely destroy sensitive data on paper? In some states are you. Check out Virginia House Bill 872, for example. Of course, the issue then becomes what to do if certain state laws require disclosure of a specific data breach while other’s do not? Do you only disclose to those customers who you’re legally obligated to notify? That could be a public relations nightmare if the other customers found out -- and they will find out.

Source -

Definitious? (Towards a working definition?)

UK: What is personal data? Information Commissioner updates guidance

Thursday, August 30 2007 @ 06:17 AM CDT Contributed by: PrivacyNews News Section: Non-U.S. News

The Information Commissioner's Office (ICO) published new guidance yesterday that explains its view of what counts as personal data under the Data Protection Act (DPA). Information that is not personal data today may become personal data as technology advances, it says.

A landmark ruling in 2003 challenged long-held assumptions about what constituted personal data. Michael Durant's case against the Financial Services Authority resulted in the courts defining personal data very narrowly, so that data became personal only in certain circumstances.

While only a court can rule on what the definition in the DPA really means, guidance from the ICO is influential. The ICO has now replaced its initial guidance on the implications of the Durant judgment.

Source -


The New Surveillance" in Ireland

Thursday, August 30 2007 @ 06:29 AM CDT Contributed by: PrivacyNews News Section: Non-U.S. News

I've written a short piece for the Irish Security Industry Association's Risk Manager magazine about "The New Surveillance" and its growth in Ireland:

The recent trial of Joe O’Reilly for the murder of his wife Rachel attracted huge public interest for a number of reasons – the gruesome nature of the crime and the demeanour of the killer among them. But another cause of this public attention was the way in which the trial revealed the extensive digital footprints we leave behind in our day to day activities. In a first for the Irish courts, the prosecution case was built for the most part on digital evidence – including CCTV footage, mobile phone location data, details of calls and text messages and the content of emails.

Source - IT Law in Ireland (blog)
Article - The New Surveillance" in Ireland (pdf)

Well, that fixes everything!

(Follow-up) CT: Web Site Established After Laptop Stolen

Wednesday, August 29 2007 @ 05:25 PM CDT Contributed by: PrivacyNews News Section: Breaches

The day after announcing the theft of a computer that contains taxpayer information, the state released a Web site to address the matter.

Source - WFSB

Re-defining the law?

Umbrella Rulings Can't Cover All Data

Thursday, August 30 2007 @ 06:32 AM CDT Contributed by: PrivacyNews News Section: In the Courts

When is enough preservation too much? Many legal professionals cringed when Magistrate Judge Jacqueline Chooljian of the U.S. District Court for the Central District of California, held that the duty to preserve required the activation of a logging function to enable the retention of serve log data in random access memory, where the information that would be captured by that step was predictably at the heart of a highly contested copyright infringement case. See Columbia Pictures Industries v. Justin Bunnell, Case No. CV 06-1093 FMC(JCx), 2007 U.S. Dist. Lexis 46364 (May 29, 2007).

Critics charge that the decision misconstrues the intent of the 2006 electronic data discovery amendments to the Federal Rules of Civil Procedure, and presages an unwarranted expansion of data preservation requirements.

Source -

They don't really mean suspects, right? They mean tried and convicted. Think of it as part of the continual obfuscation of language.

NJ: Legislators want to add serious-crime suspects to database

Thursday, August 30 2007 @ 06:35 AM CDT Contributed by: PrivacyNews News Section: State/Local Govt.

Two decades after a Florida rapist became the first American convicted in a case built on DNA evidence, investigators are routinely turning to a national database that now holds more than 5 million genetic "fingerprints."

Some lawmakers in New Jersey are hoping it can hold even more. They're considering legislation to further expand DNA collection in the state to include anyone convicted of disorderly conduct and those arrested for murder, manslaughter, kidnapping and sex offenses.

Source -

Still bad, just not the baddest?

Posted by Mikko @ 14:45 GMT Wednesday, August 29, 2007

Sony's USB Rootkit vs Sony's Music Rootkit

Monday's post disclosed our investigation of Sony's MicroVault USM-F fingerprint reader software. Sony's software installs a driver that creates a hidden folder using rootkit techniques.

This raises the question – while the techniques employed are similar – is this case as bad as the Sony BMG XCP DRM case (i.e. the music rootkit)?

In a nutshell, the USB case is not as bad as the XCP DRM case. Why? Because…

The user understands that he is installing software, it's on the included CD, and has a standard method of uninstalling that software.

The fingerprint driver does not hide its folder as "deeply" as does the XCP DRM folder. The MicroVault software probably wouldn't hide malware as effectively from (some) real-time antivirus scanners.

The Microvault software does not hide processes or registry keys. XCP DRM did.

It's also trickier to run executables from the hidden directory than with XCP. However, it can be done.

And lastly, there seems to be a use-case: The cloaking is most likely used to protect fingerprint authentication from tampering. Sony is attempting to protect the user's own data. In the DRM case, Sony was attempting to restrict you – the user – from accessing the music on the CD you bought. So their intent was more beneficial to the consumer in this case.

However – this new rootkit (which can still be downloaded from can be used by any malware author to hide any folder. We didn't want to go into the details about this in our public postings, but we suppose the cat's out of the bag now that our friends at McAfee blogged about this yesterday. If you simply extract one executable from the package and include it with malware, it will hide that malware's folder, no questions asked.

We still haven't received any kind of response from Sony International. Sony Sweden did however confirm in a public IDG story that the rootkit is indeed part of their software.

What's going on here. This is the second municipal WiFi net to crash in as many days! (Yesterday Chicago quit)

Earthlink bows out of San Francisco Wi-Fi deal

By LISA LEFF, Associated Press Writer Thursday, August 30, 2007 (08-30) 00:05 PDT San Francisco (AP) --

Despite Earthlink Inc.'s decision to bow out of its deal to help provide free wireless Internet access throughout San Francisco, the mayor here remains committed to the idea.

For my Finance students...

Internet Bandwidth to Become a Global Currency?

Posted by ScuttleMonkey on Wednesday August 29, @05:11PM from the the-almighty-bit dept.

ClimateCrisis writes to tell us that internet bandwidth could become a global currency under a new model of e-commerce developed by researchers from Delft University of Technology, Vrije Universiteit, Amsterdam and Harvard's School of Engineering and Applied Sciences. "The application, available for free download at, is an enhanced version of a program called Tribler, originally created by the Dutch collaborators to study video file sharing. 'Successful peer-to-peer systems rely on designing rules that promote fair sharing of resources amongst users. Thus, they are both efficient and powerful computational and economic systems,' David Parkes, John L. Loeb Associate Professor of the Natural Sciences at Harvard said. 'Peer-to-peer has received a bad rap, however, because of its frequent association with illegal music or software downloads.' The researchers were inspired to use a version of the Tribler video sharing software as a model for an e-commerce system because of such flexibility, speed, and reliability."


As Companies Go Public, Power Stays Private

from the inside-out dept

As we've noted several times, the tech IPO came back in a big way this year, most recently evidenced by VMWare's meteoric launch out of the gate. While this is good news for companies and their investors, Kevin Kelleher argues that we're seeing a disturbing trend in the way these deals go down. In many instances, the terms of the deal are such that the general public shareholder has little power in the newly-public company, with most voting power concentrated in the hands of a select few insiders. What's more, in many instances, the companies have sold stakes in themselves to certain outside investors at a price below what was available to the public. It's easy to argue that such moves represent greed and a desire to keep the spoils concentrated, but there may be other reasons for these actions. As the rise of private stock exchanges suggests, public shareholders are increasingly seen as a liability, whether it's due to the threat of shareholder lawsuits or activist investors. Kelleher's concern is for the "little guy", as he puts it, but it's not clear that most investors actually care about things like voting rights. As long as investors understand where they're at, and can weigh the risks accordin

I wait with baited breath...

Record Company Collusion a Defense to RIAA Case?

Posted by samzenpus on Thursday August 30, @12:23AM from the fight-the-power dept. The Courts

NewYorkCountryLawyer writes "Is collusion by the record companies a defense to an RIAA case? We're about to find out, because the RIAA has made a motion to strike the affirmative defense of Marie Lindor, who alleged that "the plaintiffs, who are competitors, are a cartel acting collusively in violation of the antitrust laws and of public policy, by tying their copyrights to each other, collusively litigating and settling all cases together, and by entering into an unlawful agreement among themselves to prosecute and to dispose of all cases in accordance with a uniform agreement, and through common lawyers, thus overreaching the bounds and scope of whatever copyrights they might have" in UMG v. Lindor."

Doust thou agree?,1558,2177284,00.asp?kc=ETRSS02129TX1K0000532

Is RFID for Kids?

By Lance Ulanoff August 29, 2007

It's high time we embraced RFID technology in all its permutations, even personal implants.

I'm surprised by both the debate over RFID (radio frequency identification) and the technology's growing capabilities. RFID has been a boon to corporations with large retail outlets, inventory rooms, warehouses, and more. It's even beginning to bleed into public spaces such as county beaches. Yet it seems all I hear is moaning about the privacy and First Amendment implications. This is growing tiresome, and it's time to set people straight.

RFID chips are a good idea. RFID chips that can help locate people and objects are a better idea. RFID chips implanted in pets and people are the best idea of all. Let me illustrate how committed I am to this idea.

Tools & Techniques

Privacy is a click away with ProxyServers4Free

There are innumerable Internet users who just know that the Internet is used for gaining information as well as keeping in touch with friends and family via email, chat, etc. But do they know that their every move is being tracked? That’s right! Imagine not having your privacy when using your Personal Computer. Not a very pleasing thought, is it? Well, for every problem, there’s always a solution and is your answer.

... But, what exactly are proxy servers? Proxy servers are like buffers between your computer and the Internet resources that you access. In other words, the moment you request for certain information, the information first comes to the proxy and then the proxy transfers the same to you. Your IP address is hidden, which in turn would prevent your computer from being unethically accessed via the Internet. The websites that you visit as well as the fact that you are using a proxy server to visit them are both held in confidentiality. This information is not disclosed to anyone.


August 29, 2007

DOJ OIG: Sentinel Audit III: Status of the Federal Bureau of Investigation’s Case Management System

Sentinel Audit III: Status of the Federal Bureau of Investigation’s Case Management System, Audit Report 07-40, August 2007 - PDF (Full Report, 156 pages, released August 29, 2007)

Wednesday, August 29, 2007

No encryption, again.

CT: Computer Stolen With State Tax Data For 106,000

Tuesday, August 28 2007 @ 03:01 PM CDT Contributed by: PrivacyNews News Section: Breaches

State officials say a computer laptop with the names and Social Security numbers of more than 100,000 Connecticut taxpayers has been stolen.

The state Department of Revenue Services says it will begin notifying affected taxpayers about the theft. Officials say the computer is password-protected and access is unlikely by anyone without specialized knowledge.

Source - Associated Press

Related - Connecticut Post

Sure to grow?

Ca: Security breach hits online brokerage

Tuesday, August 28 2007 @ 07:18 AM CDT Contributed by: PrivacyNews News Section: Breaches

Online broker TradeFreedom Securities Inc. has quietly notified an unidentified number of its customers that a computer security breach has compromised some of their personal information, potentially exposing them to fraud.

In what it described as a follow-up to an Aug. 17 notice to clients, it said in a Friday e-mail that it had finished its investigation into the "recent unauthorized intrusion" of one of its computer systems.

"We have subsequently determined that, despite our security systems in place at the time, this unauthorized intrusion has also resulted in the compromise of some of your personal information," TradeFreedom said. "This information is your name, social insurance number, city, province and postal code."

Source - Globe and Mail

Good idea, kinda late...

Boss, I Think Someone Stole Our Customer Data

Tuesday, August 28 2007 @ 07:44 AM CDT Contributed by: PrivacyNews News Section: Breaches

Case Study: A fictitious company, "Flayton Electronics," learns that the security of its customer data has been compromised—and faces tough decisions about what to do next.

Source - Harvard Business Review

Related - Rational Security (blog)

(Props, Emergent Chaos blog)

If you don't someone else surely will.

Is your school's Web site revealing too much?

Tuesday, August 28 2007 @ 01:26 PM CDT Contributed by: PrivacyNews News Section: Minors & Students

It's back to school time, and Internet safety expert Linda Criddle has come up with homework for schools, students and parents: Do a safety checkup of your school's Web site to ensure that it is not making too much personal information publicly available. She has created Guidelines for Safer School Web Sites to help schools cope with the new realities of our information society. News that can be appropriately shared within a school community--student names, team affiliations, sports practice times, and photos, for example--can expose students to considerable risk for misuse when shared with the whole world online.

Source - C|net (blog)

How to guide?

Point, Click ... Eavesdrop: How the FBI Wiretap Net Operates

By Ryan Singel Email 08.29.07 | 2:00 AM

The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.

The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected.

... Many of the details of the system and its full capabilities were redacted from the documents acquired by the Electronic Frontier Foundation, but they show that DCSNet includes at least three collection components, each running on Windows-based computers.

Keep an eye on this one.

FSF Positioning To Sue Microsoft Over GPLv3?

Posted by kdawson on Tuesday August 28, @02:36PM from the no-easy-out dept. GNU is Not Unix Microsoft

mjasay writes "Groklaw notes that the Free Software Foundation has decried Microsoft's attempts to distance itself from its obligations to abide by GPL Version 3 (press release here). Citing Microsoft's earlier declaration that they are not bound by GPLv3, the Free Software Foundation declared, 'Microsoft cannot by any act of anticipatory repudiation divest itself of its obligation to respect others' copyrights.' The press release implies that the Free Software Foundation may sue Microsoft over the issue."


The rise of the "good enough" technology economy

Posted by Matt Asay August 28, 2007 9:34 PM PDT

I stumbled across this excellent commentary from Stephen Baker in BusinessWeek on "good enough" technology. It's actually a great foil to an earlier post I wrote on Software as a Service (SaaS).

Baker asks, "Are we helped or hindered by imperfect technology that is merely 'good enough'?" He comes down squarely on the "helped" side, and with interesting reasons:

Look, this has never bothered politicians before – what's really going on?

Chicago Scraps Plans for Wi-Fi Network

Aug 28, 5:03 PM EDT

CHICAGO (AP) -- An ambitious plan to blanket the city with wireless broadband Internet will be shelved because it is too costly and too few residents would use it, Chicago officials said Tuesday.

Suspicions confirmed.

Windows By Stealth: The Updates You Don't Want

Sun, 26/08/2007 - 10:43pm — Homer

On the back of the recent WGA fiasco, further research has revealed yet another citation of what I already knew to be true: Windows updates itself without explicit permission, even if you turn off automatic updates.

The procedure is supposed to work like this (on XP at least):

Launch "System Properties".
Select the "Automatic Updates" tab.
Select the "turn off Automatic Updates" (or manual) checkbox.

And that, AFAIAC should be it. Off means off.

And yet, according to Microsoft, apparently it doesn't.

If Microsoft ever wanted to get caught with their pants down, they succeeded. For most people, the above doesn't make a whole lot of sense past the "you might have a virus" part. VerifyMyPC requires a little extra knowledge about computer systems when dealing with the details. Google is your friend in these cases. Running searches for 'wups.dll' and 'wups2.dll' turns up something about Automatic Updates. In particular, those DLLs provide Automatic Update functionality for Windows.

In other words, the Automatic Updates utility automatically updated itself. Now this might not seem like a big deal but I have automatic updates set to manual (both download and installation have to be approved by me) and not the usual 'automatic' setting found on most user PCs. In other words, Windows updated itself without my express permission. Such behavior is right in line with spyware-like activity.

Looks useful! - Video Aggregator Proposes 2nd Gen Videos

Mefeedia [ ] claims to aggregate videos and weblogs from over 15,000 sites. Their index plays host to over 3 million episodes from around 25,000 video feeds. Other than those large, appealing numbers, Mefeedia also lays claim to better, higher quality videos—a second generation of online video.


August 28, 2007 Business Filings Database Guide Updated

Kathy Biehl's comprehensive, reliable and completely updated guide to Business Filings Databases was posted on August 25, 2007.

  • "All 50 states make some level of corporate and business filings available online. In a few instances only limited information (such as name availability) is retrievable. The majority of the states, however, use their Web presence to disseminate a range of public business records -- and most of them offer access at no charge."

For my Web site class...

FotoFlexer Raises The Bar On Online Photo Editing

Michael Arrington August 27 2007

Online photo editors keep getting better and better. For hardcore image manipulation, desktop software like Photoshop or Gimp will always have its place, but online editors are free, easy to use and a lot of fun. We covered most of the online editors back in February (Fauxto, Picnik, Picture2Life, Preloadr, PXN8 and Snipshot). But a relative newcomer on the scene, Berkeley-based FotoFlexer, is worth a look.