Wednesday, December 31, 2008

Keeping your story straight? Blogger/reporters could sit in the court for a while then step out to blog – how much is too much?

DA, defense want to prevent blogging at trial

The Associated Press Posted: 12/30/2008 03:17:11 PM MST Updated: 12/30/2008 04:05:29 PM MST

DENVER—Prosecutors and defense attorneys want to prevent blogging out of fear witnesses could learn what's happening inside the courtroom before they testify in the Jan. 12 trial of a man accused of causing the death of his 11-week-old son

... The joint motion filed Monday seeks to ban cell phones and computers.

A common argument and cogent rebuttal...

Are state and federal breach notification mandates unreasonable?

Wednesday, December 31 2008 @ 05:59 AM EST Contributed by: PrivacyNews

Chris Wolf, an attorney and head of the Proskauer Rose (Washington, D.C.) law firm’s privacy and security group, stated in a recent interview that breach notifications should be delayed until all the facts are in about what was lost and who was affected. While this might be a good legal position, I’m not sure this view is shared by victims of a breach, privacy advocates, or me if the delay reaches across weeks or months.


Organizations unable or unwilling to provide the controls necessary to react immediately to protect customer, employee, or patient information should reconsider keeping it in the first place.

Source - Tech Republic

[From the article:

Wolf also asserts that organizations need time to understand the breach–who was affected and what was taken–before they release a notification. I don’t disagree with this. However, making these decisions quickly, within regulatory constraints focused on risk mitigation, is the role of a well-designed and practiced incident response process.

... Each organization must know where PII and ePHI is stored, use reasonable and appropriate controls to prevent unauthorized access, use intrusion or extrusion monitoring to detect a breach, and document a quick breach response. I define “quick” as hours, not weeks or months.

George Orwell was an optimist.

UK's database plan condemned by Europe

Tuesday, December 30 2008 @ 06:14 PM EST Contributed by: PrivacyNews

Britain must rethink plans for a database holding details of every email, mobile phone and internet visit, Europe's human rights commissioner has said in an outspoken attack on the growth of surveillance societies. Thomas Hammarberg said that UK proposals for sweeping powers to collect and store data will increase the risk of the "violation of an individual's privacy".

Source - The Independent

[From the article:

These proposals have already been described by the Government's own terrorism-law watchdog as "awful" and attacked by civil liberty groups for laying the basis of a Big Brother state.

Related. The US is moving toward the UK's position, but not in one swell foop.

Ga. sex offenders must hand over online passwords

Wednesday, December 31 2008 @ 05:17 AM EST Contributed by: PrivacyNews

Privacy advocates are questioning an aggressive Georgia law set to take effect Thursday that would require sex offenders to hand over Internet passwords, screen names and e-mail addresses.

Georgia joins a small band of states complying with guidelines in a 2006 federal law requiring authorities to track Internet addresses of sex offenders, but it is among the first to take the extra step of forcing its 16,000 offenders to turn in their passwords as well.

Source -

Better is still a long way from adequate.

Adobe’s Flash and Apple’s Safari Fail a Privacy Test

Wednesday, December 31 2008 @ 05:19 AM EST Contributed by: PrivacyNews

In the new browser war, privacy is a crucial battleground.

Mozilla’s Firefox, Google’s Chrome, Microsoft’s Internet Explorer and Apple’s Safari all compete to give users the most control over their online identities and the best protection from Web sites that use “cookies,” those unique identifiers that can track users online.

So how effective are the newest batch of browser privacy tools? Kate McKinley, a researcher at iSec Partners, a San Francisco security firm, sought to find out.

Source - New York Times

[From the article:

In a paper published Tuesday, Ms. McKinley found particular problems with Safari and concluded that none of the four major browsers extends its privacy protections to Adobe’s immensely popular Flash plug-in, which is used to display Web animations and video.

When the government starts being rational, it probably means they will cancel the whole plan.

FCC chairman revises wireless broadband plan

Posted by Marguerite Reardon December 30, 2008 10:23 AM PST

Federal Communications Commission Chairman Kevin Martin has backed off his plan that would require free wireless broadband license holders to filter for smut.

“All that is not mandatory is forbidden, all that is not forbidden is mandatory.” E. B. White

Business groups sue over Homeland Security E-Verify program

Posted by Stephanie Condon December 30, 2008 12:11 PM PST

The U.S. Chamber of Commerce and other business organizations filed suit against U.S. Homeland Security Secretary Michael Chertoff last week, complaining that the Homeland Security Department cannot legally require federal contractors to use its online worker verification database.

... Use of the system is voluntary, but President George Bush signed an executive order earlier this year requiring federal contractors to electronically verify their workers' employment eligibility.

The lawsuit, filed on December 23 in the U.S. District Court for Maryland's southern division, asks the court to declare the executive order and subsequent rule changes to be illegal and void, since the president's order is in direct contradiction to the law, which says that no person or entity shall be compelled to participate in the E-Verify program. The only exemptions are federal agencies, the legislative branch, and certain immigration law violators.

Cyber war: The electronic equivalent of a Fireside Chat?

YouTube, Twitter: Weapons in Israel's Info War

By Nathan Hodge December 30, 2008 1:47:01 PM

Days after sending aircraft to strike Hamas militants in Gaza, the Israeli government is launching a campaign to dominate the blogosphere.

Among other things, the Israeli military has started its own YouTube channel to distribute footage of precision airstrikes. And as I type, the Israeli consulate in New York is hosting a press conference on microblogging site Twitter.

Tuesday, December 30, 2008

A little social engineering goes a long way...

NY: Security Breach Found In Child Abuse Records

Monday, December 29 2008 @ 06:57 PM EST Contributed by:PrivacyNews

New York State Inspector General Joseph Fisch says he’s uncovered serious deficiencies at the Statewide Central Register of Child Abuse and Maltreatment (Register) and is recommending legislative and departmental changes to improve confidentiality.

The Register is overseen by the New York State Office of Children and Family Services (OCFS).

In a 33-page report issued Monday, Fisch revealed several findings related to a breach of the Register’s confidentiality. Also known as the “Hotline,” the Register receives calls reporting alleged child abuse. Such reports are confidential under state law.

The Inspector General’s investigation revolves around a Suffolk County father whose underage daughter was wrongly listed on the Register as allegedly involved in child abuse. When the father attempted to clear his daughter’s name, he encountered bureaucratic hurdles and unexplained delays. The father’s name was withheld from the Inspector General’s report to protect his confidentiality.

The Inspector General found that the father likely violated state law by improperly obtaining a confidential list of Hotline callers directly from Verizon by claiming to be a state employee. He then threatened to release the confidential records and demanded cash payment in exchange for the return of the records from OCFS and the Governor’s Office, possibly violating additional state laws against coercion or larceny.

Source - North Country Gazette

If we are able to reduce the gas we use, tax revenues would drop. Can't have that, so we need a new way to tax (and if it lets us track our second-class citizens, so much the better.)

OR: Kulongoski to pursue mileage tax

Monday, December 29 2008 @ 09:13 AM EST Contributed by: PrivacyNews

A year ago, the Oregon Department of Transportation announced it had demonstrated that a new way to pay for roads — via a mileage tax and satellite technology — could work.

Now Gov. Ted Kulongoski says he’d like the legislature to take the next step.

Source - Democrat Herald

“Your security isn't as good as you think it is.”

CCC Hackers Break DECT Telephones' Security

Posted by timothy on Tuesday December 30, @08:13AM from the distibuting-dialtone dept. Security Communications Hardware Hacking

Sub Zero 992 writes

"Heise Security (article in German) is reporting that at this year's Chaos Communications Congress (25C3) researchers in Europe's group have published an article (pdf) showing, using a PC-Card costing only EUR 23, how to eavesdrop on DECT transmissions. There are hundreds of millions of terminals, ranging from telephones, to electronic payment terminals, to door openers, using the DECT standard."

So far, the Heise article's German only, but I suspect will show up soon in English translation.

[Need a translation? Try Bob]

Speaking of code breaking... Getting ready for that first encrypted wiretap?

FBI Issues Code Cracking Challenge

Posted by ScuttleMonkey on Monday December 29, @06:23PM from the test-your-skillz dept.

coondoggie writes to tell us that the FBI has issued another cracking challenge for a new cipher on their site. Tens of thousands responded to a similar challenge last year. In addition to the challenge, the FBI is also offering a few primers on the subject. There are a number of sites offering cipher challenges, but it's funny to see the FBI encouraging such behavior.

[The code is on the FBI home page (no direct link) If you need a tool, try this one: Bob]

Are cellphone systems an “easy target?” What providers stayed up?

Storm Causes AT&T Outage Across Midwest

Posted by CmdrTaco on Monday December 29, @09:55AM from the guess-who-this-includes dept. Networking

dstates writes

"AT&T left users across several Midwestern states without cellular phone service yesterday. The outage apparently resulted from a power failure at a Michigan switching center and spread to affect level3 Internet communications. The powerful windstorm also left 400,000 users without electricity. Interestingly, except for a few reports in Chicago and Indianapolis papers, AT&T has managed to keep this out of the mainstream media. Widespread communication failures also followed Hurricane Ike in Texas earlier this year. With the increasing trend for users to drop landlines and rely only on cell phones, this is becoming an emergency preparedness issue."

Yes this included me. Still does. At least my office still has power — maybe we'll just camp here tonight. :)

Monday, December 29, 2008

It's not “if” it's “when”

UK: Government departments losing a computer every day

Monday, December 29 2008 @ 06:09 AM EST Contributed by: PrivacyNews

More than 2,800 computers belonging to Whitehall departments have been mislaid or stolen since 2002, the equivalent of more than seven per week, new figures disclosed. The total included 1,774 laptops and 1,035 desktop systems.

The figures also showed that 676 mobile phones have been lost or stolen over the past seven years. Meanwhile, 202 hard drives and 195 memory sticks also went missing.

Source - The Telegraph


Data "Dysprotection:" breaches reported last week

Monday, December 29 2008 @ 06:03 AM EST Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

It's easy to justify policy because “everyone else is doing it.” It's harder to find a logical reason.

Wash. legislator to introduce DNA testing bill

THE ASSOCIATED PRESS Last updated December 28, 2008 11:49 a.m. PT

TACOMA, Wash. -- Rep. Mark Miloscia, D-Federal Way, says he plans to introduce a bill in the 2009 Legislature that will put the state on the same page [By that logic, we could be on the same page as the Chinese, or George Orwell, or Attila the Hun. Bob] with the federal government on the subject of DNA testing.

... "We take their fingerprints, their pictures and their address when they are arrested," Miloscia said. "What's wrong with taking their DNA? We would throw their DNA away if they aren't convicted. It's not something you can abuse in any way." [So much illogic in such a short space. Bob]

Related? (We could take a page from India's book!) What will the subpoena look like? Technology will lead us to the Utopian state of “We don't need no lawyers”

December 28, 2008

New on Neurolaw and Criminal Justice

Neurolaw and Criminal Justice: Ken Strutin's article highlights selected recent publications, news sources and other online materials concerning the applications of cognitive research to criminal law as well as basic information on the science and technology involved.

Speaking of logic... (The comments point out some of the illogic...)

The Slippery Legal Slope of Cartoon Porn

Posted by timothy on Monday December 29, @07:55AM from the in-a-perfect-world-the-topic-would-not-arise dept. Censorship The Courts News

BenFenner writes

"Two out of the three Virginia judges involved with Dwight Whorley's case say cartoon images depicting sex acts with children are considered child pornography in the United States. Judge Paul V. Niemeyer noted the PROTECT Act of 2003, clearly states that 'it is not a required element of any offense under this section that the minor depicted actually exists.'"

Heaven forbid I would suggest that this is the tip of an electronic invasion...

Walmart Photo Keychain Comes Preloaded With Malware

Posted by timothy on Sunday December 28, @11:46PM from the caveat-maxima-emptor dept. Security Bug Toys Worms

Blowit writes

"With the Christmas holidays just past and opening up your electronic presents may get you all excited, but not for a selected lot of people who got the Mercury 1.5" Digital Photo Frame from Walmart (or other stores). My father-in-law attached the device to his computer and his Trend Micro Anti-virus screamed that a virus is on the device. I scanned the one I have and AVAST did not find any virus ... So I went to to see which vendors found what, and the results are here and here."

Update: 12/29 05:44 GMT by T : The joy is even more widespread; MojoKid points out that some larger digital photo frames have been delivered similarly infected this year, specifically Samsung's SPF-85H 8-inch digital photo frame, sold through Amazon among other vendors, which arrived with "W32.Sality.AE worm on the installation disc for Samsung Frame Manager XP Version 1.08, which is needed for using the SPF-85H as a USB monitor." Though Amazon was honest enough to issue an alert, that alert offers no reason to think that only Amazon's stock was affected.

A very risky trial. What if he proves what he says?

S.F. computer engineer to stand trial

Sunday, December 28 2008 @ 05:11 PM EST Contributed by: PrivacyNews

A judge has ordered a computer engineer to stand trial on tampering charges for allegedly taking over the cyberspace network he designed for the city of San Francisco and refusing to reveal the passwords to access the system.

After an eight-day preliminary hearing, Superior Court Judge Paul Alvarado ruled Wednesday that prosecutors had produced enough evidence of Terry Childs' probable guilt to hold him for trial on four felony charges of tampering with a computer network, denying other authorized users access to the network and causing more than $200,000 in losses.

Source - San Francisco Chronicle

[From the article:

Prosecutors said city officials have estimated that San Francisco spent at least $1.45 million in attempts to regain control of the network and assess its vulnerability to intrusions.

Childs' lawyers have denied any destructive intent and said he was trying to protect the network from incompetent officials whose meddling endangered the system he had built.

For my Computer Forensics class (and for the humor)

Entire Transcript of RIAA's Only Trial Now Online

Posted by timothy on Sunday December 28, @06:12PM from the give-us-this-day-our-daily-fix dept. The Courts

NewYorkCountryLawyer writes

"The entire transcript of the RIAA's 'perfect storm', its first and only trial, which resulted in a $222,000 verdict in a case involving 24 MP3's having a retail value of $23.76, is now available online. After over a year of trying, we have finally obtained the transcript of the Duluth, Minnesota, jury trial which took place October 2, 2007, to October 4, 2007, in Capitol Records v. Thomas. Its 643 pages represent a treasure trove for (a) lawyers representing defendants in other RIAA cases, (b) technologists anxious to see how a MediaSentry investigator and the RIAA's expert witness combined to convince the jurors that the RIAA had proved its case, and (c) anybody interested in finding out about such things as the early-morning October 4th argument in which the RIAA lawyer convinced the judge to make the mistake which forced him to eventually vacate the jury's verdict, and the testimony of SONY BMG's Jennifer Pariser in which she 'misspoke' according to the RIAA's Cary Sherman when she testified under oath that making a copy from one's CD to one's computer is 'stealing'. The transcript was a gift from the 'Joel Fights Back Against RIAA' team defending SONY BMG Music Entertainment v. Tenenbaum, in Boston, Massachusetts. I have the transcript in 3 segments: October 2nd (278 pages(PDF), October 3rd (263 pages)(PDF), and October 4th (100 pages)(PDF)."

It sure looks like they (the Democrats) will be throwing money around. Can we find a token Democrat and come up with a not-entirely-silly proposal to attract a few million?

How Can the Stimulus Plan Help the Internet?

Posted by Soulskill on Sunday December 28, @12:35PM from the daddy-needs-a-new-pair-of-e-shoes dept.

Wired is running an article raising the question of how a US economic stimulus plan could best help broadband adoption and the internet in general. We discussed President-elect Obama's statements about his plan, which would include investments in such areas, but Wired asks how we can avoid the equivalent of the New Deal's "ditches to nowhere" without more data about where the money would actually make a difference. Quoting:

"... the problem is that no one knows the best way to make the internet more resilient, accessible and secure, since there's no just no public data. The ISP and backbone internet providers don't tell anyone anything. For instance, the government doesn't know how many people actually have broadband or what they pay for it. ... In September, the FCC found that its data collection on internet broadband was incomplete and thus ruled that AT&T, Qwest and Verizon could stop filing some reports — because the requirements did not extend to cable companies, too."

Provides a lot of background if you read carefully (and include the comments)

Matt Blaze Examines Communications Privacy

Posted by Soulskill on Sunday December 28, @09:48AM from the still-a-lot-left-to-lose dept. Privacy Communications Government United States

altjira writes

"Matt Blaze analyzes the implications of a recent Newsweek story on the Bush administration's use of the NSA for domestic spying on communications, and questions whether the lower legal threshold for the collection of communications metadata is giving away too much to the government: 'As electronic communication pervades more of our daily lives, transaction records — metadata — can reveal quite a bit about us, indeed often much more than a few out-of-context conversations might. Aggregated into databases with other people's records (or perhaps everyone's records) and analyzed by powerful software, metadata by itself can paint a remarkably detailed picture of connections, relationships, and other patterns that could never be recovered simply from listening to the conversations themselves.'"

Research made easy? I think it just points out (almost) all the places you should have looked but didn't.

December 28, 2008

New on Deep Web Research 2009

Deep Web Research 2009: Marcus P. Zillman's guide includes links to: articles, papers, forums, audios and videos, cross database articles, search services and search tools, peer to peer, file sharing, grid/matrix search engines, presentations, resources on deep web research, semantic web research, and bot research resources and sites.

Inevitable. But what should it look like?

High hopes at Yahoo, Intel for Internet-enabled TV

Posted by Stephen Shankland December 29, 2008 4:00 AM PST

Now here's a tool I can use. Lots of podcasts are too soft for easy listening. Plus: Another way teenagers can ruin their hearing! (Perhaps some forensic uses too?) - Making Everything Sound Better

Vloud is a new online tool that has a very specific appeal, yet it will no doubt be a welcome addition to the bookmark collection of many of us.

Broadly speaking, what this web-hosted tool does is to let you upload a MP3 file and have it automatically processed in order to bring up its volume. The uploaded files can amount to as much as 10 MB, and WAV files are supported alongside MP3s.

Sunday, December 28, 2008

This happens if Security isn't a fundamental part of your system.

Zambia’s leading ISP hacked

Saturday, December 27 2008 @ 08:28 AM EST Contributed by: PrivacyNews

Zambia’s leading Internet Service Provider, has been Hacked. The site was hacked Saturday afternoon and at the time of writing the site had not been fixed. The Hackers who are calling themselves 3RqU (Turkish) have changed ZAMNETs landing page. 3RqU Turkish are a known notorious group of hackers.

The hackers have gained unauthorised access to ZAMNET servers. According to the new landing page that has been put on ZAMNET, the hackers claim to have root access..... Most of the websites hosted by ZAMNET have been affected by this security breach and these include sites like Times of Zambia, Daily mail, ZNBC.

Source - Luska Times

[From the article:

According to some experts the old Apache server ZAMNET uses might not necessarily be the cause of the breach but it points to the lax in ZAMNETs policy on applying security updates to the software on their servers.

Oh the horror of riding your own petard!

RIAA Case May Be Televised On Internet

Posted by Soulskill on Saturday December 27, @01:30PM from the court-documents-likening-the-riaa-to-vampires dept. The Courts Media Music

NewYorkCountryLawyer writes

"In SONY BMG Music Entertainment v. Tenenbaum, the Boston case in which the defendant is represented by Prof. Charles Nesson and his CyberLaw class at Harvard Law School, the defendant has requested that audio-visual coverage of the court proceedings be made available to the public via the internet. Taking the RIAA at its word — that the reason for its litigation program is to 'educate the public' — the defendant's motion (PDF) queries why the RIAA would oppose public access: 'Net access to this litigation will allow an interested and growingly sophisticated public to understand the RIAA's education campaign. Surely education is the purpose of the Digital Deterrence Act of 1999, the constitutionality of which we are challenging. How can RIAA object? Y et they do, fear of sunlight shone upon them.'"

Probably a useful guide for kids. I noticed that they often choose TV movies based on the ratings. Anything not rated “R” was probably boring.

UK Culture Secretary Wants Website Ratings, Censorship

Posted by Soulskill on Saturday December 27, @09:37AM from the since-the-aussies-seem-so-excited-about-it dept. Censorship Government

kaufmanmoore writes

"UK culture secretary Andy Burnham calls for a website rating system similar to the one used for movies in an interview with the Daily Telegraph. He also calls for censorship of the internet, saying, 'There is content that should just not be available to be viewed.' Other proposals he mentions in his wide-ranging calls for internet regulation are 'family-friendly' services from ISPs, and requiring takedown notices to be enforced within a specific time for sites that host content. Mr. Burnham wants to extend his proposals across the pond and seeks meetings with the Obama administration."

Seems there are several “economics of the Internet” articles today. Can you charge “by the drink” when others provide the same things for free?

Microsoft Invents $1.15/Hour Homework Fee For Kids

Posted by timothy on Saturday December 27, @04:04PM from the defining-the-edge-of-invention dept. Patents Microsoft The Almighty Buck Windows

theodp writes

"Microsoft's vision of your computing future is on display in its just-published patent application for the Metered Pay-As-You-Go Computing Experience. The plan, as Microsoft explains it, involves charging students $1.15 an hour to do their homework, making an Office bundle available for $1/hour, and billing gamers $1.25 for each hour of fun. In addition to your PC, Microsoft also discloses plans to bring the chargeback scheme to your cellphone and automobile — GPS, satellite radio, backseat video entertainment system. 'Both users and suppliers benefit from this new business model,' concludes Microsoft, while conceding that 'the supplier can develop a revenue stream business that may actually have higher value than the one-time purchase model currently practiced.' But don't worry kids, that's only if you do more than 52 hours of homework a year!"

Keep in mind that much of this is protected by monopoly/regulation. When the natural gas and pipeline industries were deregulated, they found they had no control over their costs – fortunately they were monopolies...

What Carriers Don't Want You To Know About Texting

Posted by timothy on Sunday December 28, @08:21AM from the what-the-market-will-bear dept. Cellphones Communications

An anonymous reader writes

"Randall Stross has just published a sobering article in The New York Times about how the four major US wireless carriers don't want anyone to know the actual cost structure of text message services to avoid public outrage over the doubling of a-la-carte per-message fees over the last three years. The truth is that text messages are 'stowaways' inside the control channel — bandwidth that is there whether it is used for texting or not — and 160 bytes per message is a tiny amount of data to store-and-forward over tower-to-tower landlines. In essence it costs carriers practically nothing to transmit even trillions of text messages. When text usage goes up, the carriers don't even have to install new infrastructure as long as it is proportional to voice usage. This makes me dream of the day when there is real competition in the wireless industry, not this gang-of-four oligopoly."

[From the article:

The carriers will have other opportunities to tell us more about their pricing decisions: 20 class-action lawsuits have been filed around the country against AT&T and the other carriers, alleging price-fixing for text messaging services.

... T-Mobile called Mr. Kohl’s attention to the fact that its “average revenue per text message, which takes into account the revenue for all text messages, has declined by more than 50 percent since 2005.”

This statement seems like good news for customers. But consider what is left out: In the past three years, the volume of text messaging in the United States has grown tenfold, according to CTIA — the Wireless Association, a trade group based in Washington.

Are some businesses recession proof? Or are some just doomed?

The Internet ate my business

Posted by Matt Asay December 27, 2008 7:07 AM PST has produced yet another record holiday season. But it's Paul Kedrosky who discerns the significance:

The right way to think about these figures is in Schumpeterian terms: With retail sales down across the board, whose businesses are being destroyed here, and what is the future of physical retail? Amazon is merely goosing this process along, of course, and may not even end up being a survivor.

Every now and then, I see a business model that I think has no basis in reality. This is one of those. But I've been spectacularly wrong before... - The Alternative Postal Service

This new solution is described by the team behind it as “The alternative postal service.” This is a quite accurate way of putting the concept across once you learn about the basic premise: what used to be sent as paper mail can be sent without the paper. That is, the company has come up with a paperless postal service that takes into account every street address in the United States.

This is achieved by having a private and secure web page for each and every postal service address. In order to access it, all you have to do is type the street address on the home page, and your mails will be displayed as envelopes for you to click about.

On the other hand, mailing somebody through Zumbox is also a supple task. All you have to do is upload a Word document or a PDF and specify the street address of the recipient. The mail will then be sent electronically. [Why would anyone sign onto this service? Bob]

From the previous paragraph, you can see where the main difference with e-mail lies. To send someone an e-mail, you must know his e-mail address. When it comes to Zumbox, a street address will suffice. If we bear in mind that businesses always have the street addresses of their customers, but not necessarily their e-mail addresses, the uses of this new solution become evident.

Saturday, December 27, 2008

Sex is illegal on Cape Cod? Only the unnatural kind practiced in the nature preserve.

MA: Yarmouth destroys intimate surveillance photos

Friday, December 26 2008 @ 02:09 PM EST Contributed by: PrivacyNews

Hundreds of pictures of people — mostly men — walking, meeting and in some instances engaging in intimate contact along nature trails in the Dennis Pond Conservation were destroyed by town officials earlier this month.

That might lead some people who frequented the area for sex to breathe a sigh of relief.

Those pictures were public information and therefore accessible to anyone who wanted to peruse them, according to some privacy experts.

Source - Cape Cod Times

[From the article:

The cameras were placed in trees last year by the town's Division of Natural Resources as part of an investigation by that office and the police into complaints about people engaging in sex in the conservation area, within view of the walking trails, said Karl vonHone, director of the Yarmouth Division of Natural Resources.

No signs were posted warning people of the surveillance.

I'm seeing more articles like this one. Isn't that a good sign?

Ask for Too Much Information, Watch Customers Flee

By Fran Maier E-Commerce Times 12/27/08 4:00 AM PT

... According to a recent survey from JupiterResearch, sharing personal information is the No. 1 reason consumers do not complete their online purchases. Consumers are increasingly protective of their privacy, and subsequently, they are concerned about how companies handle their personal information.

For my antitrust lawyer friends...

Comcast Facing Lawsuit Over Set-Top Box Rentals

Posted by Soulskill on Saturday December 27, @08:19AM from the fighting-the-good-fight dept.

Multichannel News reports that a woman from California has initiated a potential class-action lawsuit against Comcast for making customers rent a set-top box without giving them the option to buy it outright. Quoting:

"The action, on behalf of Comcast Corp. customer Cheryl Corralejo, alleges that the set-top rental practice represents an 'unlawful tying arrangement resulting in an impermissible restraint of trade.' In addition to violating the Sherman Anti-Trust Act, the suit alleges the practice violates business and professions codes. ... [It also notes] that premium video and the set-top descramblers are two distinct products, yet the cable providers require that the hardware be rented from cable companies, rather than permitting consumers to purchase the set-top hardware in the open market.

It's useful to see how the truly repressive regimes do it...

Vietnam Imposes New Blogging Restrictions

Posted by ScuttleMonkey on Friday December 26, @04:12PM from the people-never-learn dept.

GMAW is one of many to mention that the Vietnam government has approved a new set of regulations aimed at bloggers. The new restrictions ban bloggers from discussing certain subjects that the government deems sensitive or inappropriate. Not only are the topics limited, but bloggers are being directed to only write about issues that directly impact their personal lives.

"The rules, which were approved Dec. 18, attempt to rein in Vietnam's booming blogosphere. It has become an alternative source of news for many in the communist country, where the media is state-controlled. The new rules require Internet companies that provide blogging platforms to report to the government every six months and provide information about bloggers on request." you can recognize it wherever it appears.

Uproar in Australia over plan to block websites

Friday, December 26 2008 @ 11:14 AM EST Contributed by: PrivacyNews

A proposed Internet filter dubbed the "Great Aussie Firewall" is promising to make Australia one of the strictest Internet regulators among democratic countries.

Consumers, civil-rights activists, engineers, Internet providers and politicians from opposition parties are among the critics of a mandatory Internet filter that would block at least 1,300 websites prohibited by the government — mostly child pornography, excessive violence, instructions in crime or drug use and advocacy of terrorism.

Source - USA Today

Friday, December 26, 2008

Merry Christmas, y'all! No indication anything else was taken. Sounds like this information was the target.

Identities of 16,000 Pulte Homes customers compromised

Thursday, December 25 2008 @ 10:34 AM EST Contributed by: PrivacyNews

Computer tapes holding private customer information including names, addresses, driver's license numbers and financial account numbers were stolen from a Pulte Homes office in Las Vegas last month, and the developer is cautioning home buyers to take precautions to protect their identity.

In a letter dated Dec. 19, Pulte Homes Las Vegas Division told 16,000 customers of the Nov. 13 theft of a box containing computer backup tapes.

"At this time, it is not known whether the box was stolen with the knowledge of its contents, or the intent, know-how and ability to extract and exploit the information stored in these backup tapes," the letter said.

... Information on both home buyers and employees was on the tapes, she said.

Source - Las Vegas Sun

[From the article:

It took a month for Pulte's information systems team to identify the customers who were potentially affected, she said. [Time to identify victims is inversely proportional to security and control of data. Bob]

An auction could help establish a price...

ME: Your records for sale to the highest bidder

Friday, December 26 2008 @ 06:10 AM EST Contributed by: PrivacyNews

Earlier this month, the Mini Self Storage company in Scarborough was prepared to auction off the contents of a unit rented to a mortgage brokerage that hadn't paid its bill: 60 boxes of financial records, including loan applications with personal financial information such as Social Security and bank account numbers.

The situation represents one of at least three recent cases in Maine when self-storage facilities ended up with private financial documents amid property they intended to sell.

... Maine does have a data-breach notification law that requires creditors, banks and others who discover an electronic data incursion to report it to regulators and affected consumers. However, the statute does not apply to storage facility operators.

A records-retention law requires financial documents to be held by the originator for two years after the financial transaction is completed, but it does not address the possibility of those records being sold off by storage facilities to cover unpaid storage bills.

Source - Portland Press Herald

[From the article:

In the Scarborough case, the Maine Bureau of Consumer Credit Protection obtained a court order to confiscate the records of the shuttered mortgage company, which was legally obligated to maintain the documents.

... In two other recent cases, including one in Westbrook, the owners of self-storage facilities asked the state what they should do with such records.

"Current law places no burden whatsoever on the facility operator to inventory what is in the unit, identify records that might be confidential and notify regulators," said Will Lund, superintendent of Maine's Consumer Credit Protection Bureau.

This is the opposite of the decision I reported a few days ago. Sound logic (isn't it?)

S.D. Fla.: Search incident of cellphone not justified

Friday, December 26 2008 @ 05:45 AM EST Contributed by: PrivacyNews

A search incident of a cellphone is not justified. United States v. Wall, 2008 U.S. Dist. LEXIS 103058 (S.D. Fla. December 22, 2008)

The Court declines to adopt the reasoning of Finley and extend law to provide an exception to the warrant requirement for searches of cell phones. The search of the cell phone cannot be justified as a search incident to lawful arrest. First, Agent Mitchell accessed the text messages when Wall was being booked at the stationhouse. Thus, it was not contemporaneous with the arrest. Kucynda, 321 F.3d at 1082. Also, the justification for this exception to the warrant requirement is the need for officer safety and to preserve evidence. Agnello v. United States, 269 U.S. 20, 30 (1925) (recognizing the long-held right of law enforcement "to find and seize things connected with the crime ... as well as weapons and other things to effect an escape from custody"). The content of a text message on a cell phone presents no danger of physical harm to the arresting officers or others. Further, searching through information stored on a cell phone is analogous to a search of a sealed letter, which requires a warrant. See United States v. Jacobsen, 466 U.S. 109, 114 (1984).

Source -

No need to make a fuss when there was a clear winner in November, but it will be interesting to count the “at risk”/disputed/over- or under-counted votes claimed in these lawsuits and relate it to populations or the margin of victory.

Legal Troubles Continue To Mount For Diebold

Posted by Soulskill on Thursday December 25, @09:20AM from the voted-off-the-island-with-no-recount dept. The Courts Politics

dstates writes

"The State of Maryland has filed a $8.5M claim against Premier Election Systems (previously known as Diebold), joining Ohio in seeking damages from the company. The claim alleges that election officials were forced to spend millions of dollars to address multiple security flaws in the machines. Previously, Diebold paid millions to settle a California lawsuit over security issues in their machines. The dispute comes as Maryland and Virginia prepare to scrap the touch screen electronic voting systems they bought after the 2000 presidential election. California, Florida, New Mexico, and Iowa have already switched to optical scanners, and voters in Pennsylvania are suing to prevent the use of paperless electronic voting systems in their state. Meanwhile, Artifex Software is suing Diebold for violations of the GPL covering the Ghostscript software technology used in the proprietary voting machines."

What ever you do, don't anger the Canadians. We'll be moving there to escape Global Warming!

DHS To Grab Biometric Data From Green Card Holders

Posted by Soulskill on Thursday December 25, @12:12PM from the imports-with-documentation dept. United States Privacy Politics

An anonymous reader writes with this excerpt from Nextgov:

"The Homeland Security Department has announced plans to expand its biometric data collection program to include foreign permanent residents and refugees. Almost all noncitizens will be required to provide digital fingerprints and a photograph upon entry into the United States as of Jan. 18. A notice (PDF) in Friday's Federal Register said expansion of the US Visitor and Immigrant Status Indicator Technology Program (US VISIT) will include 'nearly all aliens,' except Canadian citizens on brief visits. Those categories include permanent residents with green cards, individuals seeking to enter on immigrant visas, and potential refugees. The US VISIT program was developed after the Sept.11, 2001 terrorist attacks to collect fingerprints from foreign visitors and run them against the FBI's terrorist watch list and other criminal databases. Another phase of the project, to develop an exit system to track foreign nationals leaving the country, has run into repeated setbacks." [See, it was designed like a roach motel! Terrorists can check in, but they can't check out. Bob]

Reader MirrororriM points out other DHS news that they're thinking about monitoring blogs for information on terrorists.

The Digital Age – a time when entire industries are born and die within the span of a single human lifetime.

Last Major Supplier Calls It Quits For VHS

Posted by timothy on Thursday December 25, @04:40PM from the one-death-after-another dept. Media Data Storage Television IT

thefickler writes

"The last major supplier of VHS videotapes is ditching the format in favor of DVD, effectively killing the format for good. This uncharitable commentator has this to say: 'Will VHS be missed? Not ... with videos being brittle, clunky, and rather user-unfriendly. But they ushered in a new era that was important to get to where we are today. And for that reason, the death of VHS is rather sad. Almost as sad as the people still using it.'"

At least my dad's got the blank-tape market cornered.

Late Christmas gifts: Here's a guaranteed sleep aid!

December 25, 2008

Archive Publishes Treasure Trove of Kissinger Telephone Conversations

Comprehensive Collection of Kissinger "Telcons" Provides Inside View of Government Decision-Making; Reveals Candid talks with Presidents, Foreign Leaders, Journalists, and Power-brokers during Nixon-Ford Years, National Security Archive Electronic Briefing Book No. 263 - Part 1, Edited by William Burr

  • "...the National Security Archive announces the publication of a comprehensively unique, thoroughly-indexed set of the telephone conversation (telcon) transcripts of Henry A. Kissinger, one of the most famous and controversial U.S. diplomats of the second half of the 20th century. Consisting of 15,502 documents and over 30,000 pages, this on-line collection, published by the Digital National Security Archive (ProQuest), is the result of a protracted effort by the National Security Archive to secure this critically important record of U.S. diplomacy during the administrations of Richard M. Nixon and Gerald R. Ford, when Kissinger served as National Security Adviser and Secretary of State. Collectively, the documents include the telcons released at the Nixon Presidential Library as well as those declassified by the State Department as a result of the Archive’s Freedom of Information Act request. The set sheds light on every aspect of Nixon-Ford diplomacy, including U.S.-Soviet d├ętente, the wars in Southeast Asia, the 1971 South Asia crisis, and the October 1973 Middle East War, among many other developments. Kissinger’s many interlocutors include political and policy figures, such as Presidents Nixon and Ford, Secretary of State William Rogers, Governor Nelson Rockefeller, former Secretary of Defense Robert S. McNamara, and Soviet Ambassador Anatoli Dobrynin; journalists and publishers, such as Ted Koppel, James Reston, and Katherine Graham; and such show business friends as Frank Sinatra."

It's never too late to make a Nerd's day! (We're so easily amused.)

DIY USB Servo-Guided Water Gun

Posted by timothy on Friday December 26, @04:50AM from the seasonally-inappropriate dept. Toys Hardware Hacking

An anonymous reader writes

"What better way is there to learn something than by making your own DIY gadget? Here's a new video showing how to use a common hobby servo, in conjunction with a small water pump, to create a USB controlled water gun! You can use your keyboard to aim and fire at an unsuspecting passerby. Both fun and educational, this project looks like a great DIY weekend project for any IT guy, wanting to make sure people think twice before asking a stupid question!"

Thursday, December 25, 2008

Not much news today, you'd think people were taking the day off!

The times, they are a changing... The wife got her copy of the United States Equestrian Federation rule book the other day – on a 2 gig. thumb drive. Micro Center sell them for $5.99 retail so I would expect they are even cheaper wholesale. Makes you wonder why anyone would choose to print and mail a large book.

'cause California does not have enough lawyers.;_ylt=At1kRScv4YxvTVZJhhh8Co2s0NUE

SoCal law school tempts students with free tuition

By LINDA DEUTSCH, AP Special Correspondent – Wed Dec 24, 1:30 pm ET

IRVINE, Calif. – A new law school opening next fall in Southern California is offering a big incentive to top students who might be thinking twice about the cost of a legal education during the recession: free tuition for three years.

The financial carrot is part of an ambitious strategy by Erwin Chemerinsky, a renowned constitutional law scholar and dean of the new school at the University of California, Irvine, to attract Ivy League-caliber students to the first new law school in the state in 40 years.

Fun reading for the holidays?

NSA's History of Communications Security — For Your Eyes, Too

Posted by timothy on Wednesday December 24, @01:54PM from the as-long-as-it-passes-through-ft-meade dept. Security Communications Privacy United States Technology

Phil Sp. writes

"Government Attic, those fine investigative pack rats, have outdone themselves this time. Just posted: a declassified NSA document entitled A History of Communications Security, Volumes I and II: The David G. Boak Lectures [PDF] from 1973 and 1981. This is an absolutely fascinating look into how the NSA viewed (views?) communications security and touches on all sorts of topics, including public key crypto, economics, DES, tamper-resistance, etc. It was seemingly from a collection of lectures to new employees. The first 85 pages are heavily redacted but the remaining 80 or so are largely intact. It even concludes with a cryptogram puzzle for the reader!"

Interesting. Does this suggest people believe that online shopping is cheaper or is the recession over?

Online spending doubles for weekend before Christmas

Posted by Michelle Meyers December 24, 2008 12:30 PM PST

Here's a little statistical cheer for online retailers bracing themselves for what many have been predicting will be a dismal holiday sales season.

The latest online retail spending report released by ComScore Tuesday shows that consumers last weekend spent almost double what they spent on the corresponding weekend before Christmas last year.

Interesting. Eventually you will abandon Windows, why not start learning a replacement operating system? - Living With Multiple Operating Systems

Ossism is a new blog that adheres to a simple premise: enabling people to learn how to live with multiple operating systems. As the blogger himself (Mr. Justin Wong) points out, this weblog is directed at people who are a bit at sea when it comes to any unfamiliar OS, or to put it in other words, anything but Windows.

As a result, the list of categories that you can consult touches upon items such as “Linux”, “Windows” and “OSX”. Moreover, a thorough collection of “How-to” articles and guides are included for you to learn the ropes easily.

... Lastly, a section entitled “Resources” gathers together links of interest. These direct to the OSx86 project page and the Tombuntu website, as well as the Ubuntu Administrator portal. That is, sites that will appeal to any person who finds the premise of the blog compelling. If that description fits you, chances are a visit to the Ossism blog will provide some food for thought.

Wednesday, December 24, 2008

Big. Let's hope we see some details on this one, before issuers of similar debit cards have to start shutting down their systems.

RBS WorldPay Announces Compromise of Data Security and Outlines Steps to Mitigate Risk

Tuesday, December 23 2008 @ 02:57 PM EST Contributed by: PrivacyNews

RBS WorldPay (formerly RBS Lynk), the U.S. payment processing arm of The Royal Bank of Scotland Group, today announced that its computer system had been improperly accessed by an unauthorized party.

.... The issue, which affected pre-paid cardholders and other individuals, was identified on November 10 and law enforcement agencies and federal regulators were notified by RBS WorldPay shortly thereafter. RBS WorldPay's internal security professionals and outside experts are working with federal and state law enforcement authorities in an investigation of this event.

The affected pre-paid cards include payroll cards and open-loop gift cards. Personal information associated with certain payroll cards may have been improperly accessed. PINs for all PIN-enabled cards have been or are being reset. Affected individuals are being notified and information has been posted on the RBS WorldPay Web site,

The fraud that has been identified to-date is associated with RBS WorldPay's computer system supporting its U.S. pre-paid and open-loop gift card issuing business. Actual fraud has been committed on approximately 100 cards. Cardholders will not be responsible for unauthorized activity associated with this event. Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed. RBS WorldPay is offering impacted individuals whose Social Security numbers may have been affected a complimentary one-year membership in a national subscription credit monitoring service that provides access to individuals' consumer credit reports and daily monitoring of their credit files from all three national consumer reporting agencies. [...]

Source - PR Newswire Release on

[From the article:

Those gift cards that had not been purchased have been deactivated and are being removed for destruction from stores as an additional precaution.

Logic isn't always applied.

Expectations of privacy in cell phones

Tuesday, December 23 2008 @ 07:30 PM EST Contributed by: PrivacyNews

Today's Whiskey-Tango-Foxtrot award goes to the Southern District Court of Kansas for an opinion issued last spring and unearthed today by GW law prof and blogger Orin Kerr. In United States v. Fierros-Alvarez, the Court somehow reached the mindboggling conclusion that citizens lack a "reasonable expectation of privacy" on address book and call records information stored in their cellular phones, and did so, apparently, by bizarrely applying the (execrable and outdated, but that's another rant) Supreme Court's 1979 ruling in Smith v. Maryland, which was fundamentally about information conveyed to third parties like the phone company:

Source - Law & Disorder blog

[From the article:

The defendant, however, has not shown that the phone book directory in his cellular telephone discloses more than the “addressing information”-the telephone number and the subscriber's name-on the same numbers appearing in the recent calls directory.

The FTC did something useful? (Is the a law school class on clear, humorous writing?)

Privacy Policies: The Good, the Bad and the Witty

Tuesday, December 23 2008 @ 10:02 AM EST Contributed by: PrivacyNews

Privacy statements are all over the Web, it seems, and they're pretty much universally ignored. That's because the legal tracts that most companies display are the epitome of user-unfriendliness. few mavericks are trying a different approach, though, with statements that are clear, concise -- and sometimes even entertaining.

Source - E-Commerce News

[From the article:

Privacy statements that invoke the FTC's ire include "notices that don't provide sufficient information about collection and disclosure practices, or security practices, or notices that are in legalese," she said.

Well, I find them interesting...

Fresh Perspectives on e-Discovery from Young Minds in the “Academy”

... My son, Adam Colby Losey (shown left), recently published, Clicking Away Confidentiality: Workplace Waiver of Attorney-Client Privilege, as one of three student articles published in the current issue of Florida Law Review, Volume 60, Number 5, December 2008. Other articles in this same volume include: Student Speech Rights in the Digital Age by Mary-Rose Papandrea, a young Assistant Professor at Boston College Law School; and, Possession of Child Pornography: Should You Be Convicted When the Computer Cache Does the Saving for You? By Giannina Marin, a law review student at the University of Florida School of Law.

One to watch?

New York Times sued over's linking practice

Posted by Elinor Mills December 23, 2008 11:42 AM PST

... In its lawsuit filed in U.S. District Court in Massachusetts on Monday, Fairport, N.Y.-based GateHouse Media, which publishes more than 100 papers in Massachusetts, accuses the Times of violating copyright by allowing its Boston Globe online unit to copy verbatim the headlines and first sentences from articles published on sites owned by GateHouse, including the Newton Tab.

The links, as seen on's Newton site for instance, lead to the original articles on the GateHouse-owned sites, which display advertising. However the lawsuit claims GateHouse is losing advertising revenue as a result of the linking because readers don't see the ads on the GateHouse site's home page.

The linking also confuses readers, leading them to believe that GateHouse endorses the linking practice, according to the lawsuit.


December 23, 2008

Internet Overtakes Newspapers As News Source

Pew Research Center for the People & the Press: "The internet, which emerged this year as a leading source for campaign news, has now surpassed all other media except television as a main source for national and international news. Currently, 40% say they get most of their news about national and international issues from the internet, up from just 24% in September 2007. For the first time in a Pew survey, more people say they rely mostly on the internet for news than cite newspapers (35%). Television continues to be cited most frequently as a main source for national and international news, at 70%."

Is this likely to become an Obama Policy? I doubt it.

How To Create More Jobs

Posted by kdawson on Tuesday December 23, @06:24PM from the getting-out-of-the-way dept.

TechDirt is spotlighting a call by Michael S. Malone, a columnist for, for letting Silicon Valley create jobs once more. Malone argues that Sarbanes-Oxley and other attempts at accounting reform have done little to prevent fraud, but in fact have managed to kill off an entrepreneurship-venture capital-IPO cycle, centered in Silicon Valley, that has taken 30 years to nourish. Here's TechDirt:

"'s time to roll back SarbOx and other accounting rules that have acted more for theatrical purposes rather than any legitimate reason. Basically, all they've done is create new reporting requirements that do little to nothing to either prevent fraud or clarify a company's actual financial position (its intended purpose). I'm all for radical transparency in financial info, but that's not what has been done. Instead, we've made it burdensome to actually grow a company — and that doesn't help create jobs. It helps kill them."

Two major factors: You can buy a modest laptop for the price you paid for your last desktop and they are more capable – battery life, storage and processor speeds are “adequate” for most users. Minor factor: They're cooler! Long term: we're heading toward hand-held computing – cellphones with all the capabilities of laptops.

Laptop shipments top desktops for first time; Netbooks a factor

Posted by Brooke Crothers December 23, 2008 10:25 AM PST

For my website students and those who use the feeds... - Doing More With Feeds

BlastCasta is a new service that aims to let anybody maximize the uses that news feeds can be put to. For instance, you can turn any feed into a feed landing page or create a widget to add the content of that specific feed to your website. Moreover, feeds can be processed in a plethora of ways, as they can be combined and filtered, and even translated into different languages.

The implementation of this system is as easy as it gets, too – all you have to do is provide a feed URL, and choose the intended action from a “What do you want me to do with this feed?” drop down menu. Some options that were not mentioned above and which merit at least a mention include a “Get feed in JSON form” and “Create a news ticker”.

The site also includes a blog that is a compelling read for those who find the premise of the site appealing, as it deals with pivotal SEO considerations as well as the importance of a feed’s structure itself.

We saw this coming, now you can get road rage instead of cellphone distraction. (Make a fun hack to drive Mom & Dad crazy too) - No More Texting While Driving

In the words of the team behind this project, “Textecution kills texting functions while driving so your child, loved one, or employee lives.” This is quite an apt definition of the provided solution, and it must be said that it is an interesting development that can play out a very important role towards road safety.

The implementation of such a solution is quite unobtrusive, as it sits quietly on the background upon installing it and only pops up when you want to use your mobile device, letting you know if you are driving to fast to send or receive text messages. Only when the phone is at rest or your travelling speed is lower than 10mph will the texting ability be regained.

This application can be procured at the site for a price that is described online. For the time being, Textexecution is only available on the HTC G1 by T-mobile. It is stated that more phones will become supported as the Android platform expands its market. In the meantime, you can get started if you own the aforementioned device.

Related Another fun hack/stocking stuffer? Proof there's a niche for everything? (Proof most hackers enjoy juvenile humor.)

iPhone fart app pulls in nearly $10,000 a day

MG Siegler | December 23rd, 2008

Apple’s App Store is currently experiencing a plague of fart applications. Last week, I detailed one day in which at least 14 new fart apps were accepted into the store. And now, just in a quick search, it looks like there are about 50 apps all dedicated to making fart noises on your iPhone or iPod touch. Classy, I know, but why are there so many?

Because apparently there’s big money in fart apps — nearly $10,000 a day for the most popular ones.

Here's a “drive your co-workers crazy” application. Merry Christmas

For true music or movie aficionados.. (And so I can get on the wait-list at the library earlier than number 685!) - Release Dates At Your Fingertips

A very specific service, What’s Out will enable anybody to quickly inform himself about the latest music, movies and games releases that hit the high street. The word that truly defines this service is “concise”: the main page is subdivided into three main categories, and in every case a series of accompanying links is provided.

... The same applies to the released movies, only that in this case you are provided links to Amazon. In addition to that, a link to the Internet Movie Database is provided for additional reference purposes.