Saturday, September 05, 2009

Why sneakily try hacking into someone's computer when you can sell them the software you wanted to install!

Web-monitoring software gathers data on kid chats

September 5, 2009 by Dissent Filed under Businesses, Internet, Surveillance, Youth

Deborah Yao of Associated Press reports that:

Parents who install a leading brand of software to monitor their kids’ online activities may be unwittingly allowing the company to read their children’s chat messages - and sell the marketing data gathered.

Software sold under the Sentry and FamilySafe brands can read private chats conducted through Yahoo, MSN, AOL and other services, and send back data on what kids are saying about such things as movies, music or video games. The information is then offered to businesses seeking ways to tailor their marketing messages to kids.

Read more on Dallas News.

There is something appealing about this. Kinda like John Wayne asking you to join the posse. Downside might be in convincing the courts that all the evidence is real...

Symantec Wants To Use Victims To Hunt Computer Criminals

Posted by ScuttleMonkey on Friday September 04, @03:48PM from the cyber-vigilante-network dept.

Hugh Pickens writes

"Business Week reports that security experts plan to recruit victims and other computer users to help them go on the offensive and hunt down hackers. '"It's time to stop building burglar alarms to keep people out and go after the bad guys," says Rowan Trollope, senior vice-president for consumer products at Symantec, the largest maker of antivirus software. Symantec will ask customers to opt in to a program that will collect data about attempted computer intrusions and then forward the information to authorities. Symantec will also begin posting the FBI's top 10 hackers and their schemes on its Web site, where customers go for software updates and next year the company will begin offering cash bounties for information leading to an arrest. The strategy has its risks as hackers who find novices on their trail may trash their computers or steal their identities as punishment. Citizen hunters could also become cybervigilantes and harm bystanders as they pursue criminals but Symantec is betting customers won't mind being disrupted if they can help snare the bad guys. "I'm convinced we can clean up the Internet in 10 years if we can peel away the dirt and show people the threats they're facing," says Trollope.'"

Interesting twist. Imagine a search engine that used an avatar based on pictures of Mom. Would you be comfortable searching for porn?

People Can Be So Fake: A New Dimension To Privacy And Technology Scholarship

September 4, 2009 by Dissent Filed under Other

Ryan Calo at the Stanford Law School Center for Internet and Society has a thought-provoking article, “People Can Be So Fake: A New Dimension To Privacy And Technology Scholarship.” Here’s the abstract:

This article updates the traditional discussion of privacy and technology, focused since the days of Warren and Brandeis on the capacity of technology to manipulate information. It includes a novel dimension around the impact to privacy of anthropomorphic or social design.

Technologies designed to emulate people—through voice, animation, and natural language—are increasingly commonplace, showing up in our cars, computers, phones, and homes. A rich literature in communications and psychology suggests that we are hardwired to react to such technology as though a person were actually present. Social interfaces accordingly capture our attention and improve interactivity, and can free up our hands for other tasks.

At the same time, technologies that emulate people have the potential to implicate long-standing privacy values. One of the well-documented effects of interfaces and devices that emulate people is the sensation of being observed and evaluated. Their presence can alter our attitude, behavior, and physiological state. Widespread adoption of such technology may accordingly lessen opportunities for solitude and chill curiosity and self-development. These effects are all the more dangerous in that they cannot be addressed through traditional privacy protections such as encryption or anonymization.

The unique properties of social technology also present an opportunity to improve privacy, particularly online. Careful use of anthropomorphic design might one day replace today’s ineffective privacy policies with a direct, visceral notice that lines up our experience with actual information practice.

The full-text article is available as a free download from SSRN here.

It is much cheaper to qualify for “Broadband” funds if “Broadband” is defined as “Not-So-Broadband” – perhaps even “What-You-Already-Have-band” It also allows them to charge you the “Broadband” rate.

MG Explains Why ISPs Want To Lower The Definition Of Broadband

by Erick Schonfeld on September 4, 2009

What’s the deal with Comcast, Verizon, and other ISPs petitioning the FCC to lower the definition of broadband? It’s all about money—broadband stimulus money—MG Siegler explains on G4’s Attack of the Show.

As the Obama administration looks to expand broadband access to rural and urban areas that are still under-served, the ISPs want to lower what constitutes broadband so that they can get some of the billions of dollars in stimulus money without shelling out as much to actually deliver the broadband access the stimulus package is designed to create.

Those phone and cable companies are tricky. Watch the video above.

Old story, new technology?

Cop cops plea for e-mailing nude pics to woman he arrested

A small-town Kansas cop e-mailed naked pictures of himself to a woman he pulled over for drunk driving, offering a sexual relationship in exchange for helping her avoid the charges. A local problem became a federal case after investigators found that his e-mail servers were located in other states.

By Nate Anderson Last updated September 3, 2009 12:05 PM CT

(Related) On the other hand... Lending someone a phone is no longer simply lending someone a phone.

Judge dismisses suits over nude photos

September 5, 2009 by Dissent Filed under Court, U.S.

Yet another court case involving nude photos on a cell phone.

A federal judge has dismissed a lawsuit by a woman claiming Culpeper police officers distributed nude photos of her found on a cell phone seized when her boyfriend was arrested.

U.S. District Judge Norman K. Moon of Charlottesville ruled Thursday that Jessica Casella did not have a “reasonable expectation of privacy” because she lent the phone to her boyfriend more than two months before it was seized and offered no evidence that she took measures to ensure the photos were protected.

“She therefore lacked possession, control, and dominion over the phone, as well as the power to exclude others from accessing the information and pictures stored on the phone,” the judge wrote.

Casella and her boyfriend, former Culpeper schoolteacher Nathan Newhard, filed suit in U.S. District Court in Charlottesville in March against former Sgt. Matt Borders, police Chief Scott Barlow, “unnamed town of Culpeper police officers” and the town of Culpeper Police Department after Newhard was arrested on DUI charges.


Is the ethics policy flawed? Why else would you need “exemptions” for such trivial reasons? (Gee Bob, perhaps the reasons aren't all that trivial? Perhaps the exemptions should never have been granted?)

September 04, 2009

Executive Agency Ethics Pledge Waivers

White House: "We have previously reported six limited waivers that have been granted by the White House pursuant to the President’s Executive Order on Ethics for Executive Branch personnel – the strongest ethics standards in U.S. government history. Three of these waivers involved lobbying-related issues and three did not. We blogged about them here, here, and here. Several months ago, the public interest community suggested that we also make available in a central place limited waivers granted by other federal agencies besides the White House. Today, we are releasing all ten such agency-granted waivers (none of which involve lobbying). The President’s Executive Order calls for an annual report to be completed in early 2010 that will include all waivers granted pursuant to the Order. We are, however, pleased to make all of the pledge waivers granted to date by this Administration available now--more than four months early."

  • Presidential Transition - Executive Agency Ethics Pledge Waivers: "The following appointees serving Executive Branch agencies have received limited waivers from Designated Agency Ethics Officials (DAEOs) to the Ethics Pledge required by Executive Order 13490 of January 21, 2009."

For my website and forensic students. Each JPEG contains metadata.

EXIF Browser & Picture resizer

Exchangeable Image File Format (Exif) - is a specification for the image file format used by digital cameras.

… Though the specification is not currently maintained by any industry or standards organisation, its use by camera manufacturers is nearly universal.

The metadata tags defined in the Exif standard cover a broad spectrum:

Date and time information. Digital cameras will record the current date and time and save this in the metadata.

Camera settings. This includes static information such as the camera model and make, and information that varies with each image such as orientation (rotation), aperture, shutter speed, focal length, metering mode, and ISO speed information.

A thumbnail for previewing the picture on the camera's LCD screen, in file managers, or in photo manipulation software. - Descriptions and copyright information.

Tools & Techniques Identity Theft, anyone? (You might also search this site for “surveillance”

USB Snoop Stick

September 1st, 2009 by Edwin in PC Gadgets, Spy Stuff, USB Gadgets

Do you wonder what people are always up to on your computer whenever you are not around? The USB Snoop Stick comes in handy then, as long as you leave it plugged in discreetly. We would say that this works best when you’re running a desktop (a notebook would be wayyyy to obvious), especially when this is a machine that is nestled away in a dusty corner of your cubicle with a mess of wires providing enough coverage.

All that’s required is to slot the Snoop Stick into a USB port and run the installation program that appears. To remotely monitor your PC, all you need to then to is to insert that same SnoopStick in any Internet-capable computer’s USB port and choose “Connect and View Remote Activity.” The SnoopStick will then start displaying what the computer is accessing on the web, or any IM conversations, as well as email activity and software used. You can also download and view the activity logs that the Snoop Stick software has recorded. Snoop Stick can also take screenshots automatically at pre-set intervals, or whenever websites are accessed. You can also send messages to anyone using the computer, and you can also remotely cut off Internet access, log off all users, or shut down the computer. It’s also possible to set up the Snoop Stick to watch out for certain key words or to monitor when specific websites are being accessed.

Friday, September 04, 2009

“Allow us to sell you the technology we need to monitor you 24/7. It's for the children and if you're innocent, you have nothing to worry about.” This is beginning to sound a lot like, “Of course I'll respect you in the morning!”

Privacy, Mobile Phones, Ubiquitous Data Collection

Posted by timothy on Thursday September 03, @06:03PM from the first-plan-your-safeguards dept.

ChelleChelle writes

"Participatory sensing technologies are greatly expanding the possible uses of mobile phones in ways that could improve our lives and our communities (for example, by helping us to understand our exposure to air pollution or our daily carbon footprint). However, with these potential gains comes great risk, particularly to our privacy. With their built-in microphones, cameras and location awareness, mobile phones could, at the extreme, become the most widespread embedded surveillance tools in history. Whether phones engaged in sensing data are tools for self and community research, coercion or surveillance depends on who collects the data, how it is handled, and what privacy protections users are given. This article gives a number of opinions about what programmers might do to make this sort of data collection work without slipping into surveillance and control."

(Related) I didn't know the the National Enquirer had a Hacking Department. [Seriously, could they be targets of terrorists? Why are they using this technology? Bob]

Prince William and Harry’s mobile phones ‘may have been hacked’

September 3, 2009 by Dissent Filed under Breaches, Non-U.S., Surveillance

Chris Irvine of Telegraph reports:

Prince William and Harry’s mobile phones may have been hacked into by journalists, MPs have heard.

Detective Chief Superintendent Philip Williams, from the Metropolitan Police, raised the possibility at the Commons Culture, Media and Sport Select Committee.

When asked if he suspected journalists had hacked into the princes’ mobile phones, Mr Williams told the committee: “Yes, I think they may well have done.”

Read more on Telegraph. Thanks to Brian Honan for this link.

The White House had to drop their website asking citizens to rat out anyone who dared to question the Health Plan. Too public I guess. This is their second attempt? (We can, therefore we must?)

Obama’s secret plan to harvest personal data from social networking websites

September 3, 2009 by Dissent Filed under Featured Headlines, Govt, Internet, Surveillance, U.S.

Ken Boehm reports that the:

NLPC [National Legal and Policy Center] has uncovered a plan by the White House New Media operation [??? Bob] to hire a technology vendor to conduct a massive, secret effort to harvest personal information on millions of Americans from social networking websites.

The information to be captured includes comments, tag lines, emails, audio, and video. The targeted sites include Facebook, Twitter, MySpace, YouTube, Flickr and others – any space where the White House “maintains a presence.”

In the course of investigating procurement by the White House New Media office, NLPC discovered a 51-page solicitation of bids that was filed on Friday, August 21, 2009. Filed as Solicitation # WHO-S-09-0003, it is posted at Click here to download a 51-page pdf of the solicitation.

While the solicitation specifies a 12-month contract, it allows for seven one-year extensions. It specifies no dollar cap. Other troubling issues include:

  • extremely broad secrecy terms preventing the vendor from disclosing to the public or the media what information is being captured and archived (page 7, “Restriction Against Disclosure”)

  • wholesale capturing of comments by non-White House staff [The enemy? Bob] on publicly accessible sites

  • capturing of content of any type (text, graphics, audio, or video)

  • capturing of comments by both Obama critics and supporters, with no restriction as to how the White House would use the information.

Read more on NLPC

Only amusing to me? First thing that occurred to me was: “He's too drunk to consent!”

AZ court: DUI blood test requires warrant or consent

September 3, 2009 by Dissent Filed under Court, Surveillance

The Associated Press reports an Arizona court ruling that authorities must either obtain a search warrant to conduct a blood test of a DUI suspect or obtain the suspect’s clear consent to having blood drawn. Simply not objecting to the blood test is not sufficient. According to the AP, the Court of Appeals sent the case back to a lower court for a finding on whether the man involved actually consented.

As goes Massachusetts and California, so goes the country! (At least when Congress is controlled by the Democrats)

Mass. health bill would allow warrantless arrests, quarantines

September 3, 2009 by Dissent Filed under Legislation, U.S.

Alex Newman writes:

A pandemic and disaster preparation bill (S. 2028) passed unanimously by the Massachusetts Senate earlier this year is receiving wide-spread criticism as citizens mobilize to oppose its passage in the commonwealth’s House of Representatives. “Under this bill, Massachusetts becomes a medical police state. There is no debating it,” wrote Natural News editor Michael Adams in an August 28 article entitled http// Wake Up, America: Forced vaccinations, quarantine camps, health care interrogations and mandatory ‘decontaminations,’” where he suggested America was delving into medical fascism. “The citizens of Massachusetts will have no rights, period. The Constitution is ancient history. You are now the property of the State.”

The bill contains a number of controversial, alarming, and blatantly unconstitutional provisions. Under an emergency declared by the governor, the statute purports to give the health commissioner, and law enforcement and medical personnel broad authority to mobilize forces, vaccinate the population, enter private property with no warrants, and even quarantine people against their will.

Read more on New American

Related: Text of Senate version of the bill can be found here (pdf).

Related: Kurt Nimmo is also very negative about the bill and wonders why it is not getting mainstream coverage.

Some monopolies are worse than others. On the other hand, now you can buy an election from a single source!

ES&S To Buy Diebold, Blackbox Voting To Sue

Posted by kdawson on Thursday September 03, @07:05PM from the all-watched-over-by-machines-of-loving-grace dept.

Gottesser writes

"Long-time election rights activist Bev Harris (she had an HBO special a while back where she hired Hari Hursti to hack an optical scan voting machine) just sent this out: 'Diebold/Premier Election Systems is being purchased by Election Systems & Software (ES&S). According to a Black Box Voting source within the companies, there will be a conference call among key people at the companies within the next couple hours. An ES&S/Diebold-Premier acquisition would consolidate most US voting under one privately held manufacturer. And it's not just the concealed vote-counting; these companies now also produce polling place check-in software (electronic pollbooks), voter registration software, and vote-by-mail authentication software.' Our voting system is heading toward a server-centric model with our vote being delivered to us by computers under lock and key far away from public oversight. Here's ES&S's press release. Wikipedia's got something on the ongoing string of ES&S controversies as well."

For my Data Mining & Analysis class. Illustrates how to present data mined from multiple sources. (Can't help noticing that Washington DC is high on every map. What a shock, huh?)

American Vice: Mapping the 7 Deadly Sins

By Kristina Shevory 08.24.09

We're gluttons for infographics, and a team at Kansas State just served up a feast: maps of sin created by plotting per-capita stats on things like theft (envy) and STDs (lust).

Very useful source of ebooks on Computer Security and other topics. Some old, some new – including the textbook I'm using for Business Continuity.


Tools & Techniques Economics? Statistics? Finance?

Google Domestic Trends: Should You Invest Based On Google Searches?

by MG Siegler on September 3, 2009

Google has launched a new area of Google Finance called “Google Domestic Trends.” Basically, it allows you to look at various sectors of the U.S. economy based on how they are performing in Google’s search index. The idea is that the volume of searches for related queries to a specific segment may “provide unique economic insight,” says Google.

Tools & Techniques Security

Free CAPTCHA that stops spam, not humans!

VidoopCAPTCHA is an image-based verification solution used to distinguish a human from a computer program, protecting web sites against malicious bot attacks. When compared to traditional text-based CAPTCHAs predominant on the web, VidoopCAPTCHA is easier on the user. And it’s FREE!

Tools & Techniques For my website students – I don't grade on content, I grade on the technology behind the content.

Convert A File To HTML Instantly With

Sep. 4th, 2009 By Karl L. Gechlik allows us to convert almost any type of file into an HTML webpage with zero knowledge necessary in any web language or programming skills.

… Once your file has been successfully transferred to their site you will see a success screen with a link to your new webpage containing your document’s contents.

If you click on the link it will take you to the page. It should appear identical to your original with the exception of the Adsense or Bidvertiser ads at the top of your document directly under your title.

Need to store a huge database? (For the IT Architecture class)

Petabytes on a budget: How to build cheap cloud storage

Tim Nufire September 1

At Backblaze, we provide unlimited storage to our customers for only $5 per month, so we had to figure out how to store hundreds of petabytes of customer data in a reliable, scalable way—and keep our costs low. After looking at several overpriced commercial solutions, we decided to build our own custom Backblaze Storage Pods: 67 terabyte 4U servers for $7,867.

In this post, we’ll share how to make one of these storage pods, and you’re welcome to use this design.

Thursday, September 03, 2009

They should have this completely cleared up in a few more years...

TJX settles banks’ lawsuit

September 2, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, U.S.

The Associated Press reports that TJX has settled TJX said it has paid $525,000 to settle claims by some banks about costs they incurred as a result of the retailer’s massive data breach. Other banks — AmeriFirst Bank, HarborOne Credit Union, SELCO Community Credit Union and Trustco bank - have dropped their respective claims against TJX.

Is this the case of the “T. J. Hooper” for the Internet age?

Court allows suit against bank for lax security

September 2, 2009 by admin Filed under Breach Incidents, Financial Sector, Of Note, Other, U.S.

Jaikumar Vijayan of Computerworld reports:

A couple whose bank account was breached can sue their bank for its alleged failure to implement the latest security measures designed to prevent such compromises.

In a ruling issued last month, Judge Rebecca Pallmeyer, of the District Court for the Northern District of Illinois, denied a request by Citizens Financial Bank to dismiss a negligence claim brought against it by Marsha and Michael Shames-Yeakel. The Crown Point, Ind. couple — customers of the bank — alleged that Citizens’ failure to implement up-to-date user authentication measures resulted in the theft of more than $26,000 from their home equity line of credit.

Read more on Network World

[From the article:

The negligence claim was one of several claims brought against Citizens by the couple. Although, Pallmeyer dismissed several of the other claims, she allowed the negligence claim against Citizens to stand. She noted that the couple had shown that a "reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access."

The ruling highlights an issue that security analysts have been talking about for a long time: the need by companies to show due diligence in protecting customer data against malicious and accidental compromise. Security analysts have warned that companies that can't prove they took adequate measures to protect data could find themselves exposed to legal liability after a data breach.

… The decision in the Shames-Yeakel case was first reported on Digital Media Lawyer Blog , which is written by David Johnson, a lawyer specializing in digital media law with Jeffer, Mangels, Butler and Marmaro LLP in Los Angeles. The case shows how the failure to expeditiously implement state-of-the-art security measures can open companies to negligence claims, Johnson wrote.

… Citizens held the couple responsible for paying back the money, and claimed that under its online terms and conditions it had no liability for any unauthorized transactions that were made using legitimate usernames and passwords. It said there was no liability unless it had been notified in advance about the possibility of unauthorized use and had been given a reasonable opportunity to act on that notice.

… But the Shames-Yeakels claimed those measures were inadequate. They said that at the time of the breach, Citizens was still relying on usernames and passwords to control access to accounts while others had begun using two-factor authentication, including token-based authentication, that is considered more secure. They pointed to a 2005 document by the Federal Financial Institutions Examination Council (FFIEC), which called single-factor authentication inadequate and recommended the use of two-factor authentication by banks.

The report is very confusing. No indication why there would be a database of pharmacy 'clients' on a laptop computer. If there is no health information (i.e. prescription records) what was the database for? If it was not supposed to leave the pharmacy, why use a laptop rather than a cheaper desktop?

Navy laptop with personal info missing

September 2, 2009 by admin Filed under Breach Incidents, Government Sector, Healthcare Sector, Lost or Missing, U.S.

Liz Nelson reports:

Naval Hospital Pensacola will be notifying thousands of beneficiaries who use its pharmacy services, following the disappearance of a laptop computer August 18 which contains personally identifiable information.

The computer’s database contains a registry of 38,000 pharmacy service customers’ names, Social Security numbers and dates of birth on all patients that used the pharmacy in the last year. It does not contain any personal health information.

Read more on Fox10TV

Neither the story nor the hospital’s FAQ (below) indicate whether the data were encrypted or unencrypted. The FAQ indicates that in some cases, spouses’ information and disability ratings may also have been on the laptop.

Related: FAQ on the breach on the hospital’s site (pdf)

[From the article:

The computer has a damaged exterior and may have been disposed of. [and no one remembers (or records) it's destruction? Bob]

Would this have been different if he had received a text message from his lawyer?

ACLU lawsuit says student’s cell phone was illegally searched

September 2, 2009 by Dissent Filed under Court, U.S., Youth

John Cox of Network World reports:

A middle school honor student who was expelled after authorities searched his cell phone and found evidence of what they claimed were “gang-related activities” now has a lawyer: the American Civil Liberties Union.

The Mississippi ACLU this week filed a federal civil rights lawsuit, arguing that the 2008 cell phone search was illegal and the expulsion wrongful. The lawsuit claims that the gang activities were simply photos showing the student, then-12-year-old Richard Wade, dancing in the bathroom of his own home, and a friend, also at Wade’s home, with a BB gun held across his chest.

According to the ACLU press release, Wade, then a 12-year-old at Southaven Middle School, Southhaven, Miss., had his phone confiscated and then searched by his football coaches, the class principal, and a police sergeant after he read a text message received from his father during football class. [Improbable cause? Bob]

Read more on The Standard.

Mostly high school math, but many of my students start at that level.


Free online math video lessons to help students with the formulas, equations and calculator use, to improve their math problem solving skills.

Tools & Techniques Hang onto this one. You will need it someday.

How To Find Unknown Device Drivers By Their Vendor & Device ID

Sep. 2nd, 2009 By Saikat Basu

Quick screenshots.

31 August 2009


Simply press the ScreenSnapr Hotkey (Ctrl + 1), and almost instantly have access to a URL to share on IM, Twitter, Email, or any other virtual medium.

[And here you will find a list of over 70 screen capture and screencasting tools]

Wednesday, September 02, 2009

Happy Birthday! (Short video and transcript)

Internet's 40th "Birthday" Marked

This is not a big deal relative to a TJX or Heartland, but perhaps it goes into the “US is falling behind” folder, since it seems these crimes are most often blamed on “Eastern Europe” or China or somewhere in Africa. Perhaps we should be recruiting from these countries?

5 men named in racket that netted $4m in stolen card data

September 2, 2009 by admin Filed under Breach Incidents

The Register has more on a case reportedly here previously. It turns out that the “news” actually relates to a case that was originally filed in 2007. For the detailed version, read the prosecutor’s press release.

Prosecutors in Manhattan have named five additional men from Eastern Europe in an alleged scheme that pilfered $4m using more than 95,000 stolen credit cards.

Using handles such as “the Viver,” “Inexwor,” and “DoZ,” the men were part of an international conspiracy that reached half-way around the world to snatch the payment card credentials of people located in New York, according to prosecutors in Manhattan District Attorney’s office. They branded their highly profitable enterprise the Western Express Cybercrime Group.

Read more in The Register and PC World.

Keep this in mind the next time the DoJ (or FBI or DHS or 'fill in the blanks') says we need to modernize our legal system into match those of other countries.

Eavesdropping on Internet

September 2, 2009 by Dissent Filed under Internet, Non-U.S., Surveillance

Imagine an invisible person is behind you watching all you do on the Internet, like searching, chatting and file downloading. Horrible as it may sound, this was what the National Intelligence Service allegedly did to a pro-unification civic group leader.

As if that was not enough, the NIS agents wiretapped all communications in cyberspace, not just of the suspected violator of the anticommunist law but of his family members and coworkers who shared the same Internet lines with him, in what experts call “packet eavesdropping.” Could one brush it aside as just another shady aspect of “IT Korea”?

Even more astonishing was nobody knew about the Internet bugging until the prosecution presented wiretapped contents as evidence during a trial. [They learned this trick from Perry Mason! Bob] Most shocking of all, the top spy agency says its agents acted with court warrants and committed no legal violations, reaffirming the nation’s far too porous legal system to protect communication secrecy and other privacy.

Read more of this Op-Ed The Korea Times.

(Related) On the other hand, some laws (government initiatives?) are not worth emulating.

Scottish govt publishes plans to reduce personal data collection

September 2, 2009 by Dissent Filed under Featured Headlines, Govt, Non-U.S.

The Scottish Government plans to reduce the amount of information on citizens held by large public databases and curb the collection and use of personal data by public authorities.

A consultation on its plans has just begun. The Scottish Government, run by the Scottish National Party in a minority administration, has the backing of the UK Information Commissioner’s Office (ICO) for its plans.

It has proposed a set of Identity Management and Privacy Principles with which public bodies will have to comply. The principles move the Scottish Government away from the trend of building very large public databases of personal information.


According to a news release on the government’s web site, the draft principles include:

  • Proving identity or entitlement: people should only be asked for identity when necessary and they should be asked for as little information as possible

  • Governance and accountability: private and voluntary sectors which deliver public services should be contractually bound to adhere to the principles

  • Risk management: Privacy Impact Assessments should be carried out to ensure new initiatives identify and address privacy issues

  • Data and data sharing: Organisations should avoid creating large centralised databases of personal information and store personal and transactional data separately

  • Education and engagement: Public bodies must explain [To whom? Bob] why information is needed and where and why it is shared

This is becoming much more common. Are lawyers learning how to do it, or are organizations becoming more aggressive?

York University obtains court order for Bell and Rogers subscriber information

September 1, 2009 by Dissent Filed under Court, Internet, Non-U.S.

Michael Geist writes:

There has been considerable discussion in recent weeks regarding the prospect of court orders mandating ISPs or other intermediaries disclose identifying information about anonymous individuals (Google model case, Ottawa city hall blog). Overlook, however, is a recent order obtained by York University requiring Bell and Rogers to disclose subscriber information. Neither ISP opposed the order, which included some novel requirements in return for ordering the two companies to disclose the names of customers associated with particular IP addresses. First, York University was required to pay the ISPs to compensate them for providing the information - Rogers gets $600, while Bell gets $300. Second, the court added a condition that required notification of the customers identified by Bell and Rogers so that they could apply to the court to vary or vacate the order. Despite constituting only three paragraphs, the order raises some very interesting issues including the questions about why a university would seek this order, the compensation to the ISPs, and the attempt to factor in a response from the identified subscribers.

A copy of the order is embedded in the blog entry.

Another “first?” (I suspect more than the article suggests.

Web Hosts Hit With $32 Million Judgment For Content

Posted by Soulskill on Wednesday September 02, @08:40AM from the time-to-pay-the-piper dept.

mikesd81 tips news that a California jury has found two web hosting companies liable for "contributing to trademark and copyright infringement" after hosting web sites that sold counterfeit Louis Vuitton items. Both companies are owned by the same man, Steven Chen, and are being ordered to pay $32 million in fines. A similar judgment for $61 million went against eBay last year for facilitating the sale of counterfeit Louis Vuitton merchandise.

"The US District Court for the Northern District of California is expected to issue a permanent injunction banning the internet service providers from hosting Web sites that selling fake Louis Vuitton goods in the future, the company said. Attorneys for the luxury goods maker said in a statement that the case is the first successful application on the internet of the theory of contributory liability for trademark infringement. Under this theory, companies that know, or should know, that they are enabling illegal activities have an obligation to remedy the situation. Entities that fail to do so, as Louis Vuitton alleged in this case, can be held legally responsible for contributing to the illegal activities."

Follow-up Perhaps this topic is of interest to a wider audience that it used to be?

DHS: All your laptops are belong to us

September 1, 2009 by Dissent Filed under Featured Headlines, Govt, Surveillance, U.S.

As a follow-up to the position of the Department of Homeland Security on searching laptops at the border (reported here last week), Jaikumar Vijayan of Computerworld reports:

The Department of Homeland Security’s Privacy Office has approved the controversial searches, copying and retention of laptops, PDAs, and other digital devices without cause at U.S. borders.

Travelers could soon start seeing notices from the Privacy Office, which last week released a report supporting the right of customs agents to conduct such searches.

The 51-page Privacy Impact Assessment also supported the right of U.S. Immigration and Customs Enforcement agents to copy, download, retain or seize any content from these devices, or the devices themselves, without assigning any specific reason for doing so.

Read more on Computerworld.

Elsewhere, Jurist provides an interesting commentary on the legal underpinnings of DHS’s position :

John Wesley Hall, Jr. [Former President, National Association of Criminal Defense Lawyers]: “This fiscal year, through August 11, 2009, US Customs and Border Protection (CBP) tells us that there were about 1,000 laptop computer searches, only 46 of which were in-depth. This out of 221 million border crossings. It simply is not possible for CBP to widely search laptop computers at the border. Too many people are lined up coming in to search everybody intensively, let alone their computers and electronic media too.

CBP is searching laptop computers, a least in the litigated cases that I have seen, only for child pornography. [So they do have cause? Bob] And they at least appear to be limiting these searches to those whom they have reasonable suspicion to believe are potentially transporting child pornography into the country so as to target their resources. But what happens when these searches begin to occur based on political speech because one opposes a government position or happens to disagree with the opinion of the customs agent making the decision (“the discretion of the officer in the field”)?

All the case law to this point is clear that reasonable suspicion is not required for a laptop search. [Is that the same as saying you can search for unreasonable reasons? Bob] No case has held that it is, and I don’t think that any will. That should not be surprising considering the Supreme Court held in 2004 in United States v. Flores-Montano that the reasonable suspicion requirement is limited to searches of the person and not personal belongings, and in 1971 that pictures and motion pictures could be examined at customs in United States v. Thirty-Seven Photographs. Thirty-Seven Photographs predated the widespread use of truly portable laptop computers by more than a decade.

Read more on Jurist.

Updated: I contacted John Wesley Hall, Jr., an expert on Fourth Amendment law, to ask him about the Fourth Amendment basis for not just searching, but copying, the contents of devices, as there has been some talk among privacy advocates and attorneys about attorney-client privilege or other confidential materials that might be copied or put at risk of a breach. John’s response:

The right to search would presumably include the right to copy what is found for evidentiary use.

If it was copied or taken and never used in a criminal prosecution, it would be subject to return under F.R.Crim.P. 41(g) if it was noncontraband. [Is there a simple procedure for this? Bob]

What about attorney-client privileged information? There has been some list serv traffic about this risk, which is a theoretical risk at best. CBP just does not have the time to search except for contraband. 221 M border crossings between 10/1/08 and 08/11/09 means it is impossible for them to do anything but a search that is likely to bear fruit; hence a virtual self-imposed reasonable suspicion standard, although the law does not require one. [Interesting argument. Still wouldn't address the “why me” question. Bob]

Apparently some people in the UK are finally waking up. This is not news, but the realization of what the government is doing seems to be growing.

UK Plans To Link Criminal Records To ID Cards

Posted by timothy on Wednesday September 02, @04:41AM from the oh-sure-blame-the-children-again dept.

Death Metal writes with this excerpt from about the UK's national ID card scheme:

"Privacy advocates have reacted angrily to reports that the government plans to link national identity records to criminal records for background checks on people who work with children and vulnerable people. Up to 11 million such workers could be affected immediately if the plan goes ahead. Phil Booth, national co-ordinator of privacy advocates NO2ID, said the move was consistent with the various forms of coercion strategy to create so-called volunteers for national ID cards. 'Biometrics are part of the search for clean, unique identifiers,' Phil Booth said. He said the idea was patently ridiculous when the Home Office was planning to allow high street shops and the Post Office to take fingerprints for the ID card. [Anyone else think there is an opportunity for hanky-panky here? Bob]

What a fun area for hackers! “Oh look, the patient just died! No, he's alive again, but his body temperature has dropped to -18 degrees. Ah, now he's pregnant with octuplets!”

Coming to a bedside near you: Body sensor networks

by Elizabeth Armstrong Moore September 1, 2009 5:01 PM PDT

GE Healthcare is developing a Body Sensor Network (BSN) that consists of sensor devices that collect patient-specific data, from body temperature and pulse-oximetry to blood glucose levels and respiratory function. The real-time information will be transmitted to doctors, nurses, caregivers, etc., to enable far more efficient body monitoring from any location, which in turn provides the most current patient information and treatment option evaluations.

This is sure to catch on. Perhaps there is an opportunity for a “Bill me through this email account” service that would check your bills for you? Probably not.

T-Mobile users to be billed for bills

Posted: Tuesday, September 1 2009 at 05:00 am CT by Bob Sullivan

Rob Connor of Charleston, S.C., watches his bills carefully. So he's pretty "steamed" that soon he's going to have to pay for the right to do so.

Connor is caught in a debate that could pit environmentalists against consumer rights advocates over the basic monthly task of paying the bills.

Connor's mobile phone provider, T-Mobile, recently sent him a note saying it will now charge customers $1.50 per month to receive paper bills mailed to their homes, or $3.50 per month for detailed bills. E-mailed bills are free, but Connor says that won't help him. He doesn't have Internet access at home.

T-Mobile says it's making the change, which takes effect in September, in part to help the environment, but Connor doesn't buy that.

"This thing of having to pay so I can pay is just a little too much," he said. "And I'm certainly not interested in some bogus argument about me contributing to global warming by NOT signing on to making it cheaper for T-Mobile to send me a bill."

Is T-Mobile stiffing consumers like Connor or helping the environment? Many companies are strongly encouraging consumers to forgo paper bills in favor of electronic versions. Sprint offers a $5 credit to consumers to enroll in online billing. Verizon recently offered consumers who make the switch a chance to win a Toyota Prius.

But T-Mobile's fee for even summary paper bills marks one of the most aggressive steps by companies trying to push consumers into the paperless world.

… The firm is not the first wireless company to charge for paper bills. Verizon Wireless and AT&T charge $2 monthly fees for consumers who want to receive detailed bill statements via U.S. Mail. Basic summary bills are still free, however.

But Connor thinks he has a right to the paper bills for free, and he's not alone. T-Mobile customers have taken their displeasure with the new policy to the Internet, registering complaints on dozens of Web sites.T-Mobile’s own consumer message boards are full of angry notes.

It really pisses me off when companies hide behind the environmental wackos for a reason why not to include services anymore,” reads one.

Harvey Rosenfeld, founder of Consumer Watchdog and lead attorney in several lawsuits against the mobile industry, says Conner and other complainers may have legal grounds for their objection. He recently settled a lawsuit against Nextel Corp. for requiring consumers to pay for detailed billing statements back in 2003. As part of the settlement, Nextel agreed to refund customers. He says consumers are entitled to bills and invoices that itemize costs.

"There's a lot of policy language in state and federal law that says consumers need to be able to determine the validity of a bill," he said. "You need to know if you're being overcharged, if you've received a promotional discount. You can't figure anything out from a bill if all they give you is a single unitemized bill."

Rosenfeld says he's seen hospital bills where the consumer was charged $2.50 to obtain a copy of the bill.

"To bill you for the price of billing you is an outrage" he said. "It's the cost of doing business."

… Meanwhile, many T-Mobile consumers are wondering if the new paper bill fee constitutes a change in contract terms which would allow customers to break their contracts without paying an early termination fee.

T-Mobile says no.

"It doesn't qualify for opt out in the contract because customers were given 30 days notices as part of terms and conditions. They have the option to opt out. And they have access to bills for free online," said a company spokesman, speaking on condition he not be identified.

But Rosenfeld said the firm has clearly changed the cost to consumers – a $50 plan now costs $50 plus at least $1.50 to get a paper bill – so consumers should have the right to cancel.

"If a company starts charging for a service that they previously did for free ... that’s a material change for sure," he said. "I think consumers can get out of their contracts."

More interesting that I expected...

September 01, 2009

National Library of Medicine Offers Disaster Information Resources on Wildfires

Newsletter for the NN/LM Pacific Southwest Region: "An extensive list of resources related to wildfires is now available from the Specialized Information Services division at NLM. Learn how to prepare and protect yourself from wildfires, and get information on how the smoke and particulate matter may affect your health." [Dan Mitchel]

Is Kindle doomed? This may at least break the “proprietary” barriers

Google Broadens Attack On Amazon Kindle, Partners With COOLERBOOKS

by Robin Wauters on September 2, 2009

… First, the company teamed up with Sony, adding about 1 million public domain books to the technology giant’s eBook Store.

Now Mountain View has sealed a deal with British Interead, bringing the same amount of ebooks to an online store outside the U.S. for the first time (where close to half a million of them are available for free).

Reading-based Interead is the company behind ebook store COOLERBOOKS. The company also manufactures COOL-ER eReaders, small, elegant ebook readers that kinda look like giant iPods and cost $249 in the United States.

Oo! Oo! Can I “soundmark” such phrases as “I didn't know there was a test today!” or “Yeah, I know I missed eight of the last nine tests, but I've gotta pass this class!”

Tour Companies Battle Over Trademarked Duck Noises

Posted by samzenpus on Tuesday September 01, @01:15PM from the totally-quackers dept.

Tour company Ride the Ducks is suing rival tour company Bay Quackers, alleging that it holds trademark rights to the sound made by tourists using duck call devices, while on amphibious vehicle tours. San Francisco-based Ride the Ducks holds a 'sound mark' on the noise. Very few companies hold sound marks, but some of the more famous include: the NBC chimes and the MGM lion. The company holds US Trademark No. 2,484,276, which protects a mark consisting of 'a quacking noise made by tour guides and tour participants by use of duck call devices throughout various portions of [guided amphibious vehicle] tours.' Reading this makes my think that there is a room full of litigious monks somewhere, just waiting for someone to try clapping with one hand.

Tools & Techniques. A bit of a rambling article, but shows a simple way to customize your “file open dialogue box” (The explorer-like window that opens when you want to Open a file.)

Use The Places Utility To Customize Your Open File Locations In Windows

Sep. 2nd, 2009 By Karl L. Gechlik

… Some programs like Outlook open the file box to a suitable folder – so why don’t they all? But what if I want to replace the links on the left with my most common folders?

Yeah there is a piece of software for that. Let’s help you make use of it. You can download the small 623kb file from here. It is compatible with Windows 2000 upwards, so that means XP, Vista and Seven friendly!

Not that I have a lot of wino friends... This is for my Small Business Management students. I tell them to start businesses that involve things they love.

Panorama Capital Pours $4.5 Million Into Online Wine Outlet Vinfolio

by Robin Wauters on September 2, 2009

Online wine store and community site Vinfolio has raised $4.5 million in a Series A funding round led by Panorama Capital after receiving an undisclosed amount of angel investment earlier.

… There’s no shortage of wine-related websites and services out there. From the top of my head: review sites Snooth and Corkd, Vinogusto, good old and wine ‘discovery’ service Adegga, although I’m sure there are many more.

Both a sign of Microsoft lack of dominance and a great premise for the next “I'm a PC...” ad. (Bill Gates will be rolling over in his retirement.)

iPhone App Wins Microsoft-Campus Programming Contest

Posted by timothy on Tuesday September 01, @03:43PM from the cross-platform dept.

imamac writes

"Startup Weekend was a 54-hour coding marathon held on Microsoft's campus last weekend. It was designed to encourage the use of MS programming technologies. However, the winner of the contest was an iPhone app: ' "Awkward," whispered Startup Weekend organizer Clint Nelsen into the microphone upon announcing the top vote getter.'"

Tuesday, September 01, 2009

Privacy (and security?) in the Cloud.

Email Snooping Can Be Intrusion Upon Seclusion

August 31, 2009 by Dissent Filed under Court, Internet, Workplace

Attorney Evan D. Brown discusses a case that sheds some light on how courts may view a privacy invasion claim of “intrusion on seclusion” when a firm’s employee email is hosted in the cloud:

Local elected official Steinbach had an email account that was issued by the municipality. Third party Hostway provided the technology for the account. Steinbach logged in to her Hostway webmail account and noticed eleven messages from constituents had been forwarded by someone else to her political rival.

Steinbach sued the municipality, her political rival and an IT professional employed by the municipality. She brought numerous claims, including violation of the Federal Wiretap Act, the Stored Communications Act, and the Computer Fraud and Abuse Act. She also brought a claim under Illinois common law for intrusion upon seclusion, and the court’s treatment of this claim is of particular interest.


Finally, the defendant argued that the intrusion was authorized, looking to language in the Federal Wiretap Act and the Stored Communications Act that states there is no violation when the provider of an electronic communication services intercepts or accesses the information. The court rejected this argument, finding that even though the municipality provided the email address to Steinbach, Hostway was the actual provider. The alleged invasion, therefore, was not authorized by statute.

The court’s analysis on this third point could have broader implications as more companies turn to cloud computing services rather than hosting those services in-house. [Outsourcing in general? Bob] In situations where an employer with an in-house provided system has no policy getting the employee’s consent to employer access to electronic communications on the system, the employer—as provider of the system—could plausibly argue that such access would be authorized nonetheless. But with the job of providing the services being delegated to a third party, as in the case of a cloud-hosted technology, the scope of this exclusion from liability is narrowed.

Read more on CircleID

The case is Steinbach v. Village of Forest Park, No. 06-4215, 2009 WL 2605283 (N.D. Ill. Aug. 25, 2009)

[From the article:

The court looked to the case of Busse v. Motorola, Inc., 813 N.E.2d 1013 (Ill.App. 1st. Dist. 2004) for the elements of the tort of intrusion upon seclusion. These elements are:

  • defendant committed an unauthorized prying into the plaintiff's seclusion;

  • the intrusion would be highly offensive to the reasonable person;

  • the matter intruded upon was private; and

  • the intrusion caused the plaintiff to suffer.

Technology presents new challenges to governments. (Of course, this could also be used to “leak” positions on pending legislation and see what the feedback is...),1518,646016,00.html

Illegal Election Updates Strike Again in Germany

Ninety minutes before the polling stations closed, the first results in the weekend's German state elections were already being made public. Twitter had struck again. At around 4:30 p.m. two Twitter users had published messages indicating the outcomes for Thuringia, Saarland and Saxony. These messages then made their way around the Internet.

In Germany, it is a crime to publish data gleaned from the exit polls -- a poll of voters taken immediately after they have exited the polling stations -- before the polling stations have closed.

… One of the Twitter accounts belonged to Patrick Rudolph, the head of the Christian Democrats (CDU) in the city of Radebeul in Saxony. "I don' know who wrote it," Rudolph told SPIEGEL ONLINE. It was not him, he says, and he deactivated the account because of this. [One of the problems with relying on your secretary (teenage children?) to handle the technology for you... Bob]

Users got rights?

German Court: Google must change its terms

August 31, 2009 by Dissent Filed under Court, Internet, Non-U.S.

Patrick McGroarty of the Associated Press reports that a German court has ruled that Google must eliminate 10 clauses from its terms of service. The Federation of German Consumer Organizations had argued that the clauses could be interpreted to compromise users’ rights to their own data

Google said in a statement that it removed the clauses, which it described “unfortunately framed,” more than a year ago.

Google spokesman Stefan Keuchel said the terms had already been changed when the court released its decision to clarify that users agree to allow data they upload to be viewed and manipulated only by other users they have explicitly authorized — for instance, through a shared Google document.

Read more on AJC.

Students got no rights!

Court backs plagiarism detector

September 1, 2009 by Dissent Filed under Court, Youth

David Canton had an article on Canoe yesterday about the use of the plagiarism detector service, For those who weren’t aware of the case at the time, several students sued last year, claiming that the service violated their copyright and was making a profit off their work. The court sided with, in part, because when students submit their work to the service, they are consenting to having it stored.

I personally disagreed with the court’s opinion, because students are often given no choice about submitting their work — their professors make it a condition of passing the assignment or course. Many educators, in my opinion, have been essentially coercing students into creating a digital record of their thoughts and opinions — records that might come back to haunt them in the future. Of course, someone might reasonably point out that the gripe would be with the educators and not the service, but to the extent that was storing records that the student authors did not want stored but had no real choice about consenting to, I viewed it as a privacy invasion.

Now Canton reports that the issue is not totally dead. He writes:

However, this may not signal the end of the controversy surrounding turnitin. Legal action is being contemplated by other student groups unhappy with the policies of Turnitin. Some institutions have discussed eliminating the use of the service or letting professors decide if it should be used on a class-by-class basis.

It is not the concept of Turnitin that is being objected to by students, it is the manner in which the service is being operated.

It will be interesting to see what develops. The court felt that the benefits of outweighed the concerns of the students who filed the first lawsuit. But in this day and age, is creating a non-optional digital record of a student’s thoughts and opinions really a small thing that is outweighed by the convenience or tool it provides educators who want to rule out plagiarism? What do you think?

Stalking Congress

August 31, 2009

New on - The Government Domain: Tracking Congress 2.0

The Government Domain: Tracking Congress 2.0 - With the 111th Congress of the United States reconvening on September 8th, e-gov expert Peggy Garvin highlights new tools and sources that enhance and expand your ability to track and monitor the action.

Is this evidence that ISPs are doing what they swear thay don't do?

Drop in P2P Traffic Attributed To Traffic Shaping

Posted by ScuttleMonkey on Tuesday September 01, @03:27AM from the or-just-sneakier-options An anonymous reader writes

"A new report based on data from 100 US and European ISPs claims P2P traffic has dropped to around 20% of all Internet traffic. This is down from the 40% two years ago (also reported by the same company which sells subscriber traffic management equipment to ISPs). The report goes on to say the drop is likely due to continued, widespread ISP P2P shaping: 'In fact, the P2P daily trend is pretty much completely inverted from daily traffic. In other words, P2P reaches it low at 4pm when web and overall Internet traffic approaches its peak... trend is highly suggestive of either persistent congestion or, more likely, evidence of widespread provider manipulation of P2P traffic rates.'"

Arbitrary is as arbitrary does... or doesn't, depending...

Woman Fired For Using Uppercase In Email

Posted by samzenpus on Monday August 31, @12:49PM from the don't-type-angry dept.

tomachi writes

"An accountant in NZ has been awarded $17,000 NZD for unfair dismissal after her boss fired her without warning for using uppercase letters in a single email to co-workers. The email, which advises her team how to fill out staff claim forms, specifies a time and date highlighted in bold red, and a sentence written in capitals and highlighted in bold blue. It reads: 'To ensure your staff claim is processed and paid, please do follow the below checklist.' Her boss deemed the capital letters too confrontational for her co-workers to read after they woke up from naptime."

Is Microsoft doomed? Can you name anything new from them in the last few years? (Windows7 seems like a major improvement, but addresses a declining market)

Challenging Microsoft With a New Technology

By STEVE LOHR Published: August 30, 2009

Microsoft’s No. 1 rival is a household name, Google. But a strong candidate for No. 2 is a company that is scarcely known outside the technology industry: VMware.

(Related) Lose in this market, and individuals have no reason to buy the same software for use at home.

British small biz falls out of love with Microsoft, heads to the Clouds

by Mike Butcher on September 1, 2009

Remember all that Web 2.0 hype back in the day? Remember how some predicted an end to the monopoly of Microsoft in those basic applications like Word, Excel and others as these functions moved to the Cloud? Well it looks like that trend is well on its way now and especially in the UK.

According to a survey by Accredited Supplier, a B2B services marketplace, Microsoft is losing their grip on the UK small business market under increasing pressure from cloud computing and open source software.

(Related) Another “old guard” company that isn't moving (can't move?) quickly enough to create a service that customers want.

Is AT&T losing its grip on the iPhone?

by Marguerite Reardon August 31, 2009 11:09 AM PDT

Apple's exclusive deal with AT&T to offer the iPhone may end within the year, according to a prediction from financial analyst Gene Munster, a senior research analyst at Piper Jaffray.

If Munster is correct, opening up the iPhone to other carriers in the U.S. could be a boon for Apple, which would likely see iPhone sales go through the roof. On the flipside, if this prediction were to come true, it would likely mean very bad news for AT&T, which has relied heavily on the iPhone to boost its own wireless sales and revenue.

Interesting concept. The RIAA will no doubt be calling (Think they can read music?)


Noteflight® is an online application that lets you display, edit, print and play back music notation with professional quality, right in your web browser. You can work on a musical score from any computer on the Internet, share it with other users, and embed it in your own pages. And it's free for individual use.

For my website students

How To Conduct Video Interviews with Wetoku (Invites!)

Aug. 31st, 2009 By Tim Lenahan

… Wetoku offers a simple way to meet someone online, record the meeting (or interview) and then share it with others. You may use it for video chat, conduct online interviews, etc.

Our Makeuseof authors have touched on several video chat type offerings that can help with online interviews (Tokbox, Eyejot, and Gmail’s video chat features). Well, wetoku makes meeting face to face with someone far away even easier.