Friday, October 08, 2010

Hey, it's the law!

French ISP Refuses To Send Out Infringement Notices

Posted by timothy on Friday October 08, @02:19AM

"Last month it was clear that French ISPs were not at all happy about the whole three strikes Hadopi process in France. Now that the 'notice' process has started, with Hadopi sending out notices to 10,000 people per day, it's hit a bit of a stumbling block. The French ISP named 'Free' has apparently figured out a bit of a loophole that allows it to not send out notices and protect its subscribers. Specifically, the law requires ISPs to reveal user info to Hadopi, but it does not require them to alert their users. But, the law does say that only users who are alerted by their ISP can be taken to court to be disconnected. In other words, even if Free is handing over user info, so long as it doesn't alert its users (which the law does not mandate), then those users cannot be kicked off the internet via Hadopi."

In the UK they make speeches....

Speeches: “The English Law of Privacy: An Evolving Human Right” – Lord Walker

October 7, 2010 by Dissent

Hugh Tomlinson QC writes:

On 25 August 2010 Supreme Court Justice Lord Walker of Gestingthorpe gave a speech to Anglo-Australasian Lawyers Society at Owen Dixon Chambers, Melbourne on the subject of privacy. His title was “The English Law of Privacy: An Evolving Human Right“. The lecture contains an interesting an useful overview of the current law of privacy, particularly in relation to the media. Lord Walker suggests that, as the law of privacy develops “its origin in the law of confidence will become a historical curiosity” and that we have now reached the point where “invasion of personal privacy” is a separate tort.

Read more on UKSC Blog.

[From the article:

He emphasises the importance of “the discipline of analysing an issue correctly“, considering first the question of interference with Article 8 rights and second that of the justification for that interference.

(Related) In the US, we give “lip service”

White House lies says online investigations, privacy can coexist

October 7, 2010 by Dissent

Aliya Sternstein reports:

Civil liberties and national security are at the core of the White House’s cybersecurity agenda, a senior administration official said late Wednesday, amid concerns the FBI’s desire to wiretap the Internet conflicts with protecting personal information on the Internet.

“We don’t take the position that this is an either-or situation,” the official said during the first week of the 7th annual National Cybersecurity Awareness Month. “Hardening our cybersecurity defenses around critical infrastructure and protecting classified and sensitive information go hand in hand and are easy examples to point to.”

You can read more on NextGov. Personally, I can’t read any more of the government’s bullshit on this. If they’re serious about protecting personal information: WHY IS THE PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD STILL SITTING EMPTY?

(Related) In any case, actions speak louder than words.

Breach Notice: The Struggle for Medical Records Security Continues

By Dissent, October 7, 2010

William Pewen, who was involved in drafting the language in ARRA, has an excellent commentary on Health Affairs Blog:

On July 28 the Obama Administration surprised many in the health sector by withdrawing a pending Department of Health and Human Services (HHS) final “breach notification” rulegoverning when consumers must be informed of illicit access or use of their medical records. With this exceptional action, the Administration now has a critical opportunity to correct a rule which undermined congressional efforts to secure medical records. Contrary to the underlying statutory language – which I took the lead in drafting as the senior health advisor to Senator Olympia Snowe (R-ME) – the rule drafted by HHS to implement the statute would have allowed medical providers to bypass notification if they themselves decided that consumers had not been harmed by a breach.

Withdrawal of the rule is a positive step. However, efforts to weaken consumer privacy protections will resume. Industry will once again attempt to block efforts to promote transparency and data security, and support for health information technology (IT) will erode if Americans find Washington unresponsive in protecting their health information.

Read more of his thoughtful commentary on Health Affairs Blog.

Gary Alexander sent me this one. Should be interesting.

Internet Privacy Suits Filed Against Yahoo, Others

A set of potential class actions filed recently in Fulton County, Ga., Superior Court against three Internet powerhouses raises interesting questions about how law enforcement agencies get information about Internet users without their knowledge.

While the suits address the government's ability to see what people do on the Web, their viability may turn on more process-oriented questions: how Georgia subpoenas and warrants are served and where they are valid.

The suits claim that Comcast, Yahoo and Windstream have violated federal wiretap and computer privacy laws by providing information in response to warrants or subpoenas issued by Georgia judges or magistrates, which are then faxed or otherwise relayed to the Internet companies' headquarters outside of Georgia.

"If these were federal warrants, there would be no cause of action," said one of the plaintiffs' attorneys, Joshua A. Millican. "But these are state warrants, and they have no force outside of the state of Georgia."

… The three suits, filed on behalf of two class representatives, charge "willful violations" of the U.S. Stored Communications Act [SCA] and the Wiretap Act by each company.

Each defendant "routinely and unlawfully accepts as valid legal process from law enforcement and other government entities" faxed subpoenas from state grand juries or trial judges, often with instructions not to notify the customer whose account will be searched, the suit said.

"Search warrants signed by state magistrates and other state judges have no force and effect outside of the state of issuance," the suits claim, "and when faxed or sent out of state, said search warrants are not deemed issued by a court of competent jurisdiction."

… In addition to violations of the SCA and Wiretap Act, the four-count complaints also accuse the companies of breach of contract and breach of implied duty of good faith and fair dealing.

… Millican said he has been unable to find any case law that raises the issues his complaints do.

"Both the Wiretap Act and the SCA have a good faith clause -- there's a case out there that says an unsigned warrant was fine -- but again, that's for a federal warrant. But that doesn't apply to a Georgia subpoena being served in California."

Millican said that it would be easy for a local law enforcement agency to comply with the law.

"In the Comcast case," he said, "all it would take is for the Cherokee County sheriff to call a judge in New Jersey and say, 'I've got this person down here I'm investigating, I need a warrant.' Then the marshal up there serves it."

Gee, maybe their strategy isn't to increase privacy... Maybe it's to facilitate Behavioral Advertising. In that context, this make sense.

Irony: Facebook’s New Groups Give Me Less Control, Not More

October 7, 2010 by Dissent

Danny Sullivan writes:

I missed Facebook’s press conference yesterday about the new Facebook Groups feature that promises that you can share comments, photos and other information more tightly among only people you trust. But I learned about the feature firsthand soon enough, when I found myself added to a group without being asked. And that was worrisome.

Robert Scoble had created the group, invited a number of people, and I was flattered to be included. But Facebook should have asked me first, not just let Robert Scoble or anyone put me into a group without permission.

In fact, I was pretty aghast this had happened. This company has time-and-time-again been accused of trying to push people into being less private, giving them less control. Here, yet again it rolls out a feature that suggests better privacy but gets things wrong. Share with only those you “care about the most” and “feel confident about who sees” what you post, the Facebook blog posts pitch us. But groups go wrong from the beginning, by failing to ask if you want to be included.

It gets worse. As best I can tell, once you’re in a group, you can add anyone else to it. I’m pretty sure the rest of the group members aren’t notified when you do this. The group I’m in started with no one, and now it’s up to over 500 people. I wasn’t told when new people were added, nor is there a notification option for this…

Read more on SearchEngineLand.

For my Ethical hackers. Should we create bogus certificates for our machines or would it be more amusing to change the “Master” to indicate that all machines (except ours) are infected?

Microsoft Eyes PC Isolation Ward To Thwart Botnets

Posted by timothy on Thursday October 07, @08:09PM

"In a paper published Wednesday (PDF), Scott Charney, who heads Microsoft's trustworthy computing group, spelled out a concept of 'collective defense' that he said was modeled after public health measures like vaccinations and quarantines. The aim: To block botnet-infected computers from connecting to the Internet. Under the proposal, PCs would be issued a 'health certificate' that showed whether the system was fully patched, that it was running security software and a firewall, and that it was malware-free. Machines with deficiencies would require patching or an antivirus update, while bot-infected PCs might be barred from the Internet."

Search the Internet like a librarian?

Thursday, October 7, 2010

Dewey Digger - Explore Knowledge

Dewey Digger is an interesting attempt to catalog the web according to the Dewey Decimal System. To use Dewey Digger just click on a Dewey Decimal category. Then select a topic in that category. Once you've selected a topic Dewey Digger will present you with twenty-seven sources of information. Click any of those sources to see articles, videos, and images on your chosen topic.

Can I have your autograph?

Electronically Sign Your PDF Documents For Free Using Adobe eSignatures

… you can now electronically sign documents, using your email address as verification of identity. Many similar online tools require payment for the service, but the Adobe eSignatures beta is completely free (at least for now).

Understandable statistics on child mortality.

Hans Rosling: The good news of the decade?

No comments: