Saturday, April 24, 2010

All the high school students involved will have graduated college by the time any of this is sorted out...

Administrator agrees to surrender computer in Web cam case

April 23, 2010 by Dissent

John P. Martin brings us the latest development in the lawsuit against the Lower Merion School District for activating a webcam to record a student in the student’s home:

The Lower Merion School District administrator who had the ability to activate the Web cams on students’ laptops agreed Friday to let investigators inspect her personal computer to see if she used the remote tracking program at home, according to an attorney in the case.

The administrator, information systems coordinator Carol Cafiero, has also agreed to sit for a second deposition, attorney Mark Haltzman said. Cafiero had previously refused to answer lawyers’ questions about her role in the now-infamous tracking program.


The price falls as the volumes increase – someone should make up one of those “laws of economics” to explain this.

1.5 Million Stolen Facebook IDs up for Sale

… If they are legitimate, he has the account information of about one in every 300 Facebook users. His asking price varies from US$25 to $45 per 1,000 accounts, depending on the number of contacts each user has.

How to give the RIAA's lobbyists heart failure? It's positively Shakespearian (as in Kill all the lawyers)

Indian Copyright Bill Declares Private, Personal Copying "Fair Dealing"

Posted by timothy on Saturday April 24, @01:31AM

asp7yxia writes

"India's new copyright bill sounds like a pretty good piece of work: it declares private, personal copying to be 'fair dealing' (like US fair use) and limits the prohibition on breaking DRM so that it's only illegal to do so if you're also violating copyright."

These are often fun to read...

Fourth Amendment Remedial Equilibration: A Comment on Herring v. United States and Pearson v. Callahan

DOH! I should have thought of this business opportunity. Hardware and software goes obsolete, unsupported and unavailable every day. Run this kind of business to support a “Museum of Ancient Computing” (Did you know they used to have monitors that didn't display color?)

Emulation For Preservation of Digital Artifacts

Posted by Soulskill on Friday April 23, @05:52PM

An anonymous reader writes

"Author Salman Rushdie donated his papers and notes to Emory University a while ago. Not surprisingly, many of Rushdie's original notes, drafts, and correspondence existed in electronic form. Rather than printing them out or converting them to other formats, archivists at the university created an emulated image of Rushdie's old computer, complete with old software. Researchers visiting the archive can read his email in Eudora and his Stickies notes, or read drafts of his books in ClarisWorks. When you leave your legacy to future generations, would you like a virtualized copy of your personal system to be included?"

It's much older in Internet Years...

YouTube's oldest video is five today

Friday, April 23, 2010

The future of Health Care? If you can't trust your doctor, who can you trust?

After DNA Misuse, Researchers Banished From Havasupai Reservation

Posted by timothy on Thursday April 22, @02:31PM

bbsguru writes

"A court settlement has ended a controversial case of medical privacy abuse. From the NYTimes: 'Seven years ago, the Havasupai Indians, who live in the deepest part of the Grand Canyon, issued a 'banishment order' to keep Arizona State University employees from setting foot on their reservation, an ancient punishment for what they regarded as a genetic-era betrayal. Members of the tiny tribe had given DNA samples to university researchers starting in 1990, hoping they might provide genetic clues to the tribe's high rate of diabetes. But members learned their blood samples also had been used to study many other things, including mental illness and theories of the tribe's geographical origins that contradict their traditional stories.'"

“Full sensor sweep, Mr. Sulu.” As long as you're in the neighborhood, you might as well collect all the Elint you can. Think of it as a telephone book that eventually will include detail down to the level of your DNA.

Google Street View logs WiFi networks, Mac addresses

April 22, 2010 by Dissent

Andrew Orlowski reports:

Google’s roving Street View spycam may blur your face, but it’s got your number. The Street View service is under fire in Germany for scanning private WLAN networks, and recording users’ unique Mac (Media Access Control) addresses, as the car trundles along.

Germany’s Federal Commissioner for Data Protection Peter Schaar says he’s “horrified” by the discovery.

“I am appalled… I call upon Google to delete previously unlawfully collected personal data [Are you sure there's a law against that? Bob] on the wireless network immediately and stop the rides for Street View,” according to German broadcaster ARD.

Read more in The Register.

We love customers – but only because we can make money by having lots of the scum...

Facebook Used To Make Partners Delete Your Data After 24 Hrs. No Longer.

April 22, 2010 by Dissent

Ben Popken writes:

Facebook CEO Mark Zuckerberg announced this morning that Facebook will toss a policy that made developers and partners with access your data to delete it after 24 hours. Now they can just keep it. Turns out the privacy policy hindered growth: Zuckerberg told Inside Facebook


Coming soon after their announcement that some pieces of your personal information will never be private even if you set your profile to private, it’s becoming clearer and clearer that Facebook won’t let a little thing like respect for its users get in the way of its quest for total internet domination.

Read more on Consumerist.

(Related) “No Privacy implications here. Move along.”

Facebook steps up lobbying, deepens ties with intelligence agencies, FTC

April 23, 2010 by Dissent

Kim-Mai Cutler writes:

Facebook has been gradually boosting its profile in Washington D.C. over the past year and is on the hunt for a second senior lobbyist to add to its office of four. Disclosures released a few days ago show that, on top of lobbying the usual suspects Internet companies reach out to like the Federal Trade Commission and the U.S. senators and representatives, the fast-growing social network has also been busy deepening ties to government intelligence and homeland security agencies.


What’s interesting about Facebook’s lobbying in D.C. is what it spends money on despite its small size. It was the only consumer Internet company out of Google, Amazon, eBay, Microsoft, Yahoo and Apple to reach out to intelligence agencies last year, according to lobbying disclosure forms. It has lobbied the Office of the Director of National Intelligence — an umbrella office founded in the wake of Sept. 11 that synthesizes intelligence from 17 agencies including the CIA and advises the President — for the last three quarters on privacy and federal cyber-security policy. It has reached out to the Defense Intelligence Agency too.

Andrew Noyes, the company’s manager of public policy communications, says most of Facebook’s work in D.C. consists of basic education — helping legislators and agencies understand how to use the social network for campaigning, reaching out to their constituencies and in their regular line of work.

Read more on SocialBeat.

Et tu, Hotmail?

Hotmail’s social networking busts your privacy

April 22, 2010 by Dissent

It seems that every week, social networking sites or free services are unilaterally changing their features and exposing people’s private information without prior consent or a chance to fully opt out before changes are implemented. Over on Windows Secrets, Woody Leonhard blogs:

In its rush to take on Facebook and Google Buzz, Microsoft is now collecting and displaying personal information on your Hotmail page — information you may never have wanted to broadcast.

Exactly how it’s mining this information is something of a mystery, but if you use Hotmail or Windows Live, it’s time to review your privacy settings — lest something you said or did comes back to haunt you.

One user signed in to her Hotmail account recently and was greeted with Microsoft’s new, improved social networking splash page, shown in Figure 1.


Unless somebody in Redmond shows a little common sense and restraint, this foray into public — and potentially embarrassing — data mining could bring with it legal liabilities.

Given the murkiness of this new social networking scheme, I’d just as soon opt out — if I could only figure out how.

Read more on Windows Secrets.

Adventures in Academia! “What? Youse didn't know about dat?”

Legal spying via the cell phone system

April 22, 2010 by Dissent

Elinor Mills reports:

Two researchers say they have found a way to exploit weaknesses in the mobile telecom system to legally spy on people by figuring out the private cell phone number of anyone they want, tracking their whereabouts, and listening to their voice mail.

Independent security researcher Nick DePetrillo and Don Bailey, a security consultant with iSec Partners, planned to provide details in a talk entitled “We Found Carmen San Diego” at the Source Boston security conference on Wednesday.

“There are a lot of fragile eggs in the telecom industry and they can be broken,” Bailey said in an interview with CNET. “We assume the telecom industry protects our privacy. But we’ve been able to crack the eggs and piece them together.”

Read more on cnet.

Update: a reader sends in a link to coverage of this story on The Register.

Spying on the Court? Is the legal research done by Judges “public records?” Can I get them in advance of court decisions in order to do a bit of futures trading (as in, the plaintiff has no future)

Were ‘governmentwatcher’ posts made by same user as ‘lawmiss’?

April 23, 2010 by Dissent

In for a penny, in for a pound? As if it was not enough to reveal the possible identity of an anonymous commenter on their web site, the Plain Dealer now goes further and attempts to link Judge Strickland Saffold to a second anonymous commenter’s account. James F. McCarty reports:


Comments under the two usernames cover many of the same topics, criticize many of the same people, misspell some of the same words and use identical colloquialisms. They also both stopped posting comments on the same day, March 19, for unknown reasons.

Saffold has denied making the lawmiss comments about cases in her courtroom, but she has declined to be interviewed about whether she posted governmentwatcher comments.


The Plain Dealer filed a request for public records showing all websites visited by the desktop computer assigned to Saffold. The computer is in Saffold’s private chambers, across a hallway from her courtroom. County computer servers keep track of the time and date and Web domain of each site visited by each computer on a county server. The servers take note every time a computer user hits the “enter” button, to visit a website, refresh a Web page or submit an online comment.

In response to the newspaper’s request, the court administrator provided 849 pages of data, detailing all Internet activity by Saffold’s computer from Jan. 4. Through March 19. Earlier records are unavailable. [I hope they asked for the record retention policy at the same time... Bob] The newspaper compared the dates and times that Saffold’s computer visited pages on to the dates and times that comments were left by lawmiss and governmentwatcher.

Altogether, 50 lawmiss and governmentwatcher comments were posted within two minutes of Saffold’s computer clicking on a page at or an affiliated site,, the analysis found.


Here's a thought. Could this be the future of Journalism?

Googling the Trail of a Serial Rapist

Posted by timothy on Thursday April 22, @03:17PM

theodp writes

"Innovative Interactivity has a behind-the-scenes look at the Washington Post's On the Trail of a Serial Rapist series. Information Designer Kat Downs details her experience designing and building the impressive interface for the series, including the use of Google Maps to track the rapist. Wary, perhaps, that it might encourage vigilantism, the WaPo stopped short of allowing readers to add their own input to the maps and urged anyone with additional information to contact the police."

Every student a programmer? Them folks at MIT got skills!

Sikuli – Create Automation Scripts Easily Using Screenshots

by Varun Kashyap on Apr. 22nd, 2010

Sikuli takes all the pain and learning away from creating an automation script. If you can take screenshots, then you can script with Sikuli as well.

… To let Sikuli know that you want to click you write “click” and enclose a screenshot of where you want to click within a pair of braces. You don’t even have to crop and position the screenshot, Sikuli does that for you. Just type “click(” and then press SHIFT + ALT + 2 and Sikuli lets you capture a screenshot. Be concise, while including a bit of context within your screenshot. Position the crosshair roughly where you want to click and make sure that your screenshot is fairly unambiguous.

Here is a video demo to further help you along in creating your first Sikuli automation script.

Project Sikuli

Thursday, April 22, 2010

Being sociable can cost you...

Are Buzz, Facebook and Twitter creating ’social insecurity’?

April 21, 2010 by Dissent

Mike Elgan writes:

An insurance expert told the Britain’s Telegraph newspaper that using location-centric mobile social services like Google Buzz, Twitter , Facebook and Foursquare could raise your home insurance premiums, or even result in the denial of insurance claims.

Wait, what?

A gag Web site launched this week called “Please Rob Me” raised an ugly but obvious truth about location-based mobile social networking: When you tell the public where you are, you’re also telling burglars you’re not at home. The site originally displayed a real-time stream of Twitter and Foursquare posts that might interest criminals.

Twitter has since pulled the plug, apparently, and now all Please Rob Me posts are from Foursquare. Each post begins with the user’s name, followed by “left home and checked in” followed by an exact address of where the person is.

Insurance industry watchers like the one quoted by the Telegraph predict that after customers get burglarized and file claims on stolen property, the insurance companies will probably investigate to see whether the customer broadcast information over social networks in a way that constitutes “negligence.” They could also make “social networker” the homeowners insurance equivalent of “chain smoker” in health insurance — a category of customers who are charged higher premiums.


Related: Using Facebook or Twitter ‘could raise your insurance premiums by 10pc’

It's like having an e-Butler...

The High-Tech, Luxury, Surveillance Hotel

… When a guest enters a room, curtains automatically open, music plays, the TV activates and climate controls bring the room to a preset temperature.

If a guest leaves, the lights go out, curtains close, the TV and music shut off, and the temperature reverts to a preset, personalized setting. All room features (including the "Do Not Disturb" sign) can be manipulated with a Control 4 touchscreen room-automation remote control, or directly through the room's HDTV. A forthcoming iPad app will also allow the tablet to double as a room remote.

Since guests register with the Aria's data system, the hotel can store all room setting information indefinitely. If a guest returns a year later, their room can be prepped with the same lighting, entertainment and climate settings as during their previous stay.

“Everything does not mean everything, it just means everything. We couldn't be clearer!”

North Carolina defends request for customer records

by Declan McCullagh April 21, 2010 11:17 AM PDT

North Carolina's tax collectors said Wednesday that they never demanded personal information such as book titles from, which filed a federal lawsuit against the state this week seeking to keep that information confidential.

"Amazon's complaint is misleading in alleging the department has required detailed information revealing personal consumer preferences, such as book titles," North Carolina Secretary of Revenue, Kenneth Lay, said in a statement.

But CNET has obtained correspondence from the Department of Revenue that calls North Carolina's claim into question.

In a letter to Amazon dated December 1, 2009, Romey McCoy, the Department of Revenue's audit manager, asked for "all information" relating to nearly 50 million purchases that customers in that state had made between 2003 and 2010. McCoy's letter did not exempt the titles of books or Blu-Ray movies, and did not address the privacy implications of the request.

Amazon subsequently turned over limited, anonymous information: the amount of the purchase, the seller, and the postal code it was sent to.

McCoy replied in a second letter on March 19, 2010 saying Amazon had until this Monday to divulge the full records of each transaction or North Carolina "will" take legal action. To punctuate his threat of litigation, McCoy's letter copied two assistant attorneys general from the North Carolina Department of Justice.

Should be worth a read...

Article: The Puzzle of Brandeis, Privacy, and Speech

April 22, 2010 by Dissent

Over on Concurring Opinions, Danielle Citron calls our attention to this article by Neil Richards:

The Puzzle of Brandeis, Privacy, and Speech

Neil M. Richards

Washington University School of Law

Vanderbilt Law Review, Vol. 63, 2010


Most courts and scholarship assume that privacy and free speech are always in conflict, even though each of these traditions can be traced back to writings by Louis D. Brandeis – his 1890 Harvard Law Review article “The Right to Privacy” and his 1927 concurrence in Whitney v. California. How can modern notions of privacy and speech be so fundamentally opposed if Brandeis played a major role in crafting both? And how, if at all, did Brandeis recognize or address these tensions? These questions have been neglected by scholars of First Amendment law, privacy, and Brandeis. In this paper, I argue that the puzzle of Brandeis’s views on privacy and speech can be resolved in a surprising and useful way.

My basic claim is that Brandeis came to largely abandon the tort theory of privacy he expounded in “The Right to Privacy.” As a young lawyer, Brandeis conceived of privacy as a tort action protecting emotional injury from newspaper stories that revealed private facts. But Brandeis’s ideas evolved over his life. He soon came to believe strongly in a contrary idea he called “the duty of publicity.” This is the notion that disclosure of most kinds of fraud and wrongdoing are in the public interest; that as he famously put it, “sunlight is the best disinfectant.” When Brandeis came to think through First Amendment issues after the First World War, tort privacy could no longer consistently fit into his influential theories of civil liberty.

But while Brandeis changed his mind about tort privacy, what he replaced it with is even more interesting. In his Olmstead dissent and free speech writings, Brandeis identified a second conception of privacy that I call “intellectual privacy.” Brandeis reminds us that the generation of new ideas requires a certain measure of privacy to succeed, and that in this way intellectual privacy and free speech are mutually supportive. I conclude by suggesting some contemporary implications of Brandeis’s rejection of tort privacy and his linkage of intellectual privacy with free speech.

You can download the full article from ssrn.

Double-Secret Probation has been lifted! There are now only 26 Copyrights. I own the rights to the letter “E”

Draft of ACTA released

April 22, 2010 by Dissent

The draft of the Anti-Counterfeiting Trade Agreement (ACTA) was released yesterday, and there’s a lot of buzz because it does not contain a “three-strikes” rule for those who illegally download copyrighted material. Here are some links to some of the coverage and commentary:

Rashmi Rangnath, staff attorney for Public Knowledge, provides an analysis and commentary, here.

Joelle Tessler of the Associated Press focuses on technology companies’ fears that the provisions could open the door to “second liability,” here.

Nate Anderson of Ars Technica has a round-up of reactions from different types of stakeholders, here, while Juliana Gruenwald of the National Journal provides more reactions here.

On NPR, perhaps Canadian law professor Michael Geist said it best:

If you’ve got Europe and the United States and Australia and other countries all claiming that ACTA is fully consistent with their domestic laws, they can’t all be right, or at least they can’t all be right once an agreement is finally concluded. And it seems to me more likely that they’ll all be wrong, that in a sense, everybody is going to have to make some shifts, and everybody is going to face some amount of change on the domestic front.

I'd like to know who the “lawyers representing Google rivals” are, so I can Google them.

Group Calls For Google Antitrust Probe

Posted by samzenpus on Wednesday April 21, @07:21PM

CWmike writes

"Advocacy group Consumer Watchdog called on the DOJ to launch a broad antitrust investigation into Google's search and advertising practices and consider a wide array of penalties, including possibly breaking the company up (PDF). The watchdog, along with a mobile entrepreneur and two lawyers representing Google rivals, called for an investigation focusing on a number of issues, including Google's marriage of search results to advertising and its book search service. '… We think all remedies should be on the table, including, we think, the possible breakup of the Internet giant,' said John Simpson of Consumer Watchdog. Adam Kovacevich, senior manager for global communications and public affairs at Google, discounted the criticisms, saying Consumer Watchdog has been 'relentlessly negative' about Google. The group recently questioned the reasons why Google stopped censoring search results in China, and criticized Google's privacy Dashboard as inadequate, Kovacevich said."

First, do no harm There is a fix out already, but it's complicated...

Botched McAfee update shutting down corporate XP machines worldwide

Now I can truly overload my Statistics students!

UK University Researchers Must Make Data Available

Posted by timothy on Wednesday April 21, @06:14PM

Sara Chan writes

"In a landmark ruling, the UK's Information Commissioner's Office has decided that researchers at a university must make all their data available to the public. The decision follows from a three-year battle by mathematician Douglas J. Keenan, who wants the data to do his own analysis on it. The university researchers have had the data for many years, and have published several papers using the data, but had refused to make the data available. The data in this case pertains to global warming, but the decision is believed to apply to any field: scientists at universities, which are all public in the UK, can now not claim data from publicly-funded research as their private property."

(Related) Little Green Men, here I come!

SETI To Release Data To the Public

Posted by timothy on Wednesday April 21, @04:48PM

log1385 writes

"SETI (Search for Extraterrestrial Intelligence) is releasing its collected data to the public. Jill Tarter, director of SETI, says, 'We hope that a global army of open source code developers, students, and other experts in digital signal processing, as well as citizen scientists willing to lend their intelligence to our exploration, will have access to the same technology and join our quest.'"

Graphic If nothing else, the speed graphs are interesting...

State of the Internet

Open Source Intelligence

5 Sites to Find Local Newspapers Published Around the World

Have eReaders become a commodity? Looks like.

Target to begin selling the Kindle

Selling advanced degrees... 'cause “Smarts is good for you!”

April 21, 2010

Census Bureau Reports Nearly 6 in 10 Advanced Degree Holders Age 25-29 Are Women

News release: "The U.S. Census Bureau reported today more women than men are expected to occupy professions such as doctors, lawyers and college professors as they represent approximately 58 percent of young adults, age 25 to 29, who hold an advanced degree. In addition, among all adults 25 and older, more women than men had high school diplomas and bachelor’s degrees. The tabulations, Educational Attainment in the United States: 2009, showed that among people in the 25-29 age group, 9 percent of women and 6 percent of men held either a master’s, professional (such as law or medical) or doctoral degree. This holds true for white, black and Hispanic women. Among Asian men and women of this age group, there was no statistical difference. The data also demonstrate the extent to which having such a degree pays off: average earnings in 2008 totaled $83,144 for those with an advanced degree, compared with $58,613 for those with a bachelor’s degree only. People whose highest level of attainment was a high school diploma had average earnings of $31,283."

Wednesday, April 21, 2010

I think it's time these folks hired a lawyer and let him speak for them.

Filing states student broke rules and had no expectation of privacy

April 21, 2010 by Dissent

Derrick Nunnally reports that the Lower Merion School District IT coordinator is firing back against Harriton High School sophomore Blake Robbins’ lawsuit.

Even in his own home, the Harriton High School sophomore had “no legitimate expectation of privacy” from the camera on his school-issued laptop, information systems coordinator Carol Cafiero contended in a court filing on Tuesday.

Cafiero – who is on paid leave while the district investigates the laptop controversy – claimed Robbins lost any legal protection from the Web-camera security system when he took a school laptop home without permission.


Robbins had previously broken “at least two” school computers and did not pay the insurance fee required to get permission to take home the Apple MacBook that later snapped his pictures, Cafiero’s attorney, Charles Mandracchia, wrote in the filing.

“When you’re in the home, you should have a legitimate expectation of privacy,” Mandracchia said in an interview. “But if you’re taking something without permission, how can you cry foul when you shouldn’t have it anyway?”


Okay, assuming for the moment that that’s correct,what about other people in the home who do have a reasonable expectation of privacy and may have been caught on camera?

And if the district really thought it was lost/stolen, why didn’t they contact him and turn off the webcam after the very first pictures showing him using it? In other reporting on the case, Richard Ilgenfritz notes:

Haltzman believes there could be more images of his client than the more than 400 the district told him it recovered.

“In fact, as to Blake Robbins, the LANrev spying technology was activated from Oct. 20 through Nov. 4 but the 430 images recovered were only for the first eight days. LMSD [the Lower Merion School District] has yet to account for the images taken from Blake Robbins’ computer for seven days.”

This case is shaping up to become a lot nastier and more complicated with each new round of accusations.


Lower Merion’s headaches mount

April 20, 2010 by Dissent

Not only is the Lower Merion School District garnering increasing negative media coverage as new data emerges about the extent to which it used a webcam feature to take and store digital images of students in their homes and as an employee pleads the Fifth Amendment, but it seems that Lower Merion’s own insurance company is declining to defend it. From Courthouse News:

Despite the Lower Merion School District’s $1 million policy, Graphic Arts Mutual Insurance claims it has no obligation to defend the district from a lawsuit accusing it of spying on students and families through Webcams in students’ school-issued computers, in Philadelphia Federal Court.

You can read the complaint on Courthouse News. Basically, Graphic Arts argues that the actions alleged in the lawsuit filed by the Robbins family are not “personal injury” or otherwise do not fall under any of the covered provisions in the district’s $1,000,000 insurance policy. Therefore, the insurance company argues, they should not be required to defend the district or be on the hook should the district lose in the civil suit against it.

The big unanswered question: What would it have cost to protect the data in the first place?

TJX Adds Again To Its Breach Cost, But It Doesn’t Really Matter

April 21, 2010 by admin

Evan Schuman writes:

With TJX having suffered well more than $47 million in out-of-pocket expenses from its infamous data breach (announced in 2006 but beginning as early as 2003), the $20 billion retailer is preparing to write still more checks. It has now set aside another $23.5 million for additional anticipated breach costs, according to its most recent 10-K statement filed to the SEC.


TJX has for years been the Poster Child for retail data breach. And to date, it is also the best example of how little material impact these breaches have. Please don’t get us wrong. Even for a $20 billion chain, $50 million (and potentially many millions more) still stings.

But sting is about as bad as it gets.

Read more on StorefrontBacktalk.

If you outlaw DPI, only outlaws will have DPI!” Where have I heard that argument before? Can we agree that tools do not operate themselves? Tools enable or facilitate acts, but it is the actors who choose how to act.

Banning deep packet inspection would have ‘damaging consequences across the Internet,’ says Sandvine

April 20, 2010 by Dissent

Deep packet inspection (DPI) technology doesn’t threaten people’s privacy. People threaten people’s privacy.

Or that’s what Canadian network policy control solutions company Sandvine Inc. suggests in a recent submission to the privacy commissioner.

The Office of the Privacy Commissioner of Canada will be holding consultations on the privacy implications of emerging technologies, such as DPI, in April, May and June in Montreal, Toronto and Calgary.

DPI is a networking technology currently used by Internet service providers (ISPs) to monitor and control data traffic.

While DPI can be used to maintain the integrity and security of networks, it can also provide third parties the ability to view private information sent over the Internet.


In a consultation submission to the privacy commissioner, obtained by The Wire Report through federal access-to-information law, Sandvine argues that the debate should be on how people use technology to acquire personal information online, not on the technology itself.

The company says the commissioner’s review of emerging technologies should be technology-neutral.

“Banning the use of DPI, as some have suggested is necessary based on privacy implications, would have far-reaching and damaging consequences across the Internet, where the technology is used extensively. Instead, when considering the privacy implications of DPI, as with any technology, the focus should be on the use case, not the technology itself,” the company says.

Read more on The Wire Report.

Should be an interesting argument.

Amazon fights demand for customer records

by Declan McCullagh April 19, 2010 3:43 PM PDT filed a lawsuit on Monday to fend off a sweeping demand from North Carolina's tax collectors: detailed records including names and addresses of customers and information about exactly what they purchased.

The lawsuit says the demand violates the privacy and First Amendment rights of Amazon's customers. North Carolina's Department of Revenue had ordered the online retailer to provide full details on nearly 50 million purchases made by state residents between 2003 and 2010.

… Because Amazon has no offices or warehouses in North Carolina, it's not required to collect the customary 5.75 percent sales tax on shipments, although tax collectors have reminded residents that what's known as a use tax applies on anything "purchased or received" through the mail.

... North Carolina's aggressive push for customer records comes as other states are experimenting with new ways to collect taxes from online retailers. California may require retailers to report the total dollar value of purchases made by each state resident, as CNET reported last month, and Colorado already has enacted such a law. A decision is expected at any time in a related case that Amazon filed against New York state.

(Related) Are these request less likely to concern the Revenuers?

Google: U.S. Demanded User Info 3,500 Times in 6 Months

April 20, 2010 by Dissent

Ryan Singel reports:

Search engines and ISPs have for years refused to tell the public how many times the cops and feds have forced them to turn over information on users.

Google broke that unwritten code of silence Tuesday, unveiling a Government Requests Tool that shows the public how often individual governments around the world have asked for user information, and how often they’ve asked Google to remove content from their sites or search index, for reasons other than copyright violation.

The answer for U.S. users is 3,580 total requests for information over a six-month period from July 2009 to December 2009. That number comes to about 20 a day, and includes subpoenas and search warrants from state, local and federal law enforcement officials. Brazil just edges out the U.S. in the number of requests for data about users, with 3,663 over those six months. That’s due to the continuing Brazilian popularity of Google’s social networking site, Orkut.

Read more on Threat Level.

Addiction is addiction, be it crack or e-crack.

April 20, 2010

Pew Internet Study: Teens and Mobile Phones

Teens and Mobile Phones - Text messaging explodes as teens embrace it as the centerpiece of their communication strategies with friends, April 20, 2010

  • See also via EPIC: "The U.S. Supreme Court held arguments in City of Ontario v. Quon. The Court will determine whether a government employer can review the contents of private text messages sent from an employee's pager through a private communications company. EPIC filed a "friend of the court" brief arguing that data minimization practices should be applied to public sector searches and that the search was therefore unreasonable."

How to build massive customer resentment. MBA HAT: Are the ads annoying your customers? Are you losing customers because of them? Are a large enough percentage of customers blocking ads to cause you to lose money? [Odds are, they can't answer any of these questions.]

Website Mass-Bans Users Who Mention AdBlock

Posted by kdawson on Wednesday April 21, @05:03AM

An anonymous reader writes to recommend TechDirt's take on the dustup over at the Escapist, which recently tried on banning users from their forums for the mere mention of AdBlock. In the thread in which the trouble started, a user complained that an ad for Time Warner Cable was slowing down his computer. Users who responded to the poster by suggesting "get Firefox and AdBlock" found themselves banned from the forums. The banned parties didn't even need to admit they used AdBlock, they simply had to recommend it as a solution to a troublesome ad. The forum's recently amended posting guidelines do indeed confirm that the folks at the Escapist believe that giving browsing preference advice is a "non forgivable" offense. After a lot of user protest, the forum unbanned the transgressors but heaped on the guilt.

(Related) ...but then, what can customers do if they can't get satisfaction from a lawsuit?

RCN P2P Settlement Is Not Even a Slap On the Wrist

Posted by kdawson on Tuesday April 20, @05:06PM

Ars covers the settlement of the RCN P2P throttling class-action lawsuit, which lets the company walk away without admitting guilt, without paying affected users, and without any meaningful restraint on their network management practices.

"[The] settlement is due to be finalized on June 4. ... The case has largely flown under the radar. Yesterday, a notice ... was issued that alerted RCN customers to the settlement, and one Ars reader was aghast at the terms. Those terms provide nothing for users affected by RCN's practices. Instead, they require the cable company to change its network management practices. These changes are in two parts. ... These cessation periods would be retroactive. ... A moment's math will tell you that, when the settlement is finally approved, one cessation period will already have ended and the other will be ending soon. Once both cessation periods are over, RCN is allowed to implement whatever throttling regime it wants. Given that a federal court has just removed the FCC's authority to regulate network management, RCN appears to have carte blanche to single out BitTorrent and other P2P traffic for special throttling attention after November 1, 2010."

Short articles.

April 20, 2010

East West Institute: Global Cyber Deterrence

Global Cyber Deterrence - Views from China, the U.S., Russia, India, and Norway by Tang Lan, Zhang Xin, Harry D. Raduege, Jr., Dmitry I. Grigoriev, Pavan Duggal, and Stein Schjølberg. Edited by Andrew Nagorski. April 2010

  • "Cybersecurity looms as the 21st century’s most vexing security challenge. The global digital economy hinges on a fragile system of undersea cables and private-sector-led partnerships, while the most sophisticated military command and control systems can be interfered with by non-state as well as state actors. Technology continues to race ahead of the ability of policy and legal communities to keep up. Yet international cooperation remains stubbornly difficult, both among governments as well as between them and the private sector—the natural leaders in everything cyber. In 2007, the International Telecommunication Union (ITU) set up a High-Level Experts Group to try to address the problem but progress is slow. The European Union and Asia-Pacific Economic Cooperation (APEC) are working at the regional level. But it has only been in the past six months that public consciousness has started to grasp the scope and significance of the cybersecurity challenge. Pushed by a spate of revelations about cyber attacks worldwide, the media and key elites now seem to get it: cybersecurity is a fundamental problem that must be addressed across traditional boundaries and borders by the private and public sectors in new and cooperative ways... For this policy paper, EWI asked top cyber experts in five countries—China, the U.S., Russia, India, and Norway—to present their vision of what is needed to build an effective system of cyber deterrence. It is a first step in the process of building trust on tackling cybersecurity challenges—listening, understanding and probing the views, interests and concerns of key players in the global system."

Background is good, so this is worth reading. Then, like all white papers, they explain the benefits of email archiving, which they happen to sell.

April 20, 2010

Symantec White Paper: Problems with Microsoft Outlook Personal Storage Tables

Death to PST Files, A Symantec Hosted Services Whitepaper: "Email is one of your company’s most critical—and most widely used—assets. According to a 2009 study by The Radicati Group, the average corporate email user sends and receives 167 email messages per day. The report estimates that this number will increase to 219 messages per day by 2013. This steady flow of email messages means managing email is more difficult than ever. A company must provide employees constant access to their email accounts and manage copies of every important email to comply with regulatory requirements. If a company is faced with a lawsuit, it must have the ability to easily place legal holds on emails and conduct efficient e-discovery. Since email is the source of so much vital information, users are reluctant to delete old messages, which turns their email system into a personal email filing cabinet. In essence, users create their own email archives using PST files. Most companies impose quotas that limit the amount of storage each person can use for emails. Without these quotas, server disk drives would overflow and email systems would crash."

(Related) The Hacker business is thriving!

Symantec: 51 Percent Of All Malware Ever Was Detected In 2009

Gee Steve, doesn't this send 82.6% of your customers to the competition?

Steve Jobs Reiterates: “Folks who want porn can buy an Android phone”

Some of these (Technology and legal) are even worth while! - Where Webinars Are Listed

For your old-fashioned (low-tech) friends – the ones who just have to hold paper in their hands... Watch the short video! For my website class

Tuesday, April 20, 2010

Printliminator - Save Ink and Save Paper

Printliminator is a handy little bookmarklet for Firefox (update: it also works in Chrome and Safari) that I just learned about from Steve Dembo. Printliminator allows you to highlight a webpage and select only the elements which you wish to print. You can install Printliminator in seconds by just clicking and dragging it into your browser's toolbar.

Tuesday, April 20, 2010

Like most of the cases in this blog, the size (number of victims) grows over time. This is because management has no idea what is going on under their nose.

Lower Merion report: Web cams snapped 56,000 images

April 19, 2010 by Dissent

John P. Martin reports:

Lower Merion School District employees activated the web cameras and tracking software on laptops they gave to high school students about 80 times [Not 42 as initially claimed. Bob] in the past two school years, snapping nearly 56,000 images that included photos of students, pictures inside their homes and copies of the programs or files running on their screens, district investigators have concluded.

In most of the cases, technicians turned on the system after a student or staffer reported a laptop missing and turned it off when the machine was found, the investigators determined.

But in at least five instances, school employees let the Web cams keep clicking for days or weeks after students found their missing laptops, [Suggesting that the videos were “no big deal?” Bob] according to the review. Those computers – programmed to snap a photo and capture a screen shot every 15 minutes when the machine was on – fired nearly 13,000 images back to the school district servers.


[From the article:

In a few other cases, Hockeimer said, the team has been unable to recover images or photos stored by the tracking system.

And in about 15 activations, investigators have been unable to identify exactly why a student's laptop was being monitored.

… "The whole situation was riddled with the problem of not having any written policies and procedures in place," Hockeimer said. "And that impacted so much of what happened here."

(Completely unrelated) ...but just down the road from Ardmore PA... Another case of school management not knowing what was happening in their schools?

Indictment: Robbinsville school IT guy spied with cameras under women’s desks

April 20, 2010 by Dissent

Artemis Coughlan reports:

A technology specialist for the Robbinsville School District has been indicted by a Mercer County grand jury on charges he allegedly set up cameras to spy on female workers at the Sharon Elementary School, prosecutors said yesterday.

Carl A. Alb, 30, of Beech Street, Pennington, is charged with two counts of invasion of privacy for the alleged incident that was discovered last June, prosecutors said. Robbinsville police said no children were involved or harmed in any way. [This assumes they have seen all the images and identified all the victims? Bob]

Read more in The Trentonian.

You can have Privacy, if you work at it. (These aren't perfect, but worth knowing.)

Browse Privately

… In these private-browsing modes, now available in all major browsers, your web browser will reject cookies, stop keeping a surfing history and throw away any cached files. As a result, anyone else using your PC wouldn't have a clue what you'd been up to on the web.

Of course, it's important to realize there are plenty of ways your movements are still being tracked.

Shrink wrapping the Internet? How far can this be expanded?

Viewing a site’s jurisdiction statement did not indicate consent, says US court

April 20, 2010 by Dissent

One of the benefits of reading a lot of non-U.S. sites is that I occasionally find out about cases here in the U.S. that I might otherwise miss. In today’s news, reports on a lawsuit and ruling involving jurisdiction:

Suzanne Shell created sets of information and training materials for families dealing with state child protection services, then later sued a long list of people and organisations for what she said was unauthorised use of her copyrighted works.

Many of the people she sued claimed that the Colorado courts system had no jurisdiction over them. Shell said that many of them were subject to Colorado justice because they had used her website.

The court held that viewing a web site statement saying that anyone using the site consents to jurisdiction in her county was not equivalent to consent binding as it was not the same as site visitors consenting to those terms.

Is this a “Catch 22?”

Judge Says Internet Privacy Lawsuit Can’t Be Private

April 20, 2010 by Dissent

Darryl Huff reports from Honolulu:

A Hawaii woman who said her ex-boyfriend posted sexual pictures of her on the Internet is not being allowed to sue him anonymously.

The woman’s attorney, Christopher K. Ridder of San Francisco, said if his client is forced to reveal her name, it would make the invasion of privacy over which she is suing a public event. She is seeking to sue as “Jane Doe.”

It’s a case that raises difficult legal issues — pitting a woman’s right to privacy against the public’s right to know. It also may determine whether victims of Internet harassment feel safe using the courts for redress.

Jane Doe’s court filings say pictures her ex-boyfriend took a decade ago were posted on a website called “Private Voyeur,” which boasts it has 800,000 viewers. The photo captions revealed her name and her workplace and said she had breast enhancement.

Read more on KITV.

Interesting. This should get everyone thinking about security in the Cloud. If I can recreate your password, I don't need to attack your systems or “tap” your communications. I just logon to your system and start downloading. What indication of “evil doing” would there be for a security system to detect?

Source Code To Google Authentication System Stolen

Posted by kdawson on Monday April 19, @10:04PM

Aardvark writes

"More details are coming out about the extent of the break-in at Google a few months ago. The NY Times is reporting that one of the things stolen was the source code to Google's single sign-on authentication system, called Gaia. Though Google is making changes to the system, the theft raises the possibility that attackers could analyze the code to find new exploits to take advantage of in the future. No wonder that Eric Schmidt recently said they've become paranoid about security."

(Related) Sometimes we forget that the rest of the world works a bit differently...

Google Is Blocked In 25 Of The 100 Countries They Offer Products In


Privacy guardians warn multinationals to respect laws

Reminds me of my late Uncle Wilber, who died testing his anti-submarine idea: “We just cut a hole in the bottom of the ship and drop depth charges!” First rule of security software “Do no harm!”

IE8's XSS Filter Exposes Sites To XSS Attacks

Posted by kdawson on Tuesday April 20, @01:22AM

Blue Taxes writes

"The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat. The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server's response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack cannot succeed. The researchers figured out a way to use IE8's altered response to conduct simple abuses and universal cross-site scripting attacks, which worked against sites that would not otherwise have been vulnerable to XSS."

Here is the researchers' backgrounder (PDF) on the attack. Microsoft says that they have issued two patches that address the issue, but the researchers insist that holes remain.

The next step in my scheme to let geeks rule the world!

SEC Proposes Wall Street Transparency Via Python

Posted by Soulskill on Monday April 19, @06:25PM

An anonymous reader writes

"A US federal agency is considering the use of computing languages to specify legal requirements. 'We are proposing that the computer program be filed on EDGAR in the form of downloadable source code in Python. ... Under the proposed requirement, the filed source code, when downloaded and run by an investor, must provide the user with the ability to programmatically input the user's own assumptions regarding the future performance and cash flows from the pool assets, including but not limited to assumptions about future interest rates, default rates, prepayment speeds, loss-given-default rates, and any other necessary assumptions.' Does this move make sense? If the proposed rule is enacted, it certainly will bring attention to Python or other permitted languages. Will that be a good thing?"

The above quotes were pulled from pages 205 and 210 of the dense, 667-page proposal document (PDF). Market expert and professor of finance Jayanth R. Varma says it's a good idea.

(Related) Remember, you can't have electronic lawyers until the laws are machine readable!

April 19, 2010

Delaware Posts Authenticated PDF Version of Administrative Code

Delaware's Administrative Code

The care and feeding of your cell phone...

Cell Phone Features

My take: Because it's not “by geeks, for geeks.”

Why America's Telecom System Stinks

Analysis: Technologist Lawrence Lessig exposes a rigged system of poor service for higher cost.

For you e-Discovery lawyers (and my hackers)

Digital Photocopiers Loaded With Secrets

Your Office Copy Machine Might Digitally Store Thousands of Documents That Get Passed on at Resale

(Related) answer: nothing good. (Also: Source of the phrase “Let George do it.” is revealed)

What Can Happen When Lawyers Delegate Their e-Discovery Duties to a Client

So, would this reverse the Google convictions?

Both sides claim victory in Rome court’s privacy ruling

April 19, 2010 by Dissent

Philip Willan reports:

Both sides claimed victory Monday after a Rome judge took a minimalist view of the responsibilities of telecom carriers for stamping out online piracy in a court battle pitting copyright defenders against Internet distributors and privacy interests.

Judge Antonella Izzo rejected a request from the Audiovisual Antipiracy Federation (FAPAV) that Telecom Italia identify customers responsible for copyright violations and report them to the justice authorities, block their access to peer-to-peer Web sites where they were illegally downloading copyright material, and inform them that they had been breaking the law.

Read more on GoodGearGuide.

[From the article:

"We are very pleased because the judge has turned down all of FAPAV's principal requests and established that Telecom Italia is absolutely not responsible for the material carried over its network," a Telecom Italia source said in a telephone interview Monday.

Something for my Statistics (and Excel) students

Gadgets: Motion Chart

If you're tracking several data points to see changes over time, you can create an interactive Motion Chart. Here's how:

For my students

Top 10 Most Downloaded Utilities [Movers & Shakers]