Saturday, September 11, 2010

Local Could be an interesting resource...

Colorado gets first victims advocate for ID theft cases

September 11, 2010 by admin

David Migoya reports on how Colorado received a grant to have an ID theft victims’ advocate within law enforcement itself so that people can be referred to someone who can assist them.

Read more about it The Denver Post

Something to keep in mind: If the kids can get them without the parents, could they get several by going to several 'centres?'

UAE: Children required to get ID card

September 11, 2010 by Dissent

Binsal Abdul Kader and Rayeesa Absal report:

Children under 15 years of age should register for ID cards as per a new decision of Emirates Identity Authority, a government spokesman told Gulf News on Wednesday.

Emirates Identity Authority (EIDA) Director General Dr Ali Al Khoury said: “Now ID card is mandatory for children under 15.”

Earlier, registering children with the authority’s population register was mandatory, but getting an ID card for them was optional.

“The new decision does not make any extra burden on parents [except a fee] as children can complete the registration at certified typing centres without the need to visit the authority’s registration centres,” he said.

Read more in Gulf News

This could be useful in criminal investigations, but will it “migrate” to job applicants or Insurance companies or high schools?

Oh no… another “reasonable expectation of privacy” morass looming?

September 10, 2010 by Dissent

Via Security Curve, take a look at the Intelligent Fingerprinting site, where they advertise:

The company has developed a series of reagents for the detection of illicit drugs in fingerprints which will be available in 2010:

  • IntelliPrint ™ Cannabis assay

  • IntelliPrint ™ Methadone assay

  • IntelliPrint ™ Cocaine assay

So… does this mean that if you leave your fingerprints anywhere in public, you have no reasonable expectation of privacy from the government testing your fingerprints for drug use and then using that evidence against you?

Lawyers? Anyone?

At last we will have an answer to the question we have been awaiting for thousands of years!

Do Egyptian mummies have a right to privacy?

By Dissent, September 10, 2010

Okay, I’ve occasionally blogged about the right to privacy for the deceased, so this article by Jo Marchant in New Scientist really caught my eye. Here’s how it begins:

Should we consider the privacy or reputation of the individual when analysing an Egyptian mummy? The assumption that ancient corpses are fair game for science is beginning to be challenged.

Though strict ethical guidelines apply to research on modern tissue samples, up until now there has been little discussion about work on ancient human remains. In a recent paper in the Journal of Medical Ethics (DOI: 10.1136/jme.2010.036608), anatomist Frank Rühli and ethicist Ina Kaufmann of the University of Zurich, Switzerland, argue that this is disturbing because research on mummies is invasive and reveals intimate information such as family history and medical conditions. And, of course, the subjects cannot provide consent.

“The human body, alive or dead, has a moral value,” says Rühli, who is himself involved in mummy research. He says that no matter how old a body is, researchers must balance the benefits of their research against the potential rights and desires of the deceased individual.

Read more on New Scientist. I’m glad to see a thoughtful discussion of the issue.

What are the risks of Cloud Computing?

Great resource:

September 10, 2010 by admin

The good folks at Open Security Foundation have created a database of cloud computing incidents. The incidents are tagged as “AutoFail,” “DataLoss,” “Hack,” “Outage,” or “Vulnerability,” permitting researchers and professionals to analyze different types of incidents. As of this morning, there are 222 incidents in the database as they have backfilled some earlier incidents going back to 1998.

Check it out at Via Voltage.

“Behavioral Advertising is so profitable we need to ensure that we gather the information, even if we promised we wouldn't.” Never assume it is deliberate when ignorant is more likely?

Privacy Snafu As Web Sites Bypass Cookie-Blockers

September 10, 2010 by Dissent

Wendy Davis reports on the new research report out of Carnegie Mellon mentioned earlier today on this site.

Last year, researchers at UC Berkeley documented that some Web companies appeared to be circumventing users’ privacy settings by using Flash cookies to recreate deleted HTTP cookies. Now, a new report by Carnegie Mellon indicates that Web sites are thwarting users’ privacy choices by providing erroneous information to Microsoft’s Internet Explorer.

Read more on Media Post. I’ll also have more on this research report and its implications next week.

[From the article:

Like other browsers, Explorer allows users to automatically reject certain cookies, including tracking cookies. In order to honor users' preferences, Explorer and other browsers rely on Web site operators to create accurate "compact policies" or CPs -- described by researchers as "a collection of three-character and four-character tokens that summarize a website's privacy policy pertaining to cookies."

The problem is that a great many sites aren't doing so.

… "It appears that large numbers of websites that use CPs are misrepresenting their privacy practices, thus misleading users and rendering privacy protection tools ineffective," the summary says.

I love a good argument.

Property as Privacy: The Old Supreme Court Did It Better

September 11, 2010 by Dissent

Alex Harris writes:

Up until I began doing my reading for this fall’s Criminal Procedure: Investigation course, I largely bought the heroic Warren Court story of privacy and the Fourth Amendment.

The story is simple: The Supreme Court, concerned only with helping businesses through decisions like Lochner, had left people unprotected from warrantless searches and seizures. In decisions like Olmstead v. United States (holding that a warrantless wiretap did not violate the Fourth Amendment), the Court threw privacy under the bus. But, as with the First Amendment, Brandeis and Holmes dissented, presaging the arrival of the glorious Warren Court, which overturned Olmstead in Katz v. United States.

Though, unlike many FedSocers, I love the Warren Court and its expansion and constitutionalization of personal liberties both procedural and substantive, the heroic story just isn’t quite right.

Read more on The Technology Liberation Front.

We knew that... Didn't we?

Court Says First Sale Doctrine Doesn't Apply To Licensed Software

Posted by Soulskill on Friday September 10, @05:21PM

An anonymous reader wrote to tell us a federal appeals court ruled today that the first sale doctrine is "unavailable to those who are only licensed to use their copies of copyrighted works." This reverses a 2008 decision from the Autodesk case, in which a man was selling used copies of AutoCAD that were not currently installed on any computers. Autodesk objected to the sales because their license agreement did not permit the transfer of ownership. Today's ruling (PDF) upholds Autodesk's claims: "We hold today that a software user is a licensee rather than an owner of a copy where the copyright owner (1) specifies that the user is granted a license; (2) significantly restricts the user’s ability to transfer the software; and (3) imposes notable use restrictions. Applying our holding to Autodesk’s [software license agreement], we conclude that CTA was a licensee rather than an owner of copies of Release 14 and thus was not entitled to invoke the first sale doctrine or the essential step defense. "


Patent Office Admits Truth — Things Are a Disaster

Posted by timothy on Saturday September 11, @08:01AM

"For years the US Patent and Trademark Office has published data to show how well it and the patent system were running. Under new leadership, the USPTO has begun to publish a dashboard of information, including a new look at questions like how long does it really take to get a final answer on whether you will receive a patent or not? The pat answer was, on the average, about 3 years. But with the new figures, it's obvious that the real number, when you don't play games with how you define a patent application, is six years. The backlog of patents is almost 730K. And the Commerce Department under the Obama administration wants the average down to 20 months. How does this happen? Only if everyone closes their eyes and pretends. It's time to take drastic action, like ending software patents. As it is, by the time companies get a software patent, there's little value to them because, after six years, the industry has already moved on."

Think they'll fight over 2/19000ths slipping through their net? (That's the US Copyright Group for those not following this, not the Coast Guard.)

BitTorrent John Does Catch a Break as Judge Reignites Jurisdiction Issue

September 10, 2010 by Dissent

Thomas Mennecke reports:

Every single US Copyright lawsuit against nearly 19,000 John Does has been filed in Washington DC. Discovery has been granted in every case, which means the identification process against many of these individuals is taking place as you read this article. Before the USCG can obtain the identifiable information associated with the IP address collected during their copyright infringement investigation, they have the opportunity to file a motion to quash – or prevent the USCG from obtaining their information.


… two of the defendants were located outside the District of Columbia. In an order rarely seen in these cases, the Judge ruled that the USCG must show cause by September 30th why the cases against them shouldn’t be dismissed due to jurisdiction.

“These defendants appear to live outside of Washington, D.C… Because they live elsewhere, it is questionable whether [defendants] had sufficient contact with the District of Columbia to warrant this Court’s exercise of personal jurisdiction over them.”

Read more on Slyck.

Related: Ars Technica: “Questionable” whether lawyers can sue 14,000 P2P users in 1 court

We have always had “shadow organizations” within organizations. They do the real work that isn't accurately reflected in the organization chart. Why wouldn't they develop their own systems?

September 10, 2010

Article Highlights 5 Shadow IT Enterprise Apps

5 Companies Thriving on the Rise of Shadow IT: "Shadow IT refers to "IT systems and IT solutions built and used inside organizations without organizational approval." In the past few years, it's gone from being considered a problem to being consider something to be embraced and learned from. Thanks to SaaS, entire companies have been built on Shadow IT decisions." [Darlene Fichter]

Slick! - A Very Dynamic Visual Dictionary

Not only does Snappy Words let you learn what any word means, it can actually work as a dynamic thesaurus that will show you how words relate to each other. These connections are displayed on a web that can be repositioned and explored at will, and the way everything works means that you can end up far away from where you started in just a couple of clicks. And yet, the relation will never be an irrational one Everything is going to make perfect sense.

This service is absolutely free. You don’t have to sign up in order to look anything up. And there is no limit to the number of searches that you can actually carry either.

Friday, September 10, 2010

For my Ethical Hackers

Event: Join the Future of Privacy Debate on Sept 14th

September 9, 2010 by Dissent

From ISOC:

Save the date! Join the debate on September 14th from 11:30 to 13:30 (Eastern European Time) when the Internet Society and the Electronic Frontier Foundation (EFF) will host a panel discussion about the future of Internet Privacy, live from the 2010 Internet Governance Forum (IGF) in Vilnius, Lithuania.

The link to join the debate will be posted on the Internet Governance Forum’s site prior to the meeting. You also have the option of participating by joining one of the regional IGF hubs.

Discussion topics:

  • Identity and anonymity

  • Social networks

  • Location data

  • Cloud computing

  • Privacy enhancing technologies/privacy by design

  • Privacy policies

  • Law and enforcement

Send your questions to the panel

If you have any questions you would like the panelists to address, send them to We look forward to hearing from you!

For my Computer Security students

Cybercriminals Create 57,000 Fake Sites Each Week

Posted by CmdrTaco on Thursday September 09, @11:32AM

"In a recent investigation, it was discovered that cybercriminals are creating 57,000 new 'fake' websites each week looking to imitate and exploit approximately 375 high-profile brands. eBay and Western Union were the most targeted brands, making up 44 percent of exploited brands discovered. Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals. Banks comprise the majority of fake websites by far with 65 percent of the total. Online stores and auction sites came in at 27 percent, with eBay taking the spot as the No. 1 most targeted brand on the Web today."

How did we “Google” before we had computers?

Thursday, September 09, 2010

Where have I heard this before? The title caught my eye, but the argument is strange. In essence: “you don't need a warrant, but you should justify the whole concept of search?”

Just Because You Can, Doesn’t Mean You Should

September 8, 2010 by Dissent

Law Professor Michael Scott writes:

When I was growing up, my dad always told me that “just because you can do something, doesn’t mean you should.” Just because you can climb that tall tree, doesn’t mean you should. Just because you can ride your bike on that busy street, doesn’t mean you should. It was good advice that I have passed onto my kids.

It’s advice that also applies in the technology field. Just because we can develop certain technologies, doesn’t mean we should do so. Think of chemical weapons. World leaders have decided that such weapons should not be produced or deployed, even though we have the ability to do so.

It also should be applied in the tech law field. Particularly where we are dealing with technology that can invade people’s privacy. Two lines of cases come to mind.

Read more on Singularity Law.

On the other hand, just because some of your heavy campaign contributors object is no reason to NOT do it!

Online Ads, Privacy Remain In FTC Crosshairs

Posted by samzenpus on Wednesday September 08, @07:07PM

"The FTC wants to give users a browser-based tool for opting out of online behavioral tracking, a proposal that has privacy advocates cheering and online advertisers up in arms. A key issue, says FTC attorney Loretta Garrison, is that while most consumers know they're tracked online, they don't fully appreciate how much information is collected. Tim O'Reilly, founder and CEO of O'Reilly Media, worries about knee-jerk legislation criminalizing mistakes that are an inherent part of applying any new technology." [True, but that doesn't seem to be the issue here. Bob]

...and sometimes you need to develop a “can” just so you can make more money!

Why Google Instant May Make You Click On More Ads

… Impressions will go up, because of the new “3 seconds counts as an impression” rule as well as the rule that any page engagement also counts. But, from an advertiser perspective, that “20 times as many searches” statistic tossed around today is going to be more conservative.

… Not surprisingly, Vallaeys refused to speculate when asked for an estimate of how much revenue this improved Adwords campaign performance could mean to Google. My guess: A lot.


Google-alarm: Know when Google is collecting personal information

… It is a Firefox add-on that alerts you whenever data is being sent to Google servers from your computer.

Most of the Google services like Gmail, Google Adsense, Analytics and YouTube are ubiquitous on the web, and when you visit a site that hosts code provided by any of the above services, the tracking process by Google begins.

I submit that changing how the image is displayed (to the scan-ee?) does not mean that the identical scan is made, nor that the “naked image” is not saved for the later amusement of the TSA (and possible release to the tabloids) This is merely “Privacy Theater”

Airport ‘Naked Image’ Scanners May Get Privacy Upgrades

September 8, 2010 by Dissent

John Hughes reports:

Holli Powell, a Phoenix medical- software consultant who flies every week, says she avoids getting into airport security lines that end at what she calls a humiliating full-body scanner.

“Those scanners, I feel, are above and beyond,” Powell, 35, said in an interview. They generate “nearly naked images.”

The concerns of travelers such as Powell, which led privacy advocates to sue the government, may soon be eased. L-3 Communications Holdings Inc. and OSI Systems Inc.’s Rapiscan, makers of the scanners for U.S. airports, are delivering software upgrades that show a generic figure rather than an actual image of a passenger’s body parts. The new display would mark sections of a person’s body that need to be checked.

Read more on Bloomberg.

[From the article:

The revisions “certainly address most of the privacy concerns,” Peter Kant, a Rapiscan executive vice president, said in an interview. [Note that “addresses” is not the same as “removes” Bob]

This is far too valuable a market segment. Anyone who watches this type of “entertainment” is a ready market for Graduate programs in Philosophy, scientific journals, etc.

Class Claims Fox Hacks Into Computers

September 8, 2010 by Dissent

Karina Brown reports:

A class action claims Fox Entertainment Group hacked into millions of computers to install “rogue, cookie-like tracking code” to snoop on people who visit Fox’s “American Idol” website.

The class claims Fox and Clearspring Technologies committed crimes, circumvented privacy settings, and that the rogue devices reinstall themselves even if their victims can find and delete them.

Lead plaintiff Erica Intzekostas claims Fox and Clearspring Technologies concocted the plan “so they could help themselves to users’ personal information, and continue doing so for as long as defendants liked without ever having to ask or take a user’s ‘no’ for an answer. In fact, users’ ‘no’ answers were the reason defendants devised the scheme in the first place.”

Read more on Courthouse News, where you can also see a copy of the complaint (pdf).

If they're gonna keep objecting to our goals, we won't tell them what they are any more!

INDECT – Privacy Ethics In A Secret Project

September 8, 2010 by Dissent

A new document on ethical issues published by the INDECT European research project on public surveillance has once more attracted the scrutiny of the media. Previous allegations of secrecy were followed by an attempt to strengthen the project’s Ethics Board. The new document however notes that addressing ethical concerns requires time that cannot be spent on research. It therefore recommends to simply stop disclosing any project deliverables that could negatively impact “organisational reputation” and other sensitive topics.

The INDECT Project, funded with almost 11 million euros, aims to research on “Intelligent information system supporting observation, searching and detection for security of citizens in urban environment” but was qualified by The Telegraph last year as the “‘Orwellian’ artificial intelligence plan to monitor public for ‘abnormal behaviour’”.

Following the article, a lot of public pressure was put from media, civil society and the European Parliament. MEPs addressed to the European Commission 10 questions in the past year related to the project and its privacy ethics.

One of the answers of the European Commission was: “In order to further enhance the role of the project’s Ethics Board, the Commission will recommend to the project to add an additional independent expert. This expert will have proven expertise in ethical and data protection issues”, but, so far, the Ethics board has been dominated by Police Officers and no privacy experts.

Read more on European Digital Rights.

Research into the obvious?

Narcissists, Insecure People Flock To Facebook

Posted by CmdrTaco on Wednesday September 08, @01:50PM

"A study out of Canada claims that Facebook is a magnet for narcissists and people with low self-esteem. The theory is that these people use the site as a means of self promotion or to feel important."

It's for the children!

Big Brother in Iowa? School District Monitors Kids’ Lunch Choices

September 8, 2010 by Dissent

Jana Winter reports:

An Iowa school district’s lunch program asks children as young as 5 years old to memorize a four-digit PIN code so it can monitor what they eat in the school cafeteria — prompting some parents to claim it’s an unhealthy case of “Big Brother.”

The Ankeny Community School District is maintaining a database that records what the kids buy to eat and then checks their food choices against national nutrition guidelines.

Read more on Fox News.

Baa Baa.

(Related) ...and this is for when they grow up.

NC: Sheriffs want lists of patients using painkillers

September 8, 2010 by Dissent

From the worst-idea-of-the-week dept.

Lynn Bonner reports:

Sheriffs in North Carolina want access to state computer records identifying anyone with prescriptions for powerful painkillers and other controlled substances.

The state sheriff’s association pushed the idea Tuesday, saying the move would help them make drug arrests and curb a growing problem of prescription drug abuse. But patient advocates say opening up people’s medicine cabinets to law enforcement would deal a devastating blow to privacy rights.

Read more on the News & Observer.

How strange, lawyers who disagree...

Pointer: Orin Kerr’s commentary on yesterday’s Third Circuit decision

September 8, 2010 by Dissent

Orin Kerr writes:

A while back, I blogged at length about the Third Circuit’s pending case involving government access to historical cell-site records. The issue in the case is what legal standard the government must satisfy to obtain orders requiring phone companies to disclose such information. The district court had ruled that a warrant was required, and the government argued that the correct standard under the law was a “specific and articulable facts” court order under 2703(d) rather than a search warrant. Yesterday, the Third Circuit handed down its decision: In The Matter Of The Application Of The United States Of America For An Order Directing A Provider Of Electronic Communication Service To Disclose Records To The Government. In this post will explain the Third Circuit’s decision; try to figure out what it means (which turns out to be quite tricky); and then explain why I think it misreads the Stored Communications Act on an important point.

You can read Orin’s analysis and commentary on The Volokh Conspiracy.

For my Geeks...

Calling all developers! FCC releases APIs for key databases

Federal Communications Commission ... has released the Application Programming Interface (API) specs for four of its big repositories of information: its consumer broadband test, broadband provider database, license owner storehouse, and latitude/longitude to county converter.

Attention Ferrari! I would be willing to help you give Lamborghini a bad image!

Anti-Product Placement For Negative Branding

Posted by samzenpus on Wednesday September 08, @06:12PM

"Product placement to promote your brand just isn't enough any more. These days, apparently, some companies are resorting to anti-product placement in order to get competitors' products in the hands of 'anti-stars.' The key example being Snooki from Jersey Shore, who supposedly is being sent handbags by companies... but the bags being sent are of competitors' handbags as a way to avoid Snooki carrying their own handbag, and thus potentially damaging their brand."

Global Warming! Global Warming! Maybe the sky isn't falling either? “Hey, give us a break! We were only off by 100%”

Scientists Cut Greenland Ice Loss Estimate By Half

Posted by samzenpus on Thursday September 09, @04:57AM

"A new study on Greenland's and West Antarctica's rate of ice loss halves the estimate of ice loss. Published in the journal Nature Geoscience, the study takes into account a rebounding of the Earth's crust called glacial isostatic adjustment, a continuing rise of the crust after being smashed under the weight of the Ice Age. 'We have concluded that the Greenland and West Antarctica ice caps are melting at approximately half the speed originally predicted,' said researcher Bert Vermeeersen."

A TED talk, describing 15 year old technology that has yet to find its way to market.

John Underkoffler points to the future of UI

Oh great. Now all my math students will want e-textbooks... But then, then already have them!

School Swaps Math Textbooks For iPads

Posted by samzenpus on Wednesday September 08, @04:55PM

"Four of California's largest school districts will be trying something new on eighth-grade algebra students this year: giving them iPads instead of textbooks. The devices come pre-loaded with a digital version of the text, allowing students to view teaching videos, receive homework assistance and input assignment all without picking up a pen or paper. If the students with iPads turn out to do improve at a faster pace than their peers as expected, the program could soon spread throughout the Golden State."

Wednesday, September 08, 2010

Again, no encryption.


The 4in stick contains more than 2,000 pages of highly-sensitive and confidential information intended to be seen only by senior officers.

Sections on countering the threat of terrorism on British streets include strategies for acid and petrol bomb attacks, blast control training and the use of batons and shields.

Analytic tools could help violate privacy, but they are useful for other purposes.

Yahoo reminds analytics customers over privacy

September 8, 2010 by Dissent

Brian Tarran writes:

Yahoo has written to its web analytics customers to remind them of their obligations to let site visitors opt-out of having their online behaviour tracked amid growing anxiety over data privacy.

In a blog post, the company reiterated that sites that use Yahoo’s web analytics tools are required to explain in their privacy policy that they use web beacons to analyse where visitors go and what they do while on the site, and provide a link to Yahoo’s opt-out mechanism.


Cameras, cameras everywhere, nor any of us see.

On Surveillance and Privacy

September 7, 2010 by Dissent

David Brin writes:

We are in for a time of major decision-making as the Moore’s Law of Cameras (sometimes called “Brin’s Corollary to Moore’s Law”) takes hold and elites of all kinds are tempted to utilize surveillance in Orwellian/controlling ways, often with rationalized good intentions.

Alas, many “champions of privacy and freedom” push the nebulous notion that dark outcomes can be prevented by passing laws against this or that elite looking at this or that kind of information. In other words, by restricting information flows.

For a decade, I have challenged such folks to name a time, in the history of humanity, when that general approach has ever worked for long at keeping elites blind, let alone in a world where cameras and databases proliferate like crocuses after a rainstorm. No one has ever come up with a single major example, of any kind, ever. Yet, they would bet our future freedom on that nebulous approach.

As Papa Heinlein said: “The chief thing accomplished by Privacy Laws is to make the [spy] bugs smaller.”

The alternative concept — to look back at them and watch the watchers via sousveillance or counter-transparency — is a hard sell, because it is counter-intuitive and easy for elites to propagandize against. And yet, it is the essence of what the Western Enlightenment has used as its tool set for achieving the miracles of the last 300 years. (I explain this concept in The Transparent Society and illustrate it in Earth.)

Read more of David’s commentary on the Institute for Ethics & Emerging Technologies.

Sometimes you need a warrant...

Breaking News on EFF Location Privacy Win: Courts May Require Search Warrants for Cell Phone Location Records

September 7, 2010 by Dissent

Woo hoo!

Kevin Bankston of EFF writes:

This morning, the Third Circuit Court of Appeals in Philadelphia issued its highly anticipated ruling in a hotly contested cell phone location privacy case. EFF filed a friend-of-the-court brief and participated at oral argument in the case, arguing that federal electronic privacy law gives judges the discretion to deny government requests for cell phone location data when the government fails to show probable cause that a crime has been committed.

The Third Circuit today agreed with EFF, holding that federal law allows judges the discretion to require that the government obtain a probable cause search warrant before accessing cell phone location data. The Court further agreed with EFF that location information that can be used to demonstrate or infer that someone or something was in a private space such as the home may be protected by the Fourth Amendment, rejecting the government’s argument that the privacy of location records held by phone companies is never constitutionally protected. Although the court did not definitively rule on the Fourth Amendment status of cell phone location information, it made clear that under some circumstances the privacy of such data could be constitutionally protected, and that judges have the discretion to require a warrant to avoid potentially unconstitutional seizures of location data.

The appeals court has remanded the case back to the original magistrate judge that initially denied the government’s request to obtain cell phone location data without probable cause, asking the lower court to shore up its original decision with new fact-finding into the government’s need for the requested data and the precision of that data in identifying a person’s location. EFF looks forward to participating in those proceedings and opposing any attempt by the government to appeal today’s decision. Thanks to our colleagues at the Center for Democracy and Technology, the American Civil Liberties Union and the ACLU of Pennsylvania for participating with us as friends-of-the-court in this case, and special thanks to Professor Susan Freiwald of the University of San Francisco Law School, who also submitted a brief and participated at oral argument along with EFF’s Kevin Bankston.

3d Circuit Opinion (Cell Site).pdf

Congratulations to EFF, CDT, ALCU, ACLUPA, and Susan Freiwald! Thank you all for your vigorous advocacy of our rights.

(Related) ...sometimes you don't.

Va. court: Police can use GPS to track suspect

September 7, 2010 by Dissent

Larry O’Dell of the Associated Press reports on an unsurprising verdict:

The same GPS technology that motorists use to get directions can be used by police without a warrant to track the movements of criminal suspects on public streets, the Virginia Court of Appeals said Tuesday.

In a case that prompted warnings of Orwellian snooping by the government, the court unanimously ruled that Fairfax County Police did nothing wrong when they planted a GPS device on the bumper of a registered sex offender’s work van without obtaining a warrant.

Read more on WTVR.


WANTED: a “bright line” for cell location data privacy

September 7, 2010 by Dissent

Law professor Dan Solove’s article, Fourth Amendment Pragmatism, generated a good amount of discussion among privacy advocates and the legal community. In one discussion over on Scott Greenfield’s Simple Justice blog, both Dan and law professor/former DOJ prosecutor Orin Kerr participated. Unlike some of us who think that Fourth Amendment case law has eroded Fourth Amendment protections and is an incoherent mess, Orin generally seems more positive about the state of things. When I bitched complained lamented that as a member of the public, I should be able to know whether I have a reasonable expectation of privacy or not, Orin responded by referring me, in part, to his article on the four models of Fourth Amendment protection and by writing:

As a citizen, you know when you have a reasonable expectation of privacy when the courts tell you — they announce a rule, and that rule sticks, to cover those facts. At that point there is no fluctuation or uncertainty: The rule is the rule.

After checking to make sure that there was no smiley emoticon at the end of his comment, I thought it quite striking how what seems so acceptable to him is so unacceptable to me. Given how fact- or situation-specific most decisions are and given that I don’t think we should need to wait for a court decision to find out if we had a reasonable expectation of privacy or not in a situation, I found Orin’s answer totally unsatisfactory.

Although many Fourth Amendment discussions are framed in terms of criminal activity and defendant’s rights, the Fourth Amendment applies to all of us and not just those engaging in criminal activity. How can we make informed decisions about whether to use a cell phone, whether to use cloud services, or whether to share information with an insurance carrier if we do not know the extent to which such activities would require a warrant to compel disclosure? In my opinion, the four-model approach that Orin sees as working well does not work at all – much less, well – if it means that our reasonable expectation of privacy depends on what jurists are considering the case in what jurisdiction and which of the four models they choose — at their discretion — to apply.

Today I read the new Third Circuit decision with a mixture of appreciation and frustration. While the court said that courts may require a warrant, which is certainly better than saying that they cannot require a warrant, saying what courts may do moves us no closer to a bright line by which citizens can be assured that their location data will not be searched without a warrant or demonstration of “probable cause.”

And so, with tongue firmly planted in cheek, I propose a seven-model approach to Fourth Amendment protection. The approach uses a different model for each day of the week so that citizens need only consider the day of the week to know whether they have a reasonable expectation of privacy or not. Don’t expect to see the article in any law journals, though. While psychologists have it drilled into our heads to avoid footnoting like the plague, it seems that many legal scholars cannot compose a single sentence that is footnote-free. Indeed, finding sufficient footnotes might be a bigger challenge than lack of actual legal scholarship in my endeavor. :)

Of course, Congress could actually remedy the situation by enacting legislation that would make the lines clearer. Don’t citizens and law enforcement both deserve to — and need to — know where the line is in what law enforcement may obtain without a warrant?

Sad statistics.

Study: Two-thirds of Web surfers fall prey to online crime

About two-thirds of Internet users globally and nearly three-quarters of Web surfers in the U.S. have been victims of online crime, according to a study to be released on Wednesday.

The top countries as far as reported victims are China, Brazil and India tied for second, and then the U.S., according to the findings of the study, titled "Norton Cybercrime Report: The Human Impact." More than 7,000 adults in 14 countries were interviewed for the study.

While one-quarter of respondents said they expect to be victimized by online crime, only half said they would change their behavior if they became a victim. Of those who have been victimized, 44 percent reported the crime to the police.

It takes an average of 28 days to resolve a cybercrime and costs on average $334, the report found. One-third of respondents who were victimized said they never fully resolved the matter.

(Related) What's important to teenage girls?

Report: Justin Bieber is 3 percent of Twitter

If you believe that Twitter is full of inane, immature narcissism, here's one in your solar plexus.

For an allegation has reached my eyes and baffled them into blindness. The allegation is that, at any given moment, at any given movement of your lungs and toes, 3 percent of Twitter's infrastructure is dedicated solely to the one person who most defines our hopes and our times.

I am not speaking of Kim Kardashian, nor of Rep. Jack Kimble. I am speaking of the one person who can unite men and women, young and old, sane and slightly less so: Justin Bieber.

Bieber apparently has huge racks of servers personally dedicated to every tweet about, to, and from his benign person. Indeed, in a follow-up tweet, Curtis offered that his twittering snitch revealed that all the more popular users of Twitter have their own dedicated servers.

Is the US the e-policeman of the world?

NSA Director Says the US Must Secure the Internet

Posted by Soulskill on Tuesday September 07, @01:27PM

"The United States has a responsibility to take a leadership role in securing the Internet against both internal and external attackers, a duty that the federal government takes very seriously, the country's top military cybersecurity official said Tuesday. However, Gen. Keith Alexander, director of the National Security Agency and commander of the US Cyber Command, provided virtually nothing in the way of details of how the government intends to accomplish this rather daunting task. ' We made the Internet and it seems to me that we ought to be the first folks to get out there and protect it,' Alexander said. 'The challenge before us is large and daunting. But we have an obligation to meet it head-on.' It's unlikely that any of Alexander's comments Tuesday will do much to quiet the criticisms of the Obama administration's security efforts thus far. Speaking mostly in generalities, Alexander emphasized the administration's commitment to the Comprehensive National Cybersecurity Initiative, a plan developed by the Bush administration and recently partially de-classified by Obama administration officials."

(Related) If not cops, vigilantes?

Film industry hires cyber hitmen to take down internet pirates

September 8, 2010 by Dissent

Ben Grubb has a somewhat mind-boggling news story about how the film industry has hired firms to, well, engage in cybercrime:

The film industry is using pirate tactics to beat the pirates – by employing “cyber hitmen” to launch attacks that take out websites hosting illegal movies.

Girish Kumar, managing director of Aiplex Software, a firm in India, told this website that his company, which works for the film industry, was being hired – effectively as hitmen – to launch cyber attacks on sites hosting pirated movies that don’t respond to copyright infringement notices sent to them by the film industry.

Read the whole story in The Age. For this particular company, most of their work is in India, but some of his contracts are reportedly with American firms:

Kumar said that at the moment most of the payment for his company’s services came from the film industry in India.

“We are tied up with more than 30 companies in Bollywood. They are the major production houses.”

As for Hollywood films, he said they, too, used his services.

“We are tied up with Fox STAR Studios – Star TV and 20th Century Fox – who are a joint venture company in India.”

So let’s get this straight — they complain of infringement of copyright, and when they don’t get results, they resort to criminal behavior?

Have any of these companies responded to his statements?

Is any company in the DPRK “military free?”

Rupert Murdoch Publishes North Korean Flash Games

Posted by Soulskill on Wednesday September 08, @06:33AM

"You might recall back in June when it was noted that North Korea was developing and exporting flash games. Now, the isolated nation state is apparently home to some game developers that are being published by a subsidiary of News Corp. (The games include Big Lebowski Bowling and Men In Black). Nosotek Joint Venture Company is treading on thin ice in the eyes of a few academics and specialists that claim the Fox News owner is 'working against US policy.' Concerns grow over the potential influx of cash, creating better programmers that are then leveraged into cyberwarfare capabilities. Nosotek said that 'training them to do games can't bring any harm.' The company asserts its innocence, though details on how much of the games were developed in North Korea are sparse. While one of the poorest nations in the world could clearly use the money, it remains to be seen if hardliner opponents like the United States will treat Nosotek (and parent company News Corp.) as if they're fostering the development of computer programmers inside the DPRK. The United Nations only stipulates that cash exchanged with companies in the DPRK cannot go to companies and businesses associated with military weaponry or the arms trade. Would you feel differently about Big Lebowski Bowling if you knew it was created in North Korea?"

Philosophy is as philosophy does? Is fact checking before publication better that rapid publication with citations you can check as needed?

Stanford's Authoritative Alternative To Wikipedia

Posted by Soulskill on Tuesday September 07, @03:35PM

"For decades, Stanford has been working on a different kind of Wikipedia. It might even be considered closer to a peer-reviewed journal, since you have get submissions past a 120 person group of leading philosophers around the world, not to mention Stanford's administration. It has several layers of approval, but the authoritative model produces high quality content — even if it only amounts to 1,200 articles. Content you can read straight through to find everything pertinent — not hop around following link after link like the regular Wikipedia. You might question the need for this, but one of the originators says, 'Our model is authoritative. [Wikipedia's] model is one an academic isn't going to be attracted to. If you are a young academic, who might spend six months preparing a great article on Thomas Aquinas, you're not going to publish in a place where anyone can come along and change this.' The site has articles covering topics from Quantum Computing to technical luminaries like Kurt Friedrich Gödel and Alan Turing. The principal editor said, 'It's the natural thing to do. I'm surprised no one is doing it for the other disciplines.'"

Tuesday, September 07, 2010

Do what we teach, not what we do! Best Practices are for students!

MN: Exposed student data leaves prying eyes wide open

September 7, 2010 by admin

Anthony C. Maki reports:

An online MCTC [Minneapolis Community and Technical College] directory left sensitive student data and internal documents accessible to the prying eyes of anyone with an Internet connection since at least the summer of 2006, according to an investigation by City College News.

Besides annual accounts-receivable reports and salary rosters, a database spanning the last several years of work-study records contained the names of students, their student ID numbers, the amount which they were awarded and the amount which they had earned, sorted by department.

However, college officials claimed that only names of department heads, student ID numbers and work-study awards appeared in the database. This contradicts what City College News found, but the college said that it would investigate further for other data.

The college did not keep records of who accessed the data, according to Jim Dillemuth, chief information officer of MCTC, who suggested that there is no reason to suspect that the data came under inappropriate use.

Read more on City College News.

How it's done in Jamaica, mon. Not clear from the article if they were about to attach a card skimmer to the ATM or were already reading card information wirelessly.

First persons charged under Cyber Crimes Act

At about 9:30 am that day the accused men were seen acting suspiciously in a motorcar in front of an Automated Teller Machine (ATM) situated in Manchester.

The men and the vehicle were searched and found in the car were electronic devices used to intercept transactions and to duplicate the personal identification number (PIN) and other personal information of customers using the ATM.

A look at the legal future of Cloud Computing

Article: Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services

September 6, 2010 by Dissent

Simon Bradshaw of University of London – Centre for Commercial Law Studies, Christopher Millard of the
Centre for Commercial Law Studies; Oxford Internet Institute, and Ian Walden of Queen Mary University of London, School of Law have a working paper that reports the results of their survey of 31 Cloud services offered by 27 discrete providers and compares their Terms and Conditions (T&C). The survey includes Amazon Web Services, MobileMe, DropBox, Facebook, Google Apps Premier, Google Docs, SQL Azure Database, Rackspace Cloud, Salesforce CRM, and others. The results are very thought-provoking.

The paper makes clear that it seems many, if not most, cloud services are specifically disclaiming any liability for data integrity, so if you’re concerned about security, you may want to think twice or be prepared to spend more to obtain additional back-up or security services that they offer. Here’s what the authors say about Data Integrity:

A natural concern for Cloud computing customers is that data placed into the provider's Cloud be secure against loss, be it loss of integrity or availability (resulting, for example, from corruption or deletion) or loss of confidentiality (due perhaps to a security breach or an unauthorised disclosure). Our survey found however that most providers not only avoided giving undertakings in respect of data integrity but actually disclaimed liability for it.

The majority of providers surveyed expressly include terms in their T&C making it clear that ultimate responsibility for preserving the confidentiality and integrity of the customer's data lies with the customer. [I agree. Don't sign the contract. Bob] A number (for example, Amazon, GoGrid, Microsoft) assert that they will make “best efforts” to preserve such data, but nonetheless include such a disclaimer. A number of providers go so far as to recommend that the customer encrypt data stored in the provider's Cloud (for example, GoGrid, Microsoft) or specifically place responsibility on the customer to make separate backup arrangements…[...]… Significantly, such terms are imposed by storage providers such as ADrive and Apple for services that for many (especially individual) customers will be their “separate backup arrangement”. In effect, a number of providers of consumer-oriented Cloud services appear to disclaim the specific fitness of their services for the purpose(s) for which many customers will have specifically signed up to use them.

Concerned about privacy? Here’s a snippet from the section on Data Disclosure:

In terms of the circumstances in which providers will disclose customer information (including customer data stored on the provider's Cloud), we see a spectrum of approaches ranging from providers that have a very high threshold for justifying disclosure to ones which have a much lower one.

All providers that mention this issue state that they will disclose such data in response to a valid court order. Some purport to establish procedural safeguards. For example, the T&C for Salesforce CRM provide that the customer will be given advance notice of a requested disclosure, unless such notice is prohibited, and that Salesforce will assist the customer in opposing such orders.

A number of providers have a slightly lower threshold of disclosure, accepting requests (as distinct from enforceable orders) from recognised law-enforcement agencies, or where there is a clear and immediate need to disclose information in the public interest or to protect life….. [...]… An unusual approach is that taken by IBM regarding its beta-test Smart Business Cloud. IBM expressly states that it has no duty of confidentiality regarding customer data and places responsibility for keeping it confidential on the customer, for example, via encryption…

You can read the entire working paper on SSRN.

Apparently, no. What would? (A self-destruct code that looks like a password?)

Article: Can a Password Save Your Cell Phone from the Search Incident to Arrest Doctrine

September 6, 2010 by Dissent

Adam M. Gershowitz of the University of Houston Law Center has an article in a forthcoming issue of the Iowa Law Review, “Password Protected? Can a Password Save Your Cell Phone from the Search Incident to Arrest Doctrine?” Here’s the abstract:

Over the last few years, dozens of courts have authorized police to conduct warrantless searches of cell phones when arresting individuals. Under the so-called search incident to arrest doctrine, police are free to search text messages, call histories, photos, voicemails, and a host of other data if they arrest an individual and remove a cell phone from his pocket. Given that courts have offered little protection against cell phone searches, this article explores whether individuals can protect themselves by password protecting their phones. The article concludes, unfortunately, that password protecting a cell phone offers minimal legal protection. In conducting a search incident to arrest, police may attempt to hack or bypass a password. Because cell phones are often found in arrestees’ pockets, police may take the phones to the police station where computer savvy officers will have the time and technology to unlock the phone’s contents. And if police are themselves unable to decipher the password, they may request or even demand that an arrestee turn over his password without any significant risk of the evidence on the phone being suppressed under the Miranda doctrine or as a Fifth Amendment violation. In short, while password protecting a cell phone may make it more challenging for police to find evidence, the password itself offers very little legal protection. Accordingly, legislative or judicial action is needed to narrow the search incident to arrest doctrine with respect to cell phones.

You can read the full article on SSRN.

Techno-Darwinism: As technology advances, changing the eco-system, Homo Sapiens who can't adapt to the new environment die off before passing their genes to another generation.

Australia To Fight iPod Use By Pedestrians

Posted by Soulskill on Monday September 06, @11:20PM

"In recent years the number of people killed on roads in New South Wales, Australia has dropped, but strangely enough, the number of pedestrians killed has risen. Some think it's because of the use of iPods and other music players making people not attentive to road dangers (the so-called 'iPod Zombie Trance'). Based on this (unproven) assumption, the Pedestrian Council has started a campaign in an effort to educate the people, but apparently it isn't enough. Now, some are pushing for the government to enact laws [because only governments can solve problems. Bob] to help eradicate the problem. 'The government is quite happy to legislate that people can lose two demerit points for having music up too loud in their cars, but is apparently unconcerned that listening devices now appear to have become lethal pieces of entertainment,' [Harold Scruby of the Pedestrian Council of Australia] said. 'They should legislate appropriate penalties for people acting so carelessly towards their own welfare and that of others. ... Manufacturers should be made to [warn] consumers of the risks they run.'"

The evolution of marketing? Maybe if we added even more gizmos to the sneakers... GPS: “I've jogged in all 50 states! Altimeters: I jog in Colorado! Cameras: Look what I've stepped in!

American Business Embraces 'Gamification'

Posted by Soulskill on Monday September 06, @06:36PM

"JP Mangalindan writes that for years psychologists have studied what makes video games so engrossing — why do players spend hours accruing virtual points working towards intangible rewards and what characteristics make some games more addictive than others? Now, companies are realizing that 'gamification' — using the same mechanics that hook gamers — is an effective way to generate business. For example, when Nike released Nike + in 2008, it 'gamified' exercise. 'Place the pedometer in a pair of (Nike) sneaks and it monitors distance, pace and calories burned, transmitting that data to the user's iPod. The Nike software loaded on the iPod will then "reward" users if they reach a milestone,' writes Mangalindan. 'If a runner beats his 5-mile distance record, an audio clip from Tour de France cycling champ Lance Armstrong congratulates him.' In addition, users can upload their information, discuss achievements online with other users, and challenge them to distance or speed competitions. The result: to date, Nike has moved well over 1.3 million Nike + units."

Not so much evolution, but rather arriving at the point the government originally intended despite any concerns or objections.

NZ: DNA collection expanded to help fight violent crime

September 6, 2010 by Dissent

New Zealand Justice Minister Simon Power issued the following press release:

Police can now collect DNA at the same time they take fingerprints from people they intend to charge and match it against profiles from unsolved crimes, Justice Minister Simon Power said today.

The Criminal Investigations (Bodily Samples) Amendment Act allows police to take a person’s DNA at arrest, where previously it was only after conviction. Also, the range of offences it can be taken for has been expanded.

The implementation of DNA sampling is being done in two stages.

From today, stage 1, police will be able to take a sample from anyone they intend to charge with a relevant offence. These include offences punishable by more than seven years’ imprisonment, and offences with a relationship to more serious offending, [I wonder if the relationships are defined? Bob] such as peeping and peering, that can be related to more serious sexual offending.

Until now, DNA could be taken only with consent, or where there were judicially approved suspect orders or police-issued compulsion notices, and only after conviction,” Mr Power says.

From the middle of next year, stage 2, police will be able to take DNA samples for all imprisonable offences by subsequent Order-in-Council. This will follow a broader review of the Act.

It is forecast that in stage 1 some 4,000 more samples than previously will be taken each year, resulting in 2,800 links to the crime-scene database. The first year of stage 2 is expected to add 5,000 more profiles per year than stage 1 and 200 additional links to the crime scene database.

The DNA databank holds about 110,000 DNA profiles, more that 8,000 of which are unidentified profiles from crime scenes.

“This law will enable police to take full advantage of this modern-day fingerprint in order to solve cold cases, and I have no doubt it will be a critical tool in the fight against violent crime,” Mr Power says.

The Act contains provisions around storage and retention of samples, including that samples of people not convicted will be destroyed, unlike in some other countries.

“There are also new offences that penalise the misuse of DNA profile information, which will complement existing legal remedies under the Bill of Rights Act and the Privacy Act.

Police have also developed guidelines to avoid any arbitrary or unreasonable application of this power. [A shame it wasn't considered worthy of inclusion in the law... Bob]

“I see this tool as doing as much for those who are innocent as for those who are found guilty of a crime.”

The Act was passed in October last year and did not come into force immediately in order to give police time to finalise training and guidelines and for Environmental Science and Research to prepare for an increased workload.

The original intent was to identify “aliens”

Indian UID system continues to draw harsh criticism

September 6, 2010 by Dissent

India’s Unique Identification System (UID) continues to be controversial. The government, of course, insists that there are adequate privacy and security controls. PTI reports:

The Unique Identification System had an inbuilt security and privacy component that ensured that the data from the data bank could not be accessed except on grounds like national security, Unique Identification Authority of India Chairman Nandan Nilekani said today. The UID data base could not be read except for authentication and could not be accessed easily, he said. …. The project,which attempts to give a unique identity number to the country”s over billion people and expected to be rolled out shortly, would help in delivery of government”s welfare schemes, boost financial inclusion beside enabling other service providers like banks, insurance, to tap on the UID for authentication purposes. He said the UID could also help in setting up of micro ATMs as part of the government”s objective of bringing in financial inclusion.

Activists, however, are not persuaded. Sreelatha Menon reports:

Members of the National Advisory Council (NAC) and other organisations have expressed their dissent against the Unique Identification Authority of India (UIDAI) — the nodal agency responsible for implementing Aadhaar.

The Central Employment Guarantee Council (CEGC)) had also raised concerns, objecting to the linking of the UIDAI project to the National Rural Employment Guarantee scheme.

In a letter addressed to Rural Development Minister C P Joshi last week, Jean Dreze and Aruna Roy, members of the CEGC and NAC raised objections to the ministry’s decision to link UID to job cards without consulting the council. [No need for discussion. We wanted to, so we did, so there! Bob]


Dreze told Business Standard that UID is a national security project in the garb of a social policy initiative. “I am opposed to the UID project on grounds of civil liberties. Let us not be naive. This is not a social policy initiative — it is a national security project.”

Read more in the Business Standard.

How should I categorize this article? The dangers of reflecting society online? Attorneys General bashing? Humor?

Is Craigslist bluffing over adult ads?

The New York Times quoted Richard Blumenthal, one of the entirely public-spirited attorneys general who have been pressuring Craigslist for some time, as saying: "If this announcement is a stunt or a ploy, it will only redouble our determination to pursue this issue with Craigslist, because they would be in a sense be thumbing their nose at the public interest."

… When it replaced its Erotic Services section and replaced it with Adult Services, Craigslist began to charge for the ads, promised it would screen them individually and ask advertisers to leave a phone number with which the ad could be associated. The company decided to do this even though the law seems to offer it full support, as the Communications Decency Act states that sites are not liable for the material posted on their pages.

It's not as if Craigslist is alone in featuring adult ads, or making money from them. Gawker has helpfully provided a compendium of online opportunity for those who feel deprived by the sudden censorship on Craigslist.

… Craigslist's refusal to comment on the sudden closure will surely add to the wonderment about what is really going on. But not, perhaps, in places like the United Arab Emirates. There, as in other parts of the world, Craigslist's Erotic Services section is still going strong.

A little Copyright joke. Search for “free legal forms” on the Internet can save you time, but it's still bad lawyering...

Plagiarizing a Takedown Notice

Posted by Soulskill on Monday September 06, @05:40PM

"Over at hobbyist site OS News, editor-in-chief Thom Holwerda published a highly skeptical opinion of the announcement of Commodore USA's own Amiga line. Within hours, Commodore USA sent a takedown notice to OS News, demanding a retraction of the piece and accusing the site of libel and defamation. What's funny is that the takedown notice was mostly copied, with minor edits, from Chilling Effects, a site dedicated to publicizing attempts at squelching free speech. The formatting, line breaks, obtuse references to 'OCGA,' and even the highlighted search terms were left largely intact."

“Because everyone (of our competitors) deserves an antitrust investigation!”

Google Says Microsoft Is Driving Antitrust Review

Posted by Soulskill on Monday September 06, @08:20PM

"On Friday we discussed news that Texas Attorney General Greg Abbott opened a probe into whether Google ranks its search listings with an eye toward nicking the competition. Google suggested the concerns have a major sponsor: Microsoft. In question is whether the world's biggest search engine could be unfairly disadvantaging some companies by giving them a low ranking in free search listings and in paid ads that appear at the top of the page. That could make it tough for users to find those sites and might violate antitrust laws. Abbott's office asked for information about three companies who have publicly complained about Google, according to blog post by Don Harrison, the company's deputy general counsel. Harrison linked each of the companies to Microsoft."

Okay, geeks will like these too.

5 Websites To Buy Strange & Unique Tech Gifts For A Student

walking robot pencil sharpener

shirt that has a constantly updated WiFi signal indicator on the front