Tuesday, March 29, 2011

Once more, Gary Alexander points me to a really interesting page...


Your Strategic Guide to Operationalizing Cloud

One thing about being late to the party is that you can see how others have screw up...


Information Privacy Law Set to be Enacted in South Korea in September

March 29, 2011 by Dissent

Song reports:

Korea’s Ministry of Public Affairs and Security announced a new set of laws on Tuesday in a move to protect private information.

According to the new law, set to go in effect in September, will require some 3-and-a-half million businesses and public institutions to publish their policy for processing private information and prohibit them from using resident registration numbers at their own discretion.

All service providers must now get separate permission to use private information for commercial purposes and report information leaks immediately.

A presidential committee will be set up as well to deliberate on private information laws.

Source: Arirang

So South Korea is imposing opt-in requirements and mandating data breach notification and …. we still don’t.

It seems to me we are finding more areas to dispute...


Europe and U.S. converging on Internet privacy

March 28, 2011 by Dissent

Eva Dou of Reuters reports:

Few topics are more sensitive for Web users, or more likely to raise concerns in the corridors of Facebook or Google, than how to regulate privacy.

For years the United States and Europe, with around 700 million Internet users between them, have diverged in their approach to policing the Web.

But the two sides are converging in their Web privacy positions, partly through intensive meetings in recent months between regulators from Washington and Brussels.

There are still many specifics to be worked out — final legislative proposals are not expected from the European Union until later this year and the United States in June or July — but officials are confident about steadily narrowing the gap.

Read more on Reuters.

For my Ethical Hackers. “Disabling” suggests you are hiding something. Might I suggest “locating” yourself in the office of a Computer Law Professor at your local Law School? I've been sharing an office for years...


How To Disable Or Fake Your Location In Firefox, Internet Explorer & Chrome

For my Data Mining/Data Analysis students.


Privacy: reidentification a growing risk

March 28, 2011 by Dissent

Melanie D.G. Kaplan interviewed Paul Ohm on the re-identification of supposed-to-be de-identified records. Here’s a snippet of the interview, which you can read in its entirety on SmartPlanet:

Earlier this month the Commerce Department released a green paper that proposes a privacy bill of rights. What are your thoughts on this?

I think it’s great in principle. The devil’s in the details. It depends on what is going into this so-called bill of rights. From the things I’ve seen, I’m not sure they’re sufficiently incorporating the trends I and others are seeing in technology.

We have 100 years of regulating privacy by focusing on the information a particular person has. But real privacy harm will come not from the information they have but the inferences they can draw from the data they have. No law I have ever seen regulates inferences. So maybe in the future we may regulate inferences in a really different way; it seems strange to say you can have all this data but you can’t take this next step. But I think that‘s what the law has to do.

What would you like to see from the regulation?

What I’m starting to do now is think about how I’d make more concrete recommendations. One I’ve been tiptoeing around: Quantity is an interesting thing to me. Reidentification is much easier if you have a lot of data, yet I don’t know of many laws that treat you differently once you have more data; our privacy laws are very qualitative, not quantitative. So if you don’t have sensitive information, you can have as much information as you want. For instance, you’re not regulated if you know 10 things about me, but if you know 25 things about me, that might be enough to put you under a stricter form of regulation.

The first of a number of articles today that assume the potential for “evil” uses of technology trumps any legitimate use.


ISP's War On BitTorrent Hits World of Warcraft

"Canadian Internet users have the prospect of a metered Internet looming over their head, and now World of Warcraft players who use Rogers Communications as their ISP are encountering serious throttling. The culprit seems to be Rogers' determination to go after BitTorrent. WoW uses BitTorrent as a utility to update game files — something most users probably aren't even aware of."

Technology users are clearly a problem. A ban seems like a simple solution. But isn't it a bit extreme?


Should Smartphones Be Allowed In Court?

"Federal courts have been debating how much freedom users of smartphones and portable wireless devices in general should have in a federal courthouse. Some say they should be banned outright, while others say they should be allowed, but their use curtailed (PDF). Unregulated use of smartphones has resulted in mistrials, exclusion of jurors and fines in some case."

(Related) Another reading of the memo...


Federal Courts Worry Your Smartphone Might Be a Bomb

Smartphones could offer journalists and the public an easy and cost-effective method to provide online updates of court proceedings — which is why it’s always been frustrating that many federal jurisdictions don’t allow the devices into courthouses. Now, thanks to a newly issued document, we know why.


An 8-page memo issued last week by the Administrative Office of the Courts describes the primary reason to ban smartphones from court buildings. “These common devices present security issues because some can be and have been converted for use as weapons, including explosives.”

For my Ethical Hackers. Does the Times not understand the technology or do they understand it and have a non-public strategy? I suspect the latter...


New York Times Paywall Goes Live, Loopholes Abound

"As the New York Times' new paywall went live this afternoon at 2 p.m., discussion of the move has made the natural transition to methods of bypassing it. As expected, a number of loopholes and hacks have appeared. One of the more notorious methods appeared almost instantly. Using a Twitter account named @FreeNYT, an anonymous user aggregated every article the newspaper posted to Twitter. The site caught The Times' notice and before long, The Times requested that Twitter suspend the account, arguing that it violated its trademark. Another loophole uses four lines of CSS and JavaScript. Canadian developer David Hayes managed to strip the Times' website of any mention of digital subscriptions in addition to getting past the paywall. The hack was released in the form of NYTClean, a bookmarklet easily added to web browsers."

It's likely that the paywall is deliberately porous; as paywalls go, it's a relatively unrestrictive one. Readers referred from search or other sites are unlikely to notice a difference. Workarounds at least keep readers on their site.

Reliance on a shrinkwrap license that was never opened?


PS3 hacker's lawyers fire back at Sony

Things are getting even more interesting in one of the biggest jailbreaking cases currently in the courts. Stewart Kellar and his team of attorneys for George Hotz (aka GeoHot), on Friday filed a motion (PDF from Grocklaw) to dismiss Sony Computer Entertainment of America's suit against their client--for a few reasons:

… They argue that there's no evidence that Hotz ever logged into PSN with a jailbroken PS3, which would be a violation of the End User Licensing Agreement (EULA). In fact, they argue, there's no evidence Hotz ever accepted the PSN EULA at all--in fact, the EULA is part of the manuals that come with the PS3, and Hotz's were still sealed. If he didn't accept the agreement, his team says, then he couldn't possibly be in violation of it.

No comments: