Seems that no matter how many times we object, they're gonna do this.
http://www.eff.org/deeplinks/archives/004980.php
Homeland Security to "Target" Millions in Data-Mining System
November 02, 2006
The Department of Homeland Security today published a notice in the Federal Register disclosing the existence of a "new system of records" -- the Automated Targeting System (ATS) -- that assigns "risk assessments" to millions of U.S. citizens who seek "to enter or exit the United States" or whose work involves international trade. The system appears to involve the data-mining of massive amounts of information derived from a wide variety of sources, including Passenger Name Record (PNR) data obtained from commercial air carriers.
The "risk assessments" generated by the system will be retained for "up to forty years," according to DHS, in order to "cover the potential lifespan of individuals associated with terrorism or other criminal activity." But wait -- just because you're currently innocent, that doesn't mean you get a free pass. As the notice goes on to explain,
All risk assessments need to be maintained because the risk assessment for individuals who are deemed low risk will be relevant if their risk profile changes in the future, for example, if terrorist associations are identified.
DHS has exempted all of the data contained in the ATS from the "access" and "correction" requirements of the Privacy Act of 1974, which means that citizens have no right to learn about their own "risk assessments" or to challenge them. Franz Kafka, call your office . .
Oops! How would you handle this?
http://www.pcworld.com/article/id,127788-c,worms/article.html
Google Accidentally Sends Out Kama Sutra Worm
Staffers mistakenly e-mail the virus to subscribers of the Video Blog mailing list.
Robert McMillan, IDG News Service Wednesday, November 08, 2006 01:00 PM PST
Google accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday.
"On Tuesday evening, three posts were made to the Google Video Blog-group that should not have been posted," Google said in a statement, posted late Tuesday night.
"Some of these posts may have contained a virus called W32/Kapser.A@mm -- a mass mailing worm. If you think you have downloaded this virus from the group or an e-mail message, we recommend you run your antivirus program to remove it," said the statement, which was attributed to the Google Video Team.
... Stricker did not have any more details on how Google ended up distributing the worm code, but he said that internal protocols are now in place to prevent this from happening again.
Google has seen a growing number of technical glitches lately, something observers are attributing to the company's break-neck growth over the past few years. One month ago, hackers found a way to publish a fake post on Google's official blog. The company also experienced service disruptions with its Blogger service recently that have left some users fuming.
Still, Google isn't the only company to accidentally distribute malware on a mailing list, according to Graham Cluley, a senior technology consultant with security vendor Sophos. "Even mailing lists run by security firms have sometimes accidentally had malware posted to them," he said in an e-mail interview. "But everyone can learn a lesson." [Can they? Bob]
I have this idea for a software program to mimic students, allowing them to “take an online course” without the need to sit at their computers – just point my software at the class and a few weeks later you get an “A” What do you think? Do I have a market or what?
http://hosted.ap.org/dynamic/stories/C/COLLEGES_ONLINE?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT
More College Students Taking Web Courses
By JUSTIN POPE AP Education Writer Nov 9, 5:29 AM EST
Roughly one in six students enrolled in higher education - about 3.2 million people - took at least one online course last fall, a sharp increase defying predictions that online learning growth is leveling off.
A new report scheduled for released Thursday by The Sloan Consortium, a group of colleges pursuing online programs, estimates that 850,000 more students took online courses in the fall of 2005 than the year before, an increase of nearly 40 percent. Last year, the group had reported slowing growth, prompting speculation the trend had hit a ceiling.
http://www.theregister.co.uk/2006/11/08/privacy_chiefs_unite_over_surveillance/
Privacy chiefs vow to fight surveillance together
By OUT-LAW.COM Published Wednesday 8th November 2006 10:30 GMT
A group of international data and privacy protection commissioners has decided to act together to challenge the surveillance society which they claim is developing. Commissioners from the UK, France, Germany and New Zealand will adopt common policies.
At the annual Conference of Data Protection and Information Commissioners, held last week in London, a joint set of objectives was adopted by the international commissioners aimed at tackling what they see as a growing international issue of constant citizen surveillance.
"The protection of citizens' personal data is vital for any society, on the same level as freedom of the press or freedom of movement," said the communiqué adopted by commissioners. "As our societies are increasingly dependent on the use of information technologies, and personal data is collected or generated at a growing scale, it has become more essential than ever that individual liberties and other legitimate interests of citizens are adequately respected."
The document calls on data and privacy commissioners to support the establishment of an international convention on data protection, which was first agreed on by commissioners in 2005.
"This initiative must be supported by DPAs with the competent institutions," said the document. "DPAs should endeavour to promote this initiative in their respective spheres of influence, in particular within the regional organisations or linguistic zones to which they belong. The need for global solutions respecting privacy and data protection may arise in specific sectors (e.g. internet governance, financial transactions, air transport) and must then be addressed by DPAs with all appropriate means."
The commissioners say international cooperation is vital because foreign precedents are often used by a government to justify action that erodes citizens' rights.
"National governments often use the argument that such and such a country has already put a system into place to attack their national data protection authorities for their reluctance to accept the same system without discussion," says the commissioners' document. "This causes serious problems of harmonisation and makes it necessary for DPAs to think together on the basis of common denominators."
The conference was hosted by the UK and the adoption of a set of common aims welcomed by UK Information Commissioner Richard Thomas. "We have debated the issue of surveillance society in detail," Thomas said. "The challenges facing society and commissioners are substantial, not just in terms of surveillance but also due to rapid technological developments. I fully support this initiative and it is encouraging to see data protection and privacy commissioners around the world committed to ensuring data protection remains relevant and effective."
Last week Thomas warned that the UK had become a surveillance society, and that the constant monitoring of individuals' actions by public and private bodies was creating social division. A report produced for the commissioner's office said that in the future wealthy people would be made more mobile by surveillance, while poorer people would find it harder to be physically and economically mobile because of social profiling based on data gathering.
See: The adopted document (http://ico.crl.uk.com/files/Communicating%20data%20protection%20and%20making%20it%20more%20effective%20-%2020%20October%202006%20(E).pdf) (7 page/83KB PDF)
Attention telescope manufacturers!
http://www.news.com.au/couriermail/story/0,,20724123-1248,00.html?from=rss
Topless sunbathers' privacy 'not protected'
November 08, 2006 07:08pm
TOPLESS sunbathers should be protected by stronger privacy laws, an academic says.
Queensland University of Technology (QUT) law lecturer Kelley Burton wants the state Government to make it a criminal offence to film or photograph topless sunbathers and distribute the pictures on the internet.
Ms Burton said laws which protected people from being photographed in private places such as bathrooms, toilets, bedrooms and communal change rooms should be extended to public places.
She said undressing in public didn't mean sunbathers gave up the right to privacy.
"I think when a woman is sunbathing topless she is merely consenting to other people observing her with the naked eye, in that place," she said.
"Her consent doesn't stretch to other people photographing her and then exposing the photographs all over the internet."
Tougher legislation was also needed to make it illegal to photograph children in public places without their consent, Ms Burton said.
But the proposed changes would not effect people who accidentally included children or sunbathers in the background of their happy-snaps.
Ms Burton will hold a free seminar, entitled Minding Your Own Business: Your Legal Right At Privacy at QUT on November 22.
Refining the PORN business model? This will become much more interesting as third word countries create “data havens” where you can store your data on their (encrypted) servers and surf the internet anonymously.
http://www.law.com/jsp/article.jsp?id=1162820129956
Judges: Mere Viewing of Child Porn Images on Internet Not a Crime
Intentionally saving pictures necessary to violate Pa. law
Asher Hawkins The Legal Intelligencer November 7, 2006
A Pennsylvania Superior Court decision issued late last week has shed light on a legal loophole that appears to let off the hook those who view child pornography on their computers but don't save those images on their hard drives.
Ruling on an issue of first impression, the three-judge panel in Commonwealth v. Diodoro concluded that merely looking at child pornography on the Internet -- without intentionally saving or downloading any images viewed -- does not amount to "knowing possession" of child porn as proscribed in Pennsylvania's Crimes and Offenses Code.
"We note that it is well within the power of the Legislature to criminalize the act of viewing child pornography on a Web site without saving the image," Judge Richard B. Klein wrote. "The language used in [the relevant statute], however, is simply 'possession.' Because this is a penal statute with an ambiguous term when it comes to computer technology, it must be construed strictly and in favor of the defendant.
"A defendant must have fair notice that his conduct is criminal. Because of the ambiguity, sufficient notice was not provided here. For this reason, we are constrained to reverse [Delaware County Common Pleas Judge Joseph P. Cronin Jr.] and leave it to the Legislature to clarify the language if it intends to make the mere 'viewing' of child pornography a crime."
Klein was joined by Judge John L. Musmanno and Senior Judge Patrick R. Tamilia.
The facts of the case were not in dispute, according to Klein's opinion.
Defendant Anthony Diodoro admitted viewing several hundred photographs depicting child pornography after intentionally visiting specific Web sites for that purpose, according to the opinion.
However, the prosecution was never able to put forward any evidence that Diodoro had intentionally downloaded or saved those images to his hard drive, or been aware that the images were being automatically added to his Internet browser's cache.
"The commonwealth presented no evidence that Diodoro knew that the pornographic images were being saved to a hidden file or that he could retrieve it relatively easily," Klein wrote.
Section 6312(d) of the Crimes and Offenses Code prohibits possession or control of any type of media -- including computer images -- that depict children under the age of 18 engaging in sexual acts.
Klein noted that federal anti-child porn laws address not only the possession of prohibited images, but also the knowing receipt of them.
"Yet even under federal jurisprudence, the mere viewing of images on the Internet does not constitute the crime of possession of child pornography absent knowledge that the images are being saved," he wrote.
Klein went on to write that his own analysis of anti-child pornography precedent from various federal and state jurisdictions revealed that intentional possession is always a prerequisite for upholding convictions under such laws.
He also called attention to a 2002 decision from the 8th U.S. Circuit Court of Appeals in which the defendant was found to have been properly acquitted of possessing child pornography images found in his browser's cache.
"We hold that absent specific statutory language prohibiting the mere viewing of pornographic images or evidence that the defendant knowingly downloaded or saved pornographic images to his hard drive or knew that the Web browser cached the images, he cannot be criminally liable for viewing images on his computer screen," Klein wrote.
Delaware County Deputy District Attorney Michael Galantino was the trial attorney in Diodoro.
Galantino said it's too soon to comment on the potential ramifications of the panel's holding.
He also said that his office's appellate division will be reviewing the opinion before deciding whether to appeal.
Diodoro's attorney in the matter, Media solo practitioner Mark Much, was not immediately available for comment, but Much's paralegal, George Litterer, described Diodoro as a "unique" but ultimately "simple" case.
"He would view [the images] on the Internet, but he would not save anything," Litterer said of Diodoro. "That's what this case turned on."
Related story?
http://techdirt.com/articles/20061108/110821.shtml
Spammer Demands And Receives Access To Accuser's Hard Drive
from the bad-news dept
There's a fascinating, if somewhat confusingly titled, post on Slashdot discussing a lawsuit in Washington state against a spammer. Washington State, of course, put in place one of the earliest anti-spammer laws, allowing individuals to sue spammers for $500/spam if they can track down the spammer. A few people have done nicely forcing local spammers to pay up. In one such case, however, the spammer countered by getting a computer "expert" to demand from the judge that the spammer get an image copy of the accuser's hard drive to look at the "evidence." Even under normal conditions this would be ridiculous -- but it was even more ridiculous here because the spam messages in question were sent to webmail accounts at Hotmail and Yahoo Mail, meaning that they never directly touched the recipient's hard drive. It was clearly a tactic designed to frustrate the guy suing the spammer -- and, unfortunately, it worked. The judge agreed with the "expert" that the hard drive image should be turned over to the spammer. The Slashdot article is confusing, because that's the story it gives, but the title says that the person doesn't have to hand over the hard drive. The explanation appears to be that the guy in question has "settled" the case with the spammer before he needed to hand over his hard drive, though terms of the deal aren't clear at all. Either way, this is a bad decision and will encourage other similar tactics when spammers are brought to court in the future. Hopefully, other judges will recognize that this serves no good purpose other than intimidation and won't allow it.
No doubt Radio Shack will start selling a “Pervert-locating” device for vigilantes.
http://www.wired.com/news/technology/0,72094-0.html?tw=rss.index
Attack of the Perv Trackers
By Randy Dotinga 02:00 AM Nov, 09, 2006
If the creepy guy next door suddenly stops wearing shorts, he may have an eye in the sky to blame.
Just a few years ago, satellite tracking of convicts was a newfangled alternative to house arrest. Now, the number of American ex-offenders tracked through GPS-equipped ankle bracelets will likely triple to more than 30,000, thanks to the passage of a California ballot measure.
California's Proposition 83, which easily passed Tuesday by a margin of 70 percent to 30 percent, requires many convicted sex offenders to be monitored by GPS for life. Only those who committed felonies and served time in prison will be affected.
At least 11 other states have recently considered GPS tracking legislation, with some inspired by the 2005 murder of a Florida girl, allegedly by a registered sex offender. Florida's high-profile legislation was named "Jessica's Law" in her honor, and talk-show host Bill O'Reilly has been pushing for passage of similar laws elsewhere.
But there's a hitch: The ankle bracelets -- usually accompanied by digital-pager-size transmitters -- are hardly criminal-proof. Convicts can easily cut the bracelets off and run away as their probation officer gets an alarm and tries to contact the local police. For health reasons, the bracelets aren't designed to be permanent.
... Another company has created an all-in-one GPS tracking device that doesn't require a separate bracelet and transmitter, although it's bulky. And then there's an approach that's positively Maxwell Smart-ian: At least one model is equipped with a speakerphone, allowing overseers to contact offenders via their ankles.
Any article on this topic is probably worth reading...
http://it.slashdot.org/article.pl?sid=06/11/08/1624207&from=rss
Why Upper Management Doesn't "Get" IT Security
Posted by ScuttleMonkey on Wednesday November 08, @02:04PM from the part-of-your-job-to-explain-it-in-their-terms dept.
Schneier is reporting that the Department of Homeland Security has decided to delve into why upper management doesn't "get" IT security threats. The results aren't terribly surprising to those in the trenches, stating that most executives view security as something akin to facilities management. "Thankfully", the $495 report (if you aren't a "Conference Board associate") helps tell you how to handle the situation.
Ditto
http://it.slashdot.org/article.pl?sid=06/11/08/2213215&from=rss
Shedding Light On the Black Art of IT Management
Posted by ScuttleMonkey on Wednesday November 08, @05:42PM from the that-web-fad-will-never-catch-on dept. Software IT
Cathy writes "An article by Harvard's Andrew McAfee tells nontechnical managers how not to get overwhelmed by the 'drumbeat' of IT projects. McAfee breaks down IT into three categories — functional, network, and enterprise — and says that this framework 'can also indicate which IT initiatives are going to be relatively easy to implement and on which projects executives should focus. In that light, IT management starts to look less like a black art and more like the work of the executive.'"
http://www.bespacific.com/mt/archives/012958.html
November 08, 2006
Privacy International and EPIC Launch Privacy and Human Rights Global Study
Privacy International and EPIC Launch Privacy and Human Rights Global Study: "Each year since 1997, the Electronic Privacy Information Center and Privacy International have undertaken what has now become the most comprehensive survey of global privacy ever published. The Privacy & Human Rights Report surveys developments in 70 countries, assessing the state of technology, surveillance and privacy protection. The most recent report published in 2006 is probably the most comprehensive single volume report published in the human rights field. The report runs to almost 1,200 pages and includes about 6,000 footnotes. More than 200 experts from around the world have provided materials and commentary. The participants range from law students studying privacy to high-level officials charged with safeguarding constitutional freedoms in their countries. Academics, human rights advocates, journalists and researchers provided reports, insight, documents and advice."
Graphic from the Daily Telegraph, November 2, 2006
Attention gamers! Remember, you only score points when you can show stories of clear violations published in traditional media.
http://www.bespacific.com/mt/archives/012964.html
November 08, 2006
CRS Report Examines Statutory Procedures Governing Covert Action
CRS Report, Covert Action: Legislative Background and Possible Policy Questions, November 2, 2006.
Is this “just” a “please don't sue me” bribe, or is it illegal tieing of Universal's music to another product?
http://news.yahoo.com/s/nm/20061109/tc_nm/media_microsoft_universalmusic_dc
Microsoft to pay Universal for every Zune sold
By Yinka AdegokeWed Nov 8, 10:16 PM ET
Microsoft Corp. (Nasdaq:MSFT - news) has agreed to pay Universal Music Group a fee for each new Zune digital music player it sells when the iPod rival launches next week, the companies said on Thursday.
The groundbreaking deal could redefine the digital music business pioneered by Apple Computer Inc. (Nasdaq:AAPL - news)
Rivals including cell phone makers eventually could pay for hardware sales as well as for the music itself, Universal said.
... There have been calls for a so-called iPod tax in some countries including Canada, Netherlands and the UK to help music companies who have lost sales [and can't figure out how to compete in the modern world. Bob] to digital piracy, mainly through peer-to-peer file sharing over the Internet.
No comments:
Post a Comment