Friday, May 23, 2008

If nothing else, the inability to determine exactly what is on your tapes (or laptops) keeps your name in the news as each new “discovery” makes headlines.

http://www.pogowasright.org/article.php?story=20080523081108864

Customer Info From More Banks May Be On Lost Tape (BNY update)

Friday, May 23 2008 @ 08:11 AM EDT Contributed by: PrivacyNews News Section: Breaches

Personal and financial information for customers of Wachovia Bank, Webster Bank and other Connecticut banks may also have been contained on a computer tape that has been missing since late February, Attorney General Richard Blumenthal said Thursday.

The information could compromise personal data for many more Connecticut depositors, well beyond the 556,000 customers of People's United Bank whose information has been confirmed to be on the missing tape, Blumenthal said.

Source - Courant.com



Spreading sand on the slippery slope?

http://blog.wired.com/27bstroke6/2008/05/isp-content-f-1.html

Former Prosecutor: ISP Content Filtering Might be a 'Five Year Felony'

By Ryan Singel May 22, 2008 | 3:23:35 PM

NEW HAVEN, Connecticut -- Internet service providers that monitor their networks for copyright infringement or bandwidth hogs may be committing felonies by breaking federal wiretapping laws, a panel said Thursday.

University of Colorado law professor Paul Ohm, a former federal computer crimes prosecutor, argues that ISPs such as Comcast, AT&T and Charter Communications that are or are contemplating ways to throttle bandwidth, police for copyright violations and serve targeted ads by examining their customers' internet packets are putting themselves in criminal and civil jeopardy.

"These ISPs are getting close to the line of illegality and may be violating the law," Ohm told conference goers at the Computers, Freedom and Privacy conference Thursday.

Charter's proposed test of a system that eavesdrops on the URLs its customers visit, in order to serve them targeted ads, has already spurred a powerful Congressman to question whether the scheme would violate the Cable Act. For its part, Comcast's heavy-handed throttling of peer-to-peer sharing by sending fake stop messages to its customers has the Federal Communications Commission holding hand-wringing public hearings over whether it should ban the practice as being inconsistent with its open network principles.

But Ohm thinks the legal quandary is simpler. These schemes all seem to violate the Wiretap Act, a federal statute banning eavesdropping that comes with criminal and civil penalties. That law has some exceptions for service providers to monitor content, but only when necessary to deliver service, or to protect the company's "rights and property."

In fact, Ohm thinks network system administrators could themselves be in legal trouble, just for following orders from their bosses to install monitoring devices.

"Not only is this a five-year felony, it also has individual accountability," Ohm said. "The sys admin could be sued individually and prosecuted individually If you are asked by your manager to go and do this kind of monitoring, you yourself may be legally exposed."

Fellow panelist Michael McKeehan, a director of Internet and Technology Policy for Verizon, said his company shares the same legal concerns, which is why it has explicitly said it has no plans to build filters to look for copyright infringers, as AT&T has it is interested in doing.

"As far as copyright filtering at the net level goes, Verizon is not doing it," McKeehan said. "We see significant legal and policy issues that need study."

He cited privacy issues with monitoring customers, increased liability if the filtering solution misses something and the possibility of falsely identifying a legitimate file transfer with an illicit one, and the possibility that filters will lead to a encryption war with file sharing software, which is already turning to crypto to hide p2p packets from Comcast's filters.

"Do we want to deputize the middle man in this process?" McKeehan asked, sceptically.

Not surprisingly, the panel did not include anyone from an ISP that is filtering or talking about filtering packets. Those ISPs skipped even an FCC hearing in Stanford last month.

But surprisingly, the head lawyer for Intel's System Technology Lab, Brad Biddle did show up, registering Intel's disapproval of network filters -- especially mandated ones -- on the grounds they could slow innovation and even eventually trickle down to hardware makers.

"If you filter for copyright content at the network level, why not filter at the device level?" Biddle asked. "The next step is to have devices screen for watermarks."

Devices and services like the SlingBox, which lets people view their cable television connection using remote devices, could easily be collateral damage of network copyright filters.

"If they aren't going to be allowed to evolve, we all lose," Biddle said.

The movie and music industry is pushing hard to have states and federal government require filters on university networks, and successfully got Tennessee to pass a law earlier this month that would require schools to beef up content filtering any year that a school got more than 50 copyright infringement notices, according to panelist Steven Worona of EDUCAUSE, which represents university IT departments.

"The RIAA would love to have filter mandates -- state or federal," Worona said, calling universities easy, but wrong targets.

"We are the only ISPs that are trying to inform clients or customers that what they are trying to do is illegal," Worona said.

When asked whether Verizon tried to numerically identify known child pornography images, McKeehan said it had given up on a trial of software to check email attachments, in part because the technology can be defeated by changing a single pixel in the image or slightly resizing it.

"They may be perverts but they are not stupid," McKeehan said.

But Ohm isn't convinced that lawmakers will see it that way, and forsees a bill requiring filtering for child pornography -- an issue sometimes called the skeleton key to the Constitution.

"Once you have a mandate built into the law and you give an order that they build in the surveillance architecture, then it is a shorter walk to get Congress to extend that mandate," Ohm said.



“We're protecting you!” (Bad planning. Setting a limit on gallons rather than dollars would have made more sense, but then that information isn't sent to the card processors...)

http://www.greenbaypressgazette.com/apps/pbcs.dll/article?AID=/20080523/GPG0101/805230619/1978/GPGbusiness

More customers cut off at pump

Some credit card companies put limits on pay-at-the-pump transactions

By Maureen Wallenfang Gannett Wisconsin Media May 23, 2008

As gasoline prices rise, more customers are finding pumps shutting off before their gas tanks are full.

Convenience stores and gas stations say they aren't to blame. It's the credit card companies.

It happens when a customer uses a credit card to pay at the pump.

"It's fraud liability, and meant to protect against identity theft," said Shellee Cosgrove, general manager of Walnut One Stop, 515 W. Walnut St., Green Bay, and Walnut Wine & Liquor.

The credit-card limit isn't new, but many customers never noticed it before because they never pumped that much money into a single tank. But with gas prices on the brink of $4 a gallon, it's happening more often now.

Some credit cards limit pay-at-the-pump transactions to $60 or $80. Some gas cards have preset $100 and $125 limits.



My Security students find this a difficult topic to get their heads around.

http://news.cnet.com/8301-13860_3-9950662-56.html?part=rss&subj=news&tag=2547-1_3-0-5

Microsoft embraces 'Bring Your Own Laptop' model

Posted by Ina Fried May 22, 2008 3:50 PM PDT

REDMOND, Wash.--You've heard of BYOB, now get ready for Bring Your Own Laptop.

There's a small but growing trend in which companies are choosing to give employees money toward their personal laptop, rather than providing a company-issued portable. British Petroleum is among the companies that is trying the approach.

One of the technologies that is making that possible is desktop virtualization, which allows companies to put their software or even an entire corporate image onto the device without having to worry about the fact that it doesn't control the entire laptop.

... For the company, such personally owned laptops can save on support costs and serve as a retention tools for Generation Y-ers, said Lee Nicholls, global solutions director for IT consultant Getronics.



There are a couple of articles like this today. Enough to cause a change?

http://www.jacksonville.com/tu-online/stories/052308/met_281977289.shtml

Privacy laws let suspect go free

By MARCIA LANE, St. Augustine Record May 23, 2008

ST. AUGUSTINE - St. Johns County and state law enforcement officials say they were trying to protect county taxpayers' wallets when they decided not to arrest a drug suspect sent to Shands Jacksonville hospital with a self-inflected head wound.

They didn't plan on Lawrence Jeffrey Sacks walking out of Shands on Sunday and disappearing four weeks after he was taken to the hospital after an April 30 raid on a trailer that housed a marijuana grow house in St. Johns County.

Officials say the hospital was to notify them when Sacks was ready to leave. [Did they ask, or was this just wishful thinking? Bob]

That didn't happen because Sacks was never arrested and, hence, was protected under federal privacy laws. The hospital couldn't release information on him, not even to law enforcement, according to a hospital spokeswoman.

Sacks had a bullet wound to the head when he was taken to the hospital, and St. Johns officials saw no reason to arrest him because they - and St. Johns County taxpayers - would have had to foot the bill, Sheriff's Office spokesman Chuck Mulligan said Thursday.

... Shands, though, is supported by taxpayers, getting funds from both the state and Jacksonville for indigent care.


Interesting that the salvage yard hadn't already salvaged the gasoline...

http://www.wisinfo.com/apps/pbcs.dll/article?AID=2008805230455

Privacy laws are thwarting theft case

The Reporter Staff Posted May 23, 2008; 4:00 AM

JUNEAU — Hospital confidentiality laws appear to be hampering the Dodge County Sheriff Department's search for suspects who may have been injured while attempting to siphon gasoline [When stealing gas at night, don't strike a match? Bob] from equipment at a town of Beaver Dam salvage yard on May 18.

Due to evidence left at the scene, authorities believe the attempt to tap gasoline from equipment parked at Wally's Auto Salvage was thwarted when one of the vehicles burst into flames.



...kinda thought so...

http://news.slashdot.org/article.pl?sid=08/05/22/195233&from=rss

Federal Court Says First-Sale Doctrine Covers Software, Too

Posted by timothy on Thursday May 22, @03:19PM from the it-better dept. The Courts Software

New10k writes

"The US District Court in Seattle has rejected Autodesk's myriad arguments regarding its software licenses and found in favor of eBay seller Timothy S. Vernor. The ruling started by ruling that Vernor was within his rights to resell copies of AutoCAD Release 14 he got in an auction. Once the court settled the legitimacy of reselling, it used that ruling as a lens to dismiss all of Autodesk's various claims. More than once the court described Autodesk's arguments as 'specious' and 'conflicted.'"

Autodesk managed to have Vernor's eBay account pulled, after he listed for sale copies of AutoCad 14. He sued Autodesk in response.



Governments love monitoring their citizens...

http://www.engadget.com/2008/05/22/rim-allows-indian-government-to-monitor-blackberry-network/

RIM allows Indian government to monitor Blackberry network

by Nilay Patel, posted May 22nd 2008 at 2:28PM

Well, it took longer than 15 days to reach a resolution, but apparently RIM is going to back down and allow the Indian government to monitor the Blackberry network in that country. What's worse, it appears that RIM was more interested in covering its own ass than protecting user data during the negotiations: the only concession the company received from the Indian government was a promise that it won't be held liable if there's a leak of users' personal information. [Is that enough to tip the scales in the US? Bob] Yeah, that ought to provide a sparkling incentive to keep things safe. There's no word on when monitoring might begin, but we've got a feeling privacy-loving Indians might suddenly be in the market for a new smartphone.


...but sometimes it gets to be too much. I'll never understand bureaucratic thought (or is that an oxymoron)

http://techdirt.com/articles/20080521/1350411194.shtml

City Council Tells 'Dumbest Criminal' To Stop Posting So Much Evidence To YouTube

from the give-the-cops-a-challenge,-man dept

We've been mocking various attempts to get laws passed that would make it illegal for criminals to post evidence of their crimes on YouTube. This makes absolutely no sense -- as you're basically telling criminals "stop giving us the evidence we need to convict you." If the criminals are so dumb as to hand over such evidence, shouldn't the police and gov't officials be happy about it? Now, in a rather extreme example of this, the city council for Leeds, in the UK, has banned a man they refer to as one of the city's "dumbest criminals" from posting any more evidence to YouTube. In fact, the City Council even seems to recognize how helpful the guy has been: "He has handed us the evidence against him on a plate. In the last three years, we have seen a 32 per cent reduction in crime in Leeds. If more criminals were as obliging, the city would be even safer." So why would you ban him from uploading such evidence?



Business Model: What level of population density is required to make this work?

http://www.webware.com/8301-1_109-9944477-2.html

Wakozi lets lazy New Yorkers get munchies and booze delivered

By Josh Lowensohn – May 14, 2008, 2:42 PM PDT

... Unlike online grocery stores of yore, Wakozi's not doing any of the stocking or infrastructure necessary to get products out on its own; instead it's just acting as the middle man to get hungry people (or those in need of the spare roll of toilet paper at the most inopportune times) the means to get items delivered fast, and with just a few clicks.

The system works by matching you up with businesses that deliver within a certain geographical threshold. After plugging in your address, you can view an entire listing of these businesses, as well as their menus, delivery charges, hours of business, and estimated time of food arrival. Many promise delivery within half an hour, although others simply list the nebulous "ASAP."

Since launching less than two months ago, creator Robert Rizzo says the site's user base has increased weekly by more than 100 percent. He also says that one of the things that makes his system so potentially powerful is that it tracks what items are selling for each retailer, so they can stock up on items that are popular with the home delivery crowd.

Also worth noting is that the company hasn't spent a dime on advertising, and doesn't plan to until it raises its first round of funding. In the meantime, it's expanding into other areas of New York, including Brooklyn and Queens, before launching in two more major cities later this year.



Business Model: Perhaps starting as a summer job for the kids?

http://www.chicagotribune.com/features/lifestyle/green/chi-thu-grease-fuel-may22,0,2418331.story

Grease sizzles as fuel source

Restaurants provide new takeout as rising energy prices send the demand for biodiesel soaring

By Mike Hughlett and Rick Popely Tribune reporters 12:27 PM CDT, May 22, 2008

In the era of alternative fuels, grease is turning into a pretty slick investment.

Restaurants increasingly are being paid for their used cooking oil, icky stuff that historically they've had to pay to have hauled away. And sales of kits that allow diesel-powered cars to run on used cooking oil are soaring.

With all the attention, rendering firms are reporting a surge in grease thefts.

... The grease market is competitive, with relatively low barriers; after all, it can be just a matter of sucking out gunk from a tank into a truck.

No comments: