Despite the release of the 802.11i standard, WLAN security issues aren't likely to go away any time soon. Here's why.

Locals mirror nation's trend -- cell anonymity

[ ... ]

But according to a survey conducted by The Pierz Group, almost 90 percent of cell phone users don't want their numbers listed due to privacy issues.

Just 11 percent of subscribers said they would sign up right now according to the July survey. After being told the number would not be given to telemarketers the number jumped to 35 percent.

CTIA stated in a press release that, "the wireless directory will not be printed in a telephone book, nor will it be available on the Internet. This directory also will not be sold to third parties or sold to telemarketers."

"My cell phone is my anonymity," said Stacy Greenwood, a Fort Collins resident who only gives out her cell-phone number to select friends and family. "I don't give my number to everyone, and I wouldn't want my number available to everyone."

This list is causing controversy by those who are afraid this will open the door to unwanted telemarketing and other harassing calls.

Gov. Arnold Schwarzenegger signed a ballot argument in support of Proposition 69 in July. If approved by voters on Nov. 2, it would unleash the government to gather this information to a degree and among unprecedented numbers of people. Proposition 69 extends collection to every felonious offense and, within five years, requires every adult and juvenile in California arrested for -- but not convicted of (ed. emphasis added) -- a felony to provide the government with cells containing his or her complete genetic structure.

Proposition 69 does not stop there. It would apply retroactively, empowering the government to seek out individuals previously arrested for a felony but found not guilty (ed. emphasis added) , and require them to turn over their DNA.

Rep. Joseph Pitts, R-Pa., is once again calling attention to privacy concern issues surrounding wireless 411, quoting recent findings that consumers want privacy protection assurance before participating in a directory assistance database.

In November, Pitts, along with Rep. Edward Markey, D-Mass., introduced the Wireless 411 Privacy Act, which basically calls for some limits to be put on a wireless directory assistance list, including an opt-in feature; an opt-out feature; and a no-fees-for-unlisted-numbers feature.

HOUSTON -- Confidentiality is a concept that is crucial to a number of professional relationships and has been safeguarded by a number of professional organizations for many years. Confidentiality serves to protect a client who discloses personal information to a professional who is attempting to help that individual. It is a key ethical concept and prohibits the professional from releasing such information to a third party without the client's written approval. It applies to a number of professionals, including health care providers (including hospitals), attorneys, clergy and accountants.

According to the American Civil Liberties Union's web site, Section 215 of the Patriot Act "allows the FBI to order any person or entity to turn over 'any tangible things,' so long as the FBI 'specifies' that the order is 'for an authorized investigation ... to protect against international terrorism or clandestine intelligence activities.'"

Their analysis points out that the "FBI need not show probable cause, nor even reasonable grounds to believe, that the person whose records it seeks is engaged in criminal activity."

Lest this be considered an idle threat, earlier this year Attorney General John Ashcroft demanded the medical records of hundreds of abortion patients to determine if certain abortions were medically necessary. The move has been challenged by Planned Parenthood and others as a blatant invasion of medical privacy and as clearly unconstitutional.

While this instance was not, per se, a consequence of the Patriot Act, the Act only strengthens the hand of Ashcroft and other government inquisitors in such intimidating and politically motivated fishing expeditions.

The ACLU points out that these measures are a blatant violation of the Fourth Amendment "by allowing the government to effect Fourth Amendment searches without a warrant and without showing probable cause." Section 215 empowers the government to require a library to produce records showing who had borrowed a particular book and to require health care providers to produce medical records. The First Amendment is violated by prohibiting the disclosure of such snooping to others and empowering the FBI to investigate citizens on the basis of their exercise of First Amendment activity.

The House Judiciary Committee on Friday debated civil-liberties questions while pondering the recommendations of investigatory bodies created after the Sept. 11, 2001, terrorist attacks.

Members of the committee on both sides of the aisle appeared torn over the question of how much power the federal government should have in its ongoing efforts to prevent terrorism.

In its final report, the so-called 9/11 Commission recommended that the government establish an oversight board to ensure that various intelligence and law enforcement bodies adhere to privacy and civil-liberties guidelines. The commission also recommended the creation of standards for state-issued driver's licenses.

To safeguard against abuses in the use of information shared across the intelligence community, the panel further recommended that the president establish common standards and rules for how various intelligence agencies use that information.

Judiciary Committee members asked how an independent oversight body would have influence because Congress itself has had trouble eliciting information from the administration on several key issues. They also wanted to know which federal entities should have privacy offices and whether such offices should be established within local and state agencies. And they appeared to be concerned about giving the federal government too much surveillance power.

On the question of the independent board's power, Lee Hamilton, vice chairman of the 9/11 Commission, said Congress must ensure that it has enough authority to compel government departments to produce requested information.

"The recommendation is that the agencies must be required to respond to the board," Hamilton said. He added that the commission had subpoena power and without it would have had more trouble obtaining the information that it used in its report.

As they formulate a plan to fight terrorism, Congress and the president should take care to protect individual privacy and the civil liberties of all Americans, two members of the Sept. 11 commission say.

While there is an inherent tension between liberty and security, there's no reason one must be sacrificed for the other - even in an age of terrorism, panel members Slade Gorton and Lee Hamilton said.

Gorton, a former Republican senator from Washington state, said he was troubled that Sen. Edward M. Kennedy was misidentified on a terrorism watch list when he tried to board airliners between Washington, D.C., and Boston. The well-known Massachusetts Democrat said he was stopped five times because a name similar to his appeared on a watch list of people considered dangers to fly.

"Just because there's one bad guy named Edward Kennedy doesn't mean Sen. Kennedy should be kept off" an airplane, Gorton said. "We have to be real careful."

At a hearing Friday before a House subcommittee, Gorton and Hamilton, a former Democratic congressman from Indiana, said reconciling security and liberty is difficult but crucial.

As I watched the airport screener search my father, I had to wonder: have we lost our common sense?

[ ... ]

Of course we need to screen airplane passengers, but I think there is a better way. My first suggestion is to include in the security training this mantra: "You must look into the passenger's eyes. People should be treated with respect." Isn't that the way of life we're all fighting to keep?

theodp writes "After watching a burly airport screener search her lymphoma-stricken father, forcing the frail and faltering 78-year-old to hand over his oxygen meter, stand at attention with arms spread for a wand search, take off the Velcro strap shoes that he'd struggled to put on, and strain to keep his balance as his belt was tugged repeatedly, a Newsweek columnist wonders: have we lost our common sense when it comes to passenger screening?" --- An anonymous reader writes "CNN reported that Kennedy wasn't alone in being listed in the airport watch list as reported in a Slashdot article. Rep. John Lewis, D - Georgia, a nine-term congressman, has been stopped many times because his name appeared on an airline watch list as told to Senate Judiciary Committee hearing on border security. He contacted the Department of Transportation, the Department of Homeland Security and executives at various airlines in an effort to get his name off the list, but failed. Instead, he received a letter from the TSA indicating he has cleared an identity check with the agency even though he might still be subject to extra security checks."

One of the basic forms of personal identification, the passport, is on the verge of taking on a new, high-tech identity.

A number of countries are about to launch trials of passports and visas that incorporate basic Biometric information about the document holder alongside the traditional photo and passport number--data such as a digital image of the citizen's face that will be compared to a facial scan taken at the airport.

The first country to take the plunge will likely be Belgium, which plans to conduct an e-passport trial later this year, with possible real-world implementation by next year. The U.K. Passport Office recently announced that it is looking for volunteers to help test the recording and verification of facial recognition, iris and fingerprint biometrics. And New Zealand and Canada are also actively looking into conducting trials.

Australia and the United States, meanwhile, have issued requests for proposals for trials of their own, and the Netherlands is looking at ways for banks to adopt chip-based documents that would be used to confirm identification.

[ ... ]

Critics of the technology, however, are worried that governments might use the data to track citizens going about their ordinary business or that miscreants who steal the high-tech passports might be better equipped to carry out identity theft.

"It is too easy to steal information out of a card," said Katherine Albrecht, the founder and director of Consumers Against Supermarket Privacy Invasion and Numbering, or CASPIAN, a policy watchdog created to expose data issues with supermarket loyalty programs.

Proponents acknowledge these concerns. But they say they've included technology that will shield private information contained in e-passport memory chips and keep it from falling into the hands of unauthorized parties. Security systems are never perfect, but the internal systems on these chips will make it difficult to surreptitiously read (or alter) information the chips contain.

ftblguy writes "Countries such as the UK, Belgium, Netherlands, Canada, US, Australia, and New Zealand are currently looking into adding RFID chips to citizens' passports. The chips would contain data such as a digital image of the person's face. A real-time facial scan of the carrier of the passport would then be matched to the data encoded in the chip. But privacy advocates such as CASPIAN are concerned that this data could get into the hands of the wrong people or that governments could use the data to track their citizens as they go about their personal business. But, with all of the terrorist threats lately, bringing passport documents into the digital world is sure to increase security."

Dave21212 writes "Yes folks, the International Olympic Committee's 'Brand Protection Team' will be protecting against the threat of Advertising Terrorism at the games. According to an MSNBC article, the IOC's Karen Webb states 'Our role is to protect all of our sponsor categories and actively monitor ambush activity.' Restricted items include, flags, umbrellas, shirts, hats, and bags with trademarks of rival sponsors. Unofficial brands can be confiscated and with only Coke allowed on Olympic grounds, this brings new meaning to The Pepsi Challenge!"

If you haven't signed up for the no-call list yet, Tuesday is your last chance until the next deadline.

Indiana's telephone privacy list, which contains phone numbers that telemarketing companies must consult, prevents you from receiving unwanted telemarketing calls. The deadlines to sign up are set quarterly, and Tuesday, August 24 is the next deadline.

Attorney General Steve Carter says Indiana's law is the toughest in the nation and that it reduces unwanted calls by as much as ten per week. Last quarter saw 60,000 new registrations.

If you register through Aug. 24, you should notice a drop in calls starting October 1. It's not necessary to register again if you have the same phone number.

So far there have been 1.5 million phone numbers registered. The state has agreements with 142 companies and has assessed penalties of nearly $500,000 for alleged violations.

Just thought I'd pass along a little info about a company I thought might not be a scammer. Not long ago it seems that Silicon Valley (a SF newspaper that is part of the RealCities network) implemented a requirement that you register to read their stories. Last week I caved and registered with their site(using a unique E-mail address of course). Within days I was receiving SPAM at that address. And not even normal business SPAM but SPAM with what looks like a virus/worm. It attached a PIF file. I didn't load it of course. I tried e-mailing Realcities about this a few days ago, but of course have not heard back.

The site that helps people evade registration roadblocks on websites couldn't evade trouble itself. Its server host, perhaps bowing to pressure, pulled the plug last week. But a new host is found and BugMeNot is back up.

The failed attempt to recall the country's populist president has the losing party crying foul, even though the electronic voting machines used in the election produced a voter-verified paper audit trail.

While TV viewers and radio listeners have long suffered through ear- piercing emergency-alert tests, the system has had a spotty record in actual crises. That's why critics are leery of plans to expand the system to cell phones and PCs

kcurtis writes "I realize this has nothing to do with technology, but I found this list of books (and related Boston Globe article) suggested by the US Chief of Staff of the Army fascinating. It is basically what General Peter Schoomaker thinks officers at different ranks should read. It includes classics like "The Art of War", and newer books like "Band of Brothers: E Company, 506th Regiment, 101st Airborne from Normandy to Hitler’s Eagle’s Nest". It is also interesting for the changes made to the list. As noted in the Globe article, there is a new emphasis on the way the roles of an army may change."

Earlier this month, the Federal Communications Commission voted unanimously to move forward with rules that would compel the businesses to make it possible for law enforcement agencies to eavesdrop on Internet calls.

But developing systems to wiretap calls that travel over high-speed data networks - a task that the companies are being asked to pay for - has caused executives and some lawmakers to worry that helping the police may stifle innovation and force the budding industry to alter its services. That requirement, they say, could undermine some of the reasons Internet phones are starting to become popular: lower cost and more flexible features.

The commission's preliminary decision, announced on Aug. 4, is a major step in the long process of deciding how Internet-based conversations could be monitored. Regulators will now hear three months of public testimony on the ruling. Few expect a resolution of the issue this year, but it is not hard to figure out who will ultimately pay for the wiretapping capability.

vaporland writes "This article @ nytimes.com talks about the reasons that development of commercial Vo-IP may be stifled by the costs required to allow the federal government to listen in on conversations. It is the intention of the FBI, et al, to provide a truly unfunded mandate to force VOIP service providers to develop and provide this wiretap access to them at no cost to the U.S. government, which is to say, the consumer of VOIP will foot the bill for allowing the government to listen in on our phone calls. Perhaps they should just hire some "script kiddies" to show them how to do it on the cheap?"

LogError writes "In this audio learning session, Joseph Zacharias, Managing Director at Kerio Technologies UK, discusses the major aspects of e-mail security, including viral threats and different anti-spam techniques. He especially focuses on the new Microsoft Caller ID technology."

A worm capable of using webcams to spy on users is circulating across the Net.

Rbot-GR, the latest variant in the prolific worm series, spreads via network shares, exploiting a number of Microsoft security vulnerabilities to drop a backdoor Trojan horse program on vulnerable machines as it spreads. Once a backdoor program is installed on a victim's PC it's always game over - an attacker can do whatever takes their fancy. But Rbot-GR comes pre-loaded with functionality specifically designed to control webcam and microphones. Other variants of the worm do not come with this "Peeping Tom" routine, according to AV firm Sophos.

Ant writes "The Register mentions a new Windows worm known as Rbot-GR that is currently circulating accross the net. It has the capability to spy on users using webcams. " I'm surprised that it took this long.

Athens -- From microchips on marathon runners' shoes to ultrasensitive touch pads in the pool, there's a 007 trove of gadgetry behind the Games to help separate the Olympic medal-winners from the also-rans.

"Most people have no idea how we get the times," said Peter Huerzeler, who has been timing the Olympics for the past 36 years. He's working in Athens for Swatch, the watchmaker, keeping score at every venue.

Darren writes "Athletes are going faster, higher and longer and as a result the technology that measures their feats at the Olympics needs to keep up. As a result a number of new devices to help track winners, losers at the Games have been developed, including microchips on marathon runners' shoes, ultrasensitive touch pads in the pool, radar guns at the beach volleyball and cameras that take 1000 images per second."

Ashcrow writes "A new virus, named W64.Shruggle.1318 by Symantec, is being 'tested' on AMD64 machines running 64-bit Windows. While it is not currently a danger to 64-bit Windows users, it does show that virus writers are looking toward the future. The exploitable software in questions is currently unreleased outside of beta. News.com has the full article."

psy writes "physorg has a story on a new spam firewall developed at The University of Queensland. The new technology is the only true spam firewall in existence, according to co-developer Matthew Sullivan. "Existing anti-spam software filters out spam whereas ours puts up a firewall, stopping all email traffic and only allowing real mail through," said Mr Sullivan. "In addition, our technology is accurate and fast. We recently completed a successful trial of a key layer of the spam firewall and it processed the emails at 90 messages per second, misclassifying only one out of 25,000 emails." "It turned out that the software was even better than us, picking up spam we’d incorrectly classified as legitimate emails."

Secure e-voting is possible but not without a sizable effort.

Last month, Harris Miller, president of the Information Technology Association of America, reportedly stated that the open-source movement is using the issue of e-voting security to wage a "religious war" that pits open-source software against proprietary software. The only thing more absurd would be for Miller to blame the woes of e-voting on a vast right-wing conspiracy. As a citizen and voter, Miller should applaud, not disparage, the whistle-blowers who have demonstrated the security flaws of e-voting systems.

Leading security professionals say they are against e-voting because of its intrinsic security weaknesses. Indeed, if e-voting were a drug, the FDA would never let it out of the lab.

Miller also stated that a recent ITAA survey showed that 77 percent of registered voters are unconcerned about the security of e-voting systems. Such a figure demonstrates how little those polled know about information security. Could any of that 77 percent find insecure code in the voting software or explain, for example, how blind signature voting systems are supposed to work? Democracy is magnificent, but the optimism of 77 percent of the populace cannot make insecure and buggy code workable. If the 77 percent truly understood the many security problems, their enthusiasm for e-voting would be quickly extinguished.

Key members of Congress and the 9/11 commission make it clear that a federal board to protect civil liberties in the age of terrorism is not optional. But they're struggling to figure out how to establish it.

Olympians can do media interviews but they'd better not blog. The International Olympic Committee, interested in protecting lucrative broadcasting contracts, forbids any activity that might upset the networks

In a major setback for the music and movie industries, a federal appeals court upholds a lower court's decision in the infamous Grokster case, ruling Peer-to-peer services Morpheus and Grokster are not liable for the copyright infringement of their users.

At a meeting of technologists developing new standards for e-voting systems, the head of the nation's new elections commission lauds computer scientists for the work they're doing on the nation's behalf.

The meeting had all the hallmarks of an ordinary Congressional hearing. There was Senator Edward M. Kennedy, Democrat of Massachusetts, discussing the problems faced by ordinary citizens mistakenly placed on terrorist watch lists. Then, to the astonishment of the crowd attending a Senate Judiciary Committee hearing on Thursday, Mr. Kennedy offered himself up as Exhibit A.

Between March 1 and April 6, airline agents tried to block Mr. Kennedy from boarding airplanes on five occasions because his name resembled an alias used by a suspected terrorist who had been barred from flying on airlines in the United States, his aides and government officials said.

Instead of acknowledging the craggy-faced, silver-haired septuagenarian as the Congressional leader whose face has flashed across the nation's television sets for decades, the airline agents acted as if they had stumbled across a fanatic who might blow up an American airplane. Mr. Kennedy said they refused to give him his ticket.

"He said, 'We can't give it to you,' " Mr. Kennedy said, describing an encounter with an airline agent to the rapt audience. " 'You can't buy a ticket to go on the airline to Boston.' I said, 'Well, why not?' He said, 'We can't tell you.' "

"Tried to get on a plane back to Washington," Mr. Kennedy continued. '' 'You can't get on the plane.' I went up to the desk and said, 'I've been getting on this plane, you know, for 42 years. Why can't I get on the plane?' "

[ ... ]

In Mr. Kennedy's case, airline supervisors ultimately overruled the ticket agents in each instance and allowed him to board the plane. But it took several weeks for the Department of Homeland Security to clear the matter up altogether, the senator's aides said.

Just days after Homeland Security Secretary Tom Ridge called Mr. Kennedy in early April to apologize and to promise that the problems would be resolved, another airline agent tried to stop Mr. Kennedy from boarding a plane yet again. The alias used by the suspected terrorist on the watch list was Edward Kennedy, said David Smith, a spokesman for the senator.

At the hearing, Mr. Kennedy wondered how ordinary citizens could navigate the tangled bureaucracy if a senator had so much trouble. "How are they going to be able to get to be treated fairly and not have their rights abused?" he asked.

Sen. Edward "Ted" Kennedy said Thursday that he was stopped and questioned at airports on the East Coast five times in March because his name appeared on the government's secret "no-fly" list.

Federal air security officials said the initial error that led to scrutiny of the Massachusetts Democrat should not have happened even though they recognize that the no-fly list is imperfect. But privately they acknowledged being embarrassed that it took the senator and his staff more than three weeks to get his name removed. (ed. emphasis added)

A senior administration official, who spoke on condition he not be identified, said Kennedy was stopped because the name "T. Kennedy" has been used as an alias by someone on the list of terrorist suspects.

While he worked to clear himself, Kennedy kept having to wait in the terminal at Washington's Reagan National, Boston's Logan International and at least one other airport, his staff said. All the flights were on US Airways.

Kennedy's description of his air travel troubles -- mentioned during a Senate Judiciary Committee hearing Thursday on the 9/11 panel's recommendations -- gave new life to questions about the quality and effectiveness of the no-fly list. Security, intelligence and law enforcement agencies established the list after the 2001 terrorist attacks. Critics said the senator's experience served as the latest example of how a system designed to improve security is instead targeting innocent travelers.

The government does not make public the names or total number of people on the list, which officials say is constantly updated. According to FBI documents obtained by the American Civil Liberties Union under a Freedom of Information Act request, more than 350 Americans have been delayed or denied boarding since the list's inception. The list hasn't led to any arrests, officials said.

The American Civil Liberties Union has filed a lawsuit on behalf of six Americans who have had experiences similar to Kennedy's.

"That a clerical error could lend one of the most powerful people in Washington to the list -- it makes one wonder just how many others who are not terrorists are on the list," said Reggie Shuford, a senior ACLU counsel. "Someone of Sen. Kennedy's stature can simply call a friend to have his name removed, but a regular American citizen does not have that ability. He had to call three times himself." (ed. emphasis added)

sig writes "Senator Edward Kennedy (D-MA) was turned down for a flight from Washington, D. C. to Boston because his name turned up on the TSA No-Fly list. He eventually got on a flight, but was again denied on his way back to D.C. It took 3 weeks of calls to Tom Ridge and the Department of Homeland Security for the ordeal to get straightened out. But what are ordinary citizens supposed to do if the Secretary of Homeland Security won't take their calls?" --- There's also a New York Times story.

nodwick writes "CNN reports that in a bid to protect its lucrative media contracts, the IOC is barring competitors, coaches, and support personnel from writing firsthand accounts of their Olympic experience, on the web or in print, for the duration of the Games. Nor are they allowed to ever post photographs or movies that they've taken, including media of themselves, even after the Games are finished. They've threatened to disqualify anyone that violates their restrictions and sue them for monetary damages. Looks like an effort to clamp down on grassroots, word-of-mouth publicity for the Olympics -- good thing they're not having any problems selling tickets anyways, eh?"

A woman in Milwaukee and her ex-boyfriend are under orders to pay thousands to the recording industry. A man in California refinanced his home to pay an $11,000 settlement. A year after it began, the industry's legal campaign against Internet music piracy is inching through the federal courts, producing some unexpected twists.

"I'm giving up and can't fight this," said Ross Plank, 36, of Playa Del Ray, Calif. He had professed his innocence but surrendered after lawyers found on his computer traces of hundreds of songs that had been deleted one day after he was sued.

Plank, recently married, refinanced his home for the money.

"Apparently, they would be able to garnishee my earnings for the rest of my life," Plank said. "For the amount I'm settling, this made sense. I didn't see any other way. They've got all the power in the world."

The campaign has also produced worries, even from one federal judge, that wealthy record companies could trample some of the 3,935 people across the country who have been sued since the first such cases were filed in September 2003.

"I've never had a situation like this before, where there are powerful plaintiffs and powerful lawyers on one side and then a whole slew of ordinary folks on the other side," said U.S. District Judge Nancy Gertner at a hearing in Boston. Dozens of such lawsuits have been filed in her court.

On the West Coast, another judge rejected an injunction sought by record companies against one Internet user, saying it would violate her rights.

So far, however, record companies are largely winning their cases, according to a review by The Associated Press of hundreds of lawsuits. They did lose a major ruling this week when a U.S. appeals court in California said manufacturers of software that can be used to download music illegally aren't liable, leaving record labels to pursue lawsuits against Internet users.

James McDonough of Hingham, Mass., said being sued was "very vexing, very frustrating and quite frankly very intimidating." He told Gertner, the Boston judge, that his 14-year-old twins might be responsible for the "heinous crime" of downloading music "in the privacy in our family room with their friends."

Gertner has a teenage daughter and said she was familiar with software for downloading music. She blocked movement on all the Massachusetts cases for months, "to make sure that no one, frankly, is being ground up."

Gertner started ruling on cases again this month, when she threw out counterclaims accusing record companies of trespass and privacy invasions for searching the online music collections of Internet users.

Iphtashu Fitz writes "The Associated Press recently reviewed many of the copyright infringement lawsuits that the RIAA filed against individuals charged with illegally sharing songs on P2P networks. According to the article over 800 of the targeted individuals have settled for approx. $3000 in fines. One man in California had to refinance his house to pay his $11,000 settlement. Many of the defendants are unwilling to face the possibility of even higher fines by fighting the suits in court despite the fact that it could resolve important questions about copyrights and the industry's methods for tracing illegal downloads. It seems that even some of the judges presiding over these cases question the RIAA's tactics. 'I've never had a situation like this before, where there are powerful plaintiffs and powerful lawyers on one side and then a whole slew of ordinary folks on the other side,' said U.S. District Judge Nancy Gertner, who blocked the movement of a number of these cases in her courtroom for months. She wanted 'to make sure that no one, frankly, is being ground up.'"

There are many names attributed to Cunningham. But only one is common in nearly every language and known by every person who's ever owned a computer with an Internet connection: spammer.

The moniker isn't one Cunningham, or anyone else in the business of bulk e-mail distribution, is fond of, understandably so, as he claims to send only legitimate e-mails. Bulk mailing, he said, has been lumped into the same category as illegal spam, which sports spoofed e-mail addresses or peddles in a variety of unsavory markets like porn and Internet scams, such as the Nigerian spam scam.

[ ... ]

Cunningham moved on to Unsolicited Commercial E-mails (UCE) and mass-mailing software programs. Seeing that many of his programmer friends were making good money with homegrown applications, mainly targeted at AOL because of the ISP's difficulty keeping up with blocking technology, he began running his own spamming operations.

He also began to experiment with other mailing programs, such as Stealth Mass Mailer, Send-Safe, Golden Launcher and Desktop Super Server, putting aside some money each time and investing in other marketing schemes. In the waning years of the 20th century, Cunningham migrated from promoting others' products to running his own affiliate programs, designing his own marketing software and lending his services to other bulk-mail providers. It was an evolution brought about by the changing times and the growing clamor over junk e-mails and rise of the anti-spam community.

kaip writes "Internetnews.com has a story of a spammer. The individual sends 60 million spam emails for four days worth of work and claims that one in 19 of AOL users clicks the links in his mortgage spam (this number should however be taken with a grain of salt, see rules 1 and 2). Maybe not everybody has heard of the Boulder Pledge... The article also tells how the CAN-SPAM Act, which legalises spamming, is turning the US into the spam haven of the world. Currently, 86 percent of the total spam volume is coming from the States."

WHAT: Joint Subcommittee Oversight Hearing entitled, "Privacy and Civil Liberties in the Hands of the Government Post-September 11, 2001: Recommendations of the 9/11 Commission and the U.S. Department of Defense Technology and Privacy Advisory Committee (TAPAC)

WHO: Commercial and Administrative Law Subcommittee - Rep. Chris Cannon (R-UT), Chairman and Constitution Subcommittee - Rep. Steve Chabot (R-OH), Chairman

WHEN: 10 a.m., Friday, August 20, 2004

This is one of those items you might want to cut out and stick on the refrigerator door.

Back-to-school season is almost here, and with it come computers -- awesome tools that, unfortunately, have a dark side.

So the state has issued some guidelines for kids and their parents.

These guidelines come from the Office of Privacy Protection, a unit of the California Department of Consumer Affairs.

State and federal laws require Web sites that collect personal information from kids to get parental permission.

Whether at school or home, here are some things to keep in mind:

CNW Telbec (Communiqués de presse) - Canada -

MONTREAL, Aug. 18 /CNW Telbec/ - Reporters without borders today condemned as a "serious attack on investigative journalism" and a violation of European human rights law police raids on the offices of the Milan weekly

Gente and the house in Rome of journalist Gennaro De Stefano on 16 August. "These searches threaten the privacy of journalistic sources and contravene rulings by the European Court of Human Rights that consider such action to violate article 10 of the European Convention on Human Rights unless they can be justified by a 'pressing social need.' Since this case goes back three years, there is no such need," the worldwide press freedom organisation said.

At least 19 Holland and Zeeland area companies are reaffirming their policies to withhold the release of private employee information to outside organizations in an effort to counter what they view as a trend to undermine these policies when it comes to union neutrality agreements.

The group includes mostly manufacturers, such as Trendway Corp., Gentex Corp., Perrigo Co. and Haworth Inc., but also Mercantile Bank Corp. and Woodland Realty Inc. The companies adopted a written policy provided by West Michigan Works to prevent the distribution of an employee's Social Security number, home address, telephone number or wages without the employee's knowledge and consent.

"These companies mostly already have these policies. The significance is that it's being made public that we're not going to do this no matter what," said Bruce Los, West Michigan Works president and vice president of human resources for Gentex in Zeeland.

He estimated the businesses that have signed the privacy agreement represent up to 10,000 employees in Ottawa and Allegan Counties.

The agreement comes as a response to companies such as Johnson Controls Inc. and Magna Donnelly in Holland adopting neutrality agreements last year with the United Automotive Workers union, at the behest of the domestic Big Three automakers.

Do you believe journalists should have a right no other citizen enjoys, the privilege not to testify before a grand jury and name a source responsible for committing a crime?

The conflict between the courts and journalists over this issue has been going on forever in this country. Judge Thomas F. Hogan has ruled that Time magazine reporter Matthew Cooper either name his source or go to jail for abetting a crime.

Cooper has been held in contempt for refusing to come clean to a federal grand jury with the name of his source or sources for a story he wrote naming Valerie Plame, a CIA covert employee and wife of former U.S. Ambassador Joe Wilson.

Calgary Sun - Calgary,Alberta,Canada -

ATHENS -- An Athens court yesterday rejected a request by a Greek civil rights group to ground a security airship patrolling the capital's skies during the Olympics. Judge Maria Klonari said the 60-metre blimp -- laden with cameras, chemical "sniffers" and other sensors -- was being monitored by Greece's independent Data Protection Authority and did not violate privacy rights.

The Communist-backed Democratic Rally for Privacy Rights filed the suit earlier this month but the action failed to halt the blimp's daily patrols. Klonari heard the case Aug. 6 and issued her decision yesterday.

The airship is part of Athens vast surveillance system. The Olympics security program is costing Greece 1.2 billion euros ($1.9 billion Cdn).

In addition to standardizing trust law, the UTC outlines the rights and duties of trust creators, trustees and beneficiaries, and makes trust law readily available to the public. It also includes one controversial provision: requiring trustees to notify certain beneficiaries - charities or people who are 25 or older - of an irrevocable trust.

Wealthy families often use trusts to hand assets over to family members while lowering their tax bills. It is not unusual, however, for beneficiaries to be unaware that they will receive a windfall in the future. Critics told the Wall Street Journal that the knowledge of a trust could lessen a beneficiary's desire to work. It could also create disputes among family members who can learn exactly how much money they will receive. The matter can get even more sensitive if the trust creator is still alive when the beneficiaries learn how much is at stake.

These kinds of concerns prompted the state of Arizona to repeal the law. In fact, Joseph I. McCabe, a Phoenix estate attorney, said some of his clients were "highly offended" by the notification requirements. "It was a very big issue," he said.

Opinion: A device using GSM/GPS wireless that reports your car's wherabouts--which is in pilot testing for a British insurance company--is the latest example of a technology marvel that brings a serious loss of privacy.

Imagine this. You're driving around in your HOV (highly ostentatious vehicle), and you follow your normal route home.

The next day, you are notified by your insurance company: "Under the terms of Court Order 34/FKC/34 paragraph 12 subsection iii, your auto insurance is void."

It turns out that you drove within a mile of the house belonging to your ex-spouse, which violates the terms of a court order. As a result, your auto insurance, which was offered under advantageous terms on the grounds that you had a clean record, no longer applies.

Well, yes, it could happen. Actually, I can't see how it could fail to happen. All insurance is offered on an "utmost good faith" basis, whereby failing to disclose any factor that might invalidate it will indeed invalidate it--even if, had you asked, they'd have decided it didn't count. It's the failure to disclose that is the problem.

And who, in a nutshell, disclosed?

The honor roll has long been used to recognize those students who achieve in the field of academics, and for as long as the honor roll has been around it's been published in local newspapers. But does that publicity violate a student's right to privacy? That's the question that Marion Unit 2 school board member Mark Whitehead put to the other board members at Tuesday night's meeting.

I'm just wondering how can we continue to get away with that," said Whitehead. "Not only do we post the honor roll but we also basically tell the public what your grade point average is because we break it down into three levels, and it's not hard to figure out."

E-mail-based virus attacks might threaten business operations and managing Spam can drain productivity, but inappropriate employee use of e-mail can place intellectual property at risk and potentially open businesses to lawsuits.

The password, as it exists today, is a dinosaur -- a throwback to a time before automated worms existed that could log every keystroke computer users make, and before phishing messages emerged that trick people into sending their passwords to a con artist. But though one password is insufficient, a lot of companies are starting to believe that two passwords may be just the ticket.

Businesses call the arrangement "two-factor authentication," but it boils down to having one password that you make up for yourself and another password that you get from someplace else. This is the computer equivalent of the security provided by a safety deposit box: Your key alone can't open the box, and neither can the bank's key; both parties need to use both keys at the same time.

Here's how one method might work: Your bank includes, with your monthly statement, a card with 50 passwords printed on it. Each password hides behind the same silvery stuff that obscures the numbers on a scratch-off lottery ticket. When you want to log into your bank account online, you scratch off the silvery stripe covering one password, and then log into the Web site with your username, the password you created, and the password on the scratcher card. After you've used the scratched-off password, you can never use it again.

The security benefits here are clear. Even if someone guesses the password you made up for your bank account, they still can't get in unless they hold your card of passwords. If someone finds your password card, they can't get in unless they can also guess the password you invented. Some banks in Sweden already use this method; no U.S. bank uses it yet for consumer accounts.

A hot button, and a somewhat confusing legal issue, was brought to the local forefront last week when the home addresses of two Mount Vernon Police officers were released in a complaint that eventually found its way into the public eye.

Armed with tagging devices and satellite tracking, marine scientists follow hundreds of sea animals around the Pacific Ocean, monitoring everything from location and depth to speed and water temperature.

As college students return to campus this month, they'll have their pick of courses tied to homeland security. Options range from a brief history of Islamic jihad to instruction in how to design buildings that can withstand acts of terrorism.

Internet providers in Britain are getting tougher with those websites that use spam to drum up business.

A new code of practice adopted by net firms lets them close e-commerce sites using junk mail marketing, even if the spam comes from elsewhere.

It is not clear if the policy will cut the flood of spam messages because most of it comes from outside the UK.

Net firms hope to reduce junk mail by getting the code adopted by the nations used by spammers to send messages.

UK ISPs are targeting ecommerce websites run by spammers in a new 'get tough' policy on junk mail. ISPs belonging to the London Internet Exchange (LINX) have voted through acode of practice which gives them the mandate to shut down websites promoted through spam, even if junk mail messages are sent through a third-party or over a different network. The move is intended to remove the financial incentive to send spam.

LINX is also calling on ISPs to take down websites used to sell spamming tools, such as CDROMs containing millions of illegally-collected email addresses. The code of practice changes were voted through at an extraordinary general meeting of LINX, which handles more than 90 per cent of the UK's Internet traffic.

JebuZ writes "The Register is currently reporting that UK ISPs are targeting ecommerce websites run by spammers in a new 'get tough' policy on junk mail. ISPs belonging to the London Internet Exchange (LINX) have voted through a code of practice which gives them the mandate to shut down websites promoted through spam, even if junk mail messages are sent through a third-party or over a different network. The move is intended to remove the financial incentive to send spam." --- There's also a BBC story.

EFF has won its Grokster case in the Ninth Circuit Court of Appeals -- this is the case that establishes that if you make truly decentralized P2P software -- like Gnutella -- you can't be held liable for any copyright infringement that takes place on their networks. This is the "Betamax principle," from the famous Supreme Court case that established that Sony wasn't responsible for any infringement that its customers undertook with their VCRs.

The Studios' argument was that people who make P2P software should be obliged to build it in such a way as to make it easy to police -- i.e. not on Gnutella-like lines -- an idea so sickeningly dumb that it's a tremendous relief that the court refused to buy it.

Now is a good time to download the 16MB MP3 audio of EFF IP Attorney Fred von Lohmann's oral argument in the appeal -- he was nothing less than brilliant (and it didn't hurt that one of the shmendricks representing the rights-holders kept forgetting the judge's name). This is some of the best courtroom drama you'll ever hear, and when you're done, download the PDF of the decision below and rejoice in our freedom.

The 9th Circuit Court of Appeals ruled today that Grokster (along with other vendors of decentralized P2P systems) is not liable for the copyright infringement of its users. Today's decision upholds a lower court decision, which had been appealed by a group of music and movie companies.

The Court largely accepted Grokster's arguments, finding that although the vast majority of Grokster users are infringers, Grokster itself cannot be held liable for that infringement.

The Court found Grokster not liable for contributory infringement, because Grokster did not have the necessary knowledge of specific infringement. In light of the Supreme Court's 1984 Sony Betamax decision, as elaborated in this appeals court's Napster decision, the court first determined that Grokster's software has substantial commercially significant uses other than infringment. As a result, contributory infringement would have required that Grokster have knowledge of specific acts of infringement, at a time when Grokster could take action to stop those acts. But Grokster simply distributes its product to consumers, and has no knowledge of how any particular customer uses the product later. If copyright owners tell Grokster about an act of infringement, after that act has already happened, that is not actionable knowledge because it is too late to stop the infringment.

The court also held Grokster not liable for vicarious infringement, because Grokster does not have the right and ability to control its customers' infringing activity. Grokster has no practical way to kick users off the system or to police the system's use. The court also ruled that Grokster cannot be required to redesign its software and force its customers to update to the redesigned version.

The money quote comes near the end of the opinion:

As to the issue at hand, the district court's grant of partial summary judgment ... is clearly dictated by applicable precedent. The Copyright Owners urge a re-examination of the law in light of what they believe to be proper public policy, expanding exponentially the reach of the doctrines of contributory and vicarious copyright infringement. Not only would such a renovation conflict with binding precedent, it would be unwise. Doubtless, taking that step would satisfy the Copyright Owners' immediate economic aims. However, it would also alter general copyright law in profound ways with unknown ultimate consequences outside the present context.

Further, as we have observed, we live in a quicksilver technological environment with courts ill-suited to fix the flow of internet innovation. The introduction of new technology is always disruptive to old markets, and particularly to those copyright owners whose works are sold through well-established distribution mechanisms. Yet, history has shown that time and market forces often provide equilibrium in balancing interests, whether the new technology be a player piano, a copier, a tape recorder, a video recorder, a personal computer, a karaoke machine, or an MP3 player. Thus, it is prudent for courts to exercise caution before restructuring liability theories for the purpose of addressing specific market abuses, despite their apparent present magnitude.

The Importance of writes"Grokster has won big in the 9th Circuit Court of Appeals. Read the decision: [PDF]. It is a very strong decision, basically bringing the Sony-Betamax decision into the modern age. Of course, the decision does make it clear that if Congress wants to change the law, they can (cough*INDUCE Act*cough). Read the whole thing, the actual opinion is only 18 single-column pages. See also, commentary from Jason Schultz, Ernest Miller, Cory Doctorow, and Ed Felten. And don't forget to thank EFF."

acz writes "The brain and guts driving the development of Kismet is Mike Kershaw alias Dragorn, who works during the day on IBM mainframes and hacks code at night. Kismet is simply the best war driving tool out there plus it's free as in GPL and can even run on your linux PDA. In a recent interview posted on HERT today, he says: 'I've become entirely jaded towards security as a whole (or rather, people's complete lack of it) and not much surprises me when it comes to open wireless networks. ... the overall percentage of unencrypted networks is still at about 80%.'"

Marda writes "It's been known for a while that Romainian cyber extortionists cracked the computer network at the Amundsen-Scott South Pole Station last year. Now SecurityFocus is reporting that another computer intruder penetrated the station just two months before, and cracked the data acquisition system for the Degree Angular Scale Interferometer (DASI), a radiotelescope that measures properties of the cosmic microwave background. It turns out the station was insecure 'purposely, to allow for our scientists at this remotest of locations to exchange data under difficult circumstances,' according to internal reports."

Hero or troll? Opinions differ. Freedom fighter or eccentric? Both, if you bother to ask him. Sarong or turban? Both, anytime! Greplaw has picked John Gilmore's brain.

mpawlo writes "I have just published another one of those Greplaw interviews. This time, John Gilmore had the courtesy of answering a wide range of questions on various subjects such as terrorism and security, spam blocking, censorship, secret laws in airports and of course - sarongs. Gilmore starts: 'I'm a civil libertarian millionaire eccentric.' Enjoy!"

Washington DC Forum Aims to Help Organizations Walk Line Between Anti-Terror Efforts and Consumer Data Protection

YORK, ME -- (MARKET WIRE) -- 08/17/2004 -- The International Association of Privacy Professionals, the world's largest association for the privacy profession, announced it will host an event examining the intersection of consumer privacy and national security. The IAPP Privacy and National Security Forum, to be held at the Washington Renaissance Hotel on September 30th, will assemble thought leaders in government and industry for a candid debate on the privacy issues raised by current national security efforts.

"In an era of increased focus on national security, demands placed on the private sector for data and technologies to combat increased threats seem incompatible with demands on the protection of sensitive consumer information," notes Trevor Hughes, Executive Director of the IAPP. "How can an organization maintain robust data security to protect consumer privacy while also making provision for possible cooperation with governmental anti-terror efforts? This is the central issue addressed at our forum."

SACRAMENTO - Employers will be required to inform employees if job site e-mail and Internet activities are being monitored, under legislation approved Monday by the state Assembly.

The measure, from Sen. Debra Bowen, D-Marina del Rey, requires employers to give employees a one-time written notice if they plan to read e-mail, track Internet use, or use other electronic devices to monitor employees on or off the job.

Supporters say the bill provides simple privacy protections to workers. Opponents complained the legislation is not needed and only adds to the liabilities to employers.

"If you are going to invade someone's privacy, you have to give them fair warning," said Assemblywoman Hannah-Beth Jackson, D-Santa Barbara.

Not so, said Assemblyman Ray Haynes, R-Murrieta, who claimed workers are already under the assumption that employers can monitor their computer activities. "All this does is add another layer of complication for employers," Haynes said.

The measure was approved on a vote of 41-29.

Find out how to keep your identity safe in a world of Dumpster divers, shoulder surfers and skimmers. Also: What to do if identity theft happens to you, and how to stop the spam.

"Personal privacy" may be the biggest oxymoron of the 21st century. From annoying streams of e-mail spam to the more insidious and costly crime of identity theft, Americans are facing an attack on their personal privacy unlike that seen by any prior generation.

Shielding your privacy with no risk of a breakdown may be impossible these days. But it's critical to understand how your privacy can be compromised and the consequences of such a breach -- and take a few simple steps to, if nothing else, better the odds in your favor.

SciDev.net - UK -

[RIO DE JANEIRO] Brazil's National Health Council (NHC) has approved revised regulations on the ethics of research that, among other provisions, protect the rights of individuals over the genetic information that they provide for research into human genetic variation and gene-related diseases.

Under the new rules, those who provide samples for research from which genetic information is obtained will be able to choose whether or not to be told about any of their own genetic details that are discovered by researchers.

They will also have the right to remove their sample from research databases at any time. The new document also states that under no circumstance can information on an individual gathered through such research be made available to third parties (such as insurance companies, and current or future employers).

The rules -- which entered into force on 9 August -- were developed by council's National Committee of Research Ethics (NCRE), with the assistance of the Brazilian Society of Genetics.

Toronto Star - Toronto,Ontario,Canada -

Improper use of government data, Cavoukian says Readers recount similar tales of ticket harassment

Consumers taking privacy-assertive actions are up almost 30% since 1999, according to the latest Consumer Privacy Activism Survey commissioned by Privacy & American Business (P&AB;) and fielded by Harris Interactive. These survey findings link the privacy concerns consumers are expressing with real consumer actions.

[ ... ]

"These findings demonstrate that instead of having been dampened by the enactment and enforcement of new federal or state privacy laws -- like GLB, HIPAA, and the many anti-ID theft laws that states currently have on the books -- American consumers are taking privacy protection into their own hands," said Dr. Alan Westin, president & publisher of P&AB; and Academic Advisor to this survey. "American consumer privacy activism in 2004 has risen substantially in 4 of the 5 behaviors that were already at majority levels in 1999," he continued.

The survey's results show that companies must not only continue to improve their online privacy protections for consumers, but make it clear to consumers that they're doing so.

The proliferation of advertising programs on the PC is called by many names--most of which involve unprintable language.

To the Slashdot crowd, it's Spyware and its authors should be burned at the stake. Some in Congress call it "cyber trespass" and want to outlaw specific "deceptive practices." To Claria, the biggest company in the niche, it's extraordinarily profitable to the tune of $90 million in revenue and $35 million in profit last year. To most Net surfers, it's an annoyance they don't understand.

But to small developers and content providers, it's a way to make a living that's much more consistent than hoping downloaders pay for shareware. Because of varying degrees of intrusiveness and offensiveness, I've placed the various programs that are considered Spyware into nine distinct circles, similar to Dante's "Inferno."

The word Spyware first appeared on the Usenet on Oct. 16, 1995, in a humorous post about Microsoft's business model. A Lexis/Nexis search shows that the word was used for spy equipment such as small cameras until about 1999 when Zone Labs used it in a press release for their Zone Alarm Personal Firewall. From there, the word quickly entered common usage, prompting the first anti-spyware program--Steve Gibson's OptOut--which appeared in early 2000.

While 1999 marks the beginning of the modern usage of the word, there is vast disagreement on what Spyware means. While 1999 marks the beginning of the modern usage of the word, there is vast disagreement on what Spyware means. The term "spy" is misleading because even some of the most annoying software doesn't actually send any information back to the server, though it does retrieve plenty of information. Computer security people tend to call it all "Malware," meaning it is harmful software. The people who write it like to call it "adware" to distinguish themselves from the remote access "Trojan"s and keyloggers that can safely be called spyware.

An anonymous reader writes "Ever thought there should be a scale for quantifying the evil Spyware does? In an editorial article at news.com.com, a Silicon Valley Venture Capitalist uses the levels of hell in Dante's Inferno to do just that. The article also goes into depth on how vendors, and Claria in particular, make money - of particular interest, 31% of Claria's revenue came through Overture. This may explain why Yahoo took so long to list Claria as Adware in its anti-spyware toolbar."

A literal reading of electronic eavesdropping laws--coupled with a new FCC proposal--may make it easier for Washington to watch you online

Aug. 13 - We've been told since the dawn of the Internet that the e-mail we send and receive on company time is fair game for our employers to monitor. Many took for granted, though, that e-mail sent from private accounts was just that: private. How naive.

As if hacking worries weren't enough, two recent legal developments have raised further fears among Web privacy advocates in the United States. In one case, the Federal Communications Commission voted 5-0 last week to prohibit businesses from offering broadband or Internet phone service unless they provide Uncle Sam with backdoors for wiretapping access. And in a separate decision last month, a federal appeals court decided that e-mail and other electronic communications are not protected under a strict reading of wiretap laws. Taken together, these decisions may make it both legally and technologically easier to wiretap Internet communications, some legal experts told NEWSWEEK. "All the trends are toward easier to tap," says Kevin Bankston, an attorney at the nonprofit Electronic Frontier Foundation.

[ ... ]

Is this outrageous? "This difference between stored communications and more transitory [communications] is a pretty refined one that really was ill-fitting at the time it was passed," says Jonathan Zittrain, codirector of Harvard Law School's Berkman Center for Internet and Society. "It's even worse now." The framers of the law, he says, wanted to make it harder to conduct ongoing surveillance than undertake a one-time intrusion. "The Councilman decision sort of puts that on its end, because it says you can do a series of one-shot intrusions that amount to the same as surveillance--but still treat it as merely a one-shot deal." The Department of Justice, which prosecuted the case, did not return NEWSWEEK's calls asking for comment.

As it is, the wiretap laws have exceptions for the interception of unencrypted or unscrambled radio signals. So any easy-to-intercept e-mail you may send from your "Wi-Fi"-enabled laptop at your friendly neighborhood coffee shop is treated as a radio signal and therefore may not have the same protections under the law that wire and oral communications do. When the EFF's Bankston looks at the FCC ruling side by side with   Councilman, he sees the former as making it technologically easier to wiretap Internet communications and the latter as lowering legal barriers. "Building the infrastructure for a surveillance state is not good public hygiene," he quips.

theodp writes "All the trends are toward easier to tap, says an EFF attorney in MSNBC's recap of last week's 5-0 FCC vote to require Broadband and VoIP providers to provide Uncle Sam with wiretapping backdoors and a recent Court decision that stored e-mail is not protected under a strict reading of wiretap laws. Civil-liberties concerns aside, MSNBC notes the FCC is also exploring its Internet regulatory options, including placing tariffs on online newspapers and requiring e-tailers to process 911 calls."

For the third year in a row, software companies are supplying schools with materials that promote their antipiracy position on copyright law. But for the first time this year, the library association is presenting its own material, hoping to give kids a more balanced view of copyright law.

The American Library Association will distribute its materials through high-school librarians this winter or spring. In September, the ALA will hold focus groups with teenagers to better understand how they use the Internet, what they think about the technology and what language they use. That information will contribute to ALA-created comic books that address various copyright issues relevant to students.

Duke Machesne writes "Citing concerns over materials being distributed to American students by the BSA, MPAA, and RIAA's evil minions, the American Library Association will begin distributing its own, more balanced material this winter. The material will deal with insignificant and oft-overlooked details like fair use. More information on Wired News."

An anonymous reader writes "In February at the O'Reilly Digital Democracy Teach-In, technologists from the Dean, Kucinich, Clark and Kerry campaigns laid down arms to share tech plans while their respective camps were still battling it out in the primaries. A (private) list and requirements for fall campaign organizing ensued. Just six weeks ago, a few of the developers converged in San Francisco for a show and tell of their emerging free software tools. Today, the AdvoKit project was the first to tag beta, hoping to kick-start the campaign software revolution in time for November 2nd."

An anonymous reader writes "The Globe and Mail is running an interesting story over who should carry the cost of wiretapping (registration may be required): 'Canada's police chiefs propose a surcharge of about 25 cents on monthly telephone and Internet bills to cover the cost of tapping into the communications of terrorists and other criminals.'"

ChiralSoftware writes "Remember John Gilmore's fight to be able to travel on commercial airlines without having to show ID? It has dropped out of the news for a while, but now it appears that the fight is continuing. I remember in the 80s we used to make jokes about Soviet citizens being asked "show me your papers" and needing internal passports to travel in their own country. Now we need internal passports to travel in our country. How did this happen? The requirement to show ID for flying on commercial passenger flights started in 1996, in response to the crash of TWA Flight 800. This crash was very likely caused by a mechanical failure. How showing ID to board a plane prevents mechanical failures is left as an exercise to the reader. How mandatory ID even prevents terrorist attacks is also not clear to me; all the 9/11 hijackers had valid government-issued ID. I hope the courts don't wimp out on this fight."

UnderAttack writes "The Internet Storm Center published a graph showing historic trends for the "Survival Time" of unpatched, unprotected (windows) computers connected to the internet. Turns out, this number dropped from about 40 minutes last year, to 20 minutes this year. The survival time is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe. The data is collected from a large number of networks with different types of upstream protection. So if you are on an unprotected cable/DSL line, you may see probes much more frequently. Either way, 20 minutes is not long enough to download patches. The Honeynet Project did publish a paper with some stats back in 2001."

Phishing scams are online crimes that use unsolicited commercial, or "spam," e-mail to direct Internet users to Web sites controlled by thieves, but are designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, Social Security number, bank account, or credit card number, often under the guise of updating account information.

mikeage writes "PCWorld has an article about an anti-phishing tool available that tries to detect fake websites." --- This is about Web Caller-ID already in use by eBay's custom user toolbar. The article also talks a bit about the incredible increase in phishing scams.

This release introduces a whole new set of cryptographic attacks that make it possible to crack a 104-bit WEP key with as few as 200k unique IVs, whereas other tools such as AirSnort require more than 2 million unique IVs.

rmach writes "Based on many years of work performed at ARL:UT, we have release GPSTk under the GNU LGPL. GPSTk is a cross platform library and set of applications that provides both fundamental and advanced GPS processing algorithms to the GPS and open source community. A wide array of functions are provided by the GPSTk library, including: RINEX I/O, ephemeris calculation, P-code generation, atmospheric refraction models, and positioning algorithms. GPSTk applications provided more concrete benefits to the user, including: cycle slip detection and removal, calculation of the Total Electron Content (TEC) of the ionosphere, position residual computation, and RINEX file manipulation. The library is about 41,000 SLOC with a COCOMO estimated cost to develop of about $1.3 million. You can also read more about it in the current issue (September '04) of Linux Journal."

All eyes in the e-voting debate will be on Florida between now and the end of the month. The state is relying heavily on e-voting equipment to store the early votes in a primary election.

Civil liberties activist John Gilmore, rebuffed by the court earlier, tries again in his battle to board airplanes without showing identification.

[ ... ]

Backed by a phalanx of civil liberties groups, civil liberties iconoclast John Gilmore on Monday relaunched his legal campaign against the federal government's requirement that airlines ask passengers for photo identification in order to board a plane.

Gilmore, who began his fight against the identification requirement in the summer of 2002, filed suit Monday in the Ninth Circuit Court of Appeals in San Francisco, asking the court to force the government to reveal the requirement and to declare it an unconstitutional burden on the right to travel.

The suit is a continuation of Gilmore's original challenge (Gilmore v. Ashcroft), which he filed without backing from civil liberties groups in U.S. District Court in July 2002.

Although a traveling tips page on the Transportation Security Administration website advises travelers to "keep available your airline boarding pass and government-issued photo ID for each adult traveler until you exit the security checkpoint," government lawyers refused to tell the judge in the original case whether or not the requirement existed.

Government lawyers argued the government does not require passengers to show identification to fly and that "the challenged requests for identification are of central importance to achieving the government's objective of preventing air piracy."

But the government acknowledged that if the requirement did exist, it would be in a secret security directive that had to be challenged in an appeals court, an argument heeded by the judge when she finally dismissed the original lawsuit on jurisdictional grounds 14 months after hearing arguments in the case.

[ ... ]

Gilmore says he does not have a state-issued identification or driver's license and that the identification rule, unlike searches for weapons in carry-on bags, does not make the country safer.

"I'm not willing to show my passport to travel in my own country," Gilmore said in an interview. "I am not willing to have my rights taken away by bureaucrats who issue secret laws in the dead of night."

The identification requirement dates back to the Clinton administration, which put the measure in place just after the explosion of TWA Flight 800 in 1996. Terrorism was initially suspected as the cause of the disaster, though it was later determined that a faulty fuel tank was to blame.

Civil liberties advocates say that they are now backing Gilmore's challenge both because the stakes are high and because the political mood in the country has shifted since 2002.

In September, AOL will verify the source of incoming e-mail using a component of Microsoft Corp.'s Sender ID authentication architecture. Yahoo will use its DomainKeys authentication technology to sign all e-mail coming out of the company's mail servers by the end of 2004, according to spokesmen for the companies.