The New York Times has published an interesting musing on the question, “Do we need a new Internet” in order to solve mushrooming online security and privacy problems? One answer involves restricting anonymity and privacy on the new Internet.
Bad enough that there is a growing belief among engineers and security experts that Internet security and [...]
http://www.privacylives.com/new-york-times-do-we-need-a-new-internet/2009/02/16/
A new USA Today/Gallup poll finds that a clear majority of Americans favor at least some kind of investigation into whether Bush administration officials and policies violated the law.
Respondents were asked about whether there should be a criminal investigation, an investigation by independent panel — or neither — into questions of politicization of the Justice Department, torture and warrantless wiretapping.
On the question of wiretapping, 63% support investigation of some kind. (38% prefer a criminal investigation, while 25% want investigation by an independent panel.)
Meanwhile, Senator Patrick Leahy has proposed a panel to “get to the bottom of what happened” during the Bush administration, along the lines of the “truth commissions” in South Africa. The panels would be a fact-finding mission, and would have the power to offer immunity in exchange for testimony. Leahy discussed the proposal with White House Chief Counsel Greg Craig on Tuesday. While President Obama has not yet taken a position on the proposal, Leahy noted that Senate Judiciary Committee investigations would go forward with or without White House support.
—–
Poll: Majority Want Investigations on Warrantless Wiretapping
http://www.eff.org/deeplinks/2009/02/poll-majority-want-investigations-warrantless-wire
Jailbreaking an iPhone constitutes copyright infringement and a DMCA violation, says Apple in comments filed with the Copyright Office as part of the 2009 DMCA triennial rulemaking. This marks the first formal public statement by Apple about its legal stance on iPhone jailbreaking.
Apple’s iPhone, now the best-selling cellular phone in the U.S., has been designed with restrictions that prevent owners from running applications obtained from sources other than Apple’s own iTunes App Store. “Jailbreaking” is the term used for removing these restrictions, thereby liberating your phone from Apple’s software “jail.” Estimates put the number of iPhone owners who have jailbroken their phones in the hundreds of thousands.(…)
http://www.eff.org/deeplinks/2009/02/apple-says-jailbreaking-illegal
It has been almost four years since EFF first published our Legal Guide for Bloggers to help bloggers understand their rights and, when necessary, defend their freedom of expression. In that time, blogging has become more widespread, and more and more people need a better understanding of the laws surrounding blogging. Not a day goes by in which we do not help someone with a reference to the Legal Guide.
EFF has revised and expanded the Legal Guide for 2009, with new questions and a revised layout. These FAQs are, unsurprisingly, comprised of the questions we are frequently asked. This update includes answers to questions about relatively recent phenomena, such as disemvowelling, as well as discussion of the rights of bloggers as journalists and your right to blog anonymously. If you run a blog, or just participate in comments, you’re sure to find useful information in the updated Legal Guide.(…)
http://www.eff.org/deeplinks/2009/02/eff-re-launches-legal-guide-bloggers
A new report from Javelin Research is getting attention for its extraordinary claim that data breaches are responsible for only a tiny minority of identity theft cases, compared to lost wallets and other low-tech exposures. But a closer look at Javelin’s numbers casts serious doubt on the company’s conclusions.
The stat that’s getting the most buzz in Javelin’s 2009 Identity Fraud Survey Report (.pdf) comes from identity theft victims’ responses to this survey question: “How was your information obtained?” Only 11 percent of the respondents said it was lost in an online transaction, and an equal number said it was stolen in a data breach. Some 43 percent blamed a lost or stolen wallet. Here’s Javelin’s chart.
“Despite the hefty blame — largely perpetuated by the media — placed on the internet and cybercrime, online identity theft methods (phishing, hacking and malware) only accounted for 11 percent of fraud cases in 2008,” claims Javelin. “The truth is, most known cases of fraud occur through traditional methods, when a criminal has direct, physical access to the victim’s information.”
Damn you media! It’s time to stop this incessant hyping of the data breaches that have compromised information on hundreds of millions of consumers. Obviously, stolen wallets are the real epidemic.
But the 11 percent stat crumbles on even a casual inspection. That’s because it’s from a sub-sample of victims who know how their information was stolen. The fine print in the report reveals that the vast majority — 65 percent of identity theft victims surveyed — have no idea how their data was lost, and so they weren’t included in the chart.
If one were to add them back in, the chart would look like this.
What does Javelin think is in that giant black slice of pie? Garbage theft? Psychics gone bad? Or might it have something to do with the hackers and cashers who keep getting caught with magstripe encoders, stolen credit card data and Hefty bags filled with cash stuffed in their closets?
It’s a fair bet that the 65 percent includes most victims whose information was lost in a skimming attack or a reported data breach.
It unquestionably cabins every single victim of an identity theft that resulted from an unreported or undetected data breach.
And, of course, that 65 percent includes nobody who was mugged, pick-pocketed or lost their wallet; those consumers know exactly how their information was stolen. So however you slice it, those victims represent a small minority of identity theft victims — not the majority Javelin claims.
Update: It turns out Chris Hoofnagle at the University of California, Berkeley School of Law, made the same observation in a 2007 paper. At the time, Javelin’s takeaway was that information stolen by friends and family members was the biggest single cause of identity theft. Then, as now, Javelin simply discarded survey results from the vast majority of victims who didn’t know how their information was stolen. Hoofnagle pointed out the flaw.
Javelin’s conclusion is based on the survey responses of a very small subset of the victims who knew the identity of the perpetrator, and these responses are generalized to the rest of the respondents who did not. For this approach to be valid, the small subset would have to be sufficiently similar to the larger sample, which Javelin failed to demonstrate. Recognizing the flaws of the Javelin study, FTC has characterized the conclusion that impostors are most often friends or relatives of victims as misleading.
That this shell game was exposed so long ago makes it all the more baffling that the press — including both major U.S. news wires — is still uncritically reporting Javelin’s claims.
—–
Stolen Wallets, Not Hacks, Cause the Most ID Theft? Debunked
http://feeds.wired.com/~r/wired27b/~3/UNBW8WJckMk/stolen-wallets.html
The Authors Guild warned Thursday that Amazon’s newest digital e-book reader’s voice function is likely violating writers’ copyrights — an assertion intellectual property experts said was baseless.
“Until this issue is worked out, Amazon may be undermining your audio market as it exploits your e-books,” the guild told its members in a memo Thursday.
The issue concerns a function on the Kindle 2 that permits a user to enable a robotron-like voice to read the literature aloud.
“They don’t have the right to read a book out loud,” said Paul Aiken, executive director of the Authors Guild. “That’s an audio right, which is derivative under copyright law.”
In short, the guild says authors should be awarded audio-licensing fees for these e-books, as is the case in the billion audio-book market in which writers or actors orate novels. Out-loud reading by a machine is fine, the guild said, “if it’s from an authorized audio copy.”(…)
http://feeds.wired.com/~r/wired27b/~3/IT5PUKqf89Y/copyright-fight.html
CDT today released a new assessment tool to help online advertising companies develop strong, appropriate privacy protections for the users they serve. Released to coincide with Data Privacy Day 2009, the “Threshold Analysis for Online Advertising Practices,” is the result of extensive consultation among CDT, Internet companies and public interest advocates. It notes a series of simple tests companies can use to determine whether online advertising activities may trigger the need for additional privacy protections. The document also provides suggestions on how companies can begin putting those protections in place.
—–
New Tool Will Help Online Advertisers Develop Stronger Privacy Practices
he incoming Obama administration has impressed advocates of open government, first by making a clear commitment to answer FOIA requests with a presumption of openness, and now by responding quickly — within 24 hours! — to criticism from CNET blogger Chris Soghoian and others that the retooled WhiteHouse.gov is placing cookies on user computers via YouTube videos embedded on the site.
Soghoian’s article discussed a problem raised by EFF last year: the fact that YouTube videos can place a cookie on the user’s computer the moment the user visits a page with embedded video. This means that even before the user chooses to click the play button they have had their IP address shared with a third party. EFF developed a script, MyTube, that plugs this hole by using javascript to prevent the user’s client from connecting with a third-party video-host until the visitor explicitly opts-in by clicking on the play button.
The day after Soghoian’s article appeared, WhiteHouse.gov appears to have addressed the cookie problem by adopting a MyTube-like fix of their own. The Obama team should be commended for their responsiveness and their willingness to immediately implement solutions.
It is worth noting, however, that users who do choose to view YouTube videos on WhiteHouse.gov will still receive a cookie unless they have specifically configured their browsers to reject cookies. (And this may be trickier than some might think, since YouTube videos also use Flash cookies, which take special effort to delete.)
This is a complex issue that raises the question of third party involvement in government websites — cookies being only one example. EFF will have more to say on this subject in coming weeks. For now we’d like to congratulate the Obama team on their openness and flexibility, and we hope they continue to lead the way on issues of transparency, accountability, and privacy.
The Obama administration fell in line with the Bush administration Thursday when it urged a federal judge to set aside a ruling in a closely watched spy case weighing whether a U.S. president may bypass Congress and establish a program of eavesdropping on Americans without warrants.
In a filing in San Francisco federal court, President Barack Obama adopted the same position as his predecessor. With just hours left in office, President George W. Bush late Monday asked U.S. District Judge Vaughn Walker to stay enforcement of an important Jan. 5 ruling admitting key evidence into the case.
Thursday’s filing by the Obama administration marked the first time it officially lodged a court document in the lawsuit asking the courts to rule on the constitutionality of the Bush administration’s warrantless-eavesdropping program. The former president approved the wiretaps in the aftermath of the Sept. 11, 2001, terror attacks.
“The Government’s position remains that this case should be stayed,” the Obama administration wrote (.pdf) in a filing that for the first time made clear the new president was on board with the Bush administration’s reasoning in this case.
The government wants to appeal Walker’s decision to the 9th U.S. Circuit Court of Appeals in San Francisco, a legal maneuver requiring Judge Walker’s approval. A hearing in Walker’s courtroom is set for Friday.
The legal brouhaha concerns Walker’s decision to admit as evidence a classified document allegedly showing that two American lawyers for a now-defunct Saudi charity were electronically eavesdropped on without warrants by the Bush administration in 2004.
The lawyers — Wendell Belew and Asim Ghafoo — sued the Bush administration after the U.S. Treasury Department accidentally released the Top Secret memo to them. At one point, the courts had ordered the document, which has never been made public, returned and removed from the case….
Obama Sides With Bush in Spy Case
http://feeds.wired.com/~r/wired27b/~3/tcQ7DLrCPlc/aclu-demands-ea.html
The United States, Canada, and 27 European countries will celebrate the second annual Data Privacy Day. Participating organizations include Intel, International Association of Privacy Professionals, the Office of the Information and Privacy Commissioner of Ontario and others. Here is a link to Intel’s website about it.
This is a hopeful ray of sunshine in a dark internet world of data harvesting, marketing and spam. If companies like Intel continue to support this cause then we have a brighter future.
Powered by WordPress
