August 18, 2006
Unconstitutional Eavesdropping
A United States judge has ordered its government to halt the National Security Agency's policy of domestic eavesdropping, holding that it violates the United States Constitution.Posted by Jaani at 9:14 PM | Comments (0)
May 8, 2006
Bloggers Targeted by New Clauses in Employment Contracts
After a few corporate embarrassments caused by webloggers last year, certain companies look set to outlaw the practice — both at home and in the workplace. According to one recently-published book, an employer can do so by means of inserting new limiting provisions into employment contracts:
“Employers are now considering including specific blogging provisions in employment contracts,” the authors write in Uses of Blogs, a book to be published later this year.
“Some employers have even taken the steps to ensure that employment contracts disallow employees from blogging at all.”
Co-author Damien O’Brien, from the Queensland University of Technology law faculty, says some workplaces have specific policies against blogging in the office but “it can get a bit blurred whether [it’s] in the workplace or at home”.
Posted by Jaani at 11:50 AM | Comments (0)
May 7, 2006
Microsoft Is Pushing for Privacy?
Like a diaper in a swimming pool, Microsoft makes an impression at a privacy conference. This time, the company isn't collecting a Big Brother Award. Kevin Poulsen reports from the Computers, Freedom & Privacy Conference in Washington, D.C.Posted by Jaani at 10:54 AM | Comments (0)
FCC Affirms VoIP Must Allow Snooping
MarsGov writes "The FCC released an order yesterday that requires all broadband providers and all "interconnected" VoIP providers to implement CALEA — in other words, law enforcement can snoop on your online conversations, both voice and text. While this is no surprise, it makes encryption for VoIP even more urgent."Posted by Jaani at 10:52 AM | Comments (0)
Judges Challenge IP Wiretap Rules
WebHostingGuy writes to mention an MSNBC article on an appeals panel harshly challenging the Bush administration's wiretap policies. New rules from the FCC would make it easier for police and FBI agents to wiretap IP-based phone conversations. From the article: "At [one] point in the hearing, Edwards told the FCC's lawyer that his arguments were 'gobbledygook' and 'nonsense.' The court's decision was expected within several months. In an unrelated case last year affecting digital television, two of the same three judges determined the FCC had significantly exceeded its authority and threw out new government rules requiring anti-piracy devices in new video devices. Lewis was also the losing lawyer in that case, and Edwards also was impassioned then in his criticisms of the FCC."Posted by Jaani at 10:51 AM | Comments (0)
Court Challenges FCC on Web Wiretaps
A US appeals court challenged FCC rules making it easier for law-enforcement authorities to wiretap Internet phone calls.Posted by Jaani at 10:44 AM | Comments (0)
March 19, 2006
Google Ordered to Hand over Data
Well, Google is certainly making the headlines at the moment. This time, a federal United States judge stated that he intends to order Google to divulge user search and email records to the United States Justice Department. Fortunately for Google (and its users), the judge appears to have accepted Google’s request to confine the terms of the disclosure to only a small subset of the requested data. Although it is unclear precisely what it will comprise, it doesn’t look like any data will personally identify users. The Justice Department has also acceded to Google’s protestations, and has substantially reduced the scope of its original request.
Posted by Jaani at 4:04 PM | Comments (0)
March 18, 2006
Workplace Cybersnooping Law in Need of Reform, Say Analysts
Cybersnooping legislation regulates when it will be permissible for employers to monitor the electronic activities — such as email, web surfing and outbound data transmissions — of their employees. Currently, however, the regimes adopted among the states differ widely, making it all but impossible for national employers to confidently establish a uniform monitoring protocol:
‘NSW introduced the Workplace Surveillance Act in October last year,’ says Minna Knight, senior adviser on workplace relations for employer group Australian Business Ltd.
‘Victoria has proposed its own rules which are completely different to NSW in parts.’
Employers and the federal Government are hoping for harmonisation on workplace surveillance rules nationwide. But Knight is not hopeful on what she has seen to date. The NSW legislation has not only given its employers new rules, but has given rise to a need to develop a new policy that states exactly what a boss wants to do with respect to the computers he supplies to his employees.
Make no bones about it, this is more red tape.
And, worse still, because the Workplace Surveillance Act 2005 (NSW) (‘WSA’) is new, the law has not been tested. This means that what might look like a fair policy for an employer to impose on workers could prove to be wrong — in a court of law, along with all its costs.
Fortunately — for employees, at least — the current tendency is to err on the side of caution.
Posted by Jaani at 7:44 PM | Comments (0)
March 15, 2006
Attorney–General Announces National Privacy Review
The Australian Federal Government has announced a review of the Privacy Act 1988 (Cth). Attorney–General Philip Ruddock says the Australian Law Reform Commission will look at existing laws and practices across the country and consider changes in technology since the Act was introduced in 1988.
Given that technological developments pose the single greatest threat to individual privacy, it is pleasing to see the review emphasise the role of technology in shaping privacy law. According to this press release, The review will focus on questions including:
- Do Australians have enough privacy protection for health, credit and other sensitive personal information?
- Who can gain access to it?
- Can it be traded, sold or provided to others?
- Should privacy laws go beyond data protection to provide rights not to be photographed or subject to electronic surveillance?
“Protection of a person’s right to privacy is becoming increasingly important in the technological environment of the 21st century. It’s time to review how well existing privacy laws are working, and whether they are dealing adequately with emerging areas, such as internet use and off-shore call centres,” Professor McCrimmon said.
In considering Australian privacy law, one must also recognise that it can be used for nefarious (or simply recalcitrant) ends. Many legitimate requests seem to be refused for ‘privacy reasons’. Small businesses and non-profit organisations must now comply with an ungainly amount of red tape. In truth, privacy grounds are probably cited out of a desire to avoid the red tape and risk breaching what is, for many people, a needlessly complicated piece of legislation. Reducing the administrative burden of complying with privacy laws will have a more tangible impact on individual privacy than any other reform.
I am also hopeful that several of the more outrageous privacy myths will one day be dispelled.
Posted by Jaani at 5:30 PM | Comments (0)
December 13, 2005
Gilmore v Gonzales: US Plaintiff Contests Compulsory Identifiation Checks
'Tech-boom multimillionaire John Gilmore cut an appropriately iconoclastic profile last week as the centerpiece of a notebook-wielding gaggle in front of the 9th Circuit. A star of the electronic privacy movement, Gilmore has been at the [centre] of an increasingly strange piece of litigation for the past three years since he sued the government, claiming that the requirement to show identification before boarding a plane is unconstitutional.'
Orin Kerr has an excellent analysis of the case here (more here).
Posted by Jaani at 2:38 PM | Comments (0)
Protecting Genetic Privacy
CCH Australia is running an article about impending federal privacy legislation that would protect genetic material from employers. In response to a recent report on genetic privacy, the law would prevent employers obtaining information about an employee's genetic disabilities without their consent.
Posted by Jaani at 2:37 PM | Comments (0)
Admissibility of Cellphone Tracking Evidence Being Tested
'stupefaction writes "The New York Times reports on recent successful court challenges to police use of cellphone tracking information in the course of an investigation. From the article:'
In the last four months, three federal judges have denied prosecutors the right to get cellphone tracking information from wireless companies without first showing "probable cause" to believe that a crime has been or is being committed. That is the same standard applied to requests for search warrants. [...] Cellular operators like Verizon Wireless and Cingular Wireless know, within about 300 yards, the location of their subscribers whenever a phone is turned on.
Posted by Jaani at 2:34 PM | Comments (0)
Law Requires Italian Web Cafes to Record ID
'Armadni General writes "CNN is reporting that a new Italian law requires that all businesses offering public internet access, such as web cafes, to identify and record all customers. While supporters of this law trumpet its anti-terrorism potential, still others see no such advantage and bemoan this invasion of personal privacy.'
They must be able, if necessary, to track the sites visited by their clients. [...] Contents of people's e-mail is, however, supposed to remain private and can only be made available to law enforcement through a court order. Italy also obliges telecommunications companies to keep traffic data and European ministers agreed last week to require the carriers to retain records of calls and e-mails for a maximum of two years. The European Parliament's two largest groups endorsed the data retention initiative on Wednesday despite complaints from privacy advocates and telecoms, and the full body is expected to adopt a bill next week.
Posted by Jaani at 2:34 PM | Comments (0)
November 10, 2005
Sony DRM is Spyware, say Computer Associates
According to this Associated Press article, the copy-protection software used by Sony on its consumer audio compact discs is secretly sending usage data from internet-connected computers when a disc is played:
The software transmits the name of the CD being played to an office of Sony’s music division in Cary, NC. The software also transmits the IP address of the listener’s computer, Computer Associates said, but not the name of the listener.
“If you choose to let people know what you’re listening to, that’s your business,” said Sam Curry of Computer Associates. “If they do it without your permission, it’s an invasion of privacy.”
One does wonder why exactly Sony would be after this information. Certainly it can’t be to prevent unauthorised copying or distribution, because the software only accompanies legitimate copies of retail CDs. Why spy on paying customers? The expected response:
“We don’t receive any spyware information, any consumer information,” said Mathew Gilliat-Smith, chief executive of First 4 Internet Ltd, which makes the software for Sony BMG Music Entertainment. [emphasis added]
This is a somewhat cryptic answer: if First 4 Internet doesn’t receive the data, does someone else? And if they don’t receive “consumer information” (whatever that means), then what do they receive? And, for that matter, even if no information is being gathered at all, why is the software attempting to send packets over the network?
Then came this delightful comment:
“Most people, I think, don’t even know what a rootkit is, so why should they care about it,” he asked? “The software is designed to protect our CDs from unauthori[s]ed copying, ripping.”
These are serious questions deserving a proper response; to sweep them under the rug like this is unacceptable. The fact is, users aren’t informed of the hidden, don’t knowingly consent to its transmission, and Sony’s developers have taken active measures to hide it from users and prevent its removal: all in the name of piracy. Privacy implications notwithstanding, this would all be fine except for one thing: pirates don’t buy DRM-encumbered CDs. This can only be bad for consumers and serve little if any legitimate end.
Posted by Jaani at 1:47 PM | Comments (0)
October 27, 2005
Email Monitoring Law Changes in NSW and Victoria
In what was a significant week for privacy law, new email monitoring laws were introduced in NSW and foreshadowed in Victoria. Tim Dixon reports on the changes.
Posted by Jaani at 9:58 PM | Comments (0)
Human Rights Not Protected by Counter-Terror Laws: HREOC
The Human Rights and Equal Opportunities Commission (HREOC) president believes the Federal Government's counter-terrorism bill needs to be reconsidered because it does not have the same protections available under international human rights laws.Posted by Jaani at 9:46 PM | Comments (0)
October 6, 2005
EFF Defends Right to Read Public Web Pages Without Getting Sued
San Francisco - The Electronic Frontier Foundation (EFF) filed a brief this week in support of one of its previous court opponents, DirecTV, arguing that a federal appeals court should throw out a lawsuit against the company for accessing a public website.
DirecTV is being sued by Michael Snow, the publisher of an anti-DirecTV website that contained warnings to DirecTV employees that they were not authorized to enter. In its friend-of-the-court brief to the Eleventh Circuit Court of Appeals, EFF argues that the federal Stored Communications Act, on which Snow's suit relies, only protects websites that are configured to be private.
"If you want to keep your website private, then you should protect it with a password," said EFF Staff Attorney Kevin Bankston. "The law doesn't allow web publishers to sue when people they don't like visit their site. Otherwise, any company could publish terms of service forbidding competitors, consumer watchdogs, journalists, or even government officials from scrutinizing a public website." Under Snow's theory, not only could such unauthorized visitors be sued, they could also be prosecuted and sent to prison.
Snow is asking the appeals court to overturn the district court's dismissal of his case. EFF agrees with DirecTV that the case should have been dismissed, but argues that the lower court's reasoning for dismissal was flawed.
"The district court made the right decision but based on the wrong reasons, threatening the legal protections for private web communications," Bankston said. "The appeals court needs to clarify that although public websites aren't protected by federal privacy laws, sites that are actually configured to be private are fully covered."
Posted by Jaani at 10:00 PM | Comments (0)
September 14, 2005
Vic Ombudsman granted phone tapping powers
The Federal Government has granted phone tapping powers to the Victorian Ombudsman.Posted by Jaani at 11:46 PM | Comments (0)
August 25, 2005
Web Privacy Not Respected by Online Retailers, Study Shows
CNET reports, ‘[i]t may not come as a surprise to many online shoppers, but a new study released this week shows that many major American companies misuse information they collect from consumers over the Web.’
Pharmaceutical and health care firms performed the worst in the privacy study, with an average overall score of 5.4 out of 10. Others at the bottom of the list include insurance firms and companies in the food, beverage and tobacco industries. Airlines scored the highest with a rating of 7.3, followed by computer companies.
Considering that most ‘pharmaceutical and health care firms’ seem to be themselves in the business of marketing their activities via bulk unsolicited commercial e-mails, this hardly comes as a surprise.
With online retail sales increasing substantially, some kind of online privacy code seems necessary to regulate the use of customer data by United States websites. Australian websites are already bound by the extensive provisions of the Privacy Act 1998 (Cth), and are thus among the most privacy-conscious in the world.
This is great for Australian shoppers, but it’s also beneficial for the retailers: reputation is important in cyberspace, and customers are more likely to be drawn to a store that they know respects their privacy than one with cheaper prices but a reputation for selling or disclosing their data. Though this may seem like a case for market self-regulation, the competitive advantage afforded to Australian storeowners is only possible because of onerous legislative requirements.
Posted by Jaani at 11:10 AM | Comments (0)
August 19, 2005
Critics Attack Internet Wiretapping Proposal
The federal courts may soon face the first round in a battle over the Justice Department's demand that federal wiretapping requirements be extended to Internet services. The Center for Democracy & Technology, the Electronic Frontier Foundation and others are weighing whether to challenge an FCC requirement that VoIP services accommodate the taps in their designs and applications. Critics say the FCC decision is based on a flawed interpretation of a 1994 law.Posted by Jaani at 4:28 PM | Comments (0)
August 17, 2005
The Right Response to Employee Blogs
'Once upon a time, Web logs were benign: a person just sharing his idle, diary-like thoughts on the World Wide Web, a Haight-Ashbury of cyberspace. But nothing so simple and refreshingly naive lasts long, says attorney Michael P Maslanka. When an employee blogs a C-level executive's company, what's the response? There are two mind-sets: the first, opportunistic and business-based (let's learn, channel and leverage); the second, repressive and legalistic (let's regulate, squash and punish).'
Posted by Jaani at 12:10 PM | Comments (0)
February 8, 2005
Cover Your Tracks: EFF Releases New Log Deletion Tool
San Francisco, CA — Today the Electronic Frontier Foundation (‘EFF’) released logfinder, a software tool to help people reduce the unnecessary collection of personal information about computer users. Often computer network servers automatically log information about who has visited a website and when, or who has sent and received email. Such data tells a lot about users’ browsing and email habits and could be used in privacy-invasive ways. Moreover, log data must be turned over to government entities with court orders and can be subpoenaed by opposing sides in court cases.
You can download the software, euphemistically known as LogFinder, here. Of course, I think the question everybody is asking is whether this utility itself keeps a log of what it deletes! Or perhaps more importantly, could regular and automated usage of this tool be considered wilful destruction of evidence or comprise an attempt to pervert the course of justice?
Source: Electronic Frontier Foundation
Posted by Jaani at 12:33 PM | Comments (0)
October 24, 2003
Gator isn't Spyware. No, Really.
Several weeks after Gator Corp filed an action in defamation against PC Pitstop, a prominent anti-spyware software provider, the parties settled out of court. Gator alleged that the defendant misrepresented their advertising plugin software for Internet Explorer as a form of malicious spyware. Instead, Gator claims that its software is "adware", and PC Pitstop was accused of engaging in unfair business practices and trade libel, among other things.
This comes despite the near-universal view among IT professionals that the Gator software exhibits many of the same characteristics as spyware applications, and its general perception by the internet community as an intrusive and insidious violation of privacy:
Part of PC Pitstop's recent settlement required them to remove all defamatory content from is website. However, intrepid readers will note that the pages are still cached by Google.
At the risk of litigation, Gator's distinction between such "adware" and "spyware" doesn't appear justifiable. They base their distinction on two claims:
1) The former (their software) offers end users a benefit, whereas spyware does not confer any other benefits than its malicious collection of data; and
2) Their software is, unlike spyware, only installed with the user's consent.
However, both silently report web surfing habits and all other manner of user information back to a central database, and often utilise identical technological means of information gathering and reporting.
Frankly, I can't see why PC Pitstop would choose to settle in a case founded on such unsupportable grounds. I see three main counter-arguments to Gator's claims. Firstly, spyware is installed in a very similar manner to adware. Spyware typically arrives in the form of a browser script check window, in which the user is asked whether they wish to install a script signed by
A further similarity lies in uninstallation: both spyware and adware are very resistant to removal, and embed themselves deeply within a user's system; this is what prompted companies like the defendant to develop software to ease the process.
With regard to the plaintiff's claim that adware is 'useful' (as opposed to spyware), dictum of a US Court in U-Haul v WhenU seems to suggest that intrusive advertisements are far from useful to end users. Indeed, common experience dictates that pop-up and pop-under advertising is one of the most vilified pitfalls of internet usage today - especially the insidious persistent advertising employed by adware 'utilities'. Studies suggest pop-up advertisements rank among the top five computer annoyances, and I would be inclined to agree.
A far more accurate definition of spyware would be along the lines of the following, as found on outspoken security expert Steve Gibson's site:
Silent background use of an Internet "backchannel" connection MUST BE PRECEDED by a complete and truthful disclosure of proposed backchannel usage, followed by the receipt of explicit, informed, consent for such use.
ANY SOFTWARE communicating across the Internet absent these elements is guilty of information theft and is properly and rightfully termed: Spyware.
Hopefully the defendants in future libel cases of this type will not give in to the bullying of marketers desperate to profit even as their advertising medium approaches extinction. In the interim between being inundated by even more invasive violations of digital privacy and a judicial determination as to their legality, I would recommend that users take the liberty of using a popup-stopper or ad-aware application to prevent and disinfect spyware/adware, which are arguably the largest threats to privacy online after viruses and worms.
Posted by Jaani at 12:02 PM | Comments (0)
September 18, 2003
Congressman Voices Internet Privacy Concerns
Senator Brownback of Kansas, America yesterday introduced a bill which appears to address the privacy concerns voiced by many internet and P2P users over the RIAA's recent campaign against online music piracy.
Brownback said the DMCA subpoena process raises serious privacy and due-process concerns."There are no checks, no balances, and the alleged pirate has no opportunity to defend themselves," Brownback said when introducing the bill. "My colleagues, this issue is about privacy, not piracy.
This is the first sign of tempering the rather invasive provisions of the Digital Milennium Copyright Act by the United States legislature, and - although limited in scope - looks promising. Whether the bill will attained support, though, is difficult to predict.
In other domain names news, ICANN, the regulating authority for top-level domains, has been granted a three-year extension by the US Department of Commerce, enabling it to maintain control over the .com, .net, and .org suffixes and handle name disputes. This comes dispite extensive criticism of ICANN's dispute resolution procedures, and claims that it does not fairly represent all internet users (a claim with which, given the increasingly worlcentric nature of the Internet, I would agree).
Finally, NASA's Galileo probe will be voluntarily terminated on 21 September amidst fears it may contain terrestrial bacteria which may contaminate Io, one of Jupiter's moons, should the probe be allowed to crash land there. Instead, the USD $1.5 billion probe will make a (permanent) pit stop at Jupiter; the 127 000 km/h entry speed should vapourise the entire craft.
The end of mission event will be streamed 'live' (+/- 25 minutes or so) on the NASA webcast site, which could make for interesting viewing.
Posted by Jaani at 5:54 PM | Comments (0)
