Slashdot Mirror

An anonymous submitter sent: "The Electronic Privacy Information Center has sent a letter to all state attorneys general urging them to pursue Microsoft Passport under state consumer protection laws."

securitas writes: "The Electronic Privacy Information Center is suing the US government over its contracts with companies that are data-mining and profiling citizens' personal information for law enforcement agencies like the FBI, DEA, INS, IRS and ATF. ChoicePoint and Experian '...sell information on [individual] U.S. citizens, including credit information, property records, state motor vehicle records, marriage and divorce data' and international assets. The question that springs to mind is who else has access to these detailed profiles besides the government, now that massively expanded investigative powers are being used following 9/11?"

securitas writes: "The Electronic Privacy Information Center is suing the US government over its contracts with companies that are data-mining and profiling citizens' personal information for law enforcement agencies like the FBI, DEA, INS, IRS and ATF. ChoicePoint and Experian '...sell information on [individual] U.S. citizens, including credit information, property records, state motor vehicle records, marriage and divorce data' and international assets. The question that springs to mind is who else has access to these detailed profiles besides the government, now that massively expanded investigative powers are being used following 9/11?"

It's not a contradiction: Free software costs money. (That's because server space, bandwidth, coffee, electricity, computers, and workspace all cost money.) Besides which, the time it takes to code new window managers, programming libraries (and languages), web browsers, and all the other goodies which make a modern computer useful may be spent as a labor of love, but it's time that competes with real-world jobs, family time, vacations in the Riviera and sleep. Besides the relative few who work at work on their Free software projects, the programmers, project managers, web-site maintainers, documentation jockeys and QA volunteers behind the programs we enjoy every day don't seem to be in it for the money, so much as the thrill of releasing new software, a desire to make their own world a little better, and for plain old fun. The staffers and volunteers who put long hours and dedication into organizations trying to safeguard online freedoms are also obviously interested in rewards that go way beyond salaries. This New Year's, consider giving them a little money anyhow. Here are a few ideas; you're invited to point out projects and organizations that I've left out.

As you may have read the other day, the FreeBSD project is now taking donations via PayPal. And if you're in a clean, roots-UNIX kind of mood, the folks at OpenBSD and NetBSD (NetBSD PayPal) would probably also appreciate your goodwill, not to mention your money, hardware and time.

If you don't have a specific project in mind, but would like to donate some of your chunk of the time-money continuum to a worthy software undertaking, a good place to start is Software in the Public Interest. They can take both general donations as well as earmark for projects they support, like Berlin, Debian, GNOME and more. (Not into GNOME? KDE could use some assistance, including money, too.)

If you like the projects funded by the boxed-distribution makers (like paying for full-time work on endeavors like KOffice), you can do more than buy the box: Mandrake has recently formed something called the Mandrake Club as a gathering place for both people and funds.

To encourage (and reward) cross-platform goodness, supporting the Mozilla project is hard to beat. (This story was posted using a 9.7 build using the wonderful Modern theme.) Source of Mozilla wisdom Mozillazine could use some help paying for the switch to a new host, and to defray ongoing costs. Another good place to cast your perls is Yet Another Foundation, which supports the somewhat scrutable development of the not-so-scrutable Perl.

More generally, consider investing some money in organizations like the Free Software Foundation, the Electronic Frontier Foundation, and the Electronic Privacy and Information Center (EPIC), all of which help battle (in court and in the marketplace of ideas) the forces who wish to monitor and otherwise exert top-down control of your computer and everything to do with your on-line life.

Remember, with all of these projects, non-monetary contributions are welcomed as well -- if you can write or correct some online documentation, create test-cases to root out weaknesses, or create some pretty graphics to smooth the user experience, you can contribute. (Long-distance pizza deliveries to developers are also generally appreciated.) Teaching a coworker, classmate, parent or friend how to set up mailfilters on a Linux box, or how to edit photos in the GIMP, is a nice way to save them money, too. Making a difference locally might also mean contributing some time, money or hardware to help run local LUG events.

Note: Many of the organizations named above are set up as 501(c) charities; if you'd like to claim any charitable contributions as tax deductions, now's the time to get the postmark, at least if it's important to you for those donations to be on the current calendar year. For a few more ideas on ways to donate geekily this year, see Jack Bryar's Newsforge column with some more links.

And a Happy New Year's!

pamri writes: "India is getting its own version of Carnivore. According to this Times of India article,'...after investigations have revealed that Mohammad, alias "Burger," who led the Parliament attack, was in constant touch with his counterparts in Pakistan as well as within India through email ... The Intelligence Bureau (IB) has prepared a list of new keywords that are to be used to intercept mails emanating from IP addresses in India.'"

StudMuffin writes: "The American Council on Education website has a succinct summary of the new anti-terrorism legislation. The issues raised are those most likely to cause problems on our campuses around the United States. Specifically, the facts that schools must now turn over student records to investigators without informing the students, allows (get this!) monitoring of persons here on student visas, turnover of electronic communications and records, obtain IP addresses and routing and addressing data, records of URL's accessed, and most unfortunately ... install Carnivore at will to track internet use on campus. There are also specific regulations about university researchers and their ability to use biological agents in quantities not 'reasonably justified.' What about all of this doesn't suck? We give up a little freedom now, and later it's impossible to get it back." PDF only -- I wish they would put up a text version as well.

BuckMulligan writes: "EPIC and a coalition of consumer and privacy groups have renewed their calls for FTC action to protect consumers from the privacy risks associated with Windows XP and Passport. In a letter sent to the FTC, the groups criticized the FTC for not upholding its statutory duty to protect consumers in light of the planned release of Windows XP. More information on the groups' previous FTC complaints is stored on the EPIC Microsoft Passport Page." So who here thinks the FTC is going to block Windows XP? Me neither. The other remedies requested (toward the middle of the letter) are interesting, though.

BuckMulligan writes: "EPIC and a coalition of consumer and privacy groups have renewed their calls for FTC action to protect consumers from the privacy risks associated with Windows XP and Passport. In a letter sent to the FTC, the groups criticized the FTC for not upholding its statutory duty to protect consumers in light of the planned release of Windows XP. More information on the groups' previous FTC complaints is stored on the EPIC Microsoft Passport Page." So who here thinks the FTC is going to block Windows XP? Me neither. The other remedies requested (toward the middle of the letter) are interesting, though.

BuckMulligan writes: "EPIC and a coalition of consumer and privacy groups have renewed their calls for FTC action to protect consumers from the privacy risks associated with Windows XP and Passport. In a letter sent to the FTC, the groups criticized the FTC for not upholding its statutory duty to protect consumers in light of the planned release of Windows XP. More information on the groups' previous FTC complaints is stored on the EPIC Microsoft Passport Page." So who here thinks the FTC is going to block Windows XP? Me neither. The other remedies requested (toward the middle of the letter) are interesting, though.

A story at NewsForge details the latest on the state of Senator Fritz Hollings' proposed SSSCA, which may be the most radical attempt at legislative oversight over electronic goods ever attempted in the U.S. Opposition from the Electronic Frontier Foundation, the Free Software Foundation, the Association of Computing Machinery and others notwithstanding, Hollings' efforts to impede a free market in computer hardware and software through legislative fiat has been little commented on, in part because Hollings refuses to release much information about it. Eben Moglen is quoted to good effect on the risk a bill officializing and regulating all digital devices would pose to Free software. Under the SSSCA, it would be "unlawful to manufacture, import, offer to the public, provide or otherwise traffic in any interactive digital device that does not include and utilize certified security technologies." And that rules out most Free software, right from the start. (Read on for some more information.)

Besides writing your own representatives (email and faxes are probably better than phone calls), note that according to Hollings' contact page, "South Carolina residents may call, toll free, 1-800-922-8503" to reach him. In addition, the Electronic Privacy Information Center (EPIC) and the Privacy Center will be holding a meeting on "Security or Surveillance? Technology's Impact After September 11" on October 22 at Washington, DC's National Press Club; you can email for details on this meeting.

A story at NewsForge details the latest on the state of Senator Fritz Hollings' proposed SSSCA, which may be the most radical attempt at legislative oversight over electronic goods ever attempted in the U.S. Opposition from the Electronic Frontier Foundation, the Free Software Foundation, the Association of Computing Machinery and others notwithstanding, Hollings' efforts to impede a free market in computer hardware and software through legislative fiat has been little commented on, in part because Hollings refuses to release much information about it. Eben Moglen is quoted to good effect on the risk a bill officializing and regulating all digital devices would pose to Free software. Under the SSSCA, it would be "unlawful to manufacture, import, offer to the public, provide or otherwise traffic in any interactive digital device that does not include and utilize certified security technologies." And that rules out most Free software, right from the start. (Read on for some more information.)

Besides writing your own representatives (email and faxes are probably better than phone calls), note that according to Hollings' contact page, "South Carolina residents may call, toll free, 1-800-922-8503" to reach him. In addition, the Electronic Privacy Information Center (EPIC) and the Privacy Center will be holding a meeting on "Security or Surveillance? Technology's Impact After September 11" on October 22 at Washington, DC's National Press Club; you can email for details on this meeting.

A story at NewsForge details the latest on the state of Senator Fritz Hollings' proposed SSSCA, which may be the most radical attempt at legislative oversight over electronic goods ever attempted in the U.S. Opposition from the Electronic Frontier Foundation, the Free Software Foundation, the Association of Computing Machinery and others notwithstanding, Hollings' efforts to impede a free market in computer hardware and software through legislative fiat has been little commented on, in part because Hollings refuses to release much information about it. Eben Moglen is quoted to good effect on the risk a bill officializing and regulating all digital devices would pose to Free software. Under the SSSCA, it would be "unlawful to manufacture, import, offer to the public, provide or otherwise traffic in any interactive digital device that does not include and utilize certified security technologies." And that rules out most Free software, right from the start. (Read on for some more information.)

Besides writing your own representatives (email and faxes are probably better than phone calls), note that according to Hollings' contact page, "South Carolina residents may call, toll free, 1-800-922-8503" to reach him. In addition, the Electronic Privacy Information Center (EPIC) and the Privacy Center will be holding a meeting on "Security or Surveillance? Technology's Impact After September 11" on October 22 at Washington, DC's National Press Club; you can email for details on this meeting.

Firewort writes: "In an affidavit (warning, it's a PDF) filed with a federal court in New Jersey, the FBI has disclosed some of the details of a controversial "key logger system" used to obtain the encryption password of a criminal suspect. They go into great detail describing PGP and the different methods they might have used to keystroke-log Scarfo to get his encryption key." Interesting, and more technically sophisticated than the basic keyloggers which grab keystrokes indiscriminately.

securitas writes: "CNET reports that Microsoft is defending Passport as safe and secure in a presentation to the Center for Democracy and Technology. Other organizations such as the Electronic Privacy Information Center, Junkbusters and even the U.S. government may be lobbied by MS this week to fend off a Federal Trade Commission complaint filed by 15 consumer and privacy groups that charges unfair and deceptive practices."

securitas writes: "CNET reports that Microsoft is defending Passport as safe and secure in a presentation to the Center for Democracy and Technology. Other organizations such as the Electronic Privacy Information Center, Junkbusters and even the U.S. government may be lobbied by MS this week to fend off a Federal Trade Commission complaint filed by 15 consumer and privacy groups that charges unfair and deceptive practices."

wb8foz writes: "EPIC is reporting that Judge Politan has told the FBI to come up with details on the keystroke logger they used against Scarfo. Previously, the FBI claimed the technology was so Zuper-seKret that telling anyone how it worked would threaten 'national security'..."

wb8foz writes: "EPIC is reporting that Judge Politan has told the FBI to come up with details on the keystroke logger they used against Scarfo. Previously, the FBI claimed the technology was so Zuper-seKret that telling anyone how it worked would threaten 'national security'..."

Factomatic writes: The "Associated Press is reporting that lawyers for" an alleged "Mafia boss who used PGP will argue on Mon. Jul. 30 that keystroke logging is an illegal wiretap after the FBI bugged his computer to get his password to decrypt his files. The case has major implications for privacy rights and other electronic surveillance techniques like Carnivore. The Electronic Privacy Information Center (EPIC) has put the case documents online." Meanwhile, a spending bill proposes a $7 million increase in the FBI's budget for defeating encryption (and stego).

Factomatic writes: The "Associated Press is reporting that lawyers for" an alleged "Mafia boss who used PGP will argue on Mon. Jul. 30 that keystroke logging is an illegal wiretap after the FBI bugged his computer to get his password to decrypt his files. The case has major implications for privacy rights and other electronic surveillance techniques like Carnivore. The Electronic Privacy Information Center (EPIC) has put the case documents online." Meanwhile, a spending bill proposes a $7 million increase in the FBI's budget for defeating encryption (and stego).

Factomatic writes: The "Associated Press is reporting that lawyers for" an alleged "Mafia boss who used PGP will argue on Mon. Jul. 30 that keystroke logging is an illegal wiretap after the FBI bugged his computer to get his password to decrypt his files. The case has major implications for privacy rights and other electronic surveillance techniques like Carnivore. The Electronic Privacy Information Center (EPIC) has put the case documents online." Meanwhile, a spending bill proposes a $7 million increase in the FBI's budget for defeating encryption (and stego).

jeffy124 writes: "EPIC has posted their complaint submitted to the FTC regarding Windows XP. Do note that it is a pdf file and will require a pdf reader of some kind." Hotmail, Passport (adult and child versions), Hailstorm, email harvesting, and deceptive privacy policies in general all play a role here; there's plenty in here that ought to spark questions about Microsoft business practices even among die-hard free-marketeers.

An AC was the first to send in this CNN article about FBI wiretapping, based on documents obtained through a Freedom of Information Act Request. (I found the article funny because the documents were so heavily censored - the FBI gets to eavesdrop on the public, but not vice-versa.) According to CNN: wiretapping is up, up, up. But the Electronic Privacy Information Center notes that the U.S. court system has just released its annual wiretapping report, and according to EPIC, wiretapping is down. I think someone forgot to carry a 1 somewhere.

An AC was the first to send in this CNN article about FBI wiretapping, based on documents obtained through a Freedom of Information Act Request. (I found the article funny because the documents were so heavily censored - the FBI gets to eavesdrop on the public, but not vice-versa.) According to CNN: wiretapping is up, up, up. But the Electronic Privacy Information Center notes that the U.S. court system has just released its annual wiretapping report, and according to EPIC, wiretapping is down. I think someone forgot to carry a 1 somewhere.

An AC was the first to send in this CNN article about FBI wiretapping, based on documents obtained through a Freedom of Information Act Request. (I found the article funny because the documents were so heavily censored - the FBI gets to eavesdrop on the public, but not vice-versa.) According to CNN: wiretapping is up, up, up. But the Electronic Privacy Information Center notes that the U.S. court system has just released its annual wiretapping report, and according to EPIC, wiretapping is down. I think someone forgot to carry a 1 somewhere.

Sarcasmo writes: "Apparently, the ACLU and EPIC plan to file suit in order to challenge the legality of the Children's Online Protection Act." While the link in there leads to a privacy.org, here's a direct link to the article. Either one will tell you that the groups will "attempt to have the new law struck down on First Amendment and due-process grounds." Best of luck to them.

ilsa writes "And so it turns out that members of the Slashdot community weren't the only folks bothered by Bess collecting and selling information. Rejoice Oh Protesting Students, and read this story. Bess will still filter the 'net in school (albeit badly from all accounts), but the company will no longer sell information about what sites you visit. The decision was billed as a "mutual agreement."" See also the FOIA request filed by EPIC for information about the DOD's involvement with N2H2. Here's our previous story on the subject.

Sacrifice writes "The Philadelphia Inquirer reports on a criminal case which will challenge the authority of courts to permit FBI agents to surreptitiously plant keystroke-monitoring bugs, which are not regulated by current federal wiretap legislation. Also, David Sobel from EPIC notes that it is now a matter of record that the FBI can, and does, conduct surreptitious entries to counter the use of encryption (see FBI application for breakin and the court order granting permission)."

Sacrifice writes "The Philadelphia Inquirer reports on a criminal case which will challenge the authority of courts to permit FBI agents to surreptitiously plant keystroke-monitoring bugs, which are not regulated by current federal wiretap legislation. Also, David Sobel from EPIC notes that it is now a matter of record that the FBI can, and does, conduct surreptitious entries to counter the use of encryption (see FBI application for breakin and the court order granting permission)."

Sacrifice writes "The Philadelphia Inquirer reports on a criminal case which will challenge the authority of courts to permit FBI agents to surreptitiously plant keystroke-monitoring bugs, which are not regulated by current federal wiretap legislation. Also, David Sobel from EPIC notes that it is now a matter of record that the FBI can, and does, conduct surreptitious entries to counter the use of encryption (see FBI application for breakin and the court order granting permission)."

tregoweth writes "CNet has a report about the FBI's release of new information concerning Carnivore, the result of a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center. Contradicting what the FBI has previously said, Carnivore can capture and archive 'unfiltered' Internet traffic."

tregoweth writes "CNet has a report about the FBI's release of new information concerning Carnivore, the result of a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center. Contradicting what the FBI has previously said, Carnivore can capture and archive 'unfiltered' Internet traffic."

I took some time over the last few days to sample what kind of political speech is censored by a typical filtering software package. The result is a report released jointly by EPIC (EPIC's copy) and Peacefire (Peacefire's copy). The software this time is N2H2 Bess, and if you're an American K-12 student, there's roughly a one-in-three chance you're forced to surf the net with its 'help.' It bans political speech ranging from campaign finance reform to the Second Amendment to Minnesota newspapers' election coverage.

My favorite block was the Traditional Values Coalition. Can I say "you reap what you sow" or would that just be rude?

In other news:

(an unrelated) Coalition To Promote Voluntary Net Filtering, Standards

"A new coalition of high-tech companies and industry groups is hoping to shift the focus of the national debate over Internet filtering by promoting the value of filtering software as an exclusively voluntary parental tool. ... the Committee on Internet Management and Safety will tout the value of filtering products while at the same time opposing legally mandated filtering."

Did they say "exclusively voluntary"? Good on 'em! Let's have a real debate about the value of this software, so that people can make up their own minds rather than having the government decide what's best for our schools and libraries. A level playing field would be a lot better than what we have now.

EPIC requested almost 600 pages of data on the FBI's Carnivore through the Freedom Of Information Act. Yesterday, about 200 were "redacted in full" (withheld) and the rest were sent with varying amounts of black marks. EPIC is scanning them and putting them online as quick as it can; SecurityFocus has an interesting overview. It turns out the supposed email scanning tool also stories copies of webpages you read, and, at least in an earlier version, looked into tracking voice-over-IP.

Just for reference:

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Extra, extra -- Read more about it! Yes, that means another round of Slashback, bearing this time: The stillborn auction of [expletive deleted]company.com's domain name; why EPIC has decided to stop sailing with Amazon; and another tantalizing glimpse of a world so advanced we can watch instruction videos on personal computers. More, too.

Even Richard Feynman could have figured this out! Logos writes: "It seems that EPIC has decided to end their relationship with Amazon. Here is a link to the letter that I received on their mailing list. The final straw was Amazon's announcement that they are no longer able to ensure the privacy of their Customer Info."

How apropos! Servius writes: "Doublespeak is a wonderful thing. CNN has this story about EPIC dropping out of the Amazon affiliate program because of Amazon's recent relaxation of their rules for the use of personal data. Quote: 'The new policy is actually stricter than the previous one because it spells out the conditions under which personal information can be transferred.' I hope that makes you feel a lot safer."

Potty mouth, potty mouth, Milkman Dan! Domain shoppers everywhere, your time to mourn has come. After placing the domain f*ckedcompany.com for sale on everyone's favorite auction site site owner Philip Kaplan pulled the auction.

h0ngk0ngph00ey writes:

"After a quick check back at eBay today to see how high the bidding went for f*ckedcompany.com, I was somewhat surprised to see that the auction was ended. A look at the bid history seems to indicate that either eBay pulled it for being offensive, or the seller just got too many responses from people who weren't at all serious. /.'ed to death it seems."

lee@lvcm.com has a different perspective:

"Well without warning the owner pulled the auction from ebay. I was one of the serious high bidders and was never contacted by the owner. CNNfn contacted me and asked me questions (along with several other news organizations) and they were all under the assumption that he really wanted to sell the domain. I guess it was all a publicity stunt."

Will the Geeks in Space have to play Apollo 13? rak3 writes: "The Sync, home for the broadcasts of Geeks in Space and JenniShow (of JenniCam fame), seems to have run into some troubles. The company was going to be acquired, but this has fallen through and they might have to shut down the site. Read more about it here."

It's sad, since the folks behind The Sync have served to support everyone from local artists to aforementioned Geeks in Space. Hopefully, they can pull through this. If not, smart companies everywhere will start mailing them job offers right about now!

Soon I will watch Carlito Brigante kick ass with penguin supervision. cyber-vandal writes: "Two days after the Ask Slashdot on Intervideo's LinDVD, the announcement has been made here. No sign of the actual player being available, but this is a good sign that it wasn't merely MPAA-inspired vapourware. At last I can look forward to fragging my Win9x partition."

And here's another tibdit to add to the DeCSS gallery, for anyone else who admires the technical possibilities of the DVD format but not the politics attached thereto, GeekLife.com writes: "[H]ere's the DVD Logo rendered in beautiful shades of gray using the DECSS code as ink. "

Extra, extra -- Read more about it! Yes, that means another round of Slashback, bearing this time: The stillborn auction of [expletive deleted]company.com's domain name; why EPIC has decided to stop sailing with Amazon; and another tantalizing glimpse of a world so advanced we can watch instruction videos on personal computers. More, too.

Even Richard Feynman could have figured this out! Logos writes: "It seems that EPIC has decided to end their relationship with Amazon. Here is a link to the letter that I received on their mailing list. The final straw was Amazon's announcement that they are no longer able to ensure the privacy of their Customer Info."

How apropos! Servius writes: "Doublespeak is a wonderful thing. CNN has this story about EPIC dropping out of the Amazon affiliate program because of Amazon's recent relaxation of their rules for the use of personal data. Quote: 'The new policy is actually stricter than the previous one because it spells out the conditions under which personal information can be transferred.' I hope that makes you feel a lot safer."

Potty mouth, potty mouth, Milkman Dan! Domain shoppers everywhere, your time to mourn has come. After placing the domain f*ckedcompany.com for sale on everyone's favorite auction site site owner Philip Kaplan pulled the auction.

h0ngk0ngph00ey writes:

"After a quick check back at eBay today to see how high the bidding went for f*ckedcompany.com, I was somewhat surprised to see that the auction was ended. A look at the bid history seems to indicate that either eBay pulled it for being offensive, or the seller just got too many responses from people who weren't at all serious. /.'ed to death it seems."

lee@lvcm.com has a different perspective:

"Well without warning the owner pulled the auction from ebay. I was one of the serious high bidders and was never contacted by the owner. CNNfn contacted me and asked me questions (along with several other news organizations) and they were all under the assumption that he really wanted to sell the domain. I guess it was all a publicity stunt."

Will the Geeks in Space have to play Apollo 13? rak3 writes: "The Sync, home for the broadcasts of Geeks in Space and JenniShow (of JenniCam fame), seems to have run into some troubles. The company was going to be acquired, but this has fallen through and they might have to shut down the site. Read more about it here."

It's sad, since the folks behind The Sync have served to support everyone from local artists to aforementioned Geeks in Space. Hopefully, they can pull through this. If not, smart companies everywhere will start mailing them job offers right about now!

Soon I will watch Carlito Brigante kick ass with penguin supervision. cyber-vandal writes: "Two days after the Ask Slashdot on Intervideo's LinDVD, the announcement has been made here. No sign of the actual player being available, but this is a good sign that it wasn't merely MPAA-inspired vapourware. At last I can look forward to fragging my Win9x partition."

And here's another tibdit to add to the DeCSS gallery, for anyone else who admires the technical possibilities of the DVD format but not the politics attached thereto, GeekLife.com writes: "[H]ere's the DVD Logo rendered in beautiful shades of gray using the DECSS code as ink. "

MacRonin writes: "Electronic Privacy Information Center announces the DC Circuit Decision in USTA v. FCC (CALEA). The U.S. Court of Appeals for the DC Circuit has ruled that law enforcement agencies must meet the highest legal standard before using new surveillance capabilities. The court decision came in a legal challenge filed by EPIC, other privacy groups and the telecommunications industry to invalidate technical surveillance standards issued by the Federal Communications Commission last year. More details at: CDT Policy Post Volume 6. The court's decision is available."

Note that this case is fundamentally about money: the telecom carriers are suing the government because they feel that the government's desired surveillance abilities (mandated under the 1996 Communications Assistance for Law Enforcement Act; this is where Carnivore was born) are too expensive to implement. If the government provided more money (half a billion tax dollars were given to the phone companies when CALEA was passed, but the companies want more), these objections would evaporate.

So there weren't any principles of privacy involved, at least in the beginning. But some civil liberties groups have grabbed on the shirt-tails of this case to make principled arguments - that the surveillance requirements are too burdensome and intrusive in principle, not just too costly. So this is actually a good result where the Court mostly agreed with the civil liberties people that the surveillors should have to get warrants for some of the information they were seeking to get without warrants, and other information may be unavailable entirely. Note however that "call location" information (the ability of cellular carriers to report to the cops which cell phone tower your phone is registered with, and therefore, probably where you are) will still be available to law enforcement.

MacRonin writes: "Electronic Privacy Information Center announces the DC Circuit Decision in USTA v. FCC (CALEA). The U.S. Court of Appeals for the DC Circuit has ruled that law enforcement agencies must meet the highest legal standard before using new surveillance capabilities. The court decision came in a legal challenge filed by EPIC, other privacy groups and the telecommunications industry to invalidate technical surveillance standards issued by the Federal Communications Commission last year. More details at: CDT Policy Post Volume 6. The court's decision is available."

Note that this case is fundamentally about money: the telecom carriers are suing the government because they feel that the government's desired surveillance abilities (mandated under the 1996 Communications Assistance for Law Enforcement Act; this is where Carnivore was born) are too expensive to implement. If the government provided more money (half a billion tax dollars were given to the phone companies when CALEA was passed, but the companies want more), these objections would evaporate.

So there weren't any principles of privacy involved, at least in the beginning. But some civil liberties groups have grabbed on the shirt-tails of this case to make principled arguments - that the surveillance requirements are too burdensome and intrusive in principle, not just too costly. So this is actually a good result where the Court mostly agreed with the civil liberties people that the surveillors should have to get warrants for some of the information they were seeking to get without warrants, and other information may be unavailable entirely. Note however that "call location" information (the ability of cellular carriers to report to the cops which cell phone tower your phone is registered with, and therefore, probably where you are) will still be available to law enforcement.

ka9dgx writes: "According to CNN, the judge has decided that the FBI has to make public how Carnivore works. The FBI has to come up with a timetable for disclosing how it works." More detail: The court has said that the FBI has 10 working days to create a timetable for when it would start producing records of how the system works. This comes as a result of EPIC's fast-track Freedom of Information Act ^[?] request for information. This does not mean, however, that the source code will be made public - but it's a step in the right direction.

Joe Moloughney was the first of several folks to point out that an emergency hearing is scheduled for 19:30GMT (3:30 Washington time) regarding disclosure of information about the FBI's Carnivore data surveillance system. The Electronic Privacy Information Center (EPIC) filed suit (pdf) and were granted the hearing because their request for details on how Carnivore works (under the Freedom of Information Act) have not yet been acted upon. [Updated 11:45GMT by t] voodoogumbo writes with an updated from Fox News that "[t]he courts declined to unwrap Carnivore."

Joe Moloughney was the first of several folks to point out that an emergency hearing is scheduled for 19:30GMT (3:30 Washington time) regarding disclosure of information about the FBI's Carnivore data surveillance system. The Electronic Privacy Information Center (EPIC) filed suit (pdf) and were granted the hearing because their request for details on how Carnivore works (under the Freedom of Information Act) have not yet been acted upon. [Updated 11:45GMT by t] voodoogumbo writes with an updated from Fox News that "[t]he courts declined to unwrap Carnivore."

Manjit writes: "An article on Yahoo! reports that Sen. John McCain (R-Ariz.) has introduced an Internet Privacy Bill which would require Web sites to disclose how personal information will be used. I'm not really much for government regulation but I think that the privacy problems will not be resolved without laws forcing businesses to safeguard personal data. My favorite quote from the article: 'The bill would enable consumers to sue Web sites who violate the bill's agreements to sue for up to $22,000.' This would be great! The best way to get businesses to follow the rules is to hit their bottom line if they don't."

The actual bill text isn't available online yet (I think it'll show up here), so I'd be remiss to start evaluating it. I also don't see anything yet at EPIC.

Keep in mind that McCain is the same senator who in January 1999 introduced a bill to withhold e-rate funds from schools and libraries who did not install censorware. That bill's stalled, but he introduced an amendment last month with the same idea. The government giveth with one hand and taketh away with t'other.

Pete writes " EPIC reports that privacy advocates call for investigation of "Cookiegate". Privacy advocates wrote to congressional leaders urging an investigation of the privacy practices of the White House Office on National Drug Control Policy Web site. The site has been using DoubleClick advertisements which placed cookies on users' computers, possibly violating federal laws on government collection of data from citizens. See the press release."

Pete writes " EPIC reports that privacy advocates call for investigation of "Cookiegate". Privacy advocates wrote to congressional leaders urging an investigation of the privacy practices of the White House Office on National Drug Control Policy Web site. The site has been using DoubleClick advertisements which placed cookies on users' computers, possibly violating federal laws on government collection of data from citizens. See the press release."

EPIC has just released a harsh criticism of the Pretty Poor Privacy specification from W3C. Although automatic data transfer is not in the P3P spec itself any longer (taken out after polls showed people didn't like it), implementations of P3P will still include automatic data transfer mechanisms - the idea behind P3P is that viewers will be required to reveal their addresses and other personal information to every commercial site they access or be denied entrance, and that this data transfer will be effectively hidden from users so it will be "out of sight, out of mind". (For a more in-depth article about P3P and Internet privacy generally, see this paper, written in response to Lessig's support of P3P in his recent book.)

EPIC has just released a harsh criticism of the Pretty Poor Privacy specification from W3C. Although automatic data transfer is not in the P3P spec itself any longer (taken out after polls showed people didn't like it), implementations of P3P will still include automatic data transfer mechanisms - the idea behind P3P is that viewers will be required to reveal their addresses and other personal information to every commercial site they access or be denied entrance, and that this data transfer will be effectively hidden from users so it will be "out of sight, out of mind". (For a more in-depth article about P3P and Internet privacy generally, see this paper, written in response to Lessig's support of P3P in his recent book.)

Duckie01 writes: "There's an interesting report about a deal being made between the European Union and the U.S. concerning companies collecting customer information on the Web. Right now privacy protection under EU laws is much stricter than under U.S. laws. With this 'Safe Harbor' deal, companies that choose to comply are to police themselves. Can you say 'sellout' and 'conflict of interest'?" In other words, says EPIC, "the fox guarding the hens." The pact must still be approved by the European Parliament.

Both the Washington Post and the New York Times have stories about the FTC's decision to ask Congress for the authority to regulate online privacy. The FTC had recently completed yet another privacy survey that showed companies were doing little to protect privacy on the Internet, even after several years of dire warnings. In other news, Doubleclick named a "No-Privacy Board" -- errr, a "Privacy Board." Its members are listed below, along with my notes on their backgrounds.

It is important to keep in mind what this is being billed as: Doubleclick calls this, in their press release, a "Consumer Privacy Advocacy Board." Supposedly this board is set up to, you know, advocate consumer privacy. So, let's take a look at its composition.

Robert Abrams, former attorney general of New York: hired because of his connections in New York State, which threatened to file suit against Doubleclick. His role will be to lobby his buddies in various government agencies to prevent privacy lawsuits.

Robert Litan, vice president and director of economic studies at the Brookings Institution: supports "opt-out" marketing and notification of privacy policies, as opposed to actual privacy. (Which is exactly Doubleclick's position, of course.)

Harriet Pearson, director of public affairs at International Business Machines Corp.: Pearson is one of the people behind the Online Privacy Alliance, a corporate front group working to attack privacy on the Internet. Pearson has moderated seminars on how to profile users without seeming to be Big Brother; her job is to make you feel good about not having any privacy. Every group needs a PR flack.

Lori Fena, chairman of Web privacy organization TrustE: Fena is an advertising executive by trade. And obviously, having her on board means that TrustE won't exactly be cracking down on any of Doubleclick's practices.

Daniel Weitzner, an executive at the World Wide Web Consortium: Weitzner's main job at W3C is promoting P3P, a protocol designed to automatically give out your name, address, phone number, credit card information, Social Security number, and other personal data to Web sites as you browse -- a sort of hyper-invasive universal cookie. Need I say more?

Elizabeth Lascoutx, a director and vice president at the Council of Better Business Bureaus: Lascoutx's work at the BBB used to center around children's advertising -- she sought to have commercial messages on children's Web sites set off from the rest of the content in the same manner as television advertising ("after these messages, we'll be right back").

David Stazer, vice president and co-founder of PlanetOut.com: I don't know of any qualifications Stazer might have with regard to privacy.

Stewart Baker, a partner at the law firm of Steptoe & Johnson: Baker used to be the general counsel of the National Security Agency, probably not the first people you'd think of when you think "privacy"; he's an influential Washington lobbyist now. Baker publicly attacked the efforts to boycott Intel and Microsoft over the Pentium-III processor ID and the GUID embedded in MSOffice documents -- he stated that if all machines on the Internet were authenticated and identified, things like denial of service attacks could be prevented (which is true enough, if you don't mind a total loss of privacy).

No one from EPIC? No one from the ACLU? You can draw your own conclusions about whether this "Consumer Privacy Protection Board" (sic) is intended to actually help Doubleclick change its ways, or whether it is merely intended to help protect the company from lawsuits and adverse governmental action, like, say, the FTC wanting the authority to force companies to respect privacy concerns.

testcase writes: "From the ACLU press release 'The suit, filed against Yahoo! by a user of the service's popular financial message boards, challenges the company's practice of disclosing a user's personal information to third parties without prior notice to the user. The full text of the suit is here "

When the Electronic Privacy Information Center gets a poor privacy rating, you might think something's wrong. It is. Enonymous.com is apparently giving out weird ratings to many Web sites, including this one - earlier, it claimed Slashdot had no privacy policy and now it wrongly claims we share your data without permission. Other sites were getting different readings though they linked to the same policy. Meanwhile, Enonymous' own privacy policy has been challenged. I'm left wondering - if even experts can't make sense of online privacy policies, what good do they do?

kalifa writes: "The EPIC (Electronic Privacy Information Center) has just published its annual report on international cryptography. It is available here. It's pretty informative, and I hope it will help changing many false misconceptions (and, by the way, put an end to the same good old francophobic stuff, which is obviously unjustified after the study of this report). "