iRi

Companies Hiring "CPO"'s (Corporate Privacy Officers)
Privacy from Companies
7/12/2000; 12:46:33 PM 'Lamb reports to AT&T's general counsel, Jim Ciccone. "If they don't comply, I go to the CEO," Lamb said. "We will not roll out a service where we do not comply with our privacy policy."'

.... so what? Security policies already stink anyhow. That your services meet those 'requirements' is virtually irrelevent. "We only screw you as much as we warn you on those dense legalese pages, and we've double-checked that it's true!"

Report Says E-Voting Is Unsafe Political Speech7/11/2000; 8:53:40 PM ''Voting in your pajamas is unsafe. So says the latest study published by the Voting Integrity Project, a non-partisan group based in Arlington, Virginia that has openly attacked the Arizona Democratic Party's Internet primary election in March.''Wired bring up a couple of things..."But critics have decried [Election.com]'s closed-mouth security policies, and say that fair elections need to be independently evaluated, something Election.com has never agreed to."WTF? Election.com won't let us, the people, independently evaluate our elections? Who do they think they are?"Election.com officials counter that the election had no security lapses, and was therefore a success that needs no further scrutiny. "Well, who could tell? We aren't allowed to look!From the report itself,

Internet Voting of any kind tends to involve a shift of control of elections from the election officials to election vendors because of the technical expertise required. State and federal laws governing elections, commerce and privacy do not currently provide sufficient protection to ensure election integrity or voter privacy in such a case. Finally, Internet Voting offers a frightening new capability to vote thieves - the ability to automate vote fraud through programmed attacks on the voting process. Remote Internet Voting represents a further shift of responsibility for maintenance of the voting infrastructure from the election officials and vendor to the voter or third party-provider of the platform (employer, hotel, military installation, school, etc.). This has deep implications for election integrity and privacy as well.

This seems quite dead-on.

The Internet is already host to hackers of all manner from all over the world. Although the number who are talented and motivated enough to construct the kinds of programs capable of breaking through fire walls, gaining root privileges and escaping detection may currently be limited to a few thousand, but the reality is that it does not take much talent to write a computer virus and unleash it via the Internet.

Absolutely true. Slashdot recently ran an article about such low-skill ''hackers''. It referred to this fascinating paper, in which the authors use a ''honeypot'' (a bait system, designed to attract hackers for study) to trap people who could break into a computer system and gain full access, yet are literally incapable of inserting a floppy and loading files from it on the system they've hacked. (That's an interpretation for you of one of the chat logs, where one hacker has to teach another how to ''mount'' a disk. A floppy must be mounted in many stock UNIX systems before [normal] use.)Worry about what hackers may do to a voting system is definately valid, and the voting companies assurances to the contrary merely raise suspician, they do not encourage me to trust them. Frankly, the voting companies bear most of the earmarks of security software snake oil.

Until that time [when secure remote voting is feasible], since in-polling place Internet voting is technically feasible and the security issues with it are manageable, it is reasonable to experiment with it now, provided it is done in a non-binding fashion. It would be our recommendation that such experiments include rigorous testing by independent experts. In order to accomplish that, vendors would have to be amenable to sharing source codes and other proprietary information with the testers. We strongly urge the vendors to do this, perhaps in conjunction with the FEC systems standards process.

Absolutely.

Because all of our rights and freedoms as Americans depend on free, fair and secure elections, it is imperative that publicly binding Internet voting elections be curtailed until the integrity and fairness can be assured.

Emphasis mine. This is a very well-reasoned essay, IMHO. I was unaware that the election companies were so closed about our election process! In light of that and the unanswered security issues, I would tend to agree with that conclusion.I knew it would be a while before we could do it, but I hope we do make the effort. I think it would be worthwhile.

Alternative View of Weblogs Technology & Sociology7/11/2000; 8:00:38 PM Weblogs are often looked as as collaborative filters. I think another valid way of looking at them is as "surfing time". When you visit a weblog, you "absorb" the time that person has spent surfing and contributing to their weblog. A day spent browsing weblogs that aren't all me-too-'blogs, but have some original browsing behind them, can cover a large portion of the importent news of the day, allowing you to effectively surf at many, many times your own speed. This effect is amplified in 'blogs that are topic focused, as the people running those 'blogs become better at ferreting out that sort of information and are already more effective then you could be yourself. (For instance, I'd have no idea where to go for news about education, but Serious Instructional Technology's got me covered... so well in fact that I am often interested in the stories, despite not really being all that interested in education per se.)What made me think of this? Well, I caught David-Carter Tod's announcement that he's created a Manila Express for News Items within two hours of its posting (if I'm getting the time-zones right... manilaNewbies runs on Pacific, right?), despite the fact I don't really follow manilaNewbies that well. I caught it from View from an Iowa Homestead. John VanDyk had surfed over there and saved me the time of doing so by converting his surfing time into a 'blog entry.While practically speaking there's really no difference between viewing a weblog as a filter and as "saved time surfing"... the second way of looking at things more accurately reflects the value of a good weblog, I think. Blog's tend to have journal and browsing service components, and while I won't try to judge the value of the journal part of a site, one might use this to measure the browsing service side. Does this save me time and bring me the best of the topic, or could I have gotten this info from any number of other sources in the same amount of time? (or less time!)For me, this is stuff-I've-always-known-but-never-quite-thought before. Obvious in hindsight, but it explains our reactions to the me-too 'blogs that offer the same links everyone else does. They promise us these time savings, yet by having the same-ol', same-ol' links, actually cost us the time to visit their site (and they probably have bad journal stuff to boot!). Not inclined to return.The lesson? Original content counts! (Duh.)Cynical view: [Some] 'Blogs give away time-saved-surfing as an incentive to read journal-style navel-gazing that nobody in their right mind would read voluntarily. Always quid pro quo.

News Site Tools Administrative7/11/2000; 1:30:41 PM If you have Internet Explorer 5 or greater (hopefully both Mac and Windows...), or are using Mozilla Milestone 16 or greater (which is currently much slower), you should hopefully see some new site tools in the bar to the right.To see how to use them and some notes on their current status, visit the Site Tools Help page.In particular, these tools are designed to be helpful in conjunction with this site's Site Index page. For instance, visit the MP3 & Music page, and filter out all news that mentions Napster. Or look for news that only mentions Napster.I think over time this site will become an extremely useful historical site on the issues I cover, because you will be able to get that sort of information, view it in time sequence, and have it carefully filtered for the good stuff. I do my best not to post repeat stories unless there's a good reason, sort them well, select the best stories, etc. Much better then trying to use a raw search engine.You could write your high school government thesis using just this site and the links Dynamic HTML finally doing something useful on a real site.Technical notes: This stuff is implemented using the DOM 1, and should also work in any other browser that supports it. However, other browsers may not pass the Javascript test, so it's hard to guess what else may or may not work with these tools. Over time, a larger portion of the audience will be able to use it.As a final note, this site should now be fully usuable with any browser, from Lynx to IE5.5, and everything in between. I moved my status bar col. over to the right to enhance this usability. Pike's really cool, BTW... I did that change in 5 seconds, literally.

Can a labeling system [P3] protect your privacy? Privacy from Companies7/11/2000; 1:11:13 PM "In reality, P3P technology won't do much of anything to guarantee your privacy, and you need go no further than the White House's own Web site to understand why.... I took a close look at the original White House policy when it was first unveiled in June. Translated from XML back into English, it said that the organization named "the White House" had the contact e-mail address of feedback@whitehouse.com, a phone number of 202-456-1414, ... The information would be used for administrative purposes, development and operations. But the policy only covered the Web site's home page and simply ignored the other 4,000 pages on the Web server."I called the White House and asked for the reason for the apparent disparity. Spokespeople told me that the P3P policy for the home page was merely a demonstration, and that they were doing a redesign in a few weeks and would do a better job then."The redesigned Web site, ironically, doesn't have a P3P policy at all."

Ireland Shows US How To Do Digital Electronic Signatures
Misc.
7/10/2000; 8:49:48 PM "The Irish e-commerce legislation differs from the new American legislation and recently signed British legislation in that it offers strong, explicit protection to users of encryption and forbids law enforcement from demanding that users hand over their encryption "keys," the unique mathematical code that will descramble encoded documents or emails." Emphasis mine.

I still want to examine this in more detail, to make sure the Wired reporter got it all right... but this looks immensely better then what the US just signed into law!

American Bar Wants Clarity In International Law Misc.7/10/2000; 8:39:32 PM "A study of cyberspace legal issues released by an American Bar Association committee on Monday suggested a multinational commission needs to be created to set global Internet rules."Then again, the report's conclusions haven't been accepted by the American Bar Association... maybe the plea for clarity will be crushed by the leaders in charge.Clarity mean fewer lawyers, after all...

Web privacy battle looms Privacy from Companies7/10/2000; 2:45:09 PM Holy smokes, it's the US Government on the right side of a privacy debate!"The Federal Trade Commission voted to go to court against electronic-commerce company Toysmart.com, which is seeking to sell customer data despite a guarantee not share the information, the Wall Street Journal reported in Monday's electronic edition."Note the WSJ is a subscription service, so linking straight to it is difficult.Slashdot post by eln: 'If a company is able to arbitrarily go against their posted privacy policy, then consumers should be able to do the same in reverse for any other similar type of contract. IE, I should be able to click on one of Microsoft's "I Agree" buttons on one of their click-through licenses, and then feel free to go against it at a whim. They are both equally valid contracts, requiring exactly the same effort to "agree" to them (clicking on a little button on a webpage), and both employing the same tactic for proof of identity (they take your word for it).'Good point! You can't have it both ways... lesson #3 Corporate America needs to learn.

Check Your Freedom at the Front Door
Misc.
7/10/2000; 8:30:24 AM This article summarizes the state of the web with regard to many the freedoms we have online. There's nothing new in this article for frequent readers of this site (except perhaps the corporate stuff, which I tend to not pay attention to), but if you're trying to explain to someone why there might be some worrisome trends on the Internet, this is an excellent article to point them to.

U.S.-EU Data Privacy Deal Panned Privacy from Companies7/10/2000; 8:03:24 AM "The European Parliament rejected a data-privacy deal hashed out between the U.S. and the European Commission that would shield American companies from stringent European privacy regulations."I agree with Europe; the safe harbor proposals were absurd. Interesting quote:

"We don't think going back to the United States and trying to negotiate improvements is achievable," says EC spokesman Gerard de Graaf. "The EC will take the Parliament seriously, but at the same time, it will be careful to see its powers maintained."