iRi

Web privacy battle looms Privacy from Companies7/10/2000; 2:45:09 PM Holy smokes, it's the US Government on the right side of a privacy debate!"The Federal Trade Commission voted to go to court against electronic-commerce company Toysmart.com, which is seeking to sell customer data despite a guarantee not share the information, the Wall Street Journal reported in Monday's electronic edition."Note the WSJ is a subscription service, so linking straight to it is difficult.Slashdot post by eln: 'If a company is able to arbitrarily go against their posted privacy policy, then consumers should be able to do the same in reverse for any other similar type of contract. IE, I should be able to click on one of Microsoft's "I Agree" buttons on one of their click-through licenses, and then feel free to go against it at a whim. They are both equally valid contracts, requiring exactly the same effort to "agree" to them (clicking on a little button on a webpage), and both employing the same tactic for proof of identity (they take your word for it).'Good point! You can't have it both ways... lesson #3 Corporate America needs to learn.

Check Your Freedom at the Front Door
Misc.
7/10/2000; 8:30:24 AM This article summarizes the state of the web with regard to many the freedoms we have online. There's nothing new in this article for frequent readers of this site (except perhaps the corporate stuff, which I tend to not pay attention to), but if you're trying to explain to someone why there might be some worrisome trends on the Internet, this is an excellent article to point them to.

U.S.-EU Data Privacy Deal Panned Privacy from Companies7/10/2000; 8:03:24 AM "The European Parliament rejected a data-privacy deal hashed out between the U.S. and the European Commission that would shield American companies from stringent European privacy regulations."I agree with Europe; the safe harbor proposals were absurd. Interesting quote:

"We don't think going back to the United States and trying to negotiate improvements is achievable," says EC spokesman Gerard de Graaf. "The EC will take the Parliament seriously, but at the same time, it will be careful to see its powers maintained."

Now, Companies Can Track Down TheirCyber-Critics Misc.7/9/2000; 3:07:43 PM ''Thanks to a new product from Dallas-based eWatch -- and sold through Edelman Interactive public relations agency and PR Newswire -- companies can now monitor what people do or say on the Web and respond. The result: So-called "anticorporate activism," as it's known in the flak trade, will never be the same -- and neither will your sense of free speech as a consumer.'' ..."Still not convinced this is for real? eWatch's Skinner says Northwest Airlines used his service earlier this year to help it track down the identities of employees who organized a "sick-out" that nearly halted flights over the last Christmas holiday. The company has since fired those employees, and a court has upheld the legality of that action. The ruling is under appeal. Northwest is now using eWatch to help it target -- for reeducation -- the most teed-off of its fed-up fliers."Another reminder that technology will rise to the challenge of repressing people if we let it.

P3P Already Out Of Date? Privacy from Companies7/7/2000; 2:01:37 PM Nothing much is happening today... that's generally good news I wanted to point out something about the Platform for Privacy Preferences. In light of the news laws concerning electronic signatures, is P3P already out of date? If you load the P3P standard, the word "signature" appears a grand total of zero times.Considering the ease with which you can now sign away your privacy rights, this is a big hole in the P3P specs. You can claim your site has wonderful privacy, tricking all P3P browsers into visiting without objection to this wonderful privacy policy, then trick the user into clicking a link that is a contract to collect information anyhow. (How do you trick the user? How about some fine print on the bottom of the page that clicking any further link is permission for the company to track anything they want to? It would be sufficient as the law currently reads.)P3P isn't even trustworthy if there are legal loopholes like this (assuming that P3P could even be considered binding). At the very least, there should be fields added to the spec, explaining what the company plans to do or not do with electronic signatures. That would be useful to me... I'd set my browser to reject anything using electronic signatures.

Electronic Vs. Digital Signatures Glossary7/7/2000; 11:55:55 AM It's been pointed out to me a couple of times, so it's worth explaining to everybody. There is a huge difference between "electronic" and "digital" signatures, even though many people (including me sometimes) have used the terms interchangably.Electronic signatures are the things recently given legal force by the US Federal Government. Essentially, they are the electronic equivalent of a signature on a conventional contract, capable of joining two parties into a legally binding agreement. The problem with the law is the incredibly low requirements on this legally binding signature. See previous coverage.Digital signatures are something else entirely. Digital signatures are placed on specific data, such as an e-mail, web request, or web page. Digital signatures verify that the data has not been tampered with, and can be used to verify that the data came from where it claimed to come from, using interesting, if a bit complicated, technical processes. For an overview, look at this page. Be sure to follow the links in the definition. For a more technical explanation, look at the Crypotgraphy FAQ, or more specifically, the section on digital signatures.At this point in time, the two are totally unrelated. This is unfortunate, as digital signatures could be easily used to enhance the security of electronic signatures, by reducing their forgibility.

Copyright Groups Knock Heads
Music & MP3
7/6/2000; 10:02:46 AM "On Wednesday, five composer and songwriter organizations -- BMI of the United States, GEMA of Germany, SACEM of France, SGAE of Spain, and SIAE of Italy -- announced an alliance to develop a technology infrastructure to track music use across international borders.

''The BMI alliance hopes to speed international compensation for composers, but there remains a slight complication. Last April, ASCAP (the other United States copyright organization) formed the International Music Joint Venture (IMJV), with Dutch and English licensing agents, with the intention of doing the same job.''

A Fight to Ban Cell Phone Spam Spam & E-Mail7/6/2000; 9:35:26 AM A fight to ban cell phone spam... before we can even manage to ban e-mail spam."Although members of the wireless industry say advertising in the wireless future is inevitable and will help subsidize cell-phone use, Representative Rush Holt (D-New Jersey) is currently drafting a bill similar to a law prohibiting unsolicited junk mail on fax machines."Also interesting from that article, an update on the e-mail Spam ban:

This isn't Holt's first campaign to combat spam. He was the lead co-sponsor of the "Can Spam Act," which would fine email spammers up to $50,000 for sending unsolicited junk mail illegally. Provisions of this bill made it to a more comprehensive measure authored by Representative Heather Wilson (R-New Mexico), the Unsolicited Commercial Electronic Mail Act of 1999. The bill, expected to pass the House of Representatives on Wednesday, mandates the accurate return address be posted on unsolicited commercial email and makes it illegal for spammers to continue sending unsolicited junk mail after they've been warned by irked recipients or Internet service providers.

Emphasis mine.

How many LoC/sec?
Personal Commentary
7/5/2000; 3:29:55 PM I don't know why, but I love this commercial. "How many libraries of Congress per second can your software handle?" just sings to me for some reason.

"One thousand billion trillion bytes."

Europe Investigating Echelon Surveillance and Privacy from Government7/5/2000; 10:50:56 AM "The EU committee has one year to establish whether the Echelon system really exists and whether European industry has been damaged by global interception of communications. It will also consider whether the privacy of individuals can be protected from spying and how this can be done."In a seperate development, the French are opening their own investigation.

Dintilhac's office began the preliminary investigation in response to a letter by a French center-right member of the European parliament, Thierry Jean-Pierre, who alleged Echelon was potentially prejudicial to French nationals and to France's economic interests.Dintilhac has ordered the state counter-intelligence agency DST to find out whether Echelon's activities could be qualified under French law as ``harmful to the vital interests of the (French) nation.''

More power to them. If my country has engaged in these practices, I am ashamed.It has been pointed out that countries spy on each other all the time, and that there are no friends at the nation level, only interests. This is true, and regardless of how you feel about it, there's nothing you can do about it that makes any sense. If you stop to think about it, you might even call it a good thing. However, to pass information on to private individuals with the intent of enriching them, that is over the line.Slashdot article on the French probe... unusually informative in the higher-scoring comments.