Privacy

Privacy / Recently Commented

A Clear Case for ISP Regulation: IP Address Logging

Over on the Network Neutrality Squad yesterday, I noted, without comment, the following quote from the new Time Warner Cable privacy policy bill insert: "Operator's system, in delivering and routing the ISP Services, and the systems of Operator's Affiliated ISPs, may automatically log information concerning Internet addresses you contact, and the duration of your visits to such addresses." Today I will comment, and explain why such logging by ISPs creates a clear case for regulatory intervention, on both privacy and competition grounds. more

A Few Thoughts on the Future of Email Authentication

With the Online Trust Alliance Town Hall Meeting and Email Authentication Roundtable next week as well as the RSA Conference, I decided to pause and think about where we are and where we might be headed with regard to email authentication. Over the years, many of us have collectively worked to provide a framework for authenticating email... more

Google AdSense Asks Publishers to Change Their Websites’ Privacy Policy

I received an e-mail from Google Adsense about its new interest-based advertising feature. The latest feature of Google AdSense allows Google to track the behavior of users who click on ads on their AdSense network. It also allows Google users to ‘select’ their interests—this way they would view advertisements based on their category of interest…

 more

DPI is Not a Four-Letter Word!

As founder and CTO of Ellacoya Networks, a pioneer in Deep Packet Inspection (DPI), and now having spent the last year at Arbor Networks, a pioneer in network-based security, I have witnessed first hand the evolution of DPI. It has evolved from a niche traffic management technology to an integrated service delivery platform. Once relegated to the dark corners of the central office, DPI has become the network element that enables subscriber opt-in for new services, transparency of traffic usage and quotas, fairness during peak busy hours and protection from denial of service attacks, all the while protecting and maintaining the privacy of broadband users. Yet, DPI still gets a bad rap... more

Facebook’s TOS Fumble

One big story of the day was Facebook's new and improved terms of service which this Consumerist post flagged and which set off a firestorm of controversy... What Was Facebook's Mistake? Facebook could have avoided much of the controversy by providing its users some advance notice of the upcoming changes. more

Law Requiring Sex Offenders to Hand Over All Internet Passwords Going Too Far?

Maybe you've seen one of the news stories about the revised Georgia statute (Georgia Code ยง 41-1-12) that now requires sex offenders to turn their Internet passwords, screen names and email addresses over to authorities. The purpose of the revised statute is to give authorities the ability to track what sex offenders are doing online, to, in the words of one news story, "make sure" they "aren't stalking children online or chatting with them about off-limits topics." more

If WHOIS Privacy is a Good Idea, Why is it Going Nowhere?

ICANN has been wrangling about WHOIS privacy for years. Last week, yet another WHOIS working group ended without making any progress. What's the problem? Actually, there are two: one is that WHOIS privacy is not necessarily all it's cracked up to be, and the other is that so far, nothing in the debate has given any of the parties any incentive to come to agreement. The current ICANN rules for WHOIS say, approximately, that each time you register a domain in a gTLD (the domains that ICANN manages), you are supposed to provide contact information... WHOIS data is public, and despite unenforceable rules to the contrary, it is routinely scraped... more

3rd Lawsuit Against VeriSign; Seeks Class Action Status

A third lawsuit has been filed late Friday in a federal district court in California against VeriSign, Inc. over its controversial DNS wildcard redirection service known as SiteFinder. It was filed by the longtime Internet litigator Ira Rothken. In addition, while two other lawsuits have been filed by Go Daddy Software, Inc. and Popular Enterprises, LLC. in Arizona and Florida, this is the first lawsuit to seek class-action status. Here is an excerpt from the "Introduction" section of this class-action lawsuit... more

Whois Masking Considered Harmful

Whenever you register a domain name, your contact details are published in a publicly visible database called "Whois", where your contact details are instantly harvested by spambots and marketers who proceed to email and postal mail you marketing offers, deceptive "domain slamming" attempts, ads for dubious products, and perhaps even telemarketing calls. Nobody likes that, so over the years people started resorting to various tactics to protect themselves from the deluge of crap that inevitably comes with simply registering a domain name... more

Ties That Bind

One of the throwaway remarks I sometimes make at conferences is that "Google knows you're pregnant before you do". I can say this because the things you search for will change as your life changes, and search engine providers may well be able to spot the significance of these changes because they aggregate data from millions of people. Now Google's philanthropic arm, google.org, has shown just what it can do with the data it gathers from us all by offering to predict where 'flu outbreaks will take place in the USA. more

Coming to Grips with an Internet that Never Forgets

My weekly technology law column discusses the implications of an Internet that never forgets. I note that the most significant Internet effect during the current election campaign in Canada has not been any particular online video, website or Facebook group. Instead, it has been the resignation of eight Canadian candidates based on embarrassing or controversial information unearthed online. more

Deep Packet Inspection: When the Man-In-The-Middle Wants Money

Say you're walking down the sidewalk having a talk with your best friend about all kinds of things. What if you found out later that the sidewalk you were using wasn't really a sidewalk -- but instead a kind of false-front giant copying machine, unobstrusively vacuuming up what you were saying and adding to its database of information about you? Or, say you send a letter to a client of yours (to the extent you still do this), and it turns out later that your letter was intercepted, steamed open, and the contents were read... more

Skype Messes Up, Badly

The Open Net Initiative's Information Warfare Monitor project has published a stunning report by "Hacktivist" Nart Villeneuve titled: "Breaching Trust: An analysis of surveillance and security practices on China's TOM-Skype platform." It has been covered by both the New York Times and the Wall Street Journal... more

Cloud Computing and Privacy

There has been a good deal of talk of late on the important topic of security and privacy in relation to cloud computing. Indeed there are some legitimate concerns and some work that needs to be done in this area in general, but I'm going to focus today on the latter term (indeed they are distinct -- as a CISSP security is my forte but I will talk more on this separately). more

Hunting Unicorns: Myths and Realities of the Net Neutrality Debate

In many ways, the emotionally charged debate on Network Neutrality (NN) has been a lot like hunting Unicorns. While hunting the mythical horse could be filled with adrenalin, emotion, and likely be quite entertaining, the prize would ultimately prove to be elusive. As a myth, entertaining; but when myths become reality, then all bets are off. The Network Neutrality public and private debate has been filled with more emotion than rational discussion, and in its wake a number of myths have become accepted as reality. Unfortunately, public policy, consumer broadband services, and service provider business survival hang in the balance. more